Website banner for the Report on Local Government 2017

Report on Local Government 2017
Download full report (PDF)   Download media release (PDF) - Local Government 2017 data visualisation- Summary video

 

Contents

Auditor General's Foreword - Executive Summary  1. Introduction - 2. Financial reporting -  3. Financial performance and sustainability -  4. Asset management - 5. Governance and internal controls - 6. Information technology - Appendices

 

 

Auditor General's Foreword

Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.

My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor‑General's mandate in nearly three decades.

Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services.

The unique relationship each council has with its community differentiates it from other tiers of government.

Our audits

I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.

We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year.

While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us:

  • strengthening governance and financial oversight in local government
  • providing greater consistency in external audit
  • ensuring reliable financial information is available to assess council performance
  • improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.

 

This report

This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.

The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.

I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.
 

 

Return to top

 

  

Executive Summary

1. Introduction

Local Government sector

NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose.

We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit.

Service delivery

Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils.

 

2. Financial reporting

Quality of financial reporting

The overall quality of financial reporting needs to improve:

  • we issued modified (qualified) audit opinions on the financial statements of three councils in 2016–17 and one council and one water authority in 2015–16
  • we reported 39 significant matters to 29 councils. They related to material accounting issues and significant deficiencies in internal controls
  • twenty-two councils required material adjustments to correct errors in previous audited financial statements
  • moderate risk issues were identified in financial statement preparation processes for 43 councils.

OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier.

Timeliness of financial reporting

Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline.

 

3. Financial performance and sustainability

Operating revenue

Eighteen councils operating expenses exceed current operating revenue.

Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue.

Liquidity and working capital

Most councils have sufficient liquidity and working capital. However, there are indicators that:

  • three councils may not have the ability to meet short-term obligations as measured by the unrestricted current ratio
  • two councils may not have sufficient operating cash available to service debt as measured by the debt service cover ratio
  • eighteen councils do not meet the OLG benchmark for the collection of rates and annual charges
  • five councils may not have sufficient cash to continue paying expenses without additional cash inflows as measured by the cash expense cover ratio.

Asset management measures

Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards:

  • seventy councils are not renewing assets in line with the rate of their depreciation
  • eighty-four councils did not meet OLG’s benchmark for managing the infrastructure maintenance backlog
  • seventy-one councils are not maintaining their assets in accordance with their asset management plans.

 

4. Asset management

High risk issues

We reported ten high risk issues relating to councils’ asset management and accounting practices.

Asset reporting

The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements.

At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements.

.

Asset valuation We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions.
Asset useful life estimates

We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets.

In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments.

Asset policy and planning Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework

 

5.Governance and internal controls

High risk issues

We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters..

Governance

There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function.

The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils.

Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations.

Internal controls Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll.

 

6. Information technology

High risk issues

We reported nine high risk issues relating to information technology.

Access to IT systems

Controls over user access to IT systems need to be strengthened.
Information Technology governance

IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that:

  • around one in four councils do not have an IT strategy or operational plan
  • half of NSW councils have an IT security policy
  • seventeen councils do not have a documented plan to recover from a disaster.

 

1. Introduction

The Auditor‑General has the mandate under the Local Government Act 1993 to audit the NSW local government sector. One-hundred and thirty-nine councils presented their 2016–17 financial statements and eight councils also presented their 2015–16[1] financial statements for audit. These audits have been completed. The Office of Local Government (OLG) granted Bayside Council an extension until 31 May 2018 to lodge their 2016–17 financial statements and Bayside Council has not yet presented them for audit.

We also tabled a performance audit report on ‘Council reporting on service delivery’ on 1 February 2018. We will soon release a report on ‘Fraud controls in local councils’ and a report on ‘Council shared services’ later this year.

This report focuses on the results of our financial audits, highlights issues that were common across the local government sector and provides guidance that councils should consider. This will help Parliament understand the challenges that councils face and the measures that can improve their financial management and reporting.

Each council provides a range of services to meet its communities’ needs

New South Wales has 128 local councils servicing a geographic area, and 12 county councils formed for specific purposes, such as supplying water, managing flood plains or eradicating noxious weeds. Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences also influence the spending profile of metropolitan, regional and rural councils.



[1] The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period due to the following reasons:

  • specific request of councils
  • failure by councils to appoint an auditor
  • inability of the previous auditor to complete the audit due to external investigation
  • auditor retirement.

 

 

2.Financial reporting

Each year, councils lodge their audited financial statements with OLG and publish them on their website. Council financial statements capture their financial activities, performance and position.

We issued five modified (qualified) audit opinions and identified a range of material financial reporting errors and significant accounting and control issues

We issued unmodified audit opinions on the financial statements of:

  • one-hundred and thirty-six out of 139 councils for 2016–17
  • two water authorities for 2016–17
  • seven out of eight councils for 2015–16
  • two out of three water authorities for 2015–16.

An unmodified audit opinion means that the financial statements present fairly the financial position and performance of the council. The Hills Shire Council, Junee Shire Council and Yass Valley Council received modified (qualified) audit opinions for 2016–17. We also issued disclaimers of opinion for the City of Botany Bay Council and Gosford Water Authority for 2015–16.

Our audits identified a further 33 material errors in the previous years’ audited financial statements of 22 councils that have been corrected. Eighty-eight per cent of these errors related to the way councils account for and value assets.

We also reported 39 significant matters to 29 councils. These related to material accounting issues and internal control weaknesses, of which 77 per cent related to assets. Councils should improve the way they account for their assets as a priority.

Chapter 4 of this report further discusses the asset accounting issues identified during our audits.

Councils can improve their financial reporting processes

Our audits found that 43 councils need to improve the way they prepare their financial statements. A more robust review of the financial statements by councils prior to submitting them for audit would improve both quality and timeliness.

Recommendation

Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements.

Our experience at the State level shows that the preparation of annual financial statements benefits from review by independent audit committees.

Councils are not currently required to have an audit, risk and improvement committee and consequently 53 councils do not have an audit committee. For those councils with an audit committee, 55 per cent play no role in the review of financial statements.

Amendments made to the Local Government Act 1993 by the Local Government Amendment (Governance and Planning) Act 2016 will require all councils to appoint an audit, risk and improvement committee. Under transitional provisions, councils will not be required to comply until March 2021, six months after the next ordinary election.

Recommendation

Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.

OLG can improve the quality and timeliness of guidance provided to councils each year

The Office of Local Government (OLG) needs to release key guidance documents, such as the Local Government Code of Accounting Practice and Financial Reporting (Code) and end of year financial reporting circular, to councils earlier.

Councils are required to prepare financial statements in accordance with Australian Accounting Standards and the Code. The Code applicable for 2016–17 financial reporting provided options and guidance that in some instances did not align with Australian Accounting Standards.

Recommendation

The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.

The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.


Seventy-one per cent of councils lodged audited financial statements by the statutory deadline

Councils must lodge audited financial statements with OLG by 31 October each year, that is, within four months after the end of their financial year. Forty councils did not meet this deadline for their 2016–17 financial statements and required an extension from OLG. Bayside Council received a lodgement extension for their 2016–17 financial statements to 31 May 2018 and has not yet presented them for audit.

Early close procedures help to improve the quality and timeliness of financial reporting

Early close procedures can identify issues and key risk areas that councils need to consider and resolve before the year-end process. Asset valuation issues affected the quality and timeliness of many councils' financial statements in 2016–17. Completing infrastructure, property plant and equipment valuations is a key early close procedure that can improve the quality and timeliness of financial reporting.

Recommendation

The Office of Local Government should introduce early close procedures with an emphasis on asset valuations.

 

3. Financial performance and sustainability

Our next chapter reviews the financial performance of councils using indicators that the OLG prescribe. Councils must report against these in their audited financial statements:

  • operating performance
  • own source operating revenue
  • unrestricted current ratio
  • debt service cover ratio
  • rates and annual charges outstanding percentage
  • cash expense cover ratio.

Councils’ annual reports also include the unaudited Special Schedule 7 'Report on Infrastructure Assets', in which councils report performance against four further measures:

  • building and infrastructure renewals ratio
  • infrastructure backlog ratio
  • asset maintenance ratio
  • cost to bring assets to agreed service level.
Three rural councils did not meet OLG benchmarks for three audited performance measures

Most councils met OLG benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.

Eighteen councils operating expenses exceed their revenue base

The first measure of financial sustainability looks at the operating revenue that councils raise to cover their operating expenses. Eighteen councils operating expenses exceed their revenue base. For 11 councils, this has been the case for the past three years. Another 20 councils would not have met the operating performance benchmark without the advance receipt of their 2017–18 financial assistance grant, which was recorded as revenue during 2016–17.

Fifty-nine councils did not meet the OLG benchmark for generating own source revenue

Councils are also expected to generate 60 per cent of their revenue from their own sources. Fifty‑nine councils did not meet this OLG benchmark, and 42 of these were rural councils. Rural councils have high-value infrastructure assets that cover large areas, with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils.

Most councils have sufficient liquidity and working capital

All but three councils met OLG’s benchmark for the unrestricted current ratio, meaning the councils can meet short-term obligations as they fall due.

Most councils also have the capacity to cover more than three months of operating expenditure as measured by the cash expense cover ratio. However, some of the funds held by councils are restricted and should only be used for specific purposes.

A council with a high proportion of restricted funds may have limited flexibility to pay operating expenses. While a council can resolve to lift internal restrictions on funds to use them for a different purpose, the Minister for Local Government’s approval is required to use externally restricted funds for another purpose.

All but two councils met OLG’s debt service cover ratio benchmark

The debt service cover ratio measures the operating cash available to service debt. All but two councils met OLG’s benchmark of greater than two times. This was due to these two councils repaying borrowings early.

One-hundred and twenty-three councils reported borrowings at 30 June 2017. Councils utilise borrowings to fund capital projects and to address backlog maintenance. Regional councils accounted for 56 per cent of the value of total council borrowings because they also borrow to manage water and sewerage infrastructure.

Eighteen councils did not meet OLG’s benchmark for collecting rates and annual charges

Most councils are collecting rates and annual charges levied. However, eight rural, five regional, three metropolitan and two county councils did not meet the benchmark of having less than
five per cent (metropolitan) or ten per cent (regional, rural and county) of rates and charges outstanding. These eighteen councils also did not meet the infrastructure backlog ratio.

Many councils did not meet OLG’s benchmarks for renewing and maintaining infrastructure assets

The infrastructure asset indicators reported by councils suggest that many need to examine their asset management plans and consider whether investment in infrastructure assets is sufficient. Thirty-one councils reported they do not meet the OLG benchmarks for either the buildings and infrastructure renewals ratio, the infrastructure backlog ratio or the asset maintenance ratio. Individually:

  • seventy councils reported that they are not renewing infrastructure assets at the same rate they are depreciating them
  • eighty-four councils reported that they have not kept the infrastructure maintenance backlog below OLG’s benchmark
  • seventy-one councils reported actual asset maintenance lower than planned asset maintenance.

 

4. Asset management

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a value of $136 billion. Many of our audit report qualifications, significant matters, prior-period errors and high risk issues related to assets.

Councils need to strengthen their asset registers

Our audits identified $145 million worth of land and infrastructure assets at 24 councils that were not recorded in asset registers or the financial statements. This is in addition to the rural fire-fighting equipment not recorded by councils that is discussed in the following sections. We also found examples of multiple asset registers with conflicting information, inaccurate or incomplete registers and unreconciled registers.

Effective asset management requires accurate records of the assets that councils control. Council asset registers should accurately capture all assets to improve the quality and timeliness of financial statements. It is important that councils regularly update registers and reconcile them with asset management systems. Where manual spreadsheets are used to record asset details, suitable controls must be in place.

A large part of rural fire-fighting equipment is not reported in government financial statements

Our 2016–17 audits of the NSW local government sector noted that 46 councils did record vested rural fire-fighting equipment in their financial statements. However, 62 councils do not record similar rural fire-fighting assets in their financial statements. These councils are of the view that they do not control these rural fire-fighting assets used by the NSW Rural Fire Service.

NSW Treasury and the NSW Rural Fire Service are of the view that the NSW Rural Fire Service does not control rural fire-fighting equipment which has been vested in councils under the Rural Fires Act 1997. NSW Treasury and NSW Rural Fire Service consider that these assets are controlled by councils. The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets. Consequently, a large portion of rural fire-fighting assets are not reported in either State government or local government financial statements.

Recommendation

The Office of Local Government should address the different practices across the local government sector in accounting for rural fire-fighting equipment before 30 June 2018.

In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole-of-government approach.

Asset valuation methods are not capturing asset values effectively

The Code requires that council assets reflect the fair value principles in Australian Accounting Standards.

Many significant issues arose in our audits because council asset revaluation processes were not robust. This affected both the quality and timeliness of the financial statements.

Our audits identified that ten councils overstated the fair value of land assets as their valuations did not take into account external restrictions on community land or land under roads as required by the Code and Australian Accounting Standards. This was the reason for one-third of the material errors that needed to be corrected in councils’ previous years’ audited financial statements and for the qualified audit opinion issued on The Hills Shire Council’s 2016–17 financial statements.

We also found multiple cases where councils did not adequately review valuation results, comply with applicable codes or obtain accurate valuations. This was the reason for the qualified audit opinion issued on Junee Shire Council’s 2016–17 financial statements.

Councils need to improve their asset valuation processes by strengthening reviews, supporting valuations with robust documentation and commencing the revaluation process earlier in the financial year.

Considerable variability in the way councils report the useful lives of similar assets

We found considerable variability in the way councils reported the useful lives of similar assets in their financial statements. This in turn affects the depreciation expense recognised in councils' financial statements and the key performance indicators that councils report. The useful lives of all assets need to be reviewed annually using current asset condition assessments.

All councils should comply with OLG asset planning requirements

Sound asset management requires effective planning. All councils should meet the asset management planning requirements in OLG's Integrated Planning and Reporting Framework to help ensure they have a plan to manage assets efficiently over their life.

We found that 13 councils did not have an asset management policy, strategy and plan.

 

5. Governance and internal controls

Councils should prioritise high risk governance and control deficiencies

Our audits reported 17 high risk issues relating to policies and procedures, risk management, manual journals, reconciliations, purchasing and payables, and payroll processes. It is important to address high risk matters as a priority.

Councils can improve management oversight and governance structures

We found that councils can strengthen governance measures, by having audit committees and internal audit functions, policies and procedures for critical business processes, legislative compliance frameworks and risk management practices.

Councils are not currently required to have an audit, risk and improvement committee and consequently 53 councils do not have an audit committee. Proposed legislative changes will require all councils to appoint an audit, risk and improvement committee by March 2021.

Recommendation

Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.

An internal audit function is currently not a requirement for councils, and consequently, 52 councils do not have this function. In addition, the Office of Local Government (OLG) has not updated its Internal Audit Guidelines since they were issued in 2010.

Recommendation

The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

The Office of Local Government’s register of council entities is not complete

The Local Government Act 1993 requires councils to obtain the consent of the Minister for Local Government before forming a corporation or any other entity[2], as defined under section 358(4) of the Act (referred to as a ‘council entity’). OLG maintains a register of council entities for which ministerial approval has been sought. Our audit work concluded that the register that OLG maintains is not complete.

Recommendation

The Office of Local Government should maintain an accurate register of entities approved under section 358 of the Local Government Act 1993.

We also found that the Local Government Act 1993 does not stipulate a financial reporting framework for council entities. As a result, there are disparate reporting and auditing practices for entities established across the sector.

Recommendation

The Office of Local Government should consider establishing a financial reporting framework for council entities.

Councils can strengthen policies and procedures to support business processes

Our audits identified two high risk instances in two councils where business and IT policies and procedures did not exist to support critical business and information technology processes. It is important that critical policies, standards and guidelines are available to staff and contractors to provide direction for the day-to-day operations of a council, promote consistency in processes, clarify roles and responsibilities and support compliance with laws, regulations and codes.

Councils can improve internal controls in business processes

Effective internal controls are important to help councils operate efficiently and effectively, to meet service delivery objectives, and to enable accurate and timely reporting.

We identified two high risk issues where councils had weak controls over manual journals. In one instance, this resulted in significant errors in the financial statements. Councils should independently review manual journals and prepare and review account reconciliations earlier.

We identified five high risk internal control deficiencies in the purchasing function relating to unauthorised expenditure, non-compliance with tendering guidelines and a significant breakdown of purchasing controls.

We noted one high risk internal control deficiency in the payroll function related to payroll staff having unrestricted access to amend sensitive payroll data in the system.



[2] Section 358(4) of the Local Government Act 1993 defines entity as ‘any partnership, trust, joint venture, syndicate or other body (whether or not incorporated), but does not include any such entity that is of a class prescribed by the regulations as not being within this definition’.

 

6. Information Technology

Like many organisations, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information.

Our audits reported nine high risk issues, predominantly related to inappropriate user access. Information technology deficiencies represented the highest number of issues we reported.

Controls over user access to IT systems need to be strengthened

User access controls reduce the risk of users having excessive access to critical financial systems and sensitive information. Our audits found many instances where user access controls were insufficient. These controls should ensure that individuals only have access to financial systems and data necessary to undertake their job responsibilities.

Our audits also found examples of users with inappropriate privileged access In addition, we found instances of inadequate review and insufficient retention of access logs to monitor the activities of privileged system users. Privileged access occurs when a person can change key system configurations and has wide access to system data, files and accounts. We also identified external IT service providers with unrestricted privileged access to council systems and data.

It is important that councils strengthen user access administration to prevent inappropriate access. They should update user access roles in line with the responsibilities of a position and review the level of user access regularly. Councils also need to ensure their existing risk management framework provides assurance for controls over IT outsourcing, and strengthen controls where required.

We identified weaknesses in user developed applications (UDAs), which are developed or managed outside IT administration. This increases the risk of errors that may adversely affect the integrity and quality of information produced. Councils need to adequately control UDAs where they continue to use them and back up business‑critical information.

Councils need to strengthen information technology governance

IT governance should be founded on:

  • a fit-for-purpose IT strategy and operational plan
  • appropriate policies, standards and guidelines across all critical IT processes.

We found that one in four councils do not have an IT strategy or IT operational plan and some need to develop or improve IT policies and procedures. Sixty-six councils do not have an adequate information security policy.

Seventeen councils also do not have a documented plan to recover from a disaster. Councils need to develop a plan and periodically review it. They also need to periodically test that they can restore backed-up data to ensure business continuity in the face of a system disaster.

  

  

 

Return to top


 

 

1. Introduction

1.1 The local government sector

Local government is the third tier of government. It is established under State legislation, which defines the powers and geographical areas each council is responsible for.

Each council is a statutory corporation. Elected councillors form the governing body that directs council affairs in line with the Local Government Act 1993 and Local Government (General) Regulations 2005.

Local councils deliver services and infrastructure to a geographic area. County councils are formed for specific purposes such as to supply water, manage flood plains or eradicate noxious weeds.

During 2016, the NSW local government sector was reduced from 166 to 140 councils, resulting in 128 local councils and 12 county councils. This was due to council amalgamations that formed 19 new councils on 12 May 2016 and one new council on 9 September 2016. Appendix four lists the former councils that were amalgamated into 20 new councils.

The table below shows the number of councils before and after amalgamations.

A table showing the number of councils in NSW before and after amalgamations

From 1 July 2017, two more county councils were dissolved. The functions of:

  • Mid-Coast County Council were transferred into the newly formed Mid-Coast Council
  • Southern Slopes County Council were transferred into the Yass Valley Council and the newly formed Hilltops Council.

This report includes the audit results of the 139 councils that have lodged their 2016–17 audited financial statements with the Office of Local Government, plus two water authorities. Bayside Council received a lodgement extension for their 2016–17 financial statements to 31 May 2018 and has not yet presented them for audit.

This report also includes the audit results of the 2015–16 financial statements of eight councils and three water authorities.

In preparing this report, the comments and analysis are drawn from:

  • audited financial statements
  • data collected from councils
  • audit findings reported to councils
  • data from external sources, including population, kilometres of roads, and council area data obtained from the Australian Bureau of Statistics and the Office of Local Government.

We have also classified councils into four groups – metropolitan, regional, rural and county. Further details are provided in Appendix three.

 

1.2 Service delivery

Councils invest significant resources each year to deliver a wide range of services to the community. These include waste collection, planning, child and family day care, and recreational services. Councils also build and maintain infrastructure, including roads, footpaths and drains, and enforce various laws.

Council services vary depending on community needs

While core functions, such as waste collection, are similar across councils, the range of services that each council provides varies greatly. The mix is influenced by population density, demographics, the local economy, geographic and climatic characteristics.

Spending on services

The following graphic shows the councils’ expenditure by function in 2016–17.

The following image shows the percentage councils spend on different service delivery areas

  1. Categories are based on the Local Government Purpose Classifications issued by the Australian Bureau of Statistics.
  2. Appendix six provides further information on council expenditure by function.

Source: Audited financial statements for 2016–17. Excludes county councils.

In 2016–17, councils collectively reported expenditure of $11.4 billion, of which:

  • $2.1 billion was for governance and administration, including corporate and support services, engineering works, council elections, meetings and policy‑making committees, members’ fees and expenses, subscriptions, public disclosures and legislative compliance.
  • $2.1 billion was for transport and communications, including sealed and unsealed roads, bridges, footpaths, parking areas and aerodromes.
  • $2.0 billion was spent on the environment, including waste management, sanitation and garbage, street cleaning, drainage and stormwater management, and environmental protection.
  • $1.7 billion was spent on recreation and culture, including public libraries, museums, art galleries, community centres, public halls and performing arts venues, sporting grounds and venues, swimming pools, parks, gardens and lakes.

Metropolitan councils service sixty-five per cent of the State's population in an area of 12,135 square kilometres (1.7 per cent of the total State area). Regional and rural councils provide water and sewerage services to communities outside areas covered by metropolitan water utilities. Rural councils maintain almost 60 per cent of all roads controlled by local government authorities.

Twelve county councils perform activities that typically span across a number of council areas, such as supplying water, managing flood plains and eradicating noxious weeds.

Audit Office performance audit report on how councils report on service delivery

On 1 February 2018, the Auditor‑General tabled a performance audit report on ‘Council reporting on service delivery’. It concluded that councils reported well on their outputs, but there are opportunities to improve reporting on outcomes, efficiencies and results against targets.
 

 

1.3 Council data visualisation

To aid access, transparency, and comparison of councils’ financial statement data, we have created a data visualisation as part of this report, which is available on the Audit Office of New South Wales website. The visualisation presents revenue, expense, operating surplus, asset and liability data, along with key financial performance and sustainability indicators for each council. The 2016–17 financial statement data used in the data visualisation tool is summarised in Appendix nine and ten of this report.

The data visualisation also presents minimum, median and maximum values within selected council groupings. While these values aid in comparison and assist further inquiry, a good or bad performance conclusion cannot be drawn from this data alone.

The visualisation excludes financial statement data for four councils due to either an incomplete audit, or where our audit opinion on the councils’ financial statements was modified (qualified).

 

    

Return to top



 

 

2. Financial reporting

Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:

  • quality of financial reporting
  • timeliness of financial reporting.
Observation Conclusion or recommendation
2.1 Quality of financial reporting
 

Qualified audit opinions

We issued unmodified audit opinions on the:

  • 2016–17 financial statements of 136 councils and two water authorities
  • 2015–16[3] financial statements for seven councils and two water authorities.

We issued modified (qualified) opinions on the:

  • 2016–17 financial statements of three councils
  • 2015–16 financial statement of one council and one water authority.

 

The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results.

 

Councils with modified opinions should address the issues that give rise to the audit qualification.

Significant audit matters

We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets.

 
Significant issues with the quality of financial reporting delayed the completion of a number of audits.

Improving the reporting on assets should be a priority.

Prior period errors

We found 33 material errors worth $9.1 billion in the previous audited financial statements of 22 councils. These all required prior-year audited balances to be corrected. Eighty‑eight per cent of these were asset‑related.



The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets.

Financial statements

We reported 43 moderate risk findings where councils can improve the way they complete their financial statements.

 

Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit.

 

Recommendation

Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements.

Recommendation

Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.

OLG guidance

To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues.

The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards.

Recommendation

The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.

Recommendation

The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.

2.2 Timeliness of financial reporting
 

Statutory deadlines

One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017.

Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils.

Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit.


Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline..

Early close procedures

Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year.

Recommendation

The Office of Local Government should introduce early close procedures with an emphasis on asset valuations.


[3] The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.

 

2.1 Quality of financial reporting

Three indicators help to assess the quality of councils’ financial statements:

  • modified and unmodified audit opinions
  • significant matters reported to management and those responsible for the governance of a council
  • prior-period errors.

While we issued unmodified audit opinions for most councils, the number of significant matters and prior period errors indicate that the overall quality of financial reporting requires improvement.

Asset valuation issues affected the quality of many councils' financial statements in 2016–17, and were the reason for:

  • two modified (qualified) audit opinions
  • most of the prior-period errors, significant matters and high risk matters reported.

Audit opinions

The key outcome of our audits is an independent audit report on the financial statements that councils must produce each year. We issue either a modified or unmodified opinion on these reports, which indicates whether councils’ financial statements fairly present their financial position and performance.

We issued five modified (qualified) audit opinions

We issued modified audit opinions on the:

  • 2016–17 financial statements of three councils
  • 2015–16[4] financial statements of one council and one water authority.

The following tables explain the reasons for our modified audit opinions.

Modified Audit opinions of financial statements for 2016-17 Hills Shire Council, Junee Shire Council, Yass Valley Council and 2015-16 City of Botany Bay Council and Gosford Water Authority
In addition, one council received an unmodified audit opinion on its 2016–17 financial statements, that also emphasised an important matter.

Unmodified Audit Opinion for Central Darling Shire Coucnil 2016-17
We issued unmodified audit opinions for the remaining:

  • 136 councils and two water authorities on the 2016–17 financial statements
  • seven councils and two water authorities on the 2015–16 financial statements.

We are yet to issue an audit opinion on Bayside Council’s 2016–17 financial statements.

Information around the extension of submission until 31 May 2018 for Bayside Council due to incomplete financial records for City of Botany Bay Council
The outcome of this incomplete audit will be reported in next year’s report to Parliament.



[4] The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.

 

Councils received unqualified audit opinions on special purpose financial information

Councils must also prepare two further documents that are audited:

  • special purpose financial statements for declared business activities
  • special schedule 8 'Permissible Income’.

The special purpose financial statements are required when councils provide services that compete in the marketplace. Special schedule 8 details the amount that councils can levy from rates for the next financial year. This amount is capped by the rate‑peg limit set by the Independent Pricing and Regulatory Tribunal NSW.

The City of Botany Bay Council's 2015–16 special purpose financial statements were modified for the reason noted above. The Council did not prepare Special Schedule 8 ‘Permissible Income’ in 2015–16.

Significant matters

Australian Auditing Standards require that we report significant matters identified during the audit to those responsible for the governance of a council. This includes the mayor or administrator, councillors and general manager. We also report significant matters to existing audit, risk and improvement committees, given their role in overseeing the financial reporting process.

Significant matters can include material accounting issues and internal control weaknesses.

The 2016–17 audits reported 39 significant matters

Our 2016–17 audits reported 39 significant matters in 29 councils. Most related to asset valuation and accounting issues, including:

  • ineffective controls and procedures to support asset valuations
  • not appropriately considering external restrictions on the use of community land and land under roads when determining the fair value of assets
  • incorrect accounting for Crown reserves and investment properties.

We discuss the asset-related issues further in Chapter 4.

The non asset-related significant matters included:

  • internal control deficiencies over IT security
  • incorrect recognition of revenue from government grants
  • inappropriate use of corporate credit cards
  • restricted funds used inappropriately.

The following graph below captures the range of significant matters we reported.

A graph of the significant matters reported across 2016-17 financial audits including asset accounting issues, valuation of community land and land under roads, valuation of infrastructure, property, plant and equipment
Source: Audited financial statements for 2016–17.

Prior-period errors

A prior-period error is an error identified in the current year that relates to the previous year’s audited financial statements.

We found 33 material prior period financial reporting errors relating to 22 councils

Eighty-eight per cent of material prior-period errors related to assets, including:

  • failure to account for external restrictions on the use of community land and land under roads
  • assets that were not recorded in the financial statements
  • incorrect accounting for Crown reserves and investment properties.

We discuss the asset-related issues further in Chapter 4.

The remaining errors related to applying Australian Accounting Standards incorrectly, such as recognising the revenue from government grants.

The graph below illustrates the nature of the prior-period errors we found, which had a total value of $9.1 billion. These errors meant that previous financial statements had to be corrected.

A graph of material prior period errors identified across the 2016-17 financial audits including accounting for assets not controlled by councils and first time recognition of assets
Source: Audited financial statements for 2016–17.

Financial statements

Councils need to improve the way they prepare financial statements

Recommendation

Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvement.

The lack of robust quality assurance processes resulted in errors and disclosure deficiencies in councils’ financial statements. At 43 councils, we considered these issues were significant enough to report as moderate risk findings in our management letters. Common issues include:

  • incomplete note disclosures required by the Code, such as for related parties, commitments, fair value measurement, financial instruments, accounting policies and subsequent events
  • incorrect classification of balances, such as employee provisions
  • incorrect reporting of council entities, ownership percentages for interests in other entities and assets transferred on amalgamation
  • errors in the cash flow statement and statement of changes in equity.

Better practice guides, such as the Australian National Audit Office’s ‘Public Sector Financial Statements: High quality reporting through good governance and processes’ provide useful guidance, as the following checklist shows.

Better practice-financial statements preparation process table includes items such as adopting good financial reporting practices during the year and maintaining a strong and effective internal control framework
Source: Australian National Audit Office, ‘Public Sector Financial Statements: High quality reporting through good governance and processes’.

An audit, risk and improvement committee can support councils’ financial management

Recommendation

Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.

Councils are not currently required to have an audit, risk and improvement committee and consequently 53 councils do not have an audit committee. Changes to the Local Government Act 1993 made by the Local Government Amendment (Governance and Planning) Act 2016 will require councils to establish an audit, risk and improvement committee (ARIC). This is expected to be a requirement by March 2021.

Of the 85 councils (60 per cent) that already have an ARIC in some form, only 45 per cent reviewed financial statements before they were submitted for external audit.

Councils can make better use of the ARIC, where it does exist, to oversee the council’s financial information including the process to prepare the annual financial statements. The ARIC can support quality financial reporting by:

  • ensuring key risk areas (such as asset revaluations) have been addressed
  • tracking the resolution of audit findings from prior years
  • confirming that key estimates and judgements in financial statements are reasonable
  • recommending to the council whether the financial statements are appropriate to sign.

Office of Local Government Guidance

The Office of Local Government needs to release key guidance documents earlier

Recommendation

The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.

The Office of Local Government (OLG) released two key documents to guide councils in preparing their 2016–17 financial statements:

  • June 2017: Local Government Code of Accounting Practice and Financial Reporting (the Code)
  • September 2017: End of year financial reporting 2016–17 Circular.

This timing meant there was limited scope for councils to apply the guidance in these documents when preparing financial statements by the statutory deadline of 31 October 2017. This also reduced the capacity of councils to resolve financial reporting, audit and compliance issues.

The Office of Local Government released the Code for the 2017-18 financial reporting year on 18 April 2018.

Local Government Code of Accounting Practice should align with Australian Accounting Standards

Recommendation

The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.

The Office of Local Government’s Code of Accounting Practice and Financial Reporting (Code) sets the financial reporting requirements for councils. The Code requires councils to prepare financial statements in accordance with Australian Accounting Standards.

The Code applicable for 2016–17 financial reporting provided options and guidance that in some instances did not fully align with Australian Accounting Standards. For example, the Code:

  • allowed councils the option to either recognise, or to not recognise rural fire-fighting equipment assets. This resulted in varying accounting practices across the sector and a significant portion of these assets not being reported in any government financial statements
  • provided three methods for the valuation of land under roads and one of them did not specify that the restricted use of these assets needed to be considered as required by Australian Accounting Standards. This resulted in overstated asset values for this asset class for some councils.

 

2.2 Timeliness of financial reporting

Statutory deadlines

Councils had a statutory requirement to lodge their audited financial statements with OLG by 31 October 2017.

Seventy-one per cent of councils lodged audited financial statements by the statutory deadline

One hundred councils (71 per cent) met this requirement for the 2016–17 financial reporting period. However, of these, 71 councils submitted their audited financial statements to OLG during the last week of October 2017.

In many cases, councils provided multiple versions of the financial statements during the audit, including one council where 15 versions of the financial statements were presented for audit. This significantly delayed the audit and the lodgement of audited financial statements with OLG.

Under the Local Government Act 1993, a council may apply to OLG for an extension to the statutory reporting deadline. Forty councils received extensions for their 2016–17 financial statements including 16 newly amalgamated councils. These councils experienced challenges in harmonising accounting policies and practices and combining separate and distinct information technology and reporting systems.

Other reasons that councils put forward to support an extension were council resourcing issues and lack of financial records (particularly poor asset records). These issues had implications on audit resourcing and the timely completion of some audits by the Audit Office.

The graph below maps the lodgement dates of councils’ financial statements.

LG2017_Timeliness of financial reports lodgement with OLG

Note: No council(s) lodged audited financial statements with OLG in January 2018.

2.3 Early close procedures

Early close procedures help to improve the quality and timeliness of financial reporting

Recommendation

The Office of Local Government should introduce early close procedures with an emphasis on asset valuations

Early close procedures are those done before the end of a financial year, usually at the end of a month, such as 30 April. These procedures help to improve the timeliness and quality of financial reporting. They can identify issues and key risk areas that councils need to resolve before the year-end process. The table provides examples of early close procedures.

Early Close procedures table including references around complete infrastructure, property plant and equipment valuations as well perform key account reconciliations

Asset valuation issues affected the quality of many councils’ 2016–17 financial statements and were the reason for two modified (qualified) audit opinions and the majority of high risk and significant matters reported.

Preparing proforma financial statements at an early close date is a good test of a council’s processes and controls.

The audit, risk and improvement committee could support the early close process by ensuring that audit findings are addressed before the year‑end financial statements are prepared.

  

 

Return to top

 

 

3. Financial performance and sustainability

Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:

  • operating revenue performance measures
  • liquidity and working capital performance measures
  • asset management performance measures.

Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.

Observation Conclusions
3.1 Operating revenue performance measures
 

Operating performance

Operating expenses for 18 councils exceeded their operating revenue.

Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17.

Eleven councils have not met OLG’s operating performance benchmark for the last three years.

 

It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term.

Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero.  

Own source operating revenue

Fifty-nine councils did not meet OLG’s benchmark, and 42 of those were rural councils.


Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils.
Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue.  
3.2 Liquidity and working capital performance measures
 

Unrestricted current ratio

All but three councils met OLG’s benchmark.


Most councils can meet short-term obligations as they fall due.
The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times.  

Debt service cover ratio

All but two councils met OLG’s benchmark. These two councils did not meet OLG’s benchmark due to the early repayment of borrowings.

Regional councils have 56 per cent of the value of all borrowings in the sector.

.

Most councils have sufficient operating cash available to service their borrowings.

Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure.

The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times.  

Rates and annual charges outstanding

Eight rural, five regional, three metropolitan and two county councils did not meet OLG’s benchmark.

These councils also did not meet the infrastructure backlog ratio.



Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations.
The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils.  

Cash expense cover ratio

Three rural and two county councils did not meet OLG’s benchmark.


Most councils have the capacity to cover more than three months of operating expenses.
The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months.  

This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded:

  • an additional 32 councils would have a cash expense cover ratio of less than three months
  • a further nine councils are left without any unrestricted funds for general operations.
Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required.
3.3. Asset management performance measures (not audited)
 

Building and infrastructure renewals ratio

Seventy councils reported to OLG they do not meet the benchmark for this ratio.

Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark.

These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards.

Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets.

The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent.  

Infrastructure backlog ratio

Eighty-four councils reported to OLG that they do not meet the benchmark for this ratio.


These councils may not be maintaining their infrastructure backlog at a manageable level.
The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent.  
Asset maintenance ratio

Seventy-one councils reported to OLG they do not meet the benchmark for this ratio.


These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life.
The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent.  
Costs to bring assets to agreed service level

One-hundred and two councils reported results against this indicator to OLG. The reported results ranged from 0.1 per cent to 19.8 per cent.



There is variability between councils in the amount of outstanding renewal works to be completed.
This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure.  

 

OLG’s benchmarks for financial performance and sustainability

Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.

The Office of Local Government prescribes performance indicators for council reporting

The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:

  • operating performance
  • own source operating revenue
  • unrestricted current ratio
  • debt service cover ratio
  • rates and annual charges outstanding percentage
  • cash expense cover ratio.

Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:

  • building and infrastructure renewals ratio
  • infrastructure backlog ratio
  • asset maintenance ratio
  • cost to bring assets to agreed service level.

Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.

Three rural councils did not meet three of the audited OLG benchmarks

Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.

The following table summarises how the councils performed across the six audited performance measures.

A table showing the number of Office of Local Government benchmarks met by Metro, Regional, Rural and County councils in NSW
* The financial statements for Bayside Council are not yet presented for audit.
Source: Audited Financial Statements for 2016–17.

Appendix ten lists the performance of each council against all performance measures.

 

3.1 Operating revenue performance measures

The first pair of performance indicators relate to the revenue that councils raise to deliver services:

  • operating performance
  • own source operating revenue.

Operating performance measures how well councils keep operating expenses within operating revenue. Own source operating revenue measures the degree to which a council can generate its own source revenue compared with the total revenue from all sources.

Operating performance

Operating revenue in this measure includes rates and annual charges, user charges and fees, interest, investment and other revenue. It excludes capital grants, capital contributions and changes in the fair value of assets.

OLG sets a benchmark of greater than zero per cent for this measure. Achieving this benchmark means councils are raising enough operating revenue to fund their operating expenses.

This measure assesses performance annually, so the result can be affected by short-term or one‑off events and transactions, such as the profit or loss on disposal of assets and the cost of natural disasters.

Eighteen councils reported negative operating performance

Seven regional, four metropolitan, four rural and three county councils reported negative operating performance in 2016–17.

Of these 18 councils:

  • five regional, two metropolitan, two rural and two county councils had reported a negative operating performance for the past three years
  • fourteen councils also did not meet the infrastructure backlog ratio and twelve councils also did not meet the buildings and infrastructure renewals ratio.

A graph showing the operating performance of NSW Metro, regional, rural and county councils. Graph shows councils that did and did not meet benchmarks
Source: Audited financial statements for 2016–17.
 

Councils need to have financial management strategies that support their financial sustainability and meeting OLG’s operating performance benchmark over the long term.

Five councils reported a net operating deficit

A council’s net result is its operating surplus or deficit after expenses are deducted from revenue. The net result includes revenue from grants and contributions intended for capital purposes, but excludes the impact of extraordinary events such as amalgamations and boundary adjustments.

In 2016–17, one metropolitan, two regional and two county councils reported operating deficits. The remaining councils, including all rural councils, reported operating surpluses.

However, these results are affected by the timing of government grants. In 2016–17, councils received $365 million of 2017–18 financial assistance grants from the Australian Government, which was recorded as revenue during 2016–17, consistent with the requirements of Australian Accounting Standards.

A council’s financial statements present fairly their financial position and performance when transactions are recorded in accordance with the requirements of Australian Accounting Standards and the Code.

This grant income, received in advance, helped the 2016–17 operating performance of councils that had a net result close to break-even. Without these advance grant payments, a further 20 councils (four metropolitan, six regional and ten rural councils) would have reported negative operating performance and not met OLG’s benchmark.

Yass Valley Council

In Chapter 2 Financial Reporting, we note that the audit opinion issued on the Yass Valley Council’s 2016–17 financial statements was modified because Yass Valley Council did not record the receipt of financial assistance grants from the Australian Government as revenue in the year received, as required by Australian Accounting Standards.

The application of Australian Accounting Standards and the Code, with additional disclosure when appropriate, is necessary for financial statements to be presented fairly.

This resulted in an understatement of the net operating result for the year ended 30 June 2017 by $1.48 million and overstatement of a liability recorded as ‘income received in advance’ by the same amount. It also affected the OLG indicators reported in the Council’s financial statements.

In our audit report, we recalculated affected indicators and noted that if Council had correctly recognised this grant, its operating performance measure would have improved from negative 2.32 per cent to positive 2.48 per cent and met OLG’s benchmark.

 

Own source operating revenue

The second operating revenue measure helps to assess a council’s fiscal flexibility and the degree to which it can generate own source revenue compared with the total revenue from all sources. The OLG benchmark is for own source operating revenue to be more than 60 per cent of total revenue.

This measure is sensitive to revenue from capital grants and developer contributions, and the percentage will fall where these revenue sources are significant.

Rural councils face challenges generating own source revenue

In 2016–17, forty-two rural, eight regional, five county and four metropolitan councils did not meet OLG’s benchmark for own source operating revenue. This may result in councils not generating enough operating revenue to cover operating expenses.

Graph of own source operating revenue for NSW metro, regional, rural and county councils. Shows number of councils that did and did not reach benchmark
Source: Audited financial statements for 2016–17.

Rural councils report challenges in generating their own revenue from rates, annual charges, user charges and fees. This is because they can have smaller populations and rating bases and lower economic activity. This reduces their capacity to generate revenue from alternative sources such as parking fees, infringement notices and rental income.

Seven of these 59 councils were also unable to meet the benchmark for OLG’s performance measure for the collection of rates and annual charges, which is discussed later in the chapter. It is important for these councils to collect rates and annual charges on time given their challenges in generating this type of own source operating revenue.

Rural councils are responsible for maintaining infrastructure over large geographical areas. Thirteen of the 42 rural councils that did not meet OLG’s benchmark for own source operating revenue also did not meet OLG’s benchmarks for the buildings and infrastructure renewals ratio and infrastructure backlog ratio. These asset management performance measures are discussed later in this chapter.

Council revenue and expenses

The following section details the main sources of council revenue, including special rate variations approved by the Independent Pricing and Regulatory Tribunal NSW, and the major categories of council expenditure. These are key drivers underlying several performance measures.

Revenue sources can vary significantly between councils

A council's total revenue comes from rates and annual charges, user charges and fees, operating and capital grants and contributions, and other revenue (such as interest, investments and asset disposals).

The graph illustrates the proportion of revenues from these sources for metropolitan, regional, rural and county councils.

The following graph shows sources of council revenue, including rates and annual charges, grants and contributions, user charges and fees and other revenue for metro, regional, rural and country councils
Source: Audited financial statements for 2016–17.

Councils in metropolitan areas have the greatest capacity to generate other revenue, such as from childcare, parking fees, rental income and infringement notices. Rural councils rely more on grant funding to deliver their services.

Forty councils received revenue from special rate variations

In 2016–17, the Independent Pricing and Regulatory Tribunal NSW (IPART) set the allowable percentage increase in a council's annual rates income (the rate peg) at 1.8 per cent. However, IPART can approve special rate variations above the rate peg for things such as:

  • extra services
  • capital expenditure
  • financial sustainability
  • infrastructure such as roads, bridges and stormwater drainage.

Forty councils received additional revenue from special rate variations in 2016–17. Seventeen regional, 12 rural and ten metropolitan councils received revenue from special rate variations, ranging from three per cent to 11 per cent of their rates revenue. One rural council received approval to levy a special rate of 30 per cent.

However, even with this extra revenue, four regional, one rural and one metropolitan council reported negative operating performance in 2016–17.

Employee benefits expense is the largest expense category for most councils

The largest overall expense categories for metropolitan, regional and rural councils are employee benefits, materials and contracts, and depreciation and amortisation.

The graph illustrates the proportion of expenses from various sources for metropolitan, regional, rural and county councils.

A graph of the categories of council expenses, including borrowing costs, other expenses, depreciation and amoritisation, material and contracts, employee benefits. Includes the percentage of each of these expenses for metro, regional, rural and country councils

Regional, rural and county councils have a relatively larger proportion of depreciation and amortisation expenses compared to metropolitan councils because they have extensive infrastructure asset bases over large areas. This includes water supply and sewage infrastructure, which State agencies provide in metropolitan areas.

 

3.2  Liquidity and working capital performance measures

The next group of indicators help to assess the way councils can:

  • meet short term obligations
  • service their debt
  • collect outstanding rates and annual charges
  • meet their future expenses

Unrestricted current ratio

The unrestricted current ratio captures a council’s ability to meet its short-term obligations as they fall due. The ratio excludes externally restricted assets and liabilities. OLG sets a benchmark of having available in unrestricted current assets more than 1.5 times the value of unrestricted current liabilities.

Two regional and one rural council did not meet OLG’s benchmark for unrestricted current ratio.

The assets and liabilities of a council can fall into three categories:

  • externally restricted
  • internally restricted
  • unrestricted.

Externally restricted assets are those affected by legislation or other externally imposed requirements. Internally restricted assets are affected by council resolution or policy, usually for an identified future works program. All other assets are unrestricted. Liabilities are restricted (specific purpose) if they relate to externally restricted assets.

Graph of Unrestricted current ratio for metro, regional, rural and country NSW councils. Shows number of councils that met and did not meet benchmark
Source: Audited financial statements for 2016–17.

Ninety-six councils had twice OLG’s minimum benchmark for working capital

Forty-six rural, 21 metropolitan, 19 regional and ten county councils reported an unrestricted current ratio exceeding twice the OLG benchmark.

Two regional and one rural council did not meet OLG’s benchmark for the unrestricted current ratio. One of these regional councils also did not meet OLG’s benchmark for the collection of rates and annual charges. To meet operational needs, councils with a low unrestricted current ratio may need to:

  • consider the availability of borrowings
  • seek the Minister for Local Government's approval to use externally restricted funds
  • look at ways to reduce expenditure or seek extra revenue from other sources.

Debt service cover ratio

One metropolitan and county council did not meet OLG’s benchmark for the debt service cover ratio

The debt service cover ratio measures the operating cash available to service a council's debt, including interest, principal and lease payments. The benchmark OLG sets is to have available greater than twice the amount required to service debt.

The debt service cover ratio compares the operating result (before capital grants, capital contributions, depreciation and amortisation) with the repayment of borrowings and borrowing costs.

Fifty-seven rural, 37 regional, 27 metropolitan and five county councils reported borrowings at 30 June 2017. Councils utilise borrowings to fund capital projects and to address backlog maintenance. Regional councils accounted for 56 per cent of the value of total council borrowings because they also borrow to manage water and sewerage infrastructure.

One metropolitan and one county council did not meet this ratio as they repaid significant borrowings during 2016–17. One of these councils was newly amalgamated and the other was winding up.

Rates and annual charges outstanding percentage

The rates and annual charges outstanding percentage assesses how successful councils are in collecting rates and annual charges. The indicator measures the percentage of rates and annual charges levied throughout the year that remain unpaid as at 30 June.

The OLG benchmark is that unpaid rates and annual charges for metropolitan councils should be less than five per cent and less than ten per cent for regional, rural and county councils.

Eighteen councils did not meet OLG’s benchmark for outstanding rates and annual charges

Eight rural, five regional, three metropolitan and two county councils did not meet OLG’s benchmark for the rates and annual charges outstanding percentage. Nine county councils do not levy rates and annual charges.

Councils with high levels of outstanding rates and annual charges may have less working capital available to fund operations. These eighteen councils also did not meet the infrastructure backlog ratio, which is discussed later in this chapter.

One rural council reported a rates and annual charges outstanding percentage of 36 per cent. Its inability to collect rates and charges resulted in less cash available for operations. This council also reported a cash expense cover ratio of 1.6 months, which is short of OLG’s benchmark of more than three months. Unpaid rates are a debt on property. In certain circumstances, councils can assume ownership of land to recover a debt.

Graph showing rates and annual charges outstanding. Shows the number of metro, regional, rural and county councils in NSW that met and did not meet benchmark

Source: Audited financial statements for 2016–17

Cash expense cover ratio

The cash expense cover ratio estimates the number of months a council can continue paying its expenses without extra cash. It compares the total cash, cash equivalents and term deposit balances against the total payments for operating and financing activities from the cash flow statement. OLG sets a benchmark of greater than three months for this ratio.

Most councils met the cash expense cover ratio benchmark of more than three months

All but three rural and two county councils were able to cover more than three months of expenditure without extra cash inflows.

Sixty-three councils (45 per cent) had enough cash on hand to fund more than 12 months of expenditure. Another 56 councils (40 per cent) had enough cash to fund between seven and 12 months of expenditure, and 15 councils (11 per cent) had enough cash to cover four to six months of expenditure.

Pie chart of cash expense cover ratio. Shows number of councils that are covered for less than three months, 4 to 6 months, 7 to 12 months or over 12 months
Source: Audited financial statements for 2016–17.

Cash expense cover ratio is lower when restricted funds are excluded

Councils are not required to exclude externally and internally restricted funds when calculating the cash expense cover ratio. Restricted and unrestricted funds are held in accounts that councils control.

Section 409(3) of the Local Government Act 1993 does not permit the use of externally restricted funds for general operations. A council with a high proportion of restricted funds may have a positive cash expense cover ratio, but limited flexibility to pay its operating expenses.

Section 410(3) of the Local Government Act 1993 requires a council to obtain the Minister for Local Government's approval before using externally restricted funds collected from levying special rates and charges for another purpose. A council must pass a resolution to use internally restricted funds for another purpose.

If externally restricted funds are excluded from the cash expense cover ratio, all councils would still meet OLG’s benchmark. However, if both internally and externally restricted funds are excluded:

  • six regional, one rural and two county councils are left without any unrestricted funds, meaning there are no available funds for general operations, such as to pay salaries and suppliers
  • seventeen rural, nine regional, four metropolitan and two county councils would have a cash expense cover ratio of three months or less.

Of these councils, 18 did not meet OLG’s benchmark for own source operating revenue.

Central Darling Shire Council

In Section 1.1 of Chapter 2 Financial Reporting, we note that the audit opinion issued on the 2016–17 general purpose financial statements of Central Darling Shire Council referred to uncertainty over the council's ability to continue operating without using restricted water and sewer funds. This council used externally restricted funds for daily operations without ministerial approval.

On 2 March 2018, the council’s administrator sought approval from the Minister for Local Government to continue using restricted cash as necessary.

 

 

3.3 Asset management performance measures

The Office of Local Government (OLG) has prescribed four indicators to assess councils’ asset management:

  • buildings and infrastructure renewals ratio
  • infrastructure backlog ratio
  • asset maintenance ratio
  • cost to bring assets to agreed service level.

Appendix ten lists the results of each indicator reported by councils to OLG.

Councils report to OLG against these indicators in the Special Schedule 7 'Report on Infrastructure Assets'. Special Schedule 7 is not required to be externally audited and does not form part of a council's independently audited financial statements. It provides information in addition to that available in the audited financial statements related to the maintenance, renewal, condition and costs of infrastructure assets. The Code requires that the information in Special Schedule 7 is consistent with the council’s asset management plans.

Data reported against OLG’s benchmarks is an indicator of whether councils’ spending on renewing and maintaining their infrastructure assets is sufficient

Thirty-one councils reported they do not meet the OLG benchmarks for either the buildings and infrastructure renewals ratio, the infrastructure backlog ratio or the asset maintenance ratio. These councils may need to examine their asset management plans and consider if their investment in maintaining and renewing infrastructure assets is sufficient.

Councils are required to have asset management plans that consider community needs, available funds, the council’s risk appetite, and the whole-of-life costs of owning and/or managing the infrastructure assets under their control.

The asset management indicators reported in Special Schedule 7 provide a snapshot of data at a point in time. While they may assist with further inquiry, a good or bad performance conclusion cannot be drawn from this data alone.

Buildings and infrastructure renewals ratio

Seventy councils do not meet OLG’s buildings and infrastructure renewals ratio benchmark

The buildings and infrastructure renewals ratio is used to assess the rate at which infrastructure assets are being renewed against the rate at which they are depreciating. OLG sets a benchmark of greater than 100 per cent. The underlying information used to calculate this indicator is derived from a council’s audited financial statements.

Achievement of the OLG benchmark indicates that a council is renewing its assets at the same rate it is depreciating them. Twenty-six rural, 24 regional, 16 metropolitan and four county councils reported to OLG they do not meet the prescribed benchmark for the buildings and infrastructure renewals ratio.

OLG’s Code requires that the buildings and infrastructure renewals ratio is calculated based on a council’s renewal expenditure on specific infrastructure assets listed in Special Schedule 7. OLG has informed the Audit Office that work-in-progress assets are not infrastructure assets for the purposes of reporting in Special Schedule 7. Eighty per cent of councils included work-in-progress assets in calculating the ratio. If work-in-progress assets are excluded from the calculation, a further 23 councils would not meet OLG’s benchmark. This means that 93 councils, or 69 per cent of those that reported this indicator, did not meet the OLG benchmark for renewing their assets.

OLG will need to clarify the requirements for calculating the buildings and infrastructure renewals ratio with councils.

Infrastructure backlog ratio

Eighty-four councils do not meet OLG’s infrastructure backlog ratio benchmark

The infrastructure backlog ratio shows the amount of infrastructure backlog expenditure relative to the total net book value of a council's infrastructure assets. OLG sets the benchmark for this ratio at less than two per cent. Achievement of the OLG benchmark indicates that infrastructure backlog is kept at a manageable level. The underlying information used to calculate this indicator is derived from a council’s audited financial statements and other unaudited sources.

Infrastructure backlog is defined in Special Schedule 7 as the estimated cost to bring a council's infrastructure, buildings, other structures and depreciable land improvements back to a condition determined to be satisfactory by the council and the community.

Thirty-seven rural, 28 regional, 15 metropolitan and four county councils reported to OLG they do not meet the prescribed benchmark for the infrastructure backlog ratio. This means that 60 per cent of councils that reported this indicator did not meet OLG’s benchmark for maintaining their infrastructure backlog.

Asset maintenance ratio

Seventy-one councils do not meet OLG’s asset maintenance ratio benchmark

The asset maintenance ratio compares a council’s actual asset maintenance expenditure to the amount planned in their asset management plans. OLG sets a benchmark of greater than 100 per cent. Achievement of the OLG benchmark indicates that a council is investing enough funds to sustain their assets in a functional state so they reach their predicted useful life. The underlying information used to calculate this indicator is derived from a council’s unaudited asset management plans and other unaudited sources.

Twenty-nine rural, 26 regional, 13 metropolitan and three county councils reported to OLG that they do not meet the prescribed benchmark for the asset maintenance ratio. This means that 54 per cent of councils that reported this indicator did not maintain their assets in accordance with their asset management plans.

Cost to bring assets to agreed service level

The cost to bring assets to agreed service level compares the estimated cost to renew or rehabilitate existing infrastructure assets, that have reached the condition-based intervention level adopted by a council, to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this indicator. The underlying information used to calculate this indicator is derived from unaudited sources.

One-hundred and two councils reported results against this indicator to OLG, expressed as a percentage. The reported results ranged from 0.1 per cent to 19.8 per cent. This reflects significant variability between councils in the proportion of outstanding renewal works compared to the total replacement cost of infrastructure assets under their care and stewardship.

 

 

Return to top 


 

 

4. Asset management

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.

Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:

  • overall asset management issues
  • asset registers
  • asset valuation
  • recognition and asset useful life estimates
  • asset policy and planning.
Observation Conclusion or recommendation
4.1 High risk issues
 

Significant matters reported to those charged with council governance

Our 2016–17 audits identified ten high risk issues related to the accuracy of asset registers, restricted assets and asset revaluations.




High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services.
4.2 Asset reporting
 

Accuracy of asset registers

Our audits identified instances where councils had multiple asset registers, inaccurate or incomplete registers, unreconciled registers, or uncontrolled manual spreadsheets.

Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately.

Unrecorded land and infrastructure assets

Twenty-four councils had not recorded $145 million worth of assets, mainly land and infrastructure assets.


Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements.

Rural fire-fighting equipment

At 30 June 2017, forty-six councils did report vested rural fire-fighting equipment in their financial statements. However, 62 councils did not record vested fire-fighting equipment in their financial statements. These rural fire‑fighting equipment assets are not reported in either State government or local government financial statements.

Recommendation

The Office of Local Government should address the different practices across the local government sector in accounting for rural fire‑fighting equipment before 30 June 2018.

In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach.

4.3 Asset valuation
 

Restricted assets

Our audits found that ten councils did not appropriately consider restrictions on the use of community land and land under roads when determining asset fair values in accordance with Australian Accounting Standards.

Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion.

The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant.

Councils should consider engaging experts to assist with the determination of asset fair values, as necessary

Asset revaluations

Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations.


Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented.
4.4 Asset useful life estimates
 

Asset useful life estimates

We found considerable variability in councils' useful lives for similar assets.

In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment.

Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators.

To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually.

Regular condition assessments are essential to identify maintenance requirements and maintain service delivery.

4.5 Asset policy and planning
 

Asset management strategy

Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this.


An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources.

 

Asset overview

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.

At 30 June 2017, the combined carrying value of NSW council assets was as follows.

An image showing the total assets within NSW councils including land, bulk earthworks, roads, bridges, recreation facilities, footpaths, buildings, water, plant and equipment as well as capital works in progress
Source: Audited financial statements for 2016–17.

 

4.1 High risk issues

Significant matters reported to those charged with council governance

We reported ten high risk asset management issues

Our audits identified ten high risk issues related to asset practices.

Risk rating bar graph showing 218 risk issues, including 10 high risk, 153 moderate and 55 low

Councils should address high risk issues as a priority because they can affect their ability to maintain their assets in the condition required to deliver essential services.

The high risk issues were in three areas:

  • accuracy of asset registers
  • restricted assets
  • asset revaluations.

This chapter also discusses the need to strengthen asset depreciation practices and asset management strategies.

 

4.2 Asset reporting

Accuracy of asset registers

Effective asset management calls for accurate records of the assets that councils control. Our audits found that council asset registers and systems need to improve. Councils should regularly update asset registers and reconcile them with asset management systems. Suitable controls must be in place to ensure the integrity of manual spreadsheets.

Councils should improve how they manage asset registers

Asset registers record key data on the infrastructure, property, plant and equipment that a council holds. Our 2016–17 audits found:

  • twenty-two examples where manual spreadsheets stored asset data without any controls to protect their integrity (discussed further in chapter 6)
  • sixteen cases of multiple fixed-asset registers with inconsistent content and formats
  • nine instances of inaccurate and incomplete asset registers without supporting documents
  • six examples of asset registers that do not, or are not, reconciled with the asset management system used for operational activities
  • five instances of completed works-in-progress not capitalised as assets on a timely basis.

Three high risk issues related to councils where multiple fixed asset registers were not reconciled and incomplete. This resulted in numerous errors identified during the audits.

Multiple and decentralised asset registers limit council’s ability to manage and maintain the asset base and report on finances accurately. Manual spreadsheets increase the risk of errors in more complex asset data.

Unrecorded land and infrastructure assets

Councils had $145 million in unrecorded land and infrastructure assets

Our 2016–17 audits identified $145 million of unrecorded land and infrastructure assets at 24 councils. This is in addition to rural fire-fighting equipment not recorded by councils as discussed below.

A pie chart of unrecorded assets across NSW councils including land, roads, bridges and footpaths, buildings, water, drainage and sewerage as well as miscellanious assets
Source: Audited financial statements for 2016–17.

The assets were mostly identified:

  • during asset revaluations
  • when reconciling asset registers and operational asset management systems
  • during asset count processes to support the amalgamation of certain councils.

These assets are now recorded in the councils' 2016–17 financial statements. In eight councils, this also meant correcting the previous year’s audited financial statements.

Rural fire-fighting equipment

A significant portion of rural fire-fighting equipment is not reported in either State government or local government financial statements

Recommendation

The Office of Local Government should address the different practices across the local government sector in accounting for rural fire-fighting equipment before 30 June 2018.

In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole-of-government approach.

The 2016–17 Local Government Code of Accounting Practice and Financial Reporting required that council financial statements are prepared in accordance with Australian Accounting Standards. Forty-six councils did record vested rural fire-fighting equipment in their 2016–17 financial statements. However, sixty-two councils did not record these assets and, consequently, they are not reported in the financial statements of the State government or the local government.

Rural fire-fighting equipment is vested in councils under the Rural Fires Act 1997. This includes buildings, vehicles and other equipment used in connection with the prevention or suppression of fire. Service agreements govern the way the NSW Rural Fire Service can use these assets for fire mitigation and safety works in a council area.

NSW Treasury and the NSW Rural Fire Service are of the view that the NSW Rural Fire Service does not control rural fight-fighting equipment vested in councils. The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets.

The following factors suggest that councils control rural fire-fighting equipment:

  • councils have responsibilities for fire mitigation and safety works in their area
  • assets are vested in councils giving them legal ownership and title
  • a council allows the NSW Rural Fire Service the use and occupancy of these assets within its council area through a service agreement
  • councils are responsible for maintenance and insurance of the assets, although insurance of the vested vehicles is managed by the NSW Rural Fire Service.

 

4.3 Asset Evaluation

Seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions

While having accurate asset registers is important, councils must also review the carrying value of their assets regularly so they reflect fair value.

Valuing large infrastructure assets is a complex process that needs to be well planned, managed and documented. The process should commence early in the financial year and, where used, instructions to external valuers need to clearly define the scope of work.

We found that councils need to improve their processes and controls over asset revaluations. Where experts are engaged, council management need to critically review the results to ensure they are robust.

The Office of Local Government (OLG) requires that councils comprehensively revalue each asset class on a five‑year cycle. For those asset classes not subject to a comprehensive revaluation in a given year, councils must still satisfy themselves that asset values materially reflect fair value at the reporting date.

Restricted assets

Valuation methods need to consider restrictions that may affect asset values

At 30 June 2017, councils owned and managed $33.5 billion worth of land, including $17.8 billion (53 per cent) of community land and $4.1 billion (12 per cent) of land under roads.

OLG’s Local Government Code of Accounting Practice and Financial Reporting (Code) sets the financial reporting requirements for councils. The Code requires councils to report assets, such as land under roads and community land, at ‘fair value’.

Australian Accounting Standards define ‘fair value’ as the current exit price to sell or transfer an asset. They require that ‘fair value’ measurement considers an asset’s characteristics, including its condition, location and any restrictions on its sale or use. Such restrictions may be imposed by legislation, regulation or planning instrument.

Most council community land is subject to legislative zoning restrictions though a Local Environment Plan. Land under public roadways is subject to physical restrictions and legislative restrictions under the Roads Act 1993. Councils cannot lift these restrictions without the approval of external bodies.

Our 2016–17 audits found ten councils where the 2015–16 audited financial statements had overstated the value of land assets because the valuation of community land and land under roads did not reflect the physical and legislative restrictions on these assets. Of these, nine corrected the land values in their 2016–17 financial statements.

As a result, the reported value of community land and land under roads at these nine councils reduced by $12.1 billion from the previous years' audited financial statements. Over 90 per cent of the reduction occurred in metropolitan councils, where the value of community land decreased by $7.8 billion and land under roads decreased by $3.5 billion.

The Hills Shire Council

The method used by the Hills Shire Council to value land under roads did not appropriately reflect restrictions on the use of this land as required by Australian Accounting Standards.

This resulted in a modified (qualified) audit opinion on its 2016–17 financial statements

Asset revaluations

Asset valuation processes can improve

Councils should have effective controls and procedures to support their asset valuations. Our 2016–17 audits found:

  • twelve instances where council management did not sufficiently review valuation results, requiring adjustments in the financial statements
  • seven cases where councils did not comprehensively revalue assets in line with the five-year cycle set by the Local Government Code of Accounting Practice and Financial Reporting 
  • five examples where council management did not agree on the scope and method of the required valuation with the external valuer before work was completed
  • four instances where councils gave the valuer incomplete asset records, resulting in some assets being excluded
  • four cases where there were no policies and procedures to support asset valuation processes
  • four instances where the revaluation process did not start early enough to update the asset register and general ledger in time for year-end financial reporting
  • four examples where supporting papers did not give enough detail of management's accounting treatments, judgements and assumptions underlying asset valuation.

Junee Shire Council

Junee Shire Council could not demonstrate that roads, bridges, footpaths and bulk earthworks were reported at fair value, as it did not value these asset classes during the year. The last valuation was conducted in 2012.

This led to a modified audit opinion on its 2016–17 financial statements.

 

4.4 Asset useful life estimates

The useful lives of road assets vary across councils

The useful life of an asset is the length of time it should be available for use. The remaining useful life is the period remaining that a council intends to use an asset, largely influenced by its physical condition. The useful life estimates determine the amount of depreciation expense reported in councils’ financial statements.

Our audits reviewed the range of useful lives that councils reported for roads. We found considerable variability in the way councils reported the useful lives of similar road assets.

A table showing the lifespan of sealed roads and unsealed roads in Metro, regional and rural council areas
Source: Audited financial statements for 2016–17.

Some variability in the useful lives of roads can be expected due to different soil types, methods of construction, geography and the environment. However, these differences do not fully explain the large variation in the useful lives of similar assets across councils. This variability impacts the depreciation expense calculated by councils for similar assets and reported in the financial statements. This in turn may affect the key sustainability indicators that councils report.

Useful lives of assets need to be reviewed annually considering condition assessments

Australian Accounting Standards require that councils reassess the useful lives of all assets annually. Our 2016–17 audits identified six instances where there was no annual review of assets' remaining useful lives or regular condition assessment of assets. In three instances, the useful lives of assets were not adjusted to align with the physical condition assessments.

 

4.5  Asset policy and planning

Effective asset management should be tied together by an effective policy and planning processes. This helps to mitigate risk, support decision-making and ensure that councils manage assets efficiently and effectively over their life cycle. It also helps councils to determine future funding needs in maintaining, renewing and extending their asset base.

Asset management strategy

Thirteen councils do not have an asset management strategy, policy and plan

In 2013, OLG released an Integrated Planning and Reporting Framework (IP&R framework). This helps councils to integrate its plans and policies and align them with its strategic goals.

A key element of the IP&R framework is that all councils have an integrated asset management strategy, policy and plan. Newly amalgamated councils have until 30 June 2018 to finalise these.

Thirteen councils do not have the required asset management strategy, policy and plan. Eleven of these are regional and rural councils.
 

 

  

Return to top   

 

 

5. Governance and internal controls

Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.

This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.

Observation Conclusion or recommendation
5.1 High risk issues
 

Significant matters reported to those charged with council governance

Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils.

We reported:

  • seventeen high risk issues relating to governance, purchase-to-pay, financial accounting and payroll processes
  • ten high risk issues relating to asset practices
  • nine high risk issues related to information technology management.

Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively.

High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.

5.2 Governance
 

Audit Committees

Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee.

 

.

Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021.

Recommendation

Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.

Internal audit

Councils are currently not required to have an internal audit function. Consequently, 52 councils do not have this function.

Recommendation

The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

Council entities

The Office of Local Government's register of entities approved under section 358 of the Local Government Act 1993 is incomplete..

Recommendation

The Office of Local Government should maintain an accurate register of council entities approved under section 358 of the Local Government Act 1993.


The Local Government Act 1993 does not stipulate a financial reporting framework for council entities.
Recommendation

The Office of Local Government should establish a financial reporting framework for council entities.

Policies and procedures

We identified 50 high and moderate risk issues across 33 councils where policies and procedures over critical business processes did not exist or had not been updated.



It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes.

Legislative compliance frameworks

Our audits found that 45 councils do not have sufficient processes to show they are complying with legislative requirements.


Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy.

Risk management

We identified 15 high and moderate risk issues across 15 councils where risk management practices could be strengthened.


Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored.
5.3 Internal controls
 

Financial accounting

We identified 45 high and moderate risk control deficiencies across 41 councils concerning the use of manual journals to adjust council financial records. This can increase the risk of fraud and error.

We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements.

 

Sound financial accounting processes include controls to ensure:

  • a person other than the preparer authorises manual journals
  • key account reconciliations are prepared and reviewed.

Purchasing and payables

We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste.

As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include:

  • a review of changes to vendor master file data by an appropriate independent officer
  • an independent review and approval of purchases, including credit card transactions
  • compliance with Tendering Guidelines for NSW Local Government.

Payroll

We identified 71 high and moderate risk deficiencies in payroll controls across 48 councils. Weaknesses in payroll controls could result in incorrect payments being made to employees, due to error or fraud.

Managing excess annual leave balances was a challenge for 32 councils.

 
Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments.

Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed.

 


5.1 High risk issues

Significant matters reported to those charged with council governance

During our 2016–17 audits, we identified 36 high risk governance and internal control deficiencies.

LG2017_Governance and internal control deficiencies

The high risk issues fell across six areas. We discuss four of these in this chapter and the remaining two in other chapters:

  • information technology (see chapter 6)
  • asset management (see chapter 4)
  • governance
  • purchasing and payables
  • financial accounting
  • payroll.

Councils should address high risk issues as a priority as these can increase the risk of fraud and error.

 

5.2 Governance

Governance refers to the frameworks, processes and behaviours that help a council achieve its objectives, comply with legislative and other requirements, and meet standards of probity, accountability and transparency.

Effective governance builds community confidence and enables the effective and efficient use of public resources. Governance models need to be fit for purpose and tailored to the needs of each council.

In 2015, the Audit Office released its Governance Lighthouse to provide a best practice model of public sector governance for entities to follow. This covers eight principles and 17 key elements of good governance. Councils may find it useful to assess existing governance practices against the key principles in the lighthouse and address any gaps they find.

While this year’s financial audit did not assess every aspect of governance in councils, this report highlights our findings and observations related to:

  • audit committees and internal audit
  • council entities
  • policies and procedures
  • legislative compliance frameworks
  • risk-management.

Audit committees and internal audit

The combined benefit of an audit committee and internal audit function is that councillors can obtain general assurance that internal controls and risk management are working effectively. The 36 councils that do not have an audit committee and internal audit function are operating without important safeguards and generally accepted checks and balances.

Fifty-three councils have not established an audit, risk and improvement committee

The public expects that government agencies meet high standards of integrity. This includes the way agencies manage real or perceived conflicts of interest.

Recommendation

Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.

An effective audit, risk and improvement committee is an important part of good governance.

Councils are not currently required to have an audit, risk and improvement committee. At present, 53 councils do not have a functioning audit committee.

Changes outlined in section 428A of the Local Government Amendment (Governance and Planning) Act 2016 will require councils to establish an audit, risk and improvement committee. This is expected to be a requirement by March 2021.

A table of councils with and without an audit, risk and improvement committee, includes percentage of councils without an audit, risk and improvement commitee
Note: Mid-Coast and Southern Slopes county councils were dissolved on 1 July 2017. They have been excluded from the table.

Section 428B of the Local Government Amendment (Governance and Planning) Act 2016 specifies that councils may jointly appoint an audit, risk and improvement committee to exercise functions for more than one council.

Fifty-two councils do not have an internal audit function

Recommendation

The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

Internal audit is another important element of an effective governance framework as it supports a risk and compliance culture. Internal audit provides assurance that a council's governance practices and internal control environment are effective, and identifies where performance can improve.

Councils are not currently required to have an internal audit function. As the following table shows, 33 rural councils, eight county councils, eight regional councils and three metropolitan councils do not have an internal audit function. Of these councils, nine are newly amalgamated.

A table showing the number of councils with an internal audit function - 86, number without 52 and the percentage without 37.7
Note: Mid-Coast and Southern Slopes county councils were dissolved on 1 July 2017 and have therefore been excluded from the table.

There are 13 councils with an internal audit function but without an audit, risk and improvement committee. An effective audit committee would complement the internal audit function and provide it with a separate reporting line independent of management.

The Office of Local Government (OLG) has not updated the Internal Audit Guidelines it released in 2010. The OLG should, at a minimum, introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

An internal audit function is mandatory for all State government agencies. A useful reference point for councils is available in TPP 15-03 Internal Audit and Risk Management Policy for the NSW Public Sector, issued by NSW Treasury.

Council entities

The Office of Local Government does not have complete information on council entities

Recommendation

The Office of Local Government should maintain an accurate register of entities approved under section 358 of the Local Government Act 1993.

Section 358 of the Local Government Act 1993 (Act) specifies that councils must not form or participate in forming a corporation or other entity, or acquire a controlling interest in a corporation or other entity, except with the consent of the Minister for Local Government. These entities are referred to as ‘council entities’.

Section 415 of the Act deals with auditing of the financial statements of council entities. The definition of a council entity in section 415 includes a wide and diverse range of bodies and is consistent with the definition of entities under section 358 of the Act. Our initial audit work identified 261 entities that met the definition of a council entity.

OLG maintains a register of entities where a council has sought approval from the Minister under section 358 of the Act. The register maintained by OLG was not complete and accurate. It also did not identify what entities had been approved by the Minister.

The legislation does not clarify the financial reporting obligations of council entities

Recommendation

The Office of Local Government should consider establishing a financial reporting framework for council entities.

We found uncertainty in the legislative framework governing the oversight of council entities[5] and their financial reporting and auditing requirements. This can result in a lack of transparency and accountability over the activities of council entities.

The Local Government Act 1993 does not require council entities to keep records or prepare financial statements. Some council entities prepare financial statements, while others do not. The financial statements of some entities are audited, where others remain unaudited.

Given this uncertainty, we sought advice from the NSW Crown Solicitor about the Auditor‑General's obligations under the Act. This confirmed that arrangements for council entities under the Act need clarification. Appendix 11 attaches this advice.

Policies and procedures

Formal policies and procedures support effective governance and internal control as they:

  • provide direction for the day-to-day operations of a council
  • promote consistency
  • clarify accountability and other issues to staff and management
  • support compliance with laws, regulations and codes.
Policies and procedures are not always in place or kept up to date

Councils need to ensure that policies, standards and guidelines are available to staff and contractors across all critical business processes, and that they are reviewed and updated regularly, including when significant changes occur.

Our financial audits did not review all council policies and procedures, but looked at whether policies and procedures for critical business processes exist and are updated. We found 73 cases across 47 councils where policies and procedures did not exist or had not been updated for:

  • financial management
  • information technology
  • procurement
  • contract management.

Of the 73 issues, two were high risk, 48 were moderate risk and 23 were rated low risk

A bar graph showing the 73 risk issues around policies and proceedures in NSW councils. Two were high risk, 48 moderate and 23 low risk

The two high risk issues were:

  • one council without any policies for numerous critical business processes, including payroll, purchases, property, plant and equipment and revenue
  • one council with no IT strategic plan, disaster recovery plan, business continuity plan and only limited IT operating procedures.


[5] Section 358(4) of the Local Government Act 1993 defines entity as ‘any partnership, trust, joint venture, syndicate or other body (whether or not incorporated), but does not include any such entity that is of a class prescribed by the regulations as not being within this definition’.

 

Legislative compliance frameworks

Councils need to improve practices to comply with key laws and regulations

Our audits found 45 councils do not have a legislative compliance framework, which would include a compliance policy and compliance register. Without these, there is an increased risk that councils may breach legislative requirements. This can attract penalties, affect service delivery and cause significant reputational damage.

A compliance framework needs to be suited to the size of a council, but sufficient to help it comply with key legislative obligations. We reported this as a moderate risk at 43 councils and a low risk at two councils.

A graph bar with risk rating including moderate and low risk for legislative compliance frameworks within NSW councils

Risk management

While our financial audits are not designed to assess every aspect of risk management, we did identify 20 instances in 17 councils where risk management practices could be strengthened. Two of these were high risk, 13 were moderate risk and five were low risk.

A bar graph of the risk rating around risk management practices within NSW councils. Found two high risk, 13 moderate and 5 low

Councils should address the high risk issues as a priority because they may affect their ability to achieve their objectives or comply with relevant legislation.

The high risk issues related to:

  • one council where high-rated risks were identified on the risk register but there was no indication of how the risks were being managed. In addition, roles and responsibilities for risk management were not clearly defined
  • one council where fraud-related risks identified by management were not being addressed.

The remaining moderate and low risk issues related to the lack of, or out-dated, risk management frameworks, risk registers and/or policies and procedures. Of the 20 issues identified in risk management practices, 14 related to rural councils.

Councils may find it useful to assess their risk management practices using the Audit Office’s Risk Maturity Toolkit. The toolkit is based on the principles and guidance of International Standards on Risk Management AS/NZS ISO 31000:2009 Risk Management and NSW Treasury Policy Guidelines TPP 12-03 and TPP 15-03. The risk management toolkit needs to be applied in a way that is fit for purpose, considering the size and complexity of each council.

 

5.3 Internal Controls

Our financial audits focus on key internal controls that underpin the financial statements that councils prepare each year. Our audits assess whether key internal controls are designed, implemented and operating effectively to manage the risk of material error in the financial statements.

We report any control deficiencies we find to management and those charged with governance of a council through our audit management letters.

Financial accounting

The two main financial control weaknesses we found related to manual journals and reconciliations. A high proportion of these weaknesses were of moderate risk.

Councils can improve internal controls for manual journals

Staff use manual journals to make changes directly to the general ledger, which supports the preparation of council financial statements. Unlike IT controls, which are typically automated, most manual journals rely on human intervention and oversight. Using manual journal entries without appropriate controls and oversight can increase the risk of error and fraud.

Our audits found 51 cases in 43 councils where there were control weaknesses around manual journals. These included:

  • manual journals not reviewed by an independent officer
  • the finance system not preventing the same officer from posting and approving manual journals
  • inadequate supporting documentation for manual journals posted
  • staff with access to process manual journals beyond their job requirements.

Of the 51 cases, two were considered high risk, 43 of moderate risk and six low risk.

Risk rating for control weaknesses around manual journals in NSW councils. 51 cases were found in 43 councils including 2 high risk, 43 moderate and six low risk

The high risk issues related to:

  • one case where journals were posted to incorrect accounts and this had a significant impact on the financial statements. It could have been prevented if there was an appropriate review of the journals
  • one case where journals could be posted without review by another officer. This was classified high risk, as fraud had been committed at this council in the past.
Councils should reconcile their accounts timely and review them independently

Councils need to improve processes in preparing and reviewing account reconciliations.

Council financial statements are based on information in the general ledger. Balances are often supported by information in subsidiary ledgers, such as for:

  • accounts payable
  • accounts receivable
  • fixed assets
  • payroll.

It is important that councils periodically reconcile the general ledger with these subsidiary ledgers to confirm that data is accurate and complete. Our audits found 103 deficiencies across 61 councils relating to key account reconciliations. Five were high-risk, 46 of moderate risk and 52 low risk.

A bar graph showing the risk rating of 103 deficiencies found across 61 councils. Five were high risk, 46 moderate and 52 low

The issues included:

  • reconciliations not prepared for key account balances
  • reconciliations not reviewed in a timely manner by an appropriate officer
  • long-outstanding reconciling items remaining unresolved for long periods.

The deficiencies were assessed as high risk if they could significantly affect the councils’ financial statements.

If key account reconciliations are not prepared and reviewed promptly, management's ability to identify and resolve issues is affected. That could result in misstatements in financial reporting.

Purchasing and payables

Councils purchase significant amounts of goods and services each year. In 2016–17, for example, councils collectively spent:

  • $3.5 billion to acquire property, plant and equipment
  • $3.9 billion on supplies, services and other general expenditure.
Seventy-six councils need to improve purchasing and payables controls

Sound controls for purchasing and payment functions are important to minimise the risk of unauthorised purchases, fraudulent activity and waste. For example, the report from the recent Independent Commission Against Corruption (ICAC) investigation into the conduct of employees at the former City of Botany Bay Council highlighted serious, systemic failures in procurement practices and internal controls. This led to financial loss and reputational damage.

Our audits identified 130 internal control weaknesses related to the purchasing and payables process across 76 councils. Five were high risk, 97 of moderate-risk, and 28 rated low risk.

Bar graph identifying 130 internal control weaknesses related to the purchasing and payables process across 76 councils. Five were high risk, 97 of moderate-risk, and 28 rated low risk.

The high risk issues related to:

  • unauthorised expenditure, or expenditure approved by an officer without the necessary delegation
  • non-compliance with Tendering Guidelines for NSW Local Government.

The moderate and low risk matters span these same issues but also included:

  • purchase orders raised only after the goods or services were received and paid for
  • reports designed to detect irregular or unusual changes that were not reviewed
  • inadequate segregation of duties in the purchases and payables function
  • inadequate review of credit card transactions and retention of supporting documents
  • lack of review of changes to vendor master file data
  • purchase orders not raised at all.

Payroll

Councils need to have effective payroll controls because employee expenses represent a large portion of their total expenditure. Weaknesses in payroll controls could result in incorrect payments to employees due to either error or fraud.

Seventy-two councils need to improve payroll controls

Our audits identified 126 internal control weaknesses related to payroll processes at 72 councils. One was assessed as high risk, 70 moderate risk and 55 rated low risk.

A bar graph identifying 126 internal control weaknesses related to payroll processes at 72 councils. One was assessed as high risk, 70 moderate risk and 55 rated low risk.

The high risk issue involved a council where payroll staff had unrestricted access to amend sensitive payroll data in the system. There were no mitigating controls as:

  • system logs detailing changes to employee details were not generated
  • exception reports which can be used to identify unusual changes in pay details were not reviewed by an officer independent of the payroll team.

Common issues from the remaining moderate and low risk deficiencies included:

  • no review of changes to details in the payroll master file
  • unapproved staff timesheets
  • unapproved staff leave forms
  • payroll exception reports not reviewed
  • termination payments not reviewed.
Managing excess annual leave is a challenge for some councils

Under the Local Government Award, council employees should have less than eight weeks of annual leave accrued at any time.

We identified staff with annual leave balances greater than eight weeks at 32 councils.

There are several implications of excessive leave balances, including:

  • higher employee costs in the future due to salary increases
  • work, health and safety implications
  • disruptions to service delivery when employees eventually take lengthy periods of leave
  • employee fraud remaining undetected.

 

   

Return to top 




6.Information technology

Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.

Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:

  • high risk issues
  • access to IT systems
  • IT governance.

 

Issues Conclusion
6.1 High risk issues
 
Significant matters reported to those charged with council governance
Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications.

 

High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.

 

6.2 Access to IT systems
 

User access controls

We identified 107 issues across 56 councils where user access controls could be strengthened.

 
Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data.

Privileged access

We identified 86 examples across 64 councils of inappropriate privileged access, inadequate review of access and insufficient retention and review of access logs.

 

User developed applications

User developed applications (UDAs) are computing applications, tools and processes developed or managed outside IT administration. UDAs may allow users to bypass formal user access controls.

Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed.

We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls.

 
It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to:

  • transition UDA functions to internal systems where possible
  • ensure UDAs are adequately controlled where they continue to use them
  • regularly review access rights to UDAs and back-up business-critical information.

 

6.3 IT Governance
 

Strategy, policies and procedures

Around one in four councils do not have an IT strategy or operational plan. Some councils also need to develop or improve IT policies and procedures.

Sixty-six councils do not have an adequate information security policy.

IT governance is enhanced where there is:

  • a fit-for-purpose IT strategy and operational plan
  • appropriate policies, standards and guidelines across all critical IT processes
  • a formally defined process to support security and access to all systems

Disaster recovery and business continuity

Our audits identified that 17 councils do not have a documented plan to recover critical business functions in the event of a disaster.

The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster.

We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting.

 

Sound management of disaster recovery and business continuity includes:

  • a documented plan for how critical business functions will be recovered in the event of a disaster, which is periodically reviewed and tested
  • the ability to restore backed-up data, which is periodically tested.

We expect to focus on these areas in our future audits.

 

6.1 High risk issues

Our audits reported nine high risk information technology control issues in our audit management letters to councils.

A bar graph of information technology control issues in our audit management letters to councils. There were nine high risk control issues, 201 moderate and 42 low

Councils should address high risk issues as a priority as these can increase the risk of fraud and error. The high risk issues fell into three areas:

  • user access controls
  • privileged access controls
  • user developed applications.

The chapter rounds out with some findings on IT governance.

 

6.2 Access to IT systems

User access controls

Access controls are informally documented and inconsistently applied

Our audit found that controls over user access at 38 councils were insufficient, or the councils could not provide evidence that their controls were operating effectively.

User access controls should ensure that individuals only have access to financial systems and data necessary to undertake their job responsibilities.

Councils need to have effective policies and procedures to create, modify and deactivate user access to minimise the risk of individuals having excessive or unauthorised access.

Our audits sought to confirm the effectiveness of user access administration over key financial systems against these principles. Where we found issues, these were mostly moderate rather than high risk because councils had mitigating controls in place.

We identified staff at 35 councils with access to systems beyond what their job requires.

In three councils, the risks were high because there were only limited mitigating controls. In each case, we were required to perform extra audit procedures. These three councils have remediation plans in place, which we will review during our next audit.

We also found that 30 councils need to strengthen their password parameters for financial reporting systems.

A table of effective user access control practice recommendations for councils including clear policies and procedures and regular review of user access

Privileged access

Privileged access occurs when a person can change key system configurations and has wide access to system data, files and accounts. Our audits found examples of inappropriate privileged access, inadequate review and insufficient retention of access logs to monitor the activities of privileged system users.

To minimise the risk of individuals having inappropriate access to IT systems, councils need to strengthen their policies and procedures over privileged user access.

Staff and third-party contractors had unmonitored access to some council systems

Privileged access controls should follow the same good practice principles as general access controls discussed above. However, the impact of poor administration of privileged access controls can be greater than general access controls, because privileged access enables greater control over key IT systems.

Access to IT systems should be granted using the principle of 'least privilege'. This means that system users should only have the system access privileges needed to perform their job, and
no-one should have ongoing access to highly privileged functions unless their job demands it.

Where individuals have privileged access, independent oversight should detect and rectify any inappropriate activity. Activity logs of users with privileged access should be reported to someone in a position of authority who is independent of the IT team.

Our audits found:

  • IT staff, finance staff and senior management at 22 councils with inappropriate access to privileged finance applications and council data. They could bypass system-based controls or make direct changes to financial data
  • fifty-six councils where there is no review of access and usage for users with highly privileged system access
  • eleven councils where highly privileged generic user accounts were shared between staff and third-party contractors, limiting the effectiveness of any audit logs
  • nine councils with no audit logs detailing the activity of privileged users
  • two councils where audit logs were not reviewed or secured
  • one council where IT staff could develop and implement changes to financial systems without any authorisation and oversight.

At five councils, these observations were high risk due to a combination of weaknesses. As a result, we were required to perform extra audit procedures to address the risk. These councils also have remediation plans in place, which we will review during our next audit.

Access controls over third-party service providers needs to be strengthened

Most councils rely on third-party service providers for IT administration support. This can be from the vendor of key council systems or an independent IT contractor. Councils need to ensure their existing risk management framework provides assurance for controls over IT outsourcing.

Our audits identified:

  • nine councils where there were third parties with unrestricted and unmonitored access to council systems and data
  • three councils that had cloud-based financial reporting systems where the council has no assurance that key controls at the service provider are operating effectively
  • one council where there was significant reliance on the systems, knowledge and expertise of third parties with no plan should these services be withdrawn.

These examples presented a moderate risk given mitigating controls in place.

User developed applications

User developed applications (UDAs) are computing applications, tools and processes that are developed or managed outside IT administration. These pose extra risks because controls used by internal IT systems may be absent.

User developed applications allow users to bypass user access controls

Councils commonly use UDAs such as spreadsheets, databases and reporting tools in day-to-day operations. There may be internally developed workarounds when a vendor-supplied solution is absent or too expensive to implement.

Reasons why councils might use UDA tools include that they can:

  • allow users to interact with council data directly and independently
  • be developed cheaply and quickly compared to system enhancements that use a more traditional system development lifecycle.

At the same time, UDAs can pose significant risks. They can lack the traditional controls of a formally deployed business application, and often sit outside the defined control environment. Over time, their original purpose can be lost and their use and complexity can expand. This increases the risk of errors or intentional misuse.

Because of these risks, councils should consider migrating from UDAs to internal IT systems wherever possible. Where this is not feasible, they should implement mitigating controls such as:

  • ensuring that UDAs are subject to the council’s software development lifecycle requirements for specification, design, building, testing and maintenance
  • reviewing and updating policies for user access controls and ensuring assigned access rights to UDAs are appropriate and periodically reviewed
  • ensuring all business-critical UDAs are backed up regularly and their recoverability tested.

Our audits found:

  • twenty-two councils where spreadsheets were used for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed. Examples included the calculation of development application fees and depreciation
  • five councils where finance staff and senior management had inappropriate access, using database query tools to directly modify financial data in database tables, circumventing system-based business process controls.

These observations were mostly classed as moderate risk as there were mitigating controls in place. However, it was a high risk issue at one council because of the importance of the data maintained in spreadsheets and the lack of access and version controls.

 

6.3 Information technology governance

IT governance refers to the strategies and frameworks, polices and processes that councils use to oversee and manage IT risks.

Strategy, policies and procedures

One in four councils do not have an IT strategy or operational plan

An IT strategy and an operational plan are important for achieving the best use of IT resources.

An IT strategy links technology use to the wider objectives of a council. It needs to be fit for purpose and take into account the size and complexity of a particular council.

An IT operational plan sets out the day‑to‑day tasks, time frames, responsibilities and resources needed to realise the goals of an IT strategy.

Thirty-one councils did not have an IT strategy or operational plan.

We also found that 16 councils had an IT operational plan but not an IT strategy. Without an IT strategy, there is a risk that IT investment is not aligned with council priorities. Some councils need to develop or improve IT policies and procedures.

A table around how councils can strengthen IT governance to make it effective, including ensuring an IT strategy and operational plan are in place and making sure standards and guidelines are communicated to staff and contractors

Clear and well-defined IT policies and procedures help organisations to implement their strategies and plans. Our audits found the following issues across 33 councils:

  • twenty-four councils without formal IT policies and procedures over IT security, change management, disaster recovery and/or business continuity
  • seventeen councils without a formal and defined process to appropriately support access management for financial reporting systems
  • seventeen councils that need to strengthen existing policies and procedures for IT security, change management or disaster recovery
  • two councils that had not reviewed or updated IT policies and procedures in several years.
Over half of councils do not have an information security policy

We identified that 66 councils do not have a formal information security policy. Without this, councils are likely to rely on the knowledge, risk appetite and diligence of individual staff to maintain the security of key IT systems. All councils should have a formally defined process to support the security of and access to all systems.

On 2 March 2018, the Audit Office tabled a performance audit report on ‘Detecting and responding to cyber security incidents’. Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent. Recent global and national security incidents highlight the importance for councils to have systems and processes for detecting and responding effectively to security incidents.

Disaster recovery and business continuity

Councils can improve backup, disaster recovery and business continuity controls

The ability to restore data from valid backups is critical to ensure business continuity. Without it, councils may be unable to continue providing essential public services in the face of a system disaster.

Councils need to thoroughly assess their business systems and documented plan outlining how critical business functions will be recovered in the event of a disaster. Once plans are in place, they then need to be reviewed and tested regularly. The ability to restore backed-up data should also be periodically tested.

We found that 17 councils do not have a documented plan to recover from a disaster. We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting.

Without these measures, there may not be a clear process to minimise the impact of a significant incident interrupting critical business functions to ensure the continued delivery of services.

We expect to focus on these areas in our future audits

 
 

Return to top 



Appendices


Appendix one - Response from the Office of Local Government

Appendix two - List of recommendations

Appendix three - Sources of information and council classifications

Appendix four - Councils amalgamated in 2016

Appendix five - Status of audits

Appendix six - Council spending by function - Definitions from the local government code of accounting practice and financial reporting

Appendix seven – OLG’s performance indicators from the audited financial statement - Descriptions

Appendix eight – OLG’s performance indicators from the unaudited special schedule 7 - Descriptions

Appendix nine – Financial information

Appendix ten – OLG’s performance indicators

Appendix 11 – NSW Crown Solicitor’s advice

 

 

 
Return to top