Report snapshot
Report snapshot: Internal controls and governance 2024
About this report
Internal controls are key to the accuracy and reliability of agencies’ financial reporting processes. This report analyses the internal controls and governance of 26 of the NSW public sector’s largest agencies for the 2023–24 financial year.
Findings
There are gaps in key business processes, which expose agencies to risks. These gaps are identified in 121 findings across the 26 agencies – including four high-risk, 73 moderate-risk and 44 low-risk findings. All four high-risk issues related to IT controls and 19% of control deficiencies were repeat issues. Thirty-five per cent of agencies had deficiencies in control over privileged access.
Shared IT services
Six agencies provide IT shared services to 120 other customer agencies. All six had control deficiencies – three of these were high risk. Four agencies provide no independent assurance to their customers about the effectiveness of their own IT controls.
Cyber security
Eighteen agencies assessed cyber risk as being above their risk appetite. Fourteen of these agencies had not set a timeframe to resolve these risks and two agencies have not funded plans to improve cyber security.
Fraud and corruption control
Agencies need to improve fraud and corruption control. Instances of non-compliance with TC18-02 NSW Fraud and Corruption Policy were identified, including gaps such as a lack of comprehensive employment screening policies and not reporting matters to the audit and risk committee.
Gifts and benefits
Management of gifts and benefits requires better governance and transparency. All agencies had policy and guidance but all had gaps in management and implementation – such as not publishing registers nor providing ongoing training.
Information technology
Nine agencies did not effectively restrict or monitor user access to privileged accounts.
Recommendations
The report makes recommendations to agencies to implement proper controls and improve processes in relation to:
- organisational processes
- information technology
- cyber security
- fraud and corruption
- gifts and benefits.
Fast factsThe 26 largest NSW government agencies in this report cover all eleven portfolios of agencies and represent over 95% of total expenditure for the NSW public sector.
|
Further information
Please contact Renee O'Kane, Chief of Staff, on 9275 7347 or by email.
Report snapshot: Supporting students with disability
About this report
Australian and state legislation protects the right of students with disability to a quality education, free from discrimination. These require that students with disability be supported to access and participate in education on the same basis as their peers without disability.
This audit assessed whether the NSW Department of Education (the department) is effectively supporting students with disability in NSW public schools.
Findings
The department has effectively designed approaches and developed reforms under its 2019 Disability Strategy and related measures.
But it still hasn’t resolved longstanding issues with funding, access to targeted supports, monitoring school practice and tracking outcomes for students with disability.
This is despite the department being made aware of these performance gaps for almost two decades across multiple audits, parliamentary inquiries and the recent national Disability Royal Commission.
Recommendations
The report makes five recommendations to address these gaps, including that the department should:
- annually monitor the experiences and outcomes of students with disability to be able to identify and address emerging issues, and promote good practice
- reform funding to be better aligned to student needs
- enhance guidance and support to schools and families on making reasonable adjustments for students with disability.
Fast facts
|
Further information
Please contact Renee O'Kane, Chief of Staff, on 9275 7347 or by email.
Report snapshot: Threatened species and ecological communities
About this report
Over 1,100 native animals, plants and ecological communities are listed as threatened in New South Wales. The Department of Climate Change, Energy, the Environment and Water (DCCEEW) delivers programs and activities aiming to reduce the risk of extinction for threatened species and ecological communities.
This audit assessed whether DCCEEW has effectively delivered outcomes to support threatened species and ecological communities across New South Wales including delivery of the statutory Biodiversity Conservation Program (Saving our Species).
Findings
DCCEEW uses a risk-based approach to guide and deliver a range of programs aiming to improve the outcomes for threatened species and ecological communities.
However, DCCEEW has not effectively determined departmental priorities, coordinated programs to align efforts, or reported on the overall outcomes it is delivering for threatened species and ecological communities.
Further, DCCEEW does not capture sufficient data to monitor species that it is not actively managing, creating a risk that it cannot readily identify or respond to further decline.
Under the Saving our Species program, DCCEEW is delivering conservation actions for less than one-third of all threatened species and ecological communities. This number has reduced over time, in line with reduced program funding.
Gaps in core program planning and risk management frameworks create program delivery risks.
Recommendations
The report made several recommendations to DCCEEW, focusing on:
- strengthening Saving our Species program compliance, governance, planning and risk management frameworks
- developing a long-term framework to coordinate and align efforts across DCCEEW for the delivery of threatened species outcomes
- expanding activities to improve coordination with other parts of government delivering activities that impact on outcomes for threatened species.
Fast facts
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Ambulance services in regional New South Wales
About this report
NSW Ambulance delivers emergency and non emergency medical services and transport to patients in New South Wales, and connects patients who do not need an emergency medical response with the most appropriate health provider.
NSW Ambulance operates as part of a network of public health services.
This audit assessed the efficiency and effectiveness of ambulance services in regional New South Wales
Findings
NSW Health is maintaining effective ambulance services in regional New South Wales, despite increasing demand.
NSW Ambulance and the Ministry of Health use effective governance arrangements to monitor regional ambulance performance. NSW Ambulance and Local Health Districts (LHDs) communicate effectively to manage day-to-day operational challenges. However, the audit identified opportunities to improve the Ministry’s oversight of regional performance, and to enhance information sharing between NSW Ambulance and LHDs.
NSW Health is working to identify opportunities to reduce demand on the NSW Ambulance fleet and hospital emergency departments in regional New South Wales.
NSW Ambulance undertakes holistic service planning to efficiently deliver ambulance services in regional New South Wales.
Recommendations
The audit recommends that:
- The Ministry of Health, eHealth and NSW Ambulance implement a new NSW Ambulance Electronic Medical Record system
- The Ministry of Health and NSW Ambulance improve system oversight, monitoring and reporting of ambulance performance at the regional and metropolitan level
- The Ministry of Health finalise its Transport for Health strategy and undertake a review of all non-emergency patient transport operators across the state
- NSW Ambulance and LHDs improve strategic engagement with other NSW Health entities.
Fast facts
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Regional Digital Connectivity program
About this report
The Regional Digital Connectivity program (RDCP) is intended to improve mobile coverage and internet connectivity in regional NSW.
The RDCP includes two funding programs, one for improving mobile coverage and the other for improving internet connectivity. Both programs provide grant funding to commercial telecommunications providers for eligible mobile and internet projects.
This audit assessed whether the Department of Regional NSW (the department) is effectively administering the RDCP to meet program objectives.
Findings
The department's approach to identifying priority areas for RDCP funding was comprehensive and it largely distributed funding in line with these priorities.
The department has not specifically defined the overall objectives of the RDCP. The department has developed business cases that set out each program’s respective objectives, but these do not consistently describe the objectives of the RDCP.
The department also has not developed an overarching investment strategy, which would assist it in addressing potentially conflicting priorities.
Deficiencies in project and risk management have contributed to delays in the department’s implementation of the program.
The department is not monitoring progress against outcomes, which limits its ability to demonstrate that the program is achieving its intended purpose.
The department did not meet its original mobile coverage performance target but met its internet connectivity target.
Recommendations
To improve RDCP administration, the report recommends that by June 2025, the department should:
- develop an overarching investment strategy for the RDCP
- outline the expected timelines for RDCP projects and ensure that these timelines are updated regularly
- develop and report on RDCP outcome indicators
- update the RDCP evaluation plan
- update the expected benefits of the program to reflect changes in the RDCP.
Fast facts
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Government advertising 2022-23
About this report
The Government Advertising Act 2011 requires the Auditor-General to undertake a performance audit of the activities of one or more government agencies in relation to government advertising campaigns in each financial year.
This year, we examined two campaigns run by Transport for New South Wales (TfNSW) - 'Don't trust your tired self' (DTYTS) and 'Saving lives on country roads' (SLCR). The audit assessed whether they were carried out effectively, economically, and efficiently, and complied with regulatory and policy requirements.
Audit findings
The DTYTS campaign complied with all requirements set out in the Act, the Regulation, and Government Advertising Guidelines - except for the requirement to complete an approved and complying cost-benefit analysis (CBA), as per the Guidelines.
The campaign had a clear target audience. It achieved many of its stated objectives and other performance measures and represented an economical and efficient spend.
However, TfNSW has not measured the campaign's long-term impact and this, combined with the lack of a complying CBA, meant that TfNSW could not confidently demonstrate the campaign's effectiveness.
The SLCR campaign (which commenced in 2017) was last run fully in 2021–22. TfNSW could have improved the formal documentation of its decision-making process when it cancelled the SLCR campaign.
TfNSW continued to run state-wide advertising campaigns – with regional components - to address road safety in regional NSW.
Recommendations
By 31 October 2024, TfNSW should implement processes that ensure:
- CBAs prepared for government advertising campaigns comply with the Government Advertising Guidelines
- long-term impacts of advertising campaigns are evaluated
- strategic and operational decision-making about advertising campaigns, such as starting, stopping or significantly changing a campaign, is well-documented and follows good practice.
Fast facts
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Universities 2023
About this report
Financial audit results of the NSW public universities’ financial statements for the year ended 31 December 2023.
Audit findings
Unmodified audit opinions were issued for all ten universities.
Eight universities reported net deficits. Three of these improved on their 2022 results.
Total fees and charges returned to pre-pandemic levels, with 40.5% earned from overseas students from three countries.
Employee related expenses increased 10.2% in 2023 mainly due to an additional 2,830 full time equivalent staff, in response to increased teaching and research activities.
Key issues
The number of findings reported to management has increased to 111 matters in 2023 up from 88 in 2022.
These included one high risk finding and 62 moderate risk findings, a 72% increase from last year.
Gaps identified in universities governance processes included delays in responding to findings and recommendations; staff not attesting compliance with codes of conduct annually; and not capturing and recording staff conflicts of interests within central registers.
Seven of the ten universities have cyber security risks above what they determine as an acceptable risk. Four universities did not have a cyber security uplift program.
Recommendations
Universities should address all recommendations made in the report (see Appendix one for a summary of these).
In particular, there should be a focus on prioritising remediation of wage underpayments to affected employees; ensuring a centralised conflict of interest register is maintained for all staff; considering emerging risks in university risk registers; ensuring controlled entities are considered when determining internal audit plans; and focusing efforts to improve cyber security risk management and cyber resilience capability.
Fast factsThere are ten public universities in NSW, with 53 controlled entities in Australia and 25 overseas controlled entities.
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Oversight of the child protection system
About this report
This audit assessed the effectiveness of the Department of Communities and Justice (DCJ) in planning, designing, and overseeing the NSW child protection system.
The audit used 'follow the dollar' powers to assess the performance of five non-government organisations (NGOs), that were contracted to provide child protection services. More information about how we did this is included in the full report.
Findings
The NSW child protection system is inefficient, ineffective, and unsustainable.
Despite recommendations from numerous reviews, DCJ has not redirected its resources from a ‘crisis
driven’ model, to an early intervention model that supports families at the earliest point in the child protection process.
DCJ's organisational structure and governance arrangements do not enable system reform.
DCJ has over 30 child protection governance committees with no clarity over how decisions are made or communicated, and no clarity about which part of DCJ is responsible for leading system improvement.
DCJ's assessments of child protection reports are labour intensive and repetitive, reducing the time that caseworkers have to support families with services.
DCJ has limited evidence to inform investments in family support services due to a lack of data about the
therapeutic service needs of children and families. This means that DCJ is not able to provide relevant services
for families engaged in the child protection system. DCJ is not meeting its legislated responsibility to ensure that families have access to services, and to prevent children from being removed to out of homecare.
DCJ does not monitor the wellbeing of children in out of home care. This means that DCJ does not have the information needed to meet its legislative responsibility to ensure that children 'receive such care and protection as is necessary for their safety, welfare and well-being’.
In August 2023, there were 471 children living in costly and inappropriate environments, such as hotels, motels, and serviced apartments. The cost of thisemergency accommodation in 2022–2023 was $300million. DCJ has failed to establish ‘safe, nurturing, stable and secure’ accommodation for children in these environments.
Since 2018–19, the number of children being returned to their parents from out of home care has declined. During the five years to 2022–23, families have had limited access to restoration services to support this process.
Recommendations
The audit made 11 recommendations to DCJ. They require the agency toidentify accountability for system reform, and to take steps to ensure that children and families have access to necessary services and support.
Fast facts
|
Further information
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.
Report snapshot: Safeguarding the rights of Aboriginal children in the child protection system
About this report
The Department of Communities and Justice (DCJ) is responsible for safeguarding the rights of Aboriginal children, families, and communities when they encounter the child protection system. These rights are known as the Aboriginal and Torres Strait Islander Principles (the Principles), which are set out in legislation.
DCJ provides early intervention, prevention and out of home care services and also subcontracts non-government organisations to provide these services.
This audit assessed whether DCJ, and five funded non-government organisations that provide out of home care services, are effectively safeguarding the rights of Aboriginal children in the child protection system.
Findings
DCJ cannot demonstrate its compliance with the Principles. DCJ has not embedded the Principles in its governance,
accountability arrangements, policy and day-to-day casework practice.
Insufficient governance and accountability arrangements have contributed to DCJ's failure to deliver on Aboriginal strategies and reforms in the last five years.
DCJ has not developed holistic family preservation models based on Aboriginal ways of healing.
DCJ is aware that its structured decision-making tools, used to make significant casework decisions, adversely affect Aboriginal children and their families. However, DCJ continues to use the tools.
DCJ has no quality assurance mechanisms over its child protection system and casework practice.
As system steward, DCJ has not provided non-government organisations with means to satisfy the Principles.
Recommendations
The audit recommends that DCJ:
- establish governance and accountability arrangements that provide oversight of the safeguards and outcomes for Aboriginal children and families
- develop and implement a quality assurance framework to ensure compliance with safeguards for Aboriginal children at all points in the child protection system
- fulfil its commitment to develop and implement a healing framework for child protection services
- commission family preservation services consistent with the principles of self-determination and participation set out in
the Principles
Fast facts
|
Further information
Please contact Claudia Migotto, Acting Deputy Auditor-General on 9275 7347 or by email.
Report highlights: Workers compensation claims management
What this report is about
Workers compensation schemes in NSW provide compulsory workplace injury insurance. The effective management of workers compensation is important to ensure injured workers are provided with prompt support to ensure timely, safe and sustainable return to work.
Insurance and Care NSW (icare) manages workers compensation insurance. The State Insurance and Regulatory Authority (SIRA) regulates workers compensation schemes. NSW Treasury has a stewardship role but does not directly manage the schemes.
This audit assessed the effectiveness and economy of icare’s management of workers compensation claims, and the effectiveness of SIRA’s oversight of workers compensation claims.
Findings
icare is implementing major reforms to its approach to workers compensation claims management - but it is yet to demonstrate if these changes are the most effective or economical way to improve outcomes.
icare’s planning and assurance processes for its reforms have not adequately assessed existing claims models or analysed other reform options.
icare's activities have not focused enough on its core responsibilities of improving return to work and maintaining financial sustainability.
SIRA has improved the effectiveness of its workers compensation regulatory activities in recent years. Prior to 2019, SIRA was mostly focused on developing regulatory frameworks and was less active in its supervision of workers compensation schemes.
NSW Treasury's role in relation to workers compensation has been unclear, which has limited its support for performance improvements.
Recommendations
icare should:
- ensure that its annual Statement of Business Intent clearly sets out its approach to achieving its legislative objectives
- monitor and evaluate its workers compensation scheme reforms
- develop a quality assurance program to ensure insurance claim payments are accurate.
NSW Treasury should:
- work with relevant agencies to improve public sector workers compensation scheme outcomes
- engage with the icare Board to ensure icare's management is in line with relevant NSW Treasury policies.
SIRA should:
- address identified gaps in its fraud investigation
- develop a coordinated research strategy.
Fast facts
|
Further information
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.