The spate of emergencies affecting NSW over the last year may have contributed to an increase in internal control deficiencies in the state’s public sector, a report says.
Auditor General Margaret Crawford look at financial and governance risks in areas including IT security and procurement, as well as business continuity, and delegation following machinery of government changes that came into force in July.
Her report, released on Tuesday, focuses on 40 of the largest public sector agencies for the year ending 30 June 2020, including departments, state owned corporations and statutory bodies.
Collectively they constitute an estimated 85 per cent of total public sector agency expenditure, and in the last financial year had a combined revenue of $117.6 billion.
The report found internal control deficiencies increased by 13 per cent compared to last year, with ten high risk findings compared to four last year.
The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.
Margaret Crawford
Common findings were: out of date or missing policies, poor record keeping and document retention, and problems around centralised registers.
Deficiencies in financial operations, IT operations, compliance and reporting were common across all agencies.
“The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies,” Ms Crawford said.
Procurement
As of 30 June 2020, the audited agencies reported 32,239 emergency procurements with a total contract value of $316,908,485.
The government’s emergency procurement procedures relaxed procurement requirements to some extent and most agencies were compliant.
However, the audit found that while all agencies had policies and guidance around procurement, 17 per cent hadn’t reviewed these policies.
It also found 13 per cent of agencies with contract registers didn’t include all contracts and eight per cent left out relevant contract details.
The report found inadequate oversight of controls around user access at 53 per cent of agencies, including a failure to monitor privileged users and deficient password controls at one in four.
“The deficiencies increase risk of non-compliance with NSW cyber security policy,” the report said.
Planning for business continuity
Deficiencies were also identified in business continuity and disaster recovery planning arrangements.
Twenty-three per cent of agencies hadn’t conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities, the report found.
“Addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required,” Ms Crawford said.
Agencies’ instruments of delegation and delegation manuals had also not been updated following legislative or administrative changes, or lacked dates for regular review.
The audit also found that recommendations made after last year’s audit hadn’t been implemented.
Thirty-eight per cent of agencies haven’t updated their gifts and benefits register, 56 per cent of agencies hadn’t provided staff training and 63 per cent hadn’t implemented an annual attestation process for senior management.
Ninety-seven per cent of agencies hadn’t published their gifts and benefits register on their website and 41 per cent were were failing to brief relevant individuals in trends in the register.
A not surprising report. Given the unprecedented time in NSW History. The strain of the pace of change and the overall lack of relief provided to those who have had to work through these times. So the Auditors report does not include a Human Capital report, apart from.
“The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.
Margaret Crawford”
Question is who is paying the price!
The continuous increase in the human cost is hidden. I expect this would correspond to the things that have been let slide. So, we reduced Public sector numbers, remuneration and the expectations of doing more with less has been a hallmark of the NSW Government doesn’t comes at a price.
So should we have done better Vs could we have done better with the limited human resources that our current Project delivery style of government services sector model expects from its staff!