High risk control deficiencies at NSW public sector agencies have increased, according to a report that highlights over-reliance on consultants, dodgy procurement registers and inadequate employee screening.
The NSW Auditor General’s report on internal controls and governance released late last year covers the 25 biggest NSW public sector agencies.
It found 23 high-risk findings in the 2021-22 financial year, up from 20 the previous year.
The proportion of control deficiencies identified as high-risk went from 5.9 per cent the previous year to 8.2 per cent, auditor Margaret Crawford said.
“Of concern were ten high-risk findings that were repeat deficiencies reported in the previous year, including two deficiencies previously reported as high-risk in 2020–21,” Ms Crawford says.
Sixteen of the 23 high-risk findings related to financial controls and seven related to IT.
More than half the agencies (56 per cent) had deficiencies around IT general controls, including around user access, passwords, privileged access and failed login attempt restrictions.
All up, 279 internal control deficiencies were identified, which was a 17 per cent decrease from the previous year.
Over reliance on consultants and contractors
The audit highlights risks around third party IT service providers, contractors and consultants.
It warns agencies are risking becoming over-reliant on the same pool of consultants and contrators, with one in four agencies having re-engaged the same contractor over the past five years.
Combined contractor fees across the 25 agencies came to $1.2 billion, and the bill for combined consultant fees stood at $127 million.
Between 2018 and 2022 the government agencies spent $672 million on consultants with the ‘Big 4’ of KPMG, Ernst and Young, Pricewaterhouse Coopers and Deloitte the highest paid.
“In reviewing agencies’ top three highest paid consultants for the last five years, 60 per cent of agencies have relied on the same consultant for at least three of those years, and 28 per cent have relied on the same consultant for at least four of those years,” the report says.
“Eighty per cent of agencies have engaged contractors on a recurring basis over the last five years, and 11 of these agencies have re-engaged the same contractor for five or more years.
“All of these agencies have re-engaged contractors for the same role or type of work, and 37 per cent had also re-engaged contractors for different work.”
Incomplete record keeping
The audit found all agencies maintained a contract register, but almost half (40 per cent) were incomplete and missing details.
Sixteen per cent didn’t regularly review the accuracy and completeness of their contract register, and half didn’t keep registers for revenue or lease agreements.
The report cites on case where a senior procurement officer recommended a vendor for a $10 million contract in January 2018, left the agency in April 2018 and took a manager position with the vendor in September 2018.
The former officer became a director at the vendor in 2019.
No declaration of conflict of interest was made while the person was an employee or as part of the procurement process, and agency management was unable to find key documents relating to the transaction including the original recommendation to award the contract.
Inadequate screening
Ms Crawford also found a quarter of agencies are failing to comply with employee screening requirements under state government legislation.
Only 42 per cent of agencies conducted credential checks for all appointments.
“Screening and induction practices for non-permanent workers are often less stringent than for permanent employees,” the report says.
“This can pose increased risks to an entity of not detecting applicants with false credentials or a history of corrupt conduct.”
Yes–it’s a big problem, especially for amalgamated councils which are too big for a councillor to keep abreast of all the financial details, including those of what services have been outsourced and which of thosevwent to tender, and what was the “job description” for each. Then there’s no opportunity to f/u to ensue that the tasks to be undertaken are actually fulfilled by the chosen provider, as per “job description”. It also allows for potential corruption in the process of awarding the job, and it seems to result in favoured companies being employed. Gone are the days it seems of employing locl companies wh are therefore more accountable, and to employing local individuals as staff. The latter two lead to better return to the community as the providers are more likel;y to be familiar with the LGA in which they are employed!