CINXE.COM

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#"> <head> <meta charset="utf-8" /> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-26493354-1"></script> <script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments)};gtag("js", new Date());gtag("set", "developer_id.dMDhkMT", true);(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TR7JD24');gtag("config", "UA-26493354-1", {"groups":"default","anonymize_ip":true,"page_placeholder":"PLACEHOLDER_page_path"});</script> <link rel="shortlink" href="https://www.audit.nsw.gov.au/reports" /> <meta property="og:site_name" content="Audit Office of New South Wales" /> <meta property="og:url" content="https://www.audit.nsw.gov.au/our-work/reports" /> <meta property="og:title" content="Reports" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:url" content="https://www.audit.nsw.gov.au/our-work/reports" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="https://www.google.com/recaptcha/api.js?hl=en" async defer></script> <link rel="icon" href="/themes/custom/aonsw/favicon.ico" type="image/vnd.microsoft.icon" /> <title>Reports | Audit Office of New South Wales</title> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_P7CMP_sI_JsogbFy2dvWostqGca1fEt6igJ8JjEUsiY.css?delta=0&language=en&theme=aonsw&include=eJxtjlFuxCAMRC9E4EiRY7yExmCEoVl6-kbJqtWu8mPNvJFmHEQC0wwZeLSI6sIHMBpTOUCR0su8sOCm7oYZHdoouQWUDDKojjedSBUCqUGp5LLUBBx_yIBk3V1gWYAnbYNjDi-oHHEzBSqECmVV52svwPaf2J5LXzjqSt58R9rVndcm8Z3pDcEXPA1CabjC9dkDkNpcqfAh3Oms9pSgjiv7W7ycPYums-g2x5VwW-Q57dEHarcDKMdA9voLkU6S9Q" /> <link rel="stylesheet" media="all" href="/sites/default/files/css/css_sOWVG29Dk22tOTkWG0B2PUWEsKxBRwy14qw5udLSW5I.css?delta=1&language=en&theme=aonsw&include=eJxtjlFuxCAMRC9E4EiRY7yExmCEoVl6-kbJqtWu8mPNvJFmHEQC0wwZeLSI6sIHMBpTOUCR0su8sOCm7oYZHdoouQWUDDKojjedSBUCqUGp5LLUBBx_yIBk3V1gWYAnbYNjDi-oHHEzBSqECmVV52svwPaf2J5LXzjqSt58R9rVndcm8Z3pDcEXPA1CabjC9dkDkNpcqfAh3Oms9pSgjiv7W7ycPYums-g2x5VwW-Q57dEHarcDKMdA9voLkU6S9Q" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700" rel="stylesheet"> </head> <body class="path-reports"> <noscript> <style> form .fieldgroup { visibility: visible !important; height: auto !important; } form .form--inline > .form-actions, .explore-carousel, .block-homepagefeatureother > .field__items { visibility: visible !important; } .dropdown-box { display: none; } .item-list__checkbox { display: block; max-height: initial; position: initial; } .item-list__checkbox .select-all { display: none; } .item-list__checkbox .checkmark { display: none; } .item-list__checkbox .is-active .facet-item__status { color: transparent; } .item-list__checkbox .is-active .facet-item__status:after{ content: ""; position: absolute; left: 24px; top: 12px; width: 9px; height: 14px; border: solid #e40428; border-width: 0 3px 3px 0; -webkit-transform: rotate(45deg); transform: rotate(45deg); } </style> </noscript> <a href="#main-content" class="visually-hidden focusable skip-link"> Skip to main content </a> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <header> <div class="region region-header"> <div id="block-aonsw-branding" class="block block-system block-system-branding-block"> <a href="/" title="Home" rel="home" class="site-logo"> <img src="/themes/custom/aonsw/logo.svg" alt="Audit Office of New South Wales" /> </a> </div> </div> <div class="header-menu"> <button class="search-icon"><img src="/themes/custom/aonsw/images/icons/Search.svg" alt="Search"></button> <button class="hamburger-menu"><img src="/themes/custom/aonsw/images/icons/hamburger-menu.svg" alt="Show menu"></button> </div> <div class="header-nav" id="navbar"> <div class="menu-close"> <button><img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close menu"></button> </div> <div class="region region-primary-menu"> <nav aria-labelledby="block-aonsw-main-menu-menu" id="block-aonsw-main-menu" class="block block-menu navigation menu--main"> <h1 class="visually-hidden" id="block-aonsw-main-menu-menu">Main navigation</h1> <ul class="menu"> <li class="menu-item menu-item--expanded menu-item--active-trail"> <a href="/our-work" title="Our work" data-drupal-link-system-path="node/869">Our work</a> <ul class="menu"> <li class="menu-item menu-item--active-trail"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A17" data-drupal-link-query="{"f":["progress_id:17"],"progress_id":{"17":"17"}}" data-drupal-link-system-path="reports">Published reports</a> </li> <li class="menu-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A18&f%5B1%5D=progress_id%3A19&f%5B2%5D=progress_id%3A20" data-drupal-link-query="{"f":["progress_id:18","progress_id:19","progress_id:20"],"progress_id":{"17":"17"}}" data-drupal-link-system-path="reports">Upcoming reports</a> </li> <li class="menu-item"> <a href="/our-work/audit-program" title="Audit program" data-drupal-link-system-path="node/876">Audit program</a> </li> <li class="menu-item"> <a href="/our-work/emergency-relief-grants" data-drupal-link-system-path="node/1545">Emergency relief grants</a> </li> <li class="menu-item"> <a href="/our-work/requests-for-audit" data-drupal-link-system-path="node/1027">Requests for audit</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/our-work/resources" title="Resources" data-drupal-link-system-path="node/851">Resources</a> </li> </ul> </li> <li class="menu-item menu-item--expanded"> <a href="/our-stakeholders" title="Our stakeholders" data-drupal-link-system-path="node/839">Our stakeholders</a> <ul class="menu"> <li class="menu-item"> <a href="/our-stakeholders/parliament" data-drupal-link-system-path="node/86">Parliament</a> </li> <li class="menu-item"> <a href="/our-stakeholders/citizens" data-drupal-link-system-path="node/46">Citizens</a> </li> <li class="menu-item"> <a href="/our-stakeholders/state-entities" data-drupal-link-system-path="node/69">State entities</a> </li> <li class="menu-item"> <a href="/our-stakeholders/local-government" title="Local government entities" data-drupal-link-system-path="node/71">Local government</a> </li> <li class="menu-item"> <a href="/our-stakeholders/universities" title="Universities" data-drupal-link-system-path="node/72">Universities</a> </li> </ul> </li> <li class="menu-item menu-item--expanded"> <a href="/who-we-are" data-drupal-link-system-path="node/840">Who we are</a> <ul class="menu"> <li class="menu-item"> <a href="/who-we-are/about-the-auditor-general" data-drupal-link-system-path="node/879">About the Auditor-General</a> </li> <li class="menu-item"> <a href="/who-we-are/about-the-audit-office" data-drupal-link-system-path="node/66">About the Audit Office</a> </li> <li class="menu-item"> <a href="/who-we-are/our-structure" data-drupal-link-system-path="node/1133">Our structure</a> </li> <li class="menu-item"> <a href="/who-we-are/our-people" title="Our people" data-drupal-link-system-path="node/183">Our people</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/who-we-are/our-accountability" data-drupal-link-system-path="node/848">Our accountability</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/who-we-are/diversity-inclusion-and-accessibility" data-drupal-link-system-path="node/1337">Diversity, inclusion and accessibility</a> </li> <li class="menu-item"> <a href="/who-we-are/corporate-plan" title="Our corporate plan" data-drupal-link-system-path="node/92">Our corporate plan</a> </li> <li class="menu-item"> <a href="/annual-reports" title="Annual Reports" data-drupal-link-system-path="annual-reports">Our annual reports</a> </li> <li class="menu-item"> <a href="/who-we-are/our-history" data-drupal-link-system-path="node/182">Our history</a> </li> </ul> </li> <li class="menu-item menu-item--expanded"> <a href="/work-with-us" title="Work with us" data-drupal-link-system-path="node/843">Work with us</a> <ul class="menu"> <li class="menu-item menu-item--collapsed"> <a href="/work-with-us/working-for-the-audit-office" data-drupal-link-system-path="node/73">Working for the Audit Office</a> </li> <li class="menu-item"> <a href="/work-with-us/current-vacancies" data-drupal-link-system-path="node/174">Current vacancies</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/work-with-us/graduate-program" data-drupal-link-system-path="node/80">Graduate program</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/work-with-us/audit-service-providers" data-drupal-link-system-path="node/14">Audit service providers</a> </li> <li class="menu-item menu-item--collapsed"> <a href="/work-with-us/performance-audit-consultant-panel" title="Performance audit consultants and experts" data-drupal-link-system-path="node/922">Consultant panel</a> </li> <li class="menu-item"> <a href="/work-with-us/audit-communication-portal" data-drupal-link-system-path="node/1342">Audit Communication Portal</a> </li> </ul> </li> </ul> </nav> <div class="views-exposed-form block block-views block-views-exposed-filter-blockcustom-search-page-1" data-drupal-selector="views-exposed-form-custom-search-page-1" id="block-nav-exposedformcustom-searchpage-1"> <form action="/search" method="get" id="views-exposed-form-custom-search-page-1" accept-charset="UTF-8"> <div class="form--inline clearfix"> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-keys form-item-keys"> <label for="edit-keys">Search keywords field</label> <input placeholder="Search keywords" data-drupal-selector="edit-keys" type="text" id="edit-keys" name="keys" value="" size="30" maxlength="128" class="form-text" /> </div> <div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper"><input data-drupal-selector="edit-submit-custom-search" type="submit" id="edit-submit-custom-search" value="Apply" class="button js-form-submit form-submit" /> </div> </div> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> <div class="region region-secondary-menu"> <nav aria-labelledby="block-secondarynavigation-menu" id="block-secondarynavigation" class="block block-menu navigation menu--secondary-navigation"> <h1 class="visually-hidden" id="block-secondarynavigation-menu">Secondary navigation</h1> <ul class="menu"> <li class="menu-item"> <a href="/contact-us" data-drupal-link-system-path="node/841">Contact us</a> </li> <li class="menu-item"> <a href="/accessibility" data-drupal-link-system-path="node/101">Accessibility</a> </li> <li class="menu-item"> <a href="/report-highlights" data-drupal-link-system-path="report-highlights">Report snapshot</a> </li> </ul> </nav> </div> </div> </header> <main id="main-content"> <div class="region region-breadcrumb"> <div id="block-aonsw-breadcrumbs" class="block block-system block-system-breadcrumb-block"> <nav class="breadcrumb" aria-labelledby="system-breadcrumb"> <h2 id="system-breadcrumb" class="visually-hidden">Breadcrumb</h2> <ol> <li> <a href="/">Home</a> </li> <li> <a href="/our-work">Our work</a> </li> <li> Reports </li> </ol> </nav> </div> </div> <div class="region region-highlights"> <div data-drupal-messages-fallback class="hidden"></div> </div> <div class="container"> <div class="search-refine"> <span>Refine search</span> <img id="reports-toggle" src="/themes/custom/aonsw/images/icons/Acordion/Closed.svg" alt="Expand filter"> </div> <div class="region region-sidebar"> <div class="facet-inactive block-facets-ajax js-facet-block-id-auditprogress block-facet--checkbox block block-facets block-facet-blockreport-facet-audit-progress" id="block-auditprogress"> <div class="facets-widget-checkbox"> <h3>Audit progress</h3><div class="dropdown-box"><span>- Any -</span></div> <ul data-drupal-facet-id="report_facet_audit_progress" data-drupal-facet-alias="progress_id" class="facet-inactive js-facets-checkbox-links item-list__checkbox"> <li class="facet-item select-all"><input type="checkbox" class="facets-checkbox" id="select-all-report-facet-audit-progress"> <label for="select-all-report-facet-audit-progress">Select All</label> <span class="checkmark"></span></li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A17" rel="nofollow" data-drupal-facet-item-id="progress-id-17" data-drupal-facet-item-value="17" data-drupal-facet-item-count="574"><span class="facet-item__value">Published</span> <span class="facet-item__count">(574)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A18" rel="nofollow" data-drupal-facet-item-id="progress-id-18" data-drupal-facet-item-value="18" data-drupal-facet-item-count="12"><span class="facet-item__value">In progress</span> <span class="facet-item__count">(12)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A19" rel="nofollow" data-drupal-facet-item-id="progress-id-19" data-drupal-facet-item-value="19" data-drupal-facet-item-count="3"><span class="facet-item__value">Open for contribution</span> <span class="facet-item__count">(3)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=progress_id%3A20" rel="nofollow" data-drupal-facet-item-id="progress-id-20" data-drupal-facet-item-value="20" data-drupal-facet-item-count="16"><span class="facet-item__value">Planned</span> <span class="facet-item__count">(16)</span> </a> <span class="checkmark"></span> </li></ul> </div> </div> <div class="facet-inactive block-facets-ajax js-facet-block-id-sector_2 block-facet--checkbox block block-facets block-facet-blocksector-report" id="block-sector-2"> <div class="facets-widget-checkbox"> <h3>Sector</h3><div class="dropdown-box"><span>- Any -</span></div> <ul data-drupal-facet-id="sector_report" data-drupal-facet-alias="sector_id" class="facet-inactive js-facets-checkbox-links item-list__checkbox"> <li class="facet-item select-all"><input type="checkbox" class="facets-checkbox" id="select-all-sector-report"> <label for="select-all-sector-report">Select All</label> <span class="checkmark"></span></li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A1" rel="nofollow" data-drupal-facet-item-id="sector-id-1" data-drupal-facet-item-value="1" data-drupal-facet-item-count="75"><span class="facet-item__value">Education</span> <span class="facet-item__count">(75)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A81" rel="nofollow" data-drupal-facet-item-id="sector-id-81" data-drupal-facet-item-value="81" data-drupal-facet-item-count="82"><span class="facet-item__value">Environment</span> <span class="facet-item__count">(82)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A2" rel="nofollow" data-drupal-facet-item-id="sector-id-2" data-drupal-facet-item-value="2" data-drupal-facet-item-count="79"><span class="facet-item__value">Community Services</span> <span class="facet-item__count">(79)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A3" rel="nofollow" data-drupal-facet-item-id="sector-id-3" data-drupal-facet-item-value="3" data-drupal-facet-item-count="84"><span class="facet-item__value">Finance</span> <span class="facet-item__count">(84)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A4" rel="nofollow" data-drupal-facet-item-id="sector-id-4" data-drupal-facet-item-value="4" data-drupal-facet-item-count="97"><span class="facet-item__value">Health</span> <span class="facet-item__count">(97)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A5" rel="nofollow" data-drupal-facet-item-id="sector-id-5" data-drupal-facet-item-value="5" data-drupal-facet-item-count="88"><span class="facet-item__value">Industry</span> <span class="facet-item__count">(88)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A6" rel="nofollow" data-drupal-facet-item-id="sector-id-6" data-drupal-facet-item-value="6" data-drupal-facet-item-count="105"><span class="facet-item__value">Justice</span> <span class="facet-item__count">(105)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A7" rel="nofollow" data-drupal-facet-item-id="sector-id-7" data-drupal-facet-item-value="7" data-drupal-facet-item-count="50"><span class="facet-item__value">Local Government</span> <span class="facet-item__count">(50)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A9" rel="nofollow" data-drupal-facet-item-id="sector-id-9" data-drupal-facet-item-value="9" data-drupal-facet-item-count="91"><span class="facet-item__value">Planning</span> <span class="facet-item__count">(91)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A8" rel="nofollow" data-drupal-facet-item-id="sector-id-8" data-drupal-facet-item-value="8" data-drupal-facet-item-count="89"><span class="facet-item__value">Premier and Cabinet</span> <span class="facet-item__count">(89)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A10" rel="nofollow" data-drupal-facet-item-id="sector-id-10" data-drupal-facet-item-value="10" data-drupal-facet-item-count="98"><span class="facet-item__value">Transport</span> <span class="facet-item__count">(98)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A11" rel="nofollow" data-drupal-facet-item-id="sector-id-11" data-drupal-facet-item-value="11" data-drupal-facet-item-count="68"><span class="facet-item__value">Treasury</span> <span class="facet-item__count">(68)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A12" rel="nofollow" data-drupal-facet-item-id="sector-id-12" data-drupal-facet-item-value="12" data-drupal-facet-item-count="27"><span class="facet-item__value">Universities</span> <span class="facet-item__count">(27)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=sector_id%3A13" rel="nofollow" data-drupal-facet-item-id="sector-id-13" data-drupal-facet-item-value="13" data-drupal-facet-item-count="106"><span class="facet-item__value">Whole of Government</span> <span class="facet-item__count">(106)</span> </a> <span class="checkmark"></span> </li></ul> </div> </div> <div class="facet-inactive block-facets-ajax js-facet-block-id-reportfacetyear block-facet--checkbox block block-facets block-facet-blockreport-facet-year" id="block-reportfacetyear"> <div class="facets-widget-checkbox"> <h3>Year</h3><div class="dropdown-box"><span>- Any -</span></div> <ul data-drupal-facet-id="report_facet_year" data-drupal-facet-alias="year_id" class="facet-inactive js-facets-checkbox-links item-list__checkbox"> <li class="facet-item select-all"><input type="checkbox" class="facets-checkbox" id="select-all-report-facet-year"> <label for="select-all-report-facet-year">Select All</label> <span class="checkmark"></span></li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A105" rel="nofollow" data-drupal-facet-item-id="year-id-105" data-drupal-facet-item-value="105" data-drupal-facet-item-count="8"><span class="facet-item__value">2025</span> <span class="facet-item__count">(8)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A104" rel="nofollow" data-drupal-facet-item-id="year-id-104" data-drupal-facet-item-value="104" data-drupal-facet-item-count="46"><span class="facet-item__value">2024</span> <span class="facet-item__count">(46)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A103" rel="nofollow" data-drupal-facet-item-id="year-id-103" data-drupal-facet-item-value="103" data-drupal-facet-item-count="33"><span class="facet-item__value">2023</span> <span class="facet-item__count">(33)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A101" rel="nofollow" data-drupal-facet-item-id="year-id-101" data-drupal-facet-item-value="101" data-drupal-facet-item-count="31"><span class="facet-item__value">2022</span> <span class="facet-item__count">(31)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A100" rel="nofollow" data-drupal-facet-item-id="year-id-100" data-drupal-facet-item-value="100" data-drupal-facet-item-count="26"><span class="facet-item__value">2021</span> <span class="facet-item__count">(26)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A82" rel="nofollow" data-drupal-facet-item-id="year-id-82" data-drupal-facet-item-value="82" data-drupal-facet-item-count="31"><span class="facet-item__value">2020</span> <span class="facet-item__count">(31)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A50" rel="nofollow" data-drupal-facet-item-id="year-id-50" data-drupal-facet-item-value="50" data-drupal-facet-item-count="31"><span class="facet-item__value">2019</span> <span class="facet-item__count">(31)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A16" rel="nofollow" data-drupal-facet-item-id="year-id-16" data-drupal-facet-item-value="16" data-drupal-facet-item-count="33"><span class="facet-item__value">2018</span> <span class="facet-item__count">(33)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A15" rel="nofollow" data-drupal-facet-item-id="year-id-15" data-drupal-facet-item-value="15" data-drupal-facet-item-count="31"><span class="facet-item__value">2017</span> <span class="facet-item__count">(31)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A14" rel="nofollow" data-drupal-facet-item-id="year-id-14" data-drupal-facet-item-value="14" data-drupal-facet-item-count="30"><span class="facet-item__value">2016</span> <span class="facet-item__count">(30)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A60" rel="nofollow" data-drupal-facet-item-id="year-id-60" data-drupal-facet-item-value="60" data-drupal-facet-item-count="31"><span class="facet-item__value">2015</span> <span class="facet-item__count">(31)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A61" rel="nofollow" data-drupal-facet-item-id="year-id-61" data-drupal-facet-item-value="61" data-drupal-facet-item-count="23"><span class="facet-item__value">2014</span> <span class="facet-item__count">(23)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A62" rel="nofollow" data-drupal-facet-item-id="year-id-62" data-drupal-facet-item-value="62" data-drupal-facet-item-count="22"><span class="facet-item__value">2013</span> <span class="facet-item__count">(22)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A63" rel="nofollow" data-drupal-facet-item-id="year-id-63" data-drupal-facet-item-value="63" data-drupal-facet-item-count="18"><span class="facet-item__value">2012</span> <span class="facet-item__count">(18)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A64" rel="nofollow" data-drupal-facet-item-id="year-id-64" data-drupal-facet-item-value="64" data-drupal-facet-item-count="20"><span class="facet-item__value">2011</span> <span class="facet-item__count">(20)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A65" rel="nofollow" data-drupal-facet-item-id="year-id-65" data-drupal-facet-item-value="65" data-drupal-facet-item-count="28"><span class="facet-item__value">2010</span> <span class="facet-item__count">(28)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A66" rel="nofollow" data-drupal-facet-item-id="year-id-66" data-drupal-facet-item-value="66" data-drupal-facet-item-count="10"><span class="facet-item__value">2009</span> <span class="facet-item__count">(10)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A67" rel="nofollow" data-drupal-facet-item-id="year-id-67" data-drupal-facet-item-value="67" data-drupal-facet-item-count="11"><span class="facet-item__value">2008</span> <span class="facet-item__count">(11)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A68" rel="nofollow" data-drupal-facet-item-id="year-id-68" data-drupal-facet-item-value="68" data-drupal-facet-item-count="10"><span class="facet-item__value">2007</span> <span class="facet-item__count">(10)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A69" rel="nofollow" data-drupal-facet-item-id="year-id-69" data-drupal-facet-item-value="69" data-drupal-facet-item-count="16"><span class="facet-item__value">2006</span> <span class="facet-item__count">(16)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A70" rel="nofollow" data-drupal-facet-item-id="year-id-70" data-drupal-facet-item-value="70" data-drupal-facet-item-count="19"><span class="facet-item__value">2005</span> <span class="facet-item__count">(19)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A71" rel="nofollow" data-drupal-facet-item-id="year-id-71" data-drupal-facet-item-value="71" data-drupal-facet-item-count="7"><span class="facet-item__value">2004</span> <span class="facet-item__count">(7)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A72" rel="nofollow" data-drupal-facet-item-id="year-id-72" data-drupal-facet-item-value="72" data-drupal-facet-item-count="16"><span class="facet-item__value">2003</span> <span class="facet-item__count">(16)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A73" rel="nofollow" data-drupal-facet-item-id="year-id-73" data-drupal-facet-item-value="73" data-drupal-facet-item-count="13"><span class="facet-item__value">2002</span> <span class="facet-item__count">(13)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A74" rel="nofollow" data-drupal-facet-item-id="year-id-74" data-drupal-facet-item-value="74" data-drupal-facet-item-count="14"><span class="facet-item__value">2001</span> <span class="facet-item__count">(14)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A75" rel="nofollow" data-drupal-facet-item-id="year-id-75" data-drupal-facet-item-value="75" data-drupal-facet-item-count="9"><span class="facet-item__value">2000</span> <span class="facet-item__count">(9)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A76" rel="nofollow" data-drupal-facet-item-id="year-id-76" data-drupal-facet-item-value="76" data-drupal-facet-item-count="8"><span class="facet-item__value">1999</span> <span class="facet-item__count">(8)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A77" rel="nofollow" data-drupal-facet-item-id="year-id-77" data-drupal-facet-item-value="77" data-drupal-facet-item-count="18"><span class="facet-item__value">1998</span> <span class="facet-item__count">(18)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=year_id%3A78" rel="nofollow" data-drupal-facet-item-id="year-id-78" data-drupal-facet-item-value="78" data-drupal-facet-item-count="12"><span class="facet-item__value">1997</span> <span class="facet-item__count">(12)</span> </a> <span class="checkmark"></span> </li></ul> </div> </div> <div class="facet-inactive block-facets-ajax js-facet-block-id-reporttype block-facet--checkbox block block-facets block-facet-blockreport-type" id="block-reporttype"> <div class="facets-widget-checkbox"> <h3>Report type</h3><div class="dropdown-box"><span>- Any -</span></div> <ul data-drupal-facet-id="report_type" data-drupal-facet-alias="type_id" class="facet-inactive js-facets-checkbox-links item-list__checkbox"> <li class="facet-item select-all"><input type="checkbox" class="facets-checkbox" id="select-all-report-type"> <label for="select-all-report-type">Select All</label> <span class="checkmark"></span></li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=type_id%3A22" rel="nofollow" data-drupal-facet-item-id="type-id-22" data-drupal-facet-item-value="22" data-drupal-facet-item-count="179"><span class="facet-item__value">Financial audit</span> <span class="facet-item__count">(179)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=type_id%3A24" rel="nofollow" data-drupal-facet-item-id="type-id-24" data-drupal-facet-item-value="24" data-drupal-facet-item-count="23"><span class="facet-item__value">Special report</span> <span class="facet-item__count">(23)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=type_id%3A23" rel="nofollow" data-drupal-facet-item-id="type-id-23" data-drupal-facet-item-value="23" data-drupal-facet-item-count="403"><span class="facet-item__value">Performance audit</span> <span class="facet-item__count">(403)</span> </a> <span class="checkmark"></span> </li></ul> </div> </div> <div class="facet-inactive block-facets-ajax js-facet-block-id-topic block-facet--checkbox block block-facets block-facet-blockreport-facet-topic" id="block-topic"> <div class="facets-widget-checkbox"> <h3>Topic</h3><div class="dropdown-box"><span>- Any -</span></div> <ul data-drupal-facet-id="report_facet_topic" data-drupal-facet-alias="topic_id" class="facet-inactive js-facets-checkbox-links item-list__checkbox"> <li class="facet-item select-all"><input type="checkbox" class="facets-checkbox" id="select-all-report-facet-topic"> <label for="select-all-report-facet-topic">Select All</label> <span class="checkmark"></span></li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A25" rel="nofollow" data-drupal-facet-item-id="topic-id-25" data-drupal-facet-item-value="25" data-drupal-facet-item-count="125"><span class="facet-item__value">Asset valuation</span> <span class="facet-item__count">(125)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A87" rel="nofollow" data-drupal-facet-item-id="topic-id-87" data-drupal-facet-item-value="87" data-drupal-facet-item-count="4"><span class="facet-item__value">Cross-agency collaboration</span> <span class="facet-item__count">(4)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A106" rel="nofollow" data-drupal-facet-item-id="topic-id-106" data-drupal-facet-item-value="106" data-drupal-facet-item-count="1"><span class="facet-item__value">Gift and benefit</span> <span class="facet-item__count">(1)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A26" rel="nofollow" data-drupal-facet-item-id="topic-id-26" data-drupal-facet-item-value="26" data-drupal-facet-item-count="221"><span class="facet-item__value">Compliance</span> <span class="facet-item__count">(221)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A39" rel="nofollow" data-drupal-facet-item-id="topic-id-39" data-drupal-facet-item-value="39" data-drupal-facet-item-count="61"><span class="facet-item__value">Cyber security</span> <span class="facet-item__count">(61)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A37" rel="nofollow" data-drupal-facet-item-id="topic-id-37" data-drupal-facet-item-value="37" data-drupal-facet-item-count="168"><span class="facet-item__value">Financial reporting</span> <span class="facet-item__count">(168)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A27" rel="nofollow" data-drupal-facet-item-id="topic-id-27" data-drupal-facet-item-value="27" data-drupal-facet-item-count="62"><span class="facet-item__value">Fraud</span> <span class="facet-item__count">(62)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A29" rel="nofollow" data-drupal-facet-item-id="topic-id-29" data-drupal-facet-item-value="29" data-drupal-facet-item-count="169"><span class="facet-item__value">Information technology</span> <span class="facet-item__count">(169)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A41" rel="nofollow" data-drupal-facet-item-id="topic-id-41" data-drupal-facet-item-value="41" data-drupal-facet-item-count="90"><span class="facet-item__value">Infrastructure</span> <span class="facet-item__count">(90)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A38" rel="nofollow" data-drupal-facet-item-id="topic-id-38" data-drupal-facet-item-value="38" data-drupal-facet-item-count="325"><span class="facet-item__value">Internal controls and governance</span> <span class="facet-item__count">(325)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A45" rel="nofollow" data-drupal-facet-item-id="topic-id-45" data-drupal-facet-item-value="45" data-drupal-facet-item-count="394"><span class="facet-item__value">Management and administration</span> <span class="facet-item__count">(394)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A31" rel="nofollow" data-drupal-facet-item-id="topic-id-31" data-drupal-facet-item-value="31" data-drupal-facet-item-count="143"><span class="facet-item__value">Procurement</span> <span class="facet-item__count">(143)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A40" rel="nofollow" data-drupal-facet-item-id="topic-id-40" data-drupal-facet-item-value="40" data-drupal-facet-item-count="182"><span class="facet-item__value">Project management</span> <span class="facet-item__count">(182)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A43" rel="nofollow" data-drupal-facet-item-id="topic-id-43" data-drupal-facet-item-value="43" data-drupal-facet-item-count="94"><span class="facet-item__value">Regulation</span> <span class="facet-item__count">(94)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A34" rel="nofollow" data-drupal-facet-item-id="topic-id-34" data-drupal-facet-item-value="34" data-drupal-facet-item-count="162"><span class="facet-item__value">Risk</span> <span class="facet-item__count">(162)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A42" rel="nofollow" data-drupal-facet-item-id="topic-id-42" data-drupal-facet-item-value="42" data-drupal-facet-item-count="192"><span class="facet-item__value">Service delivery</span> <span class="facet-item__count">(192)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A46" rel="nofollow" data-drupal-facet-item-id="topic-id-46" data-drupal-facet-item-value="46" data-drupal-facet-item-count="89"><span class="facet-item__value">Shared services and collaboration</span> <span class="facet-item__count">(89)</span> </a> <span class="checkmark"></span> </li><li class="facet-item"> <a href="/our-work/reports?progress_id%5B17%5D=17&f%5B0%5D=topic_id%3A44" rel="nofollow" data-drupal-facet-item-id="topic-id-44" data-drupal-facet-item-value="44" data-drupal-facet-item-count="131"><span class="facet-item__value">Workforce and capability</span> <span class="facet-item__count">(131)</span> </a> <span class="checkmark"></span> </li></ul> </div> </div> </div> <div class="region region-content"> <div id="block-pagetitle" class="block block-core block-page-title-block"> <h1 class="page-title">Reports</h1> </div> <div id="block-aonsw-content" class="block block-system block-system-main-block"> <div class="views-element-container"> <div class="view view-facet-reports view-id-facet_reports view-display-id-page_1 js-view-dom-id-7b7d86616c54e6d0629e1800cdac44227d6351373ef3882529f128772ba0f107"> <div class="view-content"> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> 2024-25 </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Planned</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/planning-for-upgrades-to-core-policing-technology" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%2010%20-%20AWP%2024-27.jpg?h=a9d39ae0&itok=15JHcyo2" width="120" height="120" alt="rocks of a cliff with ocean below" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Planning for upgrades to core policing technology</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/planning-for-upgrades-to-core-policing-technology" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Planning%20for%20upgrades%20to%20core%20policing%20technology&url=https://www.audit.nsw.gov.au/our-work/reports/planning-for-upgrades-to-core-policing-technology" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/planning-for-upgrades-to-core-policing-technology&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Planning%20for%20upgrades%20to%20core%20policing%20technology&body=https://www.audit.nsw.gov.au/our-work/reports/planning-for-upgrades-to-core-policing-technology" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup"> Subscribe to this audit </button> <div class="subscribe popup-cover"> <div class="modal fade subscribe-modal" tabindex="-1" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <h1 id="subscribe_modal_1599">Thanks for subscribing!</h1> <form action="https://nsw.us17.list-manage.com/subscribe/post?u=138cb181e608c26c9d220a2e0&id=b892265d01" method="post" id="subscribe_1599" aria-labelledby="subscribe_modal_1599" target="_blank"> <div class="subscribe-detail"> <div class="subscribe-detail-parts"> <label for="subscribe_fname_1599">First name</label> <input type="text" name="FNAME" id="subscribe_fname_1599" autocomplete="given-name"> </div> <div class="subscribe-detail-parts"> <label for="subscribe_email_1599">Email</label> <input type="email" name="EMAIL" id="subscribe_email_1599" autocomplete="email"> </div>  <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_434f3277b11cf8aa12e1430cf_b892265d01" tabindex="-1" value=""></div> <div class="clear"><button name="subscribe" type="submit" class="buttonSquare-red">SUBSCRIBE</button></div> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p> </div> </form> </div> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/planning-for-upgrades-to-core-policing-technology" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Planning for upgrades to core policing technology</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Justice </div> <div class="field__item"> Compliance </div> <div class="field__item"> Information technology </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Project management </div> <div class="field__item"> Risk </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>NSW Police Force IT systems and processes are built around the Computerised Operational Policing System (COPS), which has been in place since 1994. The Police Technology Program aims to replace legacy COPS infrastructure, introduce new capabilities and approaches to enhance the operational efficacy of the NSW Police Force.</p><p>In 2013 the NSW Police Force was allocated $45m to replace COPS. It developed a proof of concept in 2017 for a replacement system (NewCOPS), but did not deliver on this system.</p><p>NSW Police Force began the system development process again, under the title of the Integrated Policing Operations System (IPOS) program. An initial business case for the IPOS program was developed in 2018 and finalised in 2019. In 2020, the NSW Police Force selected a single vendor to provide an integrated solution for core policing functions. In 2022, the NSW Police Force terminated the contract with the selected vendor and is currently pursuing a multi-vendor approach. $104.8m had been spent on the IPOS program up to 30 June 2024 (NSWPF Annual Report 2023-24).</p><p>This audit may assess the efficiency and effectiveness of the NSW Police Force in planning and sourcing key components to upgrade core policing technology.</p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2025-02-12">12 February 2025</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/regulation-of-the-land-titles-registry" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20Regulation%20of%20land%20titles%20registry_0.jpg?h=40551f42&itok=6Z__i9FQ" width="120" height="120" alt="Image of a planner mapping out housing on a suburb land map" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Regulation of the land titles registry</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/regulation-of-the-land-titles-registry" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Regulation%20of%20the%20land%20titles%20registry&url=https://www.audit.nsw.gov.au/our-work/reports/regulation-of-the-land-titles-registry" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/regulation-of-the-land-titles-registry&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Regulation%20of%20the%20land%20titles%20registry&body=https://www.audit.nsw.gov.au/our-work/reports/regulation-of-the-land-titles-registry" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Industry'|'Finance'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1598">Audit</div><div class="audit-title" aria-labelledby="audit_title_1598">Regulation of the land titles registry</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1598" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130162" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="YGqELFiOGbmfX91azyZ4ZPR9FIjEW6GjQTurK9X4kS0" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1598" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-f25rl5sxagxlifhloauhr8a1-6u-hfarkwrgosgc0da" type="hidden" name="form_build_id" value="form-F25rL5SxaGXLIFhloAUhR8a1-6u-hfaRKWrGOSgc0dA" /> <input data-drupal-selector="edit-aonsw-feedback-form" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/FINAL%20report%20-%20Regulation%20of%20the%20land%20titles%20registry.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/regulation-of-the-land-titles-registry" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Regulation of the land titles registry</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Industry </div> <div class="field__item"> Finance </div> <div class="field__item"> Compliance </div> <div class="field__item"> Cyber security </div> <div class="field__item"> Information technology </div> <div class="field__item"> Internal controls and governance </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Regulation </div> <div class="field__item"> Risk </div> <div class="field__item"> Workforce and capability </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report </h4><p>The land titles registry is a collection of registers established under the <em>Real Property Act 1900</em> and related legislation. It is the source of truth for land and property ownership in NSW and underpins significant economic activity.</p><p>The registry is owned by the NSW Government. From 1 July 2017, a private operator has operated and maintained the registry under a 35-year concession granted by the NSW Government.</p><p>The Office of the Registrar General is the regulator of the private operator’s activity under the concession. It is a business unit in the Department of Customer Service.</p><p>This audit examined the effectiveness of the regulator in overseeing and monitoring the operation and maintenance of the registry to ensure its integrity and security.</p><h4>Conclusion</h4><p>The Office of the Registrar General has implemented an effective system and supporting processes to oversee and monitor the integrity and security of the land titles registry.</p><p>However, the audit found opportunities for the Office of the Registrar General to improve how it conducts its regulatory functions.</p><h4>Recommendations</h4><p>The audit recommended that the Office of the Registrar General should:</p><ol><li>develop and publish its approach to exercising its regulatory functions and powers</li><li>publish a regulatory charter to ensure greater regulatory transparency</li><li>review the skills and capabilities required to regulate the land titles registry</li><li>ensure greater clarity on the rights to use data, and the application of privacy legislation</li><li>ensure compliance with the NSW Cyber Security Policy, including the requirements relating to third parties</li><li>perform an audit of the subscriber compliance process.</li></ol> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>The land titles registry is a collection of registers that record property-related information</h4><p>The registers collectively referred to in this report as the ‘land titles registry’ include the:</p><ul><li><strong>Torrens Title Register</strong> – the primary register for land held in NSW under the <em>Real Property Act 1900</em></li><li><strong>Register of Plans</strong> – comprises plans, that is a representation of a property’s boundary, submitted for registration by registered surveyors</li><li><strong>General Register of Deeds</strong> – established under the <em>Registration of Deeds Act 1825</em>, this was the first land register in NSW recording deeds in the system used prior to the introduction of the Torrens Title System, and includes the register of Causes Writs and Orders, Bills of Sale, Register of Resumptions, Powers of Attorney and other miscellaneous deeds</li><li><strong>Central Register of Restrictions</strong> – where participating organisations maintain up to date information about possible, or actual, interests they hold against NSW properties (for example for heritage or infrastructure reasons).</li></ul><h4>The 35-year concession for a private company to operate and maintain the land titles registry</h4><p>In April 2017, the NSW Government granted a 35-year concession<sup>2</sup> to a private operator to operate and maintain the titling and registry services business area of NSW Land and Property Information (LPI). The private operator paid the State $2.6 billion for the concession, as well as committed to pay $8 million (indexed) annually in consideration for the ORG to perform the regulatory and enabling functions contemplated by the concession deed.</p><p>The private operator has the right to generate revenue by selling land information products and services, including through search and subscription fees, as well as by charging administrative fees, such as for registering land titles and other transactions. Each year, the operator facilitates over four million searches on titles and images, records 900,000 updates to land title records and creates 50,000 new titles.</p><p>NSW Treasury managed the bidding process for the concession and prepared the enabling legislation, the <em>Land and Property Information NSW (Authorised Transaction) Act 2016</em>. The concession deed was executed between the Minister for Finance, the Registrar General and the successful bidder.</p><p>The successful bidder was Australian Registry Investments (ARI), which in turn established NSW Land Registry Services (NSW LRS or ‘the private operator’) as a private, single purpose company to operate and maintain the land titles registry. ARI is a consortium of institutional investors and superannuation funds, which at the time of this audit included Aware Super, Macquarie Infrastructure Fund and UTA Registry Investments Trust.</p><p>The NSW Government retains ownership of the land titles registry, including the information it contains.</p><p>The land titles registry is a critical information asset for NSW as it is the basis of private ownership of property, which in turn supports property-related economic activity. In 2016, it was estimated that the land titles system underpinned over $130 billion dollars of economic activity in NSW each year. As of 2023, the total value of land in NSW was approximately $2.8 trillion.</p><p>The land titles registry is a ‘crown jewel’ IT asset under the NSW Government Cyber Security Policy. The land and titling information maintained by the private operator is provided to other government departments and agencies, such as Revenue NSW, Spatial Services and the Valuer General.</p><p>A key assurance provided by the NSW Government when granting the concession was that the ORG would be responsible for the regulation of the performance of the private operator under the concession deed. The ORG is a business unit in the Fair Trading and Regulatory Services division of the Department of Customer Service (‘the department’). The Registrar General is a statutory position and has a range of responsibilities, including under the <em>Real Property Act 1900</em>. The establishment of an ‘office’ to support the Registrar General accompanied the granting of the concession in 2017.</p><p>The ORG is not a separate auditable entity under the <em>Government Sector Audit Act 1983</em>. As such, the auditee for this performance audit is formally the Department of Customer Service.</p><p>NSW Treasury is also an auditee as it managed the scoping study, bidding process, legislation development process and the development of the concession arrangements. NSW Treasury does not have an ongoing role in the routine oversight and monitoring of the land titles registry. The audit has made no recommendations for NSW Treasury and the agency has elected not to provide a formal response to the audit.</p><h4>Objectives of the concession</h4><p>The concession deed includes a statement of the Government’s objectives for the concession. These objectives include achieving the following:</p><p>a) maintaining the security, integrity, performance and availability of the registers, core assets and core services</p><p>b) ensuring the registers are accurate and up-to-date, including that they accurately reflect all registered documents, plans and other matters that are required to be recorded in them</p><p>c) maintaining the confidence of the affected parties and the NSW public in the registers and the core services</p><p>d) promoting improvements, innovation and increased efficiency, and utilising greater expertise and investment in technology, in the delivery of the core services</p><p>e) minimising Torrens Assurance Fund Payments and</p><p>f) protecting current competition and the opportunities for future competition in the supply of downstream services by ensuring fair, transparent, predictable and non-discriminatory dealing by the operator with customers and prospective customers.</p><p>The deed also includes the private operator’s acknowledgment and agreement that its achievement of these objectives is of critical importance to NSW.</p><h4>Regulation of the land titles system, including under the concession deed</h4><p>The ORG has described its role as ‘... a regulator, advisor and litigator, working to ensure the integrity of NSW’s land title system’. While the ORG directly regulates the private operator of the land titles registry under the concession deed (as well as in accordance with any applicable legislation and delegations made by the Registrar General), the system of land titles is a complex one, with many different participants. These participants include:</p><ul><li>ELNOs – which provide the means for transacting parties to collaborate electronically on the preparation of registry instruments; there are currently two ELNOs operating in NSW, although PEXA is by far the dominant market participant compared to its competitor, Sympli</li><li>subscribers – a person or business authorised to complete electronic conveyancing transactions using an ELNO, such as financial institutions, solicitors and licensed conveyancers</li><li>government agencies – selected NSW government agencies and local governments are authorised to obtain information from the system, including Revenue NSW, Valuation NSW, the Surveyor General and local councils</li><li>registered surveyors – who are responsible for conducting survey plans of property boundaries and lodging those plans for registration with the private operator</li><li>information brokers – there are 12 wholesale information brokers with which the private operator has entered into agreements under the concession deed to provide access to NSW titling information held by the private operator</li><li>users of the Central Register of Restrictions – including selected NSW government agencies and non-government entities, such as utility companies providing electricity, water and gas and the Commonwealth Department of Defence.</li></ul><p>The data flows within the system are complex and interdependent. Many of the participants are critical to maintaining the integrity and security of the land titles registry. Each class of participant has different governance arrangements and controls for their participation. As shown in Figure 1, the ORG regulates and oversees, to varying degrees, this system of multi-layered rules, relationships and arrangements, with the concession deed between the NSW Government and private operator being at the core of the system.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>In granting the concession, the government committed to a ‘robust regulatory regime’ and a ‘tight regulatory framework’ overseen by a ‘strong regulator’</h4><p>In granting the 35-year concession to the private operator, the NSW Government committed to ensuring that the monopoly functions of providing titling and registry services would be ‘appropriately regulated’.</p><p>In commencing the process of granting the concession, the NSW Government set out what it described as a ‘robust regulatory regime’ that would apply to the concession. Of particular relevance to this audit, the government also established that:</p><ul><li>the Registrar General would monitor and enforce the operator’s compliance with regulatory requirements, including the terms of the concession deed</li><li>the Registrar General would have a general power to direct the private operator to perform tasks ‘… in the public interest’.</li></ul><p>In the September 2016 second reading speech accompanying the passage of the enabling legislation for the concession through NSW Parliament, the then Treasurer further highlighted that:</p><ul><li>the service standards defined in the concession would include ‘… a penalty regime should the private operator fail to comply’</li><li>the Registrar General would have regulatory oversight of ensuring that the private operator adopted ‘appropriate data security and fraud detection practices’.</li></ul><p>The second reading speech also highlighted the role of the Registrar General in overseeing how other participants in the land titling and registry system should perform. This included approving the standard terms on which the concession holder is to deal with its wholesale customers and intermediaries (including ‘subscribers’ to the operator’s services, such as banks, conveyancers and solicitors).</p><p>In January 2017, the then Registrar General explained his view that the arrangements for the concession would ensure that the ORG would be able to provide an ‘… independent, credible, stable and well mandated regulatory framework [that] will give confidence to customers and the business itself’. He further explained that:</p><table><tbody><tr><td style="height:110px;width:1127px;">… an effective monopoly operator requires effective regulation … Customer interests are served by a strong regulator to ensure the monopoly operator is not letting down consumers. But equally, the private operator will benefit from stability and the knowledge that it can use its expertise to make decisions without unwarranted government intervention.</td><td> </td></tr></tbody></table><p><br>On 6 April 2017, the then Registrar General further said that his office would follow a ‘modern regulatory approach’, which would include a ‘… focus on material things – where an operator’s actions are not in the spirit of the deed’s objectives’. The audit did not find evidence of how the ORG assesses deviation from the ‘spirit of the deed’s objectives’.</p><p>On 12 April 2017, the Premier and the Treasurer jointly announced the successful bidder for the concession. In doing so, their media release drew attention to the:</p><ul><li>‘tight regulatory framework’</li><li>‘rigorous legislative and contractual safeguards around the concession to ensure the continued security of property rights and data’</li><li>establishment of a ‘… new external regulator – the Registrar General – to enforce [the operator’s] performance during the concession, with power to monitor and audit performance, and even resume control of the LPI business if required’.</li></ul><p>The Registrar General was not a newly established statutory position, although the role was provided with new regulatory functions and powers under the concession deed.</p><p>The task of overseeing and monitoring a private company operating and maintaining a monopoly service that uses government-owned systems (and where title is government-guaranteed) poses new and complex challenges for a regulator like the ORG, which previously performed stable and mature administrative and regulatory functions.</p><h4>The ORG has made only limited use of the compliance and enforcement tools available to it under the concession deed</h4><p>Seven years into the concession, the ORG is still in the relatively formative stages of settling its approach to the use of its regulatory powers under the concession deed.</p><p>The ORG has an experienced and highly qualified workforce, with substantial capability in areas such as property law, as well as a directorate focused on cadastral integrity. It has substantial capacity to administer its longstanding and relatively wide-ranging pre-concession responsibilities. This includes actioning matters under the Torrens Assurance Fund, conducting compliance audits of property plans prepared by registered surveyors and providing advice to government on relevant policy and reform.</p><p>In comparison to these longstanding, well-organised and well-understood responsibilities outlined above, the ORG is still forming its approach to exercising the full spectrum of its compliance and enforcement powers under the regulator–operator model. In some instances, this has limited its effectiveness in resolving regulatory issues raised later in this report.</p><p>The ORG has eight regulatory compliance and enforcement options available to it under the concession deed and the enabling legislation. The options are listed below, ranked according to their seriousness and frequency, with step-in and termination powers being both the most serious and least likely option to be applied:</p><ul><li>raise issues at governance forums</li><li>informal letters escalating to formal letters</li><li>approvals with conditions attached</li><li>audit and review powers</li><li>financial penalties for breach of service levels</li><li>reserve power directions</li><li>corrective action plans</li><li>step-in and termination powers.</li></ul><p>These options can be specific to circumstances and not all are available for all matters. For example, the ORG does have not a broad-based power to issue financial penalties for performance gaps except where specified in the concession deed.</p><p>Since the commencement of the concession, most issues with the private operator’s performance have been addressed without escalation beyond the exchange of formal letters. However, this approach has not always led to adequate or timely resolution.</p><p>A number of longstanding issues have been raised by the ORG regarding plan examination and subscriber compliance audits, as set out in section 5 of this report. Despite their significant importance to the integrity of the land titles registry and the potential for errors with financial and personal impacts on customers, these matters have not generally been escalated beyond discussions or letters.</p><h4>The ORG does not have a formalised approach to how it will routinely and effectively exercise its compliance and enforcement functions and powers</h4><p>The audit assessed whether the ORG has a clear statement of its regulatory posture or its approach to regulation on which to base its regulatory decision making. In its ‘Regulation insights’ report (March 2024), the Audit Office of NSW highlighted that regulators need clear escalation thresholds and enforcement policies to promote credible and proportionate regulatory actions. The concession deed sets out that the materiality of service level breaches is determined based on the operator’s culpability, the impact on the customer and whether the breach has occurred previously.</p><p>The ORG lacks a clear approach to how it would effectively exercise the regulatory tools available to it under the concession, such as:</p><ul><li>requiring ad hoc reports that are prepared in a timely manner and to an adequate standard</li><li>issuing penalties for non-compliance</li><li>conducting its own audits</li><li>conducting a major review of the concession (the prospect of which was raised by the ORG with the private operator in 2022 but has not proceeded).</li></ul><p>This is despite assurances (as described earlier) from the NSW Government at the commencement of the concession that these tools would be available and used by the regulator.</p><p>In September 2023, the ORG developed an initial approach to the use of concession deed levers to provide a ‘practical and proportionate approach’ to exercising its monitoring and oversight functions for the concession. However, neither these principles, nor any alternative, have been drawn upon to inform a codified regulatory or enforcement policy. The ORG advised that it is developing an approach to escalating matters through the hierarchy of available regulatory and enforcement tools.</p><h4>The ORG is spending less on its regulatory functions than the fee paid by the private operator to support those functions</h4><p>Under the concession, the private operator provides an annual indexed fee to fund the services delivered by the regulator. The concession deed says that this fee is paid ‘… in consideration for the [Registrar General] performing the regulatory and enabling functions contemplated by this Deed’.</p><p>In 2017–18, $8 million was allocated in the NSW Budget ‘… to be spent on regulating the operator of the NSW land title and registry system, ensuring its security and stability while enhancing service levels’.</p><p>In 2023–24, the department requested from NSW Treasury a budget of $8.26 million for the ORG, ($260,000 more than the 2017–18 allocation). This was also around 25% less than the mandatory fee paid by the private operator under the concession deed, which was $10.49 million. The balance of the fee paid by the private operator is retained by the NSW Government in the Consolidated Fund for general purposes.</p><p>The ORG undertakes a range of policy and reform projects that it tracks separately from its ‘business as usual’ activities. Not all these projects were envisaged when the concession was granted. For example, the interoperability project to support the introduction of national competition in the electronic lodgment network (ELN) is a substantial and complex national reform that has been led by the ORG on behalf of NSW.</p><p>NSW’s contribution to this project-based work is undertaken effectively within the same budget parameters and staffing as established when the concession was granted. At the time of the audit, the ORG’s project workplan includes 32 distinct projects, with one additional recent project being reclassified as ‘business as usual’ and two previous projects put on hold. The project plan includes activities relating to significant government reforms such as interoperability and digital survey plans reform, as well as matters that are regulatory in nature or which support regulatory priorities.</p><p>The audit heard from some stakeholders that the ORG’s focus on project-based work, including government reform initiatives, risks reducing resources available for its functions to monitor and oversee participants in the land titles registry system to the degree anticipated by government when the concession was granted.</p><p>As discussed in sections 6 and 9 of this report, this audit found that the ORG has capability and capacity gaps in specialist skills, particularly in strategic IT and regulatory policy and implementation. It is beyond the scope of this audit to consider whether these gaps could be addressed within the existing funding or whether the ORG required a revised budget that more closely aligns with the fee paid by the private operator.</p><h4>The complexity of the land titles system limits the extent to which the ORG can oversee potential integrity and security risks on a whole of system basis</h4><p>The ORG has varying approaches, powers and functions to regulate different participants in the land titles system, the complexity of which is increased by various third-party users and reseller arrangements that apply to land titles data. As discussed later, this complexity limits the ORG’s direct monitoring and oversight of potential risks or non-performance by system participants other than the private operator.</p><p>Table 1 provides further information on the regulatory arrangements for stakeholders accessing and informing the land titles registry.</p><table><caption>Table 1: Oversight and monitoring of system participants</caption><tbody><tr class="grey-back-yellow-border"><td><strong>Participant</strong></td><td><strong>Governance instruments</strong></td><td><strong>Role of the ORG</strong></td></tr><tr><td><strong>Subscribers</strong> such as solicitors, conveyancers and banks provide documents to ELNOs (as intermediaries) to lodge on registers.</td><td><p>The <strong>concession deed</strong> details the operator’s requirements to conduct subscriber audits and inform the Registrar General of their outcomes. The private operator is required to carry out audits of subscriber compliance with the NSW Participation Rules.</p><p><strong>NSW Participation Rules</strong> are set by the Registrar General and detail the requirements for subscribers to be eligible for, and to use, the ELN. The Participation Rules require, among other things, subscribers to:</p><ul><li>take reasonable steps to ensure that information is protected from unauthorised use, reproduction, or disclosure</li><li>comply with ELNO security policies</li><li>take responsibility for the compliance of their users with security policies, including revoking their access to the ELN.</li></ul><p>The <em><strong>Electronic Conveyancing (Adoption of National Law) Act 2012</strong></em> requires subscribers to comply with the Participation Rules set by the Registrar General and provides the Registrar General with the power to conduct investigations. The Registrar General sets the Participation Rules under s. 23 of the <em>Electronic Conveyancing (Adoption of National Law) Act 2012</em>.</p></td><td><p>The ORG oversees the private operator’s subscriber compliance program that is carried out according to the national subscriber compliance program agreed by Australian Registrars National Electronic Conveyancing Council (ARNECC).</p><p>The private operator may refer subscribers to the ORG where it identifies potential non-compliance; the ORG then directly investigates potential non-compliance with the NSW Participation Rules.</p><p>The <em><strong>Electronic Conveyancing (Adoption of National Law) Act 2012</strong></em> states that the Registrar General may undertake an investigation ‘receiving a request or complaint from any person or on the Registrar’s own initiative’ to ascertain compliance with the NSW Participation Rules or to investigate suspected or alleged misconduct in using an ELN.</p><p>The ORG has the power to suspend or cancel subscriber access.</p></td></tr><tr><td><strong>Registered Surveyors</strong> lodge plans to the private operator for registration. The land titles registry is updated once the plans are registered. The lodged plans must comply with relevant legislation and standards to be registered.</td><td><p><strong>Cadastral Integrity Unit Audit Survey Procedures</strong> sets out responsibilities and procedures for implementing the ORG's survey audit program, which includes examining plans to assess compliance with requirements and providing a process for referring cases of sustained non-compliance to the Board of Surveying and Spatial Information (BOSSI).</p><p>The <strong>Surveying and Spatial Information Regulation 2017</strong> regulates the activity of surveyors, including the requirements for plans that are lodged with the private operator on behalf of the Registrar General.</p></td><td><p>Conducts its own active audit program of plans that have been registered by the private operator through desktop and field-based audits. The Cadastral Integrity Unit Audit Survey Procedures detail the risk-based selection approach used in identifying plans.</p><p>Matters of potential serious non-compliance can be referred to BOSSI, which is responsible for investigating complaints and undertaking disciplinary action against registered surveyors.</p></td></tr><tr><td><strong>Electronic Lodgment Network Operators (ELNOs</strong>) are the intermediary between subscribers and the registries maintained and operated by the operator.</td><td><p>The <em><strong>Electronic Conveyancing (Adoption of National Law) Act 2012</strong></em> adopts the Electronic Conveyancing National Law in NSW, which details compliance requirements for subscribers and ELNOs and the powers of the ORG in approving the operation of ELNOs.</p><p>The Act requires ELNOs to comply with operating requirements determined by the Registrar General.</p><p>The <em><strong>Electronic Conveyancing Enforcement Act 2022</strong></em> provides the Registrar General with powers to penalise ELNOs, including through financial penalties that range from $250,000 to a maximum of $10,000,000.</p><p><strong>General Conditions</strong> are standard operating conditions that apply to ELNOS that have been approved for operation in NSW. This includes requirements to report any problem or incident affecting the security, integrity or performance of the ELNO.</p></td><td><p>The ORG directly regulates ELNOs through conditions of participation in NSW. It has the power to undertake compliance examinations of ELNOs under the <em>Electronic Conveyancing (Adoption of National Law) Act 2012</em> and can penalise ELNOs through the application of financial penalties under the <em>Electronic Conveyancing Enforcement Act 2022.</em></p><p>The ORG participates in an annual review of ELNOs’ self-assessed compliance as part of the ARNECC.</p></td></tr><tr><td><strong>Information brokers</strong> have read only access to the registry and provide fee paying customers with access to NSW land titling information.</td><td><p>The <strong>Services Broker Agreement</strong>, a part of the concession deed, details the operator’s powers, and requirements for information brokers. This includes:</p><ul><li>using property information and providing them to customers as defined by the agreement</li><li>complying with any reasonable direction from the private operator to remain compliant with the agreement</li><li>securely retaining and protecting records of transactions</li><li>requirements to comply with privacy legislation and other privacy obligations, nor do anything that would put the operator in breach of privacy legislation</li><li>maintaining appropriate digital safeguards.</li></ul></td><td><p>The private operator is primarily responsible for managing information brokers and requires annual reports on them regarding compliance.</p><p>The private operator has the power to suspend access to information on the land titles registry to any information broker where it is of the opinion that breaches or failures in digital safeguarding has occurred.</p><p>As part of the concession deed, the ORG also reviews the criteria used by the operator to approve information brokers.</p><p>The ORG has the power to conduct an audit of an information broker’s use and delivery of property information for the purposes of ensuring compliance with the agreement.</p></td></tr><tr><td><strong>Government and non-government organisations</strong></td><td><p>A range of individual governance arrangements apply across individual government and non-government agencies, including memoranda of understanding and management deeds.</p><p>Where a NSW Government agency has rights to access land titles registry data under the concession deed it is not mandatory for it to enter into a memorandum of understanding, although it is considered good practice governance.</p></td><td>The ORG and operator directly negotiate and oversee these agreements, with varying levels of oversight depending on the individual arrangement.</td></tr></tbody></table><p class="footnote">Source: Audit Office analysis.</p><h4>The ORG does not have a longer-term strategic plan for proactive compliance activities</h4><p>Since December 2018, the ORG has issued the private operator an annual letter setting out ‘joint priorities’ for the forward year. While each letter is signed and issued by the Registrar General, the private operator has the opportunity to comment on proposed ‘joint’ priorities.</p><p>The annual priority letters are not issued under the terms of the concession deed and are statements of the regulator’s expectations, rather than binding obligations on the operator. The priorities are derived primarily from internal staff consultation, but also consider external stakeholders, existing or emerging reform topics, and progress achieved in meeting previous priorities. While the letters set out annual priorities, they are also intended to ‘… track progress on long-term objectives’.</p><p>These annual priority letters are effective in demonstrating a considered approach to articulating the regulator’s expectations of the private operator for that period. The ORG sets out specific ‘success measures’ (usually in the form of milestone progress or completion dates) for how priorities will be assessed.</p><p>The priorities set out in the annual letters are subsequently discussed and tracked at various governance meetings, as required under the concession deed. However, there have been few consequences if the private operator does not meet its priorities. Over the course of the concession, a number of reoccurring priorities point to intractable issues, about which the ORG has been dissatisfied. This has included matters that go directly to the integrity of the registers, such as the examination of submitted plans and subscriber compliance (particularly as assessed by the subscriber compliance examination process).</p><p>Until recently, the ORG did not include its own annual priorities in these letters. Rather, yearly priority letters to the private operator referenced government or joint priorities. In comparison, the most recent priority letter for 2025 provided a clearer articulation of the rationale between the annual priorities and the intended outcomes of the concession deed. The audit did not source evidence that the ORG set longer-term or strategic priorities for how it will proactively exercise its regulatory functions, such as a forward program of compliance activity, ad hoc reviews or audits.</p><h4>The ORG ensures that the private operator meets its obligations to provide service level performance reporting</h4><p>The concession deed provides for extensive performance reporting by the private operator against defined service levels or KPIs. While government statements at the commencement of the concession suggested there were 55 KPIs, this is inaccurate as it includes numerous sub-measures. Currently, 14 service level KPIs are reported quarterly on the ORG’s website. The publishing of service level performance has been explained by the ORG as bringing ‘… a new level of transparency to the NSW’s land titles registry’ to better hold to account the private operator and be a feature of the new regulator–operator model.</p><p>The private operator exceeded all published services for each of 24 consecutive quarters from the start of the concession until January–March 2024. This may suggest that the existing published service levels are not sufficiently challenging to support continuous improvement in the future. In addition, as discussed below, not all service level KPIs are published.</p><p>The ORG has proposed a review of service levels to identify those no longer relevant. This considers the substantial reforms to the land titles registry system have occurred since the concession commenced, including the move to 100% electronic conveyancing. Stakeholders also expressed a view to the audit that the existing published service levels are too focused on time measures, and do not sufficiently address quality and client satisfaction. It was also understood between the regulator and private operator early in the concession that ‘… as we move forward, customer behaviour will change, along with what is important to customers’.</p><h4>The ORG has granted penalty relief for service level breaches, although there has been no public transparency about these decisions</h4><p>There have been instances where the ORG has elected not to issue financial penalties where the private operator breached required service levels. While this discretion is a matter for the regulator to exercise, public transparency is lacking as to the underlying breach or the penalty decision. Service levels not achieved are not included among those published on the ORG’s website.</p><p>For example, from October 2020 to September 2023, the ORG granted penalty relief for 33 breaches of the private operator’s obligation to ensure specific data feeds to NSW Government agencies and local councils occurred within specified timeframes.<sup>3</sup> A series of data feed failures in a legacy IT system was the catalyst for the private operator’s failure to meet the service level. The audit notes that the private operator’s interpretation of the relevant service level varied from the ORG’s interpretation, and suggested a smaller number of breaches than the 33 assessed by the regulator.</p><p>This penalty relief was initially granted in October 2020, then extended in May 2022 until September 2023. The ORG granted the penalty relief:</p><ul><li>in recognition of the private operator’s commitment to upgrade the legacy IT system causing the data feed failures</li><li>because the ORG considered the impact on affected customers to be negligible.</li></ul><p>As early as December 2019, the ORG had identified to the private operator that upgrading the legacy IT system was a priority. In August 2020, the ORG described the upgrade as ‘… critical to ensure accurate and complete data is provided to customers’ and asked the private operator to ensure that it is completed ‘… without further delay’.</p><p>The ORG did not extend its penalty relief beyond 30 September 2023. No breaches were reported to have occurred after this time. The upgrade to the legacy IT system is expected to be completed no earlier than January 2025.</p><p>The service level that was not met on up to 33 occasions is not included among the 14 service levels reported publicly on the ORG’s website. There was no public transparency about the operator’s non-compliance, or the ORG’s decision to provide penalty relief to the operator. The ORG did not publish a notice that it had afforded penalty relief to the operator, nor was this mentioned in the department’s annual report. The ORG’s view is that publication of these service level breaches was not required as they only affected government agencies.</p><p>This audit has not assessed the merits of the ORG’s evaluation of the service level breaches or its decision to extend penalty relief for non-compliance. The concession deed allows the ORG to make these types of decisions. However, when the concession commenced, the NSW Government stated that a consumer benefit of the concession would be ‘increased transparency’ due to the regulator being able to:</p><table><tbody><tr><td style="height:110px;width:1127px;">… publicly report on the operator’s performance including service levels, breaches of the concession terms and statistics in relation to TAF [Torrens Assurance Fund] claims.</td><td> </td></tr></tbody></table><p>Prior to the concession, it was already the Registrar General’s practice to publish statistics about claims and payments under the Torrens Assurance Fund in the department’s annual reports. Since the concession, the only opportunity for increased transparency is through reporting on service levels and breaches, including about how the ORG responds to breaches, such as by extending penalty relief over extended periods of time.</p><p>When the concession commenced, the NSW Government also highlighted that, as the regulator, the ORG would have a range of regulatory options including ‘… a penalty regime should the private operator fail to comply’. The community and stakeholders were not told that the ORG could choose to waive penalties in response to breaches. Nor were the community and stakeholders told the circumstances in which such relief might be extended. This underscores the importance of the ORG being publicly transparent when it makes these decisions, including to explain their justification, so as to ensure that community trust and confidence in the regulator is maintained.</p><p>The ORG’s monitoring and oversight of how the private operator manages legacy IT systems is discussed further in section 6.</p><h4>The detailed terms of the concession are not publicly available and there is a statutory presumption against their disclosure under the <em>Government Information (Public Access) Act 2009</em></h4><p>Much of the substantive detail about the regulatory requirements for granting the concession is contained in the concession deed document that was executed between the NSW Government and the private operator. This document is not public. Moreover, the enabling legislation for the concession included an amendment to the <em>Government Information (Public Access) Act 2009</em>. This amendment established that it is to be conclusively presumed that there is an overriding public interest against disclosure of information contained in any document ‒ including the concession deed ‒ prepared for the purposes of, or in connection with, the authorised transaction unless approved by the NSW Treasurer. NSW Treasury was not able to provide an explicit reason why this provision was included in the enabling legislation, other than to note that a similar provision was included in the 2015 electricity network transaction enabling legislation.</p><p>Key elements of the concession deed were modelled on the arrangements for the franchising of the Sydney ferries service, including:</p><ul><li>the model for service levels and penalties</li><li>the transfer of administrative powers and functions to the operator</li><li>the approach of adopting minimalist legislation supported by a detailed contract.</li></ul><p>This framework is also similar to that adopted for the Greater Sydney Bus Contract. Both contracts (ferries and buses) are publicly available on Transport for NSW’s website (with redactions where necessary to maintain commercial confidentiality).</p><p>During consultation on the enabling legislation for the concession, external stakeholders noted that the delegation of key provisions to a confidential document detracts from promoting transparency and community confidence in the regulatory arrangements for the concession.</p><h4>The ORG has not published a ‘regulatory charter’ as provided for under the concession deed</h4><p>Clause 29.1(b) of the concession deed provides that the ORG may publish a ‘regulatory charter’ that contains:</p><ul><li>the division of responsibilities between the ORG and the private operator</li><li>ring fencing and non-discrimination requirements</li><li>dispute resolution processes</li><li>the ORG’s rights in relation to reserve power directions</li><li>the ‘customer terms’</li><li>obligations in respect of ELNOs</li><li>complaint handling arrangements.</li></ul><p>The ORG has not published a regulatory charter, although some of the content envisaged by clause 29.1(b) is available across the ORG’s website. For example, the ORG’s website provides information about how individuals may apply to have a decision of the private operator reviewed by the ORG.</p><h4>The ORG reviews an annual customer satisfaction survey conducted by the private operator, which has reported increased rates of satisfaction over the term of the concession</h4><p>Regarding other measures of performance, the concession deed requires the private operator to conduct an annual customer satisfaction survey. The private operator has reported to the ORG improved levels of customer satisfaction with its services. While the audit has not assessed the survey data, the private operator has reported in its most recent survey that 71% of respondents were satisfied, up from around 50% at the start of the concession. Over the duration of the concession to date, these surveys have been run both internally by the private operator, and more recently by an external survey provider commissioned by the operator.</p><p>The private operator is also required to submit at regular intervals (annually or up to 18 months) updates to its technology roadmap and business plan. These documents are assessed by relevant subject matter experts within the ORG or the wider department and feedback is provided to the private operator on their adequacy. For example, a range of annual reporting requirements for FY23 relating to fraud and crime prevention, error reports, business continuity and incident management, and the technology roadmap were provided to Department of Customer Service IT for review.</p><h4>The ORG has implemented an effective governance structure to support its regulation of the land titles registry system</h4><p>The ORG has implemented a series of forums with the private operator to discuss strategic and operational matters. As required by the concession deed, these are:</p><ul><li>a Joint Consultation Committee (JCC)</li><li>an Operations and Performance Committee (OPC)</li><li>an Information Technology sub-committee (ITC).</li></ul><p>The concession deed specifies that this governance framework is intended to:</p><ul><li>guide and monitor the performance of the concession</li><li>oversee compliance with specified service levels</li><li>resolve issues as required</li><li>establish a framework to maintain an effective relationship between key personnel of the ORG and the operator.</li></ul><p>These committees have clear terms of reference, which have been subject to review. The ORG has demonstrated, through meeting papers and minutes, that these committees meet regularly, consider substantive matters as envisaged by the concession deed, and are effectively administered and recorded.</p><p>The ORG has also established a stakeholder forum that includes senior representatives of key stakeholder groups. This forum is intended to foster multilateral communication between the regulator, operator and stakeholders. Some stakeholders expressed the view to the audit that the focus of this forum has evolved to facilitate feedback and updates from the regulator and operator, rather than provide opportunities for industry stakeholders to ask questions or raise issues. Notwithstanding, the ORG did provide evidence that issues raised by stakeholders at this forum were subsequently escalated to JCC or OPC meetings.</p><p>The ORG also has a series of bilateral regular engagements with key stakeholders, as well as specialist or project based working groups with the private operator and other system participants.</p><h4>The ORG appropriately manages potential conflicts of interest</h4><p>The ORG has recognised that the separation of the former Land and Property Information unit of the Department of Customer Service into separate regulator and operator entities meant that staff working in each entity may have close pre-existing professional and personal relationships. This heightens the need to identify and manage potential conflicts of interest to ensure credible and transparent regulation.</p><p>The ORG manages conflicts of interest by following applicable department policies. The audit reviewed conflict of interest declarations made by all ORG managers at NSW public service clerk levels 11/12 and above for the past three years. The audit found that declarations had been submitted and any conflicts addressed.<br> </p><hr><p class="footnote"><sup>3</sup> The breaches were of the ‘Core Data for Government Agencies Service Level’, which measures the number and availability of Core Data supplied to certain Government agencies that the operator successfully provides within required timeframes and hours of availability.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>The land titles registry system is multi-party, with different powers and tools available to the ORG for each party. In summary, the ORG can address non-performance to varying degrees over:</p><ul><li>the private operator, through the multi-tiered framework described under section one of this report</li><li>the ELNOs, which may be subject to suspension or termination (neither of which are practical options if the system is to function), as well as compliance examinations, remedial directions and application to the NSW Supreme Court for financial penalties</li><li>authorised subscribers, who may have their access to the ELN suspended or cancelled (this regime is currently under review to broaden the Registrar General’s enforcement options)</li><li>registered surveyors, who may be referred to the Board of Surveying and Spatial Information (BOSSI) for professional disciplinary action.</li></ul><h4>The number of claims and the total annual payments under the Torrens Assurance Fund have declined since 2014–15</h4><p>The Torrens Assurance Fund (TAF) is a statutory compensation scheme designed to compensate people who, through no fault of their own, suffer loss or damage as a result of the operation of the <em>Real Property Act 1900</em>. This loss or damage can be a result of an error, misdescription or omission in the register. When granting the concession to the private operator, the government gave the assurance that the TAF would continue to operate and be administered by the ORG. The ORG has a longstanding function to receive and determine claims made under the TAF.</p><p>Relative to the number and value of matters addressed by the land titles system, the number of claims and total payments paid under the TAF is relatively small. As shown in Figure 2, between 2014–15 and 2022–23, the number of claims varied between seven and 40, while the payments paid under the TAF varied between $93,032.21 and $3,168,143.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This audit has focused on two primary processes when considering how the ORG obtains reasonable assurance about the quality of information held on the registers maintained by the private operator. These are:</p><ul><li>the examination and registration of plans by the private operator</li><li>the registration of dealings by the private operator.</li></ul><p>The concession deed requires that the private operator, in undertaking these functions, must, among other things, act in good faith, as well as act reasonably and on reasonable grounds. In each case, plans and documents must be entered promptly and accurately onto the relevant register.</p><p>These two processes and their role in supporting the integrity of the land titles registry are discussed in turn below.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>The land titles registry is one of the department’s IT ‘crown jewels’</h4><p>As the principal department for the ORG, the Department of Customer Service has identified the IT system supporting the land titles registry as a ‘crown jewel’ under the NSW Government Cyber Security Policy. Classification as a crown jewel provides the land titles registry with priority within the department when investment, fixes, patching and resource allocation are considered.</p><p>The ORG receives dedicated cyber security support from the department’s Office of the Chief Information Security Officer in the form of an identified business support officer. During the audit there did not appear to be a similar dedicated resource from the department’s general ICT division. The ORG has stated that the lack of dedicated support in this area risks that ‘institutional technology expertise is not built up or retained within Government to effectively monitor the [operator’s] management of this asset’.</p><p>However, from October 2024, DCS ICT has provided the ORG with a dedicated business partner who attends monthly meetings to discuss ICT matters and attends ICT Committee meetings on an as-needed basis.</p><h4>While the IT system supporting the land titles registry is a critical IT asset, it is unclear how roles and responsibility are assigned for ensuring compliance with the NSW Government Cyber Security Policy</h4><p>The NSW Cyber Security Policy provides guidance and mandatory requirements for agencies relating to cyber security. The ORG could not clarify whether it, or the department more widely, is responsible for ensuring compliance with the NSW Cyber Security Policy, as well as the role expected by the private operator. This creates a potential risk that protections contained in the policy will not be extended to the land titles registry and that there may be gaps in accountability.</p><p>The 2023–24 version of the policy contains three requirements relating specifically to crown jewels:</p><ul><li>agencies to identify and document external upstream and downstream dependencies of enterprise ICT (including cloud), operational technology and Internet of Things assets (specific requirement 1.6.4)</li><li>agencies must assess and identify crown jewels and classify systems (mandatory requirement 1.7)</li><li>agencies must conduct periodic reconciliation of data assets against data retention requirements (specific requirement 1.8.2).</li></ul><p>The department appears to have complied with mandatory requirement 1.7, in that it has identified the land titles registry as a crown jewel. However, it explained that it did not have visibility or control over the upstream and downstream systems used by the private operator. Accordingly, to the extent that it may be responsible, the department acknowledged that it does not comply with specific requirement 1.6.4. While it was not specifically examined, the audit did not receive any evidence that the department complied with specific requirement 1.8.2.</p><p>While the department is not fully compliant with the requirements of the NSW Cyber Security Policy, its view is that:</p><ul><li>the concession deed requires the private operator to maintain technical and organisational measures that are no less rigorous than those that applied prior to the concession</li><li>the cyber security measures taken surpass those that would apply under Department of Customer Service policies</li><li>the regulator retains oversight of the private operator’s compliance with its requirements under the concession.</li></ul><p>Notwithstanding these assurances, neither the department, nor the ORG itself, provided any evidence demonstrating that the protections provided by the private operator have been reconciled against all the requirements of the NSW Cyber Security Policy, including the specific clauses that apply to crown jewels. As discussed below, neither the department nor the ORG have considered the implications of the private operator being deemed a ‘third-party service provider’ under the NSW Cyber Security Policy.</p><p>The NSW Cyber Security Policy allows that not all its requirements must be uniformly implemented across the agency. However, where an agency seeks an exception to the policy, it should ensure that the exception is ‘… documented and approved by an appropriate authority through a formal process’. The ORG did not provide evidence that any exception to the requirements of the Cyber Security Policy (such as non-compliance with specific requirement 1.6.4) had been documented and approved.</p><h4>The ORG has determined that the private operator is a third-party service provider under the NSW Cyber Security Policy, although the implications of this have not been fully examined by the ORG or the department</h4><p>During this audit, in November 2024, the ORG obtained advice from Cyber Security NSW that the private operator is a ‘third-party service provider’ under the NSW Cyber Security Policy. The policy has a number of specific requirements relating to third-parties.</p><p>Mandatory requirement 1.10 of the NSW Cyber Security Policy requires agencies to ‘identify and manage third-party service provider risks, including shared ICT services supplied by other NSW Government agencies’.</p><p>Section 6.12 of the Cyber Security Policy provides agencies with guidance on their responsibilities for managing the cyber security requirements and risks posed by third-party providers to assist agencies implement mandatory requirement 1.10. This section includes responsibilities such as:</p><ul><li>ensuring third-party risks are considered in enterprise risk management processes</li><li>conducting regular management of third-party risks through ongoing risk-based reviews to verify compliance with contractual agreements and security measures.</li></ul><p>The designation of the operator as a third-party service provider to the ORG is a recent classification and the implications of this have not been fully considered by the ORG or the department.</p><h4>The ORG has ensured that cyber security obligations are included in the private operator’s arrangements with its own contractors</h4><p>The audit also considered what assurance the department or the ORG has obtained regarding the adequacy of cyber security provided by contractors to the private operator. Clause 39 of the concession deed establishes that:</p><ul><li>the private operator must ensure that its third-party service providers and subcontractors comply with all terms of the deed relevant to the operator’s obligations, including to maintain adequate cyber security</li><li>the private operator is liable for all acts and omissions of its subcontractors.</li></ul><p>The ORG and the private operator have agreed to a process whereby the latter notifies the regulator when new subcontractors are engaged and provides assurance that subcontractors comply with the requirements of clause 39.</p><p>The ORG has also approved a table of clauses that must be included in any subcontracting agreements that the private operator makes with its own third parties. These clauses include obligations for adequate cyber security.</p><h4>The ORG has ensured security testing is conducted on the core systems and services of the land titles registry</h4><p>The concession deed imposes requirements on the private operator relating to the security of the land titles registry, including that the private operator must:</p><ul><li>‘… establish, maintain, enforce and continuously improve reasonable technical and organisational measures’ across a range of specific areas aimed at protecting data and preventing unauthorised access and use</li><li>maintain technical and organisational measures that are no less rigorous than those the land registry was subject to prior to the concession</li><li>engage in third-party audits in relation to its compliance with the applicable information security standard (ISO 27001), and provide these reports to the ORG.</li></ul><p>The ORG has relied on subject matter expert advice from within the wider department to determine that the private operator is satisfying these requirements, including by providing third-party certification of its compliance with ISO 27001. The ORG provided evidence of this certification.</p><p>Clause 25.1 of the concession deed requires that the private operator must, to the extent reasonably requested by the ORG, test and evaluate the performance of core systems and services, which may include security testing such as ‘… vulnerability testing, penetration testing, manual configuration tests and reviews, self-assurance testing and other vulnerability and threat assessment testing’. This testing and evaluation has included assessment of the operator’s controls relevant to the System and Organisation Control 2 (SOC 2) Security and Availability Trust Services Criteria.</p><p>The ORG has ensured that the private operator has completed ISO2001 certification and has conducted SOC 2 assessments. Relevant materials are reviewed by subject matter experts from both the ORG and broader department and discussed at ITC meetings. This audit reviewed a sample of SOC 2 documents and found no significant weaknesses.</p><p>Consistent with clause 25.1 of the concession deed, the ORG has also required the private operator to conduct a program of penetration tests on its systems. Penetration testing is a useful mechanism for assessing the potential vulnerabilities of an IT system. However, penetration testing does not offer assurance of the security of a system. Reasonable assurance can only be derived by the effectiveness of security controls, including those implemented to address any vulnerabilities identified by penetration testing.</p><p>The ORG assesses and monitors how the private operator responds to vulnerabilities identified by its penetration testing program. The ORG reviewed test reports and discussed these with the private operator during ITC meetings. However, the effectiveness of this monitoring has been hampered by the ORG’s lack of a central registry of issues or vulnerabilities. This limits the ability of the regulator to easily monitor trends and risks or review historic issues.</p><p>The concession deed does not specify minimum acceptable standards for the conduct of penetration testing or other forms of system test. Moreover, it is the private operator that is responsible for conducting the testing. When the ORG reviews the results of the operator’s security testing, it also has the opportunity to assess the adequacy of the design and conduct of the tests (including to ensure that the scope and timing of each test provides adequate assurance that vulnerabilities have been identified).</p><p>However, as security testing is a requirement of the concession deed, the ORG – as the regulator and consistent with regulatory good practice – should be clear about its expectations for what constitutes appropriately rigorous test methods. These expectations should be effectively and proactively communicated to the private operator, and not left to be raised in retrospective review comments.</p><h4>The ORG has become increasingly focused on potential risks posed by aging legacy IT systems and how any risks should be mitigated</h4><p>When granting the concession, the NSW Government’s stated expectation was that the private sector would ‘… have strong incentives to invest in new technology, resulting in significant improvements to the system, and benefits for consumers’. There was an expectation at the outset of the transaction that the successful bidder would, at some time, ‘refresh’ the existing legacy IT systems on which the land titles system operates. While unspecific at the time, a system refresh could include either upgrade or replacement.</p><p>However, it was not clear in the bidding documents exactly when and how a successful bidder would be required to address the risks from legacy IT systems. The Information Memorandum provided by NSW Treasury to potential bidders noted that the expected response of the successful bidder:</p><table><tbody><tr><td style="height:110px;width:1127px;">… could range from a limited refresh of technology components (e.g. graphical user interface front end, etc.) or extend to a complete re-platforming and redevelopment of ITS [Integrated Titling System] as reported by other jurisdictions.</td><td> </td></tr></tbody></table><p>Commitments to replace legacy systems were included in the private operator’s business plan and technology roadmap submitted as part of its bid, with the business plan committing to the ‘decommissioning of legacy systems by the end of 2019’.</p><p>The private operator has ‘de-risked’ some parts of the legacy environment, including the Historical Land Records Viewer and its website, and is currently working (albeit to a delayed schedule) to upgrade a key system, the Integrated Property Warehouse (IPW). However, the replacement of legacy systems ITS (Integrated Titling System) and DIIMS (Document and Integrated Imaging Management System) was removed from the operator’s 2023–24 technology roadmap. An external strategic technology review commissioned by the ORG in 2023 recommended to the regulator that the operator should be asked to re-include this work in future roadmaps. This was so that a ‘complete risk assessment and project complexity, cost and delivery schedule’ could be understood.</p><p>While the matter had been raised previously, it appears that since 2023, the ORG has become increasingly concerned about the private operator’s management of legacy IT systems. The ORG has noted that the private operator has not conducted discovery work or risk assessments on these systems. In 2023, the ORG assessed the removal of ITS discovery work from the 2023–24 technology roadmap as ‘highly concerning’ and noted that it would, in response, ‘… consider the full range of levers under the Concession Deed’.</p><p>In July 2024, after considering an ‘escalated regulatory response’ to the operator’s perceived reluctance to conduct its own risk assessment, the ORG determined to initiate its own risk-based review of the longevity of the legacy core systems in conjunction with Department of Customer Service ICT personnel.</p><p>This performance audit has not assessed the risks posed by legacy IT systems and notes that such questions can raise complex technical issues. It is not necessarily the case that a legacy system is inherently insecure and there is evidence that the private operator has conducted work to insulate the core legacy systems from potential risks. Accordingly, the audit has made no finding about any level of risk posed by the legacy systems underpinning the land titles registry.</p><p>The approach taken by the ORG from July 2024 seems consistent with guidance published by the Australian Signals Directorate and the Australian Cyber Security Centre. This guidance highlights the need for agencies to implement a sound strategy to manage legacy IT, starting with developing an understanding of the business and security risks posed by such systems.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>The ORG has recognised the importance of privacy to retaining confidence in the land titles system and actively addresses privacy issues with the private operator</h4><p>The registers operated and maintained under the concession deed are public registers. That is, they can be accessed by anyone (in some circumstances, after the payment of a fee). While there are public interest reasons for this information to be publicly available, public registers can create a tension with individual privacy, where the information held in a register is personal identifiable information about an individual.</p><p>This tension can be exacerbated when it is compulsory to record information in a public register, thereby reducing the individual’s choice and control over their personal information. In some circumstances, it has been found that community concerns are exacerbated where public registers are operated and maintained by the private sector, for example, when the UK Government considered privatising its land titles registry.</p><p>In its privacy policy, the private operator of the NSW land titles system explains that the personal information that it may collect can include:</p><ul><li>name, address, age or date of birth, contact details</li><li>information collected in connection with maintaining the various registers, including information about an individual’s property dealings, such as transfer and leasehold documents</li><li>information related to the operator’s products or services, such as credit card or bank account details</li><li>verification of identity information, such as passport information, rates notices, Medicare card details and drivers licence details.</li></ul><p>In recognition of the privacy risks inherent to public registers, and the potential volume of personal information collected, privacy issues are recognised and discussed between the ORG and the private operator, including at JCC meetings between the Registrar General and the chief executive officer of the private operator.</p><p>For example, the ORG recognised a potential privacy risk in how the private operator was collecting information for its subscriber compliance audit process. This resulted in the ORG requiring the private operator to put in place a more secure method for collecting this information. Similarly, the private operator itself identified a potential privacy issue regarding the length of time it retained personal information for the same process.</p><p>As discussed below, privacy is also considered by the ORG in regard to new non-core service proposals from the private operator.</p><h4>New services proposed by the private operator are subject to approval by the Registrar General and have been subject to privacy impact assessments</h4><p>Privacy risks inherent to public registers can become greater where there are pressures to use that information for purposes unrelated to the original purpose of the public register (‘function creep’).</p><p>It was explicit in the NSW Government’s announcement regarding the granting of the concession that it was expected, not just permitted, that the private operator would identify, develop and deliver additional services using information collected for the purposes of the registry, while ensuring appropriate recognition of potential privacy concerns.</p><p>The concession deed has a mechanism requiring ORG approval of proposed new ‘non-core services’ by the operator. Since the concession was made, there have been four additional non-core services approved. These have each been accompanied by a privacy impact assessment prepared by the private operator and at the instigation of the operator. The ORG does not have standards for an acceptable privacy impact assessment other than the assessment should be prepared by a ‘reputable organisation’. Guidance published by the NSW Privacy Commissioner is that, where possible, privacy impact assessments should be published, which has not been the case for those assessed by the ORG (although commercial and competition issues around potential new information products could offer a justification for not publishing).</p><p>The audit assessed a sample of privacy impact assessments submitted to the ORG by the private operator. Consistent with the NSW Privacy Commissioner’s guidance, the assessments were found to be fit for purpose, in that their size and scope appeared consistent with the inherent assessed risk. The same guidance highlights that privacy impact assessments should be more than just compliance checks. This good practice advice is similar to that published by the Australian Office of the Information Commissioner.</p><p>The ORG has developed a template for assessing new non-core services. The template requires ORG staff to consider a range of issues, including privacy, when new non-core services are proposed by the private operator.</p><h4>The ORG has limited visibility of how effectively other system participants ensure privacy of personal information</h4><p>The ORG maintains a regulatory role over the operator. However, there are numerous other system participants who could adversely impact the integrity and security of the registry, including by impacting the privacy of personal information (whether deliberately or incidentally). The extent of the ORG’s regulatory oversight and powers varies according to the type of system participant.</p><p>For example, the ORG has powers under the concession deed to regulate the private operator directly, although it relies on the private operator to conduct compliance activities for subscribers. Its range of regulatory enforcement options also vary between system participants. Similarly, the concession deed provides for the ORG to issue penalties against the private operator, although not against subscribers or surveyors for non-compliance with their respective obligations.</p><p>In December 2018, the then Registrar General nominated a ‘joint comprehensive review of all potential privacy risks to LRS’ as a priority for the coming year to be completed by December 2019. By July 2019, minutes of the JCC record this priority as ‘deferred’. Subsequently, a comprehensive review of privacy risks has not been conducted. Such a review may assist in better understanding any potential system-wide privacy risks to the land titles system.</p><h4>The ORG and NSW Treasury offered strong public assurance at the start of the concession that statutory privacy protections would apply to the land titles registry</h4><p>The handling of personal information by NSW Government agencies is regulated by the <em>Privacy and Personal Information Protection Act 1988</em> (PPIP Act). As well as setting out privacy principles with which NSW government agencies are required to comply, the PPIP Act also provides a statutory right for individuals to take complaints about the handling of their personal information to the NSW Privacy Commissioner, who may make binding decisions on agencies. The PPIP Act does not generally extend to private sector companies.</p><p>While NSW government agencies are covered by the PPIP Act, most private sector companies in Australia (as well as most Commonwealth government agencies) are covered by the Commonwealth <em>Privacy Act 1988</em> (Privacy Act). The Privacy Act contains similar protections to the PPIP Act, although the regulator and dispute handler is the Australian Privacy Commissioner. Unlike the NSW Privacy Commissioner, the Australian Privacy Commissioner may make an enforceable determination requiring that a complainant be paid compensation for financial or non-financial loss. Section 39 of the enabling legislation for the transaction that underpinned the concession established that:</p><table><tbody><tr><td style="height:110px;width:1127px;">The authorised operator is deemed to be a [NSW government] public sector agency for the purposes of the <em>Privacy and Personal Information Protection Act 1998</em> in relation to the exercise of titling and registry functions.</td><td> </td></tr></tbody></table><p>This was made clear in the second reading speech to the bill for the enabling legislation, which stated that the PPIP Act ‘… applies to the private operator as if it were a public sector agency in the same way that it currently applies to LPI titling and registry Services’.</p><p>In April 2017, NSW Treasury published a fact sheet offering ‘consumer assurance’ that:</p><table><tbody><tr><td style="height:110px;width:1127px;">Like all companies that collect personal information, the private operator must keep personal data private in accordance with NSW and Australian law.</td><td> </td></tr></tbody></table><p>Similarly, in March and April 2017, the then Registrar General made public presentations highlighting that the private operator was subject to statutory privacy obligations:</p><table><tbody><tr><td style="height:110px;width:1127px;"><p>… the operator will only be able to use data to perform its obligations and must comply with obligations contained in Commonwealth and NSW privacy legislation’</p><p>Stakeholders have suggested a private operator will be less respectful of privacy and that individual data might be mis-used. I note that the private operator must comply with obligations contained in Commonwealth and NSW privacy legislation, just at it has to now. And the private operator will only be able to use data to perform its obligations to deliver core services.</p></td><td> </td></tr></tbody></table><p>Accordingly, there appears to have been clear intention to offer assurance to the community that statutory privacy protections would apply to the land titles registry once the concession was made.</p><h4>The ORG has not obtained assurance whether the private operator is covered by the Commonwealth Privacy Act</h4><p>Despite the strong public assurances outlined above, there was uncertainty when the concession was granted about whether and how the Commonwealth Privacy Act applied to the operator.</p><p>As outlined above, the Commonwealth Privacy Act does not cover NSW government agencies. While it does generally cover private sector businesses (such as the private operator), there is an exemption for private sector contract service providers to NSW Government agencies for the purpose of providing services under their contract. Specifically, s. 7B(5) provides that the ‘acts or practices’ of private sector organisation are exempt where:</p><ul><li>the organisation is a contracted service provider for a state contract</li><li>the act is done, or the practice is engaged in for the purposes of meeting (directly or indirectly) an obligation under the contract.</li></ul><p>This was recognised in an information memorandum provided to bidders during the bid process for the concession. The information memorandum explained that the successful bidder may be subject to the Commonwealth Privacy Act, including to the exemption available ‘… as a provider of services to State Government’. The information memorandum concluded that ‘Compliance with the Commonwealth Privacy Act will be a matter for the private operator to assess’.</p><p>Accordingly, notwithstanding the confidence inherent in government public statements around the time that the concession was made, it appears unclear whether (and to what extent) Commonwealth privacy legislation applies to the land titles registry operator.</p><h4>The ORG has not clarified whether an individual would complain about a privacy breach to the NSW or Australian Privacy Commissioner</h4><p>Part 6 of the PPIP Act provides specific provisions for ‘public registers’ operated and maintained by NSW government agencies (noting that the private operator is deemed to be a NSW government agency by s. 39 of the enabling legislation for the transaction).</p><p>Part 6 of the PPIP Act sets out two specific protections for public registers held by NSW government agencies, these being:</p><ul><li>an agency keeping a public register must not disclose any personal information kept in the register unless the agency is satisfied that it is to be used for a purpose relating to the purpose of the register or the Act under which the register is kept</li><li>an individual may request that their personal information be suppressed from a public register if they can establish that its open inclusion would affect their safety or well-being.</li></ul><p>However, clause 7 of the Privacy and Personal Information Protection Regulation 2019 exempts public sector agencies responsible for keeping certain prescribed public registers from the requirements set out in Part 6 of the PPIP Act. The registers operated and maintained under the land titles registry are included in the list of the public registers that are exempt from Part 6.</p><p>Accordingly, the two statutory protections specifically focused on public registers in the PPIP Act do not apply to the land titles registry.</p><p>While there are equivalent contractual restrictions in the concession deed, these measures are not accompanied by a statutory right for individuals to complain to the NSW Privacy Commissioner if their personal information is handled in a manner that would otherwise breach Part 6. In these same circumstances, for the reasons discussed above, it is also unclear whether an individual could complain to the Australian Privacy Commissioner if the potential breach relates to the private operator performing functions as a contract service provider to the NSW Government.</p><p>This jurisdictional complexity is further complicated by the private operator collecting different types of personal information, namely:</p><ul><li>personal information that must be collected onto registers to meet titling and registry legal requirements, such as the name of the title owner or mortgage information</li><li>personal information that is collected by the private operator to support the operation and maintenance of the register and other products offered by the operator, such as payment and identity verification information.</li></ul><p>The private operator publishes a detailed privacy policy on its website. This policy states that the private operator is required to comply with both the PIPP Act and Privacy Act, and to the extent of any inconsistency, it would comply with the latter. While this demonstrates a clear intention to ensure compliance with legislative privacy obligations, further clarity is required as to how this intention can be reconciled with the issues outlined above.</p><p>As the lead agency in managing the transaction and overseeing the preparation of its enabling legislation and concession arrangements, NSW Treasury could not provide evidence that the NSW Privacy Commissioner had been consulted during the drafting of either the enabling legislation for the concession transaction or the concession deed document.</p><h4>The ORG has detailed policy and procedures for ordering the suppression of personal information on the land titles registry, although third-party information reseller arrangements mean that the ORG cannot ensure that personal information will be fully suppressed</h4><p>The ORG may direct the private operator, as well as other parties, such as specific government agencies that use land registry information, to suppress personal information held on the land titles registry. Information about this option is provided on the ORG website. A suppression may be ordered in response to a request from a member of the public advising that their well-being or safety is at risk because the register may disclose their whereabouts.</p><p>In the 12 months to July 2024:</p><ul><li>107 applications to suppress personal information were assessed</li><li>60 were accepted</li><li>47 were declined.</li></ul><p>Due to the critical nature of name suppressions and the potential danger to the individual, it is a requirement that a suppression application be actioned on the day it is received by the private operator (when received during business hours).</p><p>The ORG has detailed policy and process documents for the suppression of personal information. These documents detail the information that is required to be provided by an applicant, as well as describing the decision-making process and how an accepted application will be actioned. The Suppression Policy requires the private operator and a specific government agency that uses and distributes land registry information to complete the suppression request within one business day.</p><p>Analysis performed by the ORG in September and October 2019 found that action in response to at least six suppression applications had been delayed by periods between three and six days. The ORG’s policy on the suppression of personal information now specifies that its privacy contact officer will actively monitor the action time of a suppression direction to ensure that the private operator actions any suppression order within one working day. For a sample period of January to June (inclusive) 2024, the ORG reported that the performance measure was met for each month. However, the complex flows of land titles information, and the multiple parties who may handle it, mean that it could reasonably be expected to take up to two weeks for suppression orders to be given full effect.</p><p>The audit reviewed a small sample of successful and unsuccessful suppression applications that had been received and determined during 2023–24. These are discussed below.</p><p>A sample of five successful applications highlighted the difficulties that the complexity of the land titles system poses in managing data. From the sample, it was found that the private operator actioned suppression orders in a timely manner. However, the time taken to action suppression orders was longer in the case of the government user.</p><p>When the government user receives a suppression notice from the ORG, it informs its seven data customers that they (and in turn their own unknown number of customers or resellers) have seven days to ‘remove all elements of personal information including the property sales information from any record held’. As the ORG is not a party to this data sharing arrangement and has no visibility of the agreements between the various parties, it has no mechanism to offer assurance about the effectiveness of the suppression process.</p><p>The ORG was able to demonstrate that the sample of unsuccessful suppression applications had been handled in accordance with its policy, including by explaining the process to the unsuccessful applicant and affording them the opportunity to provide further information.</p><h4>The ORG is preparing a policy to explain the rights of the private operator, government agencies and other third parties to use land titles registry data for new services and products</h4><p>The concession deed sets out a number of clearly defined ‘core services’ that the private operator is required to provide. In addition, the private operator may apply to the ORG for permission to use land titles registry data for other ‘non-core’ services. These non-core services can generate revenue for the private operator.</p><p>The NSW Government made clear when granting the concession that a policy objective was to promote innovation and improved customer service, including by permitting the private operator to develop new services, while also ensuring that the principles of the NSW Government Open Data policy were maintained. An objective of the Open Data policy is to promote the release of government data ‘… for use by the community, research, business and industry’ and to ‘inform the design of policy, programs and procurement’. The Open Data Policy is not a ‘free data’ policy but is based on the principle of ‘free, where appropriate’.</p><p>Under the concession deed, the private operator is entitled to claim compensation for prescribed ‘compensation events’. In broad terms, compensation events include where the private operator loses its exclusive right to maintain and operate the NSW land titles registry, including to facilitate authoritative searches of titles.</p><p>On 28 September 2021, the private operator submitted a claim for compensation under the concession deed. This claim concerned the use of data by the Spatial Services business unit of the department to create the NSW Spatial Digital Twin (‘Spatial Digital Twin’).</p><p>The Spatial Digital Twin is described by the department as ‘… a cross-sector, collaborative digital workbench for whole-of-government use, that will visualise location information, in a 4D model of the real world (3D plus time)’. It brings together many data elements from multiple sources across government, including information from strata plans registered in the land titles registry.</p><p>On 23 October 2021, the NSW Government rejected the private operator’s compensation claim. However, while rejected, the claim has not been withdrawn. The department has assessed the claim as being unfounded and, consistent with financial audit standards, it is not recorded as a liability in the department’s financial accounts. However, the department does include the claim in its ‘emerging issues return’ that agencies are required to provide to NSW Treasury.</p><p>It was beyond the scope of this audit to assess the merits of this specific claim. However, at a general level, the matter highlights that there may be different interpretations of the concession deed in regard to the permitted uses of land titles registry data and the related compensation provisions. This includes NSW Government agencies that had existing pre-concession rights to obtain data for specific purposes, as well as other system participants that obtain land titles data, such as ELNOs. If a common understanding is not established, then there are dual risks that:</p><ul><li>the potential for compensation claims may mute innovation in how NSW government agencies, and potentially others, use land titles registry data</li><li>current or further claims for compensation by the private operator for uses of data by third parties may create financial liabilities for the State.</li></ul><p>The concession deed includes provisions that permit certain government agencies to obtain land registry data. Those agencies may also enter into individual memoranda of understanding (MOU) with the ORG. These MOUs set out details about how and for what purposes each agency may obtain data. Consistent with the deed, the MOUs also permit agencies to use land titles registry data for ‘similar governmental purposes’ to those purposes specified in the concession deed. There is no guidance on the interpretation of ‘similar governmental purposes’.</p><p>The ORG first formally proposed an approach to resolve this matter in August 2021. However, it remains a live issue. The ORG’s annual priorities letter to the private operator for 2023–24 identified the need to achieve ‘clarity around the use of land registry data’, explaining that:</p><table><tbody><tr><td style="height:110px;width:1127px;">… the rules and roles around land registry data need to be clearly settled, to support government policy development; and to enable innovation for both government and the private sector to deliver new products to customers.</td><td> </td></tr></tbody></table><p>Achieving greater clarity in this matter remains one of the ORG’s annual priorities for both itself and the private operator for 2024–25. The ORG is developing a data use policy intended to assist in addressing risks around data use by clearly communicating to stakeholders the ORG's position on the use of data from the various registers operated under the concession. This policy was still in draft form during this audit.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>The ORG has ensured that business continuity and recovery planning has been prepared for the land titles registry</h4><p>The private operator is required by the concession deed to develop, submit and test a business continuity plan. During the concession, the private operator has met this requirement by providing the ORG with required and related documents, including its Business Continuity Plan, Business Continuity Management System and Disaster Recovery Strategy, as well as a third-party assessment of the adequacy of the planning.</p><p>The private operator is required to annually test its continuity planning. The audit team sighted evidence of third-party testing of the business continuity plan, as well as ORG feedback on the adequacy of business continuity plans and engagement with tests.</p><p>The audit team assessed a sample of business continuity plans provided by the private operator to the ORG against the applicable international standard (ISO 22332). In addition, a sample of incident management and recovery plans were assessed against both ISO 22332: 2022 and ISO 27035.1:2017.</p><p>The audit team found that while the plans did not expressly claim to be prepared in accordance with any formal standard, they were broadly consistent with the requirements of the standards. For example:</p><ul><li>there was evidence that sampled plans had been reviewed annually or as required as a result of organisational changes or post incident review</li><li>assumptions for the operation of the plan, and intersections with other key documents were clear</li><li>specific roles and team members, including alternates where available, were identified with defined roles and responsibilities</li><li>where scenarios were detailed, there were specific steps and tasks clearly outlined</li><li>plans contained rating frameworks that defined the criticality of events, and the subsequent recovery objectives.</li></ul><p>The private operator also has a business continuity management framework that sits across business continuity plans for specific functions, as well as a disaster recovery strategy. These higher-level documents also provide detail on the operator’s requirements for more specific plans and processes to be tested. The business continuity management framework, for example, requires annual business continuity exercises to take place.</p><h4>The ORG has a local business unit continuity plan, although this has not been tested</h4><p>As part of Department of Customer Service business continuity planning, the ORG has a local business continuity plan for its own business unit. This plan addresses three specific critical business functions:</p><ul><li>managing the concession</li><li>administering the TAF</li><li>regulating ELNOs.</li></ul><p>Each of these critical business functions has a maximum acceptable outage time of one day, with a recovery time objective of three days. The ORG has not tested these recovery time objectives, or the operation of continuity plans for critical business functions.</p><h4>The alignment of regulator and operator response and recovery plans is a recent improvement that has been identified through joint scenario testing</h4><p>A joint exercise was conducted in November 2023. An external cyber security consultant was commissioned to design and deliver a cyber incident response exercise between the department, the ORG and the private operator.</p><p>The consultant produced a report that identified strengths across the engaged stakeholders, including the collaborative culture with clear decision-making protocols, awareness of the current threat landscape, and active involvement and identification of areas of improvement.</p><p>The report broadly identified the need for interconnected communication plans, harmonised incident response plans and pre-defined authority to act as key opportunities for improvement. This was due to uncertainty regarding who should initiate contact with different parties, the need for enhanced coordination and uncertainty during the exercise about who had the authority to engage with the threat actor.</p><p>This seems to be the only joint exercise that has been conducted between the regulator and operator to date. No further joint exercises are currently planned.</p><h4>The ORG has not tested whether it could use back-up data to operationally manage the land titles registry</h4><p>The concession deed requires the private operator to provide the ORG with a daily back-up of the ‘core data’ contained in the land titles registry (except for core imaging repository data, which is subject to weekly back-up). This is consistent with pre-concession disaster recovery arrangements where core databases and transaction logs were replicated to an off-site disaster recovery centre daily.</p><p>The ORG has taken steps to ensure that the back-up data provided by the operator is reliable. The content of the back-ups provided by the private operator was validated by Department of Customer Service ICT in August 2024, with a regular automated testing protocol now in place. This was not always the case, as ORG audits of back-up data had identified deficiencies earlier in the concession.</p><p>While the ORG has access to accurate back-up data, the value of the back-ups and whether the ORG can effectively restore the state back-up (for example, if it is ever required to exercise its step-in powers) has not been determined. The audit was told ‘there is no guarantee’ that existing back-ups could be used to restore the system.</p><p>The appropriate use, utility and purpose of the state back-up is a current issue for the ORG. This issue was also identified in the 2023 strategic technology review, which noted the potential for developing a real time replica of the land titles registry data. As a result of this review, the ORG is reviewing best practice for the use of the state back-up, including analysing its purpose, situational need and methods to audit and assess back-ups in the future. These findings are due in mid-2025. Any changes to state back-up arrangements will likely require changes to the concession deed.</p><p>If future circumstances require the ORG to rely on the state back-up of the registry data, the ability of the ORG to use the state back-up would be critical, including if there was a technical or operational failure with the private operator. The ORG has commenced initial analysis on the required documentation, procedures and scenarios required to exercise its step-in powers. However, the ORG has not tested how effectively it could restore the state back-up, or how it would use the back-up data in practice, if it was needed.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>There is evidence that the ORG has taken steps to identify regulatory weaknesses and areas for improvement</h4><p>The ORG has several internal processes to identify and review issues around its own performance. These include weekly and fortnightly team meetings at various levels, quarterly executive meetings, and an annual team development day. The ORG also notes that a weekly email identifies good regulatory practice, however there is no formalised approach in terms of a framework that benchmarks the ORG’s performance in comparison to similar regulators or guides its continuous improvement processes.</p><p>The ORG has identified several internal improvement areas. These include workforce capability or capacity gaps and managing the risk of regulatory capture.</p><ul><li><strong>Workforce capability:</strong> while the ORG has a small IT team, it does not have senior or strategic IT expertise. Workforce capability in this area is a key risk to the long-term regulation of the land titles registry. It was raised by several stakeholders in interviews with the audit team and identified as a risk in both the Strategic Technology Review, and the ORG’s 2023 annual team development day.</li><li><strong>Regulatory capture:</strong> ORG staff should refrain from becoming involved in discussions with the private operator and surveyors about plan issues, due to its role as the decision-making authority in administrative reviews.</li></ul><h4>The ORG is addressing a gap in strategic technology and regulatory practice capability to ensure it can effectively regulate the land titles registry in the long term</h4><p>The land titles registry is an increasingly technology-focused system, having transitioned since the early 1980s from a paper-based system, where documents were submitted or searched for in-person, to a digital system with remote online access. This means that the ORG is increasingly regulating technology solutions and operations.</p><p>While the ORG has identified strategic technology expertise as a gap, it does not yet have a long-term capability development and retention plan. It has also not mapped its existing skills base to ongoing requirements of overseeing the concession deed and regulating the land titles registry. Its existing workforce plans respond to workforce survey findings and focus on developing and retaining its current workforce.</p><p>To address this capability gap in the immediate term, the ORG has engaged an external consultant to address strategic technology skills, reallocated its spending on consultancies to fund ongoing roles and requested support from Department of Customer Service ICT.</p><p>In 2024, as part of Fair Trading and Regulatory Services, the ORG was provided with a dedicated business information support officer from the department’s cyber security area who supports it with advice related to cyber security. Prior to this the ORG was also able to receive advice from the department’s Chief Information Security Officer. Advice has included risk assessments, responses to ad hoc requests and formal advice on reporting required from the operator. There is a potential risk in relation to this key role being outside the ORG’s structure and therefore not able to be fully managed by the ORG.</p><p>Broader Department of Customer Service ICT support has been more limited outside of cyber security. Leadership meetings have occurred inconsistently, for example, limiting ORG’s ability to influence the department’s ICT support.</p><p>The NSW Public Service Commission (now located within the Premier’s Department) has published a Strategic Workforce Planning Framework that provides guidance for agencies to understand and prepare for their future workforce needs. This framework identifies three levels of workforce planning.</p><ul><li>Strategic workforce planning: identifies actions and addresses challenges, risks and opportunities, entailing longer term planning covering a 3–5 year period. The framework notes that strategic planning is not ‘resource management to fill immediate operational needs’.</li><li>Tactical workforce planning: specifies how work should be done in a specific area to efficiently achieve goals outlined in the strategic workforce plan.</li><li>Operational workforce planning: Ensures daily work is done effectively.</li></ul><p>ORG activity to address this capability gap is mainly tactical and operational. Quarterly executive meetings review resourcing needs with an 18-month time horizon, while the Strategic Workforce Planning Framework recommends a longer time horizon. Executive review assesses anticipated workload and, in addition to specific technological capability, has identified the need for additional capacity across the ORG in the areas of policy, regulation and cadastral integrity.</p><p>The ORG advises that it is currently reviewing the most effective approach to engaging strategic technology expertise and relies on expertise from within the Department of Customer Service for guidance on workforce planning.</p><p>The ORG’s wider regulatory context also creates capability needs in regulatory policy and practice. The ORG performs regulatory functions over a complex and multi-participant system. Its primary regulated entity, the private operator, has unique characteristics, being a monopoly exercising important titling functions using an asset that remains the property of the NSW Government.</p><p>At the same time, there are a range of other system participants, such as lawyers, conveyancers, surveyors and banks, who are primarily regulated by other bodies. The other main group of participants, the ELNOs, are themselves subject to new and dynamic market pressures as the industry evolves from a monopoly to a competitive market. The Australian Registrars' National Electronic Conveyancing Council has described a future-state in which multiple ELNOs inter-operate, resulting in a ‘growing compliance burden for government’ within ten years.</p><h4>The concession deed contains mechanisms to support continuous improvement in the operation of the concession, including an optional five-year major review clause that has not yet been exercised</h4><p>The concession deed provides for the ORG to conduct:</p><ul><li>‘annual reviews’ of the operator’s performance, including its achievement of service levels and a review of its latest business plan, as well as a broad range of other matters</li><li>‘ad hoc and other reviews’, whereby the ORG may review or ‘spot check’ the operator’s performance of any core service provided under the concession</li><li>a ‘major review’ of the operator’s performance under the deed no more than once every five years, including the extent to which the operator is acting consistently with the objectives of the concession and a broad range of other matters – a major review may also consider whether any changes are required under the concession deed.</li></ul><p>The ORG conducts annual reviews of the private operator’s performance, including by reviewing and providing feedback on iterations of the private operator’s business plan. As discussed earlier, the ORG has also required the private operator to provide ad hoc reports on two occasions relating to the quality of the private operator’s plan examinations. While the annual priority letters described earlier in this report (see section 3) also encompass an element of performance review, that process is not a function of the concession deed.</p><p>To date, the ORG has not exercised its option to conduct a major review of the concession. The ORG did consider conducting a major review in 2022, but it was determined at the time that progressively evolving the concession using iterative contract variations agreed with the private operator was an adequate course of action.</p><p>The range of matters anticipated by the major review mechanism is substantial and would prompt consideration of matters that may not emerge iteratively or ad hoc, including matters that are more than simply routine or operational. For example, the major review mechanism provides for the review of significant and strategic matters, including those ‘… that were not anticipated as at the execution date, but which ought to be addressed having regard to the objectives’. Notwithstanding the long duration of the concession, and the complex and evolving environment in which it operates, the ORG has not commenced preparatory work to scope when, or in what circumstances, a major review would be appropriate.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="/sites/default/files/documents/Appendix%201%20-%20Regulation%20of%20the%20land%20titles%20registry.pdf" data-entity-type="file" data-entity-uuid="579a4cea-ad15-4715-a0e0-6844aed06dd9" data-entity-substitution="file" title="Appendix 1 - Regulation of the land titles registry.pdf">Appendix 1 – Response from Department of Customer Service</a></p><p><a href="/sites/default/files/documents/Appendix%202%20-%20Regulation%20of%20the%20land%20titles%20registry.pdf" data-entity-type="file" data-entity-uuid="40f8565d-e8a9-472b-9c37-2258c2a7bf04" data-entity-substitution="file" title="Appendix 2 - Regulation of the land titles registry.pdf">Appendix 2 – Glossary</a></p><p><a href="/sites/default/files/documents/Appendix%203%20-%20Regulation%20of%20the%20land%20titles%20registry.pdf" data-entity-type="file" data-entity-uuid="ead36b81-6f2f-4c56-9124-c92a886f2501" data-entity-substitution="file" title="Appendix 3 - Regulation of the land titles registry.pdf">Appendix 3 – About the audit</a></p><p><a href="/sites/default/files/documents/Appendix%204%20-%20Regulation%20of%20the%20land%20titles%20registry.pdf" data-entity-type="file" data-entity-uuid="0d4135cd-6e46-47a2-96e2-6d4b60b5eaf2" data-entity-substitution="file" title="Appendix 4 - Regulation of the land titles registry.pdf">Appendix 4 – Performance auditing</a></p><p> </p><p>© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</p><p> </p><p><span style="background-color:white;">Parliamentary reference - Report number #403 released 12 February 2025.</span></p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2025-01-29">29 January 2025</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/bus-contracts-in-metropolitan-sydney" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Bus%20contracts%20-%20Thumbnail.jpg?h=40551f42&itok=vkxHUtpi" width="120" height="120" alt="A Sydney bus" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Bus contracts in metropolitan Sydney</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/bus-contracts-in-metropolitan-sydney" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Bus%20contracts%20in%20metropolitan%20Sydney&url=https://www.audit.nsw.gov.au/our-work/reports/bus-contracts-in-metropolitan-sydney" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/bus-contracts-in-metropolitan-sydney&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Bus%20contracts%20in%20metropolitan%20Sydney&body=https://www.audit.nsw.gov.au/our-work/reports/bus-contracts-in-metropolitan-sydney" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Transport'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1594">Audit</div><div class="audit-title" aria-labelledby="audit_title_1594">Bus contracts in metropolitan Sydney</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1594" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130233" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="dDIMp2Y11SzYsR2oQJQFJQvjbIjvKVWfE8vxr7vZhx8" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1594" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-qqsvsxkpduaqj5nyl-thy2kruss33ryae9kfk5e8noa" type="hidden" name="form_build_id" value="form-QqsVSXkPduaqj5Nyl-THY2KrUsS33ryae9kfK5e8noA" /> <input data-drupal-selector="edit-aonsw-feedback-form" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20-%20Bus%20contracts%20in%20metropolitan%20Sydney_1.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/bus-contracts-in-metropolitan-sydney" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Bus contracts in metropolitan Sydney</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Transport </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Procurement </div> <div class="field__item"> Service delivery </div> <div class="field__item"> Workforce and capability </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report</h4><p>Bus services in metropolitan Sydney are provided by private operators under contract to the NSW government. Transport for NSW (TfNSW) determines bus timetables, routes, stops, and frequency, while the operators deliver the specified bus services.</p><p>This audit assessed the effectiveness of TfNSW’s design and management of metropolitan Sydney bus service contracts. The audit focused on the nine regions where services are provided under the Greater Sydney Bus Contract (GSBC).</p><h4>Conclusion</h4><p>TfNSW is not effectively managing bus contracts to ensure that operators are meeting contracted obligations and customer needs. It has not responded strategically to major changes in commuter, work and travel patterns on metropolitan bus services.</p><p>TfNSW identified significant gaps in its strategic contract management capacity since 2022 but has not sufficiently addressed these. As a result, it has not undertaken essential medium to long term strategic activities required to effectively manage the GSBCs. It has not conducted a holistic, systematic review of service levels across all regions to fully address the impacts of the post-COVID-19 period, and other changes such as new infrastructure and travel options like the Sydney Metro M1 line.</p><p>First stop on time running has stabilised since January 2023. However, operators are not consistently meeting their performance obligations for on time running, cancelled trips and customer complaints.</p><p>There are gaps in TfNSW’s contract management specific procedures and delegations. These gaps mean that the risks of inappropriate exercise of delegations, non compliance with contractual requirements and/or inappropriate use of public funds are not fully addressed.</p><h4>Recommendations</h4><p>The audit recommends that TfNSW improve the capacity of its bus contracts management team. It should also close the gaps in its contract management specific procedures and delegations, and start regularly auditing operator responses to customer complaints.</p><p>TfNSW should implement strategic planning, including enhanced data analytics, aimed at improving bus operator performance.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>On time running (OTR), customer complaints, tracking rates, and cancelled and incomplete trips are important key performance indicators (KPIs) as they represent significant facets of the customer experience.<sup>7</sup> This chapter considers OTR KPIs in detail, since the start of the Greater Sydney Bus Contract (GSBCs).</p><p>OTR is defined in Schedule 4 of the GSBC with three KPIs – first, mid and last stop OTR. All three are measured as the percentage of timetabled bus trips that are on time at the specified location. GSBC operators are required to report to Transport for NSW (TfNSW) on these three KPIs every month.</p><p>For the first and mid stops ‘on time’ is defined as between 59 seconds early and five minutes and 59 seconds late compared to the timetable.</p><p>TfNSW has advised that mid transit stop OTR has been incorrectly calculated for multiple GSBC regions and that it was in the process of re-calculating this KPI for the operators that were affected. As a result, we do not report mid transit stop OTR numbers here or draw any conclusions about them.</p><p>OTR for the last transit stop on a route is measured as a percentage of bus trips arriving on time, where ‘on time’ is defined as no later than five minutes and 59 seconds after the timetable arrival time.</p><h4>First stop OTR has decreased over the duration of the GSBCs, but it has stabilised in the period from January 2023 to May 2024</h4><p>Figure 8 shows the aggregated first stop OTR performance data across metropolitan Sydney as a whole (excluding region 6) for the duration of the GSBCs. It also reflects advice received from TfNSW that there is a change in bus operator performance in January 2023 and splits the time period accordingly (April 2022 to December 2023 and January 2023 to May 2024).</p><p>During the audit, TfNSW emphasised the impact of the bus driver shortage on bus service performance against KPIs, as well as seasonal effects in OTR performance. Therefore, Figure 8 also shows the reported driver shortages for each month from June 2022, as well as the January and February seasonal effects.</p><p>Figure 8 shows that, while there is an overall downward trend in performance, first stop OTR becomes stable after January 2023. Prior to that point in time, performance was declining.<sup>8</sup></p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter considers operator performance against key performance indicators (KPIs) for bus tracking rates and cancelled and incomplete trips. From the perspective of bus passengers, tracking is important to ensure timetables and real-time data are accurate and reflects the reality of the services they are receiving. Tracking is also essential for the measurement of on time running (OTR) and cancelled and incomplete trips.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter considers operator performance based on customer complaints received. Customer complaints are defined in Schedule 4 of the Greater Sydney Bus Contract (GSBC) as any report of a negative experience in relation to a bus service in the categories of ‘complaint’ and ‘feedback’. This excludes vexatious complaints, and any complaints about issues that are within Transport for NSW’s (TfNSW) control and not the operators.</p><h4>Customer complaints have increased since the start of the GSBC</h4><p>The number of customer complaints about bus services over the entire GSBC area has increased over time. The number of complaints per 100,000 boardings in May 2024 is approximately double that in April 2022 (28.9 complaints per 100,000 boarding compared to 14.4), reflecting increasing customer dissatisfaction with the services delivered.</p><p>Complaints are measured using several key performance indicators (KPIs) that represent factors such as the number of complaints per 100,000 boardings and the time it takes operators to respond to complaints. Figure 12 represents the number of customer complaints per 100,000 boardings across the GSBC operators over the GSBC period.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="/sites/default/files/documents/Appendix%201%20-%20Bus%20contracts.pdf" data-entity-type="file" data-entity-uuid="d3566348-88e1-4374-9305-8f64c10653c7" data-entity-substitution="file" title="Appendix 1 - Bus contracts.pdf">Appendix 1 – Response from Transport for NSW</a></p><p><a href="/sites/default/files/documents/Appendix%202%20-%20Bus%20contracts_1.pdf" data-entity-type="file" data-entity-uuid="cbb67e85-480e-47e9-b2f3-25699828593a" data-entity-substitution="file" title="Appendix 2 - Bus contracts_1.pdf">Appendix 2 – The evolution of bus contracting in NSW from 2003</a></p><p><a href="/sites/default/files/documents/Appendix%203%20-%20Bus%20contracts.pdf" data-entity-type="file" data-entity-uuid="2fd9b822-42d6-4bd0-a0c1-951f98829ba0" data-entity-substitution="file" title="Appendix 3 - Bus contracts.pdf">Appendix 3 – About the audit</a></p><p><a href="/sites/default/files/documents/Appendix%204%20-%20Bus%20contracts.pdf" data-entity-type="file" data-entity-uuid="ea9e0e87-e022-4fa0-997f-ec4b486fcd42" data-entity-substitution="file" title="Appendix 4 - Bus contracts.pdf">Appendix 4 – Performance auditing</a></p><p> </p><p>© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</p><p> </p><p>Parliamentary reference - Report number #402 - released 29 January 2025.</p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2024-12-18">18 December 2024</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/state-finances-2024" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20State%20finances%202024.jpg?h=40551f42&itok=0wBLL-W4" width="120" height="120" alt="The Sydney CBD and surrounding harbour, including Circular Quay and The Rocks on a clear autumn day in Sydney, Australia" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">State finances 2024</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/state-finances-2024" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=State%20finances%202024&url=https://www.audit.nsw.gov.au/our-work/reports/state-finances-2024" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/state-finances-2024&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=State%20finances%202024&body=https://www.audit.nsw.gov.au/our-work/reports/state-finances-2024" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Whole of Government'|'Treasury'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1592">Audit</div><div class="audit-title" aria-labelledby="audit_title_1592">State finances 2024</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1592" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130128" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="RIk8Cf821Zv2_GEZf-joc1OdYX3PHsY9J6-oHJdgeNY" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1592" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-lhc69ufvc8qxp-dkmflmusdhuxytmo-ukl1t-eyy-j0" type="hidden" name="form_build_id" value="form-lHc69ufvc8Qxp_DKMfLmusdhuxYtMo-ukL1T_eyY_J0" /> <input data-drupal-selector="edit-aonsw-feedback-form" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20State%20finances%202024.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/state-finances-2024" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">State finances 2024</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Whole of Government </div> <div class="field__item"> Treasury </div> <div class="field__item"> Asset valuation </div> <div class="field__item"> Compliance </div> <div class="field__item"> Financial reporting </div> <div class="field__item"> Information technology </div> <div class="field__item"> Infrastructure </div> <div class="field__item"> Internal controls and governance </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>What this report is about</h4><p>This report focuses on the 2023–24 Consolidated State Financial Statements of the New South Wales General Government Sector (GGS) and Total State Sector (TSS), which comprise the Total State Sector Accounts.</p><p>It comments on the key matters and highlights significant factors that have contributed to the State’s financial outcomes for the year ended 30 June 2024.</p><h4>Observations</h4><p>The audit opinion on the Total State Sector Accounts for the year ended 30 June 2024 was unqualified.</p><p>The GGS’s net operating balance for the 2023–24 financial year was a deficit of $10.7 billion. This was $2.9 billion more than the original budgeted deficit of $7.8 billion, and $1.1 billion more than the revised budget deficit of $9.6 billion estimated during the 2023–24 half yearly review.</p><p>Revenue growth exceeded expense growth in 2022–23 and 2023–24, after several years when expenses increased in excess of revenue as the government responded to COVID-19 and natural disasters.</p><p>The State recorded $769 million in write offs of infrastructure and other assets in 2023–24, largely from transport projects including the Great Western Highway upgrade, the Beaches Link project and the Fast Rail program.</p><p>The State also wrote off $334 million of inventories including expired rapid antigen test kits and personal protective equipment.</p><p>The GGS’s net debt to gross state product increased from -0.3% in 2019 to 11.4% in 2024. It is predicted to reach 14.2% of gross state product by 2028.</p><p>The State maintained its triple-A and AA+ credit ratings.</p><h4>Recommendations</h4><p>Seven of nine 2023 report recommendations have been addressed.</p><p>NSW Treasury is working to address the two open recommendations relating to reviewing the financial reporting exemption framework.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h3>The Audit Office’s annual work program</h3><h4>The <a href="https://www.audit.nsw.gov.au/annual-work-program-2024-27">Annual Work Program 2024–27</a> was published in August 2024</h4><p>Each year, the Audit Office’s Annual Work Program reflects an ongoing strategic assessment of the risks and challenges facing government. It outlines subsequent focus areas for financial audits, as well as planned performance audit topics published as a three-year rolling program. We aim to inform NSW Parliament, the public sector and the community about key risks we identify, as well as our priorities and expected timeframes for delivering our work. This helps to give our stakeholders the best opportunity to prepare for, and engage with, our audits.</p><p>Our financial audit program this year included a consolidated report on the audit results of NSW Government agencies’ financial statements. The <a href="https://www.audit.nsw.gov.au/our-work/reports/state-agencies-2024">State agencies 2024</a> report highlighted the issues that had the most significant impact across the whole sector.</p><p>There are five key focus areas in our performance audit program:</p><ul><li>effective advice and decision making</li><li>First Nations people in NSW</li><li>environment and sustainability</li><li>efficient and responsible use of public resources</li><li>cyber security.</li></ul><h4>A sharper focus on information technology risks and data</h4><p>The NSW public sector is increasingly reliant on information technology to improve service delivery. The Systems Assurance, Cyber and Data Branch within the Audit Office seeks to respond to the pervasive risks and opportunities associated with information technology, and the growing availability of large amounts of data. The creation of this branch reflects the prominence of data and cyber issues within our Corporate Strategy and Annual Work Program, and the importance of our information systems assurance work. The work of the branch supports our financial and performance audits, with insights reflected in our financial and performance audit reports.</p><p>The outcome we seek is a sharper focus on information technology risks within the public sector, particularly cyber security risks, to be highlighted in our performance and financial audits. Our increasing use of data for more effective audits aims to further enhance our audit reports.</p><p>The Systems Assurance, Cyber and Data Branch also plays a role in thought leadership about artificial intelligence and its impacts on the way we work and the work of the agencies we audit. This plan includes commencing our first audit focused on artificial intelligence.</p><h4>Digital audit transformation</h4><p>The Audit Office is embarking on a digital audit transformation which is looking at how we can better use data and technology to enhance our audits.</p><p>This transformation looks to re-imagine how we plan for, complete and report on our financial and performance audits incorporating data analytic solutions, automation and predictive analytics, leading to more efficient, effective and timely audits.</p><p>An initial key focus is on standardising and automating data requests from agencies, which will streamline processes, save time, automate some audit procedures and improve audit risk assessment and benchmarking.</p><p>We understand that there are some key enablers required to achieve this outcome and acknowledge that there are some key risks that we need to manage. Ensuring that we have a workforce that is digitally capable, and technological solutions that are fit-for-purpose, while continuing to maintain high levels of security and privacy over information is essential.</p><p>While this transformation will be staged, the support of the sector will be crucial to ensure speedy and consistent implementation across the entire sector.</p><h4>Audits will target the efficient and responsible use of public resources</h4><p>The <em>Government Sector Employment Act 2013</em> establishes the core values of the public sector in NSW. One of these core values is that public servants should be fiscally responsible and focus on the efficient, effective and prudent use of resources.</p><p>The <em>Government Sector Audit Act 1983 </em>provides that the Auditor-General may have regard to the wastage of public resources and may deal with reports about the serious and substantial waste of public money. Serious and substantial waste involves the uneconomical, inefficient or ineffective use of resources, whether authorised or unauthorised, and which could result in a loss of public funds or resources.</p><p>Waste can result in an opportunity cost for government where money could have been used for a better purpose, or better spent on achieving the same purpose. Waste can also lead to higher costs being incurred to address earlier failings in program design, budgeting and management.</p><p>The Audit Office’s work program for 2024–27 includes audits that focus on identifying whether the planning and management of key programs and services has been efficient and financially responsible, and whether opportunities to avoid and reduce waste have been identified early.</p><h3>Climate-related financial reporting in NSW</h3><p>The NSW Government has announced the introduction of mandatory climate-related financial disclosures as part of agencies’ annual reporting.</p><p>The release of climate-related financial disclosures by government entities is intended to provide transparency on the NSW Government’s exposure to the impacts of climate change and enhance accountability over strategies to respond to risks and capitalise on opportunities.</p><h4>NSW Treasury recently issued its framework for first year climate-related financial disclosures</h4><p>In October 2024, NSW Treasury issued TPG24-33 ‘Reporting Framework for First Year Climate-related Financial Disclosures’ (the Framework). The Framework sets out mandatory reporting requirements, including key guiding principles and disclosure content.</p><p>The Framework is closely informed by the Australian Accounting Standards Board’s (AASBs) Australian sustainability reporting standard, AASB S2 ‘Climate-related Disclosures’. It has been tailored by NSW Treasury to reflect NSW Government circumstances and reporting entity capability and capacity.</p><h4>Entity level climate-related financial disclosures will commence in stages from 1 July 2024</h4><p>The disclosure obligations will commence in 2024–25 for the largest entities or those entities likely to be most exposed to material climate-related risks. Based on NSW Treasury’s assessment, 29 ‘phase 1 entities’ will apply the Framework for their 2024–25 climate disclosures.</p><p>Other entities will apply the Framework when they make their first climate-related financial disclosures in subsequent phases.</p><h4>The assurance regime over climate-related financial disclosures is being developed</h4><p>The Audit Office has been engaging with NSW Treasury to determine the nature and scope of independent public sector assurance over future climate-related disclosures at both a whole-of-government and agency level. Assurance requirements are expected to be staged, with NSW Treasury recently seeking expressions of interest for some phase 1 entities to have their 2024–25 climate disclosures assured by the Audit Office. Mandatory assurance for all phase 1 entities will commence in 2025–26.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="/sites/default/files/documents/Appendix%201%20%E2%80%93%20Key%20audit%20matters.pdf" data-entity-type="file" data-entity-uuid="251840c4-4389-40bb-b4ad-91d4d26db8b6" data-entity-substitution="file" title="Appendix 1 – Key audit matters.pdf">Appendix 1 – Key audit matters</a></p><p><a href="/sites/default/files/documents/Appendix%202%20%E2%80%93%20Prescribed%20entities.pdf" data-entity-type="file" data-entity-uuid="ed7c04c6-fcbc-4770-b850-0de1766a95a4" data-entity-substitution="file" title="Appendix 2 – Prescribed entities.pdf">Appendix 2 – Prescribed entities</a></p><p><a href="/sites/default/files/documents/Appendix%203%20%E2%80%93%20Controlled%20entities%20of%20the%20State.pdf" data-entity-type="file" data-entity-uuid="ba4a2368-4f23-4324-8b23-e6fb40984ad4" data-entity-substitution="file" title="Appendix 3 – Controlled entities of the State.pdf">Appendix 3 – Controlled entities of the State</a></p><p> </p><p><span style="-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);display:inline !important;float:none;font-family:Roboto, sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;">© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</span></p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2024-12-13">13 December 2024</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/state-agencies-2024" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20State%20agencies%202024.jpg?h=40551f42&itok=srKUoIdp" width="120" height="120" alt="Aerial view of Parramatta" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">State agencies 2024</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/state-agencies-2024" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=State%20agencies%202024&url=https://www.audit.nsw.gov.au/our-work/reports/state-agencies-2024" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/state-agencies-2024&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=State%20agencies%202024&body=https://www.audit.nsw.gov.au/our-work/reports/state-agencies-2024" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Whole of Government'|'Community Services'|'Education'|'Environment'|'Finance'|'Health'|'Industry'|'Justice'|'Planning'|'Premier and Cabinet'|'Transport'|'Treasury'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form-2" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form--2" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1550">Audit</div><div class="audit-title" aria-labelledby="audit_title_1550">State agencies 2024</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1550" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name--2">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name--2" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address--2">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address--2" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message--2" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message--2" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy--2" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy--2" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130129" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="Ayhsps7pONdU5Xsoy-1fvQo5MUlhX4ow1GG1DN29k9A" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1550" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-0h3wfp6pxk6gnvbtlfiwoc3gf7ergd5vqlqvj4ywyhe" type="hidden" name="form_build_id" value="form-0h3wfp6Pxk6gnVbtLFiWOc3Gf7erGd5vqLqvJ4YwyhE" /> <input data-drupal-selector="edit-aonsw-feedback-form-2" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20-%20State%20agencies%202024_2.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/state-agencies-2024" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">State agencies 2024</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Whole of Government </div> <div class="field__item"> Community Services </div> <div class="field__item"> Education </div> <div class="field__item"> Environment </div> <div class="field__item"> Finance </div> <div class="field__item"> Health </div> <div class="field__item"> Industry </div> <div class="field__item"> Justice </div> <div class="field__item"> Planning </div> <div class="field__item"> Premier and Cabinet </div> <div class="field__item"> Transport </div> <div class="field__item"> Treasury </div> <div class="field__item"> Asset valuation </div> <div class="field__item"> Compliance </div> <div class="field__item"> Financial reporting </div> <div class="field__item"> Infrastructure </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Procurement </div> <div class="field__item"> Project management </div> <div class="field__item"> Regulation </div> <div class="field__item"> Risk </div> <div class="field__item"> Service delivery </div> <div class="field__item"> Shared services and collaboration </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report</h4><p>Results and key themes from our audits of the state agencies’ financial statements for the year ended 30 June 2024.</p><p>It also includes observations on the following areas of focus:</p><ul><li>risk management</li><li>capital projects</li><li>shared service arrangements.</li></ul><h4>Findings</h4><p>The Treasurer did not table the audited Total State Sector Accounts (TSSA) in Parliament as required by the <em>Government Sector Finance Act 2018</em>, and Responsible Ministers did not table 16 annual reports in Parliament by the required date.</p><h5>Audit results</h5><p>Unqualified opinions were issued for all but one agency.  The quality of financial statements submitted for audit improved, with reported misstatements down to a gross value of $3.9 billion in 2023–24, compared to $10.8 billion in 2022–23.</p><h5>Key themes</h5><p>Errors in accounting for assets led to financial statements adjustments of $1.4 billion. </p><p>Our audits identified deficiencies in key controls across financial management, payroll, contract management and procurement.</p><h5>Risk management</h5><p>Risk management maturity is low across most agencies. Some of the largest 40 agencies self-assess their risk maturity as requiring improvement.</p><h5>Capital projects</h5><p>There is a lack of transparency in the NSW budget papers relating to significant capital projects. The estimated total costs for some major projects are not published as the amounts are considered commercially sensitive. The budget papers do not provide a complete and accurate reflection of the actual costs of large infrastructure projects.</p><h5>Shared service arrangements</h5><p>Three of the five agencies that provide shared services to 108 customer agencies did not obtain independent assurance over the effectiveness of their control environment. </p><h4>Recommendations</h4><p>The report makes recommendations to agencies to improve controls and processes in relation to:</p><ul><li>financial reporting</li><li>financial management</li><li>risk management</li><li>shared service arrangements</li><li>capital projects.</li></ul> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>Financial reporting is an important element of good governance. Confidence in, and transparency of, public sector decision making is enhanced when financial reporting is accurate and timely.</p><p>This chapter outlines our audit observations relating to the financial reporting of State Government agencies.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are also essential for quality and timely decision making.</p><p>This chapter outlines observations and insights from our audits of financial statements of the 40 largest agencies in the State sector. These agencies are listed in <a href="/sites/default/files/documents/Appendix%203%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="8f6e5a9d-010c-45a2-aeac-b760e47b7b80" data-entity-substitution="file" title="Appendix 3 - State agencies 2024_0.pdf">Appendix 3</a>.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines audit observations, conclusions and recommendations from our review of agencies’ risk maturity, assessment processes, governance, systems and culture across the 40 largest agencies in the state sector. These agencies are listed in <a href="/sites/default/files/documents/Appendix%203%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="8f6e5a9d-010c-45a2-aeac-b760e47b7b80" data-entity-substitution="file" title="Appendix 3 - State agencies 2024_0.pdf">Appendix 3.</a></p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines observations, conclusions and recommendations from our review of the 15 most significant capital projects in the State.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>Shared service arrangements can centralise corporate services functions such as finance, human resources, procurement and information technology (IT). Across NSW Government agencies, many business processes and IT functions are provided on a shared services model, that is, one agency operates a business function or IT platform that is used by other agencies rather than each agency maintaining their own. These services are shared by several agencies (‘customers’), but generally are operated and managed by one agency or department (‘provider’).</p><p>This chapter outlines audit observations, conclusions and recommendations from our review of shared service arrangements provided and received by the 40 largest agencies in the state sector. These agencies are listed in <a href="/sites/default/files/documents/Appendix%203%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="8f6e5a9d-010c-45a2-aeac-b760e47b7b80" data-entity-substitution="file" title="Appendix 3 - State agencies 2024_0.pdf">Appendix 3</a>.</p><p>This report outlines the findings on shared service arrangements.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="/sites/default/files/documents/Appendix%201%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="786d69fc-9713-4f6d-96cc-cfbf2308879e" data-entity-substitution="file" title="Appendix 1 - State agencies 2024_0.pdf">Appendix 1 – Status of audits of consolidated entities</a></p><p><a href="/sites/default/files/documents/Appendix%202%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="e9948ad4-af86-4d9b-91e2-b1a5f4b4c275" data-entity-substitution="file" title="Appendix 2 - State agencies 2024_0.pdf">Appendix 2 – Status of audits of non-consolidated entities</a></p><p><a href="/sites/default/files/documents/Appendix%203%20-%20State%20agencies%202024_0.pdf" data-entity-type="file" data-entity-uuid="8f6e5a9d-010c-45a2-aeac-b760e47b7b80" data-entity-substitution="file" title="Appendix 3 - State agencies 2024_0.pdf">Appendix 3 – Forty largest State agencies contents</a></p><p> </p><p><span style="-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);display:inline !important;float:none;font-family:Roboto, sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;">© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</span></p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2024-12-12">12 December 2024</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/members%E2%80%99-additional-entitlements-2024" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20Members%20additional%20entitlements%202024.jpg?h=40551f42&itok=K2Hh2J9x" width="120" height="120" alt="picture of the front steps of NSW Parliament House" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Members’ additional entitlements 2024</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/members%E2%80%99-additional-entitlements-2024" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Members%E2%80%99%20additional%20entitlements%202024&url=https://www.audit.nsw.gov.au/our-work/reports/members%E2%80%99-additional-entitlements-2024" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/members%E2%80%99-additional-entitlements-2024&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Members%E2%80%99%20additional%20entitlements%202024&body=https://www.audit.nsw.gov.au/our-work/reports/members%E2%80%99-additional-entitlements-2024" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Premier and Cabinet'|'Whole of Government'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form-3" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form--3" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1588">Audit</div><div class="audit-title" aria-labelledby="audit_title_1588">Members’ additional entitlements 2024</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1588" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name--3">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name--3" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address--3">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address--3" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message--3" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message--3" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy--3" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy--3" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130130" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="7AKRk4MNws42B0MbCDqfXkmu8861DTao2cpvasn_8X8" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1588" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-yjkkpf4bl5tc92zj-vyvgv9qas1upobiyfelhzd3iro" type="hidden" name="form_build_id" value="form-yjkKPf4BL5Tc92Zj-vyvGv9qAS1uPobIyfelHzD3Iro" /> <input data-drupal-selector="edit-aonsw-feedback-form-3" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20Members%20additional%20entitlements%202024.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/members%E2%80%99-additional-entitlements-2024" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Members’ additional entitlements 2024</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Premier and Cabinet </div> <div class="field__item"> Whole of Government </div> <div class="field__item"> Compliance </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report </h4><p>This report reviews compliance by members of the Parliament of New South Wales with certain requirements outlined in the Parliamentary Remuneration Tribunal’s (the Tribunal) 2024 Annual Determination (the Determination). </p><p>Claims made by members for additional entitlements totalling $12.7 million were within the scope of our review. The remaining payments of $12.1 million were not reviewed as there are certain salaries and allowances that the Determination excludes from our compliance review requirements. </p><p>Claims relating to annual basic and additional salaries, additional expense allowances, and electoral and committee allowances are excluded by the Determination from the scope of our compliance review.</p><h4>Findings </h4><p>From a sample of 56 claims, our compliance review procedures identified 27 departures from requirements of the Determination and/or the administrative guidelines of the Department of Parliamentary Services (the Department). </p><p>There were fewer departures this year than in previous years, however late submission of claims and declarations by members continued. The Department needs to provide clarity to members on expenditure claim requirements and processes.</p><h4>Recommendations </h4><p>The Department should: </p><ul><li>enhance its assessment as to whether members’ expenditure claims comply with requirements and advise members promptly about whether their claims are ineligible </li><li>improve its quality review processes when reporting the total number and dollar value of members’ additional entitlements claims for each year </li><li>ensure internal audits of members’ additional entitlements are adequately scoped and endorsed prior to their commencement and reflect the requirements of the Determination. These internal audits should be completed prior to the compliance review performed by the Audit Office </li><li>continue to work with members to provide them additional training or education and better help them comply.</li></ul> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This report reviews compliance by members of the Parliament of New South Wales with certain requirements outlined in the Parliamentary Remuneration Tribunal’s (the Tribunal) 2024 Annual Determination (the Determination).</p><p>The Determination establishes the annual salaries and additional entitlements allowed to members of the Parliament of New South Wales under the <em>Parliamentary Remuneration Act 1989</em> and requires members’ claims for additional entitlements to also comply with requirements of the Department of Parliamentary Services’ (the Department) administrative guidelines. The Parliament of New South Wales, through the Department, administers payments of additional entitlements.</p><p>There were 32,244 payments made to members for entitlements under the Determination during the 2023–24 financial year totalling $24.8 million. Of these, 30,566 claims for payment of additional entitlements totalling $12.7 million were within the scope of our compliance review under the Determination. The remaining payments of $12.1 million made during the 2023-24 financial year were not reviewed as there are certain salaries and allowances within the Determination that are excluded from compliance review requirements. These payments include:</p><ul><li>annual basic salaries, additional salaries and additional expense allowances</li><li>additional entitlements comprising electoral allowances and committee allowances.</li></ul><p>The infographic below outlines which payments made to members for entitlements under the Determination are within the scope of our compliance review, and those which the Determination excludes from our compliance review.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>There were fewer departures from requirements of the Determination and/or the administrative guidelines of the Department identified in our 2023–24 compliance review than in previous years. However late submission of claims and declarations by members continue, indicating a need for improved processes and greater clarity, training and education for members.</p><p>From a sample of 56 claims, our compliance review procedures identified 27 departures from requirements of the Determination and/or the administrative guidelines of the Department. These included:</p><ul><li>21 claims for payment were not submitted within 60 days of receipt of invoice or incurring the expense (2022–23: 22 claims)</li><li>1 claim under the Communications Allowance related to a publication that did not include the required authorisation and attribution (2022–23: two claims)</li><li>5 members submitted their annual loyalty/incentive scheme declarations after the date specified in the Department’s administrative requirements (2022–23: seven members).</li></ul><p>The table below shows the number of departures from requirements of the Determination and/or the administrative guidelines of the Department identified in the past three financial years’ compliance reviews.</p><table><tbody><tr class="grey-back-yellow-border"><td> </td><td style="text-align:right;"><strong>2023-24</strong></td><td style="text-align:right;"><strong>2022-23</strong></td><td style="text-align:right;"><strong>2021-22</strong></td></tr><tr><td>Late submission of claims for payment</td><td style="text-align:right;vertical-align:bottom;">21</td><td style="text-align:right;vertical-align:bottom;">22</td><td style="text-align:right;vertical-align:bottom;">12</td></tr><tr><td>Late submission of Sydney Allowance reconciliations</td><td style="text-align:right;vertical-align:bottom;">--</td><td style="text-align:right;vertical-align:bottom;">4</td><td style="text-align:right;vertical-align:bottom;">6</td></tr><tr><td>Ineligible claims for Communications Allowance</td><td style="text-align:right;vertical-align:bottom;">1</td><td style="text-align:right;vertical-align:bottom;">2</td><td style="text-align:right;vertical-align:bottom;">4</td></tr><tr><td>Communications Allowance claims made during blackout period <sup>*</sup></td><td style="text-align:right;vertical-align:bottom;">--</td><td style="text-align:right;vertical-align:bottom;">1</td><td style="text-align:right;vertical-align:bottom;">--</td></tr><tr><td>Annual loyalty/incentive scheme declarations not submitted</td><td style="text-align:right;vertical-align:bottom;">--</td><td style="text-align:right;vertical-align:bottom;">4</td><td style="text-align:right;vertical-align:bottom;">2</td></tr><tr><td>Late submission of annual loyalty/incentive scheme declarations</td><td style="text-align:right;vertical-align:bottom;">5</td><td style="text-align:right;vertical-align:bottom;">7</td><td style="text-align:right;vertical-align:bottom;">16</td></tr><tr><td><strong>Total number of departures from the Determination</strong></td><td style="text-align:right;vertical-align:bottom;"><strong>27</strong></td><td style="text-align:right;vertical-align:bottom;"><strong>40</strong></td><td style="text-align:right;vertical-align:bottom;"><strong>40</strong></td></tr></tbody></table><hr><p class="footnote">* Blackout periods are applicable only to election years.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>Members require further clarity to address the continued departures from the Determination</h4><p>Our past compliance reviews identified departures from the Determination and the administrative requirements of the Department that indicate a need for greater clarity in the current processes and guidance, including increased training or education to help support members comply with the Determination.</p><p>Last year we recommended:</p><ul><li>the Tribunal provides greater clarity on current processes and implications of departures from the guidelines to members</li><li>the Department works with members to provide them additional training or education and better help them comply with the Determination and/or the administrative guidelines of the Department.</li></ul><p>While an improvement was observed in the number of departures from the Determination and the administrative requirements of the Department over the years, similar departures have been consistently identified in our compliance reviews. This suggests there is still a need for the Department to improve processes and provide greater clarity, training and education to members. It reconfirms the importance of our recommendation in section 3.3, which calls for the Department to be responsible in assessing the eligibility of claims for additional entitlements prior to payment.</p><h4>Enhanced public reporting</h4><p>Since 2016, our reports to Parliament have recommended the Tribunal consider requiring the Department regularly publish full details of members’ expenditure claims on its website in an accessible and searchable format.</p><p>In response, the Tribunal had developed a plan requiring greater public reporting of members’ expenditure from 1 July 2019. However, Crown Solicitor’s advice sought by the Tribunal confirmed it did not have the power to require the Department publish full details of members’ expenditure claims.</p><p>The Department responded to this recommendation by identifying that a significant investment in the required systems was necessary to allow for the detailed publishing of all members’ expenditure claims.</p><p>This recommendation has been considered by the Department and to date, there are no imminent plans for any change in the way it publishes the details of members’ expenditure claims during the year. Given our recommendation was to enhance public reporting of members’ expenditure claims, and there is no non-compliance with existing reporting, we will not be repeating this recommendation.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="https://www.audit.nsw.gov.au/sites/default/files/documents/Appendix%20One_1.pdf">Appendix one - Response from the Department of Parliamentary Services</a></p><p> </p><p><span style="font-family:"Arial",sans-serif;font-size:10.0pt;">© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</span></p><p> </p><p> </p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2024-11-21">21 November 2024</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/road-asset-management-in-local-government" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20Road%20asset%20management%20in%20LG_5.jpg?h=40551f42&itok=n_kILWx5" width="120" height="120" alt="An image of a truck on a road where road work is being undertaken. The signage reads ‘40’ as speed limit and ‘Gravel Road’. " class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Road asset management in local government</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/road-asset-management-in-local-government" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Road%20asset%20management%20in%20local%20government&url=https://www.audit.nsw.gov.au/our-work/reports/road-asset-management-in-local-government" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/road-asset-management-in-local-government&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Road%20asset%20management%20in%20local%20government&body=https://www.audit.nsw.gov.au/our-work/reports/road-asset-management-in-local-government" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Local Government'|'Finance'|'Industry'|'Community Services'|'Transport'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1441">Audit</div><div class="audit-title" aria-labelledby="audit_title_1441">Road asset management in local government</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1441" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61129934" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="4UocA-a0q0ruNnIbla66jvQtVFF2KCzxLV0bluo_TP0" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1441" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-8jrzafsr4zhtdfdybqaypfzgkdcmum6bwv5t-ejjyf0" type="hidden" name="form_build_id" value="form-8JRZAFsR4zhtdFDybQAYPfzGKDCMum6bwV5T_EJjyf0" /> <input data-drupal-selector="edit-aonsw-feedback-form" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20-%20Road%20asset%20management%20in%20local%20government_1.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/road-asset-management-in-local-government" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Road asset management in local government</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Local Government </div> <div class="field__item"> Finance </div> <div class="field__item"> Industry </div> <div class="field__item"> Community Services </div> <div class="field__item"> Transport </div> <div class="field__item"> Asset valuation </div> <div class="field__item"> Financial reporting </div> <div class="field__item"> Infrastructure </div> <div class="field__item"> Internal controls and governance </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Risk </div> <div class="field__item"> Service delivery </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report</h4><p>Local councils in NSW manage a large proportion of roads across the state. Roads often represent a significant proportion of total council<br>expenditure.</p><p>How councils manage roads is impacted by their revenue, local conditions, and the needs of residents, businesses and other road users.</p><p>This audit was undertaken within the wider context of natural disasters and weather events that have significantly impacted the road network in NSW in recent years.</p><p>It assessed whether three councils had effectively managed their road assets to meet the needs of their communities, makes detailed findings and recommendations to each audited council, and identifies key lessons for the wider local government sector.</p><h4>Key findings</h4><p>All councils can improve how they link community consultation with planned service levels. Formalising these processes could help better demonstrate how current service levels meet community needs.</p><p><strong>Clarence Valley Council</strong></p><ul><li>has established a strategic priority for road asset management but not formal governance arrangements or a long-term capital works program</li><li>is delivering and reporting on its work to respond to natural disasters but does not report against targets for road asset quality and service</li><li>has set benchmarks for road asset maintenance, replacement and renewal but needs clear service levels.</li></ul><p><strong>Gwydir Shire Council</strong></p><ul><li>did not have aligned, up-to-date asset plans during the audit period</li><li>did not have a long-term capital works program but adopted a prioritisation program for capital works in August 2024</li><li>did not effectively implement formal governance, or coordinate management oversight, to manage its road assets.</li></ul><p><strong>Wollondilly Shire Council</strong></p><ul><li>has a strategic framework for road asset management and has used long-term plans to guide its asset capital and maintenance works</li><li>has reported asset management outcomes against a planned capital works program but could improve how it uses KPIs to demonstrate performance.</li></ul><table><tbody><tr class="grey"><td class="border-v-yellow"><h3>Key observations of good practice</h3><p>This report identifies that effective road asset management is best supported when councils have:</p><ol><li>a good understanding and articulation of the community’s vision, priorities and purpose for local roads</li><li>asset management documents that are current and aligned with broader strategies and financial plans</li><li>long-term capital works planning that considers associated ongoing costs, and is supported by systematic prioritisation of works</li><li>clear and documented decision making processes</li><li>transparent performance reporting on progress and outcomes </li><li>reliable, accurate and assured data and systems</li><li>continuous improvement through both formal reviews and capturing lessons learned</li><li>resilience and responsiveness to natural disasters with a planned approach to disaster recovery.</li></ol></td></tr></tbody></table><p> </p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This is the first performance audit of the local government sector that I am tabling in Parliament as Auditor-General for New South Wales.</p><p>Our performance audits are designed to provide valuable information to parliamentarians, sector stakeholders and the public. Ultimately, our aim is to ensure transparency, a principle that underpins effective and efficient use of public resources.</p><p>The management of roads and associated assets is a critical issue for local councils across the state. In recent years, many councils have had to contend with the immediate and ongoing effects of natural disasters.</p><p>These natural disasters, along with increased community expectations, population changes and complex regulatory obligations all contribute to financial sustainability risks for councils. Some councils have used short-term funding allocations (including emergency relief grants) to cover the costs of managing long-term assets. These councils do not have the capacity to generate sufficient income from their own sources, and therefore depend on assistance from other levels of government. Councils’ ability to plan and budget for the long term has also been disrupted by the need for new or restored infrastructure outside asset life cycles.</p><p>Several reports and inquiries in recent years have highlighted these significant financial sustainability risks. The parliamentary inquiry into the ‘Ability of local governments to fund infrastructure and services’,<sup>1</sup> due to be tabled soon, will be a critical input to a long-term solution.</p><p>The three councils audited in this report – Clarence Valley, Gwydir Shire and Wollondilly Shire –each experienced significant natural disasters, including fires, storms and floods during the audit period. Despite this, each audited council was able to deliver a large volume of road asset management works.</p><p>This report provides valuable lessons from these audited councils that can help all councils manage their roads more effectively in the face of evolving risks and competing resource demands.</p><p>I acknowledge this has been a difficult time for some councils across NSW. This report supports councils with practical steps to manage their roads as effectively as possible, improve their resilience to climate challenges and meet legislative requirements.</p><hr><p class="footnote"><sup>1</sup> The inquiry into the ‘<a href="https://www.parliament.nsw.gov.au/committees/inquiries/Pages/inquiry-details.aspx?pk=3040">Ability of local governments to fund infrastructure and services</a>’ by the NSW Legislative Council Standing Committee on State Development commenced on 14 March 2024 to inquire into, and report on, the ability of local governments to fund infrastructure and services.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h3>Background</h3><p>Local councils in New South Wales (NSW) manage over 180,000 km of local and regional roads combined. These roads are crucial to travel within local government areas and across the state, improving community accessibility. Reliable roads ensure commercial and public transport can run on time, increase safety and keep the environment clean.</p><p>As roads age and deteriorate, they become more expensive to repair. Road surfaces and formations are vulnerable to both extreme heat and water exposure. These kinds of exposure have varying effects on the ways roads degrade, depending on the amount of traffic and the kinds of vehicles that use them.</p><p>Local conditions, business and road-user needs, and the impacts of natural disasters vary between councils and influence the way each council manages its roads. Regularly maintaining roads can keep roads functional and safe and prevent costly, unbudgeted repairs and replacements.</p><p>In the 2022–23 financial year (FY2022–23), the estimated total replacement cost of council road assets across NSW was around $102 billion. In the same year, local councils reported collective road asset maintenance expenditure of around $1 billion.</p><p>Since 2017, financial audits of local councils have identified asset management-related issues, including gaps in asset management processes, governance and systems. The Audit Office’s ‘Local Government 2023’ report outlined 266 asset management-related findings across the local government sector, including gaps in revaluation processes, maintenance of information in asset management systems and accounting practices.</p><p>Councils also provide a wide range of other services and infrastructure, including water and sewer infrastructure and services, waste management, environmental protection, housing, and community transport. Through integrated planning and reporting, councils determine how they will allocate resources to their services and infrastructure. Understanding community expectations for assets and services, alongside technical requirements, supports effective planning for function, cost and quality.</p><h3>Audit objective</h3><p>This audit assessed how effectively three councils – Clarence Valley Council, Gwydir Shire Council and Wollondilly Shire Council – are managing their road assets to meet the needs of their communities.</p><p>The audit assessed whether the selected councils:</p><ul><li>have a strategic framework in place for managing their road assets</li><li>have effective governance, data and systems for road asset management</li><li>are managing their road assets in line with planned service levels and quality outcomes.</li></ul><h3>Overview of findings</h3><p>This audit assessed how effectively Clarence Valley Council, Gwydir Shire Council and Wollondilly Shire Council managed their road assets to meet the needs of their communities.</p><p>In assessing each Council’s performance, this audit concluded:</p><p><strong>Clarence Valley Council</strong> has effectively established a strategic priority for road asset management, but delivery of this priority was not supported by formal governance arrangements or a long-term capital works program. While the Council is delivering and reporting on a large volume of road asset works in response to natural disasters, it does not report on consolidated targets for road asset quality and service. The Council has set benchmarks for maintenance, replacement and renewal of roads. It now needs to enhance this with clear service levels to ensure community needs and expectations are met.</p><p>Detailed conclusions and recommendations for the Council are outlined in sections 2.2 and 2.3. Recommendations include that Clarence Valley Council:</p><ul><li>updates and implements its asset management plan and associated improvement actions</li><li>reviews and implements key performance indicators (KPIs)</li><li>captures lessons learned from its natural disaster responses</li><li>implements a long-term capital works program.</li></ul><p><strong>Gwydir Shire Council</strong> did not have aligned, up-to-date long-term asset management plans to support a strategic framework for road asset management across the audit period. The Council did not effectively implement formal governance and coordinated management oversight for its road assets. The Council implemented updates to its asset management plans in June 2024 and governance arrangements in July 2024.</p><p>The Council has reported on the large volume of works it is delivering, including in response to natural disasters, but is not reporting in the context of information about targets and quality benchmarks. The Council does not have a long-term capital works program, but adopted a prioritised rolling program of works in August 2024 to guide its priorities and efforts over time.</p><p>Detailed conclusions and recommendations for the Council are outlined in sections 3.2 and 3.3. Recommendations include that Gwydir Shire Council:</p><ul><li>implements its asset management plans and associated improvement actions</li><li>formalises and documents community priorities and service level expectations for roads</li><li>captures lessons learned from its natural disaster responses.</li></ul><p><strong>Wollondilly Shire Council</strong> has effectively applied a coordinated and strategic framework to deliver road asset management. The Council has long-term plans to guide its efforts and uses data to inform its approach. The Council has delivered a large volume of works in response to natural disasters during the audit period. The Council is reporting its road asset management outcomes and can demonstrate progress against a clearly defined capital works program, but its use of performance indicators could be improved.</p><p>Detailed conclusions and recommendations for the Council are outlined in sections 4.2 and 4.3. Recommendations include that Wollondilly Shire Council:</p><ul><li>finalises and implements its transport asset management plan</li><li>reviews performance indicators for road assets</li><li>formalises and documents community priorities within its integrated planning and reporting (IP&R) and asset management frameworks.</li></ul><h3>Key observations of good practice</h3><p>While each council was separately audited, this report also identifies practices that contribute to effective road asset management across all local councils.</p><p>These include:</p><ol><li>a good understanding and articulation of the community’s vision, priorities and purpose for local roads</li><li>asset management documents that are current and aligned with broader strategies and financial plans</li><li>long-term capital works planning that considers associated ongoing costs, and is supported by systematic prioritisation of works</li><li>clear and documented decision making processes</li><li>transparent performance reporting on progress and outcomes</li><li>reliable, accurate and assured data and systems</li><li>continuous improvement through both formal reviews and capturing lessons learned</li><li>resilience and responsiveness to natural disasters with a planned approach to disaster recovery.</li></ol><p>Further lessons for local government can be found in <a href="/sites/default/files/documents/Appendix%203%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="b112f9de-6ed3-460d-a06e-959de2955034" data-entity-substitution="file" title="Appendix 3 - Road asset management in local government.pdf">Appendix 3</a>.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p><a href="/sites/default/files/documents/Appendix%201%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="6a45017d-544b-4b0c-aee4-89d092028ffe" data-entity-substitution="file" title="Appendix 1 - Road asset management in local government.pdf">Appendix 1 – Response from entity</a></p><p><a href="/sites/default/files/documents/Appendix%202%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="86fca9fe-e0c1-43c6-a227-f800dc8e0dfb" data-entity-substitution="file" title="Appendix 2 - Road asset management in local government.pdf">Appendix 2 – Council expenditure profile</a></p><p><a href="/sites/default/files/documents/Appendix%203%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="b112f9de-6ed3-460d-a06e-959de2955034" data-entity-substitution="file" title="Appendix 3 - Road asset management in local government.pdf">Appendix 3 – Lessons for local government road asset management</a></p><p><a href="/sites/default/files/documents/Appendix%204%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="1f0b2151-c0af-4bd1-abed-b555d916b9bb" data-entity-substitution="file" title="Appendix 4 - Road asset management in local government.pdf">Appendix 4 – About the audit</a></p><p><a href="/sites/default/files/documents/Appendix%205%20-%20Road%20asset%20management%20in%20local%20government.pdf" data-entity-type="file" data-entity-uuid="c5dcb6ac-5237-4ba9-ab31-7472e788c3ae" data-entity-substitution="file" title="Appendix 5 - Road asset management in local government.pdf">Appendix 5 – Performance auditing</a></p><p> </p><p><span style="-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);display:inline !important;float:none;font-family:Roboto, sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;">© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.</span></p><p> </p><p><span style="-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);display:inline !important;float:none;font-family:Roboto, sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;">Parliamentary reference - </span><span style="-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);box-sizing:border-box;color:rgb(0, 0, 0);display:inline !important;float:none;font-family:Roboto, sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;">Report number #401 - released 21 November 2024.</span></p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> 2024-25 </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Open for contribution</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%204%20-%20AWP%2024-27.jpg?h=a9d39ae0&itok=-P4o41nU" width="120" height="120" alt="waves in the ocean" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Support for First Nations people in custody and post release to reduce recidivism</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Support%20for%20First%20Nations%20people%20in%20custody%20and%20post%20release%20to%20reduce%20recidivism&url=https://www.audit.nsw.gov.au/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Support%20for%20First%20Nations%20people%20in%20custody%20and%20post%20release%20to%20reduce%20recidivism&body=https://www.audit.nsw.gov.au/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup"> Subscribe to this audit </button> <div class="subscribe popup-cover"> <div class="modal fade subscribe-modal" tabindex="-1" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <h1 id="subscribe_modal_1569">Thanks for subscribing!</h1> <form action="https://nsw.us17.list-manage.com/subscribe/post?u=138cb181e608c26c9d220a2e0&id=7902b71fd0" method="post" id="subscribe_1569" aria-labelledby="subscribe_modal_1569" target="_blank"> <div class="subscribe-detail"> <div class="subscribe-detail-parts"> <label for="subscribe_fname_1569">First name</label> <input type="text" name="FNAME" id="subscribe_fname_1569" autocomplete="given-name"> </div> <div class="subscribe-detail-parts"> <label for="subscribe_email_1569">Email</label> <input type="email" name="EMAIL" id="subscribe_email_1569" autocomplete="email"> </div>  <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_434f3277b11cf8aa12e1430cf_7902b71fd0" tabindex="-1" value=""></div> <div class="clear"><button name="subscribe" type="submit" class="buttonSquare-red">SUBSCRIBE</button></div> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p> </div> </form> </div> </div> </div> <div class="field--name-field-contribute field__item"> <button class="open-popup"> Contribute to this audit </button> <div class="contribute popup-cover"> <div class="modal fade contribute-modal" role="dialog" aria-hidden="true" id="contribute_1569"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-contribute-form" data-drupal-selector="aonsw-contribute-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-contribute-form" accept-charset="UTF-8"> <h1>Contribute to this audit</h1><div id="audit_title_1569">Audit</div><div class="audit-title" aria-labelledby="audit_title_1569">Support for First Nations people in custody and post release to reduce recidivism</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1569" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <div>If you would like to send attachments, please email the <a href="mailto:000600342@audit.nsw.gov.au">audit team</a></div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130506" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="OkLz7pmN7b6d9tdUUs5S9a9msb0Z3tABRuQGac_BBd0" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" data-drupal-selector="edit-submit" type="submit" id="edit-submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-8wz2rt-dlig5mgrn2e-wvff3fal53talqlzp1vpxc6e" type="hidden" name="form_build_id" value="form-8wZ2rT-dlIG5mGRN2e_wvFF3fAL53TaLqlzp1VPXc6E" /> <input data-drupal-selector="edit-aonsw-contribute-form" type="hidden" name="form_id" value="aonsw_contribute_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/support-for-first-nations-people-in-custody-and-post-release-to-reduce-recidivism" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Support for First Nations people in custody and post release to reduce recidivism</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Justice </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p style="background-color:white;">According to the NSW Treasury Indigenous Expenditure Report 2023-24, in 2021-22 the NSW Government is estimated to have spent $1.4 billion on First Nations people for services related to the criminal justice system. In June 2024, there were 4,039 Aboriginal adults in custody in NSW, representing 31.3% of the adult prison population, the highest number ever recorded. Of young people in custody, 58.7% were Aboriginal as of June 2024. <o:p></o:p></p><p style="background-color:white;">This audit will assess whether Corrective Services NSW and Youth Justice NSW effectively and efficiently provide supports, programs and opportunities for the rehabilitation of First Nations peoples in custody and post release to reduce recidivism.  In doing so, we will address the following lines of inquiry: <o:p></o:p></p><ol type="1"><li style="background-color:white;color:black;tab-stops:list 36.0pt;">Have agencies established effective governance and accountability arrangements to ensure First Nations people are effectively supported in custody, upon and post release?  <o:p></o:p></li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">Do agencies effectively plan and design relevant supports, programs and opportunities for rehabilitation of First Nations peoples in custody, upon and post release?</li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">Do Agencies effectively deliver and continuously improve relevant supports, programs and opportunities for rehabilitation of First Nations people in custody, upon and post release? </li></ol> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p style="background-color:white;">If you have experiences or views relevant to the audit scope, you can share them with the Audit Office. This can be done anonymously if you wish. <o:p></o:p></p><p style="background-color:white;">Please note that the audit mailbox will be open to receive submissions until close of business on Monday 30 June 2025. <o:p></o:p></p><p style="background-color:white;">You can provide feedback on this audit either through the ‘contribute to this audit’ button in the left hand menu (or the comment icon on top right for mobile), by <a href="mailto:000600342@audit.nsw.gov.au">email</a>, or phone on 02 9275 7100. <o:p></o:p></p><p style="background-color:white;">We may use your feedback to identify key themes, risks or issues which may then be further investigated during the audit. In some instances, we may use extracts of contributions in our audit report as examples of feedback provided where appropriate. If we use extracts of a contribution, we will not identify the source in the report. <o:p></o:p></p><p style="background-color:white;">However, please note: <o:p></o:p></p><ul type="disc"><li style="background-color:white;color:black;tab-stops:list 36.0pt;">We will not examine individual matters, nor can we investigate all issues or concerns raised. Please see the contact details listed below for relevant contacts. In general, the audit team will look for supporting evidence from other sources (such as documentation, data and audit interviews). <o:p></o:p></li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">We will not share your feedback with any party, including the audited agencies and councils, nor do we publish feedback on our website. <o:p></o:p></li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">While we will consider all feedback provided, we may not contact you to discuss. <o:p></o:p></li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">We are not able to answer questions or provide information collected during the course of the audit. <o:p></o:p></li><li style="background-color:white;color:black;tab-stops:list 36.0pt;">Performance audits focus on assessing whether public money is spent efficiently, effectively, economically and in compliance with the law. The Auditor-General is not permitted to question the merits of government policy objectives. Please visit the <a href="https://www.audit.nsw.gov.au/sites/default/files/documents/Performance%20audit%20guide%20for%20audited%20entities%20%28current%20version%29_0.pdf" title="Performance audit guide for audited entities (current version)_0.pdf">Performance audit guide for audited entities</a> (including non-public sector entities) for more information on how we undertake performance audits.<br> <o:p></o:p></li></ul> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p style="background-color:white;">The Audit Office is required by section 38 of the Government Sector Audit Act to keep information obtained during an audit confidential and the Audit Office takes its responsibilities under these sections very seriously.   <o:p></o:p></p><p>All information that the Audit Office receives, and working papers that the Audit Office creates during an audit, are classed as excluded information in Schedule 2 of the<em> Government Information (Public Sector) Act 2009</em> (GIPA Act). An access application under the GIPA Act cannot be made for excluded information. </p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>If you have questions or comments about individual matters, you can:</p><ul><li>contact Corrective Services NSW <a href="https://correctiveservices.dcj.nsw.gov.au/contact-us.html#:~:text=Enquiries%2C%20complaints%20and%20feedback,-Frequently%20Asked%20Questions&text=If%20your%20matter%20is%20urgent,(02)%208346%201333%20launch.">online</a> or by calling (02) 8346 1333 </li><li>contact Youth Justice NSW <a href="https://www.nsw.gov.au/legal-and-justice/youth-justice/contact-us">online</a> or by calling (02) 8346 1333 </li><li>make a complaint about a NSW government agency to the NSW Ombudsman <a href="https://www.ombo.nsw.gov.au/make-a-complaint">online</a> or by calling 1800 451 524</li><li>make a complaint about corruption to the Independent Commission Against Corruption <a href="https://www.icac.nsw.gov.au/reporting/report-corruption">online</a> or by calling 02 8281 5999.</li></ul><p><a href="https://www.audit.nsw.gov.au/who-we-are/our-accountability/access-our-information/our-confidentiality-and-reporting-obligations">Click here</a> for more information on our confidentiality and reporting obligations for submissions received via our website.<br> </p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> 2024-25 </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Open for contribution</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/social-housing" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/holding%20thumbnail%20-%20Social%20and%20public%20housing.png?h=a9d39ae0&itok=qY-TDMVV" width="120" height="120" alt="picture of public housing apartment block with blue sky behind it." class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Social housing</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/social-housing" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Social%20housing&url=https://www.audit.nsw.gov.au/our-work/reports/social-housing" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/social-housing&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Social%20housing&body=https://www.audit.nsw.gov.au/our-work/reports/social-housing" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup"> Subscribe to this audit </button> <div class="subscribe popup-cover"> <div class="modal fade subscribe-modal" tabindex="-1" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <h1 id="subscribe_modal_1326">Thanks for subscribing!</h1> <form action="https://nsw.us17.list-manage.com/subscribe/post?u=138cb181e608c26c9d220a2e0&id=0a01991447" method="post" id="subscribe_1326" aria-labelledby="subscribe_modal_1326" target="_blank"> <div class="subscribe-detail"> <div class="subscribe-detail-parts"> <label for="subscribe_fname_1326">First name</label> <input type="text" name="FNAME" id="subscribe_fname_1326" autocomplete="given-name"> </div> <div class="subscribe-detail-parts"> <label for="subscribe_email_1326">Email</label> <input type="email" name="EMAIL" id="subscribe_email_1326" autocomplete="email"> </div>  <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_434f3277b11cf8aa12e1430cf_0a01991447" tabindex="-1" value=""></div> <div class="clear"><button name="subscribe" type="submit" class="buttonSquare-red">SUBSCRIBE</button></div> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p> </div> </form> </div> </div> </div> <div class="field--name-field-contribute field__item"> <button class="open-popup"> Contribute to this audit </button> <div class="contribute popup-cover"> <div class="modal fade contribute-modal" role="dialog" aria-hidden="true" id="contribute_1326"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-contribute-form" data-drupal-selector="aonsw-contribute-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-contribute-form" accept-charset="UTF-8"> <h1>Contribute to this audit</h1><div id="audit_title_1326">Audit</div><div class="audit-title" aria-labelledby="audit_title_1326">Social housing</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1326" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <div>If you would like to send attachments, please email the <a href="mailto:000600330@audit.nsw.gov.au">audit team</a></div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130225" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="W0oLbyslYOy6vI1DeQbFsZUnouliz3A1ujM4VKHm1PU" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" data-drupal-selector="edit-submit" type="submit" id="edit-submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-gjr0vfqay6rud8acpuv7ca4payqawux7-ieeqy2h6tq" type="hidden" name="form_build_id" value="form-Gjr0VFQAy6RUD8ACpUV7cA4pAyQaWuX7_IeEqY2H6tQ" /> <input data-drupal-selector="edit-aonsw-contribute-form" type="hidden" name="form_id" value="aonsw_contribute_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/social-housing" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Social housing</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Community Services </div> <div class="field__item"> Justice </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>Long-term, subsidised rental housing is provided to assist people who have extreme difficulty in accessing housing in the private housing market. The collective term for this type of housing is ‘social housing’ which in New South Wales includes: </p><ul><li>‘public housing’ managed by Homes NSW (a division of the Department of Communities and Justice) </li><li>‘community housing’ managed by non-government organisations (social housing providers) </li><li>housing for Aboriginal and Torres Strait Islander peoples managed by the Aboriginal Housing Office or Aboriginal social housing providers.</li></ul><p>In New South Wales, applications for housing assistance are managed through Housing Pathways. This is a partnership between Homes NSW, including the Aboriginal Housing Office, and participating community housing providers. Housing Pathways provides a single application process, common eligibility criteria, a standard assessment process and a single waiting list known as the NSW Housing Register. </p><p>This audit will assess whether social housing is effectively and efficiently prioritised to meet the needs of vulnerable households, and whether social housing tenants are effectively supported to establish and sustain their tenancies. </p><p>The audit will assess all types of social housing including public housing, community housing and housing for Aboriginal and Torres Strait Islander peoples.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>The Audit Office is seeking experiences or views on: </p><ul><li>the process of applying for social housing (including evidence requirements) </li><li>the process of being offered and accepting a social housing property</li><li>support programs and services offered to new social housing tenants. </li></ul><p>If you have experiences or views on these areas, you can share them with the Audit Office. We will consider all feedback provided as we conduct this audit. </p><p>Please note that the audit mailbox will close at 5pm on Friday 28 February 2025. </p><p><strong>You can provide feedback on this audit either through the ‘contribute to this audit’ button in the left hand menu (or the comment icon on top right for mobile) or through </strong><a href="mailto:000600330@audit.nsw.gov.au"><strong>this link</strong></a>. </p><p>We may use your feedback to identify key themes, risks or issues which we may investigate further during the audit. In some instances, we may use extracts of contributions in our audit report as examples of feedback provided where appropriate. If we use extracts of a contribution, we will not identify the source in the report.</p><p>However, please note: </p><ul><li>We will not examine individual matters, nor can we investigate all issues or concerns raised. In general, the audit team will look for supporting evidence from other sources (such as documentation, data and audit interviews). Please contact the Department of Communities and Justice, individual community housing providers, the Registrar of Community Housing, Tenants Advice and Advocacy Services, the NSW Ombudsman, or the Independent Commission Against Corruption regarding individual matters (details below). </li><li>We will not share your feedback with any party, including the Department of Communities and Justice or any community housing providers, nor do we publish feedback on our website. </li><li>While we will consider all feedback provided, we may not contact you to discuss. </li><li>We are not able to answer questions or provide information collected during the course of the audit. </li><li>Performance audits focus on assessing whether public money is spent efficiently, effectively, economically and in compliance with the law. The Auditor-General is not permitted to question the merits of government policy objectives. Please visit the <a href="/sites/default/files/documents/Performance%20audit%20guide%20for%20audited%20entities%20%28current%20version%29_0.pdf" data-entity-type="file" data-entity-uuid="da468d4f-2469-4c02-a9bd-e7b0de4729f2" data-entity-substitution="file" title="Performance audit guide for audited entities (current version)_0.pdf">Performance audit guide for audited entities (including non-public sector entities)</a> for more information on how we undertake performance audits.</li></ul> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>The Audit Office is required by section 38 of the <em>Government Sector Audit Act 1983</em> to keep information gathered during the course of a performance audit confidential and the Audit Office takes its responsibilities under these sections seriously. </p><p>Exceptions include the Auditor-General’s Report to Parliament – a public document – and where the Audit Office is permitted or required to disclose information under other legislation. </p><p>All information that the Audit Office receives, and working papers that the Audit Office creates during an audit, are classed as excluded information in Schedule 2 of the <em>Government Information (Public Sector) Act 2009 </em>(GIPA Act). An access application under the GIPA Act cannot be made for excluded information. </p><p>For more information on our confidentiality obligations, please visit <a href="https://www.audit.nsw.gov.au/who-we-are/our-accountability/access-our-information/our-confidentiality-and-reporting-obligations">Our confidentiality and reporting obligations for contributions page</a>.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>If you have questions or feedback about individual matters, you can: </p><ul><li>contact the Department of Communities and Justice <a href="https://dcj.nsw.gov.au/housing.html">online</a> or by calling 1800 422 322 </li><li>contact a community housing provider through their individual website or contact details </li><li>contact the Registrar for Community Housing to make a complaint against a community housing provider <a href="https://www.nsw.gov.au/departments-and-agencies/registrar-of-community-housing/enquiries-and-complaints">online</a> or by calling 1800 330 940 </li><li>contact Tenants Advice and Advocacy Services for tenancy and legal advice. Their <a href="https://www.tenants.org.au/all/taas">website</a> provides online forms and phone numbers for advice. </li><li>make a complaint to the NSW Ombudsman <a href="https://www.ombo.nsw.gov.au/Making-a-complaint/how-to-make-a-complaint">online</a> or by calling 1800 451 524 </li><li>make a complaint about corruption to the Independent Commission Against Corruption <a href="https://www.icac.nsw.gov.au/reporting/report-corruption">online</a> or by calling 02 8281 5999.</li></ul> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> <div class="views-row"><div class="contextual-region layout layout--twocol"> <div class="layout__region layout__region--top"> <div class="field field--name-node-post-date field--type-ds field--label-hidden field__item"> <time datetime="2024-10-02">2 October 2024</time> </div> <div class="field field--name-field-taxonomy-audit-progress field--type-entity-reference field--label-hidden field__item">Published</div> </div> <div class="layout__region layout__region--first"> <a href="/our-work/reports/internal-controls-and-governance-2024" aria-hidden="true" role="presentation" tabindex="-1"> <div class="field field--name-field-thumbnail-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/listing_page_thumbnail/public/images/Thumbnail%20-%20Internal%20controls%20and%20governance%202024.jpg?h=a9d39ae0&itok=F4mDMI5Q" width="120" height="120" alt="aerial view of Sydney Harbour" class="image-style-listing-page-thumbnail" /> </div> </a> <div class="layout__region--report-function"> <p class="visually-hidden">Actions for <span class="field field--name-title field--type-string field--label-hidden">Internal controls and governance 2024</span> </p> <div class="report-share field__item"> <button class="open-share"> Share this audit </button> <div class="socials--share social"> <ul class="social-set"> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.facebook.com/sharer/sharer.php?u=https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2024" title="Share page on Facebook" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook-white.svg" alt="Facebook"> <span class="tooltip">Facebook</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://twitter.com/share?text=Internal%20controls%20and%20governance%202024&url=https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2024" title="Share page on Twitter" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter-white.svg" alt="Twitter"> <span class="tooltip">Twitter</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2024&source=Audit%20Office%20of%20NSW" title="Share page on LinkedIn" target="_blank" rel="noopener"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn-white.svg" alt="LinkedIn"> <span class="tooltip">LinkedIn</span> </a> </li> <li class="social-set-enclosure"> <a class="social-set-enclosure-link social-icon" href="mailto:?subject=Internal%20controls%20and%20governance%202024&body=https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2024" title="Share page via Email"> <img src="/themes/custom/aonsw/images/icons/Social/Email-Share-white.svg" alt="E-mail"> <span class="tooltip">Email</span> </a> </li> </ul> </div> </div> <div class="field--name-field-subscribe field__item"> <button class="open-popup published" data-sectors="'Whole of Government'|"> Subscribe to similar </button> </div> <div class="field--name-field-feedback field__item"> <button class="open-popup"> Give feedback </button> <div class="feedback popup-cover"> <div class="modal fade feedback-modal" role="dialog" aria-hidden="true"> <button class="close-popup"> <img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"> </button> <form class="aonsw-feedback-form" data-drupal-selector="aonsw-feedback-form" action="/our-work/reports?progress_id%5B17%5D=17" method="post" id="aonsw-feedback-form" accept-charset="UTF-8"> <h1>Feedback on published audit</h1><div id="audit_title_1579">Audit</div><div class="audit-title" aria-labelledby="audit_title_1579">Internal controls and governance 2024</div><input data-drupal-selector="edit-audit" type="hidden" name="audit" value="1579" /> <div class="js-form-item form-item js-form-type-textfield form-type-textfield js-form-item-name form-item-name"> <label for="edit-name">Name (optional)</label> <input autocomplete="given-name" data-drupal-selector="edit-name" type="text" id="edit-name" name="name" value="" size="60" maxlength="128" class="form-text" /> </div> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-email-address form-item-email-address"> <label for="edit-email-address">Email address (optional)</label> <input autocomplete="email" data-drupal-selector="edit-email-address" type="email" id="edit-email-address" name="email_address" value="" size="60" maxlength="254" class="form-email" /> </div> <div class="js-form-item form-item js-form-type-textarea form-type-textarea js-form-item-message form-item-message"> <label for="edit-message" class="js-form-required form-required">Message</label> <div class="form-textarea-wrapper"> <textarea data-drupal-selector="edit-message" id="edit-message" name="message" rows="5" cols="60" class="form-textarea required resize-vertical" required="required" aria-required="true"></textarea> </div> </div> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-send-user-a-copy form-item-send-user-a-copy"> <input data-drupal-selector="edit-send-user-a-copy" type="checkbox" id="edit-send-user-a-copy" name="send_user_a_copy" value="1" class="form-checkbox" /><span class="checkmark"></span> <label for="edit-send-user-a-copy" class="option">Send me a copy</label> </div> <fieldset data-drupal-selector="edit-captcha" class="captcha captcha-type-challenge--recaptcha"> <legend class="captcha__title js-form-required form-required"> CAPTCHA </legend> <div class="captcha__element"> <input data-drupal-selector="edit-captcha-sid" type="hidden" name="captcha_sid" value="61130223" /> <input data-drupal-selector="edit-captcha-token" type="hidden" name="captcha_token" value="aGdQ7UFS2i-zIN3ipTEHlse3E5fXY8ipsqjWa-zhtWc" /> <input data-drupal-selector="edit-captcha-response" type="hidden" name="captcha_response" value="Google no captcha" /> <div class="g-recaptcha" data-sitekey="6Lf6iWwUAAAAANBggIgUH9uJLl4QDmrCe1OJX-4d" data-theme="light" data-type="image"></div><input data-drupal-selector="edit-captcha-cacheable" type="hidden" name="captcha_cacheable" value="1" /> </div> <div class="captcha__description description">This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.</div> </fieldset> <input class="buttonSquare-red button js-form-submit form-submit" id="edit-submit-feedback-1579" data-drupal-selector="edit-submit" type="submit" name="op" value="Submit" /> <p>When you provide us your personal information by email or through this website:</p> <ul> <li>We will record your email address and other information submitted</li> <li>We will use the information for the purpose for which you provide it</li> <li>Your email address will not be added to a mailing list, unless provided by you specifically for that purpose.</li> </ul> <p>Please refer to our <a href="/sites/default/files/auditoffice/Governance-and-Policies---Current/Privacy_Management_Plan_March_2018.pdf">privacy management plan</a> for more information.</p><input autocomplete="off" data-drupal-selector="form-ul-03v1xybxl-ywcb7ik1f-ubqqhpygedouqxc78ta" type="hidden" name="form_build_id" value="form--ul-03v1XyBxL_YWcb7iK1f-UbqQhPygeDOUqxc78TA" /> <input data-drupal-selector="edit-aonsw-feedback-form" type="hidden" name="form_id" value="aonsw_feedback_form" /> <div class="form-cover"> <img src="/themes/custom/aonsw/images/icons/Hourglass.gif" alt="Hourglass"> </div> </form> </div> </div> </div> <div class="field field--name-field-pdf-download field--type-file field--label-hidden field__item"> <div class="file file--mime-application-pdf file--application-pdf social-icon"> <a href="/sites/default/files/documents/Final%20report%20-%20Internal%20controls%20and%20governance%202024_0.pdf"> Download PDF </a> </div> </div> </div> </div> <div class="layout__region layout__region--second"> <h2 > <a href="/our-work/reports/internal-controls-and-governance-2024" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Internal controls and governance 2024</span> </a> </h2> <div class="field field--name-field-topic field--type-list-string field--label-hidden field__items"> <div class="field__item"> <div class="field--name-field-topic field--type-list-string"> <div class="field__item"> Whole of Government </div> <div class="field__item"> Gift and benefit </div> <div class="field__item"> Compliance </div> <div class="field__item"> Cyber security </div> <div class="field__item"> Financial reporting </div> <div class="field__item"> Information technology </div> <div class="field__item"> Internal controls and governance </div> <div class="field__item"> Management and administration </div> <div class="field__item"> Regulation </div> <div class="field__item"> Risk </div> <div class="field__item"> Service delivery </div> <div class="field__item"> Shared services and collaboration </div> </div> </div> </div> <div class="report-card-blurb"> <p> <div class="field field--name-field-chapters field--type-entity-reference-revisions field--label-hidden field__items"> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <h4>About this report</h4><p>Internal controls are key to the accuracy and reliability of agencies’ financial reporting processes. This report analyses the internal controls and governance of 26 of the NSW public sector’s largest agencies for the 2023–24 financial year.</p><h4>Findings</h4><p>There are gaps in key business processes, which expose agencies to risks. These gaps are identified in 121 findings across the 26 agencies—including 4 high risk, 73 moderate risk and 44 low risk findings. All four high-risk issues related to IT controls and 19% of control deficiencies were repeat issues. Thirty-five per cent of agencies had deficiencies in control over privileged access.</p><p><strong>Shared IT services</strong></p><p>Six agencies provide IT shared services to 120 other customer agencies. All six had control deficiencies—three of these were high risk. Four agencies provide no independent assurance to their customers about the effectiveness of their own IT controls.</p><p><strong>Cyber security</strong></p><p>Eighteen agencies assessed cyber risk as being above their risk appetite. Fourteen of these agencies had not set a timeframe to resolve these risks and two agencies have not funded plans to improve cyber security.</p><p><strong>Fraud and corruption control</strong></p><p>Agencies need to improve fraud and corruption control. Instances of non-compliance with TC18-02 NSW Fraud and Corruption Policy were identified, including gaps such as a lack of comprehensive employment screening policies and not reporting matters to the audit and risk committee.</p><p><strong>Gifts and benefits</strong></p><p>Management of gifts and benefits requires better governance and transparency. All agencies had policy and guidance but all had gaps in management and implementation—such as not publishing registers nor providing ongoing training.</p><p><strong>Information Technology</strong></p><p>Nine agencies did not effectively restrict or monitor user access to privileged accounts.</p><h4>Recommendations</h4><p>The report makes recommendations to agencies to implement proper controls and improve processes in relation to:</p><ul><li>organisational processes</li><li>information technology</li><li>cyber security</li><li>fraud and corruption, and</li><li>gifts and benefits.</li></ul><p> </p><h4><a href="/sites/default/files/documents/Final%20report%20-%20Internal%20controls%20and%20governance%202024_0.pdf" data-entity-type="file" data-entity-uuid="b2f5db05-0eb2-4785-97f8-25b718659d01" data-entity-substitution="file" title="Final report - Internal controls and governance 2024_0.pdf">Read the PDF report</a></h4> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>Internal controls are processes, policies and procedures that help agencies to:</p><ul><li>operate effectively and efficiently</li><li>produce reliable financial reports</li><li>comply with laws and regulations</li><li>support ethical government.</li></ul><p>This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies found across agencies.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security.</p> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines our audit observations, conclusions and recommendations from our review of agencies' fraud and corruption control framework, policies and practices. Our <a href="https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2018">Internal Controls and Governance 2018</a> found a number of fraud and corruption control gaps in NSW Government.</p><p>The NSW Treasury Circular <a href="https://arp.nsw.gov.au/tc18-02-nsw-fraud-and-corruption-control-policy">TC18-02 NSW Fraud and Corruption Control Policy</a> (the Circular) requires NSW government agencies to develop, implement and maintain a fraud and corruption control framework. The Circular sets out minimum standards for a NSW Government agency’s fraud and corruption control framework.</p><p><strong>Previous Audit Office report on agency fraud and corruption control</strong></p><table><tbody><tr class="grey"><td><p><strong>Report on </strong><a href="https://www.audit.nsw.gov.au/our-work/reports/internal-controls-and-governance-2018"><strong>Internal Controls and Governance 2018</strong></a><strong> (published October 2018)</strong></p><p>The report found there were gaps in the fraud and corruption controls by some agencies, which increased the risk of reputational damage and financial loss.</p><p>Where relevant, we have included the results from our 2018 report on Internal Controls and Governance below for comparison purposes.</p></td></tr></tbody></table> </div> </div> </div> </div> <div class='field__item'> <div class="paragraph paragraph--type--chapter paragraph--view-mode--excerpt"> <div class="clearfix text-formatted field field--name-field-paragraph-body field--type-text-with-summary field--label-hidden field__item"> <div class="paragraph-body-wrapper"> <p>This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' managing of gifts and benefits.</p> </div> </div> </div> </div> </div> </p> </div> </div> </div> </div> </div> <nav class="pager" aria-labelledby="pagination-heading"> <h2 id="pagination-heading" class="visually-hidden">Pagination</h2> <ul class="pager__items js-pager__items"> <li class="pager__item is-active"> <a href="?progress_id%5B17%5D=17&page=0" title="Current page" aria-current="page"> <span class="visually-hidden"> Current page </span>1</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=1" title="Go to page 2"> <span class="visually-hidden"> Page </span>2</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=2" title="Go to page 3"> <span class="visually-hidden"> Page </span>3</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=3" title="Go to page 4"> <span class="visually-hidden"> Page </span>4</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=4" title="Go to page 5"> <span class="visually-hidden"> Page </span>5</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=5" title="Go to page 6"> <span class="visually-hidden"> Page </span>6</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=6" title="Go to page 7"> <span class="visually-hidden"> Page </span>7</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=7" title="Go to page 8"> <span class="visually-hidden"> Page </span>8</a> </li> <li class="pager__item"> <a href="?progress_id%5B17%5D=17&page=8" title="Go to page 9"> <span class="visually-hidden"> Page </span>9</a> </li> <li class="pager__item pager__item--ellipsis" role="presentation">…</li> <li class="pager__item pager__item--next"> <a href="?progress_id%5B17%5D=17&page=1" title="Go to next page" rel="next"> <span class="visually-hidden">Next page</span> <span aria-hidden="true">Next ›</span> </a> </li> <li class="pager__item pager__item--last"> <a href="?progress_id%5B17%5D=17&page=60" title="Go to last page"> <span class="visually-hidden">Last page</span> <span aria-hidden="true">Last</span> </a> </li> </ul> </nav> </div> </div> </div> <div id="block-reportsleftblock" class="block block-block-content block-block-content25b8c863-9ca0-423b-9f14-840dd78d6bf2"> <div class="field field--name-field-call-to-actions field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <a href="/our-work/audit-program"> <div class="paragraph paragraph--type--call-to-action paragraph--view-mode--small"> <div class="field field--name-field-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/feature_small/public/call-to-action-images/image-audit-plan.jpg?h=cad518fc&itok=acYZYmvj" width="480" height="370" alt="View our audit program" class="image-style-feature-small" /> </div> <div class="field field--name-field-title field--type-string field--label-hidden field__item">View audit program</div> <div class="field--name-field-link buttonSmall-red"> EXPLORE </div> </div> </a> </div> <div class="field__item"> <a href="/our-work/reports?f%5B0%5D=progress_id%3A19"> <div class="paragraph paragraph--type--call-to-action paragraph--view-mode--small"> <div class="field field--name-field-image-media field--type-entity-reference field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/feature_small/public/call-to-action-images/image-contribute-small.jpg?h=6b05c7c2&itok=AIvUo_az" width="480" height="370" alt="upcoming audits" class="image-style-feature-small" /> </div> <div class="field field--name-field-title field--type-string field--label-hidden field__item">Have your say</div> <div class="field--name-field-link buttonSmall-red"> CONTRIBUTE </div> </div> </a> </div> </div> </div> </div> </div> </main> <footer> <div class="region region-footer-top"> <div id="block-sectorform" class="block block-sector-terms-display block-sector-form"> <div class="subscribe-footer"> <div class="pre_form_footer"> <div class="subscribe-title"> <span>Want to stay informed about our work?</span> </div> <form id="pre_submit" class="" method="get"> <div class="subscribe-detail"> <p></p>   <button class="buttonSquare-red" id="pre_submit_butt" type="submit">SUBSCRIBE</button> </div> </form> </div> </div> <div class="subscribe popup-cover"> <div class="modal fade" id="submitModal" tabindex="-1" role="dialog" aria-labelledby="submitModalLabel" aria-hidden="true"> <button class="close-popup"><img src="/themes/custom/aonsw/images/icons/Close.svg" alt="Close dialog"></button> <h1 id="submitModalLabel">Thanks for subscribing!</h1> <p>We will add you to all audit notifications. You may refine your selections below for certain sectors only.</p> <div id="pasted-mailc-form">  <style type="text/css"> #mc_embed_signup{background:#fff; clear:left; font:14px Helvetica,Arial,sans-serif; width:600px;} /* Add your own Mailchimp form style overrides in your site stylesheet or in this style block. We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */ </style> <div id="mc_embed_signup"> <form action="https://nsw.us17.list-manage.com/subscribe/post?u=138cb181e608c26c9d220a2e0&id=34a48596f5&f_id=003d59e0f0" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate> <div id="mc_embed_signup_scroll" class="mailchimp-newsletter-mergefields"> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-mergevars-email form-item-mergevars-email"> <div class="mc-field-group"> <label for="mce-EMAIL">Email Address <span class="asterisk">*</span> </label> <input type="email" value="" name="EMAIL" class="required email" id="mce-EMAIL" class="form-text" required> <span id="mce-EMAIL-HELPERTEXT" class="helper_text"></span> </div> </div> <div class="mc-field-group"> <div class="js-form-item form-item js-form-type-email form-type-email js-form-item-mergevars-email form-item-mergevars-email"> <label for="mce-FNAME">First Name </label> <input type="text" value="" name="FNAME" class="form-text" id="mce-FNAME"> <span id="mce-FNAME-HELPERTEXT" class="helper_text"></span> </div> </div> <div class="mc-field-group form-checkboxes input-group"> <div class="js-form-item form-item js-form-type-checkbox form-type-checkbox js-form-item-select-all form-item-select-all1" > <input data-drupal-selector="edit-select-all1" type="checkbox" id="edit-select-all1" name="select_all1" value="1" class="form-checkbox "><span class="checkmark"></span> <label for="edit-select-all" class="option">Select all sectors</label> </div> <div style="width: 95%;margin-left: auto;margin-right: auto;clear: both;"> <div style="width: 50%; float: left"> <div class="form-type-checkbox"> <input type="checkbox" value="8" name="group[4109][8]" id="mce-group[4109]-4109-0" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-0">Premier and Cabinet</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="16" name="group[4109][16]" id="mce-group[4109]-4109-1" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-1">Treasury</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="32" name="group[4109][32]" id="mce-group[4109]-4109-2" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-2">Finance, Services and Innovation</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="64" name="group[4109][64]" id="mce-group[4109]-4109-3" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-3">Education</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="128" name="group[4109][128]" id="mce-group[4109]-4109-4" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-4">Family and Community Services</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="256" name="group[4109][256]" id="mce-group[4109]-4109-5" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-5">Health</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="4194304" name="group[4109][4194304]" id="mce-group[4109]-4109-12" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-12">Annual Report</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="8388608" name="group[4109][8388608]" id="mce-group[4109]-4109-13" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-13">Professional Update</label> </div> </div> <div style="width: 50%; float: left"> <div class="form-type-checkbox"> <input type="checkbox" value="512" name="group[4109][512]" id="mce-group[4109]-4109-6" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-6">Industry</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="1024" name="group[4109][1024]" id="mce-group[4109]-4109-7" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-7">Planning and Environment</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="2048" name="group[4109][2048]" id="mce-group[4109]-4109-8" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-8">Justice</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="4096" name="group[4109][4096]" id="mce-group[4109]-4109-9" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-9">Transport</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="8192" name="group[4109][8192]" id="mce-group[4109]-4109-10" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-10">Local Government</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="16384" name="group[4109][16384]" id="mce-group[4109]-4109-11" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-11">All Audit Reports</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="16777216" name="group[4109][16777216]" id="mce-group[4109]-4109-14" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-14">Speeches and Presentations</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="2147483648" name="group[4109][2147483648]" id="mce-group[4109]-4109-15" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-15">Universities</label> </div> <div class="form-type-checkbox"> <input type="checkbox" value="4294967296" name="group[4109][4294967296]" id="mce-group[4109]-4109-16" class="form-checkbox temp_textbx_click"><span class="checkmark"></span> <label for="mce-group[4109]-4109-16">Whole of government</label> </div> </div> </div> <span id="mce-group[4109]-HELPERTEXT" class="helper_text"></span> </div> <br/> <div id="mce-responses" class="clear" style="clear: both"> <div class="response messages messages--error" id="mce-error-response" style="display:none"></div> <div class="response messages messages--status" id="mce-success-response" style="display:none"></div> </div>  <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_138cb181e608c26c9d220a2e0_34a48596f5" tabindex="-1" value=""></div> <div class="clear" style="clear: both"> <div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" style="text-align: center"> <input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="form-actions form-submit"> </div> </div> </div> </form> </div> <script type='text/javascript' src='//s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js'></script><script type='text/javascript'>(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[5]='MMERGE5';ftypes[5]='text';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';fnames[7]='MMERGE7';ftypes[7]='text';fnames[4]='MMERGE4';ftypes[4]='text';fnames[6]='MMERGE6';ftypes[6]='text';fnames[10]='MMERGE10';ftypes[10]='text';fnames[11]='MMERGE11';ftypes[11]='text';fnames[12]='MMERGE12';ftypes[12]='text';fnames[13]='MMERGE13';ftypes[13]='text';fnames[14]='MMERGE14';ftypes[14]='text';fnames[9]='MMERGE9';ftypes[9]='text';fnames[8]='MMERGE8';ftypes[8]='text';fnames[15]='MMERGE15';ftypes[15]='text';fnames[3]='MMERGE3';ftypes[3]='text';fnames[16]='MMERGE16';ftypes[16]='text';fnames[17]='MMERGE17';ftypes[17]='text';}(jQuery));var $mcj = jQuery.noConflict(true);</script>  </div> </div> </div> </div> <div id="block-acknowledgementofcountry" class="block block-block-content block-block-contentea39e896-9ee6-4eca-9664-ff7a70081400"> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>The Audit Office of New South Wales acknowledges the Traditional Owners and Custodians of the land on which we live and work. We pay our respects to Elders past and present.</p> </div> </div> </div> <div class="information"> <div class="logo information-part"> <a href="/" title="Home" rel="home"> <img src="/themes/custom/aonsw/images/logo/AONSW.svg" alt="Audit Office of NSW logo" width="312" height="56"> </a> </div> <div class="social-link" style="max-width: 300px;text-decoration: none;margin-top: -24px;"> <a href="https://www.facebook.com/AuditOfficeNSW/" target="_blank" rel="noopener" style="text-decoration: none;" class="social-icon"> <img src="/themes/custom/aonsw/images/icons/Social/Facebook.svg" alt="Facebook" height="28" width="14"> <span class="tooltip">Facebook</span> </a> <a href="https://twitter.com/AuditOfficeNSW" target="_blank" rel="noopener" style="text-decoration: none;" class="social-icon"> <img src="/themes/custom/aonsw/images/icons/Social/Twitter.svg" alt="Twitter" height="22" width="28"> <span class="tooltip">Twitter</span> </a> <a href="https://www.linkedin.com/company/the-audit-office-of-new-south-wales/" target="_blank" rel="noopener" style="text-decoration: none;" class="social-icon"> <img src="/themes/custom/aonsw/images/icons/Social/LinkedIn.svg" alt="LinkedIn" height="28" width="28"> <span class="tooltip">LinkedIn</span> </a> <a href="https://www.youtube.com/channel/UCm3fbSTg_U3PMpBbqZKEjYQ" target="_blank" rel="noopener" style="text-decoration: none;" class="social-icon"> <img src="/themes/custom/aonsw/images/icons/Social/YouTube.svg" alt="YouTube" height="19" width="28"> <span class="tooltip">YouTube</span> </a> </div> <div class="region region-footer"> <nav aria-labelledby="block-aonsw-footer-menu" id="block-aonsw-footer" class="block block-menu navigation menu--footer"> <h1 class="visually-hidden" id="block-aonsw-footer-menu">Footer menu</h1> <ul class="menu"> <li class="menu-item"> <a href="/" data-drupal-link-system-path="<front>">HOME</a> </li> <li class="menu-item"> <a href="/who-we-are/about-the-audit-office" data-drupal-link-system-path="node/66">ABOUT US</a> </li> <li class="menu-item menu-item--active-trail"> <a href="/our-work/reports" data-drupal-link-system-path="reports">REPORTS</a> </li> <li class="menu-item"> <a href="/contact-us" data-drupal-link-system-path="node/841">CONTACT US</a> </li> <li class="menu-item"> <a href="/who-we-are/our-accountability/access-our-information" data-drupal-link-system-path="node/470">ACCESS OUR INFORMATION</a> </li> <li class="menu-item"> <a href="/privacy-policy" data-drupal-link-system-path="node/110">PRIVACY POLICY</a> </li> </ul> </nav> </div> </div> <div class="return-to-top"> <a href="#"><img src="/themes/custom/aonsw/images/icons/arrow-up.svg" alt="Go to top"></a> </div> </footer> </div> <form id="mc-embedded-subscribe-form" action="/"></form> <script type='text/javascript' src='//s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js'></script> <script type='text/javascript'>(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true);</script> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"reports","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en","currentQuery":{"progress_id":{"17":"17"}}},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"ajaxPageState":{"libraries":"eJxtkG2OxiAIhC9k9UgNRda6RTGi29c9_TY22a_0DxmeATIBJOvpAssGvGgbHHMwMKFyxMMglIY7uA2UDDKojj86kSoEUoNSyWWpCTh-knkDpLZWKnwJNzuLkhJkr4-m9sus4_bU-doLsL07izvhsclrOaMP1J6HPiKdusA7vEwQCUwrZODRIqr7D0yBCqFC2b-v_BDbc-kbR93JG42pXJtFSi_rxoKHugdmdGijdP9mJnGz2pnnN0jiO9MXuf-S9Q","theme":"aonsw","theme_token":null},"ajaxTrustedUrl":{"form_action_p_pvdeGsVG5zNF_XLGPTvYSKCf43t8qZYSwcfZl2uzM":true,"\/search":true},"google_analytics":{"account":"UA-26493354-1","trackOutbound":true,"trackMailto":true,"trackDownload":true,"trackDownloadExtensions":"7z|aac|arc|arj|asf|asx|avi|bin|csv|doc(x|m)?|dot(x|m)?|exe|flv|gif|gz|gzip|hqx|jar|jpe?g|js|mp(2|3|4|e?g)|mov(ie)?|msi|msp|pdf|phps|png|ppt(x|m)?|pot(x|m)?|pps(x|m)?|ppam|sld(x|m)?|thmx|qtm?|ra(m|r)?|sea|sit|tar|tgz|torrent|txt|wav|wma|wmv|wpd|xls(x|m|b)?|xlt(x|m)|xlam|xml|z|zip"},"simple_popup_blocks":{"settings":[]},"views":{"ajax_path":"\/views\/ajax","ajaxViews":{"views_dom_id:7b7d86616c54e6d0629e1800cdac44227d6351373ef3882529f128772ba0f107":{"view_name":"facet_reports","view_display_id":"page_1","view_args":"","view_path":"\/reports","view_base_path":"reports","view_dom_id":"7b7d86616c54e6d0629e1800cdac44227d6351373ef3882529f128772ba0f107","pager_element":0}}},"facets_views_ajax":{"report_facet_topic":{"view_id":"facet_reports","current_display_id":"page_1","view_base_path":"reports","ajax_path":"\/views\/ajax"},"report_type":{"view_id":"facet_reports","current_display_id":"page_1","view_base_path":"reports","ajax_path":"\/views\/ajax"},"report_facet_year":{"view_id":"facet_reports","current_display_id":"page_1","view_base_path":"reports","ajax_path":"\/views\/ajax"},"sector_report":{"view_id":"facet_reports","current_display_id":"page_1","view_base_path":"reports","ajax_path":"\/views\/ajax"},"report_facet_audit_progress":{"view_id":"facet_reports","current_display_id":"page_1","view_base_path":"reports","ajax_path":"\/views\/ajax"}},"user":{"uid":0,"permissionsHash":"62af1f8c381ca95d79d3825fd83756cfec1b7ed12b3d38b564126ff10e517069"}}</script> <script src="/sites/default/files/js/js_31OPLJCZqaNIVfTegBHTh8zoCfPt1l1vS5043D850_k.js?scope=footer&delta=0&language=en&theme=aonsw&include=eJxtjlFuxCAMRC9E4EiRY7yExmCEoVl6-kbJqtWu8mPNvJFmHEQC0wwZeLSI6sIHMBpTOUCR0su8sOCm7oYZHdoouQWUDDKojjedSBUCqUGp5LLUBBx_yIBk3V1gWYAnbYNjDi-oHHEzBSqECmVV52svwPaf2J5LXzjqSt58R9rVndcm8Z3pDcEXPA1CabjC9dkDkNpcqfAh3Oms9pSgjiv7W7ycPYums-g2x5VwW-Q57dEHarcDKMdA9voLkU6S9Q"></script> </body> </html>