The NSW Auditor-General Margaret Crawford has released the ‘Annual work program 2021–24’. The forward looking audit program provides an overview of the planned audit areas for the year ahead, and the following three years for NSW Government agencies including NSW local councils.
For NSW councils, the audit program is closely aligned with the Report on Local Government 2020 released in May 2021 where there were 1,435 findings reported to councils in audit management letters. The report also identified:
- One extreme risk finding relating to Central Coast Council’s use of restricted funds for general purposes
- Fifty-three high risk matters were identified across all councils:
- 21 high risk matters relating to asset management
- 14 high risk matters relating to information technology
- 7 high risk matters relating to financial reporting
- 4 high risk matters to council governance procedures
- 3 high risk matters relating to financial accounting
- 3 high risk matters relating to purchasing and payables
- 1 high risk matter relating to cash and banking
Source: Audit Office of NSW – Report on Local Government 2020
With around 100 local council clients, InConsult is one of the largest and most respected risk, resilience and internal audit service provider to NSW local councils. We reviewed the 41 page work program and summarised the planned audits that directly and indirectly impact local councils over the next few years along with some suggested next steps to help you stay ahead.
Audit program 2021-24
The 3 year audit program will not necessarily include every one of the 128 local councils and 10 county councils. The results of each performance audit will be reported to the local council concerned, the responsible minister, the Secretary of the Department of Planning, Industry and Environment, and Parliament. Local council’s who are not subject to the performance audit should reflect on the reported findings when available and re-evaluate their own internal control environment.
It is not surprising that the 2021-24 audit program is closely aligned to the high risk areas the Auditor-General is concerned about.
1. Cyber security
This is no surprise. Cyber risk is amongst the top 5 risks for most organisations and the increasing frequency and intensity of attacks is a concern. Such incidents can harm local government service delivery and may include the theft of information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.
When cyber security risk management is done well, it reinforces organisational resilience, making entities aware of their risks and helps them make informed decisions in managing those risks.
Cyber Security NSW first released the NSW Cyber Security Policy in 2019 following the Audit Office’s sector-wide performance audit ‘Detecting and responding to cyber security incidents’. The policy outlines the mandatory requirements to which all NSW government departments and Public Service agencies must adhere, to ensure cyber security risks to their information and systems are appropriately managed.
The audit will consider how well selected councils ensure they have effective cyber security measures in place. In preparation, read more about our framework to help you achieve cyber resilience.
2. Strategic property portfolio management
This audit will be a whole-of-government/multi-agency performance audit. Whilst not specific to only local councils, the effectiveness of strategic property portfolio management, and the integrity of processes and outcomes for property acquisitions and disposals will be under the microscope.
3. Effectiveness of financial management and governance in selected council(s)
Financial sustainability is still an issue for many NSW Councils and the serious financial situation at Central Coast Council has further highlighted gaps and risks in respect to financial management and governance.
In our recent publication, Most Common Control Weaknesses in Local Government, we identified 4 areas in financial management that need attention.
- Development Assessment
- Accounts Payable
- Accounts Receivable/Debt Recovery
The audit will examine how these principles are effectively applied in the councils’ financial and asset management, funding decisions and risk management practices. It may also examine how councils’ expenditure and investment decisions have complied with the Act.
4. Development assessment process in local councils: Assessment stage
The DA and construction approval process has six stages – pre-lodgement, lodgement, assessment, determination, post decision and occupation certificate, and there are a number of participants who have involvement across those stages.
In 2018–19, the Auditor-General completed an audit that focused on the ‘pre-lodgement’ and ‘lodgement’ stages of the development assessment process at two local councils.
The next planned audit could assess the extent to which the ‘assessment’ stage at selected local councils aligns with relevant legislation and relevant guidance from the NSW Department of Planning, Industry and Environment (DPIE) and the Independent Commission Against Corruption (ICAC).
5. Coastal management (selected coastal councils)
The Coastal Management Act 2016 and the State Environmental Planning Policy (Coastal Management) 2018 guide and inform coastal management programs. The performance audit could assess how effectively the Planning, Industry and Environment cluster has overseen and implemented key elements of this reform package, and how effectively coastal councils have delivered coastal management programs.
6. Road asset maintenance
Local councils help maintain over 144,000 km of roads across their networks. Roads and related assets (eg bridges and footpaths) are material and make up more than $57.5 billion or 54% of Council Assets. This audit will have a focus on regional roads and will build on lessons learned in the Audit Office’s 2014 audit on Regional Road Funding and the 2018 audit on Road Maintenance Contracts. The audit may consider how effectively and efficiently local councils plan for, and manage, their road assets including maintenance activities, rehabilitation and rebuilding roads at the end of their useful life.
7. Council amalgamations
A number of council amalgamations took place in 2016 and the NSW Government projected $2 billion of benefits would be realised over a 20-year period.
The council amalgamation audit will assess whether the NSW Government effectively planned for the amalgamations process, including whether advice supporting the decision to implement amalgamations was based on robust analysis and enabled an assessment of progress in achieving clearly-defined, long-term benefits.
8. Building regulation – responding to combustible external cladding
Whilst the Department of Customer Service cluster undertakes regulatory and compliance activities, local councils have a role to play in enforcement. Following fires at the Lacrosse Building in Melbourne in 2014 and the Grenfell Tower in London in 2017, the NSW Government began implementing a coordinated, whole-of-government policy response to the fire safety risks posed by combustible external cladding.
This audit may examine how effectively the Department of Customer Service, Department of Planning and Environment, Fire and Rescue NSW, and local councils are implementing the NSW Government’s fire safety reforms, including to:
- identify and remediate existing risks from the use of external cladding
- prevent the future use of unsafe external cladding
9. ePlanning portal
All councils were required to commence using the NSW Planning ePlanning portal from 1 January 2021 and to process 100 per cent of planning applications using the portal from 1 July 2021. The audit will focus on whether the ePlanning program has realised its intended benefits related to efficiency, transparency and collaboration and whether the rollout process to councils has been implemented in a successful and timely way.
10. Precinct planning (selected local councils)
This audit will consider how effectively the Office of Local Government coordinates other responsible government entities to deliver ‘a planned approach to growth in Sydney, with new homes and jobs located close to public transport, shops and services, while retaining and enhancing a community’s character’.
11. State infrastructure contributions and voluntary planning agreements
Recent audits of local infrastructure contributions collected and spent by local councils found that increasing balances were present in councils that did not have strong governance over the funds. The audit will examine governance over these contributions and transparency over how contributions are levied and spent. It is not clear if some local councils will be impacted, but we recommend all councils review their infrastructure contributions and voluntary planning agreements.
12. Managing the code of conduct
The Office of Local Government (OLG) released a model code of conduct for council officials covering bullying and harassment, pecuniary interests and managing conflicts of interest. This audit could look at the compliance of councils’ codes of conduct against the model code, the effectiveness of their implementation and the effectiveness of complaint handling. It could focus on one or more of the issues covered by the code including bullying and harassment, managing conflicts of interest and disclosure of pecuniary interests. It could also consider the OLG’s role to provide oversight, right of review and support functions under the model code.
13. Performance management and monitoring
All local councils should have adopted the Integrated Planning & Reporting (IP&R) framework by June 2012. The IP&R ensures councils’ delivery of programs and operational plans are aligned with community priorities. This audit could examine councils’ compliance with IP&R Guidelines and could also examine how the OLG has supported councils through the development of a performance measurement framework and delivered direct support to rural councils. This audit would follow on from the Audit Office’s 2018 performance audit which reviewed the annual reports of all local councils to look at the performance of a select number of councils in depth.
That’s NOT all folks!
A final note, the Auditor-General conducts financial and performance audits, principally under the Government Sector Audit Act 1983 (GSA Act) and the Local Government Act 1993 (LG Act). The Auditor-General also has the power to examine allegations of serious and substantial waste of public money under the Public Interest Disclosures Act 1994. From time to time, the Auditor-General receives and responds to specific requests for special reviews or emerging issues of significant public interest in the areas of governance, misconduct, compliance or service delivery. The 2021-24 audit program can change anytime based on incidents and emerging risks.
Will your council be selected for one of these performance audits?
At minimum, we recommend all governance, risk and internal audit professionals in NSW local government at least consider these areas and assess how their council is positioned. As yourself:
- Were these areas covered in the internal audit program in the last 2 years?
- Has there been any recent incidents in these areas that suggest control weaknesses?
- Has there been a change is policies, processes, systems or people in these areas?
- Have council officer or risk owners recently reviewed their risks and controls?
Learn from the audit findings
It’s said that a wise person learns from their mistakes, but a wiser person learns from others’ mistakes – or in this case, the audit findings from the local councils that were audited.
Council’s who are not subject to the performance audit should reflect on the reported findings when available and re-evaluate their council’s risk exposure, governance arrangements and internal control environment.
Get in touch
From one-off internal audits to a three year audit program, and from Sydney metropolitan to regional councils, we tailor our internal audit services to suit your needs, size, maturity and budget.
Learn more about our Internal Audit and Assurance Services and the result of the Internal Audit Quality Assessment performed by the Institute of Internal Auditors Australia. Our clients can be reassured that our internal audit approach and methodology is second to none.
InConsult is also prequalified under NSW Local Government Procurement Internal Audit and Management Consulting Panel LGP218.
We help you confidently take risks, strengthen resilience and stay in control. If you would like to discuss your audit needs, please contact us.