The NSW Audit Office 2019 audit
report on the NSW local government sector contains unqualified audit opinions
on the 2018–19 financial statements of 134 councils and 11 joint organisations.
The opinion for one council was
disclaimed and three audits are yet to be completed.
What did the audit examine?
In addition to forming an opinion on councils’ financial statements, the audits examined the following risk areas:
- Credit
card management
- Fraud
controls
- Gifts and
benefits
- Cyber
security
- Landfill
rehabilitation
What did the audit find?
The report notes “pleasing indicators of the gradual strengthening of governance and financial oversight of the sector” but recommends improvements in the following areas:
- preparing for new accounting standards
- strengthening controls over information technology and cyber security management
- asset management practices
What can we learn?
Irrespective of whether you’re in local government, state government, the private or not-for-profit sector, see how your own organisation stacks up against the Audit Office’s recommendations:
Strengthen
the quality and timeliness of financial reporting
- Allocate
sufficient time and resources to the financial reporting process
- Have
appropriate systems, processes and resources to implement the new accounting
standards
Improve
governance and internal controls
- Ensure
audit recommendations are addressed in a timely manner. High risk issues need
to be prioritised and repeat issues from prior years resolved
- Have an
audit, risk and improvement committee
- Have an internal
audit function to support a risk and compliance culture
- Have a
legislative compliance framework to capture and monitor compliance with key
laws and regulations
- Continue
improving fraud control systems
- Have
adequate processes and controls to ensure compliance with a gifts and benefits
policy and Code of Conduct
Strengthen
IT controls and cyber security management
- Ensure
key IT policies are formalised and regularly reviewed to ensure emerging risks
are considered and policies are reflective of changes to the IT environment
- Ensure IT
risks are identified and appropriately managed
- Improve
user access management processes to ensure that information systems are secure
and that there are adequate controls for making changes to information systems
- Implement
at least the basic governance and internal controls to manage risks associated
with cyber security
Improve
asset management practices
- Regularly
update asset registers, reconcile asset registers with asset management systems
and have suitable controls in place to ensure the integrity of manual
spreadsheets
- Start the
asset valuation process earlier and ensure there is a clear plan to ensure
valuations are managed and documented appropriately
- Periodically
reconcile asset registers to the Crown Land Information Database (CLID) and
investigate any discrepancies in a timely manner
- Review
the methodology and assumptions in how they account for landfill sites
A copy of the full report can be found here.
