The NSW Audit Office has released its 2019 audit report concerning the NSW local government sector.
Unqualified audit opinions were issued on the 2018–19 financial statements of 134 councils and 11 joint organisations. The opinion for one council was disclaimed and three audits are yet to be completed.
What did the audit examine?
In addition to forming an opinion on councils’ financial statements, the audits examined the following risk areas:
• Credit card management
• Fraud controls
• Gifts and benefits
• Cyber security
• Landfill rehabilitation
What did the audit find?
The report notes “pleasing indicators of the gradual strengthening of governance and financial oversight of the sector” but recommends improvements in the following areas:
• prepare for new accounting standards
• strengthen controls over information technology and cyber security management
• asset management practices.
What can we learn?
Irrespective of whether you’re in the local government sector, state government sector, the private sector or the NFP sector, see how your own organisation stacks up against the Audit Office’s recommendations where relevant:
Strengthen the quality and timeliness of financial reporting
• allocate sufficient time and resources to the financial reporting process.
• have appropriate systems, processes and resources to implement the new accounting standards.
Improve governance and internal controls
• ensure audit recommendations are addressed in a timely manner. High risk issues need to be prioritised and repeat issues from prior years resolved
• have an audit, risk and improvement committee
• have an internal audit function to support a risk and compliance culture
• have a legislative compliance framework to capture and monitor compliance with key laws and regulations
• continue improving fraud control systems
• have adequate processes and controls to ensure compliance with a gifts and benefits policy andCode of Conduct.
Strengthen IT controls and cyber security management
• ensure key IT policies are formalised and regularly reviewed to ensure emerging risks are considered and policies are reflective of changes to the IT environment
• ensure IT risks are identified and appropriately managed
• improve user access management processes to ensure that information systems are secure and that there are adequate controls for making changes to information systems
• implement at least the basic governance and internal controls to manage risks associated with cyber security.
Improve asset management practices
• regularly update asset registers, reconcile asset registers with asset management systems and have suitable controls in place to ensure the integrity of manual spreadsheets
• start the asset valuation process earlier and ensure there is a clear plan to ensure valuations are managed and documented appropriately
• periodically reconcile asset registers to the Crown Land Information Database (CLID) and investigate any discrepancies in a timely manner
• review the methodology and assumptions in how they account for landfill sites.
A copy of the full report can be found here.