The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the forty largest NSW state government agencies.
A key risk area is how agencies manage the many IT vendors they now use to provide their IT services. While using IT vendors does give agencies access to a larger pool of talent and leverage the investments others have made in technology, these arrangements need to be properly managed.
Agencies annual reports are also not giving a clear and comprehensive picture of their performance. The use of targets and reporting over time was limited and applied inconsistently. And only 57 percent of agencies linked reporting on their performance to their strategic objectives.
Reporting on projects could also be improved. Common deficiencies included not reporting on costs to date, expected completion dates, significant cost overruns, delays, amendments, deferments or cancellations.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology (IT), including IT vendor management
- transparency and performance reporting
- management of purchasing cards and taxis
- fraud and corruption control
Overall, the report makes nine recommendations to help agencies improve internal controls and governance, and in turn deliver their services more effectively. It also reviews how agencies have progressed previous recommendations.