Local government entities: 2018–19 results of financial audits

This report summarises the audit results of Queensland’s 77 local government entities (councils) and the entities they control.

Financial statements are reliable

We found that all council financial statements completed to date are reliable and comply with relevant laws and standards. We found that councils have been generally more timely in finalising their financial statements. Four councils—Doomadgee Aboriginal Shire Council, Palm Island Aboriginal Shire Council, Richmond Shire Council and Woorabinda Aboriginal Shire Council—are yet to finalise their 2018–19 financial statements.

The councils have continued to improve their year end processes and the quality of their draft financial statements, which has helped them to reduce the average time required to finalise their financial statements (to 15.99 weeks from 21.87 weeks in the last five years). Five councils did not meet their statutory reporting deadline because they had problems completing their asset valuation process.  

Financial sustainability continues to be a challenge

More than half of the councils continue to spend more delivering services to their community than they receive in revenue from rates, fees and charges, and grants. This is particularly the case in rural, remote and Indigenous areas. 

Councils need to know which services their communities value. This enables them to make informed decisions when deciding which services to provide and when managing costs.

Being financially sustainable is a challenge for grant-dependent councils, as grant funding fluctuates, and there is lack of certainty about the amounts that will be available in the future. This uncertainty makes it difficult to make some medium-term decisions and to plan for financial sustainability in the long term. The Department of Local Government, Racing and Multicultural Affairs (the department) recently developed a grants model to streamline the framework for state government grant programs. Whilst this will assist councils in identifying and applying for grants in the short term, it may not help councils plan for long-term sustainability.

The department sets the ratios that councils use to measure sustainability. These ratios have been in place since 2013. The department needs to consider if these ratios are still relevant or if they should be more fluid, to address the changing needs of councils.

The cost of maintaining and replacing assets is increasing

Councils are responsible for maintaining and renewing a large asset portfolio of $106.8 billion, which they use to deliver community services. Asset management is critical to the long-term financial sustainability of the local government sector. 

Without effective asset management plans in place, councils risk undertaking asset renewals in an unstructured and reactive manner. These plans assist councils to plan for future costs and budget accordingly. 

When councils understand the performance, cost, and age of their assets, they can make informed decisions about their renewal, maintenance, and replacement. 

Councils need stronger governance

Councils with strong governance promote a risk-aware and ethical culture, appoint appropriately qualified people to oversight roles, and emphasise the importance of effective internal controls. They also have a clear understanding of, and respect the distinction between, roles and responsibilities of the councillors and the executive management.

While we have noted some improvements in recent years, the number of significant control issues, including those outstanding from prior years, indicates there are still systemic problems with councils’ internal control frameworks. By not addressing these vulnerabilities in internal controls, councils are exposed to risk of fraud or errors. 

The council elections in March 2020 may result in significant changes in the governance structures in some councils. If this is the case, then during the transition period, councils will need to maintain effective internal control environments to protect council assets, deliver quality services to their communities, and prevent fraud and error in their finances.  

An active audit committee and internal audit function can support a council in ensuring internal controls are effective, particularly during times of change, and in monitoring the timely resolution of audit recommendations.

Fraud continues to occur at councils

There has been an increase in fraudulent attempts at councils. During the financial year, attempts were successful at four councils, where employee bank account details were changed as a result of a fraudulent email. A further three councils have been defrauded by processing unauthorised changes to their vendor bank account details since July 2019. We identified weak controls over employee and supplier bank account changes at 15 councils this year. Fraudsters continue to target councils; therefore, vigilance over payments, strong internal controls and cybercrime awareness training are crucial for councils, regardless of their size.  

Approved purchasing processes must be followed

Councils purchase over $8.5 billion in goods and services, often from suppliers in their local community. We noted issues with councils not following established purchasing processes, including identifying and managing conflicts of interest, obtaining quotes, maintaining documentation, and approving purchases. These processes ensure decisions are ethical and transparent, achieve value for money, and are adequately approved—so council money is spent appropriately.

Secure information systems are essential

We continue to identify issues with information systems controls, including with user access to systems, security of electronic transfer files, and system implementations.

Councils need to secure access to their financial systems appropriately. These systems underpin the integrity of financial reporting, and unauthorised access may result in fraud or error. 

From our analysis of the sector, we identified the following actions for all councils to consider.

Strengthen governance framework

• Councils need to provide all councillors with detailed induction training and continuing professional development on their responsibilities.
• All councils should have an audit committee with an independent chair. 
• All audit committee members must understand their roles and responsibilities, and the risks the committee needs to monitor.
• All councils must establish and maintain an effective and efficient internal audit function, as required by the Local Government Act 2009.
• Audit committees must hold management accountable for ensuring timely remedial actions are taken on audit issues. All extensions of agreed time frames for remedial action requires consideration by the audit committee, including management’s risk mitigation strategies, until remedial action is completed.

Strengthen controls and processes 

• Councils need to strengthen their controls and processes by acting on outstanding audit recommendations. We recommend they take prompt action to address individual recommendations and resolve internal control deficiencies, with a focus on the highest risk vulnerabilities and those outstanding from prior years.  
• Councils need to establish clear policies and procedures to manage and collect charges for the infrastructure required to support new developments.

Secure employee and supplier information

• Councils must verify changes to employee and supplier bank account details through sources independent of the change request.
• Councils need to ensure information systems are secure to prevent unauthorised access that may result in fraud or error. Security measures could include encryption of information, restriction of user access, regular monitoring by management, and appropriate segregation of duties.

Conduct mandatory cyber security awareness training

Councils need to develop and implement mandatory cyber security awareness training for all staff, to be completed during induction and at regular periods during employment. This should include:

• delivering targeted training to higher-risk user groups, such as senior management, staff who have access to sensitive data, software developers, system administrators, and third-party providers
• recording and monitoring whether all staff have completed their required cyber security awareness training
• conducting campaigns to test the adequacy of staff vigilance to risks, such as phishing and tailgating (following a person into an office), so entities can assess and improve their awareness programs.

Strengthen asset management 

• Councils need to use accurate information about their assets, including asset performance (for example, current performance compared to the future performance required by the community) and cost, to inform their long-term asset management strategies and budget decisions.
• Councils need to strengthen how they control the recording of data on assets. They should regularly match the data in the financial records with the data in their geographic information systems to ensure they are both complete and reliable.
• Councils need to allocate enough time and resources early in the financial year to complete the asset valuation and asset accounting processes well before year end.

Improve financial management 

• Councils are encouraged to use the Queensland Audit Office’s financial statement preparation maturity model to assess their financial reporting processes and identify areas for improving the timeliness and quality of their financial reports.
• All councils should complete a self-assessment of their management reporting maturity. Councils need to determine what the appropriate level of maturity is for their circumstances and user needs. This will help them identify the elements in which they need to mature. 
  While desired and appropriate levels of maturity will vary across councils, all councils should ensure they: 
  • formally establish management accountabilities for reporting 
  • tailor reporting to user needs 
  • consult with users on a regular basis to ensure the reports meet their needs
  • provide training and ongoing guidance to report users to ensure they understand the reports
  • establish quality control and reporting processes that ensure accurate and reliable data is provided in the reports.

Improve timeliness for reporting to communities

Councils need to continue to work towards more timely financial reporting to their communities.

Improve monitoring of controlled entities 

Councils with existing controlled entities, or plans to create them, should have policies in place to ensure that:

• council develops a business case establishing the need for and objectives of the entity prior to creating it 
• each controlled entity’s board has the right skill sets to deliver the objectives of the entity
• where councillors or council management are appointed to the board of the controlled entity, potential conflicts of interest are appropriately managed 
• council implements monitoring controls over the entity’s key policies and procedures 
• the entity regularly reports to council governance committees.

Monitor long-term obligations for landfill rehabilitation 

Councils with licences for landfill sites should review the way they account for their long-term liabilities for landfill rehabilitation and ensure they account for future financial obligations.

Improve new system implementations

When implementing a new system, councils must:

• define up front what is required for the project and what needs to be delivered by the contract
• determine the need for specialist resources and determine the impact on staffing, both for the project team and for the backfill of positions for staff involved in the system implementation 
• clarify roles and establish responsibilities of service providers during and after implementation, and establish reporting milestones and time frames
• establish reporting requirements over the life of the project, including reporting on project status against milestones, budget versus actual expenditure, and the review and resolution of errors 
• identify and consider any early warning signs that would indicate a project is at risk of not meeting its objectives or not reaching the next milestone within time and budget
• critically assess projects against changing business needs
• for larger projects, consider implementing the changes in segments, as this provides more opportunity to review, to learn, and to assess risk 
• define system security settings and determine how to segregate duties before implementing the new system
• identify what reports users will need once the system is implemented
• establish a strategy to test that the new system processes transactions effectively and efficiently
• train staff to effectively use the system
• establish regular reporting on the implementation by the project team to both council and the audit committee.

From our analysis of the sector, we identified the following actions for the Department of Local Government, Racing and Multicultural Affairs.

Make changes to legislation

We propose that the Department of Local Government, Racing and Multicultural Affairs amends the Local Government Act 2009 to require all councils to have audit committees and all audit committee chairs to be independent.

Make changes to sustainability ratios 

We recommend the Department of Local Government, Racing and Multicultural Affairs reviews the current sustainability ratios to determine if they are the most relevant and effective ratios for measuring the financial sustainability of councils and if supplementing them with additional ratios would provide a more comprehensive assessment.

Require published financial statements for entities controlled by councils 

We recommend that the Department of Local Government, Racing and Multicultural Affairs continues to progress our previous recommendation to have entities controlled by councils make their financial statements publicly available.

Councils vary widely in their size and location and in the range of community services they provide. To enable comparison, we group them into the six segments that the Local Government Association of Queensland used in its 2013 report Factors Impacting Local Government Financial Sustainability: A Council Segment Approach: Coastal, Indigenous, Resources, Rural/Regional, Rural/Remote, and South East Queensland (SEQ).

Figure 1B shows the geographical location of the councils and which segment each council fits into.

This chapter delivers an overview of our audit opinions for each entity in the local government sector and evaluates the timeliness and quality of their financial reporting. It also provides conclusions on our areas of audit focus.

Chapter snapshot

Chapter summary

For this financial year, we provided unmodified opinions for 73 councils and 72 council-related entities, meaning their financial statements are reliable. As at the date of this report, the financial statements of four councils remain unfinalised. These four councils were not finalised by the extended financial reporting dates approved by the minister.

Overall, councils have improved their year end processes compared to last year, decreasing by 1.1 days the average time they took to complete financial statements after 30 June, and reducing the adjustments they made to draft financial statements. 

Across the sector, however, there are significant fluctuations in the robustness of monthly reporting. Councils need strong, consistent month end and year end processes and effective internal quality assurance practices to continue to improve the timeliness of their draft financial statements and reduce the likelihood of errors and adjustments.

Councils make a lot of decisions (some subjective) when determining the value of their assets and also when estimating their environmental obligations to restore their landfill sites. We focused on these areas in conducting our audit.

Ten councils reported prior period errors relating to found assets, which had not been previously included in their financial statements. This recurring issue needs to be resolved across the sector. Councils need to understand their asset data and improve the processes they use to conduct asset stocktakes and collect and record assets donated to them.

Audit opinion results

Councils and council-related entities

We issued unmodified audit opinions on the financial statements of 73 councils and 72 council-related entities. These results are consistent with prior years and mean the financial statements can be relied upon. 

Audit opinions have yet to be issued for four councils. The minister approved an extension for these councils as follows:

• Doomadgee Aboriginal Shire Council—31 January 2020
• Palm Island Aboriginal Shire Council—14 February 2020
• Richmond Shire Council—31 January 2020
• Woorabinda Aboriginal Shire Council—14 February 2020.

There are also six council-related entities for which audit opinions are yet to be issued.  

We qualified our audit opinions for two council-related entities—Artspace Mackay Foundation and Local Buy Trading Trust—on the basis that we were not able to obtain enough appropriate audit evidence about the completeness of their revenue. We are working with these entities to improve their control environments.

This year we issued 33 unmodified audit opinions with an emphasis of matter for council-related entities. The most common emphases of matter highlighted: 

• the special-purpose nature of financial statements that were prepared using a framework that did not require full compliance with all elements of the Australian accounting standards 
• disclosures in the financial statements identifying that entities had ceased/may soon cease to exist or had issues relating to their ability to pay their debts as and when they fall due.

Appendices E and F detail the audit opinions issued for councils and their related entities. Audit opinions not issued by the date of this report are marked as ‘not complete’.

Not all local government entities are required to prepare financial statements. This year, 41 entities were not required (either by legislation or by the accounting standards) to prepare financial statements. Appendix G includes a full list of entities not preparing financial statements and the reasons.

Status of unfinished audits from prior years

We tabled our last report about the local government sector—Local government entities: 2017–18 results of financial audits (Report 18: 2018–19)—in May 2019. At that time, one council and eight council-related entities had not finalised their financial statements. We subsequently issued qualified opinions for the 2016–17 and 2017–18 financial statements of Doomadgee Aboriginal Shire Council. 

The financial statements for the council were qualified for the 2016–17 financial year. There was insufficient information to form an opinion on unexpended grants, balances owing to the Australian Taxation Office, and the property, plant and equipment balance at 30 June 2017. Balances and disclosures for 2016–17 as they appeared in the 2017–18 financial statements remained qualified, as the council was unable to provide audit evidence to substantiate these items. 

Six of the eight council-related entities have now received audit opinions, one of which was qualified. 

We qualified our opinion on the 2017–18 financial statements of Isaac Affordable Housing Fund Pty Ltd. This was a result of the company identifying prior period errors in the reported depreciation expense for 2016–17, which were unable to be corrected.   

Appendix H includes a full list of these previously unfinished 2017–18 audits and the opinions we issued.

Financial sustainability statements

Under local government legislation, each council is required to prepare a current-year financial sustainability statement, which we audit. 

We have issued unmodified audit opinions on the sustainability statements of all 73 councils audited to date. In each case, our opinion is based on whether the statement has been calculated accurately. We do not form an opinion on the appropriateness or relevance of the reported ratios or on the councils' future sustainability.

The reported sustainability measures for each council are detailed in Appendix I.

Entities exempt from audit

Public sector entities may be exempt from audit by the Auditor-General in certain circumstances. Exemptions will be granted only where, in the Auditor-General’s opinion, there are no public interest reasons to undertake the audit. The Auditor-General has the discretion to grant an exemption for public sector entities that are small and low risk. 

Exempt entities are still required to engage an appropriately qualified person to audit their financial statements.

Eleven council-related entities were exempted from audit by the Auditor-General in 2018–19 due to their small size and low risk. One foreign-based controlled entity was also exempted. Appendix F provides a full list of these entities and the results of their audits.

Effective financial statement preparation

This year, more councils met the agreed milestones for year end processes, and the quality of the draft financial statements improved.

The results of our assessment of each council, and our assessment criteria, are outlined in Appendix J. 

Plan for early asset valuations to reduce financial statement adjustments

The valuation of assets was the most common year end process not completed by the agreed milestone. Five councils did not meet their statutory reporting deadline, because they had problems completing their asset valuation process. Those councils who engaged with their valuers early in the financial year generally met their agreed milestones and were able to identify adjustments before producing their financial statements.

Other significant adjustments related to recording and misclassifying of expenses, incomplete or missing information in the notes to the financial statements provided to audit, and prior period errors. 

Improved timeliness

We actively promote early financial reporting by councils to improve the timing of the information provided to their communities. This year, 58 councils (2018: 57), met our early reporting target date of 14 October 2019. Over the past five years, councils have reduced the average time required to finalise financial statements to 15.99 weeks, from 21.87 weeks in 2013–14. 

Councils have achieved this by improving their reporting frameworks and their governance processes for financial reporting, including audit committee oversight.

Financial statement preparation maturity model

A council’s effectiveness in preparing financial statements is influenced by the maturity of its financial reporting framework. Councils with mature reporting frameworks have more robust month end and year end processes, enabling them to achieve more timely and higher quality financial statements. This is because year end processes are an extension of the month end processes.

We have developed a new reporting tool for assessing financial statement preparation—the financial statement preparation maturity model. This model allows for an assessment of public sector entities’ processes for preparing financial reports and can be adapted for entities of different sizes and circumstances. We have provided a self-assessment tool to help entities evaluate themselves against their expected maturity level and highlight areas for improvement.

Areas of audit focus

We focus on areas with a higher risk of fraud or error in the financial statements. Risk increases when there is a higher degree of complexity or subjectivity (in terms of judgements, assumptions, and estimates), or when there are significant changes or developments. This year, in the local government sector, we focused on the following higher-risk areas:

• assessing the value of assets—because there is not an active market to buy or sell them, which makes it difficult to place a value on them
• assessing the cost of landfill site restoration—as councils have a legal obligation to environmentally restore their landfill sites (including 30 years of monitoring after closure)
• recognising infrastructure charges revenue—as determining when councils are entitled to this revenue is subjective and dependant on the type of development.

Assessing the value of property, plant and equipment assets

This year the value of councils’ assets increased by $3.2 billion 

Councils must ensure that the asset values reported in their financial statements are reflective of their fair value. Councils reported total property, plant and equipment assets of $106.8 billion.

Applying fair value to the assets provides councils with the approximate cost to replace their assets in today’s dollars. This, combined with asset management plans, assists councils in their decisions on asset renewal and replacement programs and in calculating the approximate cost to maintain a certain level of service for their communities.

Councils use valuation experts to estimate the value of the assets and provide professional judgement about certain subjective assumptions.

The $3.2 billion increase reflects an increase in the fair values of the councils’ assets, purchases during the year, and assets found in the valuation process that had not previously been recorded in the councils’ asset registers. 

Maintaining assets and planning for their long-term maintenance and replacement is a major task for councils.

In 2018–19, 64 councils had up to date or draft asset management plans. The number of councils with outdated, incomplete, or no plans dropped to 13 (2017–18: 17 councils). Figure 2B shows the significant improvements made across the sector over the last three years.

Seven councils that have not reviewed or updated their asset management plans in the last five years have populations of less than 4,000 people. These councils have minimal population fluctuations and development. This reduces the likelihood of significant changes in the service requirements of their assets and also reduces the need to review their asset management plans as regularly.

Four councils with outdated asset management plans have larger and growing populations, which means they need to regularly review and reassess their asset management plans to appropriately address the infrastructure needs of their communities. If they do not review their asset management plans, these councils risk having the standard of service delivery provided by their assets fall below the needs of their communities. 

Asset management is critical to the long-term financial sustainability of the local government sector. When councils understand the performance, cost, and age of their assets, they can make informed decisions about their renewal, maintenance, and replacement. If councils do not budget appropriately for these significant costs, they risk being unable to fund replacements or upgrades, with future ratepayers having to bear the cost.

When developing asset management plans, councils need to consider the nature, volume, and types of assets held and determine the required complexity of the plan.  

In 2020–21, we plan to conduct a performance audit on strategic asset management in local government to assess whether councils are effectively managing their infrastructure assets to maximise their service potential, while minimising the total cost of ownership. 

Ten councils reported prior period errors due to found assets

Councils continue to identify ‘found’ assets they have not previously recorded in their asset registers. Ten of the 18 councils (2017–18: five of the 25 councils) that reported found assets made material changes to the amounts previously reported in their 2017–18 financial statements. These were reported as prior period errors in those councils’ financial statements. The errors primarily occurred in the years of comprehensive valuations for councils’ roads and stormwater infrastructure.

The errors resulted from a mismatch of the information in the financial system and the geographic information systems (GIS) used to capture, store, and manage the detailed components of the councils’ assets. To ensure effective decision-making and efficient use of public money, the engineers (who build and maintain assets) and accountants (who manage the finances) must work with the same core asset information. When this is not aligned, neither are councils’ decisions, and councils are at risk of wasting public money.

Assessing the cost of landfill site restoration 

Councils have a legal obligation to environmentally restore their landfill sites under the licences (environmental authorities) issued by the Department of Environment and Science. 

In recent years, councils have improved the way they recognise the future costs of landfill rehabilitation. This year, 61 councils—an increase of 19 councils from 2016–17—have reported a provision for their landfill restoration costs in their financial statements. Councils have reported restoration obligations totalling $801.5 million in 2018–19, an increase of $323.2 million from 2016–17. 

An increase in the number of councils accounting for future landfill costs, and a reduction in the rate used to convert the estimated future cashflows into today’s dollars, were the primary drivers for this increase.

Figure 2C summarises the progress made by councils in recognising restoration provisions over the past three financial years.

Not all councils are required to recognise a restoration provision. This is because they either outsource this function and do not operate a landfill site within their council region or their applicable environmental authorities do not require restoration. 

Regardless, landfill services are provided by all Queensland councils to their communities, so councils must understand the costs of providing this service in order to make informed decisions about the charges they levy for using landfills. The importance of knowing the total future costs associated with delivering a service to the community is highlighted in Managing the sustainability of local government services (Report 2: 2019–20).

We will continue to work with the local government sector in 2019–20 to improve reporting on the councils’ financial obligations for landfill, focusing on the:

• consistency of key inputs and assumptions used to estimate future costs across councils
• competence, capability, and objectivity of internal or external management experts.

Recognising infrastructure charges

Infrastructure charges are fees councils collect to recoup the cost of the infrastructure provided to/required to support new developments. Usually infrastructure charges apply to:

• subdivisions (reconfiguring a lot of land)
• material change of use (altering a property’s usage)
• carrying out building work that generates extra demand on infrastructure (for example, water, sewerage, stormwater, roads, and pathways).

Determining when councils are entitled to this revenue is subjective and dependant on the type of development application. This process is labour intensive and requires periodic monitoring of the status of the development applications. 

Our audits identified 14 issues across 10 councils relating to the management and collection of infrastructure charges. Common issues we identified included:

• poor monitoring of development applications due to a lack of, or poorly maintained, infrastructure charges registers
• no policy on levying and collecting infrastructure charges.

If a council does not have appropriately designed systems in place to record and monitor when infrastructure charges are collectable, it could miss out on the revenue its community is entitled to. 

Internal controls are the people, systems, and processes that ensure an entity can achieve its objectives, prepare reliable financial reports, and comply with applicable laws. Features of an effective internal control environment include:

• secure information systems that maintain data integrity
• a strong governance framework that promotes accountability and supports strategic and operational objectives
• robust policies and procedures, including appropriate financial delegations
• regular management monitoring and internal audit reviews.

This chapter reports on the effectiveness of councils’ internal controls and highlights important issues facing the local government sector. It summarises our detailed assessment, which is included in Appendix J. 

Chapter snapshot

Chapter summary

This year we identified 834 internal control deficiencies across the sector, of which 251 were significant (2017–18: 273 of 834). Councils have shown progress in addressing the vulnerabilities in their control environment, with the number of unresolved significant deficiencies at the end of the year reducing to 133. This is the second year the number of significant deficiencies has decreased across the sector, with councils taking action to improve their internal control frameworks.

However, the volume of significant control issues indicates there are still systemic problems with councils’ internal control frameworks, with 66 per cent of issues raised in prior years remaining unresolved in 2018–19. Every unresolved issue unnecessarily exposes councils to risk. 

Councils continue to be targeted with fraud attempts. Vulnerabilities in the councils’ control environments increase the risk of successful frauds. Since July 2018, seven councils have been defrauded. 

Councils need to place greater emphasis on internal controls and prioritise action to resolve control weaknesses.

An active audit committee and internal audit function can support a council in ensuring internal controls are effective and in monitoring the timely resolution of audit recommendations. Eighteen councils still did not have an audit committee during 2018–19, and 14 councils did not have an active internal audit function. These councils have a higher proportion of the significant deficiencies across the sector.

Areas councils should continue to focus on include: 

• ensuring purchasing decisions are transparent, achieve value for money, and are appropriately approved
• independently checking changes to supplier and employee details
• securing their information systems
• managing risk effectively, including the risk of fraud
• improving management reporting.

Our reporting on internal controls

We rate internal control deficiencies to allow management to gauge their relative importance and prioritise remedial actions.

We categorise deficiencies using the Committee of the Sponsoring Organizations of the Treadway Commission (COSO) internal controls framework. The framework identifies five elements that need to be present and operating together for a successful internal control framework. More detail about this framework, and assessments of individual councils against it, is included in Appendix J.

Councils must provide strong oversight

A successful internal control framework requires strong governance, that seeks assurance on the effectiveness of the entity’s people, systems, and processes. If councils have a culture that values internal controls, all control elements are effective and operate together. 

Recently there have been multiple governance failures at some of Australia’s largest companies. These have been highlighted in the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and the Australian Prudential Regulation Authority (APRA) Report of the Prudential Inquiry into the Commonwealth Bank of Australia. 

Within the Queensland local government sector, the Crime and Corruption Commission’s report Culture and corruption risks in local government: Lessons from an investigation into Ipswich City Council (Operation Windage) identified that the councillors were not financially literate and did not understand their rights and responsibilities in areas such as governance. Nor were they sufficiently informed of their council’s policies and procedures. 

In addition to culture, the various reports identified poor oversight and skills gaps at the board or council level as common barriers to effective governance across all these organisations. While collective skills gaps at a board level can be overcome by professional development or recruitment of new board members, these gaps are not as easily overcome within councils, where councillors are democratically elected for a four-year term. 

Candidates in council elections typically have a diverse range of skills and experience. Recent local government reforms require all candidates for the 2020 local government elections (including existing councillors and mayors) to complete mandatory training. This training is designed to increase the candidates’ awareness of their obligations as a councillor (if elected). Once elected, detailed induction training and continuing professional development is needed to educate all councillors on their responsibilities.

An audit committee is often the only committee of a council that has external experts as members. Appointing the right independent, external members to this advisory committee can overcome any collective skills gaps at the council level and allow for informed, effective oversight.

The importance of internal controls and oversight

When a council’s culture does not emphasise the importance of effective internal controls, it is easier for frauds or errors to occur and be concealed.

Figure 3A shows the key elements of oversight functions.

We found that more than half of all councils have significant deficiencies across multiple elements of their internal control framework, with most in the Indigenous, Resources, and Rural/Remote segments. 

One of the main reasons the internal control framework is weak in these segments is their lack of ability to recruit and retain appropriately skilled staff due to the remoteness of their locations. As such, these councils find it hard to place appropriate emphasis on the effective operation of internal controls. 

Councils, in collaboration with the Queensland Government, should look for ways to attract the right skills to these regions and make use of technological solutions.

Areas in which they can improve to adequately safeguard against fraud and error include:

• resolving outstanding audit recommendations 
• establishing or maintaining effective audit committees and internal audit functions
• monitoring entities they control
• improving management reporting 
• effectively managing risks.

Of significant issues raised in prior years, 66 per cent remain unresolved

Each year we report to councils any internal control deficiencies we identify through our audits and provide recommendations for remedial action. Councils are responsible for ensuring they monitor and resolve internal control deficiencies. 

Not appropriately addressing internal control deficiencies in a timely way may indicate weaknesses in a council’s broader internal control framework and expose the council to the risk of error or fraud.

This year we analysed the appropriateness and timeliness of the remedial action councils have taken to resolve significant audit issues we identified in prior years. Many of these issues remain outstanding:

• Of the 834 deficiencies we reported to councils this year, 224 remained unresolved from our 2017–18 audit. 
• Of the 251 significant deficiencies we reported to councils this year, 73 remained unresolved from the prior year.

Figure 3B outlines the status of significant internal control deficiencies reported to management over the past three financial years, clustered by council segment.

Audit committees strengthen assurance processes

Having an audit committee is recognised internationally as an important element of good governance. An effective audit committee plays a pivotal role in ensuring management fulfils its responsibilities relating to financial reporting, internal control systems, risk management systems, and internal audit.

Within the Queensland local government sector, there is a strong correlation between the lack of an effective audit committee and the prevalence of significant unresolved audit issues. 

At the time of preparing this report, 18 councils (23 per cent) did not have an audit committee, which is the same as the prior year. These 18 councils had a disproportionate number of internal control weaknesses, with 25 new significant deficiencies reported and 39 unresolved significant deficiencies from prior years (29 per cent of total prior year significant deficiencies for the sector). 

Audit committees need the right mix of skills, experience, and independence

The chair of a council audit committee should be independent of management and the council, and have the expertise to:

• provide advice and assurance to the council from an objective and independent perspective
• address issues without preconceived ideas or bias and assist in encouraging objective debate on issues
• provide an insight into best practice procedures adopted in other entities.

Currently, 41 councils have an independent chair, with eight appointed since last year. The objectivity of the chair of the audit committee is pivotal to the effectiveness of the committee.  

In effective audit committees, the members have the right mix of skills and experience and understand the risks they need to monitor. Collectively, a local government audit committee should possess broad accounting, business, financial management, local government sector, and relevant industry knowledge. 

Having the right independent committee members allows for more robust discussion between the committee, management, and its auditors. It also means the people responsible for monitoring the implementation of audit recommendations are not the people responsible for implementing them.

Councillors are local knowledge experts, and this knowledge is important to audit committees. However, the committees also need independent members who can bring a wide variety of experience and business acumen from different entities and industries. In small communities, it is more likely that the best independent members will be from outside the region.

Many councils are due to appoint new audit committee members following the March 2020 elections. In doing this, councils should ask themselves:

• What is the balance of skills required for the audit committee for the term of its appointment? The skill sets of the committee members should meet the needs of the council and its future plans. For example, if a council is planning to undertake a significant system upgrade, the council should consider appointing an audit committee member with relevant information technology knowledge. 
• Are the right skills available in the community? With technology advancements, audit committee members do not have to be physically present at the meetings. They can attend through an electronic medium. This widens the pool of potential audit committee members with diverse skills and knowledge who could be valuable to the future of the community.
• What training will be provided to members (councillors and independent members) on their responsibilities as audit committee members? New members need to understand the committee's charter including its role, objectives, and responsibilities, as well as how it interacts with council’s management and auditors. They also need to know about the council’s code of conduct, its operations, and the environment in which it functions.
• How will conflicts of interest be managed? This is particularly relevant where local independent members are appointed, as their membership may provide them with a competitive advantage over other businesses in the community.

Active internal audit function 

Effective internal audit functions provide unbiased assessments of an organisation’s operations and continuous review of the effectiveness of governance, risk management, and control processes. Internal auditors evaluate risks and can assist in establishing effective fraud prevention measures by assessing the strengths and weaknesses of controls. 

Currently 72 councils (94 per cent) have an internal audit function, while five councils do not. A further 9 councils have had no internal audit activity during the year. Collectively, these 14 councils had 20 new significant deficiencies reported and 33 unresolved significant deficiencies from prior years. They would benefit from an active internal audit function that could proactively identify opportunities to strengthen internal controls.

Councils should have appropriate oversight of entities they control

Councils sometimes choose to provide community services through separate entities they control rather than providing the service through the internal council business units. These controlled entities have more operational freedom than councils, as they do not have to comply with Queensland local government legislation. 

There are 119 controlled entities within the sector, of which 78 produce financial statements. Many of these entities receive most of their revenue from their council. Council-controlled entities are listed in Appendices E (reporting), F (exempt), and G (dormant or non-reporting).

We have found the level of oversight councils exercise over their controlled entities varies significantly. Some have limited oversight, while others have detailed policies that establish governance, accountability, and monitoring frameworks—including for assessing each controlled entity’s performance against the objectives set out in its business case. 

If they do not exercise proper oversight, councils risk:

• their related entities failing to achieve their objectives
• transactions or other business decisions made by the related entities not aligning with the councils’ accountability requirements. 

In determining the composition of a controlled entities’ board, councils need to consider the skill sets required to deliver the objectives of the entities. 

The Queensland Government’s Guidelines for the Formation, Acquisition and Post Approval Monitoring of Companies issued in August 2015 discuss the need for the collective background of directors to include both public and private sector experience. The guidelines also provide examples of actions directors must take if conflicts of interest are identified. While these guidelines are not mandatory for local government, they do discuss better practice principles that are relevant to all controlled entity boards.

Councils often appoint councillors or senior executives to their controlled entities’ boards. Councils need to have appropriate mechanisms to manage the inherent conflicts of interest between the council’s own activities and those of its controlled entities. 

Managing risk effectively

Risk management includes three risk assessments—strategic, operational, and financial. We reported significant deficiencies to 16 councils that did not have appropriate risk management processes in place (2017–18: 16 councils).  

Councils with significant deficiencies in risk assessment controls are less aware of their risks and face a greater likelihood of loss, or of failure to achieve their objectives. Five of the 16 councils had still not completed fraud risk assessments (2017–18: 15 councils), indicating they may not understand the risks they face and how to safeguard the public monies entrusted to them. Seven of the councils with significant weaknesses in risk management were in the Indigenous segment.

Managing risk is fundamental to councils meeting their key business objectives. Fraud and corruption prevention, detection, and control are integral to good governance and risk management. Effective management of risk has an important role in shaping successful service delivery.

Improving management reporting 

Access to quality internal financial reporting enables management to meet its financial responsibilities and make effective decisions to achieve organisational goals.

This year we reviewed the management reporting practices of councils. We measured the overall maturity of their frameworks and their processes for providing the right people with the right information at the right time. This assessment was based on a four-point maturity scale, ranging from developing to optimised.  

We do not expect all councils to sit in the integrated and optimised categories or always aim to be in those categories. Councils should set a level of maturity that reflects their size, complexity, age, and structure. The cost of moving categories should always be considered in the context of the benefits provided. 

Right people

Councils with mature internal financial reporting clearly establish management accountability. Financial responsibility is defined and communicated, with management positively acknowledging its responsibilities. Reports are tailored to the differing user needs across levels of management and concisely present information that allows management to understand the financial operations of the council. 

There is little need for tailored or ad hoc reports, as information is readily available and convertible to different formats. Stakeholders are consulted annually to ensure reports continue to meet their needs. 

The lower performing council segments did not have a financial reporting framework outlining management responsibilities for the preparation and review of monthly financial reports. They provided little tailoring of reports across the levels of management, and they relied on ad hoc feedback to ensure reports met users’ needs. Management feedback during executive meetings was commonly relied on as the primary source for ensuring management reports met users’ needs on an ongoing basis. 

Right information

Good management reports contain relevant and reliable information that is comparable and understandable. They provide insight into the operations of the council, with measures and benchmarks aligned to the council’s strategic objectives. Reports are concise, easily understood, and provide complete and forward-looking information. Training and online assistance is also provided to help users understand and use reports. 

The lowest results in this component of management reporting maturity related to training and support. Most training provided across councils was high-level induction training to councillors or senior executives. Regular ongoing training and guidance materials were not widely provided to report users. 

Report content was often measured only against internal results. The use of measures to report performance against operational and strategic objectives and external benchmarking would increase the effectiveness of reporting, which would help when making important council decisions. 

Having the right information in monthly reporting should allow for an easy transition to annual financial reporting. 

Right time 

Mature internal financial reporting is timely. It gets information to decision-makers as quickly and efficiently as possible. Financial data is available as soon as it is collected (real-time information), and month end reports are produced within four to seven days after period end. Reports are produced with the same robust process and controls as end-of-year statutory reporting. 

We found all councils that prepare internal management reports prepare them at least on a monthly basis, with some preparing them weekly. The differing levels of maturity were evident in the time taken to prepare these reports after month end, and in whether ongoing real-time information was available to users. 

Councils with lower maturity provided users with hard-copy or emailed pdf versions of reports, limiting their ability to drill down and understand the results.

Councils need to strengthen their ‘everyday’ controls

Appropriate purchasing control processes must be followed

When councils purchase goods and services, they are required to follow established purchasing and approval processes. This should ensure value for money is achieved, council money is spent appropriately, and all purchasing decisions are ethical and transparent.

Given councils’ close relationship with their local communities, there is an increased risk that conflicts of interest can arise and influence purchasing decisions. Councils need to make sure all procurement decisions are fully justified and appropriately documented, and that all conflicts of interest have been declared. 

Councils should also ensure that financial delegations are set at appropriate levels, clearly documented, and used correctly. This is critical to ensuring that decisions and approvals are made by the right employees. 

Managing potential conflicts of interest

Councils should implement policies and procedures requiring councillors and employees to assess and report any conflicts of interest that might influence their decision-making. Procurement decisions should be fully defensible and appropriately documented, taking into account any identified conflicts. 

We reported significant deficiencies at four councils in relation to conflicts of interest, including where councils had not maintained a register of interests, and where councillors/employees had not completed a declaration, or their declaration did not identify all close family members. This increases the risk of procurement decisions being inappropriately influenced by undisclosed relationships.

Having purchasing policies that ensure expenditure is appropriate and achieves value for money 

We reported 19 significant deficiencies to 16 councils that had not followed appropriate procurement processes. This included instances where:

• the correct number of quotes were not obtained, or a tendering process was not conducted
• there was limited documentation to support the selection of the successful quote
• no invoice or receipt was provided for credit card transactions
• purchase approval occurred after the invoice was received, instead of before the goods or services were ordered.

Some councils’ purchasing policies were inadequate, which contributed to the exceptions identified.

Appropriately using delegations 

The levels of financial delegation assigned to officers should be appropriate for their position and functional role. Delegations are critical for ensuring that only appropriately skilled officers are authorised to make decisions or approve transactions. Councils should have processes in place to monitor the use of financial delegations. 

Some councils have automated the financial approval process, so the financial system automatically directs transactions to the employee with the correct delegation. However, this is dependent on the delegations within the financial system being maintained to reflect those currently approved by council. We reported three significant deficiencies where the financial system delegations did not reflect the delegations approved by council.

A further four councils did not maintain a current delegation register, or employees had approved expenditure that exceeded their delegation. 

Where expenditure is not approved by an appropriate financial delegate, there is an increased risk of loss to council, either through fraud or waste. 

Fraud is increasing due to poor controls over employee and supplier information

Payroll fraud occurred at four councils resulting from a phishing (fraudulent) email scheme. The email requested an unauthorised change to bank account details, and it was subsequently processed. The councils were able to recover most of the funds from the banks or through insurance. 

These councils have strengthened processes for monitoring payroll transactions and reporting, including approvals for employee information changes and, in some councils, flagging emails from external sources. They are providing enhanced cyber security and fraud awareness training to staff to address the increasing fraud risks.

Since July 2019, three councils have been defrauded in a supplier bank account change fraud. We reported a similar scam targeting vendor bank accounts three year ago in Local government entities: 2015–16 results of financial audits (Report 13: 2016–17).

We identified 16 significant deficiencies in controls over employee and supplier information at 15 councils including:

• 11 councils that did not review changes made to supplier information (For seven of these councils, this weakness has existed for more than 12 months.)
• five councils that did not review changes made to employee information.

When changes made to employee and supplier information are not independently reviewed in a timely manner, a council is at higher risk of losses due to fraud.

Our report Managing cyber security risks (Report 3: 2019–20) contains information on implementing better controls to reduce cyber security risks. Identifying cyber security risks is important in ensuring an entity is aware of its risk exposure and assessing whether it has the right controls in place to mitigate those risks.

Access to information systems needs to be secure

We identified 20 significant deficiencies at 18 councils where systems and information had not been appropriately secured:

• 12 significant deficiencies related to councils not reviewing user access or privileged user activities (2017–18: 10) 
• eight significant deficiencies related to insufficient security for electronic funds transfer files and general security (2017–18: two).

Activities performed by employees with privileged access (which allows them to access sensitive data and create and configure within the system) must be monitored. User access security reports should be reviewed on a consistent and timely basis to ensure data has not been corrupted and unauthorised transactions have not been processed. 

Having controls over system access is becoming increasingly important due to the evolving ways hackers are finding to access sensitive data or redirect payments to themselves. Our report on Managing cyber security risks (Report 3: 2019–20) provides insights into reducing the possibility of unauthorised access to councils’ systems.

System implementations have encountered delays and budget overruns

To successfully implement new financial systems, councils must have well-planned projects that account for the cost, time, and resources required. 

Annually, around 12 councils implement or begin implementing new finance systems. While some councils’ system implementations go well, others encounter issues. The problems encountered this year were:

• implementation dates were postponed due to the system not meeting council expectations
• implementation budgets were exceeded
• staff were diverted from regular duties to rectify system issues, resulting in backlogs in other areas of a council’s business and breakdowns in previously effective internal controls
• delays occurred in the accurate and complete transfer of the financial records
• reporting from the new system did not meet the council’s needs
• reconciliation problems existed between the new and old systems 
• there were system security concerns.

New system implementation programs need business cases that document the reasons for introducing a program, based on the estimated costs and benefits. The business case should link to the council’s overall information technology (IT) strategic plan and demonstrate how the proposed investment will contribute to the council’s strategic objectives. The approved business case should be reviewed throughout the implementation process and updated if significant changes are required. 

Governance processes for moving information to new systems must be strong to ensure data is accurate and complete and the resulting financial reporting is reliable. Detailed planning is required before councils embark on significant system implementations, as these projects require a large resource commitment (both dollars and people) over a long period of time. 

This diverts resources from core financial reporting functions and often leaves councils with a weakened internal control framework. This can contribute to significant delays in financial reporting. 

Our report Effectiveness of the State Penalties Enforcement Registry ICT reform (Report 10: 2019–20) includes recommendations for, and lessons learned from, information systems implementations.  

This chapter analyses the financial performance of councils, with reference to the three key ratios stipulated in the Financial Management (Sustainability) Guideline 2013 issued by the Department of Local Government, Racing and Multicultural Affairs (the department).

Chapter snapshot

Chapter summary

The sustainability of a council is more than just meeting the ratios determined by the department in the Financial Management (Sustainability) Guideline 2013. While these ratios are a good starting point, sustainability extends beyond them.

A sustainable community is one where local businesses are economically viable, environmentally sound and socially responsible, and people have access to basic services, such as education and health care. As much as growing and maintaining a sustainable community requires participation from all sectors of the community, it is also heavily reliant on population and employment opportunities. 

Figure 4A provides an overview of relevant statistics for Queensland compared to those of its peers (New South Wales and Victoria).

Financial sustainability is a challenge for councils in remote areas. These councils often have large land masses with significant infrastructure they need to maintain despite low and sometimes declining populations. These communities also often struggle to attract and retain specialist skills.

Despite these challenges, the councils still need to provide essential services to their communities—water, wastewater/sewerage, roads, and waste collection.

Figure 4B shows the overall financial sustainability risk for the six council segments over the last five years.

This year we assessed four of the six council segments as being either at a low or low to moderate risk of being financially unsustainable. The other two segments—Rural/Remote and Indigenous—consist of 30 of Queensland’s smallest councils by population, with each council having less than 5,000 people.  

Queensland’s 17 Indigenous councils cover less than two per cent of the Queensland landmass and have one per cent of the Queensland population. Councils in these regions tend to be the largest employers in their area. Broadly, they need to find ways to improve their operating results. 

The Indigenous segment is the only segment that is at high risk of being financially unsustainable. In addition to the low population levels and lack of employment opportunities already mentioned, this can be caused by the remoteness of the communities and by limitations on raising own-source revenue due to the demography of the population. 

However, there are councils within this segment that have consistently performed better. Hope Vale Aboriginal Shire Council, Lockhart River Aboriginal Shire Council, and Pormpuraaw Aboriginal Shire Council are considered low risk and have been for a few years. 

These three councils prioritise financial governance. They have been successful in recruiting and retaining appropriately skilled staff, have good budget preparation and monthly reporting processes, and an effective internal control environment and stronger oversight function. 

Figure 4C provides a summary of the eight-year trend at the council.

More than half of councils are spending more than they earn

The operating surplus ratio, which measures the extent to which councils’ operational revenues raised cover operational expenses, is a key sustainability ratio set by the department. This ratio provides an understanding of a council’s financial capacity to fund ongoing operations over the long term. The department’s target range for councils’ operating surplus ratio is between zero and 10 per cent.

Figure 4D compares the average operating surplus ratio each year for the past five financial years, by council segment. The operating surplus ratio is a long-term indicator, so we use the average ratio over the last five years when considering a council's overall financial sustainability risk rather than using the 2018–19 actual results in isolation.

This year, 35 councils (2018: 31 councils) achieved a positive five-year average operating surplus. This indicates that these councils are managing the costs of delivering services to the community within the limits of their revenue. 

The remaining 42 councils (2018: 46 councils) had a negative five-year operating surplus, with 11 councils (2018: 10 councils) falling below negative 20 per cent. These councils continue to spend more than they earn. Continually running operating deficits makes it difficult for them to generate sufficient funds to maintain service levels and renew essential community infrastructure.

The 11 councils with the lowest five-year operating surplus ratio were in the Indigenous, Resources, and Rural/Remote segments. These councils have populations of less than 5,000 people, and their ability to generate their own revenue remains a challenge. They have limited opportunity to generate revenue from alternative sources such as rates or fees and charges. They are also heavily reliant on grants and contributions. 

Income from grants fluctuates year after year, and there is a lack of certainty about the amounts that will be available in the future. For councils that are dependent on grant income, the uncertainty makes it difficult to make some medium-term decisions and to plan for financial sustainability in the long term.

The department recently developed a grants model to streamline the framework for state government grant programs. Whilst this will assist councils in identifying and applying for grants for their communities in the short term, it may not help councils plan for long-term sustainability.

Without the ability to raise revenue from alternative sources, councils must consider the services and service levels they provide to their communities—specifically their importance to the community and the cost of delivery. 

Our report on Managing the sustainability of local government services (Report 2: 2019–20) recommended that all councils consider whether the services they provide meet the current and future needs of their communities and whether these services are affordable.

Sector’s debt levels remained relatively stable

The net financial liabilities ratio measures a council’s financial capacity and ability to fund ongoing capital projects.  

The department’s target for the net financial liabilities ratio is below 60 per cent. For this ratio to be meaningful, it must be read in line with council’s operating surplus ratio. This is because a council with a healthy operating surplus ratio may still be able to borrow for its capital projects and service its debts even though its net financial liabilities ratio is over 60 per cent. In the case of councils with a low operating surplus ratio, a net financial liabilities ratio in excess of 60 per cent may cause stress in servicing their debts. 

The net financial liabilities ratio is a helpful indicator of financial sustainability when a council holds high levels of debt, which is rare in Queensland. 

Figure 4E compares the movement in the average net financial liabilities ratio over the past five years by council segment, based on the 77 councils.

Borrowings by local governments in Queensland are through the state’s annual borrowing program. All business cases for borrowings are approved by the department’s director-general and are funded by the Queensland Treasury Corporation (QTC). 

QTC acts as a bank for the state and carries out periodic credit reviews to determine whether a council can service its debts. This ensures councils that do not have the capacity to repay are not provided with funding that would turn into an uncollectible debt in the future.  

The Queensland local government sector continues to hold low levels of debt. Of the 77 councils, 53 have debt. The total debt for these councils is $5.5 billion (2018: $5.5 billion), which represents four per cent of the total assets of the sector.

SEQ and Coastal councils hold 94 per cent of the sector’s debt, which is unsurprising given the infrastructure needed to support large, growing populations.

Councils with low debt should assess their cash expense cover ratio, which indicates the number of months a council can continue paying for its immediate expenses without additional cash inflow. 

Councils' infrastructure asset management is stable 

Councils maintain a large network of infrastructure assets for the benefit of their communities. The asset sustainability ratio measures how efficiently and effectively councils are renewing these assets to maintain community services.  

The department’s target for councils is an asset sustainability ratio greater than 90 per cent. A value less than 90 per cent may suggest councils are not replacing their assets as they near the end of their lives, which could result in a reduction in service levels to communities.  

Figure 4F shows the average annual asset sustainability ratio over the past five years, by council segment, based on the 77 councils. 

The asset sustainability ratios indicate that 39 of the 77 councils have not met the target of 90 per cent based on a five-year average to 30 June 2019. This includes 17 councils in the Coastal and SEQ segments that have growing communities with increasing populations. These councils combined manage 66 per cent of the infrastructure assets of the local government sector.  

A low asset sustainability ratio can indicate that the asset base is relatively new and does not require renewal. The challenge for these councils is to balance renewals for infrastructure assets in older areas against new asset requirements in growth areas, to ensure assets are renewed at the right pace across the community. This highlights the need for these councils to have a robust asset management plan in place.  

Resources, Rural/Remote, and Rural/Regional councils generally have better asset sustainability ratio results, as they have received significant grant funding over the last five years to replace assets damaged by natural disasters. These three segments combined received $1.1 billion in disaster relief funding over the five-year period.

As assets are renewed by natural disaster funding, the expenditure on renewals is inflated in affected councils. These segments have a low operating surplus ratio (a combined five-year average operating surplus ratio of negative 4.92 per cent), which limits their capacity to borrow funds to renew their assets. The primary funding source available to councils in these segments to renew their assets is assistance from the state and federal governments.

In the past, the average asset sustainability ratio was one of the few ways to measure councils’ ability to fund their assets. However, many councils now have more complete asset data and improved asset management plans than they used to. This opens up opportunities to use the following ratios in conjunction with the asset sustainability ratio, to provide better indicators of councils’ financial sustainability:

• Asset consumption ratio—this ratio measures the current value of assets in use relative to what it would cost to build a new asset with the same benefits to the community.
• Asset renewal funding ratio—this ratio measures the ability of a council to fund its projected asset renewal/replacements in the future. 
• Asset maintenance ratio—this ratio compares planned maintenance of assets with required maintenance (which is what should be spent to maintain assets to a satisfactory standard) to indicate the extent to which a council is investing to stop its infrastructure backlog growing.

Our interactive map of Queensland allows you to search and compare councils to view their financial performance and sustainability indicators.