Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Revenue NSW has been told to document and keep risk assessments of its AI use for the collection of fines and other operations, following an audit by the Audit Office of NSW.
In a report summary of the audit on Revenue NSW, the Audit Office found that the fine collector had gaps in its AI risk documentation.
“While it has a high risk appetite for technological innovation, Revenue NSW’s appetite for risk within data decisions and ethics is low. Consistent with this risk appetite, there is a need for up-to-date and complete risk assessments for digital tools and the use of data,” the report said.
The report added that while Revenue NSW had noted key risks regarding the use of AI and automation when it comes to debt and fines, and developed a “detailed risk assessment” in both 2023 and 2025, the Audit Office found that these risk assessments are incomplete and have gaps.
“There are gaps in some of these risk assessments for the use of automation and artificial intelligence in fines and debt operations, which have incomplete risk ratings and detail about the controls and mitigating actions.
“For example, Revenue NSW’s risk assessment for the use of the garnishee order system has not been revisited since 2023, and there is no evidence this has been kept up to date. The risk assessment Revenue NSW provided has not been reflected in its enterprise and operational risk documentation,” it said.
Outside of risk assessments, Revenue NSW also uses AI to identify vulnerable individuals so that they can be removed from enforcement actions. However, its documentation regarding its accuracy expectations also contains gaps.
“Revenue NSW uses automation and artificial intelligence to identify the likelihood of a person being vulnerable using a set of business rules,” the report added.
“Although the outputs of the model are not a final assessment of vulnerability, nor the sole determinant of enforcement decisions, they can be used to remove individuals from enforcement action processes, such as removal from orders to garnish money from wages or salaries, or from bank accounts.
“Model testing documentation indicates the model’s overall accuracy rate for predicting a person’s vulnerability was 83 per cent as at April 2025, as compared with a reported 97 per cent in July 2021. In the absence of key success outcomes and accuracy targets, there is no evidence as to whether this performance is meeting Revenue NSW’s expectations.”
The Audit Office also found that Revenue NSW has not reassessed whether or not its use of AI meets the NSW Artificial Intelligence Assurance Framework’s ethical requirements.
“While there is no mandatory requirement to reassess the tools against the framework, key considerations under the NSW government’s Artificial Intelligence Ethics Policy outline that ‘it is imperative that AI solutions are designed with and monitored against explicit standards for performance, reliability, robustness and auditability, and that they align with the ethical AI principles,” the report said.
Finally, the report found that Revenue NSW has itself identified risks with its data quality, which it attributed to gaps in data supplied by issuing agencies, manual paper-based entries, ageing systems and limitations, and data capture not being on system outputs, but instead on summary notes.
However, Revenue NSW said it has addressed these issues with new processes and controls.
“For example, some quality control is undertaken to validate addresses and other information, based on existing customers or matches in agency databases (such as Service NSW or Transport for NSW), and there are data-entry quality checks performed on instances of manual entry,” the report added.
Be the first to hear the latest developments in the cyber industry.
