|
Audit and Risk Committee - 11 October 2018 - Attachments
|
Item 1 Attachments a |
|
Meeting Date: |
Thursday 11 October 2018 |
|
Time: |
1.00pm |
|
Venue: |
Council Chamber |
|
Committee Members |
John Palairet (In the Chair), Mayor Bill Dalton, Geoff Foster, Councillor Claire Hague, Councillor Graeme Taylor and Councillor Kirsten Wise |
|
Officer Responsible |
Director Corporate Services |
|
Administration |
Governance Team |
|
|
Next Audit and Risk Committee Meeting Thursday 6 December 2018 |
Audit and Risk Committee - 11 October 2018 - Open Agenda
ORDER OF BUSINESS
Apologies
Nil
Conflicts of interest
Public forum
Nil
Announcements by the Mayor
Announcements by the Chairperson
Announcements by the management
Confirmation of minutes
That the Minutes of the Audit and Risk Committee meeting held on Thursday, 19 July 2018 be taken as a true and accurate record of the meeting............................................................................................. 18
Agenda items
1 Health and Safety Report................................................................................................ 3
2 Risk Management Report .............................................................................................. 8
Public excluded ............................................................................................................. 16
Audit and Risk Committee - 13 September 2018 - Open Agenda Item 1
1. Health and Safety Report
|
Type of Report: |
Operational |
|
Legal Reference: |
Health and Safety at Work Act 2015 |
|
Document ID: |
433376 |
|
Reporting Officer/s & Unit: |
Sue Matkin, Manager People & Capability |
1.1 Purpose of Report
The purpose of this report is to provide Audit and Risk with an overview of the health and safety performance as at 31st August 2018.
|
That the Audit & Risk Committee: a) Receive the Health & Safety report as at 31 August 2018.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
1.2 Background Summary
N/A
1.3 Issues
N/A
1.4 Significance and Consultation
N/A
1.5 Implications
Financial
N/A
Social & Policy
N/A
Risk
N/A
1.6 Options
The options available to Council are as follows:
a. N/A
b. N/A
1.7 Development of Preferred Option
N/A
a Health and Safety Report as at 31st August 2018 ⇩
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
433390 |
|
Reporting Officer/s & Unit: |
Ross Franklin, Consultant Rachael Horton, Manager Business Excellence & Transformation |
2.1 Purpose of Report
To provide the Audit and Risk Committee (Committee) with an update on progress with risk management work and to report on the highest rated risks.
|
That the Audit & Risk Committee: a. Note the risk management work being undertaken by the Napier City Council Risk Committee. b. Receive the report titled: Highest rated risks report 24 September 2018.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
2.2 Background Summary
Napier City Council (NCC) has a programme of work to develop and mature its enterprise risk capability. A risk maturity roadmap has been developed to guide this work.
The Committee supports this work by acting in a monitoring and advisory role. This report provides an update to the Committee on progress against the roadmap and reports the highest rated risks to ensure they are being actively managed.
2.3 Issues
Since our last report to the Committee progress has been made in the following areas:
· Further development of the Sycle Projects module
· Commencement of a Business Continuity Management programme of work
· Review of the risk register
Sycle Projects Module
As reported to the last meeting NCC’s risk register is maintained within the Risk module of Sycle. There are three categories of risk that make up the risk register: strategic risks, operational risks, and project risks. Currently the register holds strategic and operational risks. Project risks come from the Projects module in Sycle which is yet to be fully implemented.
Once implemented, all small and large projects undertaken by NCC will be maintained in the Projects module and the risks for each project will be entered against the project. These risks roll up into the Risk module to make up the project risk component of the risk register.
Full implementation of the Projects module is now expected to be achieved by the end of 2018. Part of the implementation will be reviewing the way project risks roll up into the main register as while a small project may have a high risk of not achieving its delivery timeframes this would not be a high organisational risk, in terms of what is monitored and reported in the main register.
Business Continuity Management
We have commenced our Business Continuity Management work in early 2018. The aim of BCM is to achieve a framework for resilience and response capability in order to safeguard people and operations as well as to uphold confidence in NCC. An initial draft of a BCM policy has been prepared as the first part of the framework and work has commenced on the next stage which is a business impact analysis.
The BCM framework responds to the strategic risk SR5 – ‘Event causing disruption or destruction of critical business functions and/or production and delivery of council services’.
Review of the Risk Register
As set out in the risk roadmap, regular review of risk, risk controls and risk treatments are critical to effective risk management. Sycle allows us to set review dates for each of these risk components.
All overdue reviews are reported to the Senior Leadership Team and risk owners are undertaking overdue reviews. Overdue reports will be provided to the Senior Leadership Team on a quarterly basis to ensure risks are being actively managed.
Once this practice, of regular reviews of all risks, is embedded into the normal business practices it will move NCC along the risk maturity scale in the roadmap.
Review of the Corporate Risk Management Framework and NCC Risk Management Strategy
Work is underway to review these key risk documents. The Framework was first adopted in 2015 and an updated Framework document was adopted in April 2017. In April 2017 the Risk Management Strategy was approved as the underlying document for the Sycle risk management module. The framework is a higher-level policy document while the Strategy is a more detailed “how to” strategy document to guide staff when they are recording and managing risks in the Sycle module.
The documents were prepared\reviewed at the time staff were identifying the initial organisational risks to be loaded into the Sycle module. Now that the system has been in operation for a year it is a good time to have a closer look at the documents and identify any improvements that can be made.
1.4 Highest rated risks
There are currently 201 strategic, operational and project risks in the risk register.
There are seven risks to report to the Committee as the highest rated risks; three are operational risks rated Extreme (OR155, OR164 and OR 178) and four are strategic risks rated High (SR2, SR3, SR5 and SR6).
These risks are reported in the attached spreadsheet (Attachment A).
All seven risks have treatment actions to further manage the causes or consequences of each risk.
Extreme Risks
The Extreme risks in the operational risk register are:
· OR155 Pandora Pond – customer drowning
· OR164 Bluff Hill – fall from cliff top
These risks were previously reported to you on 19 July and they have not changed. The Pandora Pond facility is currently closed for the winter season and a project to replace the fence around the cliff top is currently being commissioned.
· OR178 Reliance on monopoly contractors for waste management
This is a new risk identified during a business unit review of waste contracts. Work is underway to identify effective control measures to mitigate this risk.
High Risks
The four high risks in the strategic register are:
· SR2 Removal of three waters delivery and management
· SR3 Increased number and/or severity of major/natural disaster events
· SR5 Event causing disruption or destruction of critical business functions and/or production and delivery of council services.
These risks were previously reported to you on 19 July and have not changed. The risks are outside the control of NCC. The risks treatments listed against these risks are ongoing.
· SR6 Risk management practices
This is a new risk identified which recognises that we council is still on a journey to embed risk management practices into the organisation. Until the risk management practices are fully integrated into the organisation’s culture there is still a risk that some risks may fail to be identified and managed with a resulting impact on Council.
2.5 Significance and Consultation
There are no external consultation requirements for this report.
a Report on highest rated risks ⇩
Audit and Risk Committee - 11 October 2018 - Open Agenda
That the public be excluded from the following parts of the proceedings of this meeting, namely:
AGENDA ITEMS
1. Draft Annual Report 2017/18
2. Freeholding
3. Legal update as at 30 June 2018
The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under Section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:
|
General subject of each matter to be considered.
|
Reason for passing this resolution in relation to each matter.
|
Ground(s) under section 48(1) to the passing of this resolution.
|
|
1. Draft Annual Report 2017/18 |
7(2)(f)(ii) Maintain the effective conduct of public affairs through the protection of such members, officers, employees and persons from improper pressure or harassment |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
2. Freeholding |
7(2)(i) Enable the local authority to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations) |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
3. Legal update as at 30 June 2018 |
7(2)(i) Enable the local authority to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations) |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of the
meeting would be likely to result in the disclosure of information for which
good reason for withholding would exist: |
Audit and Risk Committee - 11 October 2018 - Open Agenda
Audit and Risk Committee
Open Minutes
|
Meeting Date: |
Thursday 19 July 2018 |
|
Time: |
1.00pm – 1.49pm |
|
Venue |
Council Chamber |
|
Present |
John Palairet (In the Chair), Mayor Bill Dalton, Geoff Foster, Councillor Claire Hague, and Councillor Kirsten Wise |
|
In Attendance |
Stephen Lucy – Audit New Zealand Director Corporate Services, Chief Financial Officer, Manager People and Capability, Manager Business Excellence and Transformation |
|
Administration |
Governance Team |
Apologies
Nil
Conflicts of interest
Nil
Public forum
Nil
Announcements by the Mayor
Nil
Announcements by the Chairperson
Nil
Announcements by the management
Nil
Confirmation of minutes
|
Councillor Hague / Mayor Dalton That the Minutes of the meeting held on 15 March 2018 were taken as a true and accurate record of the meeting.
Carried |
Notification and justification of matters of extraordinary business
(Strictly for information and/or referral purposes only).
Agenda Items
1. Review of Charter
|
Type of Report: |
Operational |
|
Legal Reference: |
N/A |
|
Document ID: |
522046 |
|
Reporting Officer/s & Unit: |
Adele Henderson, Director Corporate Services |
1.1 Purpose of Report
As set out in the Audit and Risk Committee Charter, the Committee will review this Charter in consultation with the Council at least once a year. Any substantive changes to the Charter will be recommended by the Committee, and formally approved by the Council. The last review of the Charter was undertaken December 2016
|
At the Meeting At updated version of the Charter was tabled, incorporating the following changes: · Flow through the document has been improved with the inclusion of section titles · The Charter is proposed to be reviewed every two years rather than annually. The next review will be October 2020. · The only content changes are as follows: o Under section “Composition and Tenure”: § The Napier City Council will appoint the Chairperson of the Committee. § Council representatives on the Committee will carry out their duties as outlined in the Charter, recognising the difference in the role of the Committee compared to Councillor community advocate. o Under section “Risk Management”: § Review whether a sound and effective approach has been followed in developing strategic risk management plans for major projects or undertakings. o Under section “External Accountability”: § Review the processes and risk assessment are in place for the development and adoption of the Council’s Long Term Plan. The Chief Executive noted that at the recent LGNZ annual conference, Napier City Council’s Audit and Risk Committee had been identified as an example of recommended practice, not only having more than one independent member but also that the Chair’s position is held by an independent. It was noted that there are opportunities for the fine tuning of the actual implementation of the chartered responsibilities, but the Charter itself is a strong document. In response to a question from the Committee it was confirmed that the wider Council members now have access to all open Audit and Risk reports as a matter of course, and the public excluded reports if approved by the Committee (noting that there may be some reports where it is considered appropriate to release there information at a later date than the next Council meeting).
|
|
Committee's recommendation Councillors Wise / Hague The Audit and Risk Committee: a. Review the Audit and Risk Committee Charter b. Provide any recommended changes for Council approval, those changes being: · Flow through the document has been improved with the inclusion of section titles · The Charter is proposed to be reviewed every two years rather than annually. The next review will be October 2020. · The only content changes are as follows: o Under section “Composition and Tenure”: § The Napier City Council will appoint the Chairperson of the Committee. § Council representatives on the Committee will carry out their duties as outlined in the Charter, recognising the difference in the role of the Committee compared to Councillor community advocate. o Under section “Risk Management”: § Review whether a sound and effective approach has been followed in developing strategic risk management plans for major projects or undertakings. o Under section “External Accountability”: § Review the processes and risk assessment are in place for the development and adoption of the Council’s Long Term Plan.
Carried |
2. External Audit - Audit NZ Management Report Consultation document 2018-28
|
Type of Report: |
Legal and Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
519643 |
|
Reporting Officer/s & Unit: |
Adele Henderson, Director Corporate Services |
2.1 Purpose of Report
To receive the Audit New Zealand management report for the Consultation Document for the Long Term Plan 2018-28
|
At the Meeting Mr Lucy spoke to this item and item 4 conjointly, noting that Audit New Zealand (‘Audit’) were generally happy with the clarity of articulation and lay out of the Long Term Plan Consultation document and the Long Term Plan 2018-28 itself. Audit and Finance will work together to ensure that information flows are smoother for future processes. In response to questions from the Committee, it was clarified that: · The recommendation to undertake a legal review of the rates resolution was made following some minor inconsistencies being noted in an early version; the resolution was double peer reviewed and corrected but the feedback is noted for future processes. · Ensuring condition assessments for the water network are accurate and timely, and articulation of risks are clear, will be important for the Infrastructure Strategy; these considerations are being addressed by Council’s nation-wide. · Audit are comfortable that the balanced budget is correct for the ten year period. · Work is underway to confirm the methodology for customer satisfaction surveys moving forward (noting that telephone surveys are not necessarily the most effective now); this was not able to be ready for 1 July 2018 but is progressing. · In relation to the aquatic centre options, it was noted that it is a careful balance that needs to be struck between providing enough information in a consultation document to encourage the public to provide feedback, without overwhelming with details which can be provided elsewhere. · Further in relation to the aquatic centre project, it was noted that the costs provided were early estimates and it was likely that there would be shifts between that consultation figures and actual costs at time of construction reflecting natural fluctuations in the market over the time period. The project has multiple gateways at which point Council can assess its comfort level with continuing to proceed.
|
|
Committee's recommendation Mr Foster / Councillor Hague The Audit and Risk Committee: a. Receive the Audit New Zealand management report for the Consultation Document for the Long Term Plan 2018-28.
Carried |
3. External Audit - Audit NZ Interim Management Report
|
Type of Report: |
Legal and Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
453613 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
3.1 Purpose of Report
To advise the committee that Audit NZ did not find any new issues while carrying out the interim audit for 2017/18 and therefore no management report has been issued.
|
At the Meeting Mr Lucy spoke to the item, noting that no interim management report has been provided as nothing of significance has been identified to note at this time. Credit was noted to the Finance Team that this situation exists, particularly given the loss of a staff member during the Long Term Plan preparation period. The Committee noted the positive change since the previous Long Term Plan process, remarking on the impressive work undertaken and levels of transparency achieved. While risks have changed over that period, risk management has increased significantly. It is anticipated that Napier will be considered a positive example nationally.
|
|
Committee's recommendation Councillors Wise / Hague That the Committee:
a. Note that Audit New Zealand did not find any new issues from the interim audit for 2017/18 and therefore no management report has been issued.
Carried |
4. External Audit - Audit NZ Management Report Long Term Plan 2018-28
|
Type of Report: |
Legal and Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
525799 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
4.1 Purpose of Report
To receive the Audit New Zealand management report for the Long Term Plan 2018-28.
|
At the Meeting The Audit New Zealand management report was tabled. Discussion on this item took place conjointly with Item 2 and is captured under that item above.
|
|
Committee's recommendation Councillor Wise / Mayor Dalton The Audit and Risk Committee: a. Receive the Audit New Zealand management report for the Long Term Plan 2018-28. b. Receive the recommendations and approve the management comments.
Carried |
5. Risk Management - Risk Management Report
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
453619 |
|
Reporting Officer/s & Unit: |
Rachael Horton, Manager Business Excellence & Transformation |
5.1 Purpose of Report
To provide the Audit and Risk Committee (Committee) with an update on progress with risk management work and to report on the highest rated risks.
|
At the Meeting The Manager Business Excellence and Transformation spoke to the report, noting: · Particular focus has been placed on three areas over the last quarter: o Implementing the projects module in Sycle, o Business Continuity planning (linked to identified risks regarding possible disruption to services from a variety of causes), and o Continuing regular reviews of the risk register. · Two risks have been identified to the Committee under the higher risk reporting requirements: possible drowning of a member of the public while using Council equipment at Pandora Pond, and a possible fall from the Bluff Hill lookout by a sightseer (noting that this risk does not include a member of the public who may choose to deliberately scale any fencing with an intent to do injury to themselves). o While mitigations are being put in place for these identified risks, it was identified that the consequences of each are of a level that they are likely to remain identified as high even with management actions in place. In discussion it was noted that: · Where knowledge is held regarding possible risks on private properties, Council provides engineering and other advice to the property owner as far as it can. · Council holds no liability for any drowning in ponds, drains and the like on public land. There is existing case law to this effect. · A draft Business Continuity policy is almost complete; the re-activation of services will be staggered depending on what is most appropriate to the event. Typically Governance and Communications will always be activated first to ensure internal and external communications are present as quickly as possible. · With the recent implementation of the project module in Sycle, the highest rates project risks will now also be reported to the Committee. · The number of projects as a possible risk in itself is included in the register but is considered lower in impact due to mitigating actions in place. · Those positions whose roles include project and or risk management will have a specific KPI to this effect incorporated into the job description. · It is intended that surety audits are implemented as the organisation continues to mature in the risk management space, confirming that mitigations advised are actively taking place. · Central government has strongly indicated that there will be shifts in approach to water management nation-wide. Centralising water management is considered “safer” as it is anticipated to address capacity/ capability issues and to better spread the costs of appropriate infrastructure, particularly for smaller authorities.
|
|
Committee's recommendation Mayor Dalton / Mr Foster That the Committee: a. Note the risk management work being undertaken by the NCC Risk Committee. b. Receive the report titled: Highest rated risks report 9 July 2018.
Carried |
6. Risk Management - Insurance Update
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
525768 |
|
Reporting Officer/s & Unit: |
Bryan Faulknor, Manager Property |
6.1 Purpose of Report
To advise the committee of the insurance arrangements for the period 1 July 2018 to 30 June 2019.
|
At the Meeting It was noted that maximum probable loss modelling is being undertaken; the council’s within the region have been invited to complete this work together. If the invitation is not taken up, Napier will continue regardless. The business interruption indemnity period extension was noted as pleasing.
|
|
Committee's recommendation Councillors Hague / Wise The Audit and Risk Committee: a. Resolve i. That the report on the 2018/19 insurance arrangements be received.
Carried |
PUBLIC EXCLUDED ITEMS
|
Mayor Dalton / Councillor Wise That the public be excluded from the following parts of the proceedings of this meeting, namely: 1. Risk Management - Health and Safety Reports to 30 June 2018 2. Internal Audit - Cash Handling Review 3. Composition and Tenure
Carried |
The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under Section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:
|
General subject of each matter to be considered. |
Reason for passing this resolution in relation to each matter. |
Ground(s) under section 48(1) to the passing of this resolution. |
|
1. Risk Management - Health and Safety Reports to 30 June 2018 |
7(2)(c)(i) Protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information or information from the same source and it is in the public interest that such information should continue to be supplied |
48(1)A That the public conduct
of the whole or the relevant part of the proceedings of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding would exist: |
|
2. Internal Audit - Cash Handling Review |
6(a) Prejudice the maintenance of the law, including the prevention, investigation, and detection of offences and the right to a fair trial |
48(1)A That the public conduct
of the whole or the relevant part of the proceedings of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding would exist: |
|
3. Composition and Tenure |
7(2)(a) Protect the privacy of natural persons, including that of a deceased person |
48(1)A That the public conduct
of the whole or the relevant part of the proceedings of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding would exist: |
The meeting moved into committee at 1.49pm
|
Approved and adopted as a true and accurate record of the meeting.
Chairperson .............................................................................................................................
Date of approval ...................................................................................................................... |
