|
Audit and Risk Committee - 13 September 2019 - Attachments
|
Item 1 Attachments a |
Audit and Risk Committee
Open Agenda
|
Meeting Date: |
Friday 13 September 2019 |
|
Time: |
9.00am |
|
Venue: |
Ikatere Boardroom |
|
Committee Members |
John Palairet (In the Chair), Acting Mayor Faye White, David Pearson, Councillor Claire Hague and Councillor Kirsten Wise |
|
Officer Responsible |
Director Corporate Services |
|
Administration |
Governance Team |
|
|
Next Audit and Risk Committee Meeting To be confirmed post-election |
Audit and Risk Committee - 13 September 2019 - Open Agenda
ORDER OF BUSINESS
Apologies
Mayor Dalton
Conflicts of interest
Public forum
Nil
Announcements by the Acting Mayor
Announcements by the Chairperson
Announcements by the management
Confirmation of minutes
That the Minutes of the Audit and Risk Committee meeting held on Thursday, 20 June 2019 be taken as a true and accurate record of the meeting...................................................................................... 55
Agenda items
1 Health and Safety Report................................................................................................ 3
2 Risk Management Report August 2019........................................................................... 7
3 External Audit: Audit NZ Interim Management Report................................................... 13
4 Legislative Compliance: Annual Tax Update to 30 June 2019....................................... 35
5 External Accountability: Investment and Debt Report.................................................... 50
Public excluded ............................................................................................................. 52
Audit and Risk Committee - 05 September 2019 - Open Agenda Item 1
1. Health and Safety Report
|
Type of Report: |
Operational |
|
Legal Reference: |
Health and Safety at Work Act 2015 |
|
Document ID: |
823535 |
|
Reporting Officer/s & Unit: |
Sue Matkin, Manager People & Capability |
1.1 Purpose of Report
The purpose of this report is to provide Audit and Risk with an overview of the health and safety performance as at 31 July 2019.
|
The Audit and Risk Committee: a. Receive the Health and Safety report as at 31 July 2019.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
1.2 Background Summary
The Health and Safety report as at 31 July 2019 is shown at Attachment A.
a Health and Safety report as at 31 July 2019 ⇩
2. Risk Management Report August 2019
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
829299 |
|
Reporting Officer/s & Unit: |
Ross Franklin, Consultant |
2.1 Purpose of Report
To provide the Audit and Risk Committee with an update on progress with risk management work and to report on the highest paid risks.
|
The Audit and Risk Committee: a. Note the Risk Management Work being undertaken by Napier City Council Staff and Management b. Note the current Major risks c. Receive the Risk Report Dated 26 August 2019
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
2.2 Background Summary
Napier City Council (NCC) has a programme of work to develop and mature its enterprise risk capability. A risk maturity roadmap has been developed to guide this work.
The Committee supports this work by acting in a monitoring and advisory role. This report provides an update to the Committee on progress against the roadmap and reports the highest rated risks to ensure they are being actively managed.
NCC has a Risk Management Framework document together with a Risk Management Strategy. These document set out the NCC risk appetite and the risk management roles, responsibilities and reporting requirements.
NCC risks are recorded in a risk management software solution known as “Sycle”. Each risk is assigned a risk owner and the risk is rated based on an assessment against the NCC risk matrix and based on the level of residual risk once any control measures and actions (or work programmes) designed to prevent or mitigate the risk have been identified and implemented.
NCC has an internal Risk Committee made up of officers from different areas of the organisation. The role of the risk committee is to coordinate the risk management process; monitor the risk profile, risk appetite and effectiveness of controls; monitor & review high and extreme risks and report extreme and high risks to Council’s senior leadership team. The committee is chaired by the Manager Business Excellence & Transformation.
The Risk Management Strategy requires high and extreme risks to be reported to the Audit & Risk Committee. Recognising the level or NCC risk maturity all high\extreme strategic risks and extreme operational risks are reported to each Audit & Risk Committee meeting.
2.3 Issues
Since our last report to the Committee progress has continued to be made in the following areas:
· Further development of the Sycle Projects module
· Continuation of a Business Continuity Management programme of work
· Review risk processes, systems and of the risk register
Sycle Projects Module
As reported to the last meeting work continues to progress on the implementation of the projects module in Sycle.
Business Continuity Management
As reported to the last meeting work continues on Business Continuity Management (BCM) at NCC. A draft BCM policy and the draft Business Impact Analysis were presented to the committee at the March meeting. The next stage is to identify the BCM risks for each site, based on the business impact analysis and capture any key risk into the Corporate Risk Management framework
The BCM framework responds to the strategic risk SR5 – ‘Event causing disruption or destruction of critical business functions and/or production and delivery of council services’.
Risk Management at NCC
The roles of Manager, Business Excellence & Transformation and Risk Advisor are currently being advertised. With the appointment of the Risk Advisor there will be a significant uplift in the organisation’s capability and focus on risk management.
2.4 Significance and Engagement
There are no external consultation requirements for this report.
2.5 Implications
Risk Register
There are currently 5 strategic and 147 operational risks in the risk register. (Project risks have been excluded from reporting). Ten risks have been removed from the registers and two have been added since the last meeting of the Committee.
There are five risks to report to the Committee as the highest rated risks; one is an operational risk rated Extreme (OR164) and four are strategic risks rated High (SR2, SR3, SR5 and SR6).
These risks are reported in the attached spreadsheet. (Attachment A).
All five risks have treatment actions to further manage the causes or consequences of each risk.
Extreme Risks
The only Extreme risk in the operational risk register is:
· OR164 Bluff Hill – fall from cliff top
This risk was previously reported to you on 20 June.
The latest update on the fence project is it is expected to be completed in time for the start of the cruise season in November.
High Risks
The four high risks in the strategic register are:
· SR2 Removal of three waters delivery and management
· SR3 Increased number and/or severity of major/natural disaster events
· SR5 Event causing disruption or destruction of critical business functions and/or production and delivery of council services.
· SR 6 Risk management practices
These risks were previously reported to you on 20 June and they have not changed. The risks are outside the control of NCC. The risks treatments listed against these risks are ongoing.
New and Emerging Risks
In addition to the risks reported as a matter of course we have identified some current topical risks of relevance to the organisation. These all impact on the organisation’s ability to deliver high quality services to the community. The risks identified include:-
· Legal action such as the pool litigation and leaky building claims. These are impacting on both the management resource (time that is not spent delivering other projects etc.) and the Councils finances (cost).
· The changing construction market, both in terms of development and our ability to deliver the capital plan and cost escalations
· The election and changes in Council. It takes time for new councillors to come up to speed and this can impact on the organisations decision making. At this time there are 5 existing Councillors who are not seeking re-election.
· Provincial Growth Fund requests may not be successful
· Data Security. Staff are reviewing the security protocols of external providers of web related services.
2.6 Options
N/A
2.7 Development of Preferred Option
N/A
a Schedule of High Strategic and Extreme Operational Risks as at 26 August ⇩
Audit and Risk Committee - 13 September 2019 - Open Agenda Item 3
3. External Audit: Audit NZ Interim Management Report
|
Type of Report: |
Legal |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
823537 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
3.1 Purpose of Report
To consider the Audit NZ Interim Management Report for the year ending 30 June 2019.
|
The Audit and Risk Committee: a. Receive the Audit NZ Interim Management Report for the year ending 30 June 2019.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
a Audit NZ Interim Audit Management Report for the year ending 30 June 2019 ⇩
4. Legislative Compliance: Annual Tax Update to 30 June 2019
|
Type of Report: |
Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
823538 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
4.1 Purpose of Report
To provide the Audit and Risk Committee with the annual tax update on progress made during the period up to 30 June 2019.
|
The Audit and Risk Committee: a. Receive the report from PwC titled ‘Napier City Council Annual Tax Update year to 30 June 2019’.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
4.2 Background Summary
Council’s Tax Governance Framework and Tax Risk Management Strategy has now been operational for two years. The Tax Governance Framework was established to ensure Council maintains a low tax risk profile and effectively manages its tax obligations and risks. As part of the Tax Risk Governance Framework PwC have prepared an annual tax update report on progress made during the period up to 30 June 2019.
The report includes the following:
· A summary of the more substantive tax advice Council has sought from PwC during the period 1 July 2018 to 30 June 2019
· Commentary on tax matters currently being addressed as at 30 June 2019
· A general update on the wider tax environment which may affect Council
4.3 Issues
No Issues
4.4 Significance and Engagement
N/A
4.5 Implications
Financial
N/A
Social & Policy
N/A
Risk
N/A
a Napier City Council Annual Tax Update year to 30 June 2019 ⇩
5. External Accountability: Investment and Debt Report
|
Type of Report: |
Operational |
|
Legal Reference: |
N/A |
|
Document ID: |
827499 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
5.1 Purpose of Report
To consider the snapshot report on Napier City Council’s Investment and Debt as at 31 July 2019.
|
The Audit and Risk Committee: a. Receive the snapshot report on Napier City Council’s Investment and Debt as at 31 July 2019.
|
|
That the Committee resolve that the officer’s recommendation be adopted. |
5.2 Background Summary
The snapshot report on Napier City Council’s Investment and Debt as at 31 July 2019 is shown at Attachment A.
a Investment and Debt Report as at 31 July 2019 ⇩
Audit and Risk Committee - 13 September 2019 - Open Agenda
That the public be excluded from the following parts of the proceedings of this meeting, namely:
AGENDA ITEMS
1. External Accountability: Draft Annual Report 2018/19
2. Legislative Compliance: Legal Update as at 30 June 2019
3. Review of Audit and Risk Committee
4. Cloud Vendor Security Review by DIA
5. IT Firewall Penetration Test
6. Relocation of Offsite Archives
The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under Section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:
|
General subject of each matter to be considered.
|
Reason for passing this resolution in relation to each matter.
|
Ground(s) under section 48(1) to the passing of this resolution.
|
|
1. External Accountability: Draft Annual Report 2018/19 |
7(2)(g) Maintain legal professional privilege 7(2)(i) Enable the local authority to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations) |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
2. Legislative Compliance: Legal Update as at 30 June 2019 |
7(2)(g) Maintain legal professional privilege |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
3. Review of Audit and Risk Committee |
7(2)(c)(i) Protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information or information from the same source and it is in the public interest that such information should continue to be supplied |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
4. Cloud Vendor Security Review by DIA |
7(2)(b)(ii) Protect information where the making available of the information would be likely unreasonably to prejudice the commercial position of the person who supplied or who is the subject of the information |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
5. IT Firewall Penetration Test |
7(2)(b)(ii) Protect information where the making available of the information would be likely unreasonably to prejudice the commercial position of the person who supplied or who is the subject of the information |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
|
6. Relocation of Offsite Archives |
7(2)(b)(ii) Protect information where the making available of the information would be likely unreasonably to prejudice the commercial position of the person who supplied or who is the subject of the information |
48(1)A That
the public conduct of the whole or the relevant part of the proceedings of
the meeting would be likely to result in the disclosure of information for
which good reason for withholding would exist: |
Audit and Risk Committee - 13 September 2019 - Open Agenda
Audit and Risk Committee
Open Minutes
|
Meeting Date: |
Thursday 20 June 2019 |
|
Time: |
1pm-1.39pm |
|
Venue |
Council Chamber |
|
Present |
John Palairet (In the Chair), Acting Mayor Faye White, David Pearson, Councillor Claire Hague and Councillor Kirsten Wise |
|
In Attendance |
Chief Executive, Director Corporate Services, Director Infrastructure Services, Chief Financial Officer, Accounting Contractor, Manager People and Capability |
|
Administration |
Governance Team |
Apologies
|
Acting Mayor White / Councillor Wise That the apology from Mayor Dalton be accepted. Carried |
Conflicts of interest
Nil
Public forum
Nil
Announcements by the Acting Mayor
Nil
Announcements by the Chairperson
Nil
Announcements by the management
Nil
Confirmation of minutes
|
David Pearson / Councillor Hague That the Minutes of the meeting held on 28 March 2019 were taken as a true and accurate record of the meeting.
Carried |
Agenda Items
1. Risk Management Report June 2019
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
759266 |
|
Reporting Officer/s & Unit: |
Ross Franklin, Consultant |
1.1 Purpose of Report
To provide the Audit and Risk Committee (Committee) with an update on progress with risk management work and to report on the highest paid risks.
|
At the Meeting The Director Corporate Services spoke to the report and provided an update regarding the current status of the Manager Business Excellence and Transformation role. It was noted that risk reporting has not advanced as planned due to the changes in this space and that Council has also been holding off until a permanent appointment is made. In response to questions, the following points were clarified: · It was always intended that a dedicated resource would be appointed to manage the risk programme. · Council officers’ would come back to the committee with an update regarding the status of the Bluff Hill fence. · The purpose of the report incorrectly referred to the ‘highest paid risks’, this should read ‘highest risks’. · It was agreed that Risk Management should be separated out from the other High Risks as this should not be outside of Council’s control. |
|
Committee's recommendation Councillor Wise / David Pearson The Audit and Risk Committee: a. Note the Risk Management work being undertaken by the Napier City Council Risk Committee b. Note the current Major Project risks c. Receive the Risk Report Dated 11 June 2019
Carried |
2. Health and Safety Report
|
Type of Report: |
Information |
|
Legal Reference: |
N/A |
|
Document ID: |
758627 |
|
Reporting Officer/s & Unit: |
Sue Matkin, Manager People & Capability |
2.1 Purpose of Report
The purpose of the report is to provide the Audit and Risk Committee with an overview of the health and safety performance as at 31 May 2019.
|
At the Meeting The Manager People and Capability spoke to the report, highlighting achievements for the period. It was noted that work is still required on near miss and hit reporting, and that Council will be targeting staff without access to devices to ensure they are able to report incidents as they occur. An overview was also provided of upcoming workshops and programmes for Council staff. In response to questions, the following points were clarified: · The near miss and hit reporting target is shown as ‘more than’ as Council wants to receive as many near misses as possible. This is for reporting purposes to enable officers to start tracking trends and manage potential incidents. · Internal audits are now well underway although Council will not meet the target for this year. The focus has been on contractor audits and ensuring contractors are set up for and using ‘SiteWise’ and meeting other requirements. · A number of targets are already measurable for example, a correlation could be made between the reduction in lost time injuries and the number of pre-work assessments being completed. · It was noted that safety alerts have previously been used following a significant incidents only; however, officers have questioned whether this tool could be used to notify other incidents also to increase awareness. |
|
Committee's recommendation Acting Mayor White / Councillor Hague The Audit and Risk Committee: a. Receive the Health and Safety report as at 31 May 2019.
Carried |
3. External Accountability - Investment and Debt Report
|
Type of Report: |
Operational |
|
Legal Reference: |
N/A |
|
Document ID: |
758624 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
3.1 Purpose of Report
To consider the snapshot report on Napier City Council’s Investment and Debt as at 31 May 2019.
|
At the Meeting The Chief Financial Officer provided an overview of the investment and debt report, noting that as at May 2019 $61.4Million was held on deposit over a range of banks and different maturities. This amount will reduce to under $60Million by the end of June 2019, and it is forecasted that the rate will drop to 3.25%. In response to questions, it was clarified that deposits were arranged to allow Council to meet a large expenditure that was earmarked and due at the end of May 2019. |
|
Committee's recommendation Councillor Wise / David Pearson The Audit and Risk Committee: a. Receive the snapshot report on Napier City Council’s Investment and Debt as at 31 May 2019.
Carried |
4. Internal Audit - Sensitive Expenditure Monitoring
|
Type of Report: |
Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
760266 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
4.1 Purpose of Report
To table to the Committee the internal audit on sensitive expenditure monitoring undertaken by Council’s internal auditors, Crowe Horwath.
|
At the Meeting The Chief Financial Officer outlined the key areas audited by Crowe Horwath, noting that the review did not identify any expenditure inconsistent with Council’s Sensitive Expenditure Policy and confirmed that Council’s documentation was adequate. A number of the committee members noted that this is a good result. The Chief Financial Officer commented on Crowe Horwath’s efficiency in carrying out the internal audits. |
|
Committee's recommendation Acting Mayor White / Councillor Hague The Audit and Risk Committee: a. Receive the report from Crowe Horwath titled ‘Sensitive Expenditure Monitoring’.
Carried |
5. Internal Audit - Proposed Programme for 2019/20
|
Type of Report: |
Operational |
|
Legal Reference: |
N/A |
|
Document ID: |
760952 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
5.1 Purpose of Report
To table to the Committee the internal audit programme for 2019/20 from Crowe Horwath. Recommendations, feedback and any other review priorities the Committee deems relevant, is sought
|
At the Meeting The Chief Financial Officer spoke to the report and noted that Crowe Horwath have just been on site to complete the internal audit on Grants, with further internal audits planned. In response to questions, the following points were clarified: · It was considered that the business continuity and disaster recovery audit should remain at the scheduled date as it would be appropriate to have the current workstreams reviewed once they are complete. This work will also cover cyber crime. · A committee member noted that they would not like to see the community grants process become too restrictive. The Director Corporate Services confirmed that the scope documents will be reviewed by officers to ensure they are fit for purpose prior to commencement of the internal audits. |
|
Committee's recommendation Councillor Wise / David Pearson The Audit and Risk Committee: a. Resolve that the internal audit programme for 2019/20 from Crowe Horwath is received and approved
Carried |
6. Legislative Compliance - Update Report
|
Type of Report: |
Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
760953 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
6.1 Purpose of Report
To update the Committee on a number of legislative compliance reviews taking place.
|
At the Meeting The Chief Financial Officer spoke to the report, noting that this piece of work involves a review of Council’s funding Policy. A number of workshops have been arranged with Councillors to review 36 activities, to consider how they should be funded and whether current funding mechanisms should be reassessed. Prior to the 2019 Election, Council will decide on the approach they would like to take in relation to funding. It will then be up to the new Council to consider affordability and impacts on particular parts of the community. It was noted that this has been a slow process to date and that the last review was completed in 2001. |
|
Committee's recommendation Councillor Wise / David Pearson The Audit and Risk Committee: a. Note the Legislative reviews being undertaken including the Rating review
Carried |
7. Annual Plan 2019/20 (LATE REPORT)
|
Type of Report: |
Operational |
|
Legal Reference: |
Local Government Act 2002 |
|
Document ID: |
764372 |
|
Reporting Officer/s & Unit: |
Caroline Thomson, Chief Financial Officer |
7.1 Purpose of Report
That the Committee review and provide feedback to Council on the Annual Plan 2019/20 prior to the final adoption on 28 June 2019.
|
At the Meeting The Chief Financial Officer provided a brief overview of the report, highlighting the key changes from the draft Annual Plan 2019/20. It was noted that the key changes were made at the Council meeting held on 4 June 2019. The Committee members were asked to provide any feedback to the Director Corporate Services as soon as possible to ensure that this could be considered by Council at the 28 June 2019 meeting, where the Annual Plan 2019/20 is scheduled to be adopted. In response to questions regarding the Westshore revetment, it was noted that the funding decision was delayed by one year in order to give officers time to work through the process further with residents. |
|
Committee's recommendation Councillor Hague / David Pearson The Audit and Risk Committee: a. Receive the Annual Plan 2019/20. b. Provide any feedback to Council on the Annual Plan 2019/20 prior to the final adoption on 28 June 2019. c. Receive the minutes of the Council meeting held on 4 June 2019.
Carried |
GENERAL BUSINESS
The Director Corporate Services provided an update, following the request at the previous meeting, to look in to cyber-crime cover. There is now only one insurer remaining in the market. Officers are currently awaiting pricing and will report back to the Committee once this is received. It was noted that should a cyber-crime event take place in the meantime, Council would likely be covered under other existing Policies.
The Director Corporate Services also advised that she met with the tax advisors last week and confirmed that they will present their report to the Committee at the next meeting. It was noted that the tax advisors are also providing feedback to Council officers regarding payroll systems as an upgrade of this system is currently under consideration.
PUBLIC EXCLUDED ITEMS
|
Councillors Hague / Acting Mayor White That the public be excluded from the following parts of the proceedings of this meeting, namely: 1. Judicial Review Carried |
The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under Section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:
|
General subject of each matter to be considered. |
Reason for passing this resolution in relation to each matter. |
Ground(s) under section 48(1) to the passing of this resolution. |
|
1. Judicial Review |
7(2)(f)(ii) Maintain the effective conduct of public affairs through the protection of such members, officers, employees and persons from improper pressure or harassment 7(2)(j) Prevent the disclosure or use of official information for improper gain or improper advantage |
48(1)A That the public conduct
of the whole or the relevant part of the proceedings of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding would exist: |
The meeting moved into Committee at 1.39pm.
|
Approved and adopted as a true and accurate record of the meeting.
Chairperson .............................................................................................................................
Date of approval ...................................................................................................................... |
