Audit and Risk Committee

Open Agenda

 

Meeting Date:	Thursday 5 September 2024
Time:	9.30am
Venue:	Breakout Room 2 War Memorial Centre Marine Parade Napier

 

 

Committee Members	Chair:                   Bruce Robertson Members:  Mayor Kirsten Wise, David Pearson, Councillor Sally Crown (Deputy Chair), Councillor Greg Mawson and Councillor Hayley Browne Ngā Mānukanuka o te Iwi representative - Vacant
Officer Responsible	Deputy Chief Executive / Executive Director Corporate Services
Administration	Governance Team
	Next Audit and Risk Committee Meeting Friday 29 November 2024

 

 

2022 TERMS OF REFERENCE - AUDIT AND RISK

 

Reports to:	Council
Chairperson	Bruce Robertson (External Independent)
Deputy Chairperson	Councillor Crown
Membership	The Mayor Deputy Chair of Sustainable Napier Committee Chair of Prosperous Napier Committee External independent appointee Ngā Mānukanuka o te Iwi (Māori Committee) (1) Note: The Chief Executive and External Auditor are required to attend all meetings but are not members and have no voting rights.
Quorum	3 - One of which is an external appointee
Meeting frequency	At least quarterly and further as required
Officer Responsible	Deputy Chief Executive / Executive Director Corporate Services

 

Role

The role and scope, as well as any delegations of the Audit and Risk Committee are defined in the Audit Charter (Doc Id 325090).

 

Delegations

The role and scope, as well as any delegations of the Audit and Risk Committee are defined in the Audit Charter.

 

The Committee can make recommendations to Council or the Chief Executive as appropriate.

 

ORDER OF BUSINESS

Karakia

Apologies

Nil

Conflicts of interest

Public forum

Nil

Announcements by the Mayor

Announcements by the Chairperson including notification of minor matters not on the agenda

Note: re minor matters only - refer LGOIMA s46A(7A) and Standing Orders s9.13

A meeting may discuss an item that is not on the agenda only if it is a minor matter relating to the general business of the meeting and the Chairperson explains at the beginning of the public part of the meeting that the item will be discussed. However, the meeting may not make a resolution, decision or recommendation about the item, except to refer it to a subsequent meeting for further discussion.

Announcements by the management

Confirmation of minutes

That the Minutes of the Audit and Risk Committee meeting held on Friday, 14 June 2024 be taken as a true and accurate record of the meeting.................................................. 75

Agenda items

1      Civic Precinct Main Contractor Procurement............................................................ 4

2      Draft Indemnity and Liability Policy for Council Workshops and Meetings................ 9

3      Policy review process update................................................................................. 17

4      Procurement and Contract Management Improvement Plan.................................. 20

5      Asset Management Roadmap progress................................................................. 23

6      Sensitive Expenditure - Mayor and Chief Executive............................................... 28

7      Internal Audit Recommendations Progress Report................................................. 32

8      External Audit Actions Status Update..................................................................... 51

9      Risk Management Report...................................................................................... 57

10    Health and Safety Report....................................................................................... 67

Minor matters not on the agenda – discussion (if any)

Recommendation to Exclude the Public.......................................................... 73

 

Agenda Items

 

1.    Civic Precinct Main Contractor Procurement 

Type of Report:	Operational
Legal Reference:	N/A
Document ID:	1783487
Reporting Officer/s & Unit:	Darran Gillies, Strategic Programmes Manager

 

1.1   Purpose of Report To seek endorsement of the approach to the Civic Precinct main contractor procurement approach, and to share the accompanying Probity Plan. To enable the release of the Registration of Interest to the market.

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Endorse Civic Precinct Main Contractor Procurement Approach (Doc Id 1783631)

b.     Note The Civic Precinct Main Contractor Probity Plan (Doc Id 1783634)

1.2   Background Summary

On 15 August Council endorsed the latest architectural design stages for the Civic Precinct, and approved to progress to the design documentation stages to enable the Building Consent application process and the release of the main contractor tender to market.  

This paper outlines the procurement plan that supports the release of the main contractor tender to market.

The procurement is proposed to be undertaken through a two-stage approach. This will consist of an open competitive Registration of Interest (ROI) stage. It is expected that from this stage up to four respondents are shortlisted and invited to engage in an intermediary interactive period. The interactive stage gives the shorted lists of applicants shared access to the project team to gain critical information to develop their potential tender. The second stage is a competitive Request for Tender (RFT) from the shortlisted group only. These tenders are then evaluated by a selected group from the project team including the Principal Architect and an independent industry expert. The core evaluation team will be supported by technical experts such as mana whenua representation, Quantity Surveyor and engineers who will provide reports on each tender received.  

​The procurement plan and approach have been developed over the last 12 months and follow the process outlined within the commercial case from within the 2022 Library Business Case adopted by Council in July of that year. This was followed by the development of a Construction Strategy adopted by council in October 2023 that confirmed a traditional construction approach.

The construction strategy and procurement approach were tested as part of an early market engagement with the construction industry at the beginning of this year. This engagement received a high level of interest with over 10 construction firms taking part with all showing interest in the work.

This was followed by workshops which included key members of the project across multiple disciplines before receiving a review from the internal procurement team, legal and external probity advisor. It was then discussed at two Civic Precinct Programme Board meetings and received robust feedback. 

​Key feedback themes: 

​Documentation 

·      ​Clearly identify within the ROI, NCC's desired outcomes. 

·      ​Clarification and emphasis required in the RFP regarding the different construction methods within the project. 

·      ​Appropriate language for the fit-out of the CAB including clarification on whether the main contractor will undertake the fit-out as part of the base scope. 

·      ​Effective contract/sub-contractor management  

​​

Broader outcomes 

·      ​Continue and develop existing cultural narrative work with mana whenua partners 

·      ​Use of local resources 

·      ​Measurable and accountable targets 

​

​​Evaluation  

·      ​Updated weighting criteria  

·      ​Relevant methodology language to assist the evaluation team.  

·      ​An assurance report will be provided to assist the evaluation team. 

·      ​Mana whenua representation & Independent reviewer on the evaluation team 

·      ​Ensure the evaluation team possesses the collective experience and expertise necessary to recognise the true value of the responses, enabling a more thorough and rigorous assessment. 

​

The updated plan attached to this paper reflects the feedback received and is seeking endorsement to enable the ROI to be released to the market.  

​The project team will seek Councils' final approval for the letting of the Main Contractor contract in the new year. This will be of major significance to our community and will require to be worked through in detail with the elected members. It will also be a moment of much opportunity and economic benefit to many in our community. 

1.3   Issues

N/A

1.4   Significance and Engagement

The Civic Precinct work is clearly defined in the current Long-Term Plan adopted in June of this year.

1.5   Implications

Financial

The Civic Precinct Programme has engaged an external Quantity Surveyor who produces an independent cost plan at each design stage. The QS will play a major role in the procurement process, providing an independent review of financials submitted with each proposal.

The Quantity Surveyor alongside the independent Engineer to Contract will provide a substantial review of each payment claim as stipulated by the contract terms, the industry standard 3910 - 2013 Version.

Social & Policy

There is a substantial section within the procurement plan that supports broader outcomes. This will ensure that the local economy, workforce and key partners such as mana whenua have a full opportunity to benefit from this council investment.

Risk

Alignment with NCC Procurement Policy

This procurement plan and the approaches and procedures it covers, comply with NCC procurement policy and guidance, and good public sector procurement and probity practices.

Napier City Council Procurement Policy:

https://www.napier.govt.nz/assets/Document-Library/Policies/Procurement-Policy-2021-WEB.pd

Probity management

Probity is concerned with the integrity of the ‘process’ of conducting a procurement. It is not concerned so much with the ‘quality’ of the decision to achieve NCC’s required outcomes. The Evaluation Chair and Procurement Lead will manage probity in conjunction with the Probity Advisor/Auditor.

The following must always be considered:

·    fairness, impartiality, integrity, and ethical behaviour must be maintained and demonstrated. This means:

·    acting fairly, impartially, and with integrity

·    being accountable and transparent

·    being trustworthy and acting lawfully

·    managing conflicts of interest

·    protecting the supplier’s commercially sensitive and confidential information

As detailed in the attached Probity Plan, McHale Group has been appointed by NCC to provide probity advice and assurance.

In short, the Probity Advisor/ Auditor will advise and if necessary report on:

·    Procurement processes and documentation are consistent with NCCs related policies and procedures, the New Zealand Government Procurement Rules, Office of the Auditor General guidance and general public sector probity good practice;

·    Procurement processes and documentation are planned and implemented with integrity, in such a way that minimises the risk of probity failure due to potential weaknesses in the process, and that no parties are treated unfairly;

·    Ethical behaviour is practised throughout the procurement processes and is guided by the principles of honesty, integrity, fairness, trust, and respect, and these are evidenced; and Conflicts of interest are identified in real-time, planned for, and mitigating action is initiated.

 

A programme of works such as the Civic Precinct comes with complexity and potential risks. To give Council and stakeholders a high level of assurance a robust risk process, both at the project and programme level has been implemented.  

​The diagram below articulates the updated governance structure for this work.

 

​

The roles and responsibilities of each group and role are defined within the programme execution plan which is managed by our external Project Assurance team. Both the Programme Steering Group and Programme have robust Terms of Reference.   

​Ultimately it is Council that acts as the key decision point and gives approval to move from one formal gateway to the next. Due to the size of the construction contract, it will be a decision of Council to approve to enter into the contract.    

​

1.6   Options

The options available to Committee are as follows:

a.     Endorse Civic Precinct Main Contractor Procurement Approach and the release of ROI

b.     Receive The Civic Precinct Main Contractor Probity Plan

1.7   Development of Preferred Option

With the endorsement of the attached procurement approach, the ROI will be released to the market through councils preferred tendering system, GETs. This will be accompanied by a supplier briefing held soon after.

 

·    The ROI period will run for four weeks before the shortlisting process is undertaken by the Tender Evaluation Team (TET). The Senior Responsible Officer will approve the TETs shortlisting recommendation.

 

·    Once the shortlisted vendors are confirmed a 16-day interactive process will be undertaken with key members of the project team to enable further development of tenders. 

 

·    The Request for Tender (RFT) will follow in January once the design documentation has been completed to the level that accurate pricing can be achieved. This will run for 28 days.

 

·    An evaluation and moderation process will then be undertaken by the TET before a Tender Recommendation Report is brought before council in April for approval to enter into negotiations with a preferred tenderer.

 

1.8   Attachments

1      NCC Napier Civic Precinct Contractor Procurement Plan (v1.0) (Doc Id 1783631) (Under separate cover 1)  

2      NCC Probity Plan - Te Aka and Officer Accommodation project  June 2024 (Doc Id 1783634) (Under separate cover 1)   

 

2.    Draft Indemnity and Liability Policy for Council Workshops and Meetings

Type of Report:	Operational
Legal Reference:	Local Government Act 2002, Local Government Information and Meetings Act 1987, Privacy Act 2020
Document ID:	1785685
Reporting Officer/s & Unit:	Anna Eady, Team Leader Governance

 

2.1   Purpose of Report To provide the Committee an opportunity for review and input into the draft Indemnity and Liability Policy for Council Workshops and Meetings.

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Receive the report ‘Draft Indemnity and Liability Policy for Council Workshops and Meetings’.

b.     Recommend Council adopt the draft Indemnity and Liability Policy for Council Workshops and Meetings.

 

2.2   Background Summary

In October 2023 the Ombudsman released a report “Open for Business”, which followed an investigation into local council meetings and workshops, and whether they complied with the requirements set out in the Local Government Official Information and Meetings Act 1987 (LGOIMA). 

Napier City Council (NCC), in response to the recommendations set out in the Ombudsman’s report, has changed the default setting of workshops to be open to the public unless they are covered by one of the relevant grounds in section 6 or 7 of LGOIMA. NCC is also audio-visually recording the open sessions and publishing them on YouTube.

As Standing Orders do not apply in a council workshop, it was agreed with Council that some tools would be put in place to help manage any issues of liability.

2.3   Issues

This Policy aims to address some of the risks to NCC by livestreaming meetings, making workshops open to the public, and publishing recordings online.

Public meetings and workshops are an open forum of statements, questions, and responses. Occasionally comments could be made which are regarded as offensive, defamatory, inaccurate, or contrary to law. With publishing recordings of workshops and meetings the potential audience is increased, which also increases the likelihood and/or severity of potential liability. Whilst Council may not be liable for any inaccurate or defamatory comments made by an individual at a meeting, it may however, be liable if it publishes that material; albeit inadvertently. To counter this issue, this Policy sets out NCC’s ability to interrupt or terminate a livestream and to withhold sections of a recording from publication under the relevant section of LGOIMA.

As far as practically possible, it is not intended that there be recorded footage of public observers at meetings and workshops published on NCC’s online platforms. The Policy provides guidance to the Chair of a meeting or workshop in regard to notifying the public of this possibility and outlines that if a member of the public remains once that notification is given they are consenting to their image being published, albeit inadvertently. It also requires public presenting or submitting to the Council be made aware that their presentation will be livestreamed, recorded, and published unless they make a request to the Chair of the meeting to not have this happen.

Another issue this Policy addresses is technical difficulties in livestreaming a meeting or creating a recording. Whilst every effort will be made to ensure the livestream or recording runs smoothly if it does not the meeting or workshop will proceed regardless and written notes and other documentation from the session will be made available on NCC’s website.

2.4   Significance and Engagement

Public consultation is not required for this Policy.

2.5   Implications

Financial

There are no financial implications of Council adopting the Policy.

Social & Policy

Not applicable.

Risk

The draft Policy has been developed to be in line with current best practice, and with consideration of similar policies from other local authorities. There are no risks identified with the Council adopting the Policy.

2.6   Options

The options available to the Committee are as follows:

a.     To receive the report and recommend to Council to adopt the Policy

b.     To suggest changes to the Policy

2.7   Development of Preferred Option

The report will be put to Council for adoption, noting amendments recommended by this Committee.

 

2.8   Attachments

1      2024 DRAFT Indemnity and Liability Policy (Doc Id 1752204)   

 

2024 DRAFT Indemnity and Liability Policy (Doc Id 1752204)

Item 2 - Attachment 1

 

3.    Policy review process update

Type of Report:	Operational
Legal Reference:	N/A
Document ID:	1781644
Reporting Officer/s & Unit:	JayJay Kettle, EA to Deputy Chief Executive & Executive Director Corporate Services Talia Foster, Financial Controller

 

3.1   Purpose of Report

To update the committee on the progress made to date with the policy review project.

Officer’s Recommendation The Audit and Risk Committee: a.     Receive the report titled “Policy Review Process Update” dated 5 September 2024.

3.2   Background Summary

At the meeting of the Audit and Risk Committee on 29 September 2023, the committee directed officers to provide an update of the policy review process which was undergoing changes.

It is important to Council to have up to date policies in place to reduce risk across many areas of Council. Regularly reviewing policies is good practice to ensure they are relevant and fit for purpose. Internal and External audits have highlighted issues with policies being past their review date and officers have been struggling to ensure their timely review due to issues with the internal policy review process and system.

In September 2023, the Executive Leadership Team (ELT) agreed to review policies outside of this system to enable the timely review and correct a backlog of policies where an initial review has been completed by officers, but not approved by the ELT.

3.3   Current Position

Since May, nineteen policy reviews have been approved by ELT. These are:

·        CCTV Policy (published)

·        Information Services Acceptable Use Policy – Employees (published)

·        Information Services Artificial Intelligence (published)

·        Motor Vehicle Policy (published)

·        2024 Elected Members Expenses Policy (published)

·        Artificial Intelligence Policy (published)

·        Gifts and Gratuities Policy (published)

·        Credit Card Policy (published)

·        Online Banking Payment Policy (published)

·        Health and Safety Policy (published)

·        Pressure Sewer Systems policy (published)

·        Travel Policy (published)

·        Koha Policy (published)

·        Investment Policy (published)

·        Dangerous Affected and Insanitary Buildings Policy (published)

·        Complaints Policy (reviewed by ELT, going to Council for Adoption September 26th)

·        Napier Libraries Content and Collections Policy (reviewed by ELT, going to Council for Adoption September 26th)

·        Keeping us Free from Bullying & Harassment Policy (to be published)

·        Conflicts of Interest Policy (to be published)

 

The Information Services team will be reviewing options for an IT solution as soon as practical. This will remove the manual process and speed up the current process, enabling more policies to be pushed through review in a timely manner.

It has also been recognised that engagement at ELT meetings is beneficial for policy content collaboration, therefore any new system would need to cater to this.

Currently we have 102 Policies after 8 were withdrawn, 26 are current with 70 coming up for or due for review.

We have 3 meetings in the next quarter to get policies through ELT for approval. We aim to get 3-5 policies to each meeting. Our priorities are:

·    Test n Tag Policy (maybe going to a procedure not policy yet)

·    Service request Policy (on hold)

·    Napier Readiness Framework Policy (reviewed by ELT in May, rejected, now updated ready for review by ELT in September)

·    Key Account Management policy (going to ELT August 22nd via email)

·    Indemnity and Liability Policy (reviewed by ELT in July, rejected, now updated ready for review by ELT in September)

3.4   Significance and Engagement

N/A

3.5   Implications

Financial

N/A

Social & Policy

N/A

Risk

One key purpose of a policy is to mitigate risks. Having policies which are not regularly reviewed leaves us open to risks which are not effectively managed by policies.

We are reducing this risk by prioritising the policies which are to be reviewed first with the subject matter expert then onto ELT meeting for discussion and review for approval. Any public policies go through the same process then onto Council for Adoption.

3.6   Options

The options available to the Committee are as follows:

a.     Receive this update on the policy review process

b.     Provide further direction to officers

3.7   Development of Preferred Option

Receive the update on the policy review process.

3.8   Attachments

Nil

 

4.    Procurement and Contract Management Improvement Plan

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1777284
Reporting Officer/s & Unit:	Sharon O'Toole, Procurement Manager

 

4.1   Purpose of Report The purpose of this report is to outline the improvements intended to address the findings and recommendations from the Internal Audit Report: Contract Management Report 2024, completed by Crowe. This work will also support the use of procurement and contract management as strategic tools to deliver Council’s work programme and asset management. The initiative has been developed in consultation with the project to establish a Council Enterprise Programme Management Office (EPMO).

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Approve the Procurement and Contract Management Improvement Plan.

 

4.2   Background Summary

Council’s Internal Audit provider, Crowe, completed an internal audit on Contract Management. The report was finalised on 21 May 2024 and socialised with the Audit and Risk Committee 14 June 2024.

The audit identified a total of 11 risks - three high, seven medium and one low. The management responses to these risks included the recommendation to develop a Procurement and Contract Management Improvement Plan (Plan). The rationale to include procurement in the scope of improvements acknowledges the fact that a successfully managed contract requires all preceding steps to be completed effectively i.e. good contract management starts with good planning, procurement and contracting.

ELT approval was required to gain commitment for the resources needed to support the work. It also allowed senior management to review the initiatives alongside other Council improvements. The Plan was approved in full by ELT 13^th June.

The focus of the Procurement and Contract Management Improvement Plan is to promote operational efficiency, achieve compliance and standardisation. To implement the change a structured project approach was proposed which segments the Plan into discrete packages of work. These workstreams are shown in the following diagram.

   

 

There are other procurement and contract management improvements underway. The diagram below outlines these and how the relate to and support each other.

4.3   Issues

The recommendations from the Internal Audit report highlighted areas for improvement. The Plan considers the root cause of the issues that need to improve, these fall into the following themes:

·    Guidance

·    Templates and documents

·    Processes and procedures

·    Training

·    Technology.

This root cause view addresses the issues from the internal audit however this theme/ project view does not map to the internal Audit findings on a one-to-one basis.

Progress reports to A & R will be a manual overlay of the project tracking.

4.4   Significance and Engagement

N/A

4.5   Implications

Financial

The resource to deliver and improvement initiatives has an associated cost.  This work was supported by the leadership team and seen as a priority given that it underpins the delivery of Council’s capital programme, budgets were therefore reprioritised to provide funding.

Social & Policy

The update of Council’s procurement and contract management documents is an opportunity to prompt, encourage and support the consideration of progressive procurement or social, cultural, environmental, and economic outcomes. However, to automate and streamline the associated data collection and reporting requires investment in software and systems, the absence of these will hinder initial progress. System investment is a future opportunity.

Risk

There is a risk of multiple change initiatives occurring simultaneously. The procurement improvements have been bundled with initial EMPO and the capital delivery programme initiative. All three initiatives focus on improving project delivery, a common project workplan and governance structure is being established to support alignment across the improvements.

This should help identify opportunities for aggregation or highlight where there is misalignment between different workstreams.

4.6   Options

ELT were provided with the option to implement none, some or all of the recommended workstreams. All workstreams were approved 13^th June 2024.

4.7   Development of Preferred Option

A high-level scoping document has been completed for each workstream.

 

An external resource has been engaged to boost the internal resources working on the Plan, services commence 12 August 2024.

 

The initial activity will be to complete more detailed scoping and provide a timeline for each workstream. The aim is to have all workstreams completed within 6 to 9 months.

 

4.8   Attachments

Nil

 

5.    Asset Management Roadmap progress

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1785900
Reporting Officer/s & Unit:	Kate Ivicheva, Manager Asset Strategy

 

5.1   Purpose of Report This report provides an overview of the key activities and progress towards implementing the Asset Management Roadmap. These initiatives have been progressed by the Asset Strategy team, with the recent establishment of the Asset Management Steering Group set to ensure that the continued delivery of the Roadmap is conducted in a more coordinated and strategic manner. The report demonstrates the ongoing commitment to enhancing asset management practices, improving data integrity, optimising processes, and ensuring compliance with regulatory requirements.

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Receive the update on the progress of asset management initiatives and endorse the continued implementation of the Asset Management Roadmap.

 

5.2   Background Summary

Over the past 8 months, the Asset Strategy team has been working on several key initiatives aligned with our Asset Management Roadmap. These initiatives include the optimisation of the service request process, the implementation of reporting dashboards, the transition from paper-based asset records to a digital database, the introduction of systematic inspection schedules, improvements in open spaces data capture, and the development of a centralised system for managing specific attributes.

Expanded Details of Key Initiatives

1 Formation of the Asset Management Steering Group

Objective: The Asset Management Steering Group (AMSG) was established in July 2024 and held its first meeting on 9 August 2024. The primary objective of the AMSG is to deliver the Asset Management Roadmap and strategy, which has been supported by the Executive Leadership Team (ELT). The AMSG meets monthly with a flexible membership structure, allowing for adjustments to ensure the right team composition.

Process and Results: The AMSG oversees the sequential execution of the programme detailed in the Asset Management Roadmap, ensuring alignment with the adopted Asset Management Policy, and contributing to broader organisational goals. The group is also committed to taking a coordinated approach to asset management initiatives and establishing a methodology that brings clarity and confidence to the programme of work. The Steering Group is tasked with integrating asset management into Business as Usual (BAU) and ensuring that milestones align with the LTP. The group also ensures that the roadmap is effectively implemented and delivers tangible benefits to Napier City Council.

2 Centralised System for Managing Asset Attributes and Hazards

Objective: To develop and implement a centralised system for managing specific asset attributes, ensuring compliance with safety regulations and reducing associated risks.

Process and Results: The system was designed to provide a robust framework for managing asset attributes, including hazardous materials like asbestos. It facilitates tracking, monitoring, and reporting across all relevant assets, ensuring compliance with regulatory requirements. The system is currently in the testing phase, and while it has shown improved compliance with legislation and hazard management, additional work is needed to integrate it fully across the organisation.

Future Steps: The focus will be on completing the system testing and integration with H&S processes and procedures, ensuring it meets all operational requirements and is fully adopted by relevant stakeholders.

3 Optimisation in the Service Request Process

Objective: The initiative aimed to streamline the service request process, reduce inefficiencies, improve response times, and enhance service delivery.

Process and result: We improved system navigation and reduced processing times by streamlining the workflow and integrating automation tools. This optimisation has enabled us to manage a growing volume of enquiries without accumulating a significant backlog. The improved process has enhanced our ability to manage work processes, resulting in 27% effectiveness by saving 8 days per week across 6 teams in Depot, Community Services (housing) and Infrastructure Directorate.

4 Implementation of Reporting Dashboards

Objective: The development of reporting dashboards aimed to provide real-time visibility into key activity metrics, enabling informed decision-making and proactive management.

Process and Results: The dashboards were created to track various metrics, including asset performance, cleaning and inspection schedules, and financial expenditures. Integrated seamlessly with MagiQ, Accella and GIS, they facilitate real-time data flow and updates. Users reported improved ability to monitor performance, manage work schedules, and reduce time spent on manual data entry. Previously, we lacked such visibility, but now we have enhanced overview and quality monitoring. Currently, 16 teams are using the dashboards, with plans to roll them out across the entire organisation.

5 Introduction of Digital Inspection Schedules and Analytics Collection

Objective: To implement a systematic approach to asset inspections, enhanced by analytics, to improve asset management and regulatory compliance.

Process and Results: We introduced digital inspection schedules across various asset categories, supported by data analytics that collect and present inspection data trends. This proactive approach enabled us to identify and address potential issues before they escalate, thereby improving asset reliability and reducing the risk of unexpected failures. The insights inform maintenance planning and resource allocation, leading to more accurate predictive maintenance and better task prioritisation. This has allowed us to shift from a reactive "run-to-failure" model to a more structured process, enabling continuous improvement through user feedback and systematic data collection. Although the process is still minimal, it represents a crucial step forward from having a paper-based practice in place.

6 Improved Asset Capture and Transition to Digital Database

Objective: To transition from paper-based asset records to a comprehensive digital database, improving data accessibility, accuracy, condition monitoring, and overall management capabilities.

Process and Results: The asset tree and playground capture process involved the systematic collection and conversion of paper-based records into a centralised digital database accessible to all relevant stakeholders. The digitalisation process reduced data retrieval times, minimised data entry errors and increased confidence in work processes. Improved condition monitoring has also been a key benefit.

5.3   Issues

Despite the significant strides made in transitioning to digital asset data and implementing new processes, a few key challenges remain:

Resource Allocation: The shift to digital tools has increased demand for additional devices and training, particularly as more staff adopt tablets in the Depot. This growing need underscores the importance of investing in resources to fully support digitalisation.

Change Management: The transition from a reactive, "run-to-failure" model to a proactive, data-driven approach requires a significant cultural shift. While progress has been made, ongoing efforts are needed to ensure that all staff are comfortable with and fully integrated into the new processes.

5.4   Significance and Engagement

The initiatives described in this report are significant to NCC, as they directly reshape our approach to asset management, improve operational efficiency, enhance regulatory compliance and collaboration between teams.

Operational Efficiency: The optimisation of service requests and the transition to digital asset records are key to improving operational efficiency, reducing costs, and enhancing service delivery.

Regulatory Compliance: Introducing digital inspection schedules and centralising specific attributes such as asbestos are crucial to ensure health and safety regulations and reduce the risk of non-compliance.

Interdepartmental Engagement: The introduction of reporting dashboards has improved transparency and communication across teams, leading to more informed decision-making and enhanced performance management.

5.5   Implications

Financial

Streamlining the service request process has not directly led to substantial cost savings. However, it has allowed us to handle a growing number of inquiries without building up a backlog, as was the case in 2023 and the previous years, resulting in efficiency gains. The need for additional devices due to increased digitalisation in the Depot may have budgetary implications.

The development of a centralised system for managing asset attributes yields financial benefits by minimising non-compliance and penalties.

Social & Policy

Digital inspection schedules support our commitment to transparency, public safety and sustainability. By proactively managing and monitoring assets, we are better positioned to prevent incidents and ensure our operations are consistent with social responsibility and asset management policy objectives.

Risk management improvements

The transition to digital asset management records and the implementation of reporting dashboards have significantly reduced the risk of data errors and inconsistencies, directly improving decision-making and mitigating potential financial and operational consequences. These improvements prevent asset mismanagement and ensure more accurate resource allocation.

The centralised system for managing critical attributes, while still in the testing phase, addresses critical safety risks associated with asbestos hazards. By standardising this process, we greatly reduce the likelihood of non-conformance, legal liabilities, and related health risks.

Furthermore, the proactive maintenance practices adopted for open spaces have effectively reduced the risk of service disruptions and safety incidents, enhancing public safety in high-usage areas.

5.6   Options

The options available to Council are as follows:

a.     Continue with the Current Roadmap: This option involves the current course of action and steady pace of the implementation.

 

b.     Reprioritise Initiatives and Phases within the Asset Management Roadmap. This option would involve reassessing current priorities, potentially accelerating specific activities or reallocating resources to areas of greater strategic importance.

5.7   Development of Preferred Option

The preferred option is to continue with the existing Asset Management Roadmap, allowing the newly formed Asset Management Steering Group to oversee and deliver it. This approach ensures continuity in executing the improvement initiatives while benefiting from the oversight and coordination of the Asset Management Steering Group.

 

5.8   Attachments

Nil

 

6.    Sensitive Expenditure - Mayor and Chief Executive

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1782552
Reporting Officer/s & Unit:	Raewyn Fowler, Internal Audit Lead Talia Foster, Financial Controller

 

6.1   Purpose of Report To provide the information required for the Committee to review Sensitive Expenditure of the Mayor and Chief Executive for compliance with Council’s Sensitive Expenditure Policy.

 

Officer’s Recommendation

The Audit and Risk Committee:

a)   Receive the 30 June 2024 quarterly report of Sensitive Expenditure for the Mayor and Chief Executive and review for compliance with the Sensitive Expenditure Policy.

6.2   Background Summary

The Sensitive Expenditure Policy approved by the Chief Executive on 17 March 2023 and endorsed by Council requires a report of all sensitive expenditure by the Chief Executive and by the Mayor to the Audit and Risk Committee meetings (clause 6.3 and 6.4).  The policy also states that the expenditure items will be reviewed by the Chairperson or the Deputy Chairperson of the Audit and Risk Committee for compliance with this policy. 

6.3   Issues

No issues.

6.4   Significance and Engagement

N/A

6.5   Implications

Financial

N/A

Social & Policy

All sensitive expenditure transactions for the quarter ended 30 June 2024 are compliant with Council’s Sensitive Expenditure Policy.

Risk

N/A

6.6   Attachments

1      Sensitive Expenditure Q4 30 June 2024 Mayor (Doc Id 1786069)  

2      Sensitive Expenditure Q4 30 June 2024 CE (Doc Id 1786070)    

Sensitive Expenditure Q4 30 June 2024 Mayor (Doc Id 1786069)

Item 6 - Attachment 1

 

Sensitive Expenditure Q4 30 June 2024 CE (Doc Id 1786070)

Item 6 - Attachment 2

 

7.    Internal Audit Recommendations Progress Report

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1784295
Reporting Officer/s & Unit:	Raewyn Fowler, Internal Audit Lead

 

7.1   Purpose of Report The purpose of this report is to provide the Audit and Risk Committee an update on the internal assurance activities each quarter.  The report includes information on the current internal audit programme, and progress to date of the recommendations.

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Receive the Internal Audit Recommendations Progress Report dated 5 September 2024

 

7.2   Background Summary

Napier City Council (Council) contract to Crowe to provide internal audit services.  The internal audits performed by Crowe include a written report on issues found with recommendations and agreed management actions to be taken by Council staff to address issues raised. PWC also provide Council regular taxation internal audits.

This report includes the following information (page 1 Attachment 1):

·    Internal Audits by Financial Year and Status.

·    Total recommendations completed/outstanding to date.

·    Recommendations status (completed/outstanding) per Internal Audit.

·    Percentage of recommendations completed since last quarter (June 24).

The current active internal audit improvement programmes reported on this quarter are:

1.   Building and Resource Consents

2.   Records Management

3.   Sensitive Expenditure

4.   PAYE/WHT

5.   Contract Management

These are summarised in Attachment 1 (pages 2 to 6).  This includes key achievements for the last quarter, what is planned for the next quarter, and any issues/challenges impacting the delay of completion. 

Definition of the current status of the audit improvement programmes is as follows:

On target:                Improvement recommendation on target to be achieved.

Progressing:        Some minor delays to components/activities but mainly on track.

Not on target:       Delays that will prevent delivery in timely manner.

Not started:          Programme is yet to commence.

 

Please note the full details of all recommendations and progress for each audit is available to view as per attachment Attachment 2.       

7.3   Issues

The 2024/25 Internal Audit Plan is not yet available to present to the committee as this is subject to final completion of the strategic risks and assurance plan currently being undertaken by the Risk and Assurance Lead and Business Improvement Manager.  An update of this is included in the Risk Management Report.      

7.4   Significance and Engagement

N/A

7.5   Implications

Financial

N/A

Social & Policy

N/A

Risk

The internal audit programme monitors and significantly reduces risk across the organisation. By monitoring the recommendations to ensure they are implemented we are further reducing risk. Any outstanding actions do pose a risk to Council.

7.6   Development of Preferred Option

Recommend the committee receive the Internal Audit Recommendations Progress Report.

 

7.6   Attachments

1      Quarterly IA update summary Sept 2024 (Doc Id 1785621)  

2      IA Recommendations report progress detailed Sept 2024 (Doc Id 1785620)   

 

Quarterly IA update summary Sept 2024 (Doc Id 1785621)

Item 7 - Attachment 1

 

IA Recommendations report progress detailed Sept 2024 (Doc Id 1785620)

Item 7 - Attachment 2

 

8.    External Audit Actions Status Update

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1786614
Reporting Officer/s & Unit:	Talia Foster, Financial Controller

 

8.1   Purpose of Report The purpose of this paper is to summarise the actions taken by management from recommendations made via our external audit process to provide assurance to the Audit and Risk Committee that these have been addressed.

 

Officer’s Recommendation

The Audit and Risk Committee:

a)   Receive this report titled “External Audit Actions Status Update”.

 

8.2   Background Summary

Napier City Council are audited by Audit New Zealand annually for our Annual Report process, as legislated by the Local Government Act 2002. For each audit, we receive a report detailing issues found and recommendations made. 

        The agreed management actions are now being followed up with the relevant Council staff management and progress on actions to date is being tracked and reported.

8.3   Issues

From the 2022/23 Annual Report audit, Audit NZ were able to close 13 action points. Only one new action point was added during that audit. We now have 12 action points remaining.

Any closed points have now been dropped from this report, and we are reporting on the actions which remained as outstanding in Audit NZ’s Management Report for 2022/23 which was presented to the Audit and Risk Committee meeting on 4 April 2024.

We are continuing to make progress and should have further points to be closed in the upcoming 2023/24 Annual Report Audit scheduled for October.

It is worth noting issues with the “Attendance and resolution times performance measures”. Although the already highlighted issues have been resolved, Audit NZ have now identified further issues and we are working through whether this can be resolved for the 2023/24 year or not.

8.4   Significance and Engagement

N/A

8.5   Implications

Financial

N/A

Social & Policy

N/A

Risk

Along with the internal audit programme, our external audit monitors and significantly reduces risk across the organisation. By monitoring the recommendations to ensure they are implemented we are further reducing risk. Any outstanding actions do pose a risk to the organisation.

8.6   Development of Preferred Option

Receive the External Audit Actions Status Update report.

 

8.6   Attachments

1      External Audit Recommendations Tracking (Doc Id 1786457)   

 

External Audit Recommendations Tracking (Doc Id 1786457)

Item 8 - Attachment 1

 

9.    Risk Management Report

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1786241
Reporting Officer/s & Unit:	Dave Jordison, Risk and Assurance Lead Alister Edie, Business Improvement Manager

 

9.1   Purpose of Report To update the Committee on risk management workstreams and inform on the status of Council’s strategic and operational risk profile and any emerging risks.

 

Officer’s Recommendation

The Audit and Risk Committee:

a.     Receive the report titled “Risk Management Report” dated 5 September 2024.

 

9.2   Background Summary

We have defined the current issue limiting the increase in risk maturity, is the lack of understanding of the risk management process, and support of the risk management system.

To address this further for our uplift program and scheduled the workstreams over three months. The focus of the uplift program is upskilling ELT and managers on their responsibilities and their required processes and creating efficiencies across the risks management cycle – from administration and reporting to risk management.

A key development we require is the implementation of a risk assurance program. utilising the Three Lines of Defence model as recommended by the Office of the Auditor General NZ.

The risk assurance program is intended to provide the required level of assurance to the Audit and Risk Committee to assist them in making the determination that the risk profile of the council is acceptable and if not, reporting through the Chief Executive their findings. This has been included in our uplift program for completion by 30^th November 2024 and enables us to have a risk-based approach to prioritise our internal audit program.

ELT has led a deep and thorough dive of their strategic risks, in line with Councils updated strategic objectives. This process questioned and re-determined the objectives we are managing against and set related controls. We have provided an updated review status with some remaining work to be completed.

9.3   Issues

No issues.

9.4   Significance and Engagement

N/A

9.5   Implications

Financial

N/A

Social & Policy

N/A

Risk

Uplift Program Progress

Summary of Audit and Risk Committee governance training

The Risk and Assurance Lead will provide the following guidance in support of the Audit and Risk Committee’s monitoring of the risk management process.

The types of reports they will be receiving and how to understand them, and their contents in respect of Strategic Risk, Operational Risks, and the status of risk within the Council, and the maturity of the process.

As part of the risk uplift plan, the Audit and Risk Committee members will be provided training, where required in the theory of risk management and the Sycle software we use to help manage the process.

The table A in this report identifies which reports will be provided at each Audit and Risk Committee meeting in addition to the reports provided to the ELT and the tier 3 & 4 managers.

The format of the ELT reports is discussed in the following topic in this document.

The process combined with the internal audit plan is intended to provide the required level of assurance to the Audit and Risk Committee to assist them in deciding that the risk profile of the council is acceptable, and if not, reporting through the Chief Executive their findings.

ELT reporting and format.

The report format contains the following headings:

·    The Strategic Risk Dashboard (Overview of Strategic Risks) and Summary

·    Operational Risk summary

·    Emerging Risks both Internally, Nationally and Globally

·    Proposed changes to the Risk Framework/Strategy

·    Changes to the Risk management tool (Sycle)

·    Reports: As per requirements:

o  Risk Attention Report (Strategic and Operational, monthly)

o  Risk training completed, (monthly)

o  Strategic & Operational Revised risks High & Extreme, (quarterly prior to ARC meeting)

o  Strategic & Operational Out of Appetite (quarterly prior to ARC meeting)

·    Risk Training Status

·    Comments relevant to Risk Management

Summary of progress from previous report.

·    Strategic risk deep dive risk assessments progressing well and should be concluded by 30th August.

·    Risk treatment and escalation process understanding for ELT being utilised.

·    Notification of overdue risks, control and treatment action completions reactivated.

·    Risk reports being provided, and upskilling commenced for ELT regular monthly debrief.

·    Uplift programme (see attached plan) indicating adherence to planned dates.

 

Strategic Risks

Progress made with deep dive of all strategic Risks.

Risk Assessment process involves:

·    Risk identification (Including Causes and Consequences)

·    Risk Analysis (Likelihood and Consequences with Primary Risk Category)

·    Risk Evaluation Determination of revised level of risk, and if it is within appetite.

·    Risk Treatment (application of relevant controls and possible treatment actions) this also includes escalation of the risk should it be out of appetite.

 

It is important to understand that the risk treatments are the work plan to indicate the time frame in which we aim to bring the out of appetite revised risks, either within the appetite of the relevant primary risk category, or as close as possible to that.

The risk may still exceed the appetite, however the responsible director and in most instances the Chief Executive as the authority to accept these formally.

Note: As the risk assessment process is worked through, it will become clearer that a number of the causes, and consequences can be consolidated, if we identify a process that is intended to manage the risk.

If the process does not yet exist it will be deemed totally ineffective and an associated treatment action will show the plan and time frame to improve ineffective controls.

The Current Detailed Status of Strategic Risk Register shown by the Bowtie report. See Attachment 1 and risk uplift plan.

Also, the report showing Revised Risk levels High and Extreme See Attachment 5.

 

 

 

 

 

 

 

Summary of current status of the Strategic Risk Assessments,

Risk	Assessment not started	Risk Analysis Completed	Risk Evaluation Completed	Risk Treatment Completed	Escalation required	Escalation Completed	Within Appetite
1.     People & Capability SR22		X	X
2.     Not enabling our communities to become resilient SR21		X	X	X			X
3.     Failure to plan for, develop and maintain sound infrastructure SR15		X	X	X	X	X
4.     Work health & Safety – Failure to maintain a safe and healthy workplace and safe systems of work SR32		X	X
5.     Sustainable financial strategy SR23		X	X	X			X
6.     Failing to meet Te Tiriti O Waitangi commitments and obligations SR25		X	X
7.     Effectiveness of Emergency Management SR33		X	X	X	X	X
8.     Climate Change SR35		X
9.     Impact of External change and reform SR26		X	X	X			X
10.   Security, integrity and privacy data and information SR41		X	X	X			X
11.   Delivery of Programmes and Change SR36		X	X	X	X
12.   Council Reputation	X

 

The standard risk reports,  frequency and recipients is shown in table A below

Table A: Taken from Risk and Assurance Strategy

Performance Area	Key Performance Indicators	Comments/Methods
Risk Treatment Plan  Ref Attachment 2	% off-track risk treatment actions  Controls overdue for review, and treatment actions overdue for completion	Risk Attention Report  (Risk Treatment Action Status Report)   Input into ARC Report	Monthly Tier 2/3 &4 Manager
			Quarterly ARC
Risk Reviews  Strategic & Operational Ref Attachment 2	% of risk reviews undertaken as scheduled  % shows reviews not undertaken which is considered more relevant	Risk Attention Report  Input into ARC Report	Monthly Tier 2/3 &4 Manager
			Quarterly ARC
Risk Training   See uplift plan	% of Nominated staff undertaking risk management training	Excel Spreadsheet and Camms College report  input into ARC Report	Quarterly Tier 2 and ARC
Risk Exposure  Ref Attachment 3	% of risks exceeding prescribed level of residual risk with authorization  This report also shows Out of Appetite risks both with and without authorisation.	Insights report Strategic/Operational, Out of Appetite  Input into ARC Report	Monthly   Tier 3 & 4  Quarterly Tier 2 ELT and ARC
Operational Risk Report  Ref Attachment 4	Revised Level High/Extreme	Insights Auto Report to Tier 3 & 4  High & Extreme  Input into ARC Report	Quarterly   Tier 2 ,3 & 4 Plus ARC
Strategic Risk Report  Ref Attachment 5	Revised Level High/Extreme	Insights Auto Report  Input into ARC report	Quarterly  Tier 2 & ARC

 

Operational Risks

Reporting period 10 Weeks

·    There are zero Operational risks that have increased in their revised risk level down from 94 from the previous reporting period.

·    There are zero new risks created.

·    18 Risks with no controls down from 20 from the previous reporting period. Of these 4 indicate a change to the risk level from the inherent state to the revised state the Inherent risk level has reduced.

·    103 Risks that have decreased in their revised risk level. Markedly down from the previous reporting period.

·    72 Risk Reviews overdue up from 48 the previous reporting period.

·    21 have a revised risk level of High, and None are extreme.

These will be the primary operational risks to address next.                         

 

·    339 Control reviews remain at the same number.

·    136 Treatment actions overdue for review slight Increase from 131 for the previous reporting period

 

Operational Risks   Out of Appetite

There are currently 81 Operational risks showing as out of appetite, down from 138 in the previous period. This decrease remains due to the required risk reviews taking place with a more robust determination of the revised risk levels.

See Attachment 4

As part of the uplift program, we are determining processes for utilising ELT meetings to improve the regular review of out-of-appetite operational risks as well as strategic risks, where the risk owners sit below ELT level.

The automatic reporting of Operational Extreme/High revised risks will commence the last week of August prior to the ELT/and ARC meetings, and be quarterly to the tier 3 and 4 Managers.

Escalations From the previous ARC Meeting

OR 334 serious harm or fatality of staff and/or public from trade waste non-compliance: had a revised risk level of extreme so had been escalated through the Director of Infrastructure Services and on to the Chief Executive

A review of this operational risk has commenced, and the following conclusions determined:

As the health and safety of the staff is managed in MySafety, this aspect of possible risk should be addressed as a Hazard in the My Safety Register.

That leaves the Health and safety of the public to be managed in Sycle. It is the intention to reflect that exposure of the public will be avoided and controls input to show the manner that this will occur as the controls are anticipated as being totally effective and the result will be the risk level is low and within appetite.

 

Whilst this requires escalation through to the director Infrastructure Services and on to the Chief Executive. The treatment actions are planned for conclusion between early December and July 2025, when it is anticipated that the risk will be within appetite.

 

Currently there are 3 controls that would need to improve in their effectiveness from Partially effective.

Note this risk has a revised level that would not be reported on in the Operational Risk High/Extreme report.

OR207 Failure to Comply with Health and Safety at Work (Asbestos Regulations.2016)

The revised level of risk remains at a medium level for a Health and Safety risk Category.

There has been a substantial effort in reducing the risk level, however it is probable that until the treatment actions are concluded, this risk will require escalation to the Chief Executive.

As the risk appetite exhibits an understandable aversion to risk that, is common with many councils.

There are 7 Risk Categories:

·    Environmental

·    Financial

·    Health & Safety

·    ICT, Infrastructure and Assets

·    Legislative Compliance

·    Reputation/Image

·    Service Delivery

 

The risk appetite for Financial and Reputation/Image categories are Moderate, and the other categories  five are Low.

What the escalation process does, is enable the tolerance to be applied by the relevant managerial level in the business.

This allows for that individual directors to accept the revised risk level for the time frame to conclude the treatment actions and enhance relevant control effectivity.

It is possible, that some risks will never be reduced to be within the stated appetite level and again the escalation process allows for this.

The aim is to review the escalations as part of the risk appetite process, including the table contained in the Risk Management Policy identifying who has the authority to accept out of appetite risks for the relevant categories.

This will be part of the training uplift programme.

Improvements

A summary of what has been achieved so far:

·    The Notification process for due Risks, Controls and Treatment actions has be reinstated

·    Strategic Rik Assessments primarily completed. (see matrix showing status)

·    Escalation process begun where finished risk assessments show their requirement (Further training for ELT being performed to enable understanding of the process and why it is required)

·    Automatic emails of operational risks showing revised risk level of High or Extreme, to all Risk owners, Control owners and Treatment owners (this re4quires maintenance as owners change)

·    Training for ELT, Tier 2 3 and 4 Managers available in CAMMS College for Risk Essentials

·    Risk messaging is improving as a result of Risk owners, Control owners and treatment action owners adhering to due dates prompted by reports showing attention required.

 

Overdue Operational Risk Reviews have increased in number by 43.75% (48 to 69) from the previous period.

This is likely due to the lack of direct notification of due dates in the system. and risk owners not monitoring their Risk Dashboard, and risk attention reports.

The notification of overdue risks process is pending activation, and it is anticipated that this will be working prior to the next ARC committee meeting.

The Risk Attention report does provide a reminder that risk reviews/control reviews and Treatment actions are nearing overdue status and overdue.

We have had some difficulty with the reporting hierarchy in Sycle, not matching the current reporting lines for the business, and are close to solving this issue.

We are currently working on the reactivation of the auto notification process in Sycle and further details are contained in the following part of the report.

 

Notification Process:

This is part of the Uplift Programme (Attachment 7)

Sycle has the capability of automatically notifying risk owners, control owners and treatment action owners when their responsibilities are nearing the due date.

The original setup of the Sycle software and the lack of understanding of the process, resulted in an overwhelming number of notifications to the various owners and interested parties.  Therefore, the decision was made to switch the process off.

We believe we are at the point where the registers will benefit from the notification process to automatically email notifications with reminders that the risks, the controls and treatment action owners and their managers would benefit from these prompts.

It is our intention to activate the notification process for the Operational risk register first, given the number of risks we are managing. (Total active 192) with 966 Controls and 336 Treatment Actions to maintain.

There is some benefit in standardising the controls given the large number of them.  This is because of not having a library of controls to choose from and therefore individual could create their own, leaving a number of controls basically expressing the same control but worded slightly different.

The system will indicate if the chosen control already exists, and then only allow a selection from the library.

This is part of the uplift programme to rationalise these and the causes and consequences.

The next phase of the notification process will be the Strategic Risk Register and as there are only some 12 total this is anticipated as being not as complex a register to manage.  There are currently 106 Control and 60 Treatment actions to maintain.

Overdue treatment actions have also reduced 3% and is evidence that target dates to address poor performing controls are being improved.

The 50% increase in the revised level of risk is a result of increased review work with the benefit of a more accurate picture of the revised level of risk.

Improving this measure is a focus of the next phase of the risk uplift programme, with the intention to ensure controls are in place and are as effective as possible, with escalation where required.

Assurance

Currently NCC does not have a Quality Assurance framework or policy.

Part of this would refer to the internal audit programme and is one facet of how we provide assurance to the ELT, and the Audit and Risk Committee.

It is our intention to suggest a simple Quality assurance framework to assist in providing this assurance.

Whilst the risk uplift programme is intended to impart a risk-based audit process, the assurance process will entail significant work to integrate the assurance and risk management processes.

A proposal for what we plan will be provided in the following Audit and Risk Report, once we have sufficient details of this.

9.6   Options

The options available to the Committee are as follows:

a.     Receive the Risk Management Report

b.     Not to receive the Risk Management Report

9.7   Development of Preferred Option

Receive the Risk Management Report dated 5 September 2024.

 

9.8   Attachments

1      Overview Strategic Risk Bow Tie to 27Aug (Doc Id 1786272) (Under separate cover 1)  

2      Operational Risk Attention Report (Doc Id 1786273) (Under separate cover 1)  

3      Out of Appetite - Operation Risks (Doc Id 1786269) (Under separate cover 1)  

4      NCC Operational Risk Basic Report High Extreme (Doc Id 1786271) (Under separate cover 1)  

5      NCC Strategic Risk Basic Report High Extreme to 27 Aug (Doc Id 1786270) (Under separate cover 1)  

6      NCC Strategic Risk Profile (Doc Id 1786308) (Under separate cover 1)  

7      Uplift Items (Doc Id 1786867) (Under separate cover 1)   

 

10.  Health and Safety Report

Type of Report:	Enter Significance of Report
Legal Reference:	Enter Legal Reference
Document ID:	1786472
Reporting Officer/s & Unit:	Jill Coyle, People Operations Manager

 

10.1 Purpose of Report To inform the Audit & Risk Committee (ARC) of Health Safety and Wellbeing (HSW) strategic progress, performance and activities covering the period June 2024 to 20 August 2024. The report enables the ARC to provide assurance to Council for the capability and functioning of Council’s health, safety and wellbeing hazard and risk management system and associated programme.

 

Officer’s Recommendation

The Audit and Risk Committee:

a)   Receive the Health and Safety Report for the quarter ended 20 August 2024.

 

10.2 Background Summary

Napier City Council (NCC) has duties under the Health and Safety at Work Act 2015 and subsequent regulations to ensure the safety of employees, and all other persons, at, or impacted by the work of Council. Duties of Council are upheld through the implementation of NCC’s health and safety management system, that is guided by legislation, codes of practice, and is designed to address operational health and safety risks.

Executive Summary

·    Revised risk assessments for SR32 Ref Risk Management Report for further details of this Strategic Risk, and OR183 remain high and out of appetite, with OR328 assessed as medium. Improvements to these will be detailed in the relevant treatment actions and escalated as required.

·    Critical hazards have been identified across Council with many requiring a risk assessment. This would include the review of internal controls and determination of their effectiveness.

·    Due to a change process within the People and Capability (P&C) team being undertaken over the past 6 weeks, there has been a notable slowdown in reporting against strategic initiatives for this quarter. This transition has temporarily impacted the effectiveness of the Health, Safety, and Well-being (HSW) team, resulting in minimal strategic progress reporting. We anticipate that the change process within the P&C team will be concluded within the next 2 to 3 weeks. Following this, the P&C team is expected to be fully resourced to resume the delivery of the work programme effectively by the beginning of the next quarter.

 

 

Discussion

Strategic and operational risks

Risk no	Risk Issue	Inherent RA	Revised RA	Target RA*	Risk Movement
SR14	Failure to maintain a safe and healthy workplace and safe systems of work (ie we do not proactively navigate H&S threats)	Extreme	High	Medium	Nil
OR183	Failure to manage health, safety, and wellbeing in the workplace	Extreme	High	Medium	Nil
OR328	Failure to comply with the Health and Safety at Work Act 2015 and subsequent regulations.	Extreme	Medium	Low	Nil

 

Critical and emerging risks

While the table below is not an exhaustive list, it provides a starting point for the identification and assessment of critical risks. Further work is required for the identification and assessment of hazards, risks, and internal controls to determine effectiveness, with an update due to ARC in Q3.

Table 2. Hazards and critical health & safety risks 

Hazard	Description of hazard	Risk in register (Sycle) Yes/No	Revised risk assessments
Contractors	Napier City Council engage contractors to complete work on our behalf. The Council are required to work in partnership with contractors to ensure duties as PCBUs are met, including conformance with Councils safety management system.	No	N/A
Wellbeing and psychosocial factors	Within workplace settings, there are environmental, relational, and operational hazards that may affect people’s psychological and physical health.	No	N/A
Human behaviour	There is an increased presence of anti-social and intimidating behaviour from members of public towards Council staff.	No	N/A
Dangerous work activity	Workers, contractors, and volunteers often complete high-risk work activity including the handling of hazardous substances, confined spaces, excavations, lockout / tag out, working from heights, roof access, hazardous waste disposal, excavations, and operating heavy machinery.	No	N/A
Building materials	Assets may contain hazardous building material including asbestos and silica,	Yes	OR207 - High
Pool facilities and water features.	Council own and/or operate a range of pool facilities including ocean Spa, Napier Aquatic Centre, Kennedy Park, and several water features.	Yes	OR49 – High OR89 - Medium OR316* – Medium OR325 - Low OR332* - Medium

 

        Strategic progress

The following workstreams will be presented to this Committee and are meant to outline progress in alignment with our Health & Safety improvement plan that represents significant programmes of work due for completion by June 2025. The work programmes are designed to improve our health and safety management system, the management of health and safety risks, an promote a positive health and safety culture.

Workstream	Status	Milestones completed	Next milestone	Comment
System improvement	75%	·      Health and Safety  Policy ·      ELT Leadership charter ·      Centralisation of H&S data and documentation ·      Upgrade of incident reporting system (MySafety)	Establish performance indicators and annual health and safety targets.   Review of H&S roles and responsibilities framework.	Commence October 2024
			1.	1.
Health and safety risk management	20%	·      Nil	Identification and assessment of critical health and safety risks.
Leadership and commitment	30%	·      Training and professional development opportunities delivered for directors and managers.	Develop health and safety induction and training programme for managers and team leads to ensure they are equipped to manage health and safety risks.	The review of our induction is currently underway
Health and safety learning and development	50%	·      Review of induction process, material, and scheduling.	Complete training needs assessment for managers and team leaders	The current onboarding including inductions for our new starters is under review however weekly inductions for HSW continue.   Risk based training is currently delivered using external training and education providers.
Communication	50%	·      Nil	Health and safety communications plan and deliver communication on health and safety matters through existing channels and networks.
Engagement	50%	·      Review and update health and safety committee terms of reference, and health and safety representative responsibilities, & accountabilities.	Establish communication channels for workers to remain engaged and informed for workplace health and safety.
Audit and assurance	25%	·      Nil	Develop and implement a schedule of health and safety reporting to enable effective monitoring and reviewing of health and safety performance based on strategic objectives and KPIs.	An audit is currently being undertaken for elected contractors with regard to critical risk management

 

 

Health and safety reporting

Health and safety reporting profiled over this reporting period are summarised below (as of 20/08/2024).

Lag Reporting	Q3 2023	Q3 2024
Incidents	70	123
Pain + Discomfort	15	23
Near Miss	29	50
Lost time injuries	1	0
Lead reporting	Q3 2023	Q3 2024
Safety Observations	72	111
Meetings	36	26
Training delivered	190	118

 

Investigations

·   There were zero Council events that required an investigated during this reporting period.

·   There were zero contractor events that required an investigation during the reporting period.

WorkSafe notifiable events

·   There was zero contractor WorkSafe notifiable event during the reporting period.

Workplace wellbeing

The wellbeing working group has been established to develop a wellbeing strategy for Council. Progress of key tasks for the development of the strategy are provided below. There has been no progress with the wellbeing working group while we have been reviewing our resourcing needs of the People & Capability Team. We anticipate this strategy will also be reviewed as part of the over P&C strategic plan that will be developed in October.

 

Tasks	Status	Due date	Milestones completed	Next milestone	Comment
Literature review	100%	n/a	Literature review	Completed	Strong evidence for addressing organisational factors with an emphasis on work design.
Current state assessment	100%	n/a	Current state assessment	Completed	NCC lacks a co-ordinated and structured approach to supporting workplace wellbeing. Initiatives and programmes are reactive and targeted to individuals. This approach is not well supported by the evidence.
Data collection and analysis	10%	10 June, 2024	Nil	Desktop analysis. Worker engagement	Delays in initiating this work due to dependencies, competing demands and availability of resource.
Future state recommendations including setting objectives, and outcome measures.	0%	30 June, 2024	Nil		Delays in initiating this work due to dependencies and availability of resource.

10.3 Significance and Engagement

N/A

10.4 Implications

Financial

N/A

Social & Policy

N/A

Risk

N/A

10.5 Development of Preferred Option

Recommend that the Audit and Risk Committee receive the Health and Safety Report.

 

10.6 Attachments

Nil

Recommendation to Exclude the public

 

That the public be excluded from the following parts of the proceedings of this meeting, namely:

AGENDA ITEMS

1.         Chief Executive - Verbal Update

2.         Audit New Zealand - Verbal Update

 

The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:

General subject of each matter to be considered.	Reason for passing this resolution in relation to each matter.	Ground(s) under section 48(1) to the passing of this resolution.
1.  Chief Executive - Verbal Update	7(2)(h) Enable the local authority to carry out, without prejudice or disadvantage, commercial activities	48(1)(a) That the public conduct of the whole or the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist: (i) Where the local authority is named or specified in Schedule 1 of this Act, under section 6 or 7  (except 7(2)(f)(i)) of the Local Government Official Information and Meetings Act 1987.
2.  Audit New Zealand - Verbal Update	7(2)(h) Enable the local authority to carry out, without prejudice or disadvantage, commercial activities	48(1)(a) That the public conduct of the whole or the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist: (i) Where the local authority is named or specified in Schedule 1 of this Act, under section 6 or 7  (except 7(2)(f)(i)) of the Local Government Official Information and Meetings Act 1987.

 

 

 

 

 

Audit and Risk Committee

Open Minutes

 

Meeting Date:	Friday 14 June 2024
Time:	9.30am  - 10.46am Open) 11.00am - 11.18am (Public Excluded) 11.20am - 11.41am (Open)
Venue	Breakout Room 1 War Memorial Centre Marine Parade Napier
	Audio-visually recorded for Council website

 

Present	Chair:          Bruce Robertson Members:   David Pearson, Councillor Sally Crown (Deputy Chair) and Councillor Greg Mawson
In Attendance	Chief Executive (Louise Miller) [via Zoom] Deputy Chief Executive / Executive Director Corporate Services (Jessica Ellerm) Chief Financial Officer (Caroline Thomson) Financial Controller (Talia Foster) Audit New Zealand (Karen Young) Senior Health and Safety Advisor (Andrew Wallace) Health, Safety and Wellbeing Lead (Adam McDonald) [via Zoom] Business Improvement Manager (Alister Edie) [via Zoom] Acting Chief People Officer (Jill Coyle) [via Zoom] Mark Cervantes, Crowe [via Zoom]
Administration	Governance Advisors (Carolyn Hunt and Jemma McDade)

 

 

 

 

 

Audit and Risk Committee – Open Minutes

 

Table of Contents

Order of Business                                                                                             Page No.

Karakia. 3

Apologies. 3

Conflicts of interest 3

Public forum.. 3

Announcements by the Chairperson. 3

Announcements by the management 3

Confirmation of minutes. 3

Agenda Items

1.      Internal Audit Recommendations Progress Report 4

2.      Sensitive Expenditure - Mayor and Chief Executive. 4

4.      Policy review process update. 5

5.      External Audit actions status update. 5

6.      Health and Safety Report 6

7.      Risk Management Report 7

Minor matters. 7

Resolution to Exclude the Public. 7

3.      Internal Audit:  Contract Management Report 9

 

 

 

 

 

 

 

 

 

 

 

 

Order of Business

Karakia

The meeting opened with the Council karakia.

Apologies

Bruce Robertson / Councillor Mawson That the apologies for absence from Mayor Wise and Councillor Browne be accepted. Carried

 

Conflicts of interest

Nil

Public forum

Nil

Announcements by the Chairperson

Nil

Announcements by the management

Nil

Confirmation of minutes

Bruce Robertson / David Pearson That the Minutes of the Audit and Risk Committee meeting held on 4 April 2024 were taken as a true and accurate record of the meeting.   Carried

 

The Chair referred to Item 8 recommendation (b) for the Audit Plan for 2023/24 Annual Report in the Minutes of the meeting held 4 April 2024 as below and would arrange approval with the Chief Executive.

b)     Delegate authority to the Chair and the Chief Executive to approve the Audit Plan for the 2023/24 Annual Report on behalf of the Audit and Risk Committee (Doc Id 1746445).

Minor Matter

Asset Management Roadmap

ACTION Officers to prepare an update on the Asset Management Roadmap for the next Audit and Risk Committee meeting to be held on 5 September 2024.

 

 

Agenda Items

1.    Internal Audit Recommendations Progress Report

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1756765
Reporting Officer/s & Unit:	Raewyn Fowler, Internal Audit Lead

 

1.1   Purpose of Report

The purpose of this report is to provide the Committee with a summary of the internal audit recommendations progress to date.

 

At the meeting The Financial Controller, Ms Foster took the report as read advising that good progress was being made on the agreed management actions.  Prioritisation of the work programme was undertaken by the Manager based on risk, with high risk prioritised first, however some lower/quicker actions will be undertaken sooner as these are often quick wins which require less resource to deliver. The four key internal audit matters that have outstanding actions (Building and Resource Consents; Sensitive Expenditure; Records Management and PAYE & WHT) were prioritised with the PAYE action rated with the highest priority and good progress on completing has occurred. Corporate compliance risks are considered high and need to be addressed quickly. Follow up with contractors who have been given access to Council records and  information to ensure it has been returned.

Committee resolution

Councillors Crown / Mawson The Audit and Risk Committee: a)   Receive the Internal Audit Recommendations Progress Report. Carried

 

 

2.    Sensitive Expenditure - Mayor and Chief Executive

Type of Report:	Procedural
Legal Reference:	N/A
Document ID:	1756766
Reporting Officer/s & Unit:	Raewyn Fowler, Internal Audit Lead Talia Foster, Financial Controller

 

2.1   Purpose of Report

To provide the information required for the Committee to review Sensitive Expenditure of the Mayor and Chief Executive for compliance with Council’s Sensitive Expenditure Policy.

 

At the meeting The Financial Controller, Ms Foster took the report as read confirming that all items identified in the report for this quarter complied with Council’s policy.
Committee resolution	Bruce Robertson / Councillor Mawson The Audit and Risk Committee: a.     Receive the 31 March 2024 quarterly report of Sensitive Expenditure for the Mayor and Chief Executive and review for compliance with the Sensitive Expenditure Policy. Carried

 

Item 3 would be addressed later in the meeting to enable Mark Cervantes of Crowe to join the meeting via Zoom.

 

4.    Policy review process update

Type of Report:	Operational
Legal Reference:	N/A
Document ID:	1756764
Reporting Officer/s & Unit:	Talia Foster, Financial Controller Caroline Thomson, Chief Financial Officer

 

4.1   Purpose of Report

To update the committee on the progress made to date with the policy review project.

 

At the meeting The Financial Controller, Ms Foster spoke to the report advising that since the last meeting four policies had been approved (Gifts and Gratuities; Travel; Koha and 2024 Elected Members Expenses). It was noted that a further five policies (Credit Card; Sensitive Expenditure; Payment Policy; Complaints and Pressure Sewer) would be presented to the Executive Leadership Team (ELT) later in June 2024 and would be reported back to the Committee at the next meeting.

Committee resolution

Bruce Robertson / David Pearson The Audit and Risk Committee: a.     Receive the report titled “Policy Review Process Update” dated 14 June 2024. Carried

5.    External Audit actions status update

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1762046
Reporting Officer/s & Unit:	Talia Foster, Financial Controller

 

5.1   Purpose of Report

The purpose of this paper is to summarise the actions taken by management from recommendations made via our external audit process to provide assurance to the Audit and Risk Committee that these have been addressed.

 

At the meeting The Financial Controller, Ms Foster took the report as read advising that good progress was being made.  Ms Young advised that she would be reviewing the Audit Plan list in the near future and would provide an update at the next meeting.
Committee resolution	Councillor Mawson / David Pearson The Audit and Risk Committee: a.     Receive this report titled “External Audit Actions Status Update” dated 14 June 2024. Carried

 

 

6.    Health and Safety Report

Type of Report:	Information
Legal Reference:	N/A
Document ID:	1762676
Reporting Officer/s & Unit:	Adam McDonald, Health, Safety and Wellbeing Lead

 

6.1   Purpose of Report To inform the Audit & Risk Committee (ARC) of Health Safety & Wellbeing (HSW) strategic progress, performance and activities covering the period March 2024 to May 2024. The report enables the ARC to provide assurance to Council for the capability and functioning of Council’s health, safety and wellbeing hazard and risk management system and associated programme.

 

At the meeting The Senior Health and Safety Advisor, Mr Wallace spoke to the report providing a brief summary and overview of Health and Safety activity risks, progress of initiatives underway to improve health, safety, and wellbeing, as well as current key performance indicators covering the period March 2024 to May 2024. In response to questions the following was clarified: ·        In regard to the incident with the contractor they did have a Site Specific Safety Plan for the job which had been reviewed by officers before commencement. The project was being project managed on behalf of Council by Beca and advice at a pre-site meeting had been they would only have licensed operators on site. However this was not the case. ·        Prior to the incident, Officers have been working with Council’s 3 Waters Team and Projects Team on how better control over contractors on high risk projects could be achieved. In the Mysafety Assurance system there are hints that they can provide to  contractors to ensure they understand what is expected of them. ·        WorkSafe is locally based with four officers in Napier. ·        Mr McDonald is developing a Strategic Wellbeing Strategy to identify critical risk in the Health and Safety area. Good progress is being made on the implementation of the Improvement Plan. ·        It is proposed that the overall Wellbeing Strategy will be completed this month and will be delivered to ELT by Mr Mcdonald by the end of June 2024. There is funding in Year 1 of the 3 Year Plan for its implementation. Completion of the plan is expected over the next six to twelve months. ·        A system is being implemented that will improve reporting and data collection that will reflect accurately what is happening in the organisation.

Committee resolution

Bruce Robertson / Councillor Crown The Audit and Risk Committee: a.     Receive the Health and Safety Report for the period March 2024 to May 2024. Carried

 

 

7.    Risk Management Report

Type of Report:	Operational
Legal Reference:	N/A
Document ID:	1756767
Reporting Officer/s & Unit:	Dave Jordison, Risk and Assurance Lead Alister Edie, Business Improvement Manager

 

7.1   Purpose of Report

To update the Committee on risk management workstreams and inform on the status of Council’s strategic and operational risk profile and any emerging risks.

 

At the meeting The Business Improvement Manager, Mr Edie spoke to the report providing a brief summary of the current risk management framework, some developments and workstreams underway. Tabled at the meeting and attached to the minutes (Doc Id 1769201) was a dashboard review of Council’s Strategic Risks for approval by the Committee. The uplift programme has been drafted to improve the management of the risk framework and sought the Committee’s support on the categories. The meeting acknowledged the efforts of the ELT and officers on the improvement in the risk reporting. The following points were highlighted: ·        Most of the strategic risks align to the current risks, with a couple of new ones included being security and privacy information and the Council Reputational risk which will cover metrics such as the CouncilMark report and satisfaction surveys. ·        The Committee noted Strategic Risk 6 - Failing to meet Te Tiriti o Waitangi commitments and obligations from a legislative perspective should sit with the Chief Executive and not the Pou Whakarae. ·        The leadership coming through is to be commended and this will encourage good progress to be made. ·        The strategic risks will be presented to all of Council as it is important they review and approve them. ·        The Uplift Programme needs to include the role of governors and where they fit in the risk framework. A discussion is required regarding risk appetite and what needs to be managed and affirmed by Council. ·        The Committee were happy with the Uplift Programme and risk categorisation, acknowledging there could be a tweak once the Crowe risk maturity report is received. ·        Training has been developed for the Audit and Risk Committee, ELT and managers to provide understanding of their responsibility and risk management, which is a key piece of the Uplift Programme. ·        It was agreed that Strategic Risk 5  “Funding and financial management” be changed to “Sustainable Financial Strategy”. ·        The Uplift Programme is primarily focused on below the governance level.  ·        The strategic risks need to be addressed with what has been adopted in the 3 Year Plan objectives, as they are the most critical items that need to be achieved with the strategic risks aligned. ·        A meeting with Council to discuss Council Reputation and risk appetite focusing on why the strategic risks are the ones governors and the Audit & Risk Committee should be addressing. ·        The Committee agreed to add a standing agenda item for future meetings, to understand how management is embedded and to support ELT in their deep dives.

Committee resolution

Bruce Robertson / Councillor Crown The Audit and Risk Committee: a.     Receive the report titled “Risk Management Report” dated 16 June 2024. b.     Approve Council’s updated list of strategic risks as below:   New Strategic Risk Risk Owner                             Strategic Priority Link 1.      People & Capability All of ELT = Louise Miller - Chief Executive A resilient City, financially sustainable Council, General 2.     Not enabling our communities to become resilient Thunes Cloete - Executive Director Community Services   A resilient city 3.     Failure to plan for, develop and maintain sound infrastructure Russell Bond - Executive Director Infrastructure Services A resilient City, financially sustainable Council 4.     Work Health & Safety - failure to maintain a safe and healthy workplace and safe systems of work Louise Miller - Chief Executive   General 5.     Sustainable Financial Strategy  Jessica Ellerm - Deputy Chief Executive / Executive Director Corporate Services Financially sustainable Council 6.     Failing to meet Te Tiriti o Waitangi commitments and obligations Morehu Te Tomo - Pou Whakarae Nurturing authentic relationships, Places and spaces for all 7.     Effectiveness of Emergency Management Thunes Cloete - Executive Director Community Services A resilient City, financially sustainable Council 8.     Climate Change Rachael Bailey - Executive Director City Strategy A resilient City, financially sustainable Council 9.     Impact of external change and reform Rachael Bailey - Executive Director City Strategy   General, A resilient city 10.  Security and Privacy of Data and Information Jessica Ellerm - Deputy Chief Executive / Executive Director Corporate Services   General 11.  Delivery of programmes and change Rachael Bailey - Executive Director City Strategy   General 12.  Council Reputation Louise Miller - Chief Executive General   c.     Support the draft risk management uplift programme. d.     Acknowledge and thank the Executive Leadership Team and officers for the work undertaken on risk management and the development of the uplift programme.   Carried

 

Minor matters

Asset Management Roadmap addressed at the beginning of the meeting.

 

 

Resolution to EXCLUDE the Public

Bruce Robertson / Councillor Mawson That the public be excluded from the following parts of the proceedings of this meeting, namely: 1.         Verbal Update Chief Executive 2.         Severance Pay Recommendations Update Carried

 

The general subject of each matter to be considered while the public was excluded, the reasons for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution were as follows:

General subject of each matter to be considered.	Reason for passing this resolution in relation to each matter.	Ground(s) under section 48(1) to the passing of this resolution.
1.  Verbal Update Chief Executive	7(2)(h) Enable the local authority to carry out, without prejudice or disadvantage, commercial activities	48(1)(a) That the public conduct of the whole or the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist: (i) Where the local authority is named or specified in Schedule 1 of this Act, under section 6 or 7  (except 7(2)(f)(i)) of the Local Government Official Information and Meetings Act 1987.
2.  Severance Pay Recommendations Update	7(2)(c)(i) Protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information or information from the same source and it is in the public interest that such information should continue to be supplied	48(1)(a) That the public conduct of the whole or the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist: (i) Where the local authority is named or specified in Schedule 1 of this Act, under section 6 or 7  (except 7(2)(f)(i)) of the Local Government Official Information and Meetings Act 1987.

 

The meeting adjourned at 10.46am and reconvened at 11.00am in Public Excluded.

The meeting further reconvened at 11.18am in Open to address Item 3 below

 

3.    Internal Audit:  Contract Management Report

Type of Report:	Operational
Legal Reference:	Local Government Act 2002
Document ID:	1760996
Reporting Officer/s & Unit:	Raewyn Fowler, Internal Audit Lead Sharon O'Toole, Procurement Manager

 

3.1   Purpose of Report

To table to the Committee the internal audit on Contract Management undertaken by Council’s internal auditors, Crowe.

 

At the meeting The Procurement Manager, Ms O’Toole spoke to the report providing an overview of the internal audit undertaken and the eleven risks identified. A Procurement and Management Improvement Plan has been drafted and will be presented to ELT for approval on 18 June 2024 to ensure priorities, funding and resourcing are available. It is intended to report back to the Committee at the September meeting. The Committee had a positive response to the report and the recommendation of the development of an improvement plan. Mr Cervantes joined the meeting at 11.30am via zoom.     Mr Cervantes highlighted the following: ·        The key risks identified in particular were: contract management strategy to be developed, framework document needs to be up-to-date in accordance with the audit and enforcement of financial delegations. ·        Management agree to have an overarching contract management strategy, as well as to get the policies and procedures up-to-date and enforced. ·        Management responses overall have met the satisfaction of the internal auditor. ·        The Risk Management Audit being undertaken to be reported back at the next meeting in September 2024.

Committee resolution

Bruce Robertson / David Pearson The Audit and Risk Committee: a.        Receive the report from Crowe titled ‘Internal Audit – Contract Management’. b.        Endorse actions of management to prepare and consider a Procurement and Management Improvement Plan.   Carried

 

The Chair requested that a standing verbal report be included on future Audit and Risk Committee agendas for Karen Young, Audit New Zealand to provide an update to the Committee.

 

 

 The meeting closed with a karakia at 11.41am

 

Approved and adopted as a true and accurate record of the meeting.     Chairperson ......................................................................................................................     Date of approval ...............................................................................................................