AGENDA
Ordinary meeting of the
Audit, Risk and Finance Subcommittee
Tuesday 15 May 2018
Commencing at 9.00am
Council Chamber
Civic House
110 Trafalgar Street, Nelson
Membership: Mr John Peters (Chairperson), Her Worship the Mayor Rachel Reese, Councillors Ian Barker and Bill Dahlberg and Mr John Murray
Guidelines for councillors attending the meeting, who are not members of the Committee, as set out in Standing Order 12.1:
· All councillors, whether or not they are members of the Committee, may attend Committee meetings
· At the discretion of the Chair, councillors who are not Committee members may speak, or ask questions about a matter.
· Only Committee members may vote on any matter before the Committee
It is good practice for both Committee members and non-Committee members to declare any interests in items on the agenda. They should withdraw from the room for discussion and voting on any of these items.
Audit, Risk and Finance
Subcommittee
15 May 2018
1. Apologies
Nil
2. Confirmation of Order of Business
3.1 Updates to the Interests Register
3.2 Identify any conflicts of interest in the agenda
Document number M3252
Recommendation
That the Audit, Risk and Finance Subcommittee
Confirms the minutes of the meeting of the Audit, Risk and Finance Subcommittee, held on 13 February 2018, as a true and correct record.
6. Chairperson's Report
7. Status Report - Audit Risk and Finance Subcommittee - 15 May 2018 16 - 17
Document number R9278
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Status Report - Audit Risk and Finance Subcommittee - 15 May 2018 (R9278) and its attachment (A1753947).
8. Key Organisational Risks - 1st Quarterly Report Calendar 2018 18 - 35
Document number R9223
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Key Organisational Risks - 1st Quarterly Report Calendar 2018 (R9223) and its attachment (A1951823).
Recommendation to Council
9. Corporate Report to 31 March 2018 36 - 47
Document number R9198
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Corporate Report to 31 March 2018 (R9198) and its attachments (A1958594 and A1956070).
Recommendation to Council
10. Internal Audit - Quarterly Progress Report to 31 March 2018 48 - 54
Document number R8842
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Internal Audit - Quarterly Progress Report to 31 March 2018 (R8842) and its attachment (A1949842); and
Approves the proposal to reduce the Internal Audit Plan to 30 June 2018 by three audits.
11. Internal Audit - Summary of New or Outstanding Significant Risk Exposures and Control Issues to 31 March 2018 55 - 60
Document number R9251
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Internal Audit - Summary of New or Outstanding Significant Risk Exposures and Control Issues to 31 March 2018 (R9251) and its attachment (A1950727).
12. Health Safety and Wellbeing Performance Report: January to March 2018 61 - 76
Document number R9216
Recommendation
That the Audit, Risk and Finance Subcommittee
Receives the report Health Safety and Wellbeing Performance Report: January to March 2018 (R9216) and its attachment (A1946126).
Recommendation
That the Audit, Risk and Finance Subcommittee
Excludes the public from the following parts of the proceedings of this meeting.
The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:
|
Item |
General subject of each matter to be considered |
Reason for passing this resolution in relation to each matter |
Particular interests protected (where applicable) |
|
1 |
Current Legal Proceedings
|
Section 48(1)(a) The public conduct of this matter would be likely to result in disclosure of information for which good reason exists under section 7 |
The withholding of the information is necessary: · Section 7(2)(g) To maintain legal professional privilege |
14. Re-admittance of the public
Recommendation
That the Audit, Risk and Finance Subcommittee
Re-admits the public to the meeting.
Audit, Risk and Finance Subcommittee Minutes - 13 February 2018
Minutes of a meeting of the Audit, Risk and Finance Subcommittee
Held in the Council Chamber, Civic House, 110 Trafalgar Street, Nelson
On Tuesday 13 February 2018, commencing at 9.00am
Present: Mr J Peters (Chairperson), Her Worship the Mayor R Reese, Councillors I Barker, B Dahlberg and Mr J Murray
In Attendance: Councillors M Courtney, P Matheson and B McGurk, Chief Executive (P Dougherty), Group Manager Corporate Services (N Harrison), Community Services Manager (C Ward), Senior Strategic Adviser (N McDonald), Manager Organisational Assurance and Emergency Management (R Ball), Internal Audit Analyst (L Anderson), Risk and Procurement Analyst (S Vaughan), Health and Safety Adviser (M Hughes), Manager People and Capability (S Vincent), Manager Administration (M Birch), Audit NZ Director (B Kearney), Audit NZ Associate Director (J Coetzee) and Governance Advisers (P White and J Brandt).
Apologies: Nil
1. Apologies
Her Worship the Mayor was not present at the commencement of the meeting.
2. Confirmation of Order of Business
The Chairperson noted that Items 9 and 11 would be taken together as both concerned Audit NZ.
3. Interests
There were no updates to the Interests Register, and no interests with items on the agenda were declared.
4. Public Forum
There was no public forum.
5. Confirmation of Minutes
5.1 14 November 2017
Document number M3123, agenda pages 9 - 16 refer.
|
Resolved AUD/2018/001 That the Audit, Risk and Finance Subcommittee Confirms the minutes of the meeting of the Audit, Risk and Finance Subcommittee, held on 14 November 2017, as a true and correct record. Barker/Dahlberg Carried |
6. Status Report - Audit Risk and Finance Subcommittee -13 February 2018
Document number R8930, agenda pages 17 - 21 refer.
|
Resolved AUD/2018/002 That the Audit, Risk and Finance Subcommittee Receives the Status Report Audit, Risk and Finance Subcommittee 13 February 2018 (R8930) and its attachment (A1753947). Murray/Dahlberg Carried |
7. Chairperson's Report
Attendance: Her Worship the Mayor joined the meeting at 9.08am.
|
The Chairperson gave a verbal report. He stated that he and the Group Manager Corporate Services had reviewed the full Audit NZ letter to management for the year ending 30 June 2017, and he was satisfied that the matters, and responses to those matters, were appropriate. He highlighted some key points in that letter. |
|
Resolved AUD/2018/003 That the Audit, Risk and Finance Subcommittee Receives the Chairperson’s report. Peters/Dahlberg Carried |
8. Theatre Royal Loan
Document number R8838, agenda pages 22 - 41 refer.
Group Manager Community Services Chris Ward spoke to the report. He noted that the Theatre Royal Trust had sent through the theatre’s capital renewals programme to Council officers.
Mr Ward answered questions about Council’s debt cap, how Council had treated other loans to not-for-profit organisations, the Theatre Royal’s financial position overall and the planned maintenance schedule for the theatre and how this would be funded.
|
Resolved AUD/2018/004 That the Audit, Risk and Finance Subcommittee Receives the report Theatre Royal Loan (R8838) and its attachments (A1898640 and A1906067). Her Worship the Mayor/Dahlberg Carried |
|
Recommendation to Council AUD/2018/005 That the Council Agrees to take on the Nelson Historic Theatre Trust’s loan of $632,256 from the Nelson Building Society; and Confirms that it expects the Nelson Historic Theatre Trust to repay the full loan amount (total $2,132,256); and Agrees to increase the mortgage over the building to $2,132,256; and Sets the loan repayment terms for the Nelson Historic Theatre Trust at $60,000 per year, payable quarterly (commencing in September 2018), with payment terms subject to review every five years. Her Worship the Mayor/Dahlberg Carried |
9. Audit NZ - Letter to the Council on the audit for year ending 30 June 2017
Document number R8222, agenda pages 42 - 50 refer.
Audit NZ Director Bede Kearney and Associate Director Jacques Coetzee spoke to the meeting.
The Subcommittee acknowledged and thanked Mr Kearney for his working relationship with Council during his time as Director Audit NZ.
|
Resolved AUD/2018/006 That the Audit, Risk and Finance Subcommittee Receives the report Audit NZ - Letter to the Council on the audit for year ending 30 June 2017 (R8222) and its attachment (A1891276). Barker/Murray Carried |
10. Audit NZ - Audit Engagement Letter for the Long Term Plan 2018-28
Document number R8865, agenda pages 75 - 103 refer.
Audit NZ Director Bede Kearney and Associate Director Jacques Coetzee spoke to the meeting, offered the report be taken as read and noted that there was no statutory requirement for timing of the audit of the Consultation Document, however the Long Term Plan must be audited by 30 June 2018. He said there was very little room for timetable slippage due to the heavy workload for Audit NZ at this time.
|
Resolved AUD/2018/007 That the Audit, Risk and Finance Subcommittee Receives the report Audit NZ - Audit Engagement Letter for the Long Term Plan 2018-28 (R8865) and its attachment (A1894901); and Notes the subcommittee can provide feedback on the Audit Engagement Letter to Audit NZ if required and that the Mayor will sign the letter in its current form. Barker/Dahlberg Carried |
11. Tendering Processes - Follow Up Report
Document number R8832, agenda pages 51 - 74 refer.
The Subcommittee noted the changes that had been requested of Crowe Howarth, and that the report as included in the agenda had incorporated those changes. The Subcommittee also noted the elected members’ responsibilities under the Local Authorities (Members’ Interests) Act.
|
Resolved AUD/2018/008 That the Audit, Risk and Finance Subcommittee Receives the report Tendering Processes - Follow Up Report (R8832) and its attachments (A1856124 and A1897197); and Notes that all recommendations rated as high from the 2016 Crowe Horwath Report have been actioned. Murray/Dahlberg Carried |
12. Corporate Report to 31 December 2017
Document number R8857, agenda pages 104 - 114 refer.
Group Manager Corporate Services Manager Nikki Harrison presented the report and answered questions on re-prioritisation and overspend on capital budgets.
|
Resolved AUD/2018/009 That the Audit, Risk and Finance Subcommittee Receives the report Corporate Report to 31 December 2017 (R8857) and its attachments (A1903395 and A1904902). Barker/Dahlberg Carried |
13. Internal Audit Quarterly Report to 31 December 2017
Document number R8869, agenda pages 115 - 117 refer.
Internal Audit Analyst Lynne Anderson presented the report.
|
Resolved AUD/2018/010 That the Audit, Risk and Finance Subcommittee Receives the report Internal Audit Quarterly Report to 31 December 2017 (R8869) and its attachment (A1894689). Dahlberg/Murray Carried |
14. Key Organisational Risks Calendar 2017 - 4th Quarterly Report
Document number R8797, agenda pages 118 - 135 refer.
Risk and Procurement Analyst Steve Vaughan presented the report and answered questions in regard to a number of risk areas. He offered a correction to page 75 – in the first point this should read March, not February.
|
Resolved AUD/2018/011 That the Audit, Risk and Finance Subcommittee Receives the report Key Organisational Risks Calendar 2017 - 4th Quarterly Report (R8797) and its attachment A1895817. Barker/Dahlberg Carried |
15. Health, Safety and Wellbeing Performance Report, October - December 2017
Document number R8871, agenda pages 136 - 152 refer.
The meeting adjourned at 11.09am and reconvened at 11.17am.
Health and Safety Adviser Malcolm Hughes presented the report and was asked to consider that there were appropriate mechanisms to make all elected members aware of the reporting, and what they could do if they had questions in regard to their responsibility as Officers under the Act.
|
Resolved AUD/2018/012 That the Audit, Risk and Finance Subcommittee Receives the report Health, Safety and Wellbeing Performance Report, October - December 2017 (R8871) and its attachment (A1895727). Her Worship the Mayor/Barker Carried |
16. Security Incidents at Council Libraries
Document number R8872, agenda pages 153 - 166 refer.
Health and Safety Adviser Malcolm Hughes presented the report and responded to questions from the Subcommittee on appropriate actions in response to the issues raised.
|
Resolved AUD/2018/013 That the Audit, Risk and Finance Subcommittee Receives the report Security Incidents at Council Libraries (R8872) and its attachment (A1848048). Dahlberg/Peters Carried |
17. Recruitment in a Tight Labour Market
Document number R8885, agenda pages 167 - 184 refer.
Manager People and Capability Stephanie Vincent presented the report and responded to questions about whether there was a staff turnover problem and whether there was a recruitment issue.
Attendance: Her Worship the Mayor left the meeting at 12.05pm.
|
Resolved AUD/2018/014 That the Audit, Risk and Finance Subcommittee Receives the report Recruitment in a Tight Labour Market (R8885) and its attachment (A1896279). Dahlberg/Murray Carried |
18. Exclusion of the Public
|
Resolved AUD/2018/015 That the Audit, Risk and Finance Subcommittee Excludes the public from the following parts of the proceedings of this meeting. The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:
Barker/Murray Carried |
The meeting went into public excluded session at 12.15pm.
Please note that as the only business transacted in public excluded was to confirm the minutes, this business has been recorded in the public minutes. In accordance with the Local Government Official Information Meetings Act 1987, no reason for withholding this information from the public exists.
Confirmation of Minutes
14 November 2017
Document number M3125, public excluded agenda pages 3 - 4 refer.
|
Resolved AUD/2018/016 That the Audit, Risk and Finance Subcommittee Confirms the minutes of part of the meeting of the Audit, Risk and Finance Subcommittee, held with the public excluded on 14 November 2017, as a true and correct record. Murray/Dahlberg Carried |
19. Re-admittance of the Public
|
Resolved AUD/2018/017 That the Audit, Risk and Finance Subcommittee Re-admits the public to the meeting. Murray/Dahlberg Carried |
There being no further business the meeting ended at 12.20pm.
Confirmed as a correct record of proceedings:
Chairperson
Date
Item 7: Status Report - Audit Risk and Finance Subcommittee - 15 May 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R9278
Status Report - Audit Risk and Finance Subcommittee - 15 May 2018
1. Purpose of Report
1.1 To provide an update on the status of actions requested and pending.
2. Recommendation
|
That the Audit, Risk and Finance Subcommittee Receives the report Status Report - Audit Risk and Finance Subcommittee - 15 May 2018 (R9278) and its attachment (A1753947). |
Rebecca Terry
Governance Advisor
Attachments
Attachment 1: A1753947 - Audit Risk and Finance Subcommittee Status Report - 15 May 2018 ⇩
Item 8: Key Organisational Risks - 1st Quarterly Report Calendar 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R9223
Key Organisational Risks - 1st Quarterly Report Calendar 2018
1. Purpose of Report
1.1 To update the Subcommittee on progress with identifying and managing key risks to the organisation’s objectives. The report is intended to assist the governance role of the Subcommittee in overseeing the organisation’s risk management.
2. Recommendation
|
That the Audit, Risk and Finance Subcommittee Receives the report Key Organisational Risks - 1st Quarterly Report Calendar 2018 (R9223) and its attachment (A1951823). |
3. Background
3.1 At its meeting on 13 February 2018, the Audit Risk and Finance Subcommittee received and considered the previous quarterly report on key organisational risks to Council’s objectives. In doing so it specifically considered a number of matters including the level of risk to the organisation’s overall objectives caused by the difficulty of recruitment in a tight labour market.
3.2 The Subcommittee considered a separate report on this particular matter at the meeting. The report set out the current employment climate, particularly as this relates to the local area. The risks in relation this have been reconsidered for this report, and further comment is included below.
3.3 As with previous reports, this report is based on the organisation’s existing business model – that is, as far as possible it is based on risk management processes within each business unit. Since the last report there have been some changes in business unit responsibilities and the formation of one new group and some new business units. These include a Strategy and Communications group and a now fully staffed City Development unit. As a result, several senior management roles remain to be filled.
3.4 Notwithstanding recent organisational changes, most business units are rapidly improving their risk management processes. However there is still some work to be done to enable all units to apply the Council’s criteria consistently, so making risk levels directly comparable between units. There is therefore still an element of estimation from Organisational Assurance observations and conversations in the attached summary of key risks.
4. Discussion
4.1 Risk estimates are estimates of the possible effect of uncertain events on the Council’s ability to achieve its objectives. These events have not happened but may happen and so controls are, where required, put in place to manage the level of risk. Bearing this in mind, there are a number of changes to risk levels which the Subcommittee may wish to consider.
Availability of people with the required expertise
4.2 In the report to previous meeting the Manager People and Capability described the pressures facing the organisation in this area. There are still vacancies to be filled in several units. This is particularly so in area requiring specialists from a limited pool such as Infrastructure and Environment. However an overview across the organisation suggests that, looking forward, the risk to whole organisation remains at medium.
Legal compliance
4.3 In the previous report, the risks to the organisation as a whole in this area were ranked as high. A number of the responses to this situation have now started to flow through and a re-evaluation suggest that these will have the effect of reducing this risk organisationally back to medium.
4.4 These responses include; a panel arrangement with several legal firms to provide improved service at competitive rates (shared with Tasman District Council), a change in emphasis in the way legal services are provided internally, and better procedures for obtaining legal advice (still being developed).
4.5 Notwithstanding this, the area remains a complex one. An informal estimate undertaken with some help from the Society of Local Government Managers (SOLGM) last year suggested that unitary authorities such as the Council are subject to, or obliged to act under, in excess of 300 separate statutes and regulations.
Information management
4.6 Local authorities are highly dependent on the accurate recording and flow of information. For the Council this has presented two types of risk; one in respect to managing and accessing records, and one in respect of information technology.
4.7 It was noted in the last report that the Council had brought forward the replacement of its core computer servers after an earlier than expected increase in the incidence of failures in these (which were in any case nearing end of life). This process is now complete. Benefits from this change include the ability to access a fully replicated remote back up site (in Hamilton) in a scenario where the Council’s onsite servers cannot be accessed.
4.8 The Council is also in the process of seeking tenders for replacement of desktop computers. The Council’s current operating system is Windows 7 which goes out of extended support in January 2020. To minimise the impact and expense of supporting a mixed operating system environment, all computers will be replaced by ones with the Windows 10 operating system – scheduled for completion by the end of August 2018.
4.9 In terms of records management, the Council has recently completed a major overhaul of the way that the document management system is organised in order to better meet user needs. This change has gone well and the progressive transfer of existing documents to the new file plan is underway.
4.10 Also in this area, the Council has for some time had relatively poor systems for recording the contracts it lets. This problem is being addressed by adding a module on to the Council’s financial management software to monitor all contracts. We are currently acceptance testing this module.
5. Options
5.1 It is recommended that this report be received as it will further improve the Subcommittee’s understanding of the risks faced by Council and the actions being taken to manage them.
Steve Vaughan
Risk & Procurement Analyst
Attachments
Attachment 1: A1946189 - Key Organisational Risk Report Quarter1 Calendar 2018 ⇩
|
Important considerations for decision making |
|
1. Fit with Purpose of Local Government This report describes risk management activity. Risk management is a tool to enable more efficient and effective provision of services as set out in section 10(1)(b) of the LG Act. |
|
2. Consistency with Community Outcomes and Council Policy This report describes risk management activity. Risk management at its most fundamental is about achieving an organisation’s objectives (in this case as set out in Nelson City Council’s planning documents) with increased clarity, efficiency and effectiveness. |
|
3. Risk The report does not recommend a particular goal or objective to which risks may be considered. It serves to provide information about Council’s work in addressing those risks judged to be key to the organisation achieving its objectives. |
|
4. Financial impact This is a report on work already underway as part of Council’s regular management activity. Therefore there are no additional funding implications. |
|
5. Degree of significance and level of engagement This matter is of low significance under the Council’s Significance and Engagement Policy. Therefore no external consultation has been undertaken in the preparation of this report. |
|
6. Inclusion of Māori in the decision making process There has been no consultation with Māori in the preparation of this report, which deals with internal Council processes. |
|
7. Delegations The Audit, Risk and Finance Subcommittee has responsibility for oversight of organisational risk management. |
Item 9: Corporate Report to 31 March 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R9198
Corporate Report to 31 March 2018
1. Purpose of Report
1.1 To inform the members of the Subcommittee of the financial results of activities for the nine months ending 31 March 2018, compared to the approved operating budget, and to highlight and explain any permanent and material variations.
2. Recommendation
|
That the Audit, Risk and Finance Subcommittee Receives the report Corporate Report to 31 March 2018 (R9198) and its attachments (A1958594 and A1956070). |
3. Background
3.1 The financial reporting focuses on the nine month performance compared with the year to date approved operating budget.
3.2 Unless otherwise indicated, all measures are against approved operating budget, which is 2017/18 Annual Plan budget plus any carry forwards, plus or minus any other additions or changes as approved by Council throughout the year.
3.3 Officers have assessed budgets and applied a range of phasing mechanisms depending on the nature of the expenditure to reflect the timing of anticipated actual income and expenditure.
4. Discussion
4.1 For the nine months ending 31 March 2018, the activity surplus/deficits are $5.1 million favourable to budget.
4.2 Financial information provided in Attachment 1 to this report includes:
4.2.1 A financial measures dashboard with information on rates revenue, operating revenue and expenditure, and capital revenue and expenditure. The arrow icon in each applicable measure indicates whether the variance is increasing or decreasing and whether that trend is favourable or unfavourable (green or red).
4.2.2 A grouping of more detailed graphs and commentary for operating income and expenditure. The first set of charts and commentary is by category (as in the annual report) and highlights significant permanent differences and items of interest. Variances due to timing will not be itemised unless they become permanent. The second set of charts is by activity.
4.2.3 A treasury measures dashboard with a compliance table (green = compliant), a forecast of the debt/revenue ratio for the year where available, and a graph showing debt levels over a rolling 13 month period.
4.2.4 High level balance sheet. This does not include any consolidations.
4.2.5 A debtor analysis graph over 12 months, clearly showing outstanding debt levels and patterns for major debt types along with a summary of general debtors > 3 months and over $10,000 and other debtors at risk.
4.2.6 Two capital expenditure graphs – The line graph records actual expenditure against budget plus carryover (the initial budget), approved budget (as amended by subsequent Council decisions), and forecast (current understanding of most likely outcome). The bar graph records year to date expenditure against approved operating budget by activity.
4.2.7 A major projects summary including milestones, status, issues and risks.
4.3 Capital expenditure is $10.7 million under approved budget and $264,000 more than current forecast for the Long Term Plan 2018-28 presented to Council workshops in late January (including vested assets and NRSBU capital).
5. Storm damage costs
5.1 Council’s disaster recovery policy requires that the first $150,000 expenditure in each activity is funded from existing operating budgets. Expenditure in excess of this, which can’t be covered by operating cost savings, is funded through the disaster recovery fund. If there are sufficient surpluses in the current financial year, the preference will be to fund from that rather than raise loans through the disaster recovery fund.
5.2 The disaster recovery fund is still in deficit after the 2011 event, but is projected to be in surplus in Year 3 of the Long Term Plan 2018-28. Council is currently rating for a $1 million per annum contribution to the fund, and this increases to $1.5 million per annum through the long term plan in recognition of the increasing frequency of such events.
5.3 Subsidy will be recovered from NZTA where applicable, and insurance claims will be made for sea wall damage (wharves), Rocks Road chains and the Roding Bridge.
5.4 Estimated costs for recent storm events, including staff costs, (as at 27 April 2018) are as follows:
|
Event |
Spent to 27 April |
Outstanding 2017/18 purchase orders |
2018/19 Purchase orders |
Total |
Other information |
|
1 Feb storm surge |
$209,000 |
$227,000 |
$296,000 |
$732,000 |
Excludes remediation cost for Airlie St |
|
11 Feb rainfall |
$121,000 |
$6,000 |
$170,000 |
$297,000 |
|
|
20 Feb Cyclone Gita |
$99,000 |
$2,000 |
$0 |
$101,000 |
|
5.5 Arlie Street remediation is currently estimated to be between $1 and $1.5 million gross of NZTA subsidies and will be subject to a separate report to Works and Infrastructure.
6. Options
6.1 Accept the recommendation. This report is to inform the Subcommittee members, and no further actions are required.
6.2 Do not accept the recommendation.
Tracey Hughes
Senior Accountant
Attachments
Attachment 1: A1958594 - Finance report to 31 March 2018 ⇩
Attachment 2: A1956070 - Major Projects Report ⇩
Item 10: Internal Audit - Quarterly Progress Report to 31 March 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R8842
Internal Audit - Quarterly Progress Report to 31 March 2018
1. Purpose of Report
1.1 To update the Audit, Risk and Finance Subcommittee on the internal audit activity for the quarter to 31 March 2018.
1.2 To seek approval for proposed changes to the Internal Audit Plan for the year ended 30 June 2018.
2. Summary
2.1 The attached Quarterly Progress Report to 31 March 2018 (Attachment provides information on activity relevant to the current Internal Audit Plan.
2.2 The Chief Executive has expressed concern at the workload generated by these audits and the risk of failure for Council to deliver business as usual and its essential services if all the internal audits planned for the remainder of the financial year continue as planned.
2.3 To mitigate this risk, it is proposed that three of the remaining audits planned for this financial year should not be performed. These three audit topics will be considered alongside other risks and organisational capacity when the internal audit plan is developed for the 2018/19 financial year.
2.4 Approval is sought from the Audit, Risk and Finance Subcommittee for this deviation from the original Internal Audit Plan.
3. Recommendation
4. Background
4.1 Under Council’s Internal Audit Charter approved by Council 15 October 2015, the Audit, Risk and Finance Subcommittee requires a periodic update on the progress of internal audit activities relative to any current Internal Audit Plan approved by Council.
4.2 Further, section 8.2 of the Internal Audit Charter requires that the Audit, Risk and Finance Subcommittee consider any proposed significant deviation from the approved internal audit plan.
5. Discussion
5.1 The Internal Audit Plan approved by Council on 9 November 2017 is on track however the Chief Executive has expressed concerns relating to the build-up of actions from internal audit recommendations already performed, and the capacity of the organisation to respond to all planned audits for this financial year.
5.2 There is heavy reliance on the current scarce resources at management level to remediate gaps found from internal audits. There are consequential risks to Council if these officers are remediating risks from internal audits in preference to ensuring their programmes of work and related risks are carefully managed.
5.3 To address this consequential risk it is proposed that the audits in the Table below should not be performed this financial year. These three audit topics will be considered alongside other risks and organisational capacity when the internal audit plan is developed for the 2018/19 financial year.
|
Internal Audits which it is Proposed should not be Performed during the Year Ended 30 June 2018 |
|||
|
Topic |
Audit Objective |
Rationale for Delay |
Impact of Delay |
|
Record Keeping Strategy |
To provide a level of assurance to Council regarding the progress of the strategy against milestones. If progress is behind indicated timeframes, to identify reasons for this. Assess whether any known vulnerabilities are being adequately managed at each stage of the strategic plan |
The Record Keeping Strategy is active and progressing, with a major file plan upgrade recently completed. This forms the foundation for improved document management and goes some way to addressing the underlying concern relating to the document management system |
The delay would benefit this audit as it gives time for the new file plan structure to be imbedded and thus its effectiveness can be better measured at a later date |
|
Property Information Management |
To identify the current status of transfer of property information management impediments to progress that may result in significant risk to Council |
The risk associated with failure of this project to meet target timeframes is not considered to be as high as those associated with reallocating staff resource for the audit |
There is no significant impact from this audit being delayed. In the interim, the risk can be mitigated by Officers being reminded to take care when sharing hard copy property files |
|
Business Continuity Planning |
Repeat audit. Confirm progress of responses to recommendations from prior external audit, and any actions subsequently approved by the Senior Leadership Team |
Work has been completed towards the mitigation of risks identified in the prior audit. These require testing during a planned exercise to assess adequacy. The exercise was originally planned for late 2017 but staff resourcing shortages and two weather events have meant this has had to be delayed until July 2018. An audit prior to the exercise taking place is not considered to be of sufficient value. |
The work that has already been completed on mitigating risks relating to major business interruption is not insignificant. However, it is only when faced with an incident that the effectiveness of this work will be assessed, so it is likely that some risk remains. |
Other audits in the Internal Audit Plan will proceed as planned (see progress in the attached report). These include two which are to be performed by external contractors:
· Monitoring and Management of Contractor Performance; and
· Property and Facilities Maintenance Contracts.
5.4 The profile and value of internal audit will not be compromised by this decision. Time which the Internal Audit Analyst would have spent performing internal audits can be better utilised by supporting business improvement across the organisation.
5.5 Council approved the formation of an Internal Audit Charter and role, and the development of an Internal Audit Plan in order to assist with the management of risk. Where there are changes in the organisation’s business, risks, operations, programs, systems and controls, the Internal Audit Plan may be adjusted. Any significant deviation from the approved Internal Audit Plan will be considered by the Audit Risk and Finance Subcommittee after seeking guidance from the Chief Executive.
6. Options
There is more risk from officers responding to internal audits than using this time to address operational risks.
|
Option 1: Continue with Internal Audit Plan |
|
|
Advantages |
· Risks may be identified from internal audits which Management can then determine how and when to treat |
|
Risks and Disadvantages |
· The time commitment, both during and following the internal audit, impacts significantly on Management tiers where there is a current resource deficit. This will compromise the ability of those officers to perform their other responsibilities · Realistically there is no perceived benefit from performing the ‘Business Continuity’ audit prior to next financial year as the lessons from the exercise will drive improvements |
|
Option 2: Reduce the Quantity of Internal Audits |
|
|
Advantages |
· Management can focus on delivering services and managing the risks in their areas of responsibility · More value is added if the ‘Business Continuity’ audit is performed next financial year as the lessons from the exercise will drive improvements · Time which the Internal Audit Analyst would have spent performing internal audits can be better utilised by supporting business improvement across the organisation. |
|
Risks and Disadvantages |
· Currently ‘unknown’ risks may have been identified during the three internal audits. |
Lynn Anderson
Internal Audit Analyst
Attachments
Attachment 1: A1949842 - Internal Audit Quarterly Progress Report to 31 March 2018 ⇩
|
Important considerations for decision making |
|
1. Fit with Purpose of Local Government Council has chosen to undertake internal audits to help improve systems, their controls and efficiencies, in order to help give confidence that it will be able to meet its responsibilities cost effectively and efficiently. Internal Audit is a tool to identify risks to the efficient and effective provision of services as set out in section 10(1)(b) of the LG Act. |
|
2. Consistency with Community Outcomes and Council Policy This report supports the community outcome that Council provides leadership, which includes the responsibility for protecting finances and assets through the prudent management of risk, consistent with guidance provided in Council’s Risk Management Policy. |
|
3. Risk When considering planned audits collectively, there is a high likelihood that Council could suffer a moderate level of negative public reaction resulting from its failure to assess and implement strong controls. According to Council’s Risk Criteria this corresponds to a high risk. The risks in relation to reducing the number of audits have been discussed in the body of this document. |
|
4. Financial impact The recommendation will not have any significant financial impact. |
|
5. Degree of significance and level of engagement This matter is of low significance because it does not affect the level of service provided by Council or the way in which services are delivered and no engagement has been undertaken. |
|
6. Inclusion of Māori in the decision making process There has been no consultation with Maori in the preparation of this report. |
|
7. Delegations The Audit, Risk and Finance Subcommittee has the responsibility for audit processes and the management of financial risks and internal audit. |
Item 11: Internal Audit - Summary of New or Outstanding Significant Risk Exposures and Control Issues to 31 March 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R9251
Internal Audit - Summary of New or Outstanding Significant Risk Exposures and Control Issues to 31 March 2018
1. Purpose of Report
1.1 To update the Subcommittee on new or outstanding risk exposures following Internal Audits included in the Internal Audit Plan to 31 March 2018.
2. Recommendation
3. Background
3.1 Under section 9.1 of the Internal Audit Charter, the Audit, Risk & Finance Subcommittee and the Governance Committees are to be informed of internal audit results where appropriate.
3.2 Under section 9.4, the Audit, Risk and Finance Subcommittee requires a periodic update of any significant risk exposures and control issues identified from internal audits completed.
4. Discussion
4.1 Issues identified in the attachment, Summary of New and Outstanding Significant Risk Exposures and Control Issues Identified from Internal Audits, relate to internal audits performed to 31 March 2018.
4.2 The attached report shows two high risks outstanding from the report presented to the Audit, Risk and Finance Subcommittee meeting of 8 September 2017. Details of progress on each are shown in the attached report.
4.3 There have been an additional four high risks added this quarter from a Control Environment audit performed since the last report. Details are in the attachment.
5. Options
5.1 The recommendation is to receive the report and its attachments outlining new or outstanding risk exposures from internal audits performed to 30 June 2017 so that Council can demonstrate its commitment to managing risks that may impact on the prudent, effective and efficient management of Council and its resources.
Lynn Anderson
Internal Audit Analyst
Attachments
Attachment 1: A1950727 - Summary of New or Outstanding Significant Risk Exposures and Control Issues 31 March 2018 ⇩
|
Important considerations for decision making |
|
1. Fit with Purpose of Local Government Council has chosen to undertake internal audits to help meet its purpose to meet the current and future needs of communities for good-quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost-effective for households and businesses. |
|
2. Consistency with Community Outcomes and Council Policy This report supports the community outcome that Council provides leadership, which includes the responsibility for protecting finances and assets through the prudent management of risk, consistent with guidance provided in Council’s Risk Management Policy. |
|
3. Risk There is more risk that Council may not meet its responsibilities cost-effectively and efficiently if this recommendation is not accepted. |
|
4. Financial impact The recommendation will not have any significant financial impact. |
|
5. Degree of significance and level of engagement This matter is of low significance because it does not affect the level of service provided by Council or the way in which services are delivered and no engagement has been undertaken. |
|
6. Inclusion of Māori in the decision making process There has been no consultation with Maori in the preparation of this report. |
|
7. Delegations The Audit, Risk and Finance Subcommittee has the responsibility for audit processes and the management of financial risks and internal audit. |
Item 11: Internal Audit - Summary of New or Outstanding Significant Risk Exposures and Control Issues to 31 March 2018: Attachment 1
Item 12: Health Safety and Wellbeing Performance Report: January to March 2018
|
|
Audit, Risk and Finance Subcommittee 15 May 2018 |
REPORT R9216
Health Safety and Wellbeing Performance Report: January to March 2018
1. Purpose of Report
1.1 To provide the Subcommittee with a quarterly report of health, safety and wellbeing data collected over the January to March quarter of 2018.
1.2 To update the Subcommittee on key health and safety risks, including controls and treatments.
2. Summary
2.1 Health, safety and wellbeing performance data reports provide an overview of health and safety performance based on key lead and lag indicators. Where a concerning trend is identified more detail is provided in order to better understand issues and implement appropriate controls.
2.2 Reporting on key health and safety risks provides further depth and detail to the health and safety risks reported in the organisational risk report.
3. Recommendation
|
That the Audit, Risk and Finance Subcommittee Receives the report Health Safety and Wellbeing Performance Report: January to March 2018 (R9216) and its attachment (A1946126). |
4. Background
4.1 Councillors, as ‘Officers’ under the Health and Safety at Work Act 2015 (HSWA), are expected to undertake due diligence on health and safety matters. Council’s Health and Safety Governance Charter states that Council will receive quarterly reports regarding implementation of health and safety. Council has delegated the responsibility for health and safety to the Audit, Risk and Finance Subcommittee.
5. Discussion
Data Reports
5.1 An incident of note is the near drowning of a child at Nayland Swimming Pool. The child made a full recovery and a comprehensive investigation report has been provided by the contractor.
5.2 The investigation report showed that the contractor had effective procedures and well trained staff who responded appropriately and probably saved the child’s life.
5.3 The data relating to matters raised by staff during consultations with Workplace Support has been removed from this report. The level of information able to be provided while maintaining required confidentiality did not clearly identify areas of concern.
Key Health and Safety Risk Update
5.4 Key health and safety risks have been assessed to remain as medium risks apart from ‘customer aggression threatening the health and safety of those who work for and with Council’. This risk remains assessed as high. As further controls are implemented it is expected that this will move to medium.
5.5 Where new treatments have been planned or have been implemented as controls since the last report this is indicated by red text in the attachment.
General work programme
Governance activities
5.6 During this reporting period Mayor Reese participated in a site visit to the Nelson School of Music. Councillor Walker visited the Neale Park pump station project in early April.
5.7 Council officers are preparing a schedule of possible workplace visits for Councillors.
Other activities
5.8 Asbestos management plans have been developed for Council workplaces. There is ongoing work on improving the level of information in these plans.
5.9 The Bristol Freighter display aircraft at Founders Heritage Park has been closed to the public while the level of asbestos hazard within the fuselage is accurately assessed.
5.10 There has been an increase in focus on prevention and management of Discomfort, Pain, Injury (DPI) caused by book handling in libraries.
5.11 Emergency procedures for Council workplaces have been revised and introduced to library staff and the Health and Safety Committee.
5.12 Libraries management are completing a ‘crisis resilience workshop’ in May. This workshop is provided by an external consultant and will help libraries to develop best practice plans for response to violent situations.
5.13 A clarified process for dealing with homeless people has been utilised on several occasions in Council Parks recently. This has included the use of trespass notices when other options have not been successful.
Malcolm Hughes
Health and Safety Adviser
Attachments
Attachment 1: A1946126 - Health, safety and wellbeing performance report - Jan Mar 2018 ⇩
