Agenda of Risk and Assurance Committee Meeting

MINUTES OF Central HAwkes Bay District Council
Risk and Assurance Committee Meeting
HELD AT THE Council Chamber, 28-32 Ruataniwha Street, Waipawa
ON Wednesday, 31 March 2021 AT 9.00am

PRESENT: Mayor Alex Walker

Cr Tim Aitken

Cr Gerard Minehan (zoom)

Cr Brent Muggeridge (zoom)

Cr Jerry Greer

Cr Neil Bain (Chair)

IN ATTENDANCE: Monique Davidson (Chief Executive)

Brent Chamberlain (Chief Financial Officer)

Doug Tate (Group Manager, Customer and Community Partnerships)

Nicola Bousfield (Group Manager, People and Business Enablement)

Caitlyn Dine (Governance and Support Officer)

1 Apologies

Nil

2 Declarations of Conflicts of Interest

Nil

3 Standing Orders

RECOMMENDATION

THAT the following standing orders are suspended for the duration of the meeting:

· 20.2 Time limits on speakers

· 20.5 Members may speak only once

· 20.6 Limits on number of speakers

And that Option C under section 21 General procedures for speaking and moving motions be used for the meeting.

Standing orders are recommended to be suspended to enable members to engage in discussion in a free and frank manner.

4 Confirmation of Minutes

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Cr Jerry Greer

That the minutes of the Risk and Assurance Committee Meeting held on 12 November 2020 as circulated, be confirmed as true and correct.

Carried

5 Report Section

6.1 Committee Resolution Monitoring Report

PURPOSE

The purpose of this report is to present to the Committee the Risk and Assurance Committee Resolution Monitoring Report. This report seeks to ensure the Committee has visibility over work that is progressing, following resolutions made by the Committee.

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Jerry Greer

Recommendation

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Davidson presented this report

6.2 Risk and Assurance Work Programme Monitoring Report

PURPOSE

The purpose of this report is for the Risk and Assurance Committee to receive a progress update on the Risk & Assurance Committee Work Programme.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Cr Jerry Greer

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Davidson presented this report

At 9:42 am, Mayor Alex Walker left the meeting.

6.3 Risk Status Report

PURPOSE

The purpose of this paper is to report to the Risk and Assurance Committee (the Committee) on Council’s risk landscape, risk management work in progress and to continue a discussion with the Committee about risk.

Committee Resolution

Moved: Cr Jerry Greer

Seconded: Cr Tim Aitken

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Bousfield presented this report on behalf of Mr Lloyd. Chair Neil Bain noted a great quality report.

Bevan Johnston entered the meeting via zoom at 9:42

At 9:46 am, Mayor Alex Walker returned to the meeting.

6.4 Health and Safety Update Report

PURPOSE

To provide the Committee with health, safety and wellbeing information and insight up to the end of mid-March 2021 and to update the Committee on key health and safety critical risks and initiatives.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Cr Gerard Minehan

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Bousfield presented this report. The Committee noted the continuous improvement in health and safety reporting to the Committee. The Committee requested management prepare a report on the Council’s processes for managing and monitoring contractor’s compliance with health and safety requirements (for the September 2021 meeting).

Mr Bevan Johnston left the zoom meeting at 10.00am

6.5 Audit Findings Monitoring Report

PURPOSE

The purpose of this report is to track and update the committee on audit recommendations from recent audits.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Mayor Alex Walker

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Chamberlain presented this report. The Committee noted the audit findings monitoring report and requested management update the Committee on the implementation of the progressive procurement toolkit (for the September 2021).

6.6 Review of Elected Member Remuneration and Expenses Policy

PURPOSE

The matter for consideration by the Council is the adoption of the updated Elected Member Remuneration and Expenses Policy

Amendment

Moved: Mayor Alex Walker

Seconded: Cr Tim Aitken

The committee requested the following amendments be made to the policy:

That (a) read - (a) That all gifts received by councillors in excess of $50 to be recorded in the gift register.

(a) That added third bullet point – Return gift to provider.

(b) That Councillors are encouraged to use their discretion as to whether gifts under the value of $50.00 should be declared on the gift register

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Cr Brent Muggeridge

That having considered all matters raised in the report:

a) That the report be received.

b) That the Committee endorse and recommend to Council they adopt the proposed amendments to the Elected Member Remuneration and Expenses Policy” to include additional paragraphs on Receipt of Gifts.

Carried

Mr Chamberlain presented this report

6.7 Treasury Management Monitoring Report

PURPOSE

The purpose of this report is to provide an update on Treasury Management and Policy Compliance.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Mayor Alex Walker

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Chamberlain presented this report. The Committee noted the introduction of the Treasury Management Monitoring report. The Committee requested the maturity of debt table be further developed to include planned refinancing and new debt.

6.8 Long Term Plan 2021-2031 Risk Mitigation

PURPOSE

This report is presented to the Risk and Assurance Committee to consider the risks associated with the Long Term Plan 2021-2031, and associated budget and policy position of Council.

Amendment

Moved: Mayor Alex Walker

Seconded: Cr Tim Aitken

(a) That the Risk and Assurance Committee request that independent Treasury advice be attained prior to the review of the debt and treasury management policy in 2022, and that management use discretion in obtaining independent advice in advance of any significant draw down prior to that review.

(b) That risk an assurance committee recommend to council that the debt and treasury management policy be reviewed prior to the 2022-23 annual plan process.

Recommendation

That, having considered all matters raised in the report, the report be noted.

Mr Chamberlain presented this report

At 11:32 am, Mayor Alex Walker left the meeting.

6.9 Risk and Mitigation of Earthquake Prone Council Facilities

PURPOSE

The purpose of this paper is to report to the Risk and Assurance Committee (the Committee) on Council’s risk management of three of its buildings that have received a Detailed Seismic Assessment (DSA) and are considered potentially earthquake-prone. This report also provides an update on the other primary facilities yet to receive a DSA.

Committee Resolution

Moved: Cr Jerry Greer

Seconded: Cr Brent Muggeridge

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Leaf and Mr Tate presented this report

The Committee adjourned at 11.48am for a morning tea break.

RESOLUTION TO EXCLUDE THE PUBLIC

Recommendation

That the public be excluded from the following parts of the proceedings of this meeting.

The general subject matter of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48 of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

General subject of each matter to be considered

Reason for passing this resolution in relation to each matter

Ground(s) under section 48 for the passing of this resolution

6.1 - External Audit Plan for the Year Ending 30 June 2021

s7(2)(c)(ii) - the withholding of the information is necessary to protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely otherwise to damage the public interest

s7(2)(f)(i) - free and frank expression of opinions by or between or to members or officers or employees of any local authority

s48(1)(a)(i) - the public conduct of the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist under section 6 or section 7

The Council moved into the public excluded forum at 12.15 pm.

6 Date of Next Meeting

Committee Resolution

Moved: Cr Jerry Greer

Seconded: Cr Brent Muggeridge

THAT the next meeting of the Central Hawke's Bay District Council Risk and Assurance Committee be held on 27 May 2021.

Carried

7 Time of Closure

The Meeting closed at 12.32pm.

The minutes of this meeting were confirmed at the Risk and Assurance Committee Meeting held on 27 May 2021.

...................................................

CHAIRPERSON

Risk and Assurance Committee Meeting Agenda

27 May 2021

6.2 Risk and Assurance Work Programme Monitoring Report

File Number: COU1- 1408

Author: Monique Davidson, Chief Executive

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is for the Risk and Assurance Committee to receive a progress update on the Risk & Assurance Committee Work Programme.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

In 2019 following the Triennial Election, Council established a Risk and Assurance Committee, which included the appointment of an Independent Chair.

At the time that Council agreed on Council and Committee priorities, the Risk and Assurance Committee had not been fully established, therefore a formal work programme was not determined.

At the Risk and Assurance Committee meeting in late June 2020, the Chief Executive following guidance from the Independent Chair, presented a Draft Risk and Assurance Work Programme for feedback. Subsequently, The Risk and Assurance Committee Work Programme was adopted by the Committee at meeting held 3 September 2020.

DISCUSSION

The purpose of the Risk and Assurance Committee is to contribute to improving the governance, performance and accountability of the Central Hawke’s Bay District Council by:

· Ensuring that the Council has appropriate financial, health and safety, risk management and internal control systems in place.

· Seeking reasonable assurance as to the integrity and reliability of the Council’s financial and non-financial reporting.

· Providing a communications link between management, the Council and the external and internal auditors and ensuring their independence and adequacy.

· Promoting a culture of openness and continuous improvement.

The Council delegates to the Risk and Assurance Committee the following responsibilities:

· To monitor the Council’s treasury activities to ensure that it remains within policy limits. Where there are good reasons to exceed policy, that this be recommended to Council.

· To review the Council’s insurance policies on an annual basis.

· To review, in depth, the Council’s annual report and if satisfied, recommend the adoption of the annual report to Council.

· To work in conjunction with Management in order to be satisfied with the existence and quality of cost-effective health and safety management systems and the proper application of health and safety management policy and processes.

· To work in conjunction with the Chief Executive in order to be satisfied with the existence and quality of cost-effective risk management systems and the proper application of risk management policy and processes, including that they align with commitments to the public and Council strategies and plans.

· To provide a communications link between management, the Council and the external and internal auditors.

· To engage with Council’s external auditors and approve the terms and arrangements for the external audit programme.

· To engage with Council’s internal auditors and approve the terms and arrangements for the internal audit programme.

· To monitor the organisation’s response to the external and internal audit reports and the extent to which recommendations are implemented.

· To engage with the external and internal auditors on any one off assignments.

· To work in conjunction with management to ensure compliance with applicable laws, regulations standards and best practice guidelines.

· To provide a communications link between management, the Council and the external and internal auditors.

· To engage with Council’s external auditors and approve the terms and arrangements for the external audit programme.

· To engage with Council’s internal auditors and approve the terms and arrangements for the internal audit programme.

· To monitor the organisation’s response to the external and internal audit reports and the extent to which recommendations are implemented.

· To engage with the external and internal auditors on any one off assignments.

· To work in conjunction with management to ensure compliance with applicable laws, regulations standards and best practice guidelines.

Subject to any expenditure having been approved in the Long Term Plan or Annual Plan the Risk and Assurance Committee shall have delegated authority to approve:

· Risk management and internal audit programmes.

· Terms of the appointment and engagement of the audit with the external auditor.

· Additional services provided by the external auditor.

· The proposal and scope of the internal audit.

In addition, the Council delegates to the Risk and Assurance Committee the following powers and duties:

· The Risk and Assurance Committee can conduct and monitor special investigations in accordance with Council policy, including engaging expert assistance, legal advisors or external auditors, and, where appropriate, recommend action(s) to Council.

The Risk and Assurance Committee can recommend to Council:

· Adoption or non-adoption of completed financial and non-financial performance statements.

· Governance policies associated with Council’s financial, accounting, risk management, compliance and ethics programmes, and internal control functions, including the: Liability Management Policy, Treasury Policy, Sensitive Expenditure Policy, Fraud Policy, and Risk Management Policy.

· Accounting treatments, changes in generally accepted accounting practice (GAAP).

· New accounting and reporting requirements.

The Risk and Assurance Committee may not delegate any of its responsibilities, duties or powers.

The Risk and Assurance Committee is still developing, as is the maturity of the organisation in the way it manages risk and assurance matters. It is for these reasons that a 12-month work programme was adopted, with the intention in early 2021 to develop a 2-year work programme that will take Council through until the end of 2022, which also aligns with the triennial election.

The Risk and Assurance Committee will receive the following standing reports:

· Committee Priorities Monitoring Report

· Committee Resolution Monitoring Report

· Internal and External Audit Monitoring Report

· Risk Status Monitoring Report

· Health and Safety Monitoring Report

· Treasury Management Monitoring Report

The monitoring report which provides an update on the key priorities of the Committee is below:

Key Priority	Responsible Officer	Progress Update
Review Internal Audit Work Programme.	Brent Chamberlain	Council has sufficient funding for generally two internal audits during each financial year. The next planned internal audit is a programme of work planned where the internal auditors will work in assisting Council to develop more comprehensive Business Continuity Plans. Council has recently undertaken a Cyber Security audit and a Fraud Health Check audit, the results of which will be presented later in this meeting.
Review Governance Policy Framework and determine role for Risk and Assurance Committee.	Monique Davidson	The Risk and Assurance Committee will workshop this item following the Committee meeting on 27 May 2021. This will take the Committee through the Governance Policy Framework, and enable a discussion on what role the Risk and Assurance Committee should take in policy development in the future.
Review Risk Management Policy	Nicola Bousfield	In the November 2020 report, revisions to the Risk Framework were completed and Officers advised they considered a separate Policy was not needed. The Framework has been amended to provide clear principles and intent for risk management and it is not considered that a separate Policy would add any value.
Review Risk Appetite Statement and Governance Risk Register.	Nicola Bousfield & Brent Chamberlain	Priority will be given to this in Q3 2021.
Review Fraud and Whistle Blowing Policy.	Brent Chamberlain	A draft fraud policy is provided as an attachment to the fraud health check report coming later in this meeting. The People and Capability Advisor is working on updating the protected disclosures policy (whistle blowing policy).
Review Procurement Policy	Brent Chamberlain	The policy was last reviewed in September 2020. Officers have updated the Progressive Procurement Guideline and will be running training session on this and the refreshed procurement manual in June.
Review Health, Safety and Wellbeing Governance Charter	Nicola Bousfield	Priority will be given to this in Q2 2021 for refresh by July 2021, the Committee adopted the Charter in Q3 (July 2020).
Review Insurances and Risk Appetite	Brent Chamberlain	Officers, the CEO, the Chair and Deputy Chair of Risk and Assurance, and the Chair of Finance and Infrastructure, and the Mayor attended an AON Insurance to workshop on the 30^th March 2021.

As part of the Risk and Assurance’s role in ensuring assurance on things that matter the most, regular deep dives on key issues are agreed to:

Topic	Responsible Officer	Progress Update
Critical Risks	Nicola Bousfield	Critical Risks ‘in focus’ are reported to the Risk & assurance Committee regularly through the Health & Safety Report, providing Governors line of site into Council’s critical risks and the controls taken to manage these.
Contractor Performance	Nicola Bousfield	As reported in the May 2021 Health and Safety Report to this Committee, this project has been re-scoped to take a wider ‘all of Council’ approach and embed the H&S aspects of contractor management into our existing Council Contract Management Framework. This work requires a full review of the existing framework. The H&S Advisor is working closely with the Chief Financial Officer on this project and progress will be reported to the Risk & Assurance Committee.
Legal Challenges / Files	Monique Davidson	Priority will be given to this following the adoption of the Long Term Plan 2021 – 2031.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Council staff have identified and assessed all reasonably practicable options for addressing the matter and considered the views and preferences of any interested or affected persons (including Māori), in proportion to the significance of the matter;

· Any decisions made will help meet the current and future needs of communities for good-quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost-effective for households and businesses;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

· No decisions have been made that would alter significantly the intended level of service provision for any significant activity undertaken by or on behalf of the Council, or would transfer the ownership or control of a strategic asset to or from the Council.

Next Steps

A further update will be provided at the next committee meeting 16 September 2021.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

27 May 2021

6.4 Health & Safety Report

File Number: COU1-1408

Author: Nicola Bousfield, Group Manager - People & Business Enablement

Authoriser: Monique Davidson, Chief Executive

Attachments: 1. Health & Safety Report - Dashboard Attachment ⇩

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

To provide the Risk & Assurance Committee with health, safety and wellbeing information and insight and to update the Committee on key health and safety critical risks and initiatives.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Elected members, as ‘Officers’ under the Health and Safety at Work Act 2015 (HSWA), are expected to undertake due diligence on health and safety matters.

The Health and Safety at Work Act 2015 came into law on 4th April 2016. It requires those in governance roles, and senior management, to have a greater understanding of their organisation’s health and safety activities.

Under the Health and Safety at Work Act 2015, all elected members are deemed ‘officers’ and must exercise a duty of due diligence in relation to health and safety. These quarterly reports provide information to assist elected members to carry out that role and provides the health and safety information it needs to be aware of to meet its responsibilities under the Act.

DISCUSSION

OVERVIEW

This is the update for Quarter Two of 2021 – March 2021 through to May 2021. The HS&W team continue to work on the raft of improvements put into action in 2020, many are well underway or bedding-in.

This is a shorter report than previous editions as the report provides brief updates on projects and initiatives while also being full of information in a dashboard format attached.

The increase in reporting levels previously reported has slowed and the H&S team will work to lift this again. Phase 1 of the vehicle GPS system is complete and Phase 2 has been brought forward due to a desire to ensure safe use of the fleet and in response to the delays in vehicle supplies due to the Covid-19 pandemic. In addition, to completing Phase 1 and bringing forward Phase 2 of the vehicle GPS project, Council has also invested an electronic vehicle checking app provided by Eroad which integrates into the fleet management and vehicle safety system. The app makes weekly checks of the fleet simple and convenient for staff while making it efficient for those involved in fleet management and safety to track and action improvements as needed.

The rollout of Phase 1 of the lone worker device project is complete and two further satellite devices have been purchased based on needs identified before Phase 2 of the project is due to be executed.

HEALTH AND SAFETY - CRITICAL RISKS

This diagram identifies the logical and methodical approach adopted to address our critical risks as well, as the 13 critical risks identified by Council.

Critical Risks In-Focus

Since the March 2021 report to the Risk & Assurance Committee, we have nearly completed electronic transfer of the bow-tie analysis workshops and are progressing plans to engage a specialist bow-tie software platform which will enable the H&S team and the wider organisation to better utilise the information from those workshops.

Lone Worker Devices

As previously reported phase 1 of the device purchase, training and rollout is complete. The instillation of mounting plates into Council vehicle fleet is complete and our internal contractors Veolia and Recreational Services have been invited to consider installation of the mounting plates into their vehicles also.

Reporting on device usage and alerts is now possible. This will be tracked monthly with feedback to staff, the health and safety committee, and reporting to the Executive team as well as the Risk & Assurance Committee.

Vehicle GPS Tracking - Eroad

Phase 1 of the vehicle GPS rollout is complete and significant investment has been put into setting up the Eroad platform. Council has also recently launched the ‘Eroad Inspect’ app which allows all our people to contribute to the fleet’s safety by electronically performing weekly vehicle checks. The app is in addition to Eroad system and is integrated into the software which enables the platform to the one source of truth for managing the vehicle fleet and lifting the safety of Council vehicles. Phase 2 of the vehicle GPS fit out was originally planned to occur as replacement vehicles were acquired; in light of the delays in sourcing new vehicles for replacement, this plan has been reviewed and brought forward for safety purposes. In addition, the work already reported on the fleet, Council are reviewing the suitability of the existing vehicles, the usage needs of our people which will inform future decisions to ensure Council staff can better utilise the existing fleet. Please see the driver safety dashboard for further information (in the dashboard section).

HEALTH AND SAFETY ACTIVITIES

Contractor Management

Previously it was reported that the H&S Contractor Management Framework would be rolled-out, this project has been re-scoped to take a wider ‘all of Council’ approach and embed the H&S aspects of contractor management into our existing Council Contract Management Framework. This work requires a full review of the existing framework. The H&S Advisor is working closely with the Chief Financial Officer on this project and progress will be reported to the Risk & Assurance Committee.

Vaccination Policy

Since the last Risk & Assurance Committee meeting, a Draft Vaccination Policy has been developed, which aims to work in partnership with our staff and contractors to ensure Council protect those likely to be exposed to infectious diseases. The draft has been agreed to in principal by the Executive Leadership Team and is now in a worker engagement phase for feedback before formal adoption.

HS&W Reporting

The reporting levels across the organisation are slowing compared to the increase reported when Risk Manager was launched. As previously reported, work will continue to encourage and drive higher reporting levels.

Aggression and Abuse of Stop-Go Operators in CHB Campaign #ActWithMana

Work on the #ActWithMana campaign is continuing, the Land Transport team have the Billboards up on the main local roads coming into our district, the PMO office to install a further two sets near their projects sites and the transport team are working with NZTA to get the billboards up on the state highway entrances to our district.

The Health and Safety Advisor has presented to the first cohort of logging truck drivers recently; the campaign was well received and many were visibly concerned at the experiences of our road workers. The drivers provided some feedback which will be used to inform future engagement opportunities as well as the wider project. Work is underway to develop and ready the social media side of the campaign which is anticipated to go live following a media release.

Council have approached large regional industry players to support the campaign as well as the Log Transport Safety Council and the two primary vehicle-GPS telemetric companies operating in the country.

WELLBEING

The Wellbeing for staff at Council is led by the People & Capability Advisor

Councils wellbeing initiatives include Weekly wellbeing topics, Monthly focus subjects, Bitesize Sessions and Wellness Webinars

For the January to March period the focus points were as follows with positive feedback and high engagement:

· January: Looking after yourself heading back to work

· February: Fresh air and fresh food focus, walking groups were started and we held a very successful fresh fruit Friday.

· March: Included more walking groups and in line with NZ awareness days/months, we held a shared morning tea for Hearing awareness month where we received a short lesson in sign language.

Focus areas for the following three months April to June are;

· April: Motivation – Bitesize session - Tips to find it, understand it and keep it!. Some staff utilised Community Service leave to support the Poppy Appeal fundraiser.

· May: Positivity – Bitesize session - How to squash that inner critic. Webinar – hosted by Lance Burdett. Pink shirt day – Bully Prevention, wear a pink top, bring along a shared morning tea (pink theme) and if possible make a gold coin donation

· June: Understanding & learning - Bitesize session – Understanding & Celebrating Matariki. World Refugee Day – Looking outside your bubble, celebrating resilience

The general feel of the organisation and the up and coming pressures are taken into account when planning the topics for each month.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

To continue to improve the safety culture at CHBDC, while implementing the initiatives laid out in the Health and Safety Action Plan for 2020 and 2021, and to work through the actions laid out in the 2019 Gap Analysis Report.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

27 May 2021

6.5 Risk Status Report

File Number: COU1-1408

Author: Nicola Bousfield, Group Manager - People & Business Enablement

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

The Risk Status Report is part of regular and routine reporting designed to provide governance with oversight and input into the way that identified risks are being managed within Council.

Further to the obvious benefits of ‘reporting up’ risk, Officers consider that these reports should be the basis of discussion that covers and adds value to all elements of the risk management spectrum (Identify, Analyse, Evaluate, Treat, Monitor/Report). That is, Officers intend that these reports facilitate discussion that identifies new risk, as well as focussing on existing listed and managed risks.

Feedback from the previous Committee meeting has shaped the structure and content of this report, with a specific focus of this report and future reports shifting to a clearer summary and assessment of risks that are considered ‘active’ at the time of reporting.

DISCUSSION

Sections below provide detail across and into Council’s risk-scape.

Systems Implementation

Following the implementation of Impac Risk Manager (the system) at Council, all Corporate and Health & Safety risks are now in a single platform which allows for greater efficiency and consistency in reporting.

Council’s highest-level strategic risks have been entered into Risk Manager. While undertaking this process, Officers identified opportunities to refine the transfer of information and continue develop our risk information.

As previously reported to the Risk & Assurance Committee, Officers next step in the implementation of Risk Manager, is to transfer Council’s operational risks into the system. Officers have started scoping this project and are preparing to develop a programme of work to engage with Activity Managers and their teams, workshopping each area of operational risks over coming months. This process will ensure all operational risks are reviewed and analysed as they are prepared for input into Risk Manager, identifying any opportunities to refine existing operational risk registers.

Health and Safety Risks – Critical Risks

A detailed update on Health and Safety Risks is provided to the Committee in a separate report. That report covers priorities and progress and is an overview of Health and Safety Risk management at Council.

As reported to the Committee in the Health & Safety Reports, Officers undertook a significant Bow Tie project in 2020 to identify, develop and control Council’s critical Health and Safety risks. Officers continue to look for opportunities to develop on this project and are in the process of purchasing a specialist bow-tie software platform. This will enable the H&S team and the wider organisation to better utilise the information from those workshops and easily embed it into operational activities.

Risk Framework – Fraud Report Recommendations

Revisions to the Council’s Risk Framework were recently adopted by the Committee. Revisions were made to the matrix and grading system to provide greater clarity within the framework.

As reported to the Committee today, through the Internal Audit – Fraud Health Check Report, Crowe (Council’s internal auditors) recommended Council expand the Financial Strategy Failure to specifically include Fraud. Officers will undertake the changes required to incorporate these recommendations and will bring the changes to the Committee for review and adoption.

Active Risks

The following risks are considered to be ‘active’ or ‘live’ at the time of this report, as determined by Officers. These risks span across the operational portfolios of the organisation. Some may be linked to or part of a larger Corporate Strategic Risk. This list will change from report to report as risks become live, escalate in terms of priority or are mitigated and no longer require reporting at this level.

Risk	Strategic Risk Register Linkage	Update
Growth from the implementation of the Development Contributions Policy	Failure to effectively deliver services and projects	As anticipated, Council has experienced extremely high volumes of consenting applications, following the changes implemented in the Development Contributions Policy. While the processing of consents in itself would not ordinarily be considered an active risk, the unprecedented volume at which the consent applications have come to Council is, and the pressure that puts on Council’s Consenting team to adhere to the required timeframes. This risk is being actively managed via increased engagement of external resources, as well as a returning Build Consent Officer commencing late May 2020.
Growth and Notification of the District Plan	Failure to effectively deliver services and projects	Similar to the ‘active risk’ above, Officers anticipate the notification of the District Plan will have a similar impact and pressure on Council’s teams. Officers anticipate an increased volume in demand on consenting services from the point in which the District Plan is notified. Officers have also identified that some areas of the community may not have fully appreciated the changes to Significant Natural Areas in the District Plan, which come into effect from the point of notification, rather than the time in which it becomes operative.
Construction of infrastructure to service the wave of growth	Failure to effectively deliver services and projects	Relating to the two ‘active risks’ above, Officers have identified that following the wave of consents brought by recent policy decisions, Officers are now challenged to meet the demand this growth will place on Council infrastructure and services. This risk is being actively managed and has been planned for, through capital works projects in the Project Management Office. Council also plans to recruit for a Development Engineer that will be specifically focused on growth in the district.
Trade Waste Bylaws implementation	Failure to effectively deliver services and projects	The decision to recover a component of the construction costs for the new waste water treatment plants from trade waste is a shift from previous. There is risk of legal challenge, operational issues in implementing the new policy and financial risk of non-payment. All risks are being actively managed.
Recruitment for key roles	Not able to retain or secure key staff	As previously reported to the Committee, Council is advertising for several key roles and in some cases had more than one round of advertising to find suitable candidates. In in the context of the 3 Waters Reform, this ‘active risk’ is more apparent in the 3 Waters Team, where we continue to see specialist skills and technical leadership shortages. This active risk is being managed via increased engagement of external resources or through existing staff taking on extra duties for a short period.
Asset condition related failures	Failure of Critical Assets	Councils 3 waters assets remain largely in a compromised condition and failures are still common. Significant funding has been tagged in the new LTP to address this risk but until such time as budgets are confirmed and work is undertaken across a number of years to replace tired assets, the risk will remain actively managed.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers focus on Risk Management continues to be the establishment and embedding of a common single system for managing and reporting all risks.

Officers welcome feedback and guidance of the Committee and its members on the future of this report and other matters with respect to Risk Management in the organisation.

RECOMMENDATION

That having considered all maters raised in the report, that the report be noted.

Risk and Assurance Committee Meeting Agenda

27 May 2021

6.7 Audit Findings Monitoring Report

File Number: COU1-1408

Author: Brent Chamberlain, Chief Financial Officer

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is to track and update the committee on audit recommendations from recent audits.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Over the course of each year Council undertakes a number of audits that look at the activities of Council’s Corporate Services functions.

This include internal audits which test Councils Policies and Procedures to ensure they are fit for purpose and that they are being adhered to, but also includes external audits of financial reporting to the public (whether this is an Annual Report, or a Long Term Plan). These external audit focus on the quality of data being supplied, and the controls that Council has in place to ensure accuracy of data, controls to ensure protection of public funds, and transparency of information supplied.

Officers will work between the March and May Risk and Assurance Committee meeting to incorporate NZTA Audit Report Recommendations into the report. It is anticipated that this report will become a standing item at every Committee meeting.

DISCUSSION

Below are the findings/recommendations of the last three audits undertaken on the Corporate Services Activities:

Internal Audit: Procurement and Purchasing (undertaken November 2019)

Observation

Recommendation

Actions Taken

Managing Conflicts of Interest

The Council adopted the Procurement and Contract Management Policy in October 2018. The Policy sets the Council’s requirements and expectations in relation to how procurement should be done at the Council. The responsibility for the Policy has been assigned to Group Manager Corporate Support and Services.

The Policy requires ‘all staff involved in the preparation and execution of a public procurement process to complete a Conflict of Interest (CoI) declaration which is to be approved by the delegated financial authority for the procurement’.

We received a list of current major contracts from the Council’s Contract Register and selected a sample to check how the decision to procure was made, how the supplier was selected, what procurement methods were used in the selection (tender, direct engagement, pre-approved supplier list), whether all documentation (such as conflicts of interest forms) were completed and documented.

For our sample of 5 procurements we noted the following:

• For 2 procurements the CoI declarations were not prepared at all.

• For 2 procurements the CoI declarations were prepared by the members of the evaluation team but were approved by the 3 Waters Programme Manager instead of the appropriate delegated financial authority (the Council for one and the GM for the other).

• For 1 procurement (for which the procurement plan was approved on 29/8/19) the CoI hasn’t been done at the time of our review (November 2019), although the Procurement Plan that went for approval to the Council said that the CoI declarations had been approved.

Risk

If the Council doesn’t effectively manage the conflicts of interest across its procurement activities, it can make inappropriate purchases or enter into inappropriate contracts which could be challenged by other suppliers or ratepayers. Poor management of conflicts of interest also increases risk of corruption.

The Council should effectively communicate the requirements of its Procurement and Contract Management Policy across relevant staff involved in procurement. This could be achieved through a Council-wide training session or workshop for staff.

Officers have worked with the PMO (Project Management Office) to ensure that conflict of interest forms are correctly filled out and kept for all of Councils significant procurements.

Officers are in the process of reworking the procurement manual to incorporate the Progressive Procurement Toolkit and Supplier Guide recently developed by Hastings District Council on behalf of the 5 Hawkes Bay Councils.

The Procurement Toolkit has been rebranded and updated to be CHBDC specific.

Once the manual has been updated, staff training sessions will be run out by 30 June 2021.

Managing procurement outside the Infrastructure Team

As part of our testing, a listing of annualised Council spend by supplier was provided. From this a random sample of suppliers with annualised spends of over $50k were selected for testing. The testing consisted of how the decision to procure was made, how the supplier was selected, what procurement methods were used in the selection (tender, direct engagement, pre-approved supplier list), whether all documentation (such as conflicts of interest forms) were completed and documented.

For our sample of 6 vendors with purchases between $25k and $200k we were unable to find:

- Procurement Plans

- Vendor selection documentation

- Conflicts of interest declarations for personnel involved in the procurement activities.

According to the Council’s Policy we would expect that these procurements would either use quotes from preferred or panel suppliers. If existing contracted, preferred or panel suppliers are not appropriate then a Procurement Plan that recommends another approach must be prepared (e.g. an open tender or direct award to a high performing supplier).

Risk

If the Council doesn’t comply with its Policy, the Council may procure goods or services at a higher price or may spend public money inappropriately. The Council’s decisions can be challenged by ratepayers or suppliers. This may lead to legal or reputational damage.

Like the point above, the Council should effectively communicate the requirements of its Procurement and Contract Management Policy across relevant staff involved in procurement outside the Infrastructure team. This could be achieved through a Council-wide training session or workshop for staff.

As above

Procurement Strategy

The Policy requires the Council’s ELT team to ‘oversee the development and maintenance of a rolling three year procurement strategy’. At the time of our review no such strategy has been developed.

Risk

The Council should develop the three-year procurement strategies are required by the Policy.

The current policy no longer requires Procurement Strategies to be developed, as it was determined they were essentially a distraction from individual Procurement Plans developed.

Lack of oversight of procurement activities

A large number of instances of non-compliance with the Council’s Policy (findings 1-3 above), requires the Council to monitor the extent to which the business units comply with the requirements of the Policy. This becomes even more important given the decentralised procurement operating model at the Council, i.e. when each business unit performs its own procurements without a centralised support.

Currently no monitoring is performed by the Council to ensure all purchases and procurement activities comply with the Policy and there is varying degrees of understanding of procurements activities happening across the Council.

In addition, there is limited procurement reporting to the Executive Team and the Council. We understand that reporting is on an exception basis. As a result, this reduces Managements oversight on procurement activities.

Procurement reporting would provide an overview of large value, high risk or complex procurements. It would also provide valuable insights into the activities of other departments.

Risk

The lack of an effective process to monitor compliance with the Council’s Policy increases the risk that the Council’s purchases may not meet the policy requirements and the Council’s expectations.

The Council should implement a formal process to review the Council’s compliance with the requirements of the Policy. This could be done by regularly reviewing a sample of purchases to check whether all Policy requirements have been met. The results of this ‘audit’ should be communicated to the ELT. The responsibility for this work should either sit with the Group Manager Corporate Support and Services (as the Policy Owner) or could be delegated to the 3 Waters Programme Manager (as a ‘Centre of Procurement Excellence’ within the Council).

Council’s finance team has recently had a small restructure which has introduced procurement as an element into the job description of a staff member other than the Chief Financial Officer.

This staff member has is undertaking some procurement training in June 2021, and has been involved in the rebranding of the progressive procurement toolkit. Once the new procurement manual is rolled out to staff and training undertaken, we will begin to undertake quarterly checks of adherence to policy.

Lack of additional guidance to assist employees in the procurement process

The Council has started drafting a Procurement Manual to provide additional guidance and support to the Council’s personnel involved in procurement activities. However, at the time of our review, this work hasn’t been finished yet.

The Council’s 3 Waters team has developed several templates (e.g. Procurement Plan) to assist with its major procurements, however they do not cover the end-to-end procurement process and additional templates need to be created (e.g. probity checklists, RFx templates, supplier recommendation templates, etc.).

In a de-centralised environment, we would expect a suite of tools and templates such as procurement plans, tender documents and checklists to guide employees.

Risk

The absence of additional guidance material to assist staff during procurement may lead to a situation where staff do not comply with the Council’s procurement process.

Finalise the Council’s Procurement Manual and communicate it to all personnel involved in procurement.

Develop additional tools and templates to assist employees in the procurement process. The need for these templates will be identified in the Manual.

The Manual and templates should be developed or reviewed by procurement and or legal professionals.

Council adopted a rewritten procurement policy in 2020.

The Procurement Toolkit has been rebranded and updated to be CHBDC specific.

Once the manual has been updated, staff training sessions will be run out by 30 June 2021.

Incorrect system-enforced authorisation limits

The authorisation limits in the Council’s core system, MagiQ, are not in line with the limits established in the Council’s Delegations Register.

As a result, staff members are able to approve purchases above the levels of authority they have been granted.

We noted the following exceptions:

Brent Chamberlain

Bridget Gibson

Craig Ireson

Graham Manning

Ian Cover

Review the authorisation limits in MagiQ and ensure they are in line with the current Delegations Policy.

If it is identified that for practical reasons, higher limits may be required for approving payments then a review of the delegated authorities should be undertaken.

The Council can also perform a data analytics test to understand whether these incorrect delegations settings have actually resulted in any incorrectly authorised purchases.

The limits in Magiq were corrected following this audit, and then were tested again as part of the Ernst Young Year End Audit in August/September 2020.

Policies are not up to date

Procurement and Contract Management Policy

The Council’s Procurement and Contract Management Policy was due to be reviewed on 31 October 2019. At the time of our work in November 2019 the Policy still hasn’t been reviewed. This was largely due to a change in the Group Manager Corporate Support and Services.

Credit Card Operation Procedure

The Council has a Credit Card Operation Procedure which defines the Council’s use of credit cards. The Procedure specifies that there should only be one card and it should be operated by the Chief Executive. We understand that the Council uses two cards: one used by the Mayor and the CE; one used by the Group Manager Corporate Support and Services for staff travel expenses and other minor purchases.

Ensure the Procurement and Contract Management Policy is up to date.

Review the Credit Card Operation Procedure to ensure it reflects the current Council’s practice of using the credit cards.

Policies have been updated:

Procurement Policy 18/9/2020

Credit Card Operation 2/6/2020

External Audit: Year End (Undertaken August/September 2020)

Observation	Recommendation	Actions Taken
Process documentation and reliance on key individuals There are certain roles within the Council that require specialised knowledge in order for the role to be performed efficiently and effectively. An example of this is the maintenance of the data for the three waters infrastructure assets and the associated valuation of these assets where knowledge of relevant systems plus the underlying subject matter is required. We observed that there was a reliance on the person filling this role and there were limited other staff members that were able to assist with key audit procedures relating to the valuation of the three waters infrastructure assets and how the valuation linked to the underlying data. There was also a lack of supporting documentation for the valuation exercise completed and the documentation that was available didn’t contain sufficient detail.	We recommend that CHBDC broaden the number of staff that have a working understanding of the processes and controls relating to infrastructure assets and in particular data management and valuation processes for the three waters assets. We also recommend processes notes be retained by CHBDC to ensure that in the absence of key individuals, processes can continue to be performed and there is clarity with respect to processes followed historically.	This is the nature of being a smaller Council where not every position has a clear backup. It did highlight that all key person positions keep good hand over notes as part of role handover on exit.
Compliance with Policies We noted that the CHBDC Treasury Management Policy was not been followed in relation to concentration risk for investments. The Council’s Treasury Management Policy restricts the amount that can be invested with any one counter party to $8m. At 30 June 2020, Council had term deposits with BNZ of $9m.	We recommend that policies be followed to ensure risk is being managed in a way that has been agreed with those that approved the policy.	Policy updated on 18/9/2020 to increase this limit to $10m. Currently the maximum investment with any one bank is $7.5m.
Timely update of authorised signatories During our testing of the authorised signatories for online banking, we noted that two employees who left the Council during the year were still listed as authorised signatories. We acknowledge that subsequent to our finding the list of authorised signatories was correctly updated.	We recommend that banking signatories and approvers be updated on a timely basis. There should also be a process for staff leaving Council to ensure access to IT systems is removed, they are removed as authorised signatories and Council property in returned. This process should be systematically worked through for each employee that leaves Council.	The paper banking mandates had been updated at the time of audit, but ANZDirect user logins did not reflect the change. This was subsequently corrected before the audit was completed.
Timely closure of credit cards As part of our testing, we identified that there was an active credit card in the name of a former employee. We did additional analysis over the expenses incurred on the credit card to assess what expenses had been incurred on the card since the employee left and noted that all costs were automatic payments for subscriptions that were used by Council. Subsequent to year end, we are aware that the credit card has been cancelled.	We recommend that management cancel credit cards in a timely manner when individuals leave council.	The card had been cut up at the time of audit, but due to a number of annual subscriptions coming out of this card, the card wasn’t immediately cancelled. The card was formally cancelled before the audit was complete.
Approval of Expenditure Under the current sensitive expenditure policy, an approver or expenditure cannot benefit personally from the expenditure being claimed. However, through our testing we identified instances where expenditure was approved by a member of staff that benefited from the expense being incurred as well as the approver being more junior that than the individual incurring the expense.	We recommend that Council update their policy to include a requirement for a “one up” approval of the individual incurring the expenses, this would be a council member in the case of the Mayor’s expenses.	This item is a carry forward from 2019. Sensitive Expenditure was again retested in 2020 with one breach identified so it remains an audit point.
Land Title Discrepancies We obtained and reviewed the land titles for land owned by the Council on a sample basis to verify the information used by QV in their 2017 valuation of the Council’s land and to validate the land is freehold. We identified several discrepancies between the Council records and the information used by QV. For one title the land information on the title was less than the area valued in by QV. In addition, a number of titles were not able to be obtained. There is a risk the Council records do not contain the most up to date information in relation to land titles. In addition, there is a risk QV may be performing their valuation on incomplete / inaccurate information.	We recommend a formal review be completed for land held by the council to ensure all land titles are available and the title area reflects the Council’s records and that used by QV.	This item is a carry forward from 2019. 5 Titles were identified as belonging to CHBDC but had discrepancies with the LINZ records. 3 have now been resolved, and 2 remain: 1092050900 232 Pourerere Beach 1095013300 Hatuma Road Both these are recorded by LINZ as public reserves with Department of Conservation Ownership
Policies due for update We noted a number of policies are past their date for revision. There is a risk that outdated policies may not reflect the most up to date intentions of Council. It is important policies are updated in a timely manner, particularly when there is public visibility to policies via the council’s website.	We recommend the Council update the policies, and in the future establish a process to ensure they are updated in a timely manner.	This item is a carry forward from 2019. Officers are working through a review process to ensure all policies are up to date and significant progress was made during 2020.

External Audit: Long Term Plan (Undertaken December 2020 – January 2021)

Observation	Recommendation	Actions Taken
Quality of asset information CHBDC could improve the quality of the information reflected in the Infrastructure Strategy through using a more granular five tier scale to assess data quality and through presenting asset performance information for water supply and waste water. The identification of specific critical assets would also be beneficial.		The understanding of our infrastructure assets is improving and being better documented over time. Officer’s intention is that this is an area of continuous improvement. Officers will present Asset Management Plans at the 17^th June 2021 Council Meeting
Targets for performance measures Some performance measures have targets set at a level notably below current delivery. We would expect targets to usually show continued performance at the current level or provide a degree of challenge for services to improve going forward.		After being challenged by Ernst Young many LOS targets were adjusted. But with many of our mature services with high levels of satisfaction it is not always practical or cost effective to strive for further improvements.
Articulation of long term view Council have provided a transparent plan of what is required in the short to medium term due to previous underinvestment in infrastructure assets. Funding this investment results in increased debt and expenditure exceeding revenue for most years of the long-term plan. Going forward Council will need to engage with the community on both when the budget will be able to be balanced and specifically how renewals work will be funded in a more sustainable way.		It is officer’s intent to provide advice to Council in order to strive towards the goal of achieving a balanced budget and they intend reviewing the life expectancy of assets, and therefore depreciation, as more asset conditioning work is undertaken. Councillors have agreed that during the catch up of deferred renewals Council is unable to run balanced budgets, but this is an aspirational goal for the next LTP once the future of 3 Waters is clearer.

Internal Audit: Fraud Health Check (Undertaken April 2021)

Observation

Recommendation

Actions Taken

Fraud-related policies and procedures

The Council does not have a Fraud Policy in place.

We also noted the following regarding other fraud related policies:

• The Staff Conduct Policy is out of date and was due for renewal in 2018.

• The Protected Disclosures Policy is out of date and due for renewal in 2018.

The absence of up-to-date and relevant fraud-related policies prevents the Council from clearly communicating its attitude to fraudulent behaviour, raising awareness of fraud risk amongst its staff and communicating relevant fraud prevention, detection and monitoring controls.

A significant amount of occupational fraud and corruption is opportunistic in nature and informing employees that the company has detailed fraud and corruption control strategies can act as an effective deterrent to fraudulent activity.

We recommend that a specific Fraud Policy should be documented including the following key elements:

• A categorical statement that the council has zero tolerance to fraud.

• A statement that all staff are responsible to disclose any suspicious activities they become aware of should be included.

• Examples of the types of behaviour the council considers to be fraudulent should be given.

• A description of specific prevention and detection procedures that are employed to manage fraud risk, such as, fraud awareness training, specific transactional reviews, management reporting etc

• An overview of fraud investigation processes and responsibilities.

• The consequences for perpetrating fraud.

The following is also recommended:

• The Council should consider assigning the responsibility of maintaining the Fraud Policy to a person in a position with sufficient authority, relevant subject matter expertise, independence and objectivity (for example the CFO).

• The Council should periodically review its internal policies to ensure they remain relevant and include the latest fraud risks.

• The Audit Committee should proactively oversee fraud risk by:

- Providing direction and input into anti-fraud activities and implementation of a fraud programme

- Reviewing the results of the fraud risk assessment (see above)

- Reviewing and approving relevant fraud-related policies

- Overseeing and monitoring fraud related assurance activity.

A Fraud and Corruption Prevention Policy has been drafted for adoption, and socialization with staff.

Staff Conduct Policy and Protected Disclosures Policy scheduled to be reviewed in 2021 by People and Capability Advisor

Responsible person

CFO and People and Capability Advisor

Date of implementation

Fraud Policy – 31/05/2021

Other Policy Reviews – September 2021

Fraud risk assessment

• The Council does not have formal fraud risk assessment procedures in place. Reliance is placed on controls implemented at transaction level to identify its exposure to fraud risk.

Whilst this assignment has considered fraud risks as a stand-alone assignment, the review and consideration of fraud risks should be considered alongside other strategic and operational risks on an ongoing basis.

With a lack of formal fraud risk assessment and placing reliance on controls in only one area (payments), limits the Council’s ability to understand the areas of its activities that are exposed to fraud, bribery and corruption and develop fit-for-purpose fraud identification and response procedure.

• Risk assessment criteria are not periodically reassessed which can lead to a lack of awareness of the latest fraud that can occur.

• Risk registers are only maintained for each project, at an operational level.

• The Council should perform a formal fraud risk assessment (FRA). Fraud risk should be treated as a business risk like other risks and be incorporated into the Council’s ongoing risk assessment and risk management processes.

The FRA should identify and evaluate the Council’s exposure to key fraud risks – bribery and corruption, financial statement fraud, etc. – across all the Council’s activities.

The FRA should also assess the effectiveness of the Council’s key fraud-related controls and assurance activities providing a better understanding of the level of risk and comfort and any possible gaps that need to be addressed.

• Discussions of fraud or errors should be incorporated in management meetings and documented in the minutes.

• The Council should periodically reassess risk assessment criteria to consider changes in Council processes, and the latest fraudulent activities.

• The risk register should include council-wide fraud risks.

Council has undertaken this Fraud Health Check as a Fraud Risk Assessment with its internal auditor – Crowe.

This will result a paper being taken to Risk and Assurance Sub-committee.

Council is also audited annually by Ernst Young as part of the external audit program who check internal controls as part of their audit reliance program.

Post Audit, every year Council has a debrief with Ernst and Young where audit findings and concerns are discussed.

Council has a risk register that covers financial strategy failure, but officers will extend this to cover the risk of fraud.

Responsible person

CFO

Date of implementation

April 2021

Fraud awareness and training

We note the following:

• There is no ongoing fraud-related communication and training provided to employees.

• There is no fraud awareness communication to third parties (i.e. vendors, contractors, etc.)

Raising awareness of fraud risks, scenarios and ‘red flags’ is an effective way to prevent and detect fraudulent activity. The absence of regular communication of fraud matters and relevant training creates an environment where staff can better understand their obligations and support effective prevention and detection of fraud, bribery and corruption.

With the implementation of the Fraud Policy and the Fraud Risk Assessment, we recommend that periodic training and awareness sessions should be provided to all staff. Contents should include:

• A clear definition of the types of behaviour that constitute fraudulent or corrupt practice.

• An unequivocal statement that fraudulent and corrupt practices within the council will not be tolerated.

• The types of fraud that are common (as identified in the fraud risk assessment).

• The fraud detection measures that are in place.

• Red flag behaviours and due diligence activities that staff should undertake when reviewing invoices, contracts etc.

• How staff should report any unusual or suspicious documents or red flag behaviours.

Council will shortly be socializing the new ‘Fraud and Corruption Prevention Policy’ with staff.

The refreshed Staff Conduct Policy and Protected Disclosures Policy will be socialized with staff in September 2021 by People and Capability Advisor.

Responsible person

CFO and People and Capability Advisor

Date of implementation

Fraud Policy – 31/05/2021

Other Policy Reviews – September 2021

Fraud prevention – internal controls

We identified a number of internal control weaknesses during our review including the following:

• We noted that there are insufficient controls in place for adding and uploading direct debits to the bank account. Currently this process is performed by one individual and no secondary review is completed prior to the bank upload.

Where bank numbers are entered by one person and not reviewed, the risk of error exists. Reliance is currently placed on complaints being made to identify errors.

• A review of permissions in the Magiq accounting system noted users outside the Finance team and Finance team members that should not be able to, can process journal entries. There is also no review of journal entries undertaken.

We noted additionally that a recent IT security review identified a number of user access issues that are currently being investigated and resolved.

• Some basic data analytics testing was undertaken in 2018 as part of a Sensitive Expenditure audit to identify any unusual transactions, trends or relationships between employees and suppliers. No periodic routine analytics is undertaken on a scheduled basis.

The following is recommended:

• The Council should consider implementing dual controls for adding and uploading direct debits into the bank account for the receipt of rate payments. A secondary review on all bank account addition or changes should be undertaken either on a real time basis or through reviewing change logs or reports from the accounting system on a regular scheduled basis.

• Magiq access rights and authorisations should be should be reviewed on a periodic basis to ensure individual authorisations remain up to date and appropriate.

• Consideration should be given to undertaking further periodic data analytics audits to help identify ‘red flags’, suspicious transactions, trends or relationships between employees and suppliers.

Direct Debits – Issue is a result of only having a single rates officer and not being able to achieve separation of duties.

Magiq Permissions – agreed, and a review of these will be undertaken as part of the move to Magiq Cloud in July 2021.

Data Analytics – This was last undertaken by Crowe in October 2018.

Responsible person

CFO

Date of implementation

July 2021

Protected disclosures

The Association of Certified Fraud Examiners’ Global Fraud Survey 2020 noted 43% of frauds were initially detected through a tip off (3 times higher than the next-most common detection method). Having clear protected disclosure policies and procedures is therefore a key control in the detection of fraud.

Surveys undertaken by us and preferred methods indicated in the Association of Certified Fraud Examiners’ Global Fraud Survey 2020 note preferences for whistleblowing equally split between telephone hotlines, email reports, web-based/online forms as well as face-to-face disclosures.

Surveys undertaken by us also suggest a range of persons to whom staff prefer to make reports (most commonly to their direct supervisor but also to their HR representative to senior management or external parties).

We note that the council has a Protected Disclosures Policy which covers the key areas we would expect it to. We note however that, as per the details above, that there is currently further mechanisms for reporting disclosures could be offered to ensure staff do not feel uncomfortable or discouraged in reporting.

Consideration should be given as to whether further methods of reporting and persons to whom reports can be made can be established to ensure the methods available do not discourage staff from reporting concerns (these could include a hotline, internal email address or contact details of the internal or external auditors).

Protected Disclosures Policy scheduled to be reviewed in 2021 by People and Capability Advisor.

Responsible person

People and Capability Advisor

Date of implementation

September 2021

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers will continue to work towards resolution for the audit recommendations listed above that have yet to be resolved. Officers will continue to report any items above until resolution is achieved.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

27 May 2021

6.8 Climate Change Commission and Impact for Local Government

File Number: COU1-1408

Author: Monique Davidson, Chief Executive

Authoriser: Monique Davidson, Chief Executive

Attachments: 1. Environmental and Sustainability Strategy ⇩

2. Draft advice LGNZ Submission Climate Change Commission ⇩

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is to provide visibility to the Risk and Assurance Committee of the emerging importance of the impact of climate change and how local authorities are responding to it. This report does not seek a decision, but follows a request from the committee on understanding the emerging expectations on local authorities to respond to Climate Change.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Climate change poses an unprecedented level of risk to New Zealand’s natural and built environment. Adapting to and mitigating the impacts of climate change are significant challenges and a new priority focus for councils. Leading and championing policy to deal with the impacts of climate change is a key policy priority for LGNZ and its 78 member councils.

As the sphere of government with direct responsibility for environmental planning and regulation, much of the responsibility for adaptation falls to local government. However, councils cannot address these issues by themselves. To be effective, climate adaptation will require a diverse range of actions and policy approaches.

Councils can also play an important role in mitigation by working with their communities to reduce emissions.

Under the Resource Management Act 1991 (RMA) local government is required to consider the effects of a changing climate on communities. It is also required to incorporate climate change into existing frameworks, plans, projects and standard decision-making procedures. A climate change perspective is now integrated into activities such as flood management, water resources, planning, building regulations and transport.

At a local and regional level, councils play a critical role in helping communities prepare for, and respond to, natural hazard events, whose incidence and severity are increased by rapid changes in the climate.

At a National level, LGNZ have identified Climate Change as one of the key areas of focus, with a particular focus on working with central government to develop policies that will enable New Zealand’s diverse communities to be resilient and adaptive in the face of climate change.

The increasing focus on Climate Change and the need for Local Government to provide coordinated leadership in this space, is something that Central Hawke’s Bay District Council will need to give more consideration to in the future.

DISCUSSION

While Council does not currently have a specific Climate Change Strategy or Framework, Central Hawke’s Bay District Council adopted its first Environmental and Sustainability Strategy in 2018, which sets the direction for how it will manage its impact on the environment for years to come.

The strategy is a key deliverable of Project Thrive, to deliver on the communities’ aspirations for Central Hawke’s Bay - a proud and prosperous district made up of strong communities and connected people who respect and protect our environment and celebrate our beautiful part of New Zealand.

Developed alongside the community with the support of a community reference group and external expertise, the Environmental and Sustainability Strategy seeks to deliver on the council’s commitments made in the 2018-21 Long Term Plan. It captures activities and initiatives that the Council can influence, coordinate or facilitate, and in some instances deliver.

The strategy (attached) has four priority areas: Managing our impact on waterways, increasing recycling and reducing waste to landfill, conserving water and managing climate change and is supported by a number of goals and actions.

While we are already undertaking a range of actions through our current work, the intention is at future Strategy and Wellbeing Committee’s to outline what actions within the Environmental and Sustainability Strategy are underway and any additional actions both within work programmes and in our own organisation we are doing to support climate change efforts.

The impacts of climate change are already being felt in Central Hawke’s Bay. Changing weather patterns, more frequent and more severe storms, and the recent record-breaking drought, are examples of what we can expect to see more of. It is important that as a District we plan as best we can to meet these challenges. This Long Term Plan 2021-2031 is influenced in many areas by climate change with most significant influences being the known impacts on our infrastructure – in particular our water, wastewater and stormwater networks, which are primarily affected. Our existing and future infrastructure will be tested by changes in the climate. Rain events raise water levels, affecting our stormwater, wastewater and roading assets. Further, changing land-use patterns affect our assets and can affect the physical, economic and social composition of our District. Throughout this Long Term Plan 2021-2031 the impacts of climate change have been accounted for across relevant activities.

The way in which we tell the Climate Change story will become more important as the role of the Climate Change Commission elevates.

As a smaller Council, we rely on the expertise and support of our national organisation LGNZ. LGNZ are currently leading three projects that will support Councils in stepping up to the challenge of climate change:

Reporting and Funding

The introduction of the Zero Carbon Act gives the Climate Change Commission powers over councils that will allow them to request a range of information related to mitigation and adaptation measures in their jurisdictions. Highly complex and technical information is likely to be required, and meeting this expectation will be costly and burdensome on all councils, particularly smaller ones. The Advice and evidence to government is expected to be finalised by 31^st May. LGNZ have already submitted (attached) to the Climate Change Commission on the draft advice they have provided to Government.

This project seeks to:

· Advocate for, and participate in, the development of a right-sized reporting methodology and framework for councils that meets the foreseeable needs of the Climate Change Commission while remaining cost effective by using a single national platform. A key focus of this work is to help identify, at a national level, where the key risks are as catalyst for starting funding discussions with central government. This project will also explore the application of new and emerging funding tools to pay for climate change related adaptation projects, including measures to protect natural environments threatened by rapid changes in climate.

Community resilience

Central Government is currently developing adaptation policy through the Community Resilience working group. Comprised of key ministries and local government representatives, the group seeks to improve the ability of communities around the country to prepare for, avoid and respond to natural hazards - including those caused or exacerbated by climate change.

This project seeks to:

· Work with central government on identifying the gaps in the current system that prevents communities from becoming more resilient to natural hazards, and develop policies to close these, including funding shortfalls. From the local government perspective, the aim is to advocate for systemic reform, as opposed to the current approach of piecemeal intervention as hazards occur. In addition, this project will examine areas of local government practice, as they relate to community resilience to natural hazards, and identify and socialise areas where improvements can be made.

Climate future fit

Councils play a pivotal role in enabling their communities and economies to adapt to a low carbon economy. Their engagement with communities determines how local places will develop in the future - the more forward thinking and climate change aware these plans are, the more communities will be better positioned to adapt to a low carbon reality.

This project seeks to:

· Examine current engagement with communities in areas affected by climate change-related natural hazard events. The aim is to identify best practice among the local government sector using case studies, and socialise this among other councils facing similar challenges. In addition, this project seeks to identify the challenges and limitations when it comes to community engagement under the current legislative and regulatory system to identify areas for policy change.

In summary, expectations are increasing. While the 2021 – 2031 Long Term Plan has given consideration to the impacts of Climate Change, and Officers are currently guided by the 2018-2031 Environmental and Sustainability Strategy further work is required in order to be clear on what a strategic response to climate change will be. It is Officers advice that this is best done by awaiting the guidance from the Climate Change Commission in order for a more comprehensive strategic response to be developed.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers will continue monitoring the work of the Climate Change Commission, and report back to Council and the Risk and Assurance Committee as more guidance develops.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.