Agenda of Risk and Assurance Committee Meeting

Risk and Assurance Committee Meeting Agenda

16 September 2021

MINUTES OF Central HAwkes Bay District Council
Risk and Assurance Committee Meeting
HELD AT THE Council Chamber, 28-32 Ruataniwha Street, Waipawa
ON Thursday, 27 May 2021 AT 9.00am

PRESENT: Mayor Alex Walker

Chairperson Neil Bain (Chair)

Cr Tim Aitken

Cr Gerard Minehan

Cr Brent Muggeridge

Cr Jerry Greer

IN ATTENDANCE: Monique Davidson (Chief Executive)

Joshua Lloyd (Group Manager, Community Infrastructure and Development)

Darren de Klerk (Director Projects and Programmes)

Doug Tate (Group Manager, Customer and Community Partnerships)

Nicola Bousfield (Group Manager, People and Business Enablement)

Brent Chamberlain (Chief Financial Officer)

Caitlyn Dine (Governance and Support Officer)

1 KARAKIA

Mayor Walker Led the Karakia

2 APOLOGIES

NIL

3 Declarations of Conflicts of Interest

4 Standing Orders

RECOMMENDATION

THAT the following standing orders are suspended for the duration of the meeting:

· 20.2 Time limits on speakers

· 20.5 Members may speak only once

· 20.6 Limits on number of speakers

And that Option C under section 21 General procedures for speaking and moving motions be used for the meeting.

Standing orders are recommended to be suspended to enable members to engage in discussion in a free and frank manner.

5 Confirmation of Minutes

Committee Resolution

Moved: Cr Gerard Minehan

Seconded: Cr Jerry Greer

That the minutes of the Risk and Assurance Committee Meeting held on 31 March 2021 as circulated, be confirmed as true and correct.

Carried

6 Report Section

6.1 Resolution Monitoring Report

PURPOSE

The purpose of this report is to present to the Committee the Risk and Assurance Committee Resolution Monitoring Report. This report seeks to ensure the Committee has visibility over work that is progressing, following resolutions made by the Committee.

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Jerry Greer

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Davidson presented this report.

6.2 Risk and Assurance Work Programme Monitoring Report

PURPOSE

The purpose of this report is for the Risk and Assurance Committee to receive a progress update on the Risk & Assurance Committee Work Programme.

Committee Resolution

Moved: Cr Gerard Minehan

Seconded: Cr Brent Muggeridge

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Davidson presented this report.

6.3 Treasury Management Monitoring Report

PURPOSE

The purpose of this report is to provide an update on Treasury Management and Policy Compliance.

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Tim Aitken

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Chamberlain presented this report.

6.4 Health & Safety Report

PURPOSE

To provide the Risk & Assurance Committee with health, safety and wellbeing information and insight and to update the Committee on key health and safety critical risks and initiatives.

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Gerard Minehan

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Bousfield and Mr Johnstone presented this report. Chair Neil Bain requested we report a detailed summary table of events where there has been a health and safety event.

6.5 Risk Status Report

PURPOSE

The purpose of this paper is to report to the Risk and Assurance Committee (the Committee) on Council’s risk landscape, risk management work in progress and to continue a discussion with the Committee about risk.

Committee Resolution

Moved: Cr Brent Muggeridge

Seconded: Cr Gerard Minehan

That, having considered all matters raised in the report, the report be noted.

Carried

Mrs Bousfield presented this report.

6.6 Internal Audit - Fraud Health Check

PURPOSE

The purpose of this report is to bring to the Risk and Assurance Committee the findings of the recent Fraud Health Check.

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Tim Aitken

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Chamberlain presented this report.

6.7 Audit Findings Monitoring Report

PURPOSE

The purpose of this report is to track and update the committee on audit recommendations from recent audits.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Cr Brent Muggeridge

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Chamberlain presented this report. Mayor Walker noted she doesn’t have a credit card in her own name, and it was agreed the report needed to be updated to reflect that.

6.8 Climate Change Commission and Impact for Local Government

PURPOSE

The purpose of this report is to provide visibility to the Risk and Assurance Committee of the emerging importance of the impact of climate change and how local authorities are responding to it. This report does not seek a decision, but follows a request from the committee on understanding the emerging expectations on local authorities to respond to Climate Change.

Committee Resolution

Moved: Cr Tim Aitken

Seconded: Mayor Alex Walker

That, having considered all matters raised in the report, the report be noted.

Carried

Mr Lloyd presented this report.

Meeting adjourned at 10:35am for a morning tea break.

Meeting returned for public excluded business at 11:04am.

RESOLUTION TO EXCLUDE THE PUBLIC

Committee Resolution

Moved: Mayor Alex Walker

Seconded: Cr Tim Aitken

That the public be excluded from the following parts of the proceedings of this meeting.

The general subject matter of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48 of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

General subject of each matter to be considered

Reason for passing this resolution in relation to each matter

Ground(s) under section 48 for the passing of this resolution

7.1 - Cyber Security Report

s7(2)(f)(i) - free and frank expression of opinions by or between or to members or officers or employees of any local authority

s7(2)(j) - the withholding of the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage

s48(1)(a)(i) - the public conduct of the relevant part of the proceedings of the meeting would be likely to result in the disclosure of information for which good reason for withholding would exist under section 6 or section 7

Carried

7 Date of Next Meeting

Recommendation

THAT the next meeting of the Central Hawke's Bay District Council Risk and Assurance Committee be held on 16 September 2021.

8 Time of Closure

The Meeting closed at 11:40am.

The minutes of this meeting were confirmed at the Risk and Assurance Committee Meeting held on 16 September 2021.

...................................................

CHAIRPERSON

Risk and Assurance Committee Meeting Agenda

16 September 2021

6 Report Section

6.1 Insurance Risk Profile Report

File Number: COU1-1408

Author: Brent Chamberlain, Chief Financial Officer

Authoriser: Monique Davidson, Chief Executive

Attachments: 1. Aon - Risk Profile Report ⇩

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is to provide the Risk and Assurance Committee with feedback on AON’s insurable risk profile meeting held on the 30 March 2021.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Council engaged Aon’s expertise to facilitate an insurable risk profile exercise. This was led on the 30 March 2021. The key objectives of the process were to:

· Reviewing risk management practices, corporate governance and management decision processes.

· Ensuring appropriate insurance is in place where there are material exposures.

· Clarifying rationale for decisions around interests / property insured, sums insured, limits and deductibles. Identify loss control measures.

· Developing a “roadmap” towards optimal insurance outcomes, including premium spend and total cost of risk.

· Driving improved operational performance and strategic decision making, including a strategic approach to risk transfer.

DISCUSSION

Against a backdrop of accelerated change and uncertainty, the way organisations purchase insurance is evolving. AON’s clients are looking harder at their insurance expenditure and are demanding more innovative solutions. As such, insurance is increasingly seen as one of several tools in an organisation’s risk management toolbox. There is now a greater focus on optimising the organisation’s overall risk management programme to create and protect value.

Risk management embraces a more integrated approach, connecting all relevant risks to overall objectives and strategy. This integrated approach aims to help with the setting of priorities, to ensure the success of strategy execution and to protect the interests of stakeholders. These good practices are reflected in important risk management standards such as ISO31000.

To this end Aon facilitated an insurable risk profile exercise on the 30^th March 2021 with key Councillors and Officers to establish Councils risk management needs and ambitions, and to design plans to progress risk management to the desired maturity level. Within the attached report, they aim to provide an overview of your risk and insurance programme to help set Councils broad “next step” priorities.

The following are the top strategic recommendations for the organisation based on the insurable risk profiling process:

Risk Governance

Guidance:

Opportunity to review risk management practices, corporate governance and management decision processes. Key steps typically include:

Engaging with Aon to establish current risk maturity through Aon's evidence-based risk maturity audit.

Determining desired risk maturity and developing a roadmap towards achieving risk management objectives, e.g. annual programme of tasks and initiatives.

Leveraging your risk maturity journey to achieve better insurance outcomes by communicating a proactive risk management approach to insurers.

Components:

High-Level Commitment; Executive Leadership; Transparent Risk Communication; Culture of

Risk ownership; Data and Analytics; Stakeholder Participation; Risk-based Decision Making;

Risk Quantification; Optimised Risk Profile

Actions:

Aon Owner to liaise with Client Owner and Aon Delivery to provide a proposal to deliver a risk maturity audit.

Very High

Exposures not Insured through Aon

Guidance:

Consider risk transfer for uninsured exposures and exposures not insured through Aon as outlined in the exposure review. Classes of insurance not insured through Aon with ratings of Medium, High and Very High priority are listed below.

Priority:

Professional Indemnity (Very High); Cyber Risk (High) ; General Liability (Medium) ; Environmental Impairment (Medium)

Actions:

Aon Owner to liaise with Client Owner and provide information on covers as applicable.

Very High

Property Schedule Development

Guidance:

Opportunity to improve processes around property schedule development and sums insured.

Key steps typically include:

Identifying all assets owned, based on asset management systems and processes.

Assessing asset criticality, vulnerability, hazard exposure and reinstatement strategies to determine whether to insure the asset, and if insured, determine the appropriate basis of settlement (i.e. reinstatement, indemnity or declared conditions).

Ensuring property valuations are appropriate for insurance purposes (typically these consider demolition costs, inflation and reinstatement strategies).

Including summary information on Construction, Occupancy, Protection and Exposure in property schedule(s).

If applicable, ensuring Aon is advised when capital works are completed so that new assets are added to the property schedule immediately.

Priority:

Infrastructure (Very High); Material Damage (High)

Actions:

Aon Owner to liaise with Client Owner and Aon Delivery to provide a proposal for asset selection framework.

Very High

Limit Analysis

Guidance:

Opportunity to better inform limits and sub limits. Key steps typically include:

Benchmarking against comparable organisations.

Reviewing historic losses.

Identifying potential exposures, e.g. activities, hazard types.

Describing potential loss scenarios.

Quantifying loss estimates and approximate likelihood measures (e.g. Normal Loss Expectancy, Probable Maximum Loss, Maximum Foreseeable Loss).

Liaising with broker to relate potential losses to desired insurance limit or sub limit, considering factors such as premium impact, capacity, insurer requirements, risk appetite and quantified risk tolerance.

Priority:

Infrastructure (Very High); Material Damage (Medium)

Actions:

Aon Owner to liaise with Client Owner and Aon Delivery to provide proposal for infrastructure sub limit analysis.

Aon Owner to liaise with Client Owner to review MD fire loss limit internally and other MD sublimits.

Very High

Risk Appetite and Quantified Risk Tolerance

Guidance:

Opportunity to better inform risk retention options and strategies (e.g. deductible / excess levels). Key steps typically include:

Engaging at a governance level to define the organisation’s desired approach to accepting and managing risk across different categories of risk (not limited to insurable risk).

Analysing the organisation’s most recent financial statements to determine the level of unbudgeted loss that would have a material adverse impact (e.g. impact key financial ratios beyond an acceptable level).

Relating financial risk tolerance to expected claim frequency across different classes of insurance, informing the feasibility of potential risk retention structures.

Priority:

Material Damage (High)

Actions:

Aon Owner to liaise with Client Owner and Aon Delivery to provide proposal for risk appetite workshop and risk tolerance analysis.

High

Property Loss Control

Guidance:

Opportunity to improve loss control and communication to insurers. Key steps typically include:

Engaging Aon to undertake risk engineering surveys for lifelines facilities (e.g. WTP/WWTP), sites with value greater than $20m, and heritage buildings.

Presenting survey reports to insurers to facilitate insurance placement. Reports provide a summary of construction, occupancy, protections and exposure, specifically formatted for underwriting purposes.

Implementing loss control recommendations from survey reports and updating insurers of progress on an annual basis at renewal.

Priority:

Material Damage (Medium)

Actions:

Aon Owner to liaise with Client Owner and Aon Delivery to provide proposal for engineering surveys as applicable.

Medium

Loss Control (Non-Property)

Guidance:

Opportunity to improve loss control and communication to insurers. Key steps typically

include:

Including insurable liability risks in the organisation’s risk register and managing these via the risk management process, i.e. identify exposures, analyse likelihood and consequence, evaluate and treat the risk.

Documenting and communicating the benefits of loss control initiatives as part of the organisations risk profile, e.g. risk management processes, quality management systems, contract management systems and communication channels.

Priority:

Professional Indemnity (Medium)

Actions:

Progress internally and/or Aon Owner to liaise with Client Owner and Aon Delivery to provide proposal for strategic risk analysis.

Medium

Officers are working with AON to cover off some of these risks as it completes its annual insurance renewal (1 November 2021).

Telfer Young has completed a desk top revaluation of all buildings for insurance purposes, and 3 Waters was valued 30 June 2020 and has had an inflationary uplift added, plus any completed capital works added.

Professional Indemnity, General Liability, Environmental Impairment were all renewed on the 1^st July (all be it – through Marsh, not through AON).

Representatives from AON will be attending the meeting to present their Risk Profiling Report and to give an update on the current insurance market and renewal process.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Council staff have identified and assessed all reasonably practicable options for addressing the matter and considered the views and preferences of any interested or affected persons (including Māori), in proportion to the significance of the matter;

· Any decisions made will help meet the current and future needs of communities for good-quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost-effective for households and businesses;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

· No decisions have been made that would alter significantly the intended level of service provision for any significant activity undertaken by or on behalf of the Council, or would transfer the ownership or control of a strategic asset to or from the Council.

Next Steps

Officers will continue to work with AON to mitigate the risks they have highlighted.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.3 Risk and Assurance Work Programme Monitoring Report

File Number: COU1- 1408

Author: Monique Davidson, Chief Executive

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is for the Risk and Assurance Committee to receive a progress update on the Risk & Assurance Committee Work Programme.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

In 2019 following the Triennial Election, Council established a Risk and Assurance Committee, which included the appointment of an Independent Chair.

At the time that Council agreed on Council and Committee priorities, the Risk and Assurance Committee had not been fully established, therefore a formal work programme was not determined.

At the Risk and Assurance Committee meeting in late June 2020, the Chief Executive following guidance from the Independent Chair, presented a Draft Risk and Assurance Work Programme for feedback. Subsequently, The Risk and Assurance Committee Work Programme was adopted by the Committee at meeting held 3 September 2020.

DISCUSSION

The purpose of the Risk and Assurance Committee is to contribute to improving the governance, performance and accountability of the Central Hawke’s Bay District Council by:

· Ensuring that the Council has appropriate financial, health and safety, risk management and internal control systems in place.

· Seeking reasonable assurance as to the integrity and reliability of the Council’s financial and non-financial reporting.

· Providing a communications link between management, the Council and the external and internal auditors and ensuring their independence and adequacy.

· Promoting a culture of openness and continuous improvement.

The Council delegates to the Risk and Assurance Committee the following responsibilities:

· To monitor the Council’s treasury activities to ensure that it remains within policy limits. Where there are good reasons to exceed policy, that this be recommended to Council.

· To review the Council’s insurance policies on an annual basis.

· To review, in depth, the Council’s annual report and if satisfied, recommend the adoption of the annual report to Council.

· To work in conjunction with Management in order to be satisfied with the existence and quality of cost-effective health and safety management systems and the proper application of health and safety management policy and processes.

· To work in conjunction with the Chief Executive in order to be satisfied with the existence and quality of cost-effective risk management systems and the proper application of risk management policy and processes, including that they align with commitments to the public and Council strategies and plans.

· To provide a communications link between management, the Council and the external and internal auditors.

· To engage with Council’s external auditors and approve the terms and arrangements for the external audit programme.

· To engage with Council’s internal auditors and approve the terms and arrangements for the internal audit programme.

· To monitor the organisation’s response to the external and internal audit reports and the extent to which recommendations are implemented.

· To engage with the external and internal auditors on any one off assignments.

· To work in conjunction with management to ensure compliance with applicable laws, regulations standards and best practice guidelines.

· To provide a communications link between management, the Council and the external and internal auditors.

· To engage with Council’s external auditors and approve the terms and arrangements for the external audit programme.

· To engage with Council’s internal auditors and approve the terms and arrangements for the internal audit programme.

· To monitor the organisation’s response to the external and internal audit reports and the extent to which recommendations are implemented.

· To engage with the external and internal auditors on any one off assignments.

· To work in conjunction with management to ensure compliance with applicable laws, regulations standards and best practice guidelines.

Subject to any expenditure having been approved in the Long Term Plan or Annual Plan the Risk and Assurance Committee shall have delegated authority to approve:

· Risk management and internal audit programmes.

· Terms of the appointment and engagement of the audit with the external auditor.

· Additional services provided by the external auditor.

· The proposal and scope of the internal audit.

In addition, the Council delegates to the Risk and Assurance Committee the following powers and duties:

· The Risk and Assurance Committee can conduct and monitor special investigations in accordance with Council policy, including engaging expert assistance, legal advisors or external auditors, and, where appropriate, recommend action(s) to Council.

The Risk and Assurance Committee can recommend to Council:

· Adoption or non-adoption of completed financial and non-financial performance statements.

· Governance policies associated with Council’s financial, accounting, risk management, compliance and ethics programmes, and internal control functions, including the: Liability Management Policy, Treasury Policy, Sensitive Expenditure Policy, Fraud Policy, and Risk Management Policy.

· Accounting treatments, changes in generally accepted accounting practice (GAAP).

· New accounting and reporting requirements.

The Risk and Assurance Committee may not delegate any of its responsibilities, duties or powers.

The Risk and Assurance Committee is still developing, as is the maturity of the organisation in the way it manages risk and assurance matters. It is for these reasons that a 12-month work programme was adopted, with the intention in early 2021 to develop a 2-year work programme that will take Council through until the end of 2022, which also aligns with the triennial election.

The Risk and Assurance Committee will receive the following standing reports:

· Committee Priorities Monitoring Report

· Committee Resolution Monitoring Report

· Internal and External Audit Monitoring Report

· Risk Status Monitoring Report

· Health and Safety Monitoring Report

· Treasury Management Monitoring Report

The monitoring report which provides an update on the key priorities of the Committee is below:

Key Priority

Responsible Officer

Progress Update

Review Internal Audit Work Programme

Brent Chamberlain

Council has sufficient funding for generally two internal audits during each financial year.

Council has recently undertaken a Cyber Security audit and a Fraud Health Check audit.

Crowe has recently provided some templates to allow Council to build its Business Continuity Plans, which are an area of focus ahead of any further internal audits.

Review Governance Policy Framework and determine role for Risk and Assurance Committee

Brent Chamberlain

The Risk and Assurance Committee participated in a workshop on the 27 May 2021 on this item. The Committee clarified its role, in recognising that policy sits with Council however agreed that Risk and Assurance Committee will play a role in developing the following policy:

· Procurement Policy

· Fraud and Corruption Prevention Policy (Operational)

· Sensitive Expenditure Policy

· Treasury Management Policy

· Protected Disclosures Policy (Operational)

Review Risk Management Policy

Nicola Bousfield

In the November 2020 report, revisions to the Risk Framework were completed and Officers advised they considered a separate Policy was not needed. The Framework has been amended to provide clear principles and intent for risk management and it is not considered that a separate Policy would add any value.

Review Risk Appetite Statement and Governance Risk Register.

Nicola Bousfield & Brent Chamberlain

This work will be undertaken as part of the wider review on risk management later in 2021.

Review Fraud

Brent Chamberlain

The newly developed policy has been adopted, and socialised with staff.

Whistle Blowing Policy

Nicola Bousfield

The People and Capability Team has the review of the policy programmed – currently “live” for staff as the Protected Disclosures Policy.

Review Health, Safety and Wellbeing Governance Charter

Nicola Bousfield

This review was completed and minor changes is presented to the Committee in the September Risk & Assurance meeting to adopt.

Review Insurances and Risk Appetite

Brent Chamberlain

Officers, the CEO, the Chair and Deputy Chair of Risk and Assurance, and the Chair of Finance and Infrastructure, and the Mayor attended an AON Insurance to workshop on the 30^th March 2021. AON are presenting the follow up report at this meeting.

As part of the Risk and Assurance’s role in ensuring assurance on things that matter the most, regular deep dives on key issues are agreed to:

Topic	Responsible Officer	Progress Update
Critical Risks	Nicola Bousfield	Critical Risks “in focus” are reported to the Risk & assurance Committee regularly through the Health & Safety Report, providing Governors line of site into Council’s critical risks and the controls taken to manage these.
Contractor Performance	Brent Chamberlain	As reported in the May 2021 Health and Safety Report to this Committee, the H&S contractor management guidance has been completed, but the project has been re-scoped to take a wider ‘all of Council’ approach for contract management and embed the H&S aspects into the existing Contract Management Framework. This work requires a full review of the existing framework by the Chief Financial Officer, progress will be reported to the Committee.
Legal Challenges / Files	Monique Davidson	The Risk and Assurance Committee will be updated on this in a workshop following the next meeting in November. This information does not exist in the public domain given the need for Council to protect legal privilege.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

A further update will be provided at the next committee meeting 11 November 2021.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.4 Treasury Management Monitoring Report

File Number: COU1-1408

Author: Brent Chamberlain, Chief Financial Officer

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is to provide an update on Treasury Management and Policy Compliance.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Council is required under the Local Government Act 2002 to have 3 policies:

· Treasury Management Policy

· Liability Management Policy, and

· Investment Policy

The rationale for the policies is to ensure prudent use of public funds, manage investment returns, borrowing costs, and to minimise the risk of loss of public funds.

In practice Central Hawkes Bay District Council has combined them into a single policy covering all 3 topics.

Council consulted on a revision to its treasury policy as part the 2021-31 Long Term Plan. After considering submissions, Council has recently adopted the revised policy on the 13^th May2021.

DISCUSSION

Investments

At the 20^th August 2021, Council was holding $5.8m in funds on call (up $2.6m from 30 June 2021). Much of this is due to instalment of one of rates and the next $1.6m of trance 1 water reform monies being received on this day.

In addition Council was holding $10.0m in term deposits ($13m as at 30 June 2021) spread across 3 maturities, $320k in capital notes ($320k as at 30 June 2021), and $955k ($955k as at 30 June 2021) in bank bonds.

These investments are listed below:

Term Deposit Rates are at an all time low with returns for periods of 3-6 months length returning less than 1% pa.

Council currently has a maximum exposure with a single bank of $10m which at the top of Council’s policy ($10m limit), so this exposure and the quality of the investments (credit worthiness) is compliant with policy.

Borrowing

At the 20^th August 2021 Council had $22m of external debt drawn ($20m 30 June 2021).

Council borrowed an additional $2m on the 19^th July 2021 in order to settle supplier invoices on the 20^th. This was borrowed short term (364 days) at a rate of 1.25% bringing Councils average weighted average cost of debt down to 2.19% pa.

The table below shows the details of Council’s current debt portfolio:

On the following page are a list of Council’s debt ratios as per the existing policy and the proposed policy:

As at 20^th August 2021, Council is holding sufficient funds to meet its financial obligations (liquidity ratio), it is within its debt ceiling (debt per head of population and debt to operating revenue ratios), and it is within its financial costs ratios.

Council’s policy states that “no more than the greater of $10m, or 35% of Council’s total debt can mature in any 12 month rolling period”. As at 20^th August 2021 the only 12 month period that exceeds 35% of all debt maturing in a 12 month period is 2024 where $10m matures, which is still inside the proposed policy.

Expected Funding / Refinancing Requirements

Over the next six months, Council has will have a further rates instalment due in August, the remaining 3 Waters reform monies due (further $3.9m) due, and $10m of term deposits maturing.

On the flip side the first LGFA debt maturity doesn’t occur until July 2022.

Treasury/Investment Advisor

At the end of July Council signed up to an initial 12 month contract with Bancorp Treasury for treasury advice, including a review of Council’s existing Treasury Policy with a particular focus on the investment aspect of the policy. It is expected that Bancorp will attend November’s Risk and Assurance to present the outcomes of this review and their proposed changes.

Officers have also held initial meeting with Eriksens Global (the investment advisor recommended by Bancorp Treasury) to discuss possible investment strategies for Special and Trust Funds. Currently Council holds approximately $7m of these funds and they are invested partly in term deposits and partly have been used to reduce Councils External Debt.

A separate report will come this this meeting to discuss possible investment strategies going forward.

3 Waters Reform

Officers attended a webinar run by DIA, LGNZ, and Taituarā on 3 Waters Reform aimed at the Council CFO’s. While most of it was of a technical accounting nature, the piece that will affect this Councils decision making going forward for the next 3 years is around debt maturities.

Below is a screen grab from that seminar, and the key piece of information is the third bullet point. The new 3 Waters entity will not take over Council’s existing debt, but a cash receipt will be made to Council allowing them to settle their debts with their bankers.

The issue with this is all of Council’s debt is borrowed with a fixed maturity date where a balloon repayment is due. Council currently has 2 debt lines with a balloon payment occurring after the 30 June 2024, and this will force Council to either carry on servicing this debt until maturity or break the contract and request an early repayment option.

DIA have promised that no Council will be worse off under the proposal and some form of compensation will be applied if this was to become an issue.

Council will also need to be mindful of this when taking on any new debt between now and then.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers will continue to provide quarterly updates on Treasury Management.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.5 Audit Findings Monitoring Report

File Number: COU1-1408

Author: Brent Chamberlain, Chief Financial Officer

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

The purpose of this report is to track and update the committee on audit recommendations from recent audits.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Over the course of each year Council undertakes a number of audits that look at the activities of Council’s Corporate Services functions.

This include internal audits which test Councils Policies and Procedures to ensure they are fit for purpose and that they are being adhered to, but also includes external audits of financial reporting to the public (whether this is an Annual Report, or a Long Term Plan). These external audit focus on the quality of data being supplied, and the controls that Council has in place to ensure accuracy of data, controls to ensure protection of public funds, and transparency of information supplied.

DISCUSSION

Below are the findings/recommendations of the last three audits undertaken on the Corporate Services Activities:

Internal Audit: Procurement and Purchasing (undertaken November 2019)

Observation

Recommendation

Actions Taken

Managing Conflicts of Interest

The Council adopted the Procurement and Contract Management Policy in October 2018. The Policy sets the Council’s requirements and expectations in relation to how procurement should be done at the Council. The responsibility for the Policy has been assigned to Group Manager Corporate Support and Services.

The Policy requires ‘all staff involved in the preparation and execution of a public procurement process to complete a Conflict of Interest (CoI) declaration which is to be approved by the delegated financial authority for the procurement’.

We received a list of current major contracts from the Council’s Contract Register and selected a sample to check how the decision to procure was made, how the supplier was selected, what procurement methods were used in the selection (tender, direct engagement, pre-approved supplier list), whether all documentation (such as conflicts of interest forms) were completed and documented.

For our sample of 5 procurements we noted the following:

• For 2 procurements the CoI declarations were not prepared at all.

• For 2 procurements the CoI declarations were prepared by the members of the evaluation team but were approved by the 3 Waters Programme Manager instead of the appropriate delegated financial authority (the Council for one and the GM for the other).

• For 1 procurement (for which the procurement plan was approved on 29/8/19) the CoI hasn’t been done at the time of our review (November 2019), although the Procurement Plan that went for approval to the Council said that the CoI declarations had been approved.

Risk

If the Council doesn’t effectively manage the conflicts of interest across its procurement activities, it can make inappropriate purchases or enter into inappropriate contracts which could be challenged by other suppliers or ratepayers. Poor management of conflicts of interest also increases risk of corruption.

The Council should effectively communicate the requirements of its Procurement and Contract Management Policy across relevant staff involved in procurement. This could be achieved through a Council-wide training session or workshop for staff.

Officers have worked with the PMO (Project Management Office) to ensure that conflict of interest forms are correctly filled out and kept for all of Councils significant procurements.

Officers are working with MBIE staff (Wellington based) who have offered to run training sessions for Hawkes Bay Staff, and this will be progress once New Zealanders are allowed to move around the country again.

Managing procurement outside the Infrastructure Team

As part of our testing, a listing of annualised Council spend by supplier was provided. From this a random sample of suppliers with annualised spends of over $50k were selected for testing. The testing consisted of how the decision to procure was made, how the supplier was selected, what procurement methods were used in the selection (tender, direct engagement, pre-approved supplier list), whether all documentation (such as conflicts of interest forms) were completed and documented.

For our sample of 6 vendors with purchases between $25k and $200k we were unable to find:

- Procurement Plans

- Vendor selection documentation

- Conflicts of interest declarations for personnel involved in the procurement activities.

According to the Council’s Policy we would expect that these procurements would either use quotes from preferred or panel suppliers. If existing contracted, preferred or panel suppliers are not appropriate then a Procurement Plan that recommends another approach must be prepared (e.g. an open tender or direct award to a high performing supplier).

Risk

If the Council doesn’t comply with its Policy, the Council may procure goods or services at a higher price or may spend public money inappropriately. The Council’s decisions can be challenged by ratepayers or suppliers. This may lead to legal or reputational damage.

Like the point above, the Council should effectively communicate the requirements of its Procurement and Contract Management Policy across relevant staff involved in procurement outside the Infrastructure team. This could be achieved through a Council-wide training session or workshop for staff.

As above

Lack of oversight of procurement activities

A large number of instances of non-compliance with the Council’s Policy (findings 1-3 above), requires the Council to monitor the extent to which the business units comply with the requirements of the Policy. This becomes even more important given the decentralised procurement operating model at the Council, i.e. when each business unit performs its own procurements without a centralised support.

Currently no monitoring is performed by the Council to ensure all purchases and procurement activities comply with the Policy and there is varying degrees of understanding of procurements activities happening across the Council.

In addition, there is limited procurement reporting to the Executive Team and the Council. We understand that reporting is on an exception basis. As a result, this reduces Managements oversight on procurement activities.

Procurement reporting would provide an overview of large value, high risk or complex procurements. It would also provide valuable insights into the activities of other departments.

Risk

The lack of an effective process to monitor compliance with the Council’s Policy increases the risk that the Council’s purchases may not meet the policy requirements and the Council’s expectations.

The Council should implement a formal process to review the Council’s compliance with the requirements of the Policy. This could be done by regularly reviewing a sample of purchases to check whether all Policy requirements have been met. The results of this ‘audit’ should be communicated to the ELT. The responsibility for this work should either sit with the Group Manager Corporate Support and Services (as the Policy Owner) or could be delegated to the 3 Waters Programme Manager (as a ‘Centre of Procurement Excellence’ within the Council).

Council’s finance team has recently had a small restructure which has introduced procurement as an element into the job description of a staff member other than the Chief Financial Officer.

This staff member has undertaken some procurement training in June 2021, and has been involved in the rebranding of the progressive procurement toolkit.

Again this staff member isn’t a dedicated procurement role, and she is currently focused on Council’s year end audit, but will begin to undertake quarterly checks of adherence to policy post audit.

Lack of additional guidance to assist employees in the procurement process

The Council has started drafting a Procurement Manual to provide additional guidance and support to the Council’s personnel involved in procurement activities. However, at the time of our review, this work hasn’t been finished yet.

The Council’s 3 Waters team has developed several templates (e.g. Procurement Plan) to assist with its major procurements, however they do not cover the end-to-end procurement process and additional templates need to be created (e.g. probity checklists, RFx templates, supplier recommendation templates, etc.).

In a de-centralised environment, we would expect a suite of tools and templates such as procurement plans, tender documents and checklists to guide employees.

Risk

The absence of additional guidance material to assist staff during procurement may lead to a situation where staff do not comply with the Council’s procurement process.

Finalise the Council’s Procurement Manual and communicate it to all personnel involved in procurement.

Develop additional tools and templates to assist employees in the procurement process. The need for these templates will be identified in the Manual.

The Manual and templates should be developed or reviewed by procurement and or legal professionals.

Council adopted a rewritten procurement policy in 2020.

Officers have recently released the Procurement Toolkit, and staff have access to procurement manual and associated templates.

Both the CFO and assistant accountant are trained in procurement and have been actively offering procurement advice to other departments as they undertake procurement.

External Audit: Year End (Undertaken August/September 2020)

Observation	Recommendation	Actions Taken
Approval of Expenditure Under the current sensitive expenditure policy, an approver or expenditure cannot benefit personally from the expenditure being claimed. However, through our testing we identified instances where expenditure was approved by a member of staff that benefited from the expense being incurred as well as the approver being more junior that than the individual incurring the expense.	We recommend that Council update their policy to include a requirement for a “one up” approval of the individual incurring the expenses, this would be a council member in the case of the Mayor’s expenses.	This item is a carry forward from 2019. Sensitive Expenditure was again retested in 2020 with one breach identified so it remains an audit point.
Land Title Discrepancies We obtained and reviewed the land titles for land owned by the Council on a sample basis to verify the information used by QV in their 2017 valuation of the Council’s land and to validate the land is freehold. We identified several discrepancies between the Council records and the information used by QV. For one title the land information on the title was less than the area valued in by QV. In addition, a number of titles were not able to be obtained. There is a risk the Council records do not contain the most up to date information in relation to land titles. In addition, there is a risk QV may be performing their valuation on incomplete / inaccurate information.	We recommend a formal review be completed for land held by the council to ensure all land titles are available and the title area reflects the Council’s records and that used by QV.	This item is a carry forward from 2019. 5 Titles were identified as belonging to CHBDC but had discrepancies with the LINZ records. 3 have now been resolved, and 2 remain: 1092050900 232 Pourerere Beach 1095013300 Hatuma Road Both these are recorded by LINZ as public reserves with Department of Conservation Ownership
Policies due for update We noted a number of policies are past their date for revision. There is a risk that outdated policies may not reflect the most up to date intentions of Council. It is important policies are updated in a timely manner, particularly when there is public visibility to policies via the council’s website.	We recommend the Council update the policies, and in the future establish a process to ensure they are updated in a timely manner.	This item is a carry forward from 2019. Officers are working through a review process to ensure all policies are up to date and significant progress was made during the Long Term Plan Process.

Internal Audit: Fraud Health Check (Undertaken April 2021)

Observation

Recommendation

Actions Taken

Fraud-related policies and procedures

The Council does not have a Fraud Policy in place.

We also noted the following regarding other fraud related policies:

• The Staff Conduct Policy is out of date and was due for renewal in 2018.

• The Protected Disclosures Policy is out of date and due for renewal in 2018.

The absence of up-to-date and relevant fraud-related policies prevents the Council from clearly communicating its attitude to fraudulent behaviour, raising awareness of fraud risk amongst its staff and communicating relevant fraud prevention, detection and monitoring controls.

A significant amount of occupational fraud and corruption is opportunistic in nature and informing employees that the company has detailed fraud and corruption control strategies can act as an effective deterrent to fraudulent activity.

We recommend that a specific Fraud Policy should be documented including the following key elements:

• A categorical statement that the council has zero tolerance to fraud.

• A statement that all staff are responsible to disclose any suspicious activities they become aware of should be included.

• Examples of the types of behaviour the council considers to be fraudulent should be given.

• A description of specific prevention and detection procedures that are employed to manage fraud risk, such as, fraud awareness training, specific transactional reviews, management reporting etc

• An overview of fraud investigation processes and responsibilities.

• The consequences for perpetrating fraud.

The following is also recommended:

• The Council should consider assigning the responsibility of maintaining the Fraud Policy to a person in a position with sufficient authority, relevant subject matter expertise, independence and objectivity (for example the CFO).

• The Council should periodically review its internal policies to ensure they remain relevant and include the latest fraud risks.

• The Audit Committee should proactively oversee fraud risk by:

- Providing direction and input into anti-fraud activities and implementation of a fraud programme

- Reviewing the results of the fraud risk assessment (see above)

- Reviewing and approving relevant fraud-related policies

- Overseeing and monitoring fraud related assurance activity.

A Fraud and Corruption Prevention Policy has been written and adopted.

Staff Conduct Policy and Protected Disclosures Policy scheduled to be reviewed in 2021 by People and Capability Advisor

Responsible person

CFO and People and Capability Advisor

Date of implementation

Fraud Policy – 31/05/2021

Other Policy Reviews – September 2021

Fraud risk assessment

• The Council does not have formal fraud risk assessment procedures in place. Reliance is placed on controls implemented at transaction level to identify its exposure to fraud risk.

Whilst this assignment has considered fraud risks as a stand-alone assignment, the review and consideration of fraud risks should be considered alongside other strategic and operational risks on an ongoing basis.

With a lack of formal fraud risk assessment and placing reliance on controls in only one area (payments), limits the Council’s ability to understand the areas of its activities that are exposed to fraud, bribery and corruption and develop fit-for-purpose fraud identification and response procedure.

• Risk assessment criteria are not periodically reassessed which can lead to a lack of awareness of the latest fraud that can occur.

• Risk registers are only maintained for each project, at an operational level.

• The Council should perform a formal fraud risk assessment (FRA). Fraud risk should be treated as a business risk like other risks and be incorporated into the Council’s ongoing risk assessment and risk management processes.

The FRA should identify and evaluate the Council’s exposure to key fraud risks – bribery and corruption, financial statement fraud, etc. – across all the Council’s activities.

The FRA should also assess the effectiveness of the Council’s key fraud-related controls and assurance activities providing a better understanding of the level of risk and comfort and any possible gaps that need to be addressed.

• Discussions of fraud or errors should be incorporated in management meetings and documented in the minutes.

• The Council should periodically reassess risk assessment criteria to consider changes in Council processes, and the latest fraudulent activities.

• The risk register should include council-wide fraud risks.

Council has undertaken this Fraud Health Check as a Fraud Risk Assessment with its internal auditor – Crowe.

This will result a paper being taken to Risk and Assurance Sub-committee.

Council is also audited annually by Ernst Young as part of the external audit program who check internal controls as part of their audit reliance program.

Post Audit, every year Council has a debrief with Ernst and Young where audit findings and concerns are discussed.

Council has a risk register that covers financial strategy failure, but officers will extend this to cover the risk of fraud.

Responsible person

CFO

Date of implementation

October 2021

Fraud awareness and training

We note the following:

• There is no ongoing fraud-related communication and training provided to employees.

• There is no fraud awareness communication to third parties (i.e. vendors, contractors, etc.)

Raising awareness of fraud risks, scenarios and ‘red flags’ is an effective way to prevent and detect fraudulent activity. The absence of regular communication of fraud matters and relevant training creates an environment where staff can better understand their obligations and support effective prevention and detection of fraud, bribery and corruption.

With the implementation of the Fraud Policy and the Fraud Risk Assessment, we recommend that periodic training and awareness sessions should be provided to all staff. Contents should include:

• A clear definition of the types of behaviour that constitute fraudulent or corrupt practice.

• An unequivocal statement that fraudulent and corrupt practices within the council will not be tolerated.

• The types of fraud that are common (as identified in the fraud risk assessment).

• The fraud detection measures that are in place.

• Red flag behaviours and due diligence activities that staff should undertake when reviewing invoices, contracts etc.

• How staff should report any unusual or suspicious documents or red flag behaviours.

Council has undertaken training and socialization on the the new ‘Fraud and Corruption Prevention Policy’ with staff.

The refreshed Staff Conduct Policy and Protected Disclosures Policy will be socialized with staff in September 2021 by People and Capability Advisor.

Responsible person

CFO and People and Capability Advisor

Date of implementation

Fraud Policy – 31/05/2021

Other Policy Reviews – September 2021

Fraud prevention – internal controls

We identified a number of internal control weaknesses during our review including the following:

• We noted that there are insufficient controls in place for adding and uploading direct debits to the bank account. Currently this process is performed by one individual and no secondary review is completed prior to the bank upload.

Where bank numbers are entered by one person and not reviewed, the risk of error exists. Reliance is currently placed on complaints being made to identify errors.

• A review of permissions in the Magiq accounting system noted users outside the Finance team and Finance team members that should not be able to, can process journal entries. There is also no review of journal entries undertaken.

We noted additionally that a recent IT security review identified a number of user access issues that are currently being investigated and resolved.

• Some basic data analytics testing was undertaken in 2018 as part of a Sensitive Expenditure audit to identify any unusual transactions, trends or relationships between employees and suppliers. No periodic routine analytics is undertaken on a scheduled basis.

The following is recommended:

• The Council should consider implementing dual controls for adding and uploading direct debits into the bank account for the receipt of rate payments. A secondary review on all bank account addition or changes should be undertaken either on a real time basis or through reviewing change logs or reports from the accounting system on a regular scheduled basis.

• Magiq access rights and authorisations should be should be reviewed on a periodic basis to ensure individual authorisations remain up to date and appropriate.

• Consideration should be given to undertaking further periodic data analytics audits to help identify ‘red flags’, suspicious transactions, trends or relationships between employees and suppliers.

Direct Debits – Issue is a result of only having a single rates officer and not being able to achieve separation of duties.

The financial delegation register has been reviewed in August 2021, and these have been updated in Magiq as part of the move to Magiq Cloud in August 2021.

Data Analytics – This was last undertaken by Crowe in October 2018.

Responsible person

CFO

Date of implementation

July 2021

Protected disclosures

The Association of Certified Fraud Examiners’ Global Fraud Survey 2020 noted 43% of frauds were initially detected through a tip off (3 times higher than the next-most common detection method). Having clear protected disclosure policies and procedures is therefore a key control in the detection of fraud.

Surveys undertaken by us and preferred methods indicated in the Association of Certified Fraud Examiners’ Global Fraud Survey 2020 note preferences for whistleblowing equally split between telephone hotlines, email reports, web-based/online forms as well as face-to-face disclosures.

Surveys undertaken by us also suggest a range of persons to whom staff prefer to make reports (most commonly to their direct supervisor but also to their HR representative to senior management or external parties).

We note that the council has a Protected Disclosures Policy which covers the key areas we would expect it to. We note however that, as per the details above, that there is currently further mechanisms for reporting disclosures could be offered to ensure staff do not feel uncomfortable or discouraged in reporting.

Consideration should be given as to whether further methods of reporting and persons to whom reports can be made can be established to ensure the methods available do not discourage staff from reporting concerns (these could include a hotline, internal email address or contact details of the internal or external auditors).

Protected Disclosures Policy scheduled to be reviewed in 2021 by People and Capability Advisor.

Responsible person

People and Capability Advisor

Date of implementation

September 2021

External Audit: Waka Kotahi Investment Audit Report (Undertaken March 2021)

Observation

Recommendation

Actions Taken

NPV’s For 2020/21 Programs

Council didn’t have documentary evidence of NPV’s (Net Present Value) calculations for its work program.

Provides evidence to Waka Kotahi of completed NPVs for 2020/21 programs.

NPVs on all renewal and

improvement projects

start immediately and will be on-going.

Projects for the upcoming year are in progress and the NPVs will be carried out as part of that process. These will be saved with the project file.

Improvement Plans

Council didn’t have that actions in the improvement plan from the 2018-28 Activity Management Plan were completed.

Provides evidence to Waka Kotahi that actions in the improvement plan from the 2018-28 Activity Management Plan are completed to plan.

A report of the actions taken and completed was submitted to Waka Kotahi.

Rural road delineation strategy

Council doesn’t have a rural road delineation strategy.

Develops and implements a rural road delineation strategy, based on ONRC classifications and including a strong focus on curve warning.

A rural road delineation strategy is under development with the 2 highest class roads (Arterials and Primary Collectors) already complete. A work programme is being compiled to address delineation deficiencies.

Technical specifications for new development work

Council doesn’t develop technical specifications for new developments.

Develops technical specifications for new development work to reduce the variety and ensure the quality of asset types to be maintained by Council. These should then be prescribed through the District Plan.

Council now states in all developments that development will be guided by NZS: 4404 and the Hastings District Council Code of Practice. This has been communicated to Waka Kotahi

Resolve Data Gaps

Council has data gaps and data issues as identified in the REG Data Quality report.

Assigns resources to investigate and resolve data gaps and the data issues identified in the REG Data Quality report to provide long term assurance of data quality.

The data gaps have been assigned to Stantec and a lot of them have already been rectified. Others were found to be errors as a result of the system REG uses.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers will continue to work towards resolution for the audit recommendations listed above that have yet to be resolved. Officers will continue to report any items above until resolution is achieved.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.6 Risk Status Report

File Number: COU1-1408

Author: Nicola Bousfield, Group Manager - People & Business Enablement

Authoriser: Monique Davidson, Chief Executive

Attachments: Nil

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

The Risk Status Report is part of regular and routine reporting designed to provide governance with oversight and input into the way that identified risks are being managed within Council.

Further to the obvious benefits of ‘reporting up’ risk, Officers consider that these reports should be the basis of discussion that covers and adds value to all elements of the risk management spectrum (Identify, Analyse, Evaluate, Treat, Monitor/Report). That is, Officers intend that these reports facilitate discussion that identifies new risk, as well as focussing on existing listed and managed risks.

Feedback from the previous Committee meeting has shaped the structure and content of this report, with a specific focus of this report and future reports shifting to a clearer summary and assessment of risks that are considered ‘active’ at the time of reporting.

DISCUSSION

Sections below provide detail across and into Council’s risk-scape.

Risk Management Review and Improvement

Officers previously reported to the Committee that Council was preparing to develop an improvement programme of work to engage with activity managers and their teams, workshopping each area of operational risk. This process will ensure all operational risks are reviewed and analysed as they are prepared for input into Risk Manager, identifying any opportunities to refine existing operational risk registers.

This improvement programme is now confirmed and will be undertaken in three parts, with the outcome being an increased understanding of risk management across the organisation by wider staff.

Part 1: Risk Management Framework Review

The Risk Management Framework was reviewed recently last November. During the development of the improvement programme it has been identified that there are inconsistencies between Council’s current risk management practices and what the new system Risk Manager requires as operational risks are inputted. This review will seek to collaboratively review and update the current Risk Management framework to reflect core ISO31000:2018 concepts and enable integration of enterprise risk management (Risk Manager) with risk management. The output will be an updated Risk Management Framework document for Council.

Part 2: Risk Management Staff Workshops

These workshops will be facilitated with the aim of reviewing and updating the corporate risk register, operational risk registers and site-specific hazard registers. High levels of worker engagement and participation will be achieved using this approach. The output will be information that is ready to input into Risk Manager and that has the general acceptance of the relevant teams.

Part 3: Risk Assessment Training for Staff

In addition to the review of the Risk Management Framework and the operational risks, there is additional benefit to be gained from Council rolling out risk assessment training for staff. This will widen the knowledge and understanding of risk management across the organisation, rather than relying on just those in a leadership role to understand and manage risk. The risk assessment training has been designed for staff in roles that need to understand how to conduct a risk assessment and provides a set of practical tools to improve health and safety risk assessments in the workplace.

Health and Safety Risks – Critical Risks

As previously reported to the Committee, officers were in the process of identifying specialist Bow Tie software to identify, develop and control Council’s critical Health and Safety risks. Council has now implemented the new software system and work is underway with officers in-putting the data ahead of the second stage of the Bow Tie project work, which is to undertake a review of the controls of each critical risk.

Active Risks

The following risks are considered to be ‘active’ or ‘live’ at the time of this report, as determined by Officers. These risks span across the operational portfolios of the organisation. Some may be linked to or part of a larger Corporate Strategic Risk. This list will change from report to report as risks become live, escalate in terms of priority or are mitigated and no longer require reporting at this level.

Risk	Strategic Risk Register Linkage	Update
Impact on business operations from COVID lockdown restrictions	Failure to effectively deliver services and projects	COVID restrictions have impacted aspects of the business through level 4 and 3 as services have been ceased or hampered by changes or delays. There is risk to ongoing programmes of work from the lockdown restrictions that have already occurred or may continue to occur. Capital and maintenance programmes where not critical have been delayed, for example and these delays are considered manageable without significant impact on assets or the community for now. Ongoing lockdowns and restricted work will place further pressure on these programmes and mean community outcomes or asset / infrastructure integrity will be challenged.
Maintaining customer consenting services	Failure to effectively deliver services and projects	Consent volumes remain very high and limited ability to gain external resource support has pushed out processing timeframes for both building and resource consents. Mitigation efforts are underway to secure further external resource.
Construction of infrastructure to service the wave of growth	Failure to effectively deliver services and projects	Relating to the active risk above, Officers have identified that following the wave of consents flowing through processing channels, subsequent programmes of physical and professional work will be required to plan for and build infrastructure to meet the needs of growth. Council have recently employed a full time dedicated development engineer to complete necessary infrastructure engineering requirements for growth and Council are embarking on numerous capital projects as part of the adopted LTP.
Asset condition related failures	Failure of Critical Assets	Councils 3 waters assets remain largely in a compromised condition and failures are still common. Significant funding has been tagged in the new LTP to address this risk but until such time as work is undertaken across a number of years to replace tired assets, the risk will remain actively managed.
Ability to secure resources to complete work (External)	Failure to effectively deliver services and projects	Tightening competitive contracts market make it difficult to quickly and easily secure external contracting resources for a range of works, especially civil works and specialist works in the waters sector. This has the potential and experienced impact of delaying projects or increasing budget timelines and/or costs as principles begin bidding for contractors. Council are embarking on numerous large programmes of work as part of the LTP with a heavy reliance on external contracting resources to deliver. Council relies on its relationship with the market, being a preferred buyer, providing clear forward work programmes, optimally bundling and packaging works for delivery to the market and securing contracts with long term partners to manage this risk where it can.
Ability to secure resources to complete work (Internal)	Failure to effectively deliver services and projects	Council are embarking on numerous large programmes of work as part of the LTP 2021, to effectively manage these project(s), council need to ensure they have adequate resourcing to lead and coordinate the technical, community engagement and due diligence of each project as the client – recruitment for additional resources are planned to continue to support the delivery of this heightened work programme.
Supply Chain Delays	Failure to effectively deliver services and projects	Tightened supply chain is resulting in delays in material and product arriving in the country – this is affecting pipe supply and may result in delays in project(s) commencing and/ or cost increases as supply ability aims to keep up with demand.
Infrastructure ability to service development	Failure to effectively deliver services and projects	The influx of development while putting pressure on the consenting team, also puts pressure on the tangible infrastructure to adequately service the development and not have a negative impact on existing levels of service. Council continues to develop modelling of infrastructure networks to best understand impact of development and how to service these, and use the tools available to grow networks to support development.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

Officers focus on Risk Management continues to be the establishment and embedding of a common single system for managing and reporting all risks.

Officers welcome feedback and guidance of the Committee and its members on the future of this report and other matters with respect to Risk Management in the organisation.

RECOMMENDATION

That having considered all maters raised in the report, that the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.7 Health & Safety Report

File Number: COU1-1408

Author: Nicola Bousfield, Group Manager - People & Business Enablement

Authoriser: Monique Davidson, Chief Executive

Attachments: 1. Health & Safety Report Dashboards - 16 September 2021 ⇩

Recommendation

That, having considered all matters raised in the report, the report be noted.

PURPOSE

To provide the Risk & Assurance Committee with health, safety and wellbeing information and insight and to update the Committee on key health and safety critical risks and initiatives.

significance and engagement

This report is provided for information purposes only and has been assessed as not significant.

BACKGROUND

Elected members, as ‘Officers’ under the Health and Safety at Work Act 2015 (HSWA), are expected to undertake due diligence on health and safety matters.

The Health and Safety at Work Act requires those in governance roles, and senior management, to have a greater understanding of their organisation’s health and safety activities. Under the Health and Safety at Work Act 2015, all elected members are deemed ‘officers’ and must exercise a duty of due diligence in relation to health and safety. These reports provide information to assist elected members to carry out that role and provides the health and safety information it needs to be aware of to meet its responsibilities under the Act.

OVERVIEW

This is the update for Quarter three of 2021 – May 2021 through to August 2021. The Health Safety & Wellbeing (HS&W) team continue to work on the improvements previously identified while beginning other planned work.

The Health & Safety Training programme for staff has been identified and planned, which will continue to progress the priority actions recommended within the Gap Analysis Report, including contractor management and related to the Risk Management Improvement work outlined in the Risk Status report to the Committee.

The HS&W team have partnered with a local vaccination provider to submit an expression of interest to the Ministry of Health to become a workplace Covid-19 vaccination site. If successful, this will make it easy for staff and contractors of Council to access the Covid-19 vaccination at work with minimal disruption to operations.

HEALTH AND SAFETY - CRITICAL RISKS

This diagram identifies the logical and methodical approach adopted to address our critical risks as well, as the 13 critical risks identified by Council.

Lone/Isolated Working - Lone Worker Devices

As previously reported phase 1 of the device purchase, training and rollout is complete. Owing to our partnership with Veolia and the work Council have done with lone worker devices, Veolia are now looking at the lone worker solution Council have adopted with a view to adopt similar nationally. Usage of lone worker devices has increased over the quarter; it has been observed that the regular reporting to staff has helped drive their usage.

Driving - Vehicle GPS Tracking - Eroad

The HS&W Team are pleased to report that over-speed events have decreased and driver safety related behaviours have begun to improve since the installation of the GPS system and the increased attention to this risk. Please see the driver safety dashboard for further information (in the attached dashboard section).

Contractor Management

The next critical risk “in focus” is contractor management, with the HS&W Team rolling out contractor management training for activity managers, workshopping concepts ahead of the wider review of contractor management. On this course, contract managers will explore the process of working with other PCBUs to develop a clear understanding of the duties and obligations as a PCBU, and how these duties overlap with Council’s contractors.

Further detail is provided below on the training scheduled for staff.

HEALTH AND SAFETY ACTIVITIES

Health & Safety Training

Following the Gap Analysis Project, Council is continuing to implement the recommended actions in priority order. Training actions were recommended within the main areas for improvement and in response to this, Council have planned a comprehensive staff training programme for the coming 6 months.

The main areas for improvement relating to training in the Gap Analysis Report were:

· Hazard and risk management, including improving the robustness and consistency of risk assessment processes across the organisation

· Contractor management - while large contracts are well managed, there is a risk that these processes do not capture small or historical contractors

· Information, training and supervision, including role-specific content

The recommendations related to training in the Gap Analysis Report:

1. Develop an OH&S leadership training and coaching program, to develop middle and senior management, enhance knowledge, reset attitudes towards health and safety risk management and legislation, as well as provide practical leadership tools and techniques to foster higher levels of engagement.

2. Develop an operational risk management guideline to establish practical tools and templates to support operational risk assessment.

3. Bring the whole of the organisation up to the same basic level of knowledge of understanding related to core risk management principles and terminology.

To address each of the areas for improvement and recommendations, Council has developed the following training programme:

· Health & Safety Leadership – progressing the recommend action 1 above, this training covers practical knowledge and skills to better manage health and safety risks in the face of competing demands, including strategies to respond effectively to change.

· Contractor Management – relating to our critical risk of “contractor management” – this training will ensure staff have an understanding the duties and obligations as a PCBU, and how these duties overlap with others – essential skills needed in Council’s role as a contractor manager.

· Risk Management - Hazard ID and Risk Assessment workshop – addresses action 2 above, to develop practical tools for assessing risk in the field, as well as action 3, to increase the organisation knowledge of Risk Management and further described as part of the Risk Management improvements in the Risk Status Report.

Workplace Influenza (Flu) Vaccinations

Council has run the most successful annual Influenza vaccination campaign to date with 50 people taking the opportunity compared to 20 and 30 in 2020 and 2019 respectively. The increase in uptake is expected to be a result of many factors both internal and external, however it is observed that the campaign’s educational approach was a significant factor in the increase.

Workplace Covid-19 Vaccinations

The Ministry of Health has called for joint expressions of interest for workplaces and partnered vaccination providers to become workplace Covid-19 vaccination sites. Offering onsite Covid-19 vaccinations stands to benefit our people and contractors and to minimise the impact on operations, while encouraging a high vaccination rate amongst our people.

HS&W Reporting

Reporting levels across the organisation have increased compared to the previous quarter, as previously reported work will continue to encourage and drive reporting levels.

Aggression and Abuse of Stop-Go Operators in CHB Campaign #ActWithMana

Work on the #ActWithMana campaign is continuing, the Tararua Alliance has been inspired by Councils work in this space and plans to mirror this work in their district to influence similar issues as identified here in Central Hawke’s Bay. The campaign has been presented to members of the Manawatu Branch of the New Zealand Institute of Safety Management and received a pleasing feedback.

Wellbeing Activities

When Covid lock-down hit again in 2021, Council responded to needs of its staff by ramping up its wellbeing wrap-around support for staff as the organisation moved back into the remote working environment.

Council recognised that the wellbeing of its staff and keeping them engaged and productive in their work at home was more important than ever. Like the implementation seen during Covid in 2020, the daily Wellbeing Check-ins through Risk Manager were reintroduced, where staff could indicate their wellness and ensure Council meets the support needs of each individual.

Council also ran a Wellbeing Survey during the lockdown, with an impressive overall result of 87% with employees reporting they “felt support by their peers and teammates”.

Implications ASSESSMENT

This report confirms that the matter concerned has no particular implications and has been dealt with in accordance with the Local Government Act 2002. Specifically:

· Council staff have delegated authority for any decisions made;

· Unless stated above, any decisions made can be addressed through current funding under the Long-Term Plan and Annual Plan;

· Any decisions made are consistent with the Council's plans and policies; and

Next Steps

To continue to improve the safety culture at Council, while implementing the initiatives laid out in the Health and Safety Action Plan for 2020 and 2021, and to work through the actions laid out in the 2019 Gap Analysis Report.

RECOMMENDATION

That, having considered all matters raised in the report, the report be noted.

Risk and Assurance Committee Meeting Agenda

16 September 2021

6.9 Draft Annual Report for the Year Ended 30 June 2021

File Number: COU1-1408

Author: Brent Chamberlain, Chief Financial Officer

Authoriser: Monique Davidson, Chief Executive

Attachments: 1. Draft Anual Report - Summary Version ⇩

2. Draft Annual Report - Full Version ⇩

PURPOSE

The matter for consideration by the Council is to receive the Draft Annual Report for the Year Ended 30 June 2021.

RECOMMENDATION for consideration

That having considered all matters raised in the report:

a) That the Risk and Assurance Committee receive the report entitled “Draft Annual Report for the Year Ended 30 June 2021”.

b) That after receiving the Draft Annual Report, and hearing assurances from Ernst Young, that they endorse the Draft Annual Report, and recommend it to Council for adoption once the audit has been completed.

EXECUTIVE SUMMARY

Attached to this report are draft copies of the Central Hawkes Bay District Council’s Annual Report for the Year Ended 30 June 2021, and the Annual Report Summary.

While Officers are still finalising with the auditors some wording around disclosures contained in the accounts, the numbers should be substantially final with one exception and that is we are waiting on a valuation to be completed on Council’s land holdings.

Later in the meeting Ernst Young will be presenting their management findings that arose during the course of the audit.

BACKGROUND

Each year Council is required to publically report on its activities for the year, and how they have spent the rates and fees collected from residents, and the grants from 3^rd Parties such as Central Government.

As part of this report the Ernst Young have been contracted from the Audit NZ to undertake an audit of both the financial and non-financial disclosures contained within the report. In addition, they also check that all the required statutory disclosures have been made.

DISCUSSION

This year’s Annual Report is 120 pages long and covers a Governance Overview, Details of Council Activities and Activity Financials, and the Statutory Financial Statements.

Most of the sections contain similar information to previous Annual Reports, and this report being the final report in the 2018-2028 Long Term Plan Cycle it has a particular focus on the achievements over the past years.

Below are the summary financial statement contained in the annual report:

	2020	2021	2021
	Council Actual	Council Budget	Council Actual
	$'000	$'000	$'000
Total Revenue	35,398	33,821	53,986
Finance Costs	429	462	462
Other Operating expenditure	35,454	34,211	44,113
Net Operating Surplus/(Deficit)	(485)	(851)	9,411
Other (Gains)/Losses	-	-	-
Income Tax	-	-	-
Net Surplus/(Deficit)	(485)	(851)	9,411
Movements in PPE revaluations	2,417	14,928	4,983
Impairment of Asset	(1,082)	-	-
Total Comprehensive Revenue and Expense	850	14,076	14,394

For the financial year Council had a surplus of $9,411k compared to a deficit of $850k in the previous financial year. Overall income was above budget by $20.1m with total operating expenditure over budget by $10.9m.

This year has been an unusual year with a higher than normal level of external funding. Examples of the unbudgeted funders/projects were:

Funder	Reason	Nature	AMount
			$000
PGF	Roading – Route 52	Capital	6,135
DIA	3 Waters Reform	Operational and Capital	3,647
MBIE, Lotteries, ECCT	Cultural Tourism – Nga Ara Tipuna	Operational	2,387
MBIE	Economic Recovery	Operational	2,696

Income from Fees and Charges was above budget by $866k (and $1.4m above last year) due to increased income from the Consents +$791k (reflecting the buoyant economy and the high level of residential construction happening in the region) and in Solid Waste Charges +$289k (reflecting the buoyant economy and the construction industry). However, both these activities had corresponding increases in costs driven by this high level of demand. The Solid Waste activity had to acquire additional carbon credits to match the tonnage of waste going to landfill and pay for external parties to process tyres, concrete, and green waste, and the volume of consents being processed was beyond what Council’s internal staff could process so Council was more reliant on external consultants to process the excess demand. Both these increases are reflected in the higher than budgeted operating expenditure for the year.

Other Revenue for the year was $707k above budget. Waka Kotahi NZ Transport Agency made a $280k one off back payment following a Funding Assistance Rate Adjustment, and Council being vested a $393k road in Otane following a greenfield subdivision there.

Personnel Costs were below budget $134k despite some of the Central Government funding creating new temporary roles to deliver their recovery projects.

Operating Costs +$11.1m against budget – the majority of this $6.9m was in the economic development area and reflects the external funding Council got to construct the Nga Ara Tipuna Project $3.5m and the economic stimulus monies $3.5m used to create jobs in the district (such a vegetation control, Tuki Tuki Trails, Mayors Task Force for Jobs). $0.8m was in the Consenting Team where they had to outsource some consent processing due to the volumes experienced. Land Transport was $0.7m as in caught on works carried forward from 2020 and undertook the Route 52 work, Solid Waste was $0.6m with its higher the budgeted volumes of waste, and 3 Waters were $1.1m as they used the Central Government Stimulus money to undertake additional projects.

This year Council has revalued its roading network and this has resulted in a non-cash revaluation gain of $4.9m.

While Council isn’t due to revalue its Land and Buildings until 2022, due to the inflated property market in the two years since the last valuation, Council has been requested to undertake an out of sequence land valuation this year and this is the last outstanding audit adjustment that we are aware of at the time of writing.

After these valuation adjustments, Council is left with a Comprehensive Revenue and Expense Surplus of $14.394m for the year.

·	· 2020	· 2021	· 2021
	· Council Actual	· Council Budget	· Council Actual
·	· $'000	· $'000	· $'000
Total Current Assets	1. 19,068	2. 9,395	3. 20,626
Total Non-Current Assets	4. 855,391	5. 897,550	6. 873,198
Total Assets	7. 874,459	8. 906,945	9. 893,824
Total Current Liabilities	10. 8,056	11. 9,503	12. 13,496
Total Non-Current Liabilities	13. 23,934	14. 21,730	15. 23,463
Total Liabilities	16. 31,990	17. 31,233	18. 36,959
Special & Other Funds	19. 7,025	20. 6,909	21. 7,193
Trust Funds	22. 182	23. -	24. 184
Revaluation Reserve of Assets	25. 590,804	26. 624,408	27. 595,583
Ratepayers' Equity	28. 244,458	29. 244,396	30. 253,905
Total Equity	31. 842,469	32. 875,713	33. 856,865
Total Liabilities and Equity	34. 874,459	35. 906,945	36. 893,824

The above table sets out a summary of Council’s Statement of Financial Position.

This shows that Councils non-current assets (mainly buildings, roading, and water infrastructure) has grown by $17.8m during the year. This represents a combination of the significant work Council has been undertaking upgrading water assets and route 52 this year, in addition to the roading revaluation.

Interestingly much of this work has been funded by central government (through the PGF and 3 waters reform monies) and no new external debt was drawn during the year (hence the minimal movement in Non -Current Liabilities).

RISK ASSESSMENT and mitigation

As the financial audit (at the time of writing) is not yet complete, there is a risk that the draft financial statements are still subject to change.

FOUR WELLBEINGS

The annual report is the mechanism that Council reports back to its community on its activities for the year, and shows how it has done against its Levels of Service that it budgeted to deliver in its Long Term Plan, and where its money has been spent.

Amongst these Level of Service metrics are both economic, environment, and social measures.

Delegations or authority

This report has been brought to Risk and Assurance for endorsement to Council. But more importantly Ernst and Young will be presenting their management findings from the audit, and highlighting areas of risk and possible improvements for next year.

sIGNIFICANCE AND ENGAGEMENT

In accordance with the Council's Significance and Engagement Policy, this matter has been assessed as of some importance.

OPTIONS Analysis

Risk and Assurance has two options available to it:

1. That after receiving the Draft Annual Report, and hearing assurances from Ernst Young, that they endorse the Annual Report, and recommend it to Council for adoption once the audit has been completed.

2. That after receiving the Draft Annual Report, and hearing assurances from Ernst Young, that they not endorse the Annual Report, and request further work be undertaken by Officers and Ernst Young before adoption by Council.

Recommended Option

This report recommends option number one — Endorse the Annual Report to Council for adoption once the audit has been completed addressing the matter.

NEXT STEPS

Officers will continue to work with Ernst Young to finalise the Annual Report and the Audit before the Council Meeting on the 23^rd September 2021.

RECOMMENDATION

That having considered all matters raised in the report:

a) That the Risk and Assurance Committee receive the report entitled “Draft Annual Report for the Year Ended 30 June 2021”.

b) That after receiving the Draft Annual Report, and hearing assurances from Ernst Young, that they endorse the Draft Annual Report, and recommend it to Council for adoption once the audit has been completed.

	Option 1 Changes to the Charter are adopted	Option 2 Changes to the Charter are not adopted
Financial and Operational Implications	There are no financial implications. Operationally the revised Framework will be easier to implement and understand.	There are no financial implications. If changes are not adopted they will be brought back before Committee later in 2021 through a workshop process.
Long Term Plan and Annual Plan Implications	NA	NA
Promotion or Achievement of Community Outcomes	NA		NA
Statutory Requirements	The purpose of this Charter is to define the activities, processes, and supporting structures the Risk and Assurance Committee (consisting of elected members and the Chief Executive - CE) will adopt to meet its governance duties in relation to the Health and Safety at Work Act 2015.	If changes are not adopted they will be brought back before Committee later in 2021 through a workshop process.
Consistency with Policies and Plans	The proposed changes do not substantively impact the intent or direction of the Charter, but would provide consistency and alignment to other policies and plans by using similar language. The update to the review period will align with other policies and the elected member triennium.	If changes are not adopted they will be brought back before Committee later in 2021 through a workshop process.