MINUTES OF A meeting of the Finance Audit & Risk Sub-committee



Date:                          Tuesday 22 September 2015

Time:                          9.00am


Council Chamber

Hawke's Bay Regional Council

159 Dalton Street



Present:                     D Hewitt - Chairman

R Barker

C Scott

F Wilson


In Attendance:          E Lambert – Chief Executive

P Drury – Group Manager Corporate Services

M Adye – Group Manager Asset Management

L Hooper – Governance & Corporate Administration Manager

S Lucy - Director Audit NZ

J Dixon - Partner PricewaterhouseCoopers

M Collings – Corporate Accountant



1.       Welcome/Apologies/Notices 

The Chairman welcomed everyone to the meeting. There were no apologies.


2.       Conflict of Interest Declarations

There were no conflict of interest declarations.


3.       Confirmation of Minutes of the Finance Audit & Risk Sub-Committee Held on 3 June 2015



Minutes of the Finance Audit & Risk Sub-committee held on Wednesday, 3 June 2015, a copy having been circulated prior to the meeting, were taken as read and confirmed as a true and correct record.




4.       Matters Arising from Minutes of the Finance Audit & Risk Sub-committee Meeting Held on 3 June 2015

There were no matters arising from the minutes.



Follow-ups from Previous Finance Audit & Risk Sub-committee Meetings


Mrs Lambert sought further detail on what a ‘Charter’ is to contain, and Cr Scott will provide sample charters to the CE to enable development of a Charter for consideration at the 9 November sub-committee meeting.



1.      That the Committee receives the report “Follow-ups from Previous Finance Audit and Risk Sub-committee Meetings”.





Annual Report Year Ending 30 June 2015


Stephen Lucy, Audit NZ, outlined the Auditor’s view of Council’s annual report and findings of the audit carried out on the financials and Annual Report document.

There was discussion around management and governance assurance that financial statements are free from material misstatement and avoidance of fraud, including controls in place to mitigate the risk of fraud occurring.

In relation to the Port valuation, councillors expressed the view that they had made due enquiry and are satisfied with the valuation process HBRIC Ltd carried out and their recommendation of the ‘fair value’ adopted by Council. Mr Lucy suggested that the Port financial results for the 1 April – 30 June period be incorporated into the HBRIC Ltd and HBRC annual financial results to 30 June.

The meeting adjourned at 9.30am and reconvened at 9.40am



1.      That the Finance Audit and Risk Subcommittee receives the issues forwarded by Stephen Lucy, Director Audit NZ, for discussion on HBRC’s Annual Report for Year Ending 30 June 2015.





HBRC Risk Management


Mr Mike Adye introduced the item, and Alexandra Johansen (EMS) provided her background qualifications before outlining her role in facilitating the development of HBRC’s organisation-governance integrated risk management framework.

Mr Adye and Ms Johansen provided an overview of the Quantate framework for Council, the set-up and controls; and the way the system works in arriving at the aggregated register.

Staff’s suggested approach is:

·         Routine (6 monthly) reporting on risks to the FA&R Sub-committee

·         Review previous 6-month Risk Assessment to note changes / improvements / areas that require attention

·         Sub-committee carry out detailed review of individual Group’s Risk Management (as part of the programmed reviews of Groups)

·         Continue with Quantate risk assessment system, and investigate benefits of using more comprehensive tools such as alerts, task setting, control improvement plans and monitoring

Discussion traversed:

·         ensuring that no one staff member is ‘responsible’ for the framework, but rather that every team bears responsibility for the management of their group’s risks

·         Role of sub-committee is to review the framework to assure itself that appropriate, sufficient mitigation controls are in place and processes are being followed and referring issues back to staff for resolution and reporting back

·         The processes for identifying emerging risks and adding new risks to Quantate, and the interaction between the organisation and governance when risks are ‘elevated’ either because insufficient controls in place or judged at the Executive or Governance level to be significant

·         Further development of IT related risks around security, including risks to reputation related to Councillors/Directors document/information management on personal devices

·         Identified Cyber and Fraud as risks the Governors expected to see ‘elevated’ in the register, as well as loss of staff knowledge/continuity at each Group or project level



That the Finance Audit & Risk Sub-committee:

1.      Receives and considers the “HBRC Risk Management” report

2.      Advises specific risks where the sub-committee believes the current level of risk is unacceptable to Council, and requests that the Chief Executive report back to the sub-committee with options and associated resources required to modify the risk profile.

3.      The Finance Audit & Risk Sub-committee recommends that the Corporate & Strategic Committee confirms the Committee’s confidence that the risk assessment process outlined in the “HBRC Risk Management” report is an appropriate process to identify and assess organisational risks.



The meeting adjourned at 10.40am and reconvened at 10.55am



Internal Audit Programme


Mr John Dixon introduced the item, and suggested internal audit programme broken into 3 categories of Fraud, Information Management and Health & Safety

·         Business continuity and disaster recovery (from risk register)

·         Stakeholder communications and relationship management – processes, policies and procedures around (from risk register)

·         Fraud prevention and detection (from risk register)

·         Conflicts of interest – capturing and managing (general, procurement)

·         Cyber security

·         IT general computer systems control

·         Rating system – processes involved in striking the rate

·         H&S compliance with policies and procedures

Suggested prioritise first 3 for Internal Audit. Discussion traversed:

·         Business continuity and disaster recovery to be reassessed after the November Exercise to see what issues come out of that

·         Consider ‘conflict of interest’ as extension or sub-set of Fraud

·         Interests register for staff – has been initiated with Executive team

·         Stakeholder relationship management and risks in relation to elected representatives, and how such an audit might be conducted

·         Add resilience and reduction to disaster recovery

·         Staff development and succession planning

·         Future proofing IT systems



That the Finance Audit and Risk Subcommittee:

1.     Receives and notes the Internal Audit Programme report and advises staff and the PricewaterhouseCoopers Auditor to prioritise the areas for internal audit review.

2.      Instructs the Chief Executive to provide budgets and costings for the prioritised areas for internal audit review to the 9 November Finance Audit and Risk Sub-committee meeting to enable approval of the Internal Audit programme for action.





Work Programme Going Forward


Add the draft Charter to the November agenda, and the budgets and costs for proposed Internal Audit programme so priorities can be set.



1.      That the Finance, Audit and Risk Sub-committee receives and considers the “Work Programme Going Forward” report.






Independent Representative on Finance Audit & Risk Sub-Committee



That Council excludes the public from this section of the meeting, being Agenda Item 10 Independent Representative on Finance Audit & Risk Sub-committee with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being as follows:





Independent Representative on Finance Audit & Risk Sub-committee

7(2)(a) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to protect the privacy of natural persons.

7(2)(i) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to enable the local authority holding the information to carry out, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).

The Council is specified, in the First Schedule to this Act, as a body to which the Act applies.






The meeting went into public excluded session at 11.40am and out of public excluded session at 12.10pm



There being no further business the Chairman declared the meeting closed at 12.10pm on Tuesday 22 September 2015.


Signed as a true and correct record.




DATE: ................................................               CHAIRMAN: ...............................................