Agenda of Finance Audit & Risk Sub-committee

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 12 February 2020

Subject: Sub-committee Work Programme

Reason for Report

1. This item provides the opportunity for the sub-committee to influence, in light of its confirmed Terms of Reference, the work programme for the remainder of the 2019-22 triennium.

Officers’ Recommendations

2. Council staff recommend that the Sub-committee workshops the internal audit programme with input from the Internal Auditors and Council staff to develop the work programme for this triennium for adoption at the May FARS meeting.

3. In the meantime, staff also recommend that FARS confirms that the Internal Audits scheduled for remainder of the 2019-20 financial year are to be scoped and/or undertaken as planned.

Internal Audit

4. In 2017, the combined HBLASS Councils undertook a request for proposal (RFP) process for internal audit services process, concluded in June with the successful tenderer being Crowe Horwath. Crowe Horwath was awarded the highest scoring tender in unanimous agreement with all HBLASS Council representatives, which assessed both price and non-price information including capability, capacity, approach and methodology, and value add. The contract was for a three-year period, with a possibility of a two-year extension. The contract is valued at $30,000 + GST per annum, which is in line with Council budget provisions.

5. Responsibility for the internal audit programme has recently moved from the finance team and now rests with Joanne Lawrence, Group Manager, Office of the Chief Executive and Chair (OCEC). Day to day management will form part of the role responsibilities of the new Risk and Assurance Lead once appointed.

6. Crowe Horwath (recently renamed Findex) provides Audit services across the Hawke’s Bay councils and as such is the most cost-effective method of service delivery.

7. Each year the schedule for the annual Internal Audit programme is agreed within the sub-committee work programme to align with Council’s risk register. There are four internal audits conducted each year, with one audit per quarter. Each Internal Audit report is provided to the FARS for consideration. The Data Analytics audit is conducted annually which leaves three other internal audits available for other parts of Council’s business.

8. The audit schedule for 2019-20 covers:

8.1. IT Security (completed and to be presented to the 12 February 2020 sub-committee meeting)

8.2. Data Analytics (underway and awaiting final audit report) – this is an annual audit

8.3. Risk Management and Asset Management audits to be completed by 30 June 2020 with the audit reports to be provided to FARS at the committee’s meeting in May 2020.

Item	Scheduled / Status
Cyber Security	Report received – to be presented to first FARS meeting of triennium
Data Analytics (annual audit)	Completed in Q2. Final report to FARS Q4 meeting.
Water Management – Follow Up Review	Report was presented to 22 May FARS meeting, with further follow up report scheduled to be presented to the next FARS meeting in collaboration with the Group Manager Regulation.
Asset Management	Was scheduled for Q3 FARS meeting but delayed to Q4 whilst scope is confirmed with relevant business unit
Risk Management	Was scheduled for Q3 FARS meeting but delayed to Q4 whilst scope is confirmed with relevant business audit

9. Compliance with applicable laws, regulations, standards and best practice guidelines is normally tested through an Internal Audit.

10. The current schedule of internal audits in the 2019-20 financial year is accommodated within existing budgets as set by the 2018-28 Long Term Plan, however if the sub-committee wishes to consider additional work in this area budget allocations may require reconsideration.

11. The recommendations from the Internal Audits, along with the External Audits, will form part of the Audit Action list, that will be provided to the Sub-Committee on a quarterly basis with details on steps taken to date and actions still required.

External Audit

12. As part of the requirements of the provision of the Long Term Plan and the Annual Report, Council is required to have aspects undergo an external audit and the auditors provide audit opinions on whether the documents give effect to the purpose set out in the Local Government Act 2002 and the quality of the information and assumptions, where required, underlying the financial statements.

13. The Auditor-General is appointed by the Local Government Act to audit the Regional Council and appoints an auditor to conduct the audit on their behalf. Currently the External Auditors are Audit New Zealand and the new external auditor, Karen Young, is attending on 12 February to meet the Sub-Committee.

14. To inform the FAR Sub-Committee, the auditors will provide an audit plan to detail the processes to be used and the key areas of focus required by the Auditor-General to review.

15. Following the audits, along with the audit opinions, the auditors provide management reports that provide feedback on the audit processes and recommendations with management feedback. The recommendations continue to be monitored in subsequent audits to ensure they are actioned.

16. The recommendations will form part of the Audit Action list, along with the recommendations from Internal Audit that will be provided to the Sub-Committee on a quarterly basis with details on steps taken to date and actions still required.

17. Staff will work with the auditors to develop the audit plan for the Annual Report 2019/20 and present this to the next FARS Sub-Committee meeting.

Section 17a activity reviews

18. Section 17a reviews were introduced as part of the Government’s 2012 Better Local Government reform programme, designed to encourage and enable local authorities to improve the efficiency and effectiveness of their operations and processes.

19. Council is required to give effect to the purpose of local government as prescribed by Section 10 of the LGA, which is “to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.”

20. S17a reviews are required:

20.1. Every six years after previous review

20.2. Before expiry of contracts related to the delivery of infrastructure, services or regulatory functions

20.3. When significant changes to service levels are considered.

21. Initial steps required under s17a include proposing a materiality threshold value for the reviews. Analysis has been undertaken and the level for creating exceptions to Section 17a has been assessed at $300,000 based on peer review and total Council spend (total budgeted operational and capital expenditure).

22. In the absence of other factors (e.g. high probability of significant savings, high public interest in the service), where a service has gross annual expenditure of less than $300,000 it will be assumed that the costs of undertaking Section 17a reviews would be in excess of the likely benefits and a review will not be carried out on those services.

23. A number of reviews have been undertaken in recent years in various forms and contexts and these are deemed as completed. The priority for Council should be on repurposing those reviews and incorporating any Section 17a requirements. Other priorities will be set by the expiry or renewal of significant contracts where staff identify opportunities to explore service improvements and efficiency gains.

24. Due to the recent internal reorganisation and LTP processes, several of Council’s functional activities have been reviewed more recently. It is therefore proposed that these be re-reviewed in a few years’ time, once the most recent restructure and LTP process has matured. It is further proposed that no reviews are undertaken in Q1 and Q2 of the 2018-19 financial year due to resourcing constraints. Council has forecast a senior accountant as part of the realignment of the finance team to assist with these reviews.

25. Staff have undertaken analysis and sought guidance from the Executive team and have recommended priority review areas (attached) for the sub-committee to provide feedback on. These have been sorted by priority and are proposed to begin once the significant LTP process has been completed.

26. The approach in determining a work programme is to seek out opportunities to add practical value to the services and activities that the Council provides or undertakes for and on behalf of its community, including:

26.1. Understanding the nature of and rationale for services or activities currently provided or undertaken

26.2. Looking at the context (including service demand) in which these services are and will be delivered, now and into the future

26.3. Identifying opportunities that might arise for improving the efficiency or effectiveness of the services or activities, including opportunities that might arise from a collaborative approach with other parties

26.4. Assessing those opportunities to see if they might add value for the Hawke’s Bay community.

27. In addition staff have reviewed external guidance on best practice approaches to determine priority review areas for Council. SOLGM’s guidance recommends using the activities (not groups) disclosed for reporting in the Long Term Plans as a starting point for defining ‘services’ to be reviewed. Determination of priority options is based on guidance which is highlighted further in this section below.

28. External advice suggests the following principles when considering whether an activity should be reviewed.

28.1. The bigger the budget the more efficiency gains are possible

28.2. Capital intensive services are more likely to generate savings

28.3. The greater the cost of a review as a percentage of the total cost of service, the less value in a review

28.4. The more generic the service the more opportunity for economies of scale or scope

28.5. Services which are core competencies and have non-commercial objectives should be retained in house

28.6. There is value in conducting a review if it could further Council’s strategic priorities or responds to a demographic trend or future problem

28.7. The success of many alternative service delivery methods depends on the existence of a competitive market

28.8. Services that have been the subject of comprehensive review under other procurement or legislative processes are less likely to generate new and better ways of doing things

28.9. A service that consistently achieves its performance targets is evidence that it meets customer expectations, and a review is less likely to realise benefits

28.10. If operating costs are comparable with other suppliers then a review is less likely to realise efficiency gains

28.11. Council will get the most “bang for buck” by focusing on services that are important to citizens and are failing to meet their expectations

28.12. The more elapsed time since the last review, the greater value in a review

28.13. Service reviews realise the most benefits when there is certainty around the operating environment in which the service is delivered

28.14. Reviews undertaken jointly with relevant councils and service providers will realise the most value.

29. Where another Council is planning to review its similar activities, a joint approach will be investigated to establish whether it is likely to bring cost efficiencies to the review process.

30. Given the inability to recruit for this role, Risk and Assurance Lead (Office of the CE & Chair), staff propose to contract an external resource to progress this area of work and update the next FARS meeting.

Financial and Resource Implications

31. Staff confirm that the work programme proposed is accommodated within existing budgets as set by the 2018-28 Long Term Plan, however if the sub-committee wishes to consider additional work budget allocations may require reconsideration.

Decision Making Process

32. Council and its committees are required to make every decision in accordance with the requirements of the Local Government Act 2002 (the Act). Staff have assessed the requirements in relation to this item and have concluded:

32.1. The decision does not significantly alter the service provision or affect a strategic asset.

32.2. The use of the special consultative procedure is not prescribed by legislation.

32.3. The decision is not significant under the criteria contained in Council’s adopted Significance and Engagement Policy.

32.4. The persons directly affected by this decision are Council staff and members of the Finance, Audit and Risk Sub-committee.

32.5. The decision is not inconsistent with an existing policy or plan.

32.6. The Sub-committee can exercise its discretion and make a decision without consulting directly with the community or others having an interest in the decision in accordance with its Terms of Reference.

Recommendations

That the Finance, Audit and Risk Sub-committee:

1. Receives and considers the “Sub-committee Work Programme” staff report.

2. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that the Sub-committee can exercise its discretion and make decisions on this item without conferring directly with the community, in accordance with its Terms of Reference.

3. Agrees that the work programme for the Sub-committee will be developed through workshops ahead of confirming the schedule of work and budget allocations at the 3 May FARS meeting, and that in the meantime Internal Audits agreed in August 2019 will scoped and/or be carried out as planned.

Authored by:

Leeanne Hooper

Governance Lead

Bronda Smith

Chief Financial Officer

Approved by:

Jessica Ellerm

Group Manager Corporate Services

Joanne Lawrence

Group Manager Office of the Chief Executive and Chair

Attachment/s

There are no attachments for this report.

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 12 February 2020

Subject: Risk Assessment and Management

Reason for Report

1. This item provides the Sub-committee with the six-monthly review of the risks that Council is exposed to and the mitigation actions in place to manage Council’s risk profile.

Officers’ Recommendation

2. Staff recommend that the Sub-committee confirms its confidence that Council management has a current and comprehensive risk management framework and associated procedures for the effective identification and management of the organisation’s significant risks.

Executive Summary

3. The risk assessment and management update provides the Finance, Audit and Risk Sub-Committee (FARS) with a summary of the risks activity over the last six months. Outlined in the report are the changes to the risk trend ratings with two risks covering Civil Defence preparedness and Council’s investment portfolio shifting downwards.

4. Also covered in this update is the work undertaken to examine some areas of interest raised at the last FARS meeting on 21 August 2019 around risk of harm to the environment, staff wellbeing and retention and civil defence. Upon further examination these risks are well-managed.

Background/Discussion

5. The Sub-committee last considered the six monthly risk management report at its 21 August 2019 meeting.

6. Subsequent to this meeting, the Executive Leadership Team has considered the Sub-Committee’s feedback and reviewed the organisation’s strategic risks with each Group Manager. Details of any resulting changes to the risk register matrix are outlined following.

7. During this period staff resourcing to support this work has continued to be very stretched as described further on in this item.

Key Changes to the Risk Register Matrix

8. Following the feedback at the 21 August 2019 Finance, Audit and Risk Sub-committee (FARS) meeting, staff consideration (summarised following) has been given to:

8.1. whether to add a new risk regarding environmental harm

8.2. providing further detail surrounding the CDEM (Civil Defence) risk

8.3. providing supplementary information on staff retention and welfare.

Risk of Harm to the Environment

9. That there is no recognised ‘Risk of Harm to Environment’ general risk was raised, as relates to harm to the environment generally. Specifically, this risk would cover Council’s requirement to protect the environment, and not cause it undue harm. This may occur during Council’s day to day practices, whereby one or more groups may have conflicting goals.

10. After a discussion within the Executive, it is considered that Risk of Harm to the Environment sits best within CORP003 Inadequate Contractor Management with respect to any action or inaction by Council contractors that causes environmental harm. To mitigate this risk Council works with its contractors to ensure they follow environmental Codes of Practice, River Guides and the work is within the permitted activity rules under the Resource Management Plan (RMP).

Staff Wellbeing and Retention

11. Several mitigation initiatives have been implemented for Staff Wellbeing and Staff Retention risks, including:

11.1. the implementation of the organisational development review and subsequent work programme and relevant staff resourcing

11.2. Learning and Development Strategy and Action Plan

11.3. full remuneration review and recommended changes completed.

12. A focus on recruitment, talent acquisition and retention will be a key focus for the early part of 2020 by the People and Capability team, and the imminent recruitment of a Senior Advisor, Health, Safety and Wellbeing will also add valuable support to the staff wellbeing work programme.

Civil Defence

13. At the 12 February 2019 FARS meeting update, some uncertainty was expressed as to the level of detail within the risk register and whether this was sufficient or too excessive. There was also some query as to how much societal risk should be covered in the register i.e. demographic changes. In addition to the consideration of Civil Defence risks, both of these questions are being addressed through a Hazard Risk review currently underway, involving HBRC staff plus the HBRC Chairman (as the council’s representative on the CDEM Group Joint Committee).

Risk Register summary update

14. At the last risk update to FARS, risks trending upwards included the Implementation of the National Policy for Freshwater Management (STRAT001). Central government is expected to impose a new deadline of 2025 for all freshwater plans to be operative, and the Strategic Planning team will continue to monitor this risk closely.

15. The human health impacts from contamination of drinking water risk (REG002) continues to trend downwards as a result of the review of National Environment Standards for drinking water and the identification of source protection zones in Plan Change 9.

16. Suggestions were made that consideration should be given to the human health risks associated with swimming and recreational activities in contaminated water and with regard to landfills not listed on the HAIL register. The Executive team discussed this and felt that any such human health risks are more appropriately aligned to the risk “Health and Safety of Staff and Public” (OCEC001). This Council works with the Hawke’s Bay District Health Board who has the lead role on the public health risks around swimming.

17. Since the August 2019 FARS committee meeting, there has been a recent review of the risk register with all the risk owners. Risk owners are managing their risks actively. Updates can be seen in green on the attached risk register.

18. At today’s meeting, FARS will be provided with separate updates on the three areas of:

18.1. Contracts/Procurement

18.2. Cyber Security

18.3. the Business Continuity Plan.

Risk Trend ratings

19. There have been two changes to trend ratings in this review period.

20. CDEM001: Preparedness of CDEM and HBRC staff to respond effectively in a regional emergency – communication, resources and capability being adequate

20.1. Trending down due to the successful activation exercise carried out in October 2019. In addition, there is a review of the regional CDEM risk profile and group plan commencing in the first quarter of 2020.

21. CORP002: Investment Portfolio

21.1. This risk is no longer trending upwards. The investment portfolio returns are now projected to be in line or higher than expected. With the IPO now complete and bringing financial risk diversification, there is less reliance on the dividend.

Risk Management function

22. Whilst the risk management process has gained traction and maturity with regular and frequent Executive Leadership Team interrogation of all strategic level risks, it is recognised that further work is required to build the wider organisation’s risk management knowledge and understanding.

23. A newly established Risk and Assurance Lead role will have responsibility for the risk management portfolio. Alongside this they will develop the Council’s assurance framework which will include responsibility for the internal audit programme and quality management system (ISO 9001:2015 certification). The recruitment of this lead role is proving challenging, along with other vacancies with the HBRC. A temporary contract with an established external entity is currently being examined as an interim contingency arrangement.

24. A key priority for the Risk and Assurance Lead role is to progress workshops with staff to fully embed a whole of organisation understanding around risk management.

25. At a group manager level, this portfolio will be held by the Group Manager (OCEC).

Decision Making Process

26. Council and its committees are required to make every decision in accordance with the requirements of the Local Government Act 2002 (the Act). Staff have assessed the requirements in relation to this item and have concluded:

26.1. The decision does not significantly alter the service provision or affect a strategic asset.

26.2. The use of the special consultative procedure is not prescribed by legislation.

26.3. The decision is not significant under the criteria contained in Council’s adopted Significance and Engagement Policy.

26.4. The persons directly affected by this decision are Council staff and members of the Finance, Audit and Risk Sub-committee.

26.5. The decision is not inconsistent with an existing policy or plan.

26.6. The Sub-committee can exercise its discretion and make a decision without consulting directly with the community or others having an interest in the decision in accordance with its Terms of Reference.

Recommendations

The Finance, Audit and Risk Sub-committee:

1. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that the Sub-committee can exercise its discretion and make decisions on this item without conferring directly with the community, in accordance with its Terms of Reference.

2. Receives and considers the “Six Monthly Risk Assessment and Management” staff report.

and either

3. Confirms its confidence that Council management has a current and comprehensive risk management framework and associated procedures for the effective identification and management of the Council’s significant risks.

4. Recommends that the Corporate and Strategic Committee receives and notes the resolutions of the Sub-committee, confirming the robustness of Council’s risk management systems, processes and practices.

5. Advises staff of the specific risks (following) that require reassessment to confirm the level of risk is accurate and internal controls are adequate, for reporting back to the 13 May 2020 Sub-committee meeting.

5.1. …

5.2. …

6. Recommends that the Corporate and Strategic Committee receives and notes the resolutions of the Sub-committee, including the specific risks that require reassessment.

Authored by:

Joanne Lawrence

Group Manager Office of the Chief Executive and Chair

Approved by:

James Palmer

Chief Executive

Attachment/s

⇩1

Risk Management Register February 2020

HBRC Treasury Report December 2019

Attachment 1

3.0 SIPO review

We have undertaken a review of the SIPO and requested comments from both PwC and the investment managers. This section highlights areas where the statement could be enhanced. PwC believe the SIPO remains fit for purpose.

PwC SIPO comments

Whilst PwC agree that Council’s return target may be more difficult to achieve over coming years due to the historically low interest rate environment and extended investment markets, PwC do not believe it prudent to alter the portfolio’s strategic asset allocation by moderating the risk profile. This would introduce a level of risk to the portfolio that is not congruent with Council’s willingness and ability to take risk. It may also hinder Council’s ability to achieve its investment objectives should a significant negative event occur in any period.

Comments 7 and 8 below refer to Jarden’s inability to invest in illiquid assets under the current SIPO. PwC believe this should be reviewed to ensure it is fairly aligned with Mercer’s ability to invest up to 10% of the portfolio in illiquid, ‘unlisted property’ and ‘unlisted infrastructure’. PwC agree with Jarden’s comment that as long as there is an expected accelerated return for the additional risk of investing in illiquid assets that are expected to be held over the medium term, an acceptable proportion of the Fund should benefit.

Comment 9 by Jarden refers to the minimum credit rating required for fixed income investments. PwC agree with Jarden’s view that the minimum rating could be lowered to BBB- from BBB+. This would continue to maintain a minimum ‘investment grade’ credit rating across the portfolio, enhance the fixed income yield opportunity and diversification allowing access to a deeper issuance population. There have been minimal defaults in the global BBB credit rating space over the past four decades; the highest year was 1% of total BBB issuance in 2002 and has been close to 0% over the past decade.

Comment 11 by Mercer refers to a minor wording adjustment around hedging. PwC believe this is a suitable change.

Comment 13 by Mercer refers to a more formalised ethical investment policy as part of this SIPO review. Based on recent discussions with management, PwC believe this issue will become more important over the coming years and believe it would be appropriate to start formalising a policy at this juncture. PwC understand that a discussion with elected councillors to articulate this policy is to be undertaken.

Comments 12 and 14 by Mercer are minor administration points that Council may wish to update in the SIPO.

PwC also recommend updating the SIPO to reflect there are now three separate portfolios with each investment manager, including the capital amount invested into each one and the respective dates of inception.

Conclusion

PwC do not suggest any further changes to the SIPO to those mentioned above. PwC will wait for the above changes to be discussed by the Finance and Audit Risk Committee before formally updating the SIPO.

Jarden’s SIPO comments

1. Is the asset allocation too conservative? Council have assessed the capacity to take risk as low to moderate noting: Financial capacity and cash flow requirements: Council’s cash flow requirements imply low capacity to tolerate short to medium term volatility in the value of its Investment Fund. This reduces the capacity to accept risk. This is unfortunate as it means they are focused on the near term despite the long time horizon and has to be the factor which limits risk in the portfolio to 50:50 Growth:Income.

2. The willingness to accept risk is interesting as it says Council is a risk averse entity. Consequently we feel there is a reluctance to accept risk even though the conclusion is Council’s willingness to accept risk would characterised as moderate due to an acknowledgement of the impact of inflation.

3. Given we are looking at a low interest rate environment for some time the ability for Council to hit its return target in the short term will likely be challenged. Based on Jarden’s long term forecasts we expect a 60% growth 40% income portfolio to deliver 6.8%pa and a 80% growth 20% income portfolio to deliver 7.5%pa.

4. If the portfolios are ahead of their target return with respect to the reserving policy, Council might consider a temporary shift in asset allocation to growth with the knowledge that they have a buffer, if in fact a buffer exists?

5. We are happy for International bonds to remain fully hedged, as currency fluctuation just boost risk without benefiting long term returns for bonds.

6. We are interested in more investigation on International Equities hedging. We see historically there has been a gain to be had by NZ investors hedging offshore currency exposures. Last time Jarden did the exercise there was zero gain, although admittedly not a cost either. Typically we see the allocation to global equities left unhedged due to the currency stabiliser if there is a large NZ specific event. We see some arguments that the best option is to have 50% hedged and 50% unhedged which means you are indifferent to changes in the currency. There is no strong reason to change, but worth another look.

7. Given the long term nature of the fund and its size, we question the need to invest only in liquid securities. Jarden’s view is that as long as there is an expected extra return for the additional risk of investing in illiquid assets, we believe the fund should exploit this.

8. A limit should be imposed on the level of illiquid assets. This would require a review of Investment in assets other than those contemplated by this policy statement (including antiques, art, stamps, gold, silver, hedge funds, commodities, private equity or venture capital investments) are not permitted without the prior approval of the Council.

9. The minimum BBB+ credit rating seems conservative. We think consideration should be given to reducing to BBB if not BBB-. If nothing else this broadens the range of investments available. To ensure the portfolio doesn’t become over burdened with weaker credits we could set an average credit rating for the portfolio of say BBB+ and place lower limits on the holdings of weaker credits?

Mercer’s SIPO comments

10. Investment Performance Objective: taking current expected returns per asset class into account, we believe the 5% real return target may be too ambitious. Our modelling indicates that the Council’s current 50% Growth strategy has a very low (<10%) probability of achieving this objective over the long term.

11. Asset Class Guidelines (page 11): 4th bullet states a 50% lower bound for hedging, whereas the Foreign Exchange section on page 13 correctly notes a 30% bound. We suggest 30% is noted in both sections.

12. Rebalancing (page 12): the second paragraph may be interpreted to mean the Council needs to explicitly approve each rebalancing trade. In practice, this is carried out by Mercer on an ongoing basis. We would suggest the wording is amended to reflect the delegation of rebalancing activity.\

13. Ethical Investment (page 12): We understand the Council has given significant consideration to Ethical Investment issues but the SIPO reads fairly “light” in this regard. We would suggest formalising a more thorough RI Policy as part of the SIPO review.

14. Manager Performance (page 16): We would suggest adding SIPO compliance explicitly as one of the factors to be taken into account when reviewing the managers.

4.0 Liability Management Policy Compliance Checklist

The table below illustrates Council’s compliance with funding, interest rate and liquidity risk parameters set out within the Liability Management Policy. A snapshot of current funding in place (maturity term and pricing) as well as interest rate fixing is also provided.

New treasury transactions in the period are outlined in Appendix 1.

5.0 Borrowing Limits

Ratio	Hawke’s Bay Regional Council	LGFA Lending Policy Covenants	Actual
Net external debt as a percentage of total revenue	<150%	<175%
Net interest on external debt as a percentage of total revenue	<15%	<20%
Net interest on external debt as a percentage of annual rates income	<20%	<25%
Liquidity buffer amount comprising liquid assets and available committed debt facility amounts relative to existing total external debt	>10%	>10%	20%

6.0 Funding and Liquidity Risk Position

The chart below shows the spread of Council’s current funding maturity terms and positioning within funding maturity limits set out within the Liability Management Policy. Council’s liquidity buffer amount is also shown.

Debt Funding Strategy

Council’s cash flow and debt forecast indicate a requirement for an additional $10 million of core borrowings during this financial year. This level of debt requirement is a function of FY19 borrowings being $2.5 million of the expected $7 million. The first tranche of new funding is anticipated to be required in the second quarter of FY20 (circa $5 million) and is proposed to be met via participation in upcoming LGFA tenders.

7.0 Interest Rate Risk Position

The interest rate profile below shows the level of Council’s interest rate fixing within Liability Management Policy parameters. The shaded area represents fixed interest rate commitments (i.e. term loans and/or derivatives) and their maturity terms over the 15-year Policy period. The red line represents the current rolling debt forecast for the forward period with the maximum and minimum bands a function of the debt forecast.

As can be seen from the chart and table below, the interest rate risk position is fully compliant to all policy parameters.

Interest rate strategy

With short term interest rates expected to be lower for longer, as the RBNZ stimulates with loose monetary policy settings, the fixed rate position will progressively move towards minimum policy limits. The strategy is therefore to increase exposure to short-term floating rates (within policy limits) through issuing all new debt on a floating rate basis.

Long term interest rates are expected to remain around current levels as global central banks maintain their loose monetary policy requirements along with influencing low, longer term interest rates. The longer term interest rate risk position will be maintained around minimum policy limits through the use of interest rate swaps or fixed rate debt issuance.

8.0 Funding Facility

Bank

(Facility maturity date)

Maturity Date

Drawdown Amount ($m)

Facility Limit ($m)

BNZ

15-Jan-21

0.00

5.00

TOTAL

0.00

5.00

Available bank facility capacity (liquidity buffer)	This month ($m)	Last month ($m)
Gross amount	5.00	5.00
Policy liquidity buffer requirements	2.55	2.30
Excess amount	2.45	2.70

9.0 Cost of Funds vs Budget

Month		YTD
Actual ($m)	Budget ($m)	Actual ($m)	Budget ($m)

10.0 Counterparty Credit

All counterparty credit exposures are fully compliant with policy.

11.0 Market Commentary

Investment markets

The last quarter of 2019 was a good news quarter, and in broad terms, financial markets responded accordingly. The monetary stimulus provided by central banks in earlier quarters has done its job with economic data generally improving. The improvement is particularly evident in the housing market (rising median sales prices and lower days to sell). In the US, the number of houses being built has increased, while in Australia and New Zealand house price inflation has picked up. This has supported an overall improvement in the economic outlook, which has bolstered equity markets.

Accompanying the rosier outlook has been waning expectations of further interest rate cuts, which is best illustrated by US Federal Reserve (Fed) Chair Jerome Powell’s comment that “monetary policy is in a good place”. Despite this, both the Bank of Japan and European Central Bank announced their intention for an open ended easing bias to deal with stubbornly low inflation. Adding to the good economic news was the positive progress towards resolving: 1) The US/China trade dispute, with the announcement of phase one of a trade agreement between the US and China announced in January 2020; and 2) Brexit, with a decisive election victory for Boris Johnson’s Conservative Party, which should see an orderly exit of the United Kingdom from the European Union no later than 31 January 2020.

In this environment, investors were content to invest in riskier assets types such as equities. This resulted in the strong performance of New Zealand equities (+5.3%) and global equities (+7.8%) in local currency over the quarter.

Unfortunately, the global equity market return in New Zealand dollars (+1.5%) was significantly eroded by the rise in value of the New Zealand dollar at the end of December, which rose against all major currencies except GBP (GBP strengthened on the back of a more favourable Brexit outcome). The NZD benefited from expectations the Official Cash Rate would not be cut further, more optimistic investor sentiment and importantly stronger commodity prices.

Increased investor appetite for riskier assets meant that safe-haven asset values, such as gold and fixed interest securities/bonds declined.

The stellar performance of the New Zealand equity market over the quarter and year (+31.6%) warrants closer examination. Without doubt, there has been increased interest in the New Zealand equity market as bank term deposit interest rates tumbled from 3.3% in April 2019 (where they had been since the end of 2015) to the current six month deposit rate of 2.6%.

There has been an extraordinarily diverse performance of equities over the quarter – from Metlifecare (+53%, following a takeover offer) and Summerset (+34%) as outperformers, down to Sky Network Television (-37%) and Gentrack (-28%) as underperformers. While the weak performers reflect company specific issues, the outperformers, except for Fisher & Paykel Healthcare, are all in the aged care industry, which is benefiting from a reinvigorated housing market. The other group of companies worth commenting on are the electricity generation companies, which gave back a chunk of the gains achieved in early months on the back of investors chasing dividend yields. They fell in price, due to concerns around Rio Tinto’s review of the Tiwai Point aluminium smelter’s operation. The smelter consumes 10% of New Zealand’s annual electricity production, so a decision to shut the smelter down would result in an electricity oversupply and subsequent drop in the electricity price.

Funding markets

A total of 21 local government borrowers raised $413 million in the fourth quarter (Q4) of 2019. 39 separate funding transactions occurred, of which all except two were conducted via the LGFA. The two debt issues transacted outside of the LGFA were from Dunedin City Treasury (not a LGFA member). Borrowing volumes remained strong in Q4, slightly lower than Q3. A total of 54% of all borrowing in Q4 was undertaken on a floating rate basis. Over the fourth quarter, Councils borrowed for a weighted average term of 6.9 years.

Looking back on the full year, total issuance amounted to $2.40 billion; the highest level since 2014 ($2.55 billion). Prefunding ahead of the LGFA's April 2020 bond maturity ($1.03 billion) is expected to support borrowing volumes throughout the first quarter of 2020. We understand that, to date, approximately 35% of the 2020 bond maturity have been refinanced/prefunded. However, most councils are currently updating new debt forecasts and this may push out issuance demand to the second quarter of 2020.

LGFA credit spreads have continued to creep up since Q3 in the short end (three to five years) and held reasonably constant for the longer end (7-10 years).

Government bond yields remain at historically low levels reflecting global yield curves, supporting the attractiveness of LGFA bonds as a substitute investment to NZ Government bonds given the higher yields on offer. There was significantly less Kauri bond issuance in 2019 with a total of $1.4 billion of new issuance (relative to total issuance of $4.2 billion in 2018). LGFA bond demand (and pricing) benefits when there is less Kauri issuance competing for the investor dollar. With the expanded bond issuance program from Kāinga Ora (Housing NZ) in 2020 of $2.5 billion (up from $1.5 billion in 2019), we expect some impact on LGFA demand, thus increasing the risk that credit spreads widen gradually in 2020, primarily for longer-dated tenors. We believe that investor interest for LGFA bonds will however, remain robust for maturities up to 5 years and that there may be some upward movement on margins for longer dated issuance.

Interest rate markets

The RBNZ surprised financial markets in November by holding the OCR at 1.00%. The fundamental outlook no longer currently supports another cut to the OCR over the next six months, although we expect risks remain biased lower. RBNZ note while inflation remains below the 2 percent target, employment continues to sit around its maximum sustainable level and other economic developments since the August MPS “do not warrant a change to the already stimulatory monetary setting at this time.” However, risks remain “tilted to the downside.” Domestically, business confidence improved in December but remains weak overall. Businesses are reluctant to make hiring or investment decisions, and have struggled to raise prices, crimping sales margins. The housing market is now showing signs of growth, while inflation pressures are slightly stronger, however global risks (including the coronavirus) remain. ‘Lower for longer’ interest rate settings to prevail.

Long-term NZ swap rates are biased lower as global rates are likely to remain under structural pressure. Global growth remains tepid amid recent (but improving) trade tensions between US and China, as well as Brexit uncertainty (though easing following the election). There are signs of growth stabilising (rather than further weakness) but uncertainty remains. A soft growth outlook from our key export trading nations, Australia, China and Europe means that central banks will continue their ‘looser’ monetary policy settings. Underlying inflation around the globe remains benign. There remains no reason for structurally higher long-term swap rates over the next twelve months.

12.0 Policy exceptions

Date	Detail	Approval	Action to rectify
TBC	SIPO asset allocations non-compliant	Y	Gradual staggering into investment portfolio positions will see strategic asset allocation requirements met over coming months.

13.0 Appendix

13.1 New Treasury Transactions up to 31 December 2019

Borrowing activity

Bank/LGFA	Amount (NZDm)	Borrower notes (NZDm)	Deal Date	Start Date	Maturity Date	Commitment Fee	Margin

Interest Rate Borrower Swaps

Bank	Notional Amount (NZDm)	Deal Date	Start Date	Maturity Date	Swap Rate
n/a	n/a	n/a	n/a	n/a	n/a

HBRC Business Continuance Plan

Attachment 1

Executive Summary

Business continuance is a strategy for putting processes in place that an organisation requires to operate during and after an interruption. Business continuance plans not only reestablish full operations as swiftly and smoothly as possible, but also seek to prevent essential services from being interrupted through various annual maintenance tasks.

Even though the probability of a major regional crisis is not high, the effect of such a crisis may seriously affect the ability of the council to continue to fulfil its statutory obligations, and its obligations to the regional community. It is important to understand that our business can be disrupted by not just a national or regional disaster, but also by local and isolated events which can result in parts of our business becoming unworkable and not being able to meet our obligations. Therefore, it is necessary for the business to identify the essential functions that the business needs to operate and meet is statutory obligations.

The Executive team have identified our essential functions. Each of these functions are individual appendices at the back of this plan which prompt staff on how to re-establish full operations as swiftly and smoothly as possible. They outline; essential duties and requirements, alternative solutions and the positions responsible. It is important to note that staff wellbeing is paramount and as part of the Emergency Procedures the Safety Team are responsible for monitoring safety of staff, supporting welfare of staff and families, checking rosters and coordinating First Aid requirements (Reference Emergency Procedures Manual JD 3).

A member of the Executive team can activate this plan, when any of the essential functions or services are affected. Or more broadly when:

· serious physical damage has occurred, or threatens to occur, to our premises or our ability to effectively operate from our premises

· substantial event or activity has occurred, or threatens to occur, to interrupt our business.

The Executive will use the flow chart, checklist and the events record log (next two pages) in this document to execute the plan. The flowchart is used to follow the procedure until HBRC is operating all essential functions and services and meeting statutory obligations. The decisions made during this process will be recorded on the events record log.

It is important staff understand:

1. By activating this plan, the business gives priority to functions and services that have been identified as essential and allocates these acceptable downtimes

2. Non-essential functions of the business will not be addressed until all essential functions and services have been re-established

3. Staff in non-essential functions and services will be deployed to other areas of the business as a priority to establish essential functions and services.

1. Procedure Flow Chart & Checklist

Any member of the Executive Team can activate this plan (Refer to Section 7) if any of the essential functions* are affected:

o Identify an appropriate Incident Room with communication support

o Notify essential leads and/or other applicable staff of the nominated Incident Room.

o Account for employees and their status using HR, and maintain health and safety.

o Mobilise essential leads & Incident Management Team who can physically come to the Incident Room, and personnel that can provide support.

o Establish command structure with alternatives for all positions. (Ref Emergency Procedures Manual)

o Appoint responsible personnel to review essential function detail sheets*, and prioritise acceptable downtimes and report back to IMT

1. Pollution Response

2. Marine Oil Spill Response

3. Hydrology Flood Warning

4. Duty Management

5. Alt GECC & HBRC Incident Room

6. Asset Mgt Assessment

7. Managing Contractual Obligations

8. Public Transport

9. Coordinate Recovery incl HR, Health and Safety

10. Computer Services

11. Records Management Access

12. Finance (Payroll)

13. Vehicles & Generator

14. Radio Communications

15. Telecommunications

16. Harbours

17. Communications

18. Accommodation

o Source essential equipment required.

o Continue to manage response to event in accordance with this plan and the Emergency Procedures Manual until conclusion.

o Debrief (Ref Emergency Procedures Manual).

* Each essential function has a detail sheet in the Appendix to this plan which lists leaders, acceptable downtimes and what needs to happen to re-establish the function or service.

2. Events Record Log

Date: _________ Location: _________________________________________________

Event Time (am/pm)	Type of Event / Comments	Source	Initials
: a/p	BCP activated and event record log started
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p
: a/p

Please record recovery events, decisions and milestones of the recovery operation

3. Essential Functions and Services

The HBRC Executive Leadership Team has defined the following management functions, resources and services as essential, requiring they be operational within two weeks of any interruption.

3.1 Management Functions

Description	Time for System Restoration	Group	Manager	Ref. to Data Sheet
Pollution Response	2-4 hrs	Regulation	Manager Compliance	A.1
Marine Oil Spill Response Team	2-3.5 hrs	Regulation	ROSC	A.2
Hydrology Flood Warning	2-12 hrs	Integrated Catchment Management	Manager Environmental Information	A.3
Harbour Master Function	1 – 3 hrs	Regulation	Harbour Master	A.16
Duty Management	Immediate – 2 hrs	CDEM	HBCDEM Team Leader Hazard Reduction	A.4
Alternate Group Emergency Coordination Centre & Incident Room (HBRC)	Immediate – 0.5 days	CDEM	HBCDEM EMA Coordination Centres & Equipment / HBCDEM Team Leader Hazard Reduction	A.5
Asset Disaster Assessment	0.5 – 2 weeks	Asset Management	Manager Regional Assets	A.6
Manage Contractual Obligations	3-20 days	Asset Management	Group Manager Asset Management	A.7
Public Transport	3 days	Strategic Planning	Transport Manager	A.8
Coordinate Recovery incl HR & Health & Safety	Immediate – 3 days	Executive	Chief Executive or Group Manager Office of CE & Chair	A.9
Communications & Web	2-4 hrs	Corporate Services	Marketing & Communications Manager	A.17

3.2 Information Needs

Description	Time for System Restoration	Group	Manager	Ref. to Data Sheet
Computer Services	3 days	Corporate Services	Info & Communications Technology Manager	A.10
Records Management/ Access	1 day	Corporate Services	Administrator Coordinator	A.11
Finance (Payroll)	1-5 days	Corporate Services	Corporate Accountant/Payroll Officer	A.12
Hydrology Flood Warning	2-12 hrs	Integrated Catchment Management	Manager Environmental Information	A.3
Digital Flood Prediction Computer Models	0.5 day	Asset Management	Manager Regional Assets	A.6

3.3 Resources

Description	Time for System Restoration	Group	Manager	Ref. to Data Sheet
Vehicles / Generator	30 mins – 1 day	Corporate Services/ Works Group	Facilities and Fleet Manager or Operations Contracts Manager	A.13
Radio Communications	2-6 hrs	Corporate Services	Facilities and Fleet Manager	A.14
Telecommunications	1 day	Corporate Services	Info & Communications Technology Manager	A.15
Accommodation	3 days	Corporate Services	Facilities and Fleet Manager	A18

4. Non Essential Functions and Services

The Executive Leadership Team has defined the following functions and services as non-essential. These would be reinstated after the reinstatement of the functions and services defined as essential above. The plan to reinstate these non-essential functions and services will be developed in the first two weeks following an interuption. Staff from these functions and services will be re-deployed where possible to ensure that the priorities are followed.

Description	Time for System Restoration Isolated	Group	Manager
Engineering: Rivers Mouth & Lagoon Opening	1-6 weeks	Asset Management	Group Manager Asset Management
GIS	1-6 weeks	Corporate Services	Group Manager Corporate Services
Survey	1-6 weeks	Asset Management	Group Manager Asset Management
Finance and Creditors	1-6 weeks	Corporate Services	Group Manager Corporate Services
Rates & Lease Management	6-12 weeks	Corporate Services	Group Manager Corporate Services
Transport Operations	6-12 weeks	Strategic Planning	Group Manager Strategic Planning
Engineering	6-12 weeks	Asset Management	Group Manager Asset Management
Engineering – Gravel Management	6-12 weeks	Asset Management	Group Manager Asset Management
Catchment Services	6-12 weeks	Intergrated Catchment Management	Group Manager Intergrated Catchment Management
Catchment Management	6-12 weeks	Intergrated Catchment Management	Group Manager Intergrated Catchment Management
Operations General	6-12 weeks	Asset Management	Group Manager Asset Management
Consents	6-12 weeks	Regulation	Manager Consents
Environmental Science	6-12 weeks	Intergrated Catchment Management	Manager Science
Community Engagement	6-12 weeks	Corporate Services	Marketing & Communications Manager
Compliance	12-20 weeks	Regulation	Manager Compliance
Roadsafe HB	12-20 weeks	Strategic Planning	Group Manager Strategic Planning
Animal Pest Control	12-20 weeks	Intergrated Catchment Management	Manager Catchment Services
Plant Pest Control	12-20 weeks	Intergrated Catchment Management	Manager Catchment Services
Policy and Planning incl Transport	12-20 weeks	Strategic Planning	Group Manager Strategic Planning
Strategy, Economics & Development	12-20 weeks	Strategic Planning	Group Manager Strategic Planning
Strategic Partnerships & Healthy Homes	12-20 weeks	Corporate Services	Manager Client Services
Water Information & Management	12-20 weeks	Intergrated Catchment Management	Group Manager Intergrated Catchment Management

5. Business Continunance Plan Overview

5.1 Purpose

This plan has been prepared to ensure that the Hawke's Bay Regional Council (HBRC) continues to effectively manage its business operations in the event of an interruption. An interruption may seriously affect the ability of Council to continue to fulfil its statutory obligations and its obligations to the regional community. It is, therefore, prudent that we have in place a plan to deal with interruptions.

These interuptions could be isolated or localised affecting our workplace, not neccesarily a civil defence emergency. It is important to note in the event of a civil defence emergency the Business Continuity Plan (BCP) is designed to take over after an acute emergency has been dealt with. So it’s important for the BCP to link effectively with the Emergency Response Plan.

This plan is to be used as a prompt or reminder when an interruption occurs. It:

· gives priority to services that have been identified as essential and allocates these acceptable downtimes

· identifies non-essential services and allocates these acceptable downtimes.

The procedure flow chart and checklist ensures that events follow a logical sequence towards re-establishment. The information relating to each essential function and service provides a starting point for assisting business continuance.

5.2 Responsibilities

The Group Manager Office of Chief Executive and Chair is the sponsor of this plan and is ultimately responsible for its implementation and maintenance. This includes project managing all aspects of its on-going development and maintenance as documented with the plan.

Activation of the response part of the plan to take action in the event of an interruption may be authorised by any one of the Executive Team.

5.3 Basis for the Plan

The plan is based on the information and procedures we use each working day. This reduces confusion at a time when the Council is operating under some stress. It also means that, by minimising special arrangements, the Council's operations can continue with minimal time loss and minimal additional expenditure.

In terms of risk assessment, the plan considers a worst-case scenario, such as earthquake, tsunami or fire, which results in the loss of the primary HBRC buildings in Napier. It then considers what needs protecting, what might disrupt it and how, and what happens if it gets disrupted.

Central to all management’s thinking through a disaster is that the Council is not in the business of merely recovering from a catastrophe, but is expected to assist other organisations to recover. The expression disaster recovery conjures up images of damage and its subsequent repair – the Council recovers back to the state it was immediately before the disaster. Business continuance, on the other hand, is a much more positive notion – the Council, despite damage or other loss of functionality or resources, works through the adversity with the desire to be positively stronger when the emergency situation has subsided, having full regard to the need for normal operating efficiencies.

The HBRC numbers 257 staff, which includes 31 staff with the Works Group Business Unit at Guppy Road, Taradale, 6 staff in Wairoa and 7 staff based in Waipawa. This Plan is based on a staff resource of 40% (102 staff) of the Council’s available staff pool of 257 including part time and casual staff.

5.4 Objective of the Business Continunance Plan

‘To continue operating essential functions and services during and following an interruption.’

5.5 Aims

To describe the arrangements required for continuing Council's ‘business operations’ at a time of potential or actual interrutption. These arrangements include:

· Defining the control and co-ordination functions

· Identifying actions to be taken in response to a crisis event

· Identifying the preparatory tasks and projects to be completed to ensure the response actions are achievable

The Civil Defence Emergency Management Act 2002 makes it a requirement that every government department, all engineering lifelines utilities and all city, district, and regional councils are able to function to the fullest possible extent, even though this may be at a reduced level, during and after an emergency.

The Hawke’s Bay Civil Defence Emergency Management Plan identifies one of the key measures of resilience as having effective business continuance planning for key Hawke’s Bay employers.

This plan only relates to the Hawke’s Bay Regional Council. It covers the protection of personnel, protection of assets and records, continuity of management, minimisation of losses and recovery time through to the resumption of normal operations.

5.6 Scope

Within the identified essential functions and services the scope of the plan covers:

· Management Functions – for ensuring that the Council's management structure and the major management tasks are continued through an interruption

· Information Needs – to ensure that the Council has continued access to all the information (electronic and hard copy) needed to continue operating

· Resources – to ensure that the Council has continued access to all the resources needed to continue operating, including accommodation.

5.7 Plan Activation

Trigger point for response activation:

· Serious physical damage has occurred, or threatens to occur, to our premises or our ability to effectively operate from our premises.

· Other substantial event or activity has occurred, or threatens to occur to interrupt our business.

Authority to activate the response – the Executive Team are individually authorised to activate the response part of this plan.

6. Preparation

This section outlines all maintenance and development activities that have been identified as necessary to ensure the overall effectiveness of this plan in achieving its Aims and Objectives. These activities are of two types.

Maintenance Tasks

Repetitive and routine activities with which to ensure that the plan remains effective over time. These activities generally relate to sustaining physical resources and improving the preparedness of staff.

Development Projects

One-off activities, which are necessary to bring the organisation up to the desired level of performance.

Examples include the development of a procedure, and the purchase of equipment.

Scheduling for the completion of each of these is dependent on a variety of inputs as appropriate, e.g. internal management/staff, specialist expertise and/or funding.

6.1 Plan Revision / Updates

This plan is to be reviewed annually. This is to ensure the plan documentation keeps pace with changing circumstances relating to:

· Achievements by way of completions of on-off preparatory tasks and projects

· Organisational structures, staff movements and details

· Physical environment (buildings and facilities)

· Council's services and their operational processes

· External linkages with suppliers, contractors and other stakeholders

6.2 Risk Minimisation

Procedures have been implemented that increase the security of our vital records, fittings, and equipment. Also potential simulations have been identified to test these procedures and our staff.

To minimise risk to our business we complete the following maintenance tasks and identifiy any mitigations:

Maintenance Tasks

Description	Action Required	Responsible / Timing
Earthquake hardening	All fixtures and fittings require stabilising to reduce the amount of movement during any earthquake – especially important in areas where damage may be caused to equipment vital to our continued operation.	Facilities and Fleet Manager: Stacey Rakiraki Annually
Telecommunications	Staff training on Mitel Phone System. What happens in the event of an interruption.	David Fulton - ICT Annually
Emergency Power	Staff training on emergency power .	Facilities and Fleet Manager: Stacey Rakiraki Annually
BCP review	To preserve the integrity of this document it will be reviewed annually and audited every 5 years. This document and its previous versions are recorded on the Council doucment system on Herbi	Group Manager Office of the Chief Executive & Chair Annually
Insurance policies	A review of existing insurance is required to ascertain that coverage is adequate and also that there are no duplications between insurance and computer maintenance and support agreements.	Financial Accountant Trudy Kilkolly Annually
Plan testing	A review of the adequacy of the plan may be necessary from time to time. Evaluation of all testing undertaken is necessary on the ‘Test Evaluation Checklist’ at the end of this plan.	Group Manager Office of the Chief Executive & Chair Annually

Mitigation Tasks

Description

Action Required

Responsible/
timing

Back up of Design Plans (A6)

There are still only some electronic back-ups for design plans stored at Guppy Road (See Appendix A-6 and A-7).

· 2/3’s of vital plans had been scanned into Alchemy previously but they were not properly profiled.

· All hard copy plans are now stored at Guppy Road, but have not been organised to easily retrieve. Has the facility got smoke alarms and other appropriate protections?

· 1/3 need to be sorted and scanned. Depending upon the volume, IT will be able to provide advice on the best way to carry out scanning.

Compromises Council’s ability to provide adequate asset disaster assessment should entry to premises be constrained or records be destroyed. Profiling/Labelling and final scanning work is required.

April 2016 update: still in progress and supposed to be addressed as an outcome of IaaS migration, ETA was 30 November 2016.

July 2019 update – matter remains unresolved, and compounded with move to new electronic storage systems which require metadata. Issue to be resolved as part of corporate record management, with Asset Mgt assisting Corporate Services.

Group Manager Corporate Services/Group Manager Asset Management

Description	Action Required	Responsible/ timing
Asset Mgt (A6)/ Contractual Obligations (A7)	A-6 Asset Management Assessment. Requires a significant review by Asset Management through a collaborative workshop. A6 Refers to asset management inspection but also refers to operations – propose to separate functions with an individual BCP Appendix. While Operations General under Asset Management has been deemed non essential in section 4 of the BCP report, operations and maintenance of our schemes is essential. It should be noted that the incident operations roster provided by Works Group is only operable for several days and this needs to be explored thoroughly as part of the BCP. A-7 Managing Contractural Obligations to be reviewed. For Asset Management essential functions 90% of our contracted maintenance and minor capital is through Works Group and is essentially cost plus, well managed and low commercial risk. Risk sits with larger capital construction projects of which we only have a small number. An assessment of critical contracts for the organisation should be made upfront and not during an incident response. Although Asset Management hold a high level of competence in managing construction and maintenance contracts it may not necessarily have the highest risk contracts of the organisation. Hold a collaborative workshop to review across the business and provide resolution to these issues. We also have a number of informal arrangements with NCC which should be formalised to avoid doubt during a incident scenario.	Group Manager Asset Management October 2019 November 2019
Account of employee status (A9)	When activating the plan, Exec need to account for employees and their status, yet it will be difficult to account for 250 staff, many of whom work across the region, within half a day. The review identified the need to improve capabilities to carry out this duty. ITC was asked to investigate options and identified Whispir. With support from the CDEM team, Office of the Chief Executive and Chair to work with Whispir on solution with ITC support to ensure setup integration. This project is currently underway.	Group Manager Office of the Chief Executive and Chair
Critical documents missing on Share drives (A11)	There are some critical documents, particularly engineering files only available on share drives. Some have backups in Rivera or in Vdaas but some do not. A solution should be found to mitigate this risk particularly for asset management.	Group Manager Corporate Services
Internal Phone Network a risk (A15)	Mitel Phone Network at risk in Dalton Street Building, as if hardware damaged there is no replacement available as Mitel system too old. 80% of HBRC staff now have Smart-phones which increasingly reduces the reliance on an internal phone network, but if hardware damaged 20% of staff without means of communication. Also more importantly if Mitel fails, HBRC calls will not be answered and a diversion needs to be urgently put in place with Spark Managed Customer Centre 0800 482 296	Group Manager Corporate Services / Info & Comms Technology Manager

Simulations

To enable staff to be better prepared for any future interruptions we have listed potential scenarios to use as simulations that could kick off at any time.

We aim to cover one or essential functions and services a year, dependant on resources.

Event Simulation	Test	Group
Significant fire at HBRC office:	To assess Executives (plan initiation, prioritisation and following plan) and staff response. Also how employees will continue working and be productive during an unforeseen interruption that prevents them from going to the workplace.	All Departments
Significant fire at Guppy Road	To test Managers response and review of BCP. Also how employees will continue working and be productive during an unforeseen interruption that prevents them from going to the workplace	Asset Management
Cyber-attack on HBRC systems: Hydrotel is down	To test our ICT DRP and staff that use Hydrotel. How do staff manage without the tool. Do they know what alternative measures are and the steps they need to follow.	Intergrated Catchment Management
Unavailability of HerBi due to internet access issues	To test our ICT DRP and staff that use this tool. How do staff manage without the tool. Do they know what has been identified as a replacement tool and the steps they need to follow	Corporate Services - ICT
Public protesting at ‘significant rates increase’, forcing entry and subsequently occupying HBRC offices	To test Executives (plan initiation, prioritisation, following plan) and staff response.	Executive
Cyber-attack on HBRC website – it’s rates payment week.	To test our ICT DRP and staff that use this tool. How do staff manage without the tool. Do they know what plan B is?	Group Manager Office of the Chief Executive & Chair and Group Manager Corporate Services

6.3 Essential References

Specific specialist information will be required to assist with the recovery of essential functions and services. Refer to each of the references listed.

Key External Contacts

· Maintained on staff devices, all of which have cloud back-ups

· CDEM Contacts List or the Intranet (Herbi) for contact lists

· Telephone Book

Action Requirements

· See Appendix A for Essential Functions: By time frames of immediate, 2 hrs, 0.5 days, 1 day etc.

Alternative Location Specifications

· See individual appendices for alternative Essential Function locations Appendix A

· See Essential Function: Accommodation Appendix A-17

· See Hawke’s Bay Civil Defence Emergency Management Group Plan for alternative Emergency Operations Centre locations

Back-up Power Supply

· See Emergency Procedures Manual SOP R4 Generator

· Includes details of estimated capacity and other alternatives

Information Services Disaster Recovery Plan

· Including computer equipment and software, vital records and supplies, telephone equipment and services. Plan held by Information & Communications Technology Manager. Copy on Herbi https://herbi.hbrc.govt.nz/site/it/busmngt/HBRC%20Disaster%20Recovery%20Plan%202008.pdf#search=Information%20Services%20Disaster%20Recovery%20Plan

Contacts Database

· Staff Contact Database is on the Active Directory - Maintained by ICT

Simulation Exercise - Test Evaluation Checklist

Purpose: Verify the viability of the business continuation plan. Identify areas that need to be modified to allow for miscalculations that may be discovered through the testing process.

Key position responsibilities: Complete this questionnaire. Add additional information pertinent to the effective modification of testing procedures.

Essential Service / Function ______________________________________________________

Are the procedures clearly defined? YES NO

If no, explain:_________________________________________________________________

___________________________________________________________________________

How long did it take to perform the test?_____________________________________________

Are you comfortable with how long the test took? YES NO

If no, explain:_________________________________________________________________

___________________________________________________________________________

Do you feel that your team was adequately prepared? YES NO

If no, explain:_________________________________________________________________

___________________________________________________________________________

What areas do you feel you and your team need to improve in order to effectively execute your responsibilities?

___________________________________________________________________________

Were there any other difficulties encountered? YES NO

If yes, explain:_________________________________________________________________

___________________________________________________________________________

Did you discover any critical information
missing from the business continuation plan? YES NO

If yes, explain:_________________________________________________________________

___________________________________________________________________________

What other recommendations do you have?

___________________________________________________________________________

What comments or recommendations do you have on test content?

___________________________________________________________________________

What comments or recommendations do you have on plan execution?

___________________________________________________________________________

7. Response

7.1 Activating the Business Continuance Plan

It is important for a member of the Executive Team to be informed at the time of the first alert of a catastrophe. They can then make an assessment of the situation and declare the activation of this plan.

As soon as the plan activation is made, the Events Records Log should be maintained or something equivalent at 'zero hour' and all significant events; decisions and milestones are recorded in the log. It may be necessary to evacuate any affected areas and arrange a recorded telephone message if the reception desk is not available.

Once the plan is activated the Executive Team or representative will:

1) Identify an appropriate Incident Room with communication support. The Council maintains a designated Incident Room at the Dalton Street office which can be expanded into the associated Mohaka Room. This room has briefing tools, and emergency communication equipment including Fleetlink, CDEM radio network, simplex radio, marine radios and satellite communications.
If the Dalton street offices are not habitable, an alternative Incident Room will be established at the Works Group office in Guppy Road, Taradale, or at the most appropriate location depending on circumstances.

2) Notify the Incident Management Team and essential leads and/or applicable staff of the nominated Incident Room for HBRC crisis management.

3) Take a thorough account of employees and their status using HR, and maintain health and safety.

4) Mobilise essential leads & the HBRC Incident Management Team who can physically come to the Incident Room, and personnel that can provide support.

5) Establish command structure with alternatives for all positions. Reference the HBRC Emergency Procedures Manual. All executive staff hold a hard copy and copies also available on Herbi.

6) Appoint responsible personnel to review their essential functions (detail sheets (7.4) held as an appendix to this plan), to ensure functions are operational and if not prioritise acceptable downtimes and report back to IMT with restoration plans.

7) Source essential equipment required to support these functions.

8) Continue to manage response to event in accordance with this plan and the Emergency Procedures Manual until conclusion.

9) Run a hot and cold debrief of the crisis as appropriate (Ref Emergency Procedures Manual SOP R11).

7.2 Recovery and Restoration

In the event of building evacuation, initial instructions will come from the Emergency Response Team (refer to the Emergency Procedures Manual, Section 3.4) to ensure the rescue and safety of all personnel and the notification of medical and emergency services.

The situation will be assessed and as far as practical secured from further loss and damage. Efforts will be co-ordinated to consider staff and equipment options.

Special attention will be given to setting up liaison and enquiries response to staff, media and customers.

7.3 Procedural Flow Chart & Check List

The procedural flow chart and Check List is on Page 4. This flow chart and checklist provides a sequence to the steps that are required for recovery. It will ensure that the approach taken is logical. The flow chart & check list provides a quick reference to the response activities to be actioned as appropriate to the circumstances. The tasks to be done have priorities and responsibilities allocated, and where appropriate, notes or references to other Council documentation are provided.

7.4 Detail Sheets

The detail sheets for each of the essential functions and services are arranged in order of priority and are contained in Appendix A. Refer to Page 6 of this Plan for a summary of all the defined essential functions and services. The detail sheets are to be used as guidance and for prompting. They have been kept relatively general in order to provide information that will be useful over a range of interruptions. The responsible position holders will be able to provide more specific information, but if they are unavailable, the details sheets will provide sufficient information for other staff to initiate recovery.

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 12 February 2020

Subject: Procurement Policy and Procurement Manual Update

Reason for Report

1. This report:

1.1. provides an update on the progress made to implement recommendations from the 2018 internal audit review findings to improve the HBRC Procurement Policy and Procurement Manual

1.2. provides an update on the development and implementation of a centralised Procurement Hub

1.3. seeks the Sub-committee’s feedback on what information would be usefully incorporated in future Procurement update reports.

Officers’ Recommendation

2. Staff recommend that the FARS reviews the information presented and provides feedback on any additional information it would find useful in future reports.

Executive Summary

3. A regular report on progress made in developing a centralised procurement function for HBRC will be made to the Finance Audit and Risk Sub-Committee

4. This report also provides information on contracts issued in the reporting period July 2019 to December 2019, the value and risks associated, and significant contracts due to expire in the next three months.

Background

5. From a business perspective, the most obvious benefits of an effective procurement process are financial, via upfront cost savings by procuring items, services, and contracts at the best price available. Effective procurement also ensures that projects are delivered to time and budget, with reduced exposure to commercial risk by way of a consistent and appropriate process, which aligns with HBRC procurement principals.

6. In September 2018 The Office of the Auditor General (OAG) and Ministry of Business Innovation and Employment (MBIE) made new recommendations for best practice in procurement.

7. Further, HBRC also commissioned an internal audit review in 2018 by Crowe Horwath to evaluate the existing policy and to make recommendations to align with current best practice guidelines. A revised HBRC Procurement Policy and supporting Operational Manual were approved and adopted by Council in June 2019.

8. The revised policy and manual are consistent with national procurement principles and guidelines and are compliant with relevant Government procurement rules. The Policy details what HBRC is required to do to meet national guidelines and the Manual details how to apply policy principles, to deliver the benefits of best practice procurement.

8.1. Key Audit findings from 2018 were that while the existing policy was fit for purpose, HBRC would benefit from a central Procurement and Contract resource

8.2. There was a lack of evidence to support procurement decisions (Procurement plans)

8.3. There are inconsistent templates and de-centralised systems for contract management, with inherent risk.

9. Contract register was incomplete and contained expired contracts.

Audit recommendations

10. Recommendation - Procurement structure should be centralised to ensure consistency in the application and training for best practice.

10.1. Response - A procurement hub has now been established as a central procurement management resource. ‘Contract Central’ was originally established for the Resource Management Group and then extended to other groups. It was confirmed by Council’s Sharepoint Administrators that Contract Central could not be migrated to match the new 2018 organisational structure (due to metadata editing), so the decision was made to archive that database and develop a new database reflecting the new structure - called the ‘Procurement Hub’. The new procurement hub provides resources to manage the whole procurement life cycle from planning to evaluation, rather than being just a contract register.

10.2. For an organisation of HBRC’s size and scale, MBIE informally recommended 1x procurement FTE to be at Executive Leadership Team level given the level of work likely to be involved and the requirement for that person to have sufficient stature within the organisation to drive results. This role was not budgeted for in the 2018-28 Long Term Plan, but it was proposed at the Finance Audit and Risk Sub-committee meeting in June 2018 to be explored in 2020, existing resource being utilised in the interim.

11. Recommendation - Regular reporting to the Executive team should include high value, high risk or complex procurement and notice of upcoming significant tenders.

11.1. Response – A template report has been available since from June 2019

12. Recommendation - A procurement planning template be included in the procurement manual

12.1. Response - Plan templates are included for simple and complex procurements

13. Recommendation - Training should be provided to staff engaged in procurement practice and contract management

13.1. Response - Training has been cascaded from the Hub to selected subject matter experts in each executive team member group. Each group will include (where relevant) training for existing staff and new staff as part of the induction process, on both a team and individual support basis.

14. Recommendation - Tools and templates should be implemented to ensure policies and procedures are followed.

14.1. Response - Procurement NZ, OAG and MBIE templates have been introduced as standard across all HB councils, currently being led by HBRC and HDC. These are detailed in the revised procurement manual. As part of the evaluation criteria for supplier selection HBRC will also give consideration to the benefits of sustainable purchasing, local supply and supplier adoption of the living wage as part of the selection process.

15. The 2019 revised Procurement Policy and Manual are published on the HBRC website and attached.

Progress and Reporting update

16. Since July 2018 Council’s Contract Central, ‘current’ contracts (655) have been cleansed group by group. The number of contracts has been reduced to 475, with expired or complete contracts archived.

17. From January through July 2019, development, building and testing of the Procurement Hub was undertaken.

18. The procurement hub was ‘soft launched’ in July 2019 and training is being cascaded by group (high volume first), with presentations by Hub staff, as an advice and guidance resource. To date, presentations have been made to the Executive Leadership Team, ICM, Corporate Services and Asset Management groups. Where required, 1:1 training is being provided as contracts are generated, ahead of presentations being made to the Strategy and Planning and the office of the Chief Executive.

Reporting

19. A presentation will be given at the meeting, of the overview of the Power BI dashboard and ‘live’ drill down of the 1 July 2019 – 31 December 2019 (six months) results.

20. Procurement reporting to FARS will include:

20.1. The number of contracts created in the reporting period

20.1.1. For the period 1 July- 31 December 2019 - 127 contracts were created

20.2. A breakdown of contracts issued by value in the reporting period, specifically those valued over $50,000

20.2.1. For the period 1 July- 31 December 2019 - 5 Contracts valued at $100k+, 3 contracts valued at $75k-$100k, and 3 contracts valued at $50-$75k were awarded

20.3. An analysis of the assessed risk for all contracts issued in the reporting period

20.3.1. For the period 1 July- 31 December 2019 - 88 contracts (69%) were assessed as being Low Risk, 36 contracts (28%) were assessed as being Medium Risk, and 3 contracts (3%) assessed as High Risk

20.4. Details of contracts awarded to local suppliers and those paying the living wage

20.4.1. For the period 1 July- 31 December 2019 – of the 11contracts with a value greater than $50,000 5 completed an RFP/RFQ process, 7 were awarded to local suppliers, and 4 confirmed living wage payments.

20.5. A list of significant or high value contracts due to expire in the next three months

20.5.1. There are no significant or high value contracts expiring in the next three months. There are 25 contracts expiring in the next three months that will be subject to post contract evaluation.

21. Procurement information is now available ‘live’ at organisation and group level utilising the Power BI Dashboard. Further levels of drill down detail are available at group, service and contract manager levels.

22. So far, on average, one contract is being generated across the organisation every day, with the contract being one part of a three stage (planning, sourcing and managing including evaluation) process.

23. A contract expiring triggers an automated evaluation process with the contract owner, collecting data on advisability of supplier future use based on timeliness, budget performance, meeting specification, health and safety performance, shared HBRC environmental vision, professionalism and any learnings from the project/contract delivery.

Next Steps

24. Procurement monitoring will continue to develop as an iterative process with the procurement team applying a continuous improvement ethos to meet organisational need.

25. The Procurement manager is seeking feedback from FARS regarding information it would be useful to incorporate into a regular reporting format.

26. Over the next six months there will be a review to increase the use of ‘All of Government’ contracts – which provides an opportunity for cost savings.

27. The development of an ongoing internal training and communications programme.

28. The design and implementation of an internal procurement audit programme.

29. Crowe Horwath (Findex) will be invited to check adherence, completeness and currency of the revised policy and manual in June 2020.

Decision Making Process

30. Staff have assessed the requirements of the Local Government Act 2002 in relation to this item and have concluded that, as this report is for information only, the decision making provisions do not apply.

Recommendation

That the Finance, Audit and Risk Sub-committee receives the “Procurement and Contract Management Update” staff report

Authored by:

Mark Heaney

Manager Client Services

Approved by:

Jessica Ellerm

Group Manager Corporate Services

Attachment/s

⇩1	HBRC Procurement Policy
⇩2	HBRC Procurement Manual

Policy document	Policy parameters	Compliance
Treasury Policy	Borrowing limits	Yes
	Funding risk control limits	Yes
	Liquidity buffer	Yes
	Interest rate risk control limits	Yes
	Treasury investment parameters	Yes
	Counterparty credit limits	Yes
SIPO	Asset allocations	No

⇩1	draft tracked changes Finance Audit and Risk Sub-committee Terms of Reference
⇩2	draft Clean Finance Audit and Risk Sub-committee Terms of Reference

⇩1	HBRC Business Continuance Plan
⇩2	Kestrel Group HBRC Business Continuity Management Review Report