Meeting of the Finance Audit & Risk Sub-committee
Date: Monday 9 November 2015
Time: 1.00pm
Venue: |
Council Chamber Hawke's Bay Regional Council 159 Dalton Street NAPIER |
Agenda
Item Subject Page
1. Welcome/Notices/Apologies
2. Conflict of Interest Declarations
3. Confirmation of Minutes of the Finance Audit & Risk Sub-committee held on 22 September 2015
4. Matters Arising from Minutes of the Finance Audit & Risk Sub-committee held on 22 September 2015
5. Follow-ups from Previous Finance Audit & Risk Sub-committee meetings 3
Decision Items
6. Charter for the Finance Audit & Risk Sub-committee 9
7. Costings, Scope and Priorities for Internal Audits 15
Information or Performance Monitoring
8. Risk Assessment and Management 35
9. Council Insurance Programme (1.45pm) 45
10. Work Programme Going Forward 47
Decision Items (Public Excluded)
11. Independent Member 49
Finance Audit & Risk Sub-committee
Monday 09 November 2015
SUBJECT: Follow-ups from Previous Finance Audit & Risk Sub-committee meetings
Reason for Report
1. In order to track items raised at previous meetings that require follow-up, a list of outstanding items is prepared for each meeting. All follow-up items indicate who is responsible for each, when it is expected to be completed and a brief status comment. Once the items have been completed and reported to the Committee they will be removed from the list.
Decision Making Process
2. Council is required to make a decision in accordance with Part 6 Sub-Part 1, of the Local Government Act 2002 (the Act). Staff have assessed the requirements contained within this section of the Act in relation to this item and have concluded that as this report is for information only and no decision is required in terms of the Local Government Act’s provisions, the decision making procedures set out in the Act do not apply.
1. That the Committee receives the report “Follow-ups from Previous Finance Audit and Risk Sub-committee Meetings”.
|
Liz Lambert Chief Executive |
|
Follow-ups from Previous Meetings |
|
|
Follow-ups from Previous Meetings |
Attachment 1 |
Follow-ups from Finance, Audit & Risk Sub-committee Meetings
22 September 2015
|
Agenda Item |
Follow-up / Request |
Person Responsible |
Status Comment |
1 |
Follow-ups |
Costs of the SLW legal opinion and meeting attendance in relation to Members’ Liability at 3 June FA&R meeting |
P Drury |
Costs were: $1972.25 including GST |
2 |
Annual Report Audit |
Discuss Port financial reporting to 30 June being included in HBRC/HBRIC Ltd year end financial reports if practicable |
L Lambert/ P Drury |
A meeting has been held between HBRIC Ltd management and the new CFO at Napier Port regarding a change to the Ports financial reporting period from 31 March to 30 June for incorporation into the HBRIC Ltd/HBRC year end financial reports. Initial indications from the Port were positive with the Port to discuss an indicative timeline with its auditors to ensure it is able to meet the HBRIC Ltd/HBRC reporting timelines. |
3 |
Risk Management |
Further development of IT related risks around security, including risks to reputation related to Councillors/ Directors document/ information management on personal devices/ computers |
K Olsen / |
Currently all systems and council-owned devices are password protected and only those staff with appropriate credentials can access relevant systems. Access to systems from personal (non-Council owned) such as email and remote access (Citrix) also requires authentication that adhere with strict password policies. |
4 |
Internal Audit / Work programme |
Attach Audit Universe and list of suggested internal audits to sub-committee work programme and seek cost estimates for those prioritised |
P Drury |
Agenda item for consideration at 9 November meeting |
5 |
Internal Audit |
Managing conflicts of interest for HBRC staff |
P Drury |
Executive complete a ‘related party transaction declaration’ each year and will also complete a ‘conflict of interest declaration’. HBRC also has a staff policy covering conflicts of interest. Copy attached following. |
3 June 2015
|
Agenda Item |
Follow-up / Request |
Person Responsible |
Status Comment |
6 |
Role and Functions of the Finance, Audit & Risk Sub-Committee |
Draft a Charter for consideration at the 22 September FA&R meeting Clarification of requirements and examples provided to enable draft to be prepared for 9 November meeting |
L Lambert |
Draft for consideration at 9 November sub-committee meeting. Attached as separate agenda item. |
Ref follow-up 5
Staff Policy |
|||
TITLE: |
Conflict of Interest |
||
STAFF POLICY NO: |
SP028 |
||
POLICY FIRST INTRODUCED: |
November 2013 |
DATE POLICY LAST REVIEWED: |
|
PERSON RESPONSIBLE FOR REVIEWING POLICY: |
Human Resources Manager |
NEXT REVIEW DUE: |
November 2015 |
Rationale |
This policy is created to avoid or successfully manage conflicts of interest occurring and to clarify the circumstances where activities, including secondary employment would be incompatible with employment at the Council. Council employees can have a number of professional and personal interests and roles. Conflicts of interest sometimes cannot be avoided but they need not cause problems when promptly disclosed and well managed. This policy has been developed to provide guidance and rules surrounding disclosing actual, potential and perceived conflicts of interest. What is a Conflict of Interest? · An employee has a conflict of interest if their official duties or responsibilities to Council could be affected or compromised by some other interest or duty that the employee may have. · The other interest or duty might be: - The employee’s own financial or business affairs. - A relationship [family or otherwise] or other role the employee has; or - A stated opinion or view held by the employee. · The question to keep in mind is “might the employee’s other interest create an incentive for them to act in a way that may not support the goals or objectives of Council”? |
Policy |
1. Employees may undertake activities, including other employment, provided that: 1.1. The employee has informed their Group Manager of the employment/activity; and 1.2. Such employment/activity does not cause a conflict of interest or potential for a perceived conflict of interest with the employee’s or Hawke’s Bay Regional Council’s roles and responsibilities; and 1.3. Such employment/activity does not involve the use of Hawke’s Bay Regional Council materials or plant, unless prior written approval has been obtained from the employee’s Group Manager. 2. Employees must inform their manager of any situation where there is any potential for a conflict of interest. In such circumstances the interests of Council, as primary employer will take priority, and an employee will not become involved in the other activity unless and until prior written approval has been obtained from their Group Manager. Written approval will only be granted if measures are taken such that any conflict of interest is avoided. 3. Where, during any activity [including secondary employment] a conflict of interest arises, an employee must report this immediately to their manager and withdraw from any involvement in the activity unless advised otherwise. 4. All employees are expected to disclose all actual, potential or perceived conflicts of interest they have. Employees should err on the side of caution in deciding whether to make a disclosure. If they are unsure whether there is a conflict, they should discuss the matter with their manager. 5. Disclosure should be made to their manager at the earliest possible opportunity after the conflict arises. If required by the manager, the disclosure must be in writing. 6. The manager, if the conflict is particularly sensitive or serious, must involve their manager and the Human Resources Manager. The manager must undertake an assessment of the conflict to determine if it warrants intervention. 7. The assessment will take into account factors such as: 7.1. The type and size of the employee’s other interest; 7.2. The nature or significance of the particular decision or activity being carried out by Council; 7.3. The extent to which the employee’s other interest could specifically affect, or be affected by Council’s decision or activity; and 7.4. The nature or extent of the employee’s current or intended involvement in Council’s decision or activity. 8. The manager will decide whether any changes to the employee’s role or any other measures are required to manage the conflict. The manager will report this decision, in writing, to their manager and the Manager Human Resources. 9. The types of changes or other measures that may be appropriate in particular circumstances could involve: 9.1. Seeking consent of all affected parties or an exemption to the involvement of the employee; 9.2. Imposing additional oversight or review over the employee; 9.3. Withdrawing from discussion or decision-making on a particular issue; 9.4. Exclusion from a committee or working group dealing with the issue; 9.5. Withholding certain confidential information or placing restrictions on access to information; 9.6. Transferring the employee [temporarily or permanently] to another position or project; 9.7. Relinquishing the private interest; 9.8. Resignation or dismissal from one or other position or entity. 10. The manager will inform the employee, in writing, of the changes or measures to be put in place and will monitor and review these changes or measures. The manager will report, in writing, on the monitoring and review to their manager and to the manager Human Resources. 11. If the conflict does not justify taking any action because it is too indirect or insignificant, the manager will record the disclosure and assessment and the decision to take no further action. 12. This policy is breached if an employee has a conflict of interest and knowingly withholds disclosure. A breach of this policy may give rise to disciplinary action. 13. Employees may not be involved in: 13.1. The decision to appoint or employ a person with whom the employee has a personal connection [familial or otherwise]; 13.2. The decision to conduct business with a person whom the employee has a personal connection [familial or otherwise]; 13.3. Influencing or participating in a decision to award grants or contracts where the employee is connected to a person or organisation that submitted an application or tender; 13.4. Influencing or participating in regulatory decisions [such as to grant a consent, certificate or license] where the employee is connected to the applicant or a person who opposes the application; 13.5. Investigating a complaint where the employee has a personal connection [familial or otherwise] with either the complainant or the person or entity complained about; 13.6. Influencing or participating in any Enforcement Decision Group process where the employee has a personal connection [familial or otherwise] with either the complainant or the person or entity complained about. 14. Employees may not be involved with the following activities unless they have the consent of their manager: 14.1. Owning shares in or working for organisations that have dealings with Council; 14.2. Making public submissions to Council in a private capacity; 15. This policy is breached if an employee has a conflict of interest and knowingly becomes involved or continues to be involved in a limited activity without consent of their manager. A breach of this policy may give rise to disciplinary action. 16. For the avoidance of doubt, this policy does not preclude an employee from participating in democratic processes such as submitting on resource consent or a council proposal that directly affects them. However, they should make it clear that they are making such a submission as a private citizen. It is recommended that staff obtain advice from their manager before making such a submission. 17. Gifts of cash prohibited (See policy SPO18 Offer of gifts or winning prizes) 18. Disclosure of gifts (See policy SPO18 Offer of gifts or winning prizes) 19. Acceptance of gifts (See policy SPO18 Offer of gifts or winning prizes) |
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Charter for the Finance Audit & Risk Sub-committee
Reason for Report
1. The Finance, Audit and Risk sub-committee has requested that a charter be prepared to address the committee's objectives, authority and responsibilities, composition, and how and when meetings will be held.
2. A Draft Charter is attached for the sub-committee’s consideration.
Decision Making Process
3. Council is required to make a decision in accordance with the requirements of the Local Government Act 2002 (the Act). Staff have assessed the requirements contained in Part 6 Sub Part 1 of the Act in relation to this item and have concluded the following:
3.1. The decision does not significantly alter the service provision or affect a strategic asset.
3.2. The use of the special consultative procedure is not prescribed by legislation.
3.3. The decision does not fall within the definition of Council’s policy on significance.
3.4. The decision is not inconsistent with an existing policy or plan.
3.5. Given the nature and significance of the issue to be considered and decided, and also the persons likely to be affected by, or have an interest in the decisions made, Council can exercise its discretion and make a decision without consulting directly with the community or others having an interest in the decision.
The Finance Audit & Risk Sub-committee recommends that the Corporate & Strategic Committee: 1. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted policy on significance and that Council can exercise its discretion under Sections 79(1)(a) and 82(3) of the Local Government Act 2002 and make decisions on this issue without conferring directly with the community and persons likely to be affected by or to have an interest in the decision due to the nature and significance of the issue to be considered and decided. 2. Approves the Charter, as amended at today’s meeting, for the Finance Audit & Risk Sub-committee. |
Liz Lambert Chief Executive |
|
Draft Finance Audit & Risk Sub-committee Charter |
|
|
Draft Finance Audit & Risk Sub-committee Charter |
Attachment 1 |
SUB-COMMITTEE CHARTER
INTRODUCTION
The Finance, Audit and Risk Sub-committee is a committee established by resolution of the Hawke’s Bay Regional Council. It makes recommendations to the Corporate and Strategic Committee which, in turn, reports to Council.
OBJECTIVES
The objective of the Finance, Audit and Risk Sub-committee is to assist the Council to fulfil its responsibilities in relation to:
· The robustness of risk management systems, processes and practices;
· The provision of appropriate controls to safeguard the Council’s financial and non-financial assets, the integrity of internal and external reporting and accountability arrangements
· The independence and adequacy of internal and external audit functions
· Compliance with applicable laws, regulations, standards and best practice guidelines.
· The review of Council’s expenditure policies and the effectiveness of those policies.
COMPOSITION
Members of the Finance, Audit and Risk sub-committee shall comprise four members of Council and an external appointee.
The Chairman shall be a member of the sub-committee as elected by the Council.
A quorum shall be not less than three councillor members.
RESPONSIBILITIES AND DUTIES
In order to meet its objective the responsibilities and duties of the Sub-committee on behalf of the Council will include the following.
Risk Management
· Reviewing the principal risks contained in the risk profile for Council on a twice-yearly basis
· Ensuring that management has established a risk management framework which includes policies and procedures to effectively identify, manage and monitor principal business risks
· At least annually assess the effectiveness of the implementation of the risk management system
· Monitoring compliance with the risk management framework
External and Internal Reporting
· Reviewing, and challenging where necessary, the actions and judgements of management in relation to Council’s financial statements, operating and financial reviews and related formal statements, before submission to Council and clearance by the external auditors
· Providing advice to Council regarding the financial statements (including whether appropriate action has been taken in response to audit recommendations and adjustments) and recommending their adoption by the Council
· Satisfying itself that the financial statements are supported by appropriate management sign-off on the statements and on the adequacy of the systems of internal controls
· Reviewing the processes in place to ensure that the financial information included in the Annual Report, including the statement of service performance, is consistent with the signed financial statements
External and Internal Audit functions
· Overseeing Council’s relationship with the external auditor
· Approving the terms of engagement and the remuneration to be paid to the external auditor in respect of audit services provided
· Discussing with the external auditor, before the audit commences, the nature and scope of the audit
· Reviewing reports from the auditors on any material findings in accounting and internal control systems that come to the auditors’ attention
· Ensuring that recommendations in audit management reports are considered and, if appropriate, actioned by management
· Reviewing the objectives and scope of the internal audit function
· Ensuring those objectives are aligned with Council’s overall risk management framework
· Reviewing significant matters reported by the internal audit function and how management is responding to them
· Assessing the performance of the internal audit function
· Ensuring that the function is adequately resourced and has appropriate authority and standing within Council
Legislative Compliance
· Determining whether management has appropriately considered legal and compliance risks as part of Council’s risk assessment and management arrangements
· Reviewing the effectiveness of the system for monitoring Council’s compliance with relevant laws, regulations and associated government policies
Expenditure policies
· Reviewing whether management’s approach to maintaining effective expenditure policies, including over external parties such as contractors and consultants, is sound and effective
· Reviewing whether management has in place relevant policies and procedures and that these are periodically reviewed and updated
· Determining whether the appropriate procedures are in place to assess, at least once a year, whether expenditure policies and procedures are complied with.
MEMBERS’ POWER AND AUTHORITY
The Finance, Audit and Risk sub-committee has the authority of Council to:
· Obtain external legal or independent professional advice in the satisfaction of its responsibilities and duties
· Secure the attendance at meetings of third parties with relevant experience and expertise as appropriate
Management is responsible for:
· The preparation, presentation and integrity of the financial statements
· Implementing and maintaining appropriate accounting and financial reporting principles and policies and internal controls and procedures that ensure compliance with accounting standards and relevant regulations
· The risk management framework and compliance with policies and regulations
REVIEW
The sub-committee shall undertake an annual self-review of the Charter and of its Terms of Reference. The Charter and terms of reference shall also be reviewed by Council.
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Costings, Scope and Priorities for Internal Audits
Reason for Report
1. To provide details from Pricewaterhouse Coopers (PWC) of the terms of reference and the costs of undertaking internal audit assignments during the current financial year.
Background
2. At its meeting on 22 September 2015 the Subcommittee discussed the internal audit assignments proposed to be undertaken by PWC for the 2015-16 financial year.
3. The areas of internal audit that the Subcommittee required terms of reference and costings for from PWC were as follows:
3.1. Business continuity and disaster recovery plan.
3.2. Stakeholder relationship management.
3.3. Fraud prevention and detection review (includes conflicts of interest).
4. Further areas were discussed that may require the attention of an internal audit in future years, these included:
4.1. Conflicts of interest both general and procurement.
4.2. Cyber security risk.
4.3. Information Communication Technology (ICT) general computer control.
4.4. Rating system
4.5. Health and safety.
5. John Nixon, Partner, PWC will be in attendance at the meeting to present the terms of reference and provide any clarification required.
Information supplied by Pricewaterhouse Coopers
6. Appended to this paper as Attachment 1 are the terms of reference and estimated costs for these audits as follows:
Audit |
$ (excl GST and Disbursements) |
Business Continuity and Disaster Recovery Planning |
$10,500 – $12,500 |
Stakeholder Relationship Management |
$5,000 to $ 6,500 |
Fraud Prevention and Detection Review |
$9,500 - $11,500 |
Total |
$25,000 to $30,500 |
Financial Provision in the Budget
7. The 2015-16 Annual Plan included a sum of $25,000 set aside for the cost of operating the Finance Audit and Risk Committee including the internal audit assignments to be undertaken. It is proposed that an appointment be made of an independent member to this Subcommittee and the cost of that appointment for a six month period (if the appointment is made at this Subcommittee meeting) would be $4,000 for the remainder of this financial year.
8. The funding therefore available for internal audit exercises is $21,000.
Decision Making Process
9. Council is required to make a decision in accordance with the requirements of the Local Government Act 2002 (the Act). Staff have assessed the requirements contained in Part 6 Sub Part 1 of the Act in relation to this item and have concluded the following:
9.1. The decision does not significantly alter the service provision or affect a strategic asset.
9.2. The use of the special consultative procedure is not prescribed by legislation.
9.3. The decision does not fall within the definition of Council’s policy on significance and engagement.
9.4. There are no persons affected by this decision.
9.5. Council has the option to approve all three of the internal audit exercises (which would mean the financial provision would be overspent by up to $9,000 plus cost disbursements or to approve two of the three proposed audits and defer one to the 2016-17 year.
9.6. The decision is not inconsistent with an existing policy or plan.
9.7. Given the nature and significance of the issue to be considered and decided, and also the persons likely to be affected by, or have an interest in the decisions made, Council can exercise its discretion and make a decision without consulting directly with the community or others having an interest in the decision.
The Finance, Audit and Risk Subcommittee recommends that the Corporate and Strategic Committee: 1. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted policy on significance and that Council can exercise its discretion under Sections 79(1)(a) and 82(3) of the Local Government Act 2002 and make decisions on this issue without conferring directly with the community and persons likely to be affected by or to have an interest in the decision. 2. Agrees that two of the following three internal audits be carried out during the current financial year (2015-16) with the remaining internal audit being carried out during the 2016-17 financial year: 2.1 Business continuity and disaster recovery plan. 2.2 Stakeholder relationship management. 2.3 Fraud prevention and detection review (includes conflicts of interest). 3. Notes that the cost of the two audits to be carried out in 2015-16 will be funded from the financial provisions set aside for such audits in the Annual Plan. |
Paul Drury Group Manager |
Liz Lambert Chief Executive |
Business Continuance Internal Audit Proposal |
|
|
|
Fraud Prevention Internal Audit Proposal |
|
|
|
Stakeholder Relations Internal Audit Proposal |
|
|
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Risk Assessment and Management
Reason for Report
1. To provide clarification on the roles of governance and management in relation to risk management and to address areas of appropriate delegations.
Comment
2. At the last Subcommittee meeting on 22 September 2015, during the discussion on the paper covering Hawke’s Bay Regional Council (HBRC) risk management as shown by the “Quantate” risk model, Councillors requested that clarification be provided on the difference between governance and management responsibility in relation to risk. John Dixon from Pricewaterhouse Coopers (PWC) was in attendance at that meeting and gave some useful insights to the different levels of decision making.
3. John offered to report back to this meeting on the difference between the roles of governance and management, and his report addressing these issues is appended as Attachment 1.
Decision Making Process
4. Council is required to make a decision in accordance with Part 6 Sub-Part 1, of the Local Government Act 2002 (the Act). Staff have assessed the requirements contained within this section of the Act in relation to this item and have concluded that, as this report is for information only and no decision is to be made, the decision making provisions of the Local Government Act 2002 do not apply.
1. That the Finance, Audit and Risk Subcommittee receives the attached paper “Risk Assessment and Management” from John Dixon, Pricewaterhouse Coopers. |
Mike Adye Group Manager |
Paul Drury Group Manager |
PWC Risk Management Report |
|
|
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Council Insurance Programme
Reason for Report
1. To provide information to Councillors on the types of cover that Council has in place for the 2015-16 financial year, the level of cover provided by these policies and any excess that applies.
Comment
2. All Council insurance is placed through Jardine Lloyd Thompson (JLT) as brokers with the exception of infrastructure insurance. The decision as to which brokers were awarded what insurance business was subject to a competitive process carried out by the Hawke’s Bay LASS.
3. Infrastructure insurance was placed through Aon following their detailed assessment of risk in conjunction with the HBRC engineering team, and the consideration by Council of quotes from alternative suppliers including JLT and LAPP.
4. In attendance at this meeting will be Matt Meacham, Account Manager for JLT, and representing Aon brokers will be Sam Ketley, Associate Director and Ashley MacDonald, Aon Regional Manager, Hawke’s Bay.
5. The presentations given by these broker representatives will afford the Subcommittee members the opportunity to more fully understand the insurance policies currently covering Council’s exposures and will enable any Subcommittee member to seek clarification on any policy issues.
Decision Making Process
6. Council is required to make a decision in accordance with Part 6 Sub-Part 1, of the Local Government Act 2002 (the Act). Staff have assessed the requirements contained within this section of the Act in relation to this item and have concluded that, as this report is for information only and no decision is to be made, the decision making provisions of the Local Government Act 2002 do not apply.
1. That the Finance Audit & Risk Subcommittee receives the Council Insurance Programme report and presentations provide by Jardine Lloyd Thompson and Aon as Council appointed insurance brokers. |
Mike Adye Group Manager |
Paul Drury Group Manager |
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Work Programme Going Forward
Reason for Report
1. In order to ensure the sub-committee’s ability to effectively and efficiently fulfill its role and responsibilities, an overall suggested work programme is provided following.
Internal Audits |
· Business continuity and disaster recovery (from risk register) · Stakeholder communications and relationship management – processes, policies and procedures around (from risk register) · Fraud prevention and detection (from risk register) · Conflicts of interest – capturing and managing (general, procurement) · Cyber security · IT general computer systems control · Rating system – processes involved in striking the rate · H&S compliance with policies and procedures · Interests register for staff – has been initiated with Executive team · Stakeholder relationship management and risks in relation to elected representatives, and how such an audit might be conducted · Add resilience and reduction to disaster recovery · Staff development and succession planning · Future proofing IT systems |
Risk Assessment & Management |
· Routine (6 monthly) reporting on risks to the FA&R Sub-committee · Review previous 6-month Risk Assessment to note changes / improvements / areas that require attention · Sub-committee carry out detailed review of individual Group’s Risk Management (as part of the programmed reviews of Groups) |
Annual Report |
· Adoption of Audit report 20 September for recommendation to Council |
Decision Making Process
2. As this report is for information only and no decision is to be made, the decision making provisions of the Local Government Act 2002 do not apply.
1. That the Finance, Audit and Risk Sub-committee receives and considers the “Work Programme Going Forward” report. |
Paul Drury Group Manager |
|
Finance Audit & Risk Sub-committee
Monday 09 November 2015
Subject: Independent Member
That Council excludes the public from this section of the meeting, being Agenda Item 11 Independent Member with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being as follows:
GENERAL SUBJECT OF THE ITEM TO BE CONSIDERED |
REASON FOR PASSING THIS RESOLUTION |
GROUNDS UNDER SECTION 48(1) FOR THE PASSING OF THE RESOLUTION |
Independent Member |
7(2)(a) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to protect the privacy of natural persons. |
The Council is specified, in the First Schedule to this Act, as a body to which the Act applies. |
Liz Lambert Chief Executive |
|