MINUTES OF A meeting of the Finance Audit & Risk Sub-committee
Date: Wednesday 18 May 2016
Time: 1.00 pm
Venue: |
Council Chamber Hawke's Bay Regional Council 159 Dalton Street NAPIER |
R Barker
D Benham
C Scott
F Wilson
In Attendance: E Lambert – Chief Executive
P Drury – Group Manager Corporate Services
L Hooper – Governance & Corporate Administration Manager
K Olsen – Information and Communications Technology Manager
J Palmer – Group Manager Strategic Development
M Adye – Group Manager Asset Management
T Kilkolly – Financial Accountant
I Maxwell – Group Manager Resource Management
M Collings – Corporate Accountant
The Chairman welcomed everyone to the meeting, and advised that the agenda items would be considered out of order to accommodate speakers’ schedules.
2. Conflict of Interest Declarations
There were no conflict of interest declarations.
3. Confirmation of Minutes of the Finance Audit & Risk Sub-Committee Meeting Held on 11 February 2016
Minutes of the Finance Audit & Risk Sub-committee held on Thursday, 11 February 2016, a copy having been circulated prior to the meeting, were taken as read and confirmed as a true and correct record. CARRIED |
4. Matters Arising from Minutes of the Finance Audit & Risk Sub-Committee Meeting Held on 11 February 2016
In relation to the Audit Management Letter (item 6, pg 2) it was queried when the results of Mr Lucy’s investigation into a cited case of potential conflict of interest would be available. Mrs Lambert advised that this issue would be brought to the next (September) sub-committee meeting.
There were no further matters arising from the minutes.
Follow-ups from Previous Finance Audit & Risk Sub-Committee Meetings |
|
|
Mr Drury noted the follow-ups on the list have all been addressed. |
That the Finance, Audit and Risk Sub-committee receives and notes the report “Follow-ups from Previous Finance Audit and Risk Sub-committee Meetings”. CARRIED |
Infrastructure as a Service |
|
|
Kahl Olsen, IT Manager, provided an overview of Council’s cyber security measures including firewalls, browser logs, a staff acceptable use policy, staff training and systems maintenance, upgrades and replacement programs. Further information and discussions included: · virus protection, and the fact that HBRC systems have not experienced any malicious software intrusions · hardware or utility failure, cloud storage and back-up of data · HBRC moving to ‘cloud’ servers provided by Spark or Rivera who have servers in Wellington, Christchurch and Auckland · Council’s risk profile relating to cyber security and how that has changed over time · Mitigation or treatment options, i.e. infrastructure as a service, disaster recovery, anti-virus and firewall services, and staff education and policies; and how those could potentially lower Council’s residual cyber security risk. It was suggested that this may be a presentation of interest at committee level, to ensure all councillors receive the same information. |
That the Finance, Audit and Risk Sub-committee receives the verbal “Infrastructure as a Service and Cyber Security” report. CARRIED |
Internal Audit Report – Cyber Security |
|||||||
1. That the Sub-committee excludes the public from this section of the meeting, being Agenda Item 12 Internal Audit Report – Cyber Security with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being:
2. That John Dixon, PriceWaterhouse Coopers, and Kahl Olsen, HBRC Information and Communications Technology Manager, attend the public excluded part of the meeting to present the audit report on Cyber Security. CARRIED |
Proposed Council Insurance Programme for 2016-17 |
|||||||
1. That the Sub-committee excludes the public from this section of the meeting, being Agenda Item 13 Proposed Council Insurance Programme for 2016-17 with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being:
2. That Matthew Meachen from Jardine Lloyd Thompson and Trudy Kilkolly, HBRC Financial Accountant, attend the public excluded section of this meeting to present the insurance matters information. CARRIED |
The meeting went into public excluded session at 1.50pm and out of public excluded session at 2.55pm
The meeting adjourned at 2.55pm and reconvened at 3.10pm
Six Monthly Report on Risk Assessment and Management |
|
|
Mrs Lambert introduced Jolene Townsend, who has been working with Council staff on updating the Risk Register. Discussions and queries traversed: · escalated level of risk for the External Relations Group, which includes reputational risks associated with councillor comments undermining approved council position and/or not complying with the provisions of the agreed Code of Conduct, misreporting of issues by media, and breakdown of stakeholder relationships · co-governance of natural resources risks relate to both councillors and Council staff with relationships being key · whether PC6 without RWSS should be included as a risk to NPSFM implementation, however generally agreed through discussion that RWSS risks justify it being its own Risk · The risk of council divisions working in silos isolated from other divisions was raised, with the gravel renourishment requirement for RWSS consents cited as an example. · Executive Team will think about risks around PC6 implementation |
That the Finance Audit and Risk Subcommittee: 1. Considers and receives the “HBRC Risk Assessment and Management Report”. 2. Advises staff of specific risks where it believes the current level of risk is unacceptable to Council, and requests that staff report back to the Sub-committee in six months time with options and associated resources required to modify the risk profile. The Finance Audit and Risk Sub-committee recommends that the Corporate and Strategic Committee: 3. Agrees the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that Council can exercise its discretion and make decisions on this issue without conferring directly with the community. 4. Confirms the Sub-committee’s confidence that the risk assessment process outlined in the HBRC Risk Assessment and Management Report is an appropriate process to identify and assess organisational risks. CARRIED |
Business Continuity and Disaster Recovery Plan Progress Update |
|
|
Ms Jolene Townsend outlined the ongoing work to further develop Council’s Business Continuance Plan in accordance with the internal audit recommendations from PWC, including developing a BCP staff policy and running simulation exercises for staff. |
That the Finance, Audit & Risk Subcommittee receives and notes the progress report on the updating of Council’s “Business Continuity & Disaster Recovery Plan”. CARRIED |
Fraud Policy |
|
|
Mr Drury introduced the item, advising that Audit reviews the policy annually and PWC has also reviewed it. |
That the Finance, Audit and Risk Subcommittee receives and notes the “Fraud Policy” report as reviewed and previously adopted by Council. CARRIED |
HBRC Staff Conflict of Interest Policy |
|
|
Mrs Lambert advised that this Policy, originally considered at the November sub-committee meeting, has been reviewed by the Executive Management Team and sought feedback on whether there is anything the committee wishes to have added to the Policy. |
That the Finance, Audit and Risk Sub-committee receives and considers the “Conflicts of Interest Staff Policy” report. CARRIED |
2016 Sub-committee Work Programme |
|
|
Mr Drury introduced the item, and members were asked to provide feedback on how the committee is functioning, meeting frequency, etc. Feedback included: · expertise available to provide information (Auditor) at meetings to assist has been worthwhile · meeting frequency and workload seem okay · seems to mostly be about Audit and Risk, with less emphasis on Financial matters |
That the Finance, Audit and Risk Sub-committee receives and notes the “Sub-committee Work Programme” report. CARRIED |
Closure:
There being no further business the Chairman declared the meeting closed at 4.32pm on Wednesday 18 May 2016.
Signed as a true and correct record.
DATE: ................................................ CHAIRMAN: ...............................................