MINUTES OF A meeting of the Finance Audit & Risk Sub-committee

 

 

Date:                          Wednesday 18 May 2016

Time:                          1.00 pm

Venue:

Council Chamber

Hawke's Bay Regional Council

159 Dalton Street

NAPIER

 

Present:                     D Hewitt - Chairman

R Barker

D Benham

C Scott

F Wilson

 

In Attendance:          E Lambert – Chief Executive

P Drury – Group Manager Corporate Services

L Hooper – Governance & Corporate Administration Manager

K Olsen – Information and Communications Technology Manager

J Palmer – Group Manager Strategic Development

M Adye – Group Manager Asset Management

T Kilkolly – Financial Accountant

I Maxwell – Group Manager Resource Management

M Collings – Corporate Accountant

 

 


1.       Welcome/Apologies/Notices

The Chairman welcomed everyone to the meeting, and advised that the agenda items would be considered out of order to accommodate speakers’ schedules.

 

2.       Conflict of Interest Declarations

There were no conflict of interest declarations.

 

3.       Confirmation of Minutes of the Finance Audit & Risk Sub-Committee Meeting Held on 11 February 2016

FIN5/16

Resolution

Minutes of the Finance Audit & Risk Sub-committee held on Thursday, 11 February 2016, a copy having been circulated prior to the meeting, were taken as read and confirmed as a true and correct record.

Scott/Wilson

CARRIED

 

4.       Matters Arising from Minutes of the Finance Audit & Risk Sub-Committee Meeting Held on 11 February 2016

In relation to the Audit Management Letter (item 6, pg 2) it was queried when the results of Mr Lucy’s investigation into a cited case of potential conflict of interest would be available. Mrs Lambert advised that this issue would be brought to the next (September) sub-committee meeting.

There were no further matters arising from the minutes.

 

5.

Follow-ups from Previous Finance Audit & Risk Sub-Committee Meetings

 

Mr Drury noted the follow-ups on the list have all been addressed.

FIN6/16

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the report “Follow-ups from Previous Finance Audit and Risk Sub-committee Meetings”.

Barker/Benham

CARRIED

 

10.

Infrastructure as a Service

 

Kahl Olsen, IT Manager, provided an overview of Council’s cyber security measures including firewalls, browser logs, a staff acceptable use policy, staff training and systems maintenance, upgrades and replacement programs.

Further information and discussions included:

·      virus protection, and the fact that HBRC systems have not experienced any malicious software intrusions

·      hardware or utility failure, cloud storage and back-up of data

·      HBRC moving to ‘cloud’ servers provided by Spark or Rivera who have servers in Wellington, Christchurch and Auckland

·      Council’s risk profile relating to cyber security and how that has changed over time

·      Mitigation or treatment options, i.e. infrastructure as a service, disaster recovery, anti-virus and firewall services, and staff education and policies; and how those could potentially lower Council’s residual cyber security risk.

It was suggested that this may be a presentation of interest at committee level, to ensure all councillors receive the same information.

FIN7/16

Resolution

That the Finance, Audit and Risk Sub-committee receives the verbal “Infrastructure as a Service and Cyber Security” report.

Scott/Wilson

CARRIED

 

12.

Internal Audit Report – Cyber Security

FIN8/16

Resolutions

1.     That the Sub-committee excludes the public from this section of the meeting, being Agenda Item 12 Internal Audit Report – Cyber Security with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being:

 

GENERAL SUBJECT OF THE ITEM TO BE CONSIDERED

REASON FOR PASSING THIS RESOLUTION

GROUNDS UNDER SECTION 48(1) FOR THE PASSING OF THE RESOLUTION

Internal Audit Report – Cyber Security

7(2)(b)(i) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to ensure a trade secret is not disclosed.

7(2)(j) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.

The Council is specified, in the First Schedule to this Act, as a body to which the Act applies.

 

 

2.      That John Dixon, PriceWaterhouse Coopers, and Kahl Olsen, HBRC Information and Communications Technology Manager, attend the public excluded part of the meeting to present the audit report on Cyber Security.

Barker/Wilson

CARRIED

 

13.

Proposed Council Insurance Programme for 2016-17

FIN9/16

Resolutions

1.      That the Sub-committee excludes the public from this section of the meeting, being Agenda Item 13 Proposed Council Insurance Programme for 2016-17 with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being:

 

 

 

 

 

GENERAL SUBJECT OF THE ITEM TO BE CONSIDERED

REASON FOR PASSING THIS RESOLUTION

GROUNDS UNDER SECTION 48(1) FOR THE PASSING OF THE RESOLUTION

Proposed Council Insurance Programme for 2016-17

7(2)(i) That the public conduct of this agenda item would be likely to result in the disclosure of information where the withholding of the information is necessary to enable the local authority holding the information to carry out, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).

The Council is specified, in the First Schedule to this Act, as a body to which the Act applies.

 

2.      That Matthew Meachen from Jardine Lloyd Thompson and Trudy Kilkolly, HBRC Financial Accountant, attend the public excluded section of this meeting to present the insurance matters information.

Barker/Benham

CARRIED

 

The meeting went into public excluded session at 1.50pm and out of public excluded session at 2.55pm

 

The meeting adjourned at 2.55pm and reconvened at 3.10pm

 

6.

Six Monthly Report on Risk Assessment and Management

 

Mrs Lambert introduced Jolene Townsend, who has been working with Council staff on updating the Risk Register. Discussions and queries traversed:

·      escalated level of risk for the External Relations Group, which includes reputational risks associated with councillor comments undermining approved council position and/or not complying with the provisions of the agreed Code of Conduct, misreporting of issues by media, and breakdown of stakeholder relationships

·      co-governance of natural resources risks relate to both councillors and Council staff with relationships being key

·      whether PC6 without RWSS should be included as a risk to NPSFM implementation, however generally agreed through discussion that RWSS risks justify it being its own Risk

·      The risk of council divisions working in silos isolated from other divisions was raised, with the gravel renourishment requirement for RWSS consents cited as an example.

·      Executive Team will think about risks around PC6 implementation

FIN10/16

Resolutions

That the Finance Audit and Risk Subcommittee:

1.      Considers and receives the “HBRC Risk Assessment and Management Report”.

2.      Advises staff of specific risks where it believes the current level of risk is unacceptable to Council, and requests that staff report back to the Sub-committee in six months time with options and associated resources required to modify the risk profile.

The Finance Audit and Risk Sub-committee recommends that the Corporate and Strategic Committee:

3.      Agrees the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that Council can exercise its discretion and make decisions on this issue without conferring directly with the community.

4.      Confirms the Sub-committee’s confidence that the risk assessment process outlined in the HBRC Risk Assessment and Management Report is an appropriate process to identify and assess organisational risks.

Scott/Wilson

CARRIED

 

8.

Business Continuity and Disaster Recovery Plan Progress Update

 

Ms Jolene Townsend outlined the ongoing work to further develop Council’s Business Continuance Plan in accordance with the internal audit recommendations from PWC, including developing a BCP staff policy and running simulation exercises for staff.

FIN11/16

Resolution

That the Finance, Audit & Risk Subcommittee receives and notes the progress report on the updating of Council’s Business Continuity & Disaster Recovery Plan”.

Scott/Benham

CARRIED

 

7.

Fraud Policy

 

Mr Drury introduced the item, advising that Audit reviews the policy annually and PWC has also reviewed it.

FIN12/16

Resolution

That the Finance, Audit and Risk Subcommittee receives and notes the “Fraud Policy” report as reviewed and previously adopted by Council.

Scott/Barker

CARRIED

 

9.

HBRC Staff Conflict of Interest Policy

 

Mrs Lambert advised that this Policy, originally considered at the November sub-committee meeting, has been reviewed by the Executive Management Team and sought feedback on whether there is anything the committee wishes to have added to the Policy.

FIN13/16

Resolution

That the Finance, Audit and Risk Sub-committee receives and considers the “Conflicts of Interest Staff Policy” report.

Barker/Wilson

CARRIED

 

11.

2016 Sub-committee Work Programme

 

Mr Drury introduced the item, and members were asked to provide feedback on how the committee is functioning, meeting frequency, etc. Feedback included:

·      expertise available to provide information (Auditor) at meetings to assist has been worthwhile

·      meeting frequency and workload seem okay

·      seems to mostly be about Audit and Risk, with less emphasis on Financial matters

FIN14/16

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the “Sub-committee Work Programme” report.

Wilson/Benham

CARRIED

 

Closure:

There being no further business the Chairman declared the meeting closed at 4.32pm on Wednesday 18 May 2016.

Signed as a true and correct record.

 

 

 

DATE: ................................................               CHAIRMAN: ...............................................