Agenda of Finance Audit & Risk Sub-committee

Meeting of the Finance Audit & Risk Sub-committee

Date: Wednesday 19 September 2018

Time: 9.00am

Venue:

Council Chamber

Hawke's Bay Regional Council

159 Dalton Street

NAPIER

Agenda

Item Subject Page

1. Welcome/Notices/Apologies

2. Conflict of Interest Declarations

3. Confirmation of Minutes of the Finance Audit & Risk Sub-committee held on 6 June 2018

4. Follow-ups from Previous Finance Audit & Risk Sub-committee Meetings 3

Decision Items

5. Six Monthly Report on Risk Assessment and Management 7

Information or Performance Monitoring

6. Verbal Update on the Process to Appoint an Independent Member of the Sub-committee

7. Internal Audit Update 15

8. Treasury Reporting 17

9. Resource Management Information System Implementation Update 19

10. Annual Report Update 21

11. September 2018 Update on the Sub-committee Work Programme 23

Decision Items (Public Excluded)

12. Confirmation of the Public Excluded Minutes of the Finance, Audit and Risk Sub-committee meeting held on 6 June 2018 25

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 19 September 2018

Subject: Six Monthly Report on Risk Assessment and Management

Reason for Report

1. To provide the Sub-committee with the six monthly review of the risks that Council is exposed to and the mitigation actions in place to manage Council’s risk profile.

Background

2. The Sub-committee last considered the risk management report at its meeting held 7 March 2018.

3. Following on from a series of risk management workshops held in July/August and executive interrogation of findings, high consequence risks and upwards trending risks, attached is the latest risk management update for Councillors review.

4. At the previous meeting, Councillors requested clearer indication of any updates to the risks, plus a consolidation of risks within the register.

5. Key changes to the register are listed/tabled below, along with a proposed update of increased capacity and focus in risk management process going forward.

6. These changes are in addition to reassessment of current practices and treatment options which have also been updated in the register. Risk descriptors have also been updated to better reflect the actual risk to Council.

Key Changes

7. Risk owners have been altered to reflect reorganisation and creation of new roles as follows.

Risk	Previous Risk Owner	New Risk Owner
Health & Safety of Staff and Public	Human Resources Manager	Group Manager - OCEC
Disruption to Business Continuity	Group Manager – Corporate Services	Group Manager - OCEC
Co-Governance of Natural Resources	Group Manager – External Relations	Te Pou Whakarae
Failure to Meet Unrealistic Public Expectations	Group Manager – Strategic Planning	Group Manager - OCEC
Ability for Council to Deliver on Planned Projects	Group Manager – Corporate Services	Group Manager – Strategic Planning
Ability to Retain and Attract Appropriately Skilled Staff	Human Resources Manager	Chief Executive Officer
Risk of Staff Providing Incorrect or Sensitive Information to Stakeholders	Group Manager – External Relations	Group Manager - OCEC
Biosecurity Incident	Group Manager – Asset Management	Group Manager – Integrated Catchment Management

8. Two previous risks have been cascaded into other risks as listed following.

Previous Risk

Cascaded Into Current Risk(s)

HBRIC Limited

Investment Portfolio

Social Media

· Failure to Meet Public Expectations

· Failure to Establish and Maintain Relationships

· Risk of Staff Provided Incorrect or Sensitive Information to Stakeholders

9. Risk trend ratings have been amended as follows.

Risk	Previous Trend Rating	New Trend Rating	Commentary
Preparedness of CDEM and HBRC staff to respond in an emergency			Recognition of CDEM being in a temporary facility while main facility is being upgraded
Co-governance of Natural Resources			Recognition of recent volatility of relationship with RPC group
Implementation of National Policy for Freshwater Management (NPSFM)			Recognition of Minister’s intention to initiate significant reform of freshwater regulations

10. Residual Risk assessments have been amended as follows:

Risk	Previous Assessment	New Assessment	Commentary
Preparedness of CDEM and HBRC staff to respond in an emergency	Effectiveness: Effective	Effectiveness: Satisfactory	Recognition of CDEM being in a temporary facility while main facility is being upgraded, ability to respond is not at full capacity during this time.
Failure to meet unrealistic public expectations	Effectiveness: Effective Risk Factor: Low	Effectiveness: Satisfactory Risk Factor: Moderate	Recognition of potential for public and stakeholders to have misaligned expectations of Council’s service delivery requirements, particularly due to recent ambitious LTP programme.
Ability to retain and attract appropriately skilled staff	Effectiveness: Effective Likelihood: Unlikely	Effectiveness: Satisfactory Likelihood: Likely	Recognition of number of roles currently and to be advertised. Ability to recruit for roles is proving difficult across many groups.

Risk Management Process and Focus

11. Council has recently recruited two new roles which will both have varying levels of input into the risk management process. It is intended that this process be given additional visibility within the organisation with more frequent and accountable reporting.

12. The Group Manager – Office of Chief Executive and Chair will oversee and take responsibility for delivery of the process. The Principal Advisor Organisation Performance has been allocated a set of risks to share the current workload with the Corporate Accountant. Allocation has been based on internal roles and knowledge.

13. Both will provide future input and facilitation of the process with the intention of driving momentum and accountability within the organisation.

14. To date both have met with all Executive to discuss a work programme going forward, with initial steps being to create an Action Register which will be agreed to and will ensure risk owners are held accountable to their action points. While this process has assisted to drive actions internally, it is recognised that there is a lack of formal recording and accountability. The register will sit as a layer above the risk matrix.

15. Actions will be priority based with particular focus on level of risk appetite for all key strategic risks.

16. It is intended that current process, whereby six monthly workshops are held, continue to facilitate discussion and brainstorming within the organisation. The current risk register format will be used for reporting of risks and mitigation strategies.

17. Once this new process has gained maturity, staff recommend that an independent review be proposed under the current Crowe Horwath internal audit programme. As the internal audit programme has already been decided for the current financial year, it is expected that this fall under the 2019-20 financial year.

18. The intention of this review will be to gain comfort over current processes and allow for improvements to be implemented. It is intended that a Risk Management policy update be presented accordingly.

Project Risks

19. Reporting on project risks has been incorporated into the new Project Management Office (PMO). The PMO have created a reporting format for project risks that is in line with the current risk management reporting framework.

20. It is noted that the PMO and Risk Management team will meet on at least a quarterly basis to discuss any Project risk trends that may need to be incorporated into the Council wide strategic risk register.

Decision Making Process

21. Council and its committees are required to make every decision in accordance with the requirements of the Local Government Act 2002 (the Act). Staff have assessed the requirements in relation to this item and have concluded:

21.1. The decision does not significantly alter the service provision or affect a strategic asset.

21.2. The use of the special consultative procedure is not prescribed by legislation.

21.3. The decision does not fall within the definition of Council’s policy on significance.

21.4. The persons potentially affected by this decision are staff or persons in the community that rely on Council services.

21.5. The decision is not inconsistent with an existing policy or plan.

21.6. Given the nature and significance of the issue to be considered and decided, and also the persons likely to be affected by, or have an interest in the decisions made, Council can exercise its discretion and make a decision without consulting directly with the community or others having an interest in the decision.

Recommendations

1. That the Finance, Audit and Risk Sub-committee receives and considers the “Six Monthly Risk Assessment and Management” staff report.

2. The Finance, Audit and Risk Sub-committee recommends that the Corporate and Strategic Committee:

2.1. Agrees the decisions to be made are not significant under the criteria contained in Councils’ adopted Significance and Engagement Policy, and that Council can exercise its discretion and make decisions on this issue without conferring directly with the community.

2.2. Confirms the Sub-committee’s confidence that the risk assessment processes are appropriate and adequately identify and assess organisational risks

2.3. Advises staff of the specific risks (following) that the Committee believes require reassessment to confirm the level of risk is accurate.

2.3.1. …

2.3.2. …

Authored by:

Melissa des Landes

Corporate Accountant

Approved by:

Jessica Ellerm

Group Manager
Corporate Services

Attachment/s

⇩1

Risk Management Register

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 19 September 2018

Subject: Internal Audit Update

Reason for Report

1. To provide the Sub-committee with an update on the status of previous and pending internal audits.

Background

2. At its meeting on 6 June 2018, the Sub-committee agreed that the internal audit work programme for the 2018-19 financial year would include Health & Safety, Data Analytics, Business Continuance and Water Management (revisited).

3. Field work has been completed for the Health & Safety audit however due to the HR Manager being on leave, this report has been deferred to the next Sub-committee meeting scheduled for 21 November 2018.

4. Staff originally intended to present the Data Analytics audit to the 21 November meeting, however staff are requesting feedback from the Sub-committee as to whether they would still like this presented at that meeting, or if they would like this deferred to the first meeting in 2019 (date TBC).

Previous Internal Audits

5. The Crowe Horwath internal audit programme is proving successful within Council, with some solid feedback and recommendations received from our internal auditors.

6. As a reminder, under the new internal audit programme, to date Council has completed Data Analytics, Water Management, Procurement/ Contract Management with Living Wage extension.

7. Staff have already provided the Sub-committee with follow up reports on Data Analytics and Water Management, with future revised audits due later in the current financial year.

8. The Procurement/ Contract Management Audit provided some insightful review points. Council is currently working with other Hawke’s Bay Council’s to develop procurement templates which will be implemented within the business, as a starting point. There is still work to be done in this space which has been deferred due to capacity constraints.

9. The Living Wage extension saw Corporate and Strategic Committee agree to await the results of the Public Transport Operating Model (PTOM review) being conducted at a national level. Council has been actively providing information to the agency involved in the PTOM review. Latest feedback from the Ministry of Transport has been that the initial research is in the latter stages of being finalised and agreed by the Minister. Council will continue to feed back any updates to this Sub-committee as a result of this review. In addition Council is participating in a national review of the living wage, specifically in regards to Council employees and contractors, and will report back to Council in due course.

Hawke’s Bay Joint Approach

10. As part of the original decision making to undergo a joint approach to the procurement of the Internal Audit programme, staff from all five local Councils met on 20 August 2018 to share and collaborate on any review findings where possible.

11. Council also provided those other Council’s with findings from the Water Management report for their staff to assimilate internally.

12. Council’s also recognised there would be benefits in aligning any reviews that were being conducted simultaneously, whereby findings may be similar. Procurement and Contract Management was one audit identified in particular with opportunities for information and cost sharing on implementation of the recommendations. Specifically, this relates to development of templates and training possibilities. A meeting to initiate this work has been scheduled for later in the year.

Decision Making Process

13. Staff have assessed the requirements of the Local Government Act 2002 in relation to this item and have concluded that, as this report is for information only, the decision making provisions do not apply.

Recommendation

That the Finance, Audit and Risk Sub-committee:

1. Receives and notes the “Internal Audit Update” staff report.

2. Agrees to defer the “Data Analytics Internal Audit” report to the first meeting in the 2019 calendar year (date TBC).

Authored by:

Melissa des Landes

Corporate Accountant

Approved by:

Jessica Ellerm

Group Manager
Corporate Services

Attachment/s

There are no attachments for this report.

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 19 September 2018

Subject: Treasury Reporting

Reason for Report

1. To provide the opportunity for the Finance, Audit and Risk Sub-committee (FARS) to have input into the development of ongoing treasury reporting.

Background

2. As per the treasury policy developed for the LTP the specific responsibilities of the FARC are:

2.1 The FARC will oversee the implementation of the Council’s borrowing and investment strategies and monitor and review the effective management of the treasury function, borrowing and investment activities.

2.2 The FARC will ensure that the information presented to the Council is accurate, identifies the relevant issues and is represented in a clear and succinct manner.

2.3 The FARC will discuss treasury matters on a quarterly basis.

2.4 Responsibilities are:

2.4.1 Recommending the Liability Management and Investment Policy and SIPO document (or changes to existing policy) to the Council

2.4.2 Receiving recommendations from the Group Manager Corporate Service and make submissions to the Council on all treasury matters requiring Council approval

2.4.3 Recommending performance measurement criteria for externally managed funds

2.4.4 Review all matters concerning the SIPO as well as providing guidance and leadership on the appointment, management, monitoring and review of the appropriate Investment Manager

2.4.5 Monitoring quarterly performance of externally managed funds and borrowing activity against benchmarks

2.4.6 Approving allowable financial instruments

2.4.7 Complete an annual review of all investments.

Discussion

3. Once the managed funds process has been completed staff will work on developing a treasury report which allows the FARC to complete the responsibilities above. This will include:

3.1 Quarterly reporting from the fund manager/s with performance and benchmarking analysis as well as compliance with the HBRC SIPO and the strategic asset allocation below:

Sector	Benchmark %	Ranges %
NZ equities	15%	13% - 18%
International equities (fully hedged)	29%	25% - 34%
NZ property	3%	1% - 4%
International property (fully hedged)	3%	1% - 4%
Total growth assets	50%	40% - 60%
Cash and short term securities	5%	2% - 8%
NZ fixed interest securities	20%	15% - 24%
International fixed interest (fully hedged)	25%	23% - 28%
Total income assets	50%	40% - 60%

3.2 An update on the annual borrowing programme including the progress on the application to the LGFA

3.3 Ongoing risk assessment

3.4 Any other reporting required by the FARC

4 Staff will take note of any recommendations on the above and will prepare a draft template for treasury reporting to be brought back to next FARC

Decision Making Process

5 Staff have assessed the requirements of the Local Government Act 2002 in relation to this item and have concluded that, as this report is for information only, the decision making provisions do not apply.

Recommendation

That the Finance Audit & Risk Sub-committee receives and notes the “Treasury Reporting” staff report.

Authored by:

Manton Collings

Chief Financial Officer

Approved by:

Jessica Ellerm

Group Manager Corporate Services

Attachment/s

There are no attachments for this report.

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 19 September 2018

Subject: Annual Report Update

Reason for Report

1. To provide the sub-committee with the opportunity to review and discuss the draft Annual Report for the year ending 30 June 2018, including discussing any significant matters with the Audit Director, Stephen Lucy.

Draft 2017-18 Annual Report

2. The on-site Audit work for HBRC has been completed, with final work to be completed off-site over the next few weeks.

3. The draft 2017-18 Annual Report is attached for review, as updated since the version presented to Council on 29 August 2018 adopted for Audit. This now includes comments from the Chair and Chief Executive, a report on Māori contributions to decision-making and updated group of activity highlights.

4. There are two outstanding matters still to be included to the draft Annual Report.

4.1. Group Consolidation - Consolidated group financials are not included as the final audited financial statements from HBRIC Ltd have yet to be received. Audit NZ will provide an update on progress.

4.2. HBRIC Ltd Valuation – At the 6 June Finance, Audit and Risk Sub-committee, 13 June Corproate & Strategic Committee and then 27 June Regional Council meetings the valuation was discussed and resolved that “Uses the Napier Port valuation provided by HBRIC Ltd”.

4.2.1. Given the quantum of work PWC Ltd has since undertaken to provide Council and HBRIC Ltd with an independent review of various reports on the capital structure of Napier Port, staff have commissioned them to recommend to HBRIC an appropriate fair value assessment of the asset for the year ended 30 June 2018.

4.2.2. Following the PWC book valuation of Napier Port for HBRIC Ltd, BDO Ltd will then undertake a high level review of HBRIC Ltd as an entity for Council’s valuation purposes, as pertains to the calculation of management costs, etc.

5. The final audited Annual Report will be presented to Council for adoption on 24 October.

Decision Making Process

6. Staff have assessed the requirements of the Local Government Act 2002 in relation to this item and have concluded that, as this report is for information only, the decision making provisions do not apply.

Recommendation

That the Finance, Audit and Risk Sub-Committee receives and notes the “2017-18 Annual Report Update” staff report.

Authored by: Approved by:

Manton Collings

Chief Financial Officer

Jessica Ellerm

Group Manager
Corporate Services

Attachment/s

⇨1

2017-18 Annual Report as at 13 September 2018

Under Separate Cover

HAWKE’S BAY REGIONAL COUNCIL

Finance Audit & Risk Sub-committee

Wednesday 19 September 2018

Subject: September 2018 Update on the Sub-committee Work Programme

Reason for Report

1. In order to ensure the sub-committee’s ability to effectively and efficiently fulfill its role and responsibilities, an overall update on its work programme is provided following.

2. It should be noted that some non-urgent items in the work programme have been deferred due to current resourcing and capacity restraints. We continue to recruit for a financial accountant, and staff have needed to prioritize work on the impending Port consultation and the year end audit.

Task	Item	Scheduled / Status
Internal Audits	Health & Safety	19 September 2018 FA&R meeting now deferred to 21 November 2018 meeting
	Data Analytics	21 November 2018 FA&R meeting
	Business Continuance	Q3 2018-19 FA&R meeting
	Water Management	Q4 2018-19 FA&R meeting
Risk Assessment & Management	Reporting on risks (6-monthly) affecting Council plus noting changes / improvements / areas that require attention from last report (3-monthly)	19 September 2018 and Q3 2018-19 meetings. Risk management discussions and follow ups now being documented at each monthly Exec meeting.
Insurance	Council’s proposed 2018-19 Insurance programme	Reported to 6 June 2018 FA&R meeting
Annual Report	Discussion on Audit Management Letter	Auditor scheduled to attend November 2018 FA&R meeting
Annual Report	Discussion on the major issues (if any) in the audit report on the Annual Report.	Aligned with Audit NZ & legislative requirements Sept-Nov each year. Update paper provided this 19 September meeting.
S17a Efficiency Reviews	Update on progress and findings of Section 17a Efficiency Reviews	No reviews scheduled in Q1&2 of Year 1 of LTP. Staff member attended Hawke’s Bay Council wide S17a Review collaboration meeting in Wairoa held on 22^nd August 2018 where opportunities for cost sharing were discussed.
Investment Returns & Treasury Monitoring	Update on progress in obtaining required level of dividend from PONL. Update on Treasury function within Council	HBRIC Ltd 2018-19 SoI adopted at 27 June 2018 Council meeting. SIPO adopted at 27 June 2018 Council meeting. Fund managers to be appointed at 26 September Council meeting, thereafter quarterly updates are to be presented at future FA&R meetings. Paper and draft policy on Ethical Investing to go to C&S 3 October. Application to join LGFA to be undertaken in the next quarter.

Decision Making Process

3. Staff have assessed the requirements of the Local Government Act 2002 in relation to this item and have concluded that, as this report is for information only, the decision making provisions do not apply.

Recommendation

That the Finance, Audit and Risk Sub-committee receives and notes the “September 2018 Update on Sub-committee Work Programme” staff report.

Authored by:

Melissa des Landes

Corporate Accountant

Approved by:

Jessica Ellerm

Group Manager Corporate Services

Attachment/s

There are no attachments for this report.