MINUTES OF A meeting of the Finance Audit & Risk Sub-committee
Date: Wednesday 12 February 2020
Time: 9.00am
Venue: |
Council Chamber Hawke's Bay Regional Council 159 Dalton Street NAPIER |
R Dinwoodie
W Foley
N Kirton
In Attendance: J Palmer – Chief Executive
J Ellerm – Group Manager Corporate Services
L Hooper – Governance Lead
B Smith – Chief Financial Officer
K Young – Audit NZ
A Siddles – Acting ICT Manager
O Giraud-Burrell – Business Analyst
The Chairman welcomed everyone to this first meeting of the sub-committee for the triennium.
2. Conflict of Interest Declarations
There were no conflict of interest declarations.
Confirmation of the Terms of Reference for the Finance, Audit and Risk Sub-committee |
|
|
The Chair introduced the item, which was taken as read. |
1. That the Finance, Audit and Risk Sub-committee receives and considers the “Confirmation of the Terms of Reference for the Finance, Audit and Risk Sub-committee” staff report. 2. The Finance, Audit and Risk Sub-committee recommends that the Corporate and Strategic Committee: 2.1. confirms the Terms of Reference for the Finance, Audit and Risk Sub-committee (following) 2.2. recommends that Hawke’s Bay Regional Council adopts the Terms of Reference for the Finance, Audit and Risk Sub-committee as confirmed by the Corporate and Strategic Committee by resolution on 11 March 2019. CARRIED |
|
|
Finance, Audit and Risk Sub-committee Terms of Reference for Council adoption 25 March 2020 1. Purpose The purpose of the Finance, Audit and Risk Sub-committee is to report to the Corporate and Strategic Committee to fulfil its responsibilities for: 1.1. The provision of appropriate controls to safeguard the Council’s financial and non-financial assets, the integrity of internal and external reporting and accountability arrangements 1.2. The review of Council’s revenue and expenditure policies and the effectiveness of those policies. 1.3. The independence and adequacy of internal and external audit functions 1.4. The robustness of risk management systems, processes and practices 1.5. Compliance with applicable laws, regulations, standards and best practice guidelines. 2. Specific Responsibilities The Finance, Audit and Risk Sub-committee shall have responsibility and authority to: 2.1. Consider the appropriateness of the Council’s existing accounting policies and principles and any proposed changes 2.2. Satisfy itself that the financial statements and statements of service performance are supported by adequate management signoff and adequate internal controls and recommend adoption of the Annual Report by Council 2.3. Confirm that processes are in place to ensure that financial information included in Council’s Annual Report is consistent with the signed financial statements 2.4. Monitor the performance of Council’s investment portfolio 2.5. Confirm the terms of appointment and engagement of external auditors, including the nature and scope of the audit, timetable, and fees 2.6. Receive the internal and external audit report(s) and review actions to be taken by management on significant issues and recommendations raised within the report(s) 2.7. Enquire of internal and external auditors for any information that affects the quality and clarity of the Council’s financial statements and statements of service performance, and assess whether appropriate action has been taken by management in response to this 2.8. Conduct a sub-committee members-only session with Audit NZ to discuss any matters that the auditors wish to bring to the Sub-committee’s attention and/or any issues of independence 2.9. Review whether Council management has a current and comprehensive risk management framework and associated procedures for effective identification and management of the council’s significant risks in place 2.10. Undertake periodic monitoring of corporate risk assessment, and the internal controls instituted in response to such risks 2.11. Undertake systematic reviews of Council operational activities against Council stated performance criteria to determine efficiency/effectiveness of delivery of Council services 2.12. Review the effectiveness of the system for monitoring the Council’s compliance with laws (including governance legislation, regulations and associated government policies), Council’s own standards, and best practice guidelines; including health and safety. 3. Accountability 3.1. The Finance, Audit and Risk Sub-committee is not delegated to make any decisions unless by specific delegation of Council. The Finance, Audit and Risk Sub-committee is delegated by Council to: 3.2. Obtain external legal or independent professional advice within approved budgets in the satisfaction of its responsibilities and duties 3.3. Secure the attendance at meetings of third parties with relevant experience and expertise as appropriate 3.4. Receive all of the information and documentation needed or requested to fulfill its responsibilities and duties, subject to applicable legislation 3.5. Ensure that recommendations in audit management reports are considered and, if appropriate, actioned by management 3.6. Review the objectives and scope of the internal audit function, and ensure those objectives are aligned with Council’s overall risk management framework 3.7. Assess the performance of the internal audit function, and ensure that the function is adequately resourced and has appropriate authority and standing within Council. 4. Membership 4.1. Up to four members of Council, being: Councillors Will Foley, Craig Foss and Neil Kirton (confirmed by Council resolution 6 November 2019) 4.2. An external appointee, being: Rebekah Dinwoodie (confirmed by Council resolution 6 November 2019) 5. Chairperson A member of the Committee as elected by the Council, being Councillor Craig Foss (confirmed by Council resolution 9 November 2016) 6. Meeting Frequency The Committee shall meet quarterly, or as required 7. Quorum The quorum at any meeting of the Committee shall be not less than 3 members of the Committee. 8. Officers Responsible 8.1. Chief Executive 8.2. Group Manager Corporate Services 8.3. Group Manager Office of the Chief Executive and Chair |
Introduction of Council’s Audit NZ Auditor, Karen Young |
|
|
Karen Young introduced herself, the appointed Auditor for HBRC, NCC and HDC, outlining how her engagement with Council will occur. The role of the auditor is mainly to identify business risks and test the evidence provided to gauge the accuracy and sufficiency of Council’s financial statements and accounting for those risks. |
Sub-committee Work Programme |
|
|
The Chair introduced the item and sought particular topics of interest to members of the sub-committee. Rebekah Dinwoodie is also Chair of Women’s Refuge, staff wellbeing and culture (recruitment and retention), and associated risks are particular interests. Will Foley has particular interest in issues associated with staff resources and the well-being challenges brought about with legislative change and rapid organisational growth. Neil Kirton suggests the sub-committee undertake an exercise to reconcile strategic drivers with council’s work programmes, and re-sets the risk management framework in accordance with climate risks and Council’s ability to adequately respond. Further discussions covered: · Although looking back to see how council got to where it is now is relevant, it is important to look forward for potential risks. The Chief Executive outlined for Councillors’ information, issues and activities coming up over the near future in each area of Council. · Greatest financial management risk comes from external sources (e.g. Central Government, lobby groups) to commit additional, unbudgetted funding to new work (e.g. NPSFM, Drinking Water Regulation) or new initiatives (e.g. Provincial Growth Fund applications) that cause Council to deviate from its plan (e.g. LTP) and forecast budgets/resource requirements. · Councillors, overall, are aware of the risks facing council. In relation to Climate Change, council is already well prepared to respond but there is stress and tension around increased activity and potential impacts on resources. · Climate change ‘current state’ and ability to deliver has been provided to first councillors’ strategic workshop and EICC, with piece of work still to develop the risk profile for the region. Subject of discussions with central government tomorrow, to clarify and confirm common methodology nationally, so a gaps analysis can be carried out to reconcile Council’s activities with what’s required. · Suggestion that informal meetings between sub-committee meetings provide opportunity to delve deeply into areas of particular interest – so that underlying work is done prior to coming to the formal meeting. · Request to provide a summary of financial approval processes for funding requests from external parties, to provide visibility that financials are accurate and follow proper process, along with a list or register that logs and tracks all requests such as funding, sponsorship, grants, loans, equity, commitments, underwriting or guarantees, formal and informal made for HBRC financial and other resources and assets. Concerns may relate to various requests following different evaluation processes. · The s17a review of Works Group proposed mid 2019 has been delayed due to Finance resourcing issues and will commence shortly using external resource. Most functions reviewed through the organisational restructure and reconciled against the s17a requirements. Legislation is non-specific but requires regular reviews of efficiency and effectiveness of Council activities. · Review of the S36 charging regime is being carried out, not specifically for s17a purposes but staff will incorporate the relative elements of the review into the S17a work programme. · Audit Action list will be created and provided to the sub-committee, as a live document that tracks progress against internal audit recommendations. Staff will refine topics from today’s discussions via email with members for input to a workshop to further develop the internal audit schedule and ‘work programme’ for adoption 13 May. |
That the Finance, Audit and Risk Sub-committee: 1. Receives and considers the “Sub-committee Work Programme” staff report. 2. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that the Sub-committee can exercise its discretion and make decisions on this item without conferring directly with the community, in accordance with its Terms of Reference. 3. Agrees that the work programme for the Sub-committee will be developed through workshops ahead of confirming the schedule of work and budget allocations at the 13 May FARS meeting, and that in the meantime Internal Audits agreed in August 2019 will be scoped and/or carried out as planned. CARRIED |
Risk Assessment and Management |
|
|
James Palmer introduced the item and Olivia Giraud-Burrell, with questions and discussion covering: · CDEM staff training provided/ undertaken is confirmed by members of the CDEM Coordinating Executives Group and staff liaison with TLAs and includes participation in Group Exercises by all councils and agencies · Recruitment of a Health & Safety Lead is still underway and role is being covered by a part-time contractor in meantime · Mitigation initiatives for “Ability to retain and attract appropriately skilled staff” risk are being rolled out and expect full implementation over next 2 months – the new People and Capability Manager will bring report on progress and effectiveness to next meeting · Human health risks from contaminated drinking water is trending down due to work with TLAs, bore inventory, TLA compliance with consent conditions, and central government regulations. · IT failure residual risk level unchanged despite commentary of “increased cyber security risk” · Organisational response to corona virus includes CDEM daily briefings and keeping CDEM CEG updated, plus the Group Plan includes preparedness for Pandemic. Suggestion that staff international travel plans be monitored and additional quarantine time provided if required. |
The Finance, Audit and Risk Sub-committee: 1. Agrees that the decisions to be made are not significant under the criteria contained in Council’s adopted Significance and Engagement Policy, and that the Sub-committee can exercise its discretion and make decisions on this item without conferring directly with the community, in accordance with its Terms of Reference. 2. Receives and considers the “Six Monthly Risk Assessment and Management” staff report. 3. Advises staff of the specific risks (following) that require reassessment to confirm the level of risk is accurate and internal controls are adequate, for reporting back to the 13 May 2020 Sub-committee meeting. 3.1. ORG002: Ability to retain and attract appropriately skilled staff 3.2. CORP001: ICT Failure - Business Wide. 4. Recommends that the Corporate and Strategic Committee receives and notes the resolutions of the Sub-committee, including the specific risks that require reassessment; being: 4.1. ORG002: Ability to retain and attract appropriately skilled staff 4.2. CORP001: ICT Failure - Business Wide. CARRIED |
Item - 7. Introduction of Council’s Audit NZ Auditor, Karen Young - was considered immediately following item 3 Confirmation of the Terms of Reference for the Finance, Audit and Risk Sub-committee.
The meeting adjourned at 10.32am and reconvened at 10.50am
Treasury Report for Period to 31 December 2019 |
|
|
· Treasury reporting covers Investment management as well as debt funding, liquidity and risk management · PWC is working with 35 councils across the sector, providing independent Treasury advisory services to enhance council’s treasury management decision making. · PWC has assisted in the establishment of council’s current management and reporting framework including the review and updating of the Treasury Policy, SIPO (reviewed annually), and design of the Treasury report which includes liquidity, debt and interest rate risk positions. Also conducted RFP process for investment managers, assisted with joining LGFA and has implemented formal monthly PwC/management treasury meetings · Portfolio returns from Mercer 1.2% for December quarter & 11% cumulative; and Jarden 3.3% for December quarter & 11.4% cumulative · PwC is in favour of retaining two fund managers, as have different approaches and provides competitive tension · Ethical investments by the fund managers in line with Council’s policy · Need an overview across the total and entire balance sheet, not siloed, to ratepayers have visibility of the entire organisation, and also having consistency of investments objectives and are not counter-acting each other. · Need to recognise and understand the risk to the total balance sheet through the Council’s exposure to the log industry (forests, reforestation, log transportation, and exports) via various assets, programs, assets and the investment portfolio. · PwC is satisfied council is getting value for money and managing risks · Suggest investment managers be given more flexibility to invest via changes to SIPO, and that it be amended to account for the Long term investment fund which sits on Council’s balance sheet. Updated SIPO to 11 March C&S meeting where investment managers will present and be able to respond to questions. |
That the Finance, Audit and Risk Sub-committee receives and notes the “Treasury Report for period to 31 December 2019” staff report and that recommended amendments to the SIPO be provided to the 11 March 2020 Corporate and Strategic Committee meeting for adoption. CARRIED |
Business Continuance Plan |
|
|
Lisa Pearse introduced herself and the item, which was taken as read with queries and discussions covering: · Staff working through recommendations of 2018 independent review and tested actions taken through the CDEM exercise in October 2019 · Ongoing process of addressing issues identified through the review, e.g. replacement of Dalton Street phone system, as prioritised by executive leadership team |
That the Finance, Audit and Risk Sub-committee receives and accepts the “Business Continuity Plan” staff report and associated plan. CARRIED |
Cyber Security Internal Audit |
|
|
Andrew Siddles introduced himself and the item, and outlined the work he’s undertaken since arriving at council a little over a year ago. Queries and discussions traversed: · All new staff undertake “phishing” training · Rebuilt firewall and took steps to address high / medium risk recommendations · Gross risk without any management actions is red, however residual risk after mitigations is amber and will never be risk free. If more resource was available some actions could be brought forward on the work programme · Firewall between the corporate and controls (telemetry) systems · Pumping stations at risk of hacking to be investigated · System controls of flood assets have been reviewed and report on results will go to future meeting. |
That the Finance, Audit & Risk Sub-Committee Committee receives and notes the “Cyber Security Internal Audit” staff report and requests that staff report back to the May FARS meeting on progress on management actions that have been undertaken to respond to the issues identified and recommendations made in the Crowe Horwath Cyber Security internal audit report. CARRIED |
Procurement Policy and Procurement Manual Update |
|
|
This item was deferred to the 13 May FARS meeting. |
Financial Results for the 2019-20 Financial Year, for the Period to 31 December 2019 |
|
|
This item was referred to the 11 March 2020 Corporate & Strategic Committee meeting. |
Closure:
There being no further business the Chairman declared the meeting closed at 12.12pm on Wednesday 12 February 2020.
Signed as a true and correct record.
DATE: ................................................ CHAIRMAN: ...............................................