MINUTES OF A meeting of the Finance Audit & Risk Sub-committee
Date: Wednesday 12 August 2020
Time: 9.00am
Venue: |
Council Chamber Hawke's Bay Regional Council 159 Dalton Street NAPIER |
W Foley
N Kirton
In Attendance: J Palmer – Chief Executive (via Zoom)
J Ellerm – Group Manager Corporate Services
J Lawrence – Group Manager Office of the CE & Chair
C Goodier – Team Leader Engineering
M Heaney - Procurement Manager
G Howes – Treasury & Funding Accountant
H Marsden – Risk and Assurance Lead
M Solomon – Crowe (via Zoom)
A Siddles – Chief Information Officer
B Smith – Chief Financial Officer
K Young - Audit NZ
A Roets – Governance Administration Assistant
The Chair welcomed everyone to the meeting.
Resolution
FIN125/20 That the apology for absence from Rebekah Dinwoodie be accepted.
Foss/Foley
CARRIED
2. Conflict of Interest Declarations
There were no conflict of interest declarations.
3. Confirmation of Minutes of the Finance Audit & Risk Sub-committee meeting held on 12 February 2020
Minutes of the Finance Audit & Risk Sub-committee held on Wednesday, 12 February 2020, a copy having been circulated prior to the meeting, were taken as read and confirmed as a true and correct record. CARRIED |
Procurement Policy Amendments to Support the HB Economic Recovery |
|
|
Mark Heaney introduced the item, which was taken as read, with discussions covering: · Achieved and implemented majority of the 28 recommendations of the Crowe report · Significant changes to Policy around Covid and Climate.Smart.Recovery · Increased payment frequency to assist local businesses with cash flow · Looking to support four main outcomes of Government operational issues, conflict of interest, emergency procurement and capability and capacity · Policy reflects best practice · Investigating opportunities for standardised practises across councils in the region · Financial delegations don’t form part of the procurement policy but are referenced in the Policy · Next steps include procurement monitoring, review to increase the use of “all of Government” contracts, development of ongoing internal procurement training and procurement, and to design and implement an internal procurement audit programme in conjunction with the Strategic Risk Framework currently being developed · Staff to report back to C&S to bring discussion together on financial delegations including specifics of the CE’s delegations. |
That the Finance, Audit and Risk Sub-committee: 1. Reviews the updated draft Procurement Policy and Manual and accepts the proposed changes as highlighted. 2. Receives and notes the reporting metrics provided for the period 1 July 2019 to 30 June 2020. 3. Recommends that the Corporate and Strategic Committee adopts the Procurement Policy and Manual with amendments as proposed. CARRIED |
Risk Maturity |
|
|
Helen Marsden introduced the item, with discussions covering: · Risk Maturity Roadmap was endorsed by the Corporate & Strategic Committee on 10 June and resolved by Council on 24 June 2020 · One component of the roadmap was to develop a Risk Framework and Policy for the organisation · Agreement that the roadmap addresses the recommendations from the Audit report with one exception being that an internal audit on the assurance framework will now have to be added to phase 3 of the Roadmap · Policy sets the context of the risk management system while the framework sets the scope · Once endorsed and accepted by the Committee, a more detailed implementation plan will be developed · Actions taken will address risks identified – does require some cultural change within the organisation · Risk report will continue to evolve · Bowtie analysis being developed · Next committee bring back further thinking around risks feeding through other committees · Ongoing capability development for engagement with tangata whenua · Comfort that appropriate management interventions in place · Suggested that 5 & 6 be merged to become technology and security · Regulatory performance risk more visible and addressed. |
That the Finance, Audit and Risk Sub-committee: 1. receives and considers the “Risk Maturity” staff report 2. confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit – Risk Management Maturity Assessment report 3. recommends that the Corporate and Strategic Committee approves both the Risk Management Policy and the Risk Management Framework as being appropriate and sufficiently robust to manage Council’s significant risks. CARRIED |
Six Monthly Enterprise Risk Management Report |
|
|
The item was taken as read. |
That the Finance, Audit and Risk Sub-committee: 1. receives and considers the “Six Monthly Enterprise Risk Management” staff report 2. confirms its confidence that Council management has undertaken an effective risk identification and risk management process for Council’s significant risks, and that actions taken to date to mature HBRC’s risk management system are in line with Council’s expectations as provided to the 10 June 2020 Corporate and Strategic Committee meeting in the Risk Maturity Roadmap. CARRIED |
The meeting adjourned at 10.40am and reconvened at 10.56am.
Annual 2020-21 Internal Audit Work Plan |
|
|
Helen Marsden introduced the item with discussions covering: · An overview of activities is underway across the organisation, including LGA section 17a reviews · Crowe has draft fy21 annual internal audit plan considers previous internal audits, insights and observations of current risks and issues in the local government sector · Crowe proposes two internal audits and retention of 40 hours to address any specific new risk area that may arise during the financial year · There was a request to bring forward the organisational Carbon footprint assessment and that the management and risk associated with the carbon portfolio be reported to the next FARS meeting · Agreement to continue with programme as proposed |
That the Finance, Audit and Risk Sub-committee: 1. receives and considers the “Annual 2020-21 Internal Audit Work Plan” staff report 2. adopts the 2020-21 Internal Audit Work Plan as proposed. CARRIED |
Cyber Security Internal Audit Follow-up |
|
|
Jess Ellerm introduced Andrew Siddles, ICT Manager. Discussions covered: · FARS meeting on 12 February received the Crowe internal audit report · Management actions taken to address the risks identified have been sidetracked by the Covid-19 response · Significant risks highlighted in the Crowe report · IT will work with Risk and Assurance Lead to address IT risks and prioritise IT projects using a risk based approach · Replacement of finance system and telephone system both pose technical risks · Residual risks resulting from large number of legacy IT issues and insufficient current resource to mitigate – might require 5-10 years as there is limited funding · A resource was requested through the Annual plan to develop and implement an ICT disaster recovery plan · Comfortable that IT is addressing the telephone and finance system risks through implementation of new systems. · Will be presenting an IT strategy through the long term plan. |
That the Finance, Audit & Risk Sub-Committee Committee: 1. receives and considers the “Cyber Security Internal Audit” staff report 2. confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit – IT Security report. CARRIED |
Data Analytics Internal Audit Report |
|
|
Bronda Smith introduced the item, reporting on the third annual internal audit, which was taken as read. |
That the Finance, Audit and Risk Sub-committee receives and notes the “Data Analytics Internal Audit Report”. CARRIED |
8. |
2019-20 Annual Report Audit Plan |
|
Karen Young (Audit NZ) gave an overview of the item. Discussions traversed: · The plan sets out the approach to the audit and the main risks and issues that Audit NZ will focus on during the audit · Next steps will include feedback from FARS committee to finalise the audit plan · Officers will continue to work with Audit NZ to provide information required to ensure that the 28 October 2020 timetable for adoption of the annual report is met. |
That the Finance, Audit and Risk Sub-committee receives and notes the “2019-20 Annual Report Audit Plan” staff report and agrees the Audit Plan as proposed. CARRIED |
Internal Audits Review and Action Plan |
|
|
The report was taken as read. |
That the Finance, Audit and Risk Sub-committee: 1. receives and notes Crowe’s ‘Hawke’s Bay Regional Council Internal Audit – Follow-up Audit’ 2. confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit Follow-up Audit report. CARRIED |
Sub-committee Work Programme August 2020 Update |
|
|
The item was taken as read. |
That the Finance, Audit and Risk Sub-committee receives and notes the “Sub-committee Work Programme August 2020 Update” staff report. CARRIED |
Treasury Report to 30 June 2020 |
|
|
Jess Ellerm introduced Geoff Howes who gave an update of the compliance monitoring of treasury activities and reports, covering: · Enhancements to the Treasury report around reporting on Cash and Cash Equivalents · Further enhancements will continue to be developed as part of the FARS work programme · Significant impacts of market volatility and uncertainty on Council’s investments. |
That the Finance, Audit and Risk Sub-committee receives and notes the “Treasury Report to 30 June 2020”. CARRIED |
Closure:
There being no further business the Chairman declared the meeting closed at 12.15pm on Wednesday, 12 August 2020.
Signed as a true and correct record.
DATE: ................................................ CHAIRMAN: ...............................................