MINUTES OF A meeting of the Finance Audit & Risk Sub-committee

 

 

Date:                          Wednesday 12 August 2020

Time:                          9.00am

Venue:

Council Chamber

Hawke's Bay Regional Council

159 Dalton Street

NAPIER

 

Present:                     C Foss - Chairman

W Foley

N Kirton

 

In Attendance:          J Palmer – Chief Executive (via Zoom)

J Ellerm – Group Manager Corporate Services

J Lawrence – Group Manager Office of the CE & Chair

C Goodier – Team Leader Engineering

M Heaney - Procurement Manager

G Howes – Treasury & Funding Accountant

H Marsden – Risk and Assurance Lead

M Solomon – Crowe (via Zoom)

A Siddles – Chief Information Officer

B Smith – Chief Financial Officer

K Young - Audit NZ

A Roets – Governance Administration Assistant

 

 


1.       Welcome/Apologies/Notices

The Chair welcomed everyone to the meeting.

Resolution

FIN125/20    That the apology for absence from Rebekah Dinwoodie be accepted.

Foss/Foley

CARRIED

 

2.       Conflict of Interest Declarations

There were no conflict of interest declarations.

 

3.       Confirmation of Minutes of the Finance Audit & Risk Sub-committee meeting held on 12 February 2020

FIN126/20

Resolution

Minutes of the Finance Audit & Risk Sub-committee held on Wednesday, 12 February 2020, a copy having been circulated prior to the meeting, were taken as read and confirmed as a true and correct record.

Kirton/Foley

CARRIED

 

4.

Procurement Policy Amendments to Support the HB Economic Recovery

 

Mark Heaney introduced the item, which was taken as read, with discussions covering:

·    Achieved and implemented majority of the 28 recommendations of the Crowe report

·    Significant changes to Policy around Covid and Climate.Smart.Recovery

·    Increased payment frequency to assist local businesses with cash flow

·    Looking to support four main outcomes of Government operational issues, conflict of interest, emergency procurement and capability and capacity

·    Policy reflects best practice

·    Investigating opportunities for standardised practises across councils in the region

·    Financial delegations don’t form part of the procurement policy but are referenced in the Policy

·    Next steps include procurement monitoring, review to increase the use of “all of Government” contracts, development of ongoing internal procurement training and procurement, and to design and implement an internal procurement audit programme in conjunction with the Strategic Risk Framework currently being developed

·    Staff to report back to C&S to bring discussion together on financial delegations including specifics of the CE’s delegations.

FIN127/20

Resolutions

That the Finance, Audit and Risk Sub-committee:

1.      Reviews the updated draft Procurement Policy and Manual and accepts the proposed changes as highlighted.

2.      Receives and notes the reporting metrics provided for the period 1 July 2019 to 30 June 2020.

3.      Recommends that the Corporate and Strategic Committee adopts the Procurement Policy and Manual with amendments as proposed.

Foss/Foley

CARRIED

 

5.

Risk Maturity

 

Helen Marsden introduced the item, with discussions covering:

·    Risk Maturity Roadmap was endorsed by the Corporate & Strategic Committee on 10 June and resolved by Council on 24 June 2020

·    One component of the roadmap was to develop a Risk Framework and Policy for the organisation

·    Agreement that the roadmap addresses the recommendations from the Audit report with one exception being that an internal audit on the assurance framework will now have to be added to phase 3 of the Roadmap

·    Policy sets the context of the risk management system while the framework sets the scope

·    Once endorsed and accepted by the Committee, a more detailed implementation plan will be developed

·    Actions taken will address risks identified – does require some cultural change within the organisation

·    Risk report will continue to evolve

·    Bowtie analysis being developed

·    Next committee bring back further thinking around risks feeding through other committees

·    Ongoing capability development for engagement with tangata whenua

·    Comfort that appropriate management interventions in place

·    Suggested that 5 & 6 be merged to become technology and security

·    Regulatory performance risk more visible and addressed.

FIN128/20

Resolutions

That the Finance, Audit and Risk Sub-committee:

1.      receives and considers the “Risk Maturity” staff report

2.      confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit – Risk Management Maturity Assessment report

3.      recommends that the Corporate and Strategic Committee approves both the Risk Management Policy and the Risk Management Framework as being appropriate and sufficiently robust to manage Council’s significant risks.

Foss/Kirton

CARRIED

 

6.

Six Monthly Enterprise Risk Management Report

 

The item was taken as read.

FIN129/20

Resolutions

That the Finance, Audit and Risk Sub-committee:

1.      receives and considers the “Six Monthly Enterprise Risk Management” staff report

2.       confirms its confidence that Council management has undertaken an effective risk identification and risk management process for Council’s significant risks, and that actions taken to date to mature HBRC’s risk management system are in line with Council’s expectations as provided to the 10 June 2020 Corporate and Strategic Committee meeting in the Risk Maturity Roadmap.

Foss/Foley

CARRIED

The meeting adjourned at 10.40am and reconvened at 10.56am.

7.

Annual 2020-21 Internal Audit Work Plan

 

Helen Marsden introduced the item with discussions covering:

·    An overview of activities is underway across the organisation, including LGA section 17a reviews

·    Crowe has draft fy21 annual internal audit plan considers previous internal audits, insights and observations of current risks and issues in the local government sector

·    Crowe proposes two internal audits and retention of 40 hours to address any specific new risk area that may arise during the financial year

·    There was a request to bring forward the organisational Carbon footprint assessment and that the management and risk associated with the carbon portfolio be reported to the next FARS meeting

·    Agreement to continue with programme as proposed

FIN130/20

Resolutions

That the Finance, Audit and Risk Sub-committee:

1.      receives and considers the “Annual 2020-21 Internal Audit Work Plan” staff report

2.      adopts the 2020-21 Internal Audit Work Plan as proposed.

Foss/Foley

CARRIED

 

9.

Cyber Security Internal Audit Follow-up

 

Jess Ellerm introduced Andrew Siddles, ICT Manager. Discussions covered:

·    FARS meeting on 12 February received the Crowe internal audit report

·    Management actions taken to address the risks identified have been sidetracked by the Covid-19 response

·    Significant risks highlighted in the Crowe report

·    IT will work with Risk and Assurance Lead to address IT risks and prioritise IT projects using a risk based approach

·    Replacement of finance system and telephone system both pose technical risks

·    Residual risks resulting from large number of legacy IT issues and insufficient current resource to mitigate – might require 5-10 years as there is limited funding

·    A resource was requested through the Annual plan to develop and implement an ICT disaster recovery plan

·    Comfortable that IT is addressing the telephone and finance system risks through implementation of new systems.

·    Will be presenting an IT strategy through the long term plan.

FIN131/20

Resolutions

That the Finance, Audit & Risk Sub-Committee Committee:

1.      receives and considers the Cyber Security Internal Audit staff report

2.      confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit – IT Security report.

Foss/Foley

CARRIED

 

10.

Data Analytics Internal Audit Report

 

Bronda Smith introduced the item, reporting on the third annual internal audit, which was taken as read.

FIN132/20

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the “Data Analytics Internal Audit Report”.

Foss/Kirton

CARRIED

 

8.

2019-20 Annual Report Audit Plan

 

Karen Young (Audit NZ) gave an overview of the item.  Discussions traversed:

·    The plan sets out the approach to the audit and the main risks and issues that Audit NZ will focus on during the audit

·    Next steps will include feedback from FARS committee to finalise the audit plan

·    Officers will continue to work with Audit NZ to provide information required to ensure that the 28 October 2020 timetable for adoption of the annual report is met.

FIN133/20

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the “2019-20 Annual Report Audit Plan” staff report and agrees the Audit Plan as proposed.

Foss/Kirton

CARRIED

 

11.

Internal Audits Review and Action Plan

 

The report was taken as read.

FIN134/20

Resolutions

That the Finance, Audit and Risk Sub-committee:

1.      receives and notes Crowe’s ‘Hawke’s Bay Regional Council Internal Audit – Follow-up Audit’

2.       confirms it is comfortable that management actions undertaken or planned for the future adequately respond to the findings and recommendations of the Crowe Internal Audit Follow-up Audit report.

Foss/Foley

CARRIED

 

12.

Sub-committee Work Programme August 2020 Update

 

The item was taken as read.

FIN135/20

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the “Sub-committee Work Programme August 2020 Update” staff report.

Foss/Foley

CARRIED

 

13.

Treasury Report to 30 June 2020

 

Jess Ellerm introduced Geoff Howes who gave an update of the compliance monitoring of treasury activities and reports, covering:

·    Enhancements to the Treasury report around reporting on Cash and Cash Equivalents

·    Further enhancements will continue to be developed as part of the FARS work programme

·    Significant impacts of market volatility and uncertainty on Council’s investments.

FIN136/20

Resolution

That the Finance, Audit and Risk Sub-committee receives and notes the “Treasury Report to 30 June 2020”.

Kirton/Foss

CARRIED

 

Closure:

There being no further business the Chairman declared the meeting closed at 12.15pm on Wednesday, 12 August 2020.

 

Signed as a true and correct record.

 

 

 

DATE: ................................................               CHAIRMAN: ...............................................