|
James Palmer introduced the item and
proposed an amendment to the Plan that was provided by Crowe. Discussions
covered:
· Propose the 3 yearly
Health and Safety (H&S) full audit of the whole system including practices,
processes and capability audit be undertaken by an external expert H&S
reviewer instead of the Health and Safety Reporting audit on the Crowe
plan; and in its place bring forward the Cyber Security audit from 2023-24 to
2022-23.
· Purpose of H&S audit is
to ensure the H&S work programme is effectively managing Council’s H&S
risks and achieving legislative compliance.
· The Cyber Security risk
profile continues to grow, hence the proposal to bring forward that audit.
· Exploration of potential
for independent review of Asset Management and infrastructure assets, given
concerns about infrastructure pressure and increased expectations around
forward investment, being re-prioritised to occur in this financial year
instead of Cyber security
· Need to look at the real
risks for Council and carry out audits where they relate to Council’s
enterprise risks where there is no work currently underway rather than repeat
or cyclical internal audits.
· Some work to be done by
staff on where deep functional reviews are required as opposed to the type of
internal audit that Crowe carries out, including budget allocations and how
audits and reviews correspond to Council’s e risks.
· Council has fallen behind
with systematic reviews and updating of systems for tracking and managing
assets so there is a massive, multi-million dollar, multi-year work programme
to review all of the schemes and put in place an integrated asset management IT
solution to modernise the way Council manages asset infrastructure. Given the
amount of work involved to prepare for the full review James Palmer
recommends that it be retained in the 2023-24 financial year and not be
brought forward. This type of in depth audit would likely need in the
neighbourhood of 120-140 hours work.
· It was suggested that the
GM Asset Management presents on work that has been done in Asset Management
around performance, internal processes/policies and practices to the next
FARS meeting to further inform a decision by the sub-committee on the nature
and scope as well as timing of an asset management review.
· The work proposed by the Annual
Internal Audit Plan 2022-2023 is at a high level as opposed to something
like an Asset Management review which would fall into the s17a or
organisational review category.
· It was noted that there
is a ‘dashboard’ that has previously been presented to the
sub-committee that shows all of the audit and review processes currently
underway and that have been completed, including s17 reviews and associated timeframes.
The dashboard requires updating to include plans for the next 3-5 years in
order to provide the full context across the organisation to the next FARS
meeting.
· It was agreed that the
Cyber Security internal audit will not be brought forward.
· There was a preference
that the Asset Management audit be brought forward, looking at internal
processes related to key infrastructure rather than the deep dive the CE suggested
is required.
·
In
response to the above, tabled by Councillor Kirton, the CE advised that all
of the items on the list are covered by the Infrastructure Strategy that
Council adopted as part of the 2021-2031 Long Term Plan.
·
Preference
is that an Asset Management audit is undertaken and this will be considered once
further information has been provided by Chris Dolley.
|
