Minutes of a meeting of the Risk & Audit Sub-committee
Date: 10 May 2023
Time: 9.00am
Venue: |
Council Chamber Hawke's Bay Regional Council 159 Dalton Street NAPIER |
Present: Cr N Kirton – Chair
Cr X Harding – Deputy Chair
Cr T Hokianga (online)
Cr J Mackintosh
S Maloy – Independent member (online)
In Attendance: B Bayfield – Interim Chief Executive
S Young – Group Manager Corporate Services
C Comber – Chief Financial Officer
L Hooper – Team Leader Governance
J Bennett – Senior Manager - Finance Recovery
H Marsden – Risk & Corporate Compliance Manager
O Giraud-Burrell – Quality & Assurance Advisor
A Siddles – Chief Information Officer
D Borrie and A Sofe – Ernst Young (online)
C Spencer – Senior Group Accountant
The Chair welcomed everyone to the meeting.
2. Conflict of interest declarations
There were no conflicts of interest declared.
Confirmation of the Risk & Audit Sub-committee Terms of Reference |
|
|
Susie Young spoke to the item, advising that the key change to the Terms of Reference from the previous triennium was to clarify that financial reporting is to the Corporate and Strategic Committee and the focus for RAS is audit and risk. Councillor Jock Mackintosh arrived at 9.10am Councillor Thompson Hokianga arrived at 9.15am Amendments agreed through discussions included that the purpose of RAS covers both financial and non-financial risk, RAS to report directly to Council, meetings are to be quarterly to feed into Council in a timely fashion, and that the Chair of RAS is independent in line with the advice of the Auditor General. |
That the Risk and Audit Sub-committee: 1. Receives and considers the Confirmation of the Risk & Audit Sub-committee Terms of Reference staff report. 2. Recommends that Hawke’s Bay Regional Council reviews the Terms of Reference for the Sub-committee in accordance with amendments agreed today, by 28 June 2023. CARRIED |
2022-2023 Enterprise Internal Audit Plan update and proposed 2023-2024 plan |
|
|
Helen Marsden, Risk & Corporate Compliance Manager, and Olivia Giraud-Burrell, Quality & Assurance Advisor, introduced the item, which was taken as read. Queries and discussions traversed: · The Health & Safety team has carried out an internal review and gap analysis and is now mapping out the necessary systems and processes to meet ISO 45001 (replaces ACC workplace management standard – current until end of July) requirements, which will then be independently audited in October 2023 and any further mitigations implemented. Required as a priority, for reporting to June Council meeting. Councillor Hinewai Ormsby joined the meeting at 9.30am · The review of the HB CDEM Group response to Cyclone Gabrielle will be shared with all councils as members of the Group. · Reviews arising from Cyclone Gabrielle have been added to the schedule of audits/reviews being undertaken to insure visibility on the Council’s Audit Universe · Important to grow internal audit capacity, using external auditors to learn from. · Suggest start by identifying areas for audits to be carried out, then work out whether to use internal or external auditor, then check whether it meets s17a hurdle and scope accordingly. · Additional detail to be included in future reports to include the purpose of the review, Terms of Reference and Scope for the review if available, whether conducted by independent or internal resource and specifying where it is s17a review. |
That the Risk and Audit Sub-committee: 1. Receives and considers the 2022-2023 Enterprise Internal Audit Plan update and proposed 2023-2024 plan staff report. 2. Confirms the internal audit plan for the 2022-2023 financial year includes: 2.1. data analytics (as resolved 4 May 2022) 2.2. Organisational change consolidation and prioritisation (as resolved 4 May 2022). 3. Confirms the proposed Enterprise Internal Audit Plan for the 2023-2024 financial year includes: 3.1. Data Analytics Internal Audit (for 2023-2024 financial year) 3.2. Independent review of HBRC Flood Protection and Drainage Schemes’ performance during Cyclone Gabrielle 3.3. Heretaunga Plains Flood Control Scheme review 3.4. Cyclone Gabrielle Flood Report 3.5. HBRC Internal Review – Timeline of Events 3.6. Telemetry Resilience Review 3.7. Hydrometric Review 3.8. HB CDEM Group Cyclone Gabrielle Response Review. CARRIED |
Treasury Compliance Report for the period 1 January - 31 March 2023 |
|
|
Jess Bennett introduced the item, which was taken as read, and provided an overview of what is assessed for the report. Highlights included: · Short-term borrowing has been drawn down to fund the emergency response to Cyclone Gabrielle, some of which will be recovered from insurers, and is closer to the debt forecast in the LTP. · One flag is that Council is slightly under-hedged at the moment, outside of the policy threshold. · Treasury and associated policies are reviewed regularly, aligned to Long Term Plan cycles. |
That the Risk and Audit Sub-committee receives and notes the Treasury Compliance Report for the period 1 January – 31 March 2023. CARRIED |
The meeting adjourned at 10.14am and reconvened at 10.30am
Organisational change consolidation and prioritisation Internal Audit findings |
|
|
Helen Marsden introduced the item, which presented a draft report to provide RAS with visibility of the audit having been undertaken and completed. Once the findings have been through the Executive Leadership Team and actions agreed, the final report will come to RAS. |
That the Risk and Audit Sub-committee receives and notes the Organisational Change Consolidation and Prioritisation Internal Audit findings staff report. CARRIED |
Audit Plan for the 2022-2023 Annual Report |
|
|
Chris Comber introduced the item, advising that the timeframes proposed by Ernst Young for the audit of the 2022-23 annual report. Notable changes for this year’s audit include: · Cyclone Gabrielle impacts on infrastructure assets, with this year having been signalled as a valuation year and it may not be practical for the valuation to be undertaken this year · Cyclone Gabrielle impacts on funds flowing into Council, including proceeds from insurers and timing, taking account of Council’s funds and funds being managed for others · Appropriate processes for procurement heightened for recovery and ensuring proper controls are exercised and processes followed. · Intention is to have the Audit completed do enable Council to adopt within the statutory deadline, however potential delays will be clarified through the interim audit and any change advised to Council. |
That the Risk and Audit Sub-Committee receives and notes the Audit Plan for the 2022-2023 Annual Report. CARRIED |
Enterprise Risk Report |
|||||||
That the Risk and Audit Sub-committee excludes the public from this section of the meeting, being Agenda Item 8 Enterprise Risk Report with the general subject of the item to be considered while the public is excluded. The reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are:
CARRIED |
Internal Assurance corrective actions update |
|||||||
That the Risk and Audit Sub-committee excludes the public from this section of the meeting, being Agenda Item 9 Internal Assurance corrective actions update with the general subject of the item to be considered while the public is excluded; the reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution being:
CARRIED |
Privacy event |
|||||||
That the Risk and Audit Sub-committee excludes the public from this section of the meeting, being Agenda Item 10 Privacy event with the general subject of the item to be considered while the public is excluded. The reasons for passing the resolution and the specific grounds under Section 48 (1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are:
CARRIED |
The meeting went into public excluded session at 10.58am and out of public excluded session at 12.26pm
Closure:
There being no further business the Chair declared the meeting closed at 12.26pm on Wednesday, 10 May 2023.
Signed as a true and correct record.
Date: by Risk & Audit Committee resolution 18 October 2023 Chair: Stephanie Maloy