|
|
RĀRANGI TAKE AGENDA
Hui Te Komiti Whakamauru Tūraru | Risk and Assurance Committee Meeting |
|
I hereby give notice that a Meeting of the Te Komiti Whakamauru Tūraru | Risk and Assurance Committee will be held on: |
|
Te Rā | Date: |
Thursday, 15 February 2024 |
Te Wā | Time: |
9.30am |
Te Wāhi | Location: |
Council Chamber Ground Floor, 175 Rimu Road Paraparaumu |
Mark de Haast Group Manager Corporate Services |
Risk and Assurance Committee Meeting Agenda |
15 February 2024 |
Kāpiti Coast District Council
Notice is hereby given that a meeting of the Te Komiti Whakamauru Tūraru | Risk and Assurance Committee will be held in the Council Chamber, Ground Floor, 175 Rimu Road, Paraparaumu, on Thursday 15 February 2024, 9.30am.
Te Komiti Whakamauru Tūraru | Risk and Assurance Committee Members
Mr David Shand |
Chair |
Mayor Janet Holborow |
Member |
Deputy Mayor Lawrence Kirby |
Member |
Cr Liz Koh |
Member |
Cr Jocelyn Prvanov |
Member |
Cr Glen Cooper |
Member |
Mr David Cochrane |
Member |
Ms Oriwia Raureti |
Member |
Risk and Assurance Committee Meeting Agenda |
15 February 2024 |
Te Raupapa Take | Order Of Business
2 Karakia a te Kaunihera | Council Blessing
6 Ngā Take a ngā Mema | Members’ Business
8.1 Health and Safety Quarterly Report : 1 October 2023 - 31 December 2023
8.2 Top 10 Organisational Risk Report
8.3 Quarterly Treasury Compliance
8.4 Progress Update Regarding Audit Control Findings 2022/23
8.5 Internal Audit Work Programme - Progress Update
8.6 Internal Audit 2023 Outcomes Report
8.7 Internal Audit Work Programme 2024
8.8 Legislative Compliance 1 October to 31 December 2023
8.9 Forward Work Programme 2024 for Risk and Assurance Committee
9 Te Whakaū i ngā Āmiki | Confirmation of Minutes
Resolution to Exclude the Public
10 Te Whakaūnga o Ngā Āmiki Kāore e Wātea ki te Marea | Confirmation of Public Excluded Minutes
10.1 Confirmation of Public Excluded Minutes30
11 Purongo Kāore e Wātea ki te Marea | Public Excluded Reports
11.1 Litigation and External Investigations Report
1 Nau Mai | Welcome
2 Karakia a te Kaunihera | Council Blessing
I a mātou e whiriwhiri ana i ngā take kei mua i ō mātou aroaro
E pono ana mātou ka kaha tonu ki te whakapau mahara huapai mō ngā hapori e mahi nei mātou.
Me kaha hoki mātou katoa kia whaihua, kia tōtika tā mātou mahi,
Ā, mā te māia, te tiro whakamua me te hihiri
Ka taea te arahi i roto i te kotahitanga me te aroha.
|
As we deliberate on the issues before us,
We trust that we will reflect
positively on the
Let us all seek to be effective and just,
So that with courage, vision and energy,
We provide positive leadership in a spirit of harmony and compassion. |
4 Te Tauākī o Te Whaitake ki ngā Mea o te Rārangi Take | Declarations of Interest Relating to Items on the Agenda
Notification from Elected Members of:
4.1 – any interests that may create a conflict with their role as an elected member relating to the items of business for this meeting, and
4.2 – any interests in items in which they have a direct or indirect pecuniary interest as provided for in the Local Authorities (Members’ Interests) Act 1968
5 He Wā Kōrero ki te Marea mō ngā Mea e Hāngai ana ki te Rārangi Take | Public Speaking Time for Items Relating to the Agenda
6 Ngā Take a ngā Mema | Members’ Business
(a) Updates by the Chair
(b) Leave of Absence
(c) Matters of an Urgent Nature (advice to be provided to the Chair prior to the commencement of the meeting)
15 February 2024 |
Kaituhi | Author: Roderick Hickling, Emergency Management Advisor
Kaiwhakamana | Authoriser: James Jefferson, Group Manager Regulatory Services
Te pūtake | Purpose
1 This report provides the Risk and Assurance Committee with an update of Emergency Management.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee notes this update.
Tūāpapa | Background
2 Under the CDEM Act (2002) local authorities have a responsibility to ensure that the District is able to function to the fullest extent possible, even though this may be at a reduced level during and after an emergency, and to plan and provide for civil defence emergency management within their District. Over recent times, there has been an increase in frequency and severity of weather events. There is a critical need to be able to respond and then recover effectively from such events at the same time as preparing for lower frequency but higher impact events like a major earthquake and/or tsunami.
3 This briefing will update the Committee on Kāpiti Coast District Council’s preparedness for future events.
He take | issues
4 No issues noted.
Ngā kōwhiringa | Options
5 No options noted.
ngā Mahi panuku | next steps
6 To be covered during the presentation.
Ngā āpitihanga | Attachments
Nil
15 February 2024 |
8.1 Health and Safety Quarterly Report : 1 October 2023 - 31 December 2023
Kaituhi | Author: Dianne Andrew, Organisational Development Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
TE PŪTAKE | PURPOSE
1 This Report presents the Health and Safety Quarterly Report for the period 1 October 2023 – 31 December 2023.
HE WHAKARĀPOPOTO | EXECUTIVE SUMMARY
2 Not required for this report.
TE TUKU HAEPAPA | DELEGATION
3 The Risk and Assurance Committee has delegated authority to consider this report under the following delegation in the Governance Structure, Section C 1:
· Ensuring that the Council has in place a current and comprehensive risk management framework and making recommendations to the Council on risk mitigation;
· Assisting elected members in the discharge of their responsibilities by ensuring compliance procedures are in place for all statutory requirements relating to their role;
· Governance role in regard to the Health and Safety Plan.
TAUNAKITANGA | RECOMMENDATIONS
A. That the Risk and Assurance Committee notes the Health and Safety Quarterly Report for the period 1 October 2023 – 31 December 2023 attached as Appendix One to this Report.
TŪĀPAPA | BACKGROUND
4 The quarterly Health & Safety Report is intended to provide the Council with insight into initiatives and activities and their progress, as part of our Council’s commitment to providing a safe and healthy place to work. The contents and any subsequent discussions arising from this report can support Officers to meet their due diligence obligations under the Health & Safety at Work Act (HSWA) 2015.
5 The timing of the Health and Safety Quarterly Reports does not prevent an ‘as and when required’ verbal update from the Chief Executive to the Mayor and Council regarding serious or high profile risk events. Such events would be recorded and retrospectively included in the next available Quarterly Report.
HE KŌRERORERO | DISCUSSION
He take | Issues
6 There are no issues to highlight in addition to those included in Appendix One to this report.
Ngā kōwhiringa | Options
7 There are no options arising from this report.
Tangata whenua
8 There are no mana whenua considerations arising from this report.
Panonitanga āhuarangi | Climate change
9 There are no climate change considerations arising from this report.
Ahumoni me ngā rawa | Financial and resourcing
10 There are no financial or resourcing considerations arising from this report.
Ture me ngā Tūraru | Legal and risk
11 There are no legal and risk considerations in addition to those already noted in this report.
Ngā pānga ki ngā kaupapa here | Policy impact
12 There are no policy considerations arising from this report.
TE WHAKAWHITI KŌRERO ME TE TŪHONO | COMMUNICATIONS & ENGAGEMENT
13 There are no communication and engagement considerations arising from this report.
Te mahere tūhono | Engagement planning
14 An engagement plan is not needed regarding this report.
Whakatairanga | Publicity
15 There are no publicity considerations.
NGĀ ĀPITIHANGA | ATTACHMENTS
1. Health
and Safety Quarterly Report for the period 1 October to 31 December 2023 ⇩
15 February 2024 |
8.2 Top 10 Organisational Risk Report
Kaituhi | Author: Nienke Itjeshorst, Lead Risk and Assurance Advisor
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report updates the Risk and Assurance Committee on the Top 10 Organisational Risks currently facing the organisation.
He whakarāpopoto | Executive summary
2 This report does not require an Executive Summary.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee has delegated authority to consider this report under section C.3 of the Governance Structure and Delegations.
· Ensuring that Council has in place a current and comprehensive risk management framework and making recommendations to the Council on risk mitigation.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee receives and notes this report, including Appendix 1 to this report.
Tūāpapa | Background
4 The Top 10 Organisational Risks are aimed at setting a clear direction for staff as to what the Senior Leadership Team (SLT) have identified as the highest areas of potential risk for the organisation to being able to successfully achieve its objectives.
5 “Risk” for the management of the council organisation is defined as:
5.1 the impact of uncertain events that can happen in the future on the planned objectives that the SLT wants the organisation to deliver and/or achieve (short, medium and long term), and
5.2 includes strategic, reputational, regulatory, legal, security, change and operational risks.
6 The current Top 10 risks are managed in a risk register in our Enterprise Risk Management software: Camms Risk. It is important to note that these risk listings are:
6.1 not ranked in order of severity,
6.2 capped at 10, to provide a clear focus for SLT and this Committee,
6.3 not ‘set in stone,” emerging organisational risks can be brought forward to replace an existing risk when required and/or relevant.
7 Engagement on the organisational risk profile is through on-going conversations with SLT and activity managers about these risks, the controls to prevent or mitigate these risks and status of risk treatments that are underway to implement the controls to achieve the target risk level. These conversations ensure each risk is regularly reviewed providing assurance that the treatments are being conducted to further mitigate the risk.
8 The table below identifies the current Top 10 Organisational Risks.
Risk Title |
|
ORG 1 |
Loss of life, serious injury or illness due to insufficient Health, Safety and Wellbeing management. |
ORG 2 |
Failure to adequately maintain social licence. |
ORG 3 |
Failure to give effect to Te Tiriti and our obligations to Iwi, Hapu and Māori. |
ORG 4 |
Inadequate mitigation and adaptation responses to known and future climate change challenges. |
ORG 5 |
Failure to achieve legislative obligations. |
ORG 6 |
Inadequate management of the impacts of central government reform/change. |
ORG 7 |
Inadequate safeguards against cyber security threats. |
ORG 8 |
Failure to prudently manage Council’s financial stability including fraudulent activity. |
Failure to maintain business continuity for our core services and inadequate planning and preparedness for emergencies. |
|
ORG 10 |
Inability to attract and retain sufficient capacity to deliver Council’s objectives. |
9 A list of AS/NZS?ISO 3100:2018 Standard: Risk Management – Guidelines definitions is included in the Heatmap Report on the last page.
He kōrerorero | Discussion
10 This report provides an update of the current Top 10 Organisational Risks. The ‘Top 10 Organisational Risk Heatmap Report’ attached as Appendix 1 to this report, details how the organisation is treating and mitigating these risks, with progress updates against each of the individual risk treatments.
Changes to Top 10 Organisational Risks
11 Discussions with Activity Managers and SLT have resulted in a change of the target risk ratings for Organisational risks 5 and 8. Both’ target risk’ ratings are now rated moderate (as opposed to low), which is considered to be more realistic and shows an appropriate level of risk acceptance, taking into account the size of this organisation and its annual financial turnover. For Organisational risk 8 this means that the current risk rating and the target risk rating are the same.
12 Following the proposed establishment of an Emergency Management team within Council and the increasing risk of severe weather events it was also considered appropriate to include emergency management in the Organisation Top 10 Risks and bring this into ORG risk 9 (for now). This risk is now defined as presented in paragraph 8 above as: Failure to maintain business continuity for our core services and inadequate planning and preparedness for emergencies. Controls and risk treatments for emergency management have been added to the heatmap report.
Long Term Plan development and risks considerations.
13 As part of the development of the 2024-34 Long Term Plan, asset managers are considering risks to their assets and services delivery and plan projects, actions, improvements to mitigate and manage these risks. Each asset management plan contains a risk register that includes risk assessment and lists risk treatments. The treatments are part of the planned forward work-programmes and incorporated into budgets.
He take | Issues
14 There are no issues to be raised in this report.
Ngā kōwhiringa | Options
15 There are no options to be raised in this report.
Tangata whenua
16 There are no tangata whenua considerations arising in addition to those included in Appendix 1 to this report.
Panonitanga āhuarangi | Climate change
17 There are no climate change considerations arising in addition to those included in Appendix 1 to this report.
Ahumoni me ngā rawa | Financial and resourcing
18 There are no further financial and resourcing considerations arising from this report.
Ture me ngā Tūraru | Legal and risk
19 There are no further legal considerations arising from this report.
Ngā pānga ki ngā kaupapa here | Policy impact
20 There are no further policy implications arising from this report.
Te whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
21 This matter has a low level of significance under the Council’s Significance and Engagement Policy.
Whakatairanga | Publicity
22 There are no publicity considerations.
Ngā āpitihanga | Attachments
1. Organisational
Top 10 Risk Heatmap Report 15 February 2024 ⇩
15 February 2024 |
8.3 Quarterly Treasury Compliance
Kaituhi | Author: Jing Zhou, Chief Financial Officer
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
TE PŪTAKE | PURPOSE
1 This report provides confirmation to the Risk and Assurance Committee of the Council’s compliance with its Treasury Management Policy (Policy) for the quarter ended 31 December 2023.
HE WHAKARĀPOPOTO | EXECUTIVE SUMMARY
2 This is not required for this report.
TE TUKU HAEPAPA | DELEGATION
3 The Risk and Assurance Committee (Committee) has the delegation to consider this matter under the section of Part C.3 of the Governance Structure and Delegations 2022-2025 Triennium which states: “This committee is responsible for monitoring the Council’s financial management, financial reporting mechanisms and framework, and risk and assurance function, ensuring the existence of sound internal systems.”
TAUNAKITANGA | RECOMMENDATIONS
A. That the Risk and Assurance Committee notes the Council’s full compliance with its Treasury Management Policy for the three months ended 31 December 2023.
TŪĀPAPA | BACKGROUND
4 The Policy sets out a framework for the Council to manage its borrowing and investment activities in accordance with the Council’s objectives and incorporates legislative requirements.
5 The Policy mandates regular treasury reporting to management, the Strategy, Operations and Finance Committee, as well as quarterly compliance reporting to the Risk and Assurance Committee.
6 To assess the effectiveness of the Council’s treasury management activities and compliance to the Policy, certain performance measures and parameters have been prescribed. These are:
· cash/debt position;
· liquidity/funding control limits;
· interest rate risk control limits;
· counterparty credit risk;
· specific borrowing limits; and
· risk management performance.
HE KŌRERORERO | DISCUSSION
Cash/Debt Position
7 Table 1 below shows the Council’s net debt position as at 31 December 2023 against the 2023/24 full year budget and the prior year closing balance.
8 During the past three months, the Council has issued $30million of new debt. This was used to pre-fund the October 2024 debt maturity ($10million), and 2023/2024 capex programme costs ($20million).
9 The table below shows (a) the movement in the Council’s external debt balance, (b) the movement in the Council’s pre-funding programme by debt maturity and (c), that part of the Council’s CAPEX programme funded by new borrowings for the three months ended 31 December 2023.
10 As at 31 December 2023 the Council had $84.1 million of cash, borrower notes and term deposits on hand. This is broken down as follows:
11 For the three months ended 31 December 2023, the Council has not breached its net debt upper limit, as shown in the chart below:
1
12 The Council targeted through its LTP 2021-41 financial strategy to keep net borrowings below 280% of total operating income with a preferred limit of 250%. As at 31 December 2023, the Council’s net borrowings are 193.1% of forecasted 2024 total operating income.
Liquidity/Funding control limits
13 Liquidity and funding management focuses on reducing the concentration of risk at any point so that the overall borrowings cost is not increased unnecessarily and/or the desired maturity profile is not compromised due to market conditions. This risk is managed by spreading and smoothing debt maturities and establishing maturity compliance buckets.
14 Since October 2015 the Council’s treasury strategy has included a debt pre-funding programme. The Policy allows pre-funding of the Council debt maturities and Capex programme up to 18 months in advance, including re-financing.
15 The following chart presents the Council’s debt maturity dates in relation to the financial year in which the debt was issued. This demonstrates that since 2016/17, the Council has actively reduced risk concentration by spreading debt maturity dates and debt maturity values.
2
16 Debt maturities must fall within maturity compliance buckets. These maturity buckets are as follows:
Maturity Period |
Minimum |
Maximum |
0 to 3 years |
10% |
70% |
3 to 5 years |
10% |
60% |
5 to 10 years |
10% |
50% |
10 years plus |
0% |
20% |
17 For the three months ended 31 December 2023, the Council has been fully compliant with its debt maturity limits, as shown by the chart below. The upper limits, as shown by dashed lines, relate to the bars of the same colour. For example, the 0 to 3 years upper limit of 70% is in blue. Actual maturities in the 03-year bucket are represented by the blue bars. The Council has no long-term debt maturing in ten years’ time or beyond.
Interest rate risk control limits
18 The Council seeks endorsement from Bancorp, its independent treasury advisor for all debt issuances. Typically, Council issues debt on a floating rate basis and applies its fixed interest rate swaps (hedges) to minimise its exposure at any one time to interest rate fluctuations. This ensures more certainty of interest rate costs when setting our Annual Plan and Long-Term Plan budgets.
19 Without such hedging, the Council would have difficulty absorbing adverse interest rate movements. A 1% increase in interest rates on $305 million of external debt would equate to additional interest expense of $3.05 million per annum. Conversely, fixing interest rates does however reduce the Council’s ability to benefit from falling and/or more favourable interest rate movements.
20 The objectives of any treasury strategy are therefore to smooth out the effects of interest rate movements, while being aware of the direction of the market, and to be able to respond accordingly.
21 The Policy sets out the following interest rate limits:
Major control limit where the total notional amount of all interest rate risk management instruments (i.e. interest rate swaps) must not exceed the Council’s total actual debt; and
Fixed/Floating Risk Control limit, that specifies that at least 55% of the Council’s borrowings must be fixed, up to a maximum of 100%.
22 The Council has been fully compliant for the three months ended 31 December 2023, as shown by the table below. New hedging instruments will be needed in the future to maintain Policy compliance. Hedging instruments remain comparatively expensive.
23 Like debt maturities, hedging instrument maturities must also fall within maturity compliance buckets. These maturity compliance buckets are as follows:
Period |
Minimum |
Maximum |
1 to 3 years |
15% |
60% |
3 to 5 years |
15% |
60% |
5 to 10 years |
15% |
60% |
10 years plus |
0% |
20% |
24 The Council has been fully compliant for the three months ended 31 December 2023, as shown by the following chart. Note that maturities falling within 1 year are not included. The Council has no hedging instrument maturities in ten years’ time or beyond.
Counterparty Credit Risk
25 The policy sets maximum limits on transactions with counterparties. The purpose of this is to ensure the Council does not over-concentrate its investments or risk management instruments with a single party.
26 The policy sets the gross counterparty limits as follows:
Counterparty/Issuer |
Minimum Standard and Poor’s long term |
Investments maximum per counterparty |
Risk management instruments maximum per counterparty |
Borrowing maximum per counterparty |
NZ Government |
N/A |
Unlimited |
None |
Unlimited |
LGFA |
AA-/A-1 |
$20m |
None |
Unlimited |
NZ Registered Bank |
A+/A-1 |
60% of total investments or $25m; whichever is greater |
50% of total instruments or |
$50m |
27 The Council was in full compliance with all counterparty credit limits for the three months ended 31 December 2023. The tables below show the Council’s investments and risk management instruments holdings per counterparty for this period.
Term deposit & Cash investments
*Policy Limit: 60% of total investments or $25 million; whichever is greater
Interest rate swaps
*Policy Limit: 50% of total instruments or $80 million; whichever is greater
Specific Borrowing Limits
28 In managing debt, the Council is required to adhere to the specific borrowing limits.
Risk Management Performance
30 The following table shows the Council’s interest income and expense for the three months ended 31 December 2023 together with the weighted average cost of borrowing (WACB), compared to year-to-date budget and full year forecast.
31 The following graph shows the year-to-date average cost of borrowings, for each month of the quarter.
He take | Issues
32 This report has a low level of significance under the Council’s Significance and Engagement Policy).
Ngā kōwhiringa | Options
33 There are no options to be considered.
Tangata whenua
34 There are no tāngata whenua considerations arising directly from this report.
Panonitanga āhuarangi | Climate change
35 There are no climate change considerations within this report.
Ahumoni me ngā rawa | Financial and resourcing
36 There are no financial and resourcing considerations in addition to those already noted in this report.
Ture me ngā Tūraru | Legal and risk
37 There are no legal and risk considerations arising from this report.
Ngā pānga ki ngā kaupapa here | Policy impact
38 There are no policy considerations in addition to those already noted in this report.
TE WHAKAWHITI KŌRERO ME TE TŪHONO | COMMUNICATIONS & ENGAGEMENT
Te mahere tūhono | Engagement planning
39 An engagement plan is not required for this report.
Whakatairanga | Publicity
40 There are no publicity considerations arising from this report.
NGĀ ĀPITIHANGA | ATTACHMENTS
Nil
15 February 2024 |
8.4 Progress Update Regarding Audit Control Findings 2022/23
Kaituhi | Author: Sharon Foss, Business Improvement Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report provides the Risk and Assurance Committee with a progress report on Ernst & Young’s Report on Control Findings for the year ended 30 June 2023.
He whakarāpopoto | Executive summary
2 There is no requirement for an Executive Summary.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee has delegated authority to consider this report under section C.3 of the Governance Structure and Delegations.
· Reviewing and maintaining the internal control framework.
· Obtaining from external auditors any information relevant to the Council’s financial statements and assessing whether appropriate action has been taken by management in response to the above.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee:
A.1 notes the progress update regarding Ernst & Young’s Report on Control Findings for the year ended 30 June 2023, attached as Appendix 1 to this report, and
A.2 that Ernst & Young will re-assess these as part of their audit for the year ended 30 June 2024.
Tūāpapa | Background
4 In accordance with New Zealand Auditing Standards, Ernst & Young (EY) performed a review of the design and operating effectiveness of the Council’s significant financial reporting processes as part of their audit for the year ended 30 June 2023. The annual EY Audit Plan, as considered by this Committee, reflects the areas of focus set by the Office of the Auditor General.
5 The EY Report on Control Findings highlights weaknesses in our first line of defences (controls). Of particular interest for the Committee are the levels that EY have classified the control risk matters they identified. The classifications are as follows:
Ernst & Young – Risk Ranking System |
|
High |
Matters and/or issues considered to be fundamental to the mitigation of material risk, maintenance of internal control or good corporate governance. Action should be taken either immediately or within three months. |
Matters and/or issues considered to be of major importance to maintenance of internal control, good corporate governance, or best practice for processes. Action should normally be taken within six months. |
|
Low |
A weakness which does not seriously detract from the internal control framework. If required, action should be taken within 6 -12 months. |
He kōrerorero | Discussion
6 The following table outlines the control findings and associated risk ratings across the last two external audits conducted by EY.
Overview of Risk Ranking System and Control Finding |
||||
Status |
Risk Ranking |
Total |
||
High |
Moderate |
Low |
||
Open at 30 June 2022 |
- |
1 |
4 |
5 |
Closed during financial year 2022/23 |
- |
- |
3 |
3 |
New points raised in financial year 2022/23 |
- |
- |
1 |
1 |
Total open points at 30 June 2023 |
- |
1 |
2 |
3 |
7 In keeping with standard practice, EY will consider if these three control findings can be closed out, as part of their audit for the financial year ended 30 June 2024.
8 The table below details the year-to-date progress against these control findings.
EY Risk Ranking |
Control Findings |
Summary - |
Completion Status |
Moderate |
2.1.1 Accuracy of response and resolution times (MagiQ service request data refers) |
Agreed action: · Undertake an internal review of the performance measure data prior to finalising. · Update the process for recording requests for service to correct this weakness.
Action update: Completed · Discussed control findings with EY. · Contacted relevant staff to gain an initial view as to possible cause for the EY finding.
In Progress · Review initial responses. · Determine 1st line of defence point of failure and associated risk treatments. |
In Progress |
Low |
2.2.1 Aged work in progress review (Waikanae duplicate rising main infrastructure project refers) |
Agreed action: · Establish annual reviews of aged work in progress projects · Document the review and ensure that the assessment includes consideration of: o the age of the work in progress, o whether the asset is ready for use, and o any indicators of impairment.
Action update: Generic Improvement: Assurance around Aged Work in Progress · Have established an annual review at year end of Aged Work in Progress of projects that have had no movement in the last 12 months. · The reviews will be documented and the assessment will include consideration of: o the age of the work in progress, o whether the asset is ready for use, and o any indicators of impairment. · Meantime, associated purchase orders are being reviewed. 1 Action update: Specific Finding: Work in Progress Project The Waikanae Duplicate Rising Main project has taken some time to receive a resource consent and that has delayed the project from the original scheduled completion date of 30 June 2024. It is now expected to be complete in 2025. |
In Progress
Will likely be carried over. |
Low |
2.2.2 |
Agreed
action:
· Last financial year planning started on the development of a mechanism to ensure our time and effort for projects are considered. · Work has progressed. SLT is scheduled to consider adopting an overhead allocation model developed in line with EY’s recommended approach. If approved, that model will be operative by end of March 2024. |
In Progress |
He take | Issues
9 There are no additional issues to be raised in this report.
Ngā kōwhiringa | Options
10 There are no options to be raised in this report.
Tangata whenua
11 There are no tāngata whenua considerations arising from this report.
Panonitanga āhuarangi | Climate change
12 There are no climate change issues arising from this report.
Ahumoni me ngā rawa | Financial and resourcing
13 There are no additional financial or resource issues arising from this report.
Ture me ngā Tūraru | Legal and risk
14 There are no legal considerations arising from this report.
Ngā pānga ki ngā kaupapa here | Policy impact
15 There are no policy implications arising from this report.
Te whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
16 This matter has a low level of significance under the Council’s Significance and Engagement Policy.
Whakatairanga | Publicity
17 There are no publicity considerations.
Ngā āpitihanga | Attachments
1. Appendix
1 - Ernst & Young's Report on Control Findings for the year ended 30 June
2023 ⇩
15 February 2024 |
8.5 Internal Audit Work Programme - Progress Update
Kaituhi | Author: Sharon Foss, Business Improvement Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report updates the Risk and Assurance Committee on the Internal Audit function of Council.
He whakarāpopoto | Executive summary
2 This report does not require an Executive Summary.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee has delegated authority to consider this report under section C.3 of the Governance Structure and Delegations.
· Ensuring that Council has in place a current and comprehensive risk management framework and making recommendations to the Council on risk mitigation.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee receives and notes the Internal Audit progress update on the work programme for 2023/24.
Tūāpapa | Background
4 Internal audit is line three of the ‘Four Lines of Defence’ model used in the Risk and Assurance workstream.
5 Each of the four sources of assurance in the table above contribute to the overall level of assurance provided and importantly by breaking them down into four categories they can be integrated into everyday life at Council.
First line: Risks are managed and controlled day-to-day. Assurance comes directly from those responsible for delivering specific objectives or processes.
Second line: Council oversees the control framework so that it operates effectively.
Third line: Internal audit, providing reasonable (not absolute) assurance of the overall effectiveness of governance, risk management and controls.
Fourth line: Assurance from external independent bodies such as the external auditors and other external bodies.
6 The internal audit work programme is set with reference to a range of sources including:
· the Office of the Auditor-General published resources and guidance,
· Audit NZ published resources and guidance,
· Ernst and Young (our “appointed auditor” appointed by the Auditor-General) independent recommendations and control findings, and
· other observations made from internal audits.
7 This Committee receives three reports in relation to the approved Internal Audit Work Programme:
· this progress report on the internal audits; and
· a proposed internal audit work programme (prepared annually) which appears on this agenda. The programme sets audit topics and identifies resources required for the year in alignment with the Council’s objectives and key risks, and
· a final outcomes report on the internal audits completed in the previous calendar year (2023) which is also on this agenda.
He kōrerorero | Discussion
Third Line of Defence (Internal Audit)
8 In accordance with both the NZ Auditing Standards and our external auditors, Ernst & Young, we use the following risk ranking system when selecting which internal audits to conduct.
High |
Matters and/or issues considered to be fundamental to the mitigation of material risk, maintenance of internal control or good corporate governance. |
Moderate |
Matters and/or issues considered to be of major importance to maintenance of internal control, good corporate governance, or best practice for processes. |
Low |
A weakness which does not seriously detract from the internal control framework. |
Progress
9 The following status categories update this Committee on progress made on the internal audit work programme at the time of finalising this report.
Progress Status Categories |
||
|
|
|
10 The progress on the Internal Audit Work Programme is noted below.
Internal Audit Work Programme 2024 |
|||
Risk Ranking |
Activity |
Progress as of 7 February 2024 |
|
Status |
Update |
||
High |
Compliance with Mitigation of Fraud Policy. |
|
Completed.
|
High |
Compliance with Procurement Policy Framework. |
|
Completed.
|
High |
Compliance with Employee Code of Conduct document (incl. Conflict of Interest Declarations). Audit
scope |
|
In progress. |
High |
Compliance with General Expenses Policy. Audit
scope |
|
In progress. |
Moderate |
Compliance with Receipt of Gifts and Hospitality Policy. Audit scope |
|
In progress. |
Moderate |
Compliance with Protected Disclosures (Protection of Whistleblowers) Policy. Audit scope |
|
Review
delayed See Draft Internal Audit Work Programme report on this agenda. |
Moderate |
External Audit (Ernst & Young) 2022/23 - Control Findings. Follow up on recommendations |
|
Ongoing F/Y 2022/23. See Progress Update Regarding Audit Control Findings 2022/23 report on this agenda. |
Low |
Review preparedness for business interruption and continuously improve. |
|
Ongoing. Report being prepared for SLT to discuss how this can be resourced and completed. |
He take | Issues
11 There are no issues to be raised in this report.
Ngā kōwhiringa | Options
12 There are no options to be raised in this report.
Tangata whenua
13 There are no tāngata whenua considerations arising from this report.
Panonitanga āhuarangi | Climate change
14 There are no climate change issues arising from this report.
Ahumoni me ngā rawa | Financial and resourcing
15 There are no further financial and resourcing considerations arising from this report.
Ture me ngā Tūraru | Legal and risk
16 There are no legal considerations arising from this report.
Ngā pānga ki ngā kaupapa here | Policy impact
17 There are no policy implications arising from this report.
Te whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
18 This matter has a low level of significance under the Council’s Significance and Engagement Policy.
Whakatairanga | Publicity
19 The Internal Audit work programme progress update will be publicised through the publication of the agenda and minutes of this Committee meeting.
Ngā āpitihanga | Attachments
Nil
15 February 2024 |
8.6 Internal Audit 2023 Outcomes Report
Kaituhi | Author: Sharon Foss, Business Improvement Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report updates the Risk and Assurance Committee on the Internal Audit function of Council.
He whakarāpopoto | Executive summary
2 This report does not require an Executive Summary.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee has delegated authority to consider this report under section C.3 of the Governance Structure and Delegations.
Ensuring that Council has in place a current and comprehensive risk management framework and making recommendations to the Council on risk mitigation.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee receives and notes the Internal Audit 2023 Outcomes Report.
Tūāpapa | Background
4 The 2023 internal audit priorities were the Mitigation of Fraud Policy and the Procurement Framework Policy, both of which were completed.
He kōrerorero | Discussion
Overview – Mitigation of Fraud Policy Internal Audit
5 The following is a summary of the key issues identified during the audit of the Mitigation of Fraud Policy along with the operational response from the Chief Executive and Group Manager, Corporate Services.
6 Progress on the listed management responses is being monitored by the internal audit function.
Summary Overview - Internal Audit of the Mitigation of Fraud Policy |
||
Management response |
||
Lack of fraud awareness |
· Plan/schedule regular fraud awareness messages and training for staff. · Improve mitigation of fraud and conflict of interest information (profile and sources, including intranet). |
|
The Policy requirements are not all being followed |
· Develop list of procedures to document internal controls carried out to meet the Policy requirements. · Review Policy risk assessment requirements and ensure they are followed. · Review Policy reporting requirements and ensure they are followed. · Develop a new Fraud Register that meets the Policy’s requirements |
|
The Policy contains anomalies and outdated information |
· Remove inconsistencies and outdated information when the Policy is reviewed. |
Overview – Procurement Framework Policy Internal Audit
7 The following is a summary of the key issues identified during the audit of the Procurement Framework.
8 Progress on the listed management responses is being monitored by the internal audit function.
Summary Overview - Internal Audit of the Procurement Framework Policy |
||
Observations |
Management response |
|
Procurement Framework is complicated and difficult to follow. |
· Review and simplify the framework · Be clearer about what process steps are mandatory · Continue staff training and associated reminders. |
|
Record keeping is poor. |
· Record keeping instructions to be clearer about requirements. · Implement a method to record completion of mandatory procurement actions · Remind staff to keep full procurement records |
|
Inconsistencies in processes and practises need to be corrected. |
· Procurement instructions to be clearer about requirements · Correct inconsistencies in the Framework · Make information easier to access – particularly on Intranet. |
He take | Issues
9 There are no further issues arising from this report.
Ngā kōwhiringa | Options
10 There are no options to be raised in this report.
Tangata whenua
11 There are no tāngata whenua considerations arising from this report.
Panonitanga āhuarangi | Climate change
12 There are no climate change issues arising from this report.
Ahumoni me ngā rawa | Financial and resourcing
13 There are no further financial and resourcing considerations arising from this report.
Ture me ngā Tūraru | Legal and risk
14 There are no legal considerations arising from this report, and relevant risk considerations made above.
Ngā pānga ki ngā kaupapa here | Policy impact
15 There are no policy implications arising from this report, other than the work underway to refresh both the Mitigation of Fraud Policy and the Procurement Framework Policy.
Te whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
16 This matter has a low level of significance under the Council’s Significance and Engagement Policy.
Whakatairanga | Publicity
17 There are no media releases or publicity requirements arising from this report.
Ngā āpitihanga | Attachments
Nil
15 February 2024 |
8.7 Internal Audit Work Programme 2024
Kaituhi | Author: Sharon Foss, Business Improvement Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report seeks agreement to the 2024 internal audit work programme from the Risk and Assurance Committee.
He whakarāpopoto | EXecutive summary
2 An executive summary is not required for this report.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee (Committee) has the delegation to consider this matter under the section of Part C.3 of the Governance Structure and Delegations 2022-2025 Triennium which states: “This committee is responsible for monitoring the Council’s financial management, financial reporting mechanisms and framework, and risk and assurance function, ensuring the existence of sound internal systems.”
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee approves the 2024 Internal Audit Work Programme through to 30 June 2024 as set out in Appendix 1 to this report.
Tūāpapa | Background
4 The internal audit work programme for 2024 needs to be discussed and agreed at this meeting. While the Chief Executive retains responsibility for approving the operational priorities of the internal audit function, this report provides an opportunity for the Committee to discuss and endorse the internal audit work programme going forward.
He kōrerorero | Discussion
5 The 2024 internal work programme for the Risk and Assurance Committee is attached in Appendix 1 to this report.
6 Two matters to note in considering the content of the internal audit work programme are:
6.1 Firstly, the content shows four internal audits that are still in progress and are to be carried over into the 2024 work programme. These carryovers are attributable to a higher than scheduled time requirement to complete the 2023 internal audits of both the Mitigation of Fraud Policy and Compliance with the Procurement Policy Framework. The Committee was informed of this last year by the Chief Executive.
6.2 Secondly, the work programme only extends through to 30 June 2024. There are two factors contributing to this approach – i) to enable staff to complete the carryover audits from 2023, and ii) to align the audit work programme with the start of the financial year which in 2024 is particularly important with the scheduled adoption of the Long Term Plan.
He take | Issues
7 The establishment and presentation of the internal audit work programme is in accordance with the Office of the Auditor General’s best practice guidance. This approach is used by other Councils throughout New Zealand.
8 That same best practice also provides for the Committee to review progress against the internal audit work programme at each subsequent meeting, as detailed in a separate report to this Committee.
Ngā kōwhiringa | Options
9 The Committee can consider and if necessary, make amendments to the internal audit work programme attached as Appendix 1 to this report.
Tangata whenua
10 Whilst this report does not directly affect tangata whenua, any such considerations will be included where appropriate in other reports presented to the Committee as part of the approved work programme.
Panonitanga āhuarangi | Climate change
11 There are no climate change considerations for this report.
Ahumoni me ngā rawa | Financial and resourcing
12 There are no additional financial considerations for this report.
Ture me ngā Tūraru | Legal and risk
13 There are no legal considerations or risks for this report.
Ngā pānga ki ngā kaupapa here | Policy impact
14 There is no impact on existing Council policies.
TE whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
15 No engagement planning is required for this report.
Whakatairanga | Publicity
16 The approved internal audit work programme will be publicised through the publication of the agenda and minutes of this Committee.
Ngā āpitihanga | Attachments
1. Appendix
1 - Internal Audit Work Programme to 30 June 2024 ⇩
15 February 2024 |
8.8 Legislative Compliance 1 October to 31 December 2023
Kaituhi | Author: Sarah Wattie, Governance & Legal Services Manager
Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 The purpose of this report is to notify the committee of legislative non-compliance in the second quarter of the financial year, 1 October 2023 to 31 December 2023.
He whakarāpopoto | EXecutive summary
2 An executive summary is not required.
Te tuku haepapa | Delegation
3.1 ensuring that Council has in place a current and comprehensive risk management framework and making recommendations to the Council on risk mitigation.
3.2 assisting elected members in the discharge of their responsibilities by ensuring compliance procedures are in place for all statutory requirements relating to their role.
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee:
A.1 notes legislative non-compliance for the second quarter of the financial year from 1 October 2023 to 31 December 2023.
A.2 notes that two legislative non-compliance matters have been transferred to the Litigation and External Investigations Public Excluded meeting for discussion.
Tūāpapa | Background
4 Local government is governed by a complex statutory framework with the Council responsible for a range of legislative requirements. Legislative compliance is important to Council carrying out its functions under the Local Government Act 2002 in a fair and effective manner that is accountable to the local community. Failure to achieve Council’s legislative obligations has also been identified as one of Council’s top 10 risks.
5 Each quarter key Council staff responsible for Council’s compliance with legal obligations under different Acts are asked to complete a quarterly declaration of known non-compliance with legislative requirements and key assurance areas being privacy, procurement, authorised expenditure, cyber security and Local Government Official Information and Meetings Act 1987 (LGOIMA) requirements.
6 Council staff are asked to report against all applicable legislation. A legislative compliance schedule exists to assist staff in completing this declaration, set out in Attachment 1. Council’s external auditors have identified the following legislation and regulations where non-compliance could have a fundamental effect on operations:
· Local Government Act 2002
· Local Authorities (Members’ Interests) Act 1968
· Local Government (Rating) Act 2002
· Local Government (Financial Reporting and Prudence) Regulations 2014
· Building Act 2004
· Resource Management Act 1991.
He kōrerorero | Discussion
7 This section sets out legislative compliance breaches for the second quarter of the financial year, 1 October 2023 to 31 December 2023, against all applicable legislation with risk ratings, corrective actions and status assigned for each breach. It also provides an assurance against key assurance areas outlined above being privacy, procurement, authorised expenditure, cyber security and LGOIMA.
Organisational Risk Levels
8 Organisational risks levels have been assigned to legislative compliance breaches reported to this Committee based on Council’s organisational risk framework. The risk levels are set out below:
Organisational Risk Levels |
|
High |
· Matters and/or issues considered to be fundamental to the mitigation of material risk, maintenance of internal control or good corporate governance. |
Moderate |
· Matters and/or issues considered to be of major importance to maintenance of internal control, good corporate governance, or best practice for processes. |
Low |
· A weakness which does not seriously detract from the internal control framework. |
Key Assurance Areas
9 The Risk and Assurance Committee has requested the following key assurance areas be reported on in additional to legislative compliance:
· Privacy breach: A privacy breach is not meeting the requirements of the Privacy Act 2020 which may include releasing personal information to someone not authorised to receive it or using personal information in an unauthorised way.
· Procurement breach: A procurement or probity breach is a failure to follow the requirements of Council’s procurement policy, which sets out the requirements for our staff to ensure they carry out procurement in a way that is transparency, accountable, impartial and equitable.
· Unauthorised expenditure: Unauthorised expenditure is expenditure that breaches Council’s finance and purchasing policies, such as a staff member spending money without the appropriate financial delegation.
· Cyber security breach: A cyber security breach is a breach of Council’s information security systems which may result in the disclosure of sensitive, personal or commercial information to persons who are not authorised to receive the information or members of the public.
· Local Government Official Information and Meetings Act 1987 (LGOIMA): A breach of this act relates to failure to meet deadlines or requirements for official information requests or transparency and notification requirements relating to Council meetings.
10 Confidential
investigations are not included in this legislative compliance report and will
be reported in public excluded where required.
11 Table 1: Assurance against key risk areas
Risk area |
Description |
Privacy |
There was one privacy breach reported in the period. |
Procurement |
There were no reported procurement breaches in the period. |
Unauthorised expenditure |
There were no reported unauthorised expenditure in the period. There was an update to a previous reported breach. |
Cyber security |
There were no reported cyber security breaches in the period. |
LGOIMA |
There was one breach of requirements under the LGOIMA (official information and meeting requirements) in the period. |
Legislative Compliance Breaches
12 Legislative compliance breaches for the second quarter of the financial year are set out in Attachment 2. These include ongoing breaches previously reported to this Committee.
He take | Issues
13 There are no issues for this report.
Ngā kōwhiringa | Options
14 There are no options required for this report.
Mana whenua
15 Council has a partnership with local iwi and hapū on the Kāpiti Coast District represented by Te Rūnanga O Toa Rangātira, Ngā Hapū o Ōtaki and Āti Awa ki Whakarongotai Charitable Trust.
16 Council’s accountability to the community on legislative compliance extends to its partnership with iwi and commitments made to reflect the obligations under Te Tiriti o Waitangi, as well as other obligations to Māori, mana whenua and tangata whenua under the Local Government Act 2002, Resource Management Act 1987 and other legislation.
Panonitanga āhuarangi | Climate change
17 There are no climate change implications.
Ahumoni me ngā rawa | Financial and resourcing
18 There are no financial implications.
Tūraru ā-Ture me te Whakahaere | Legal and Organisational Risk
19 Organisational risk levels have been assigned to legislative compliance breaches reported in accordance with Council’s organisational risk framework.
20 Except for the issues noted in this report, there are no other legal or risk implications.
Ngā pānga ki ngā kaupapa here | Policy impact
21 There are no policy implications.
TE whakawhiti kōrero me te tūhono | Communications & engagement
22 This report is for the purpose of providing information only and does not trigger the Council’s Significance and Engagement policy.
Te mahere tūhono | Engagement planning
23 There is no requirement for engagement planning.
Whakatairanga | Publicity
24 There are no additional publicity considerations.
Ngā āpitihanga | Attachments
1. Legislative
Compliance Schedule ⇩
2. Legislative
Compliance Breaches and Updates 1 October 2023 to 31 December 2023 ⇩
15 February 2024 |
8.9 Forward Work Programme 2024 for Risk and Assurance Committee
Kaituhi | Author / Kaiwhakamana | Authoriser: Mark de Haast, Group Manager Corporate Services
Te pūtake | Purpose
1 This report seeks agreement to the forward work programme for the Risk and Assurance Committee in 2024.
He whakarāpopoto | EXecutive summary
2 An executive summary is not required for this report.
Te tuku haepapa | Delegation
3 The Risk and Assurance Committee (Committee) has the delegation to consider this matter under the section of Part C.3 of the Governance Structure and Delegations 2022-2025 Triennium which states: “This committee is responsible for monitoring the Council’s financial management, financial reporting mechanisms and framework, and risk and assurance function, ensuring the existence of sound internal systems.”
Taunakitanga | RECOMMENDATIONS
A. That the Risk and Assurance Committee approves its Forward Work Programme for the 2024 calendar year as set out in Appendix 1 to this report.
Tūāpapa | Background
4 The work programme for 2024 needs to be discussed and agreed at this meeting. While the Chief Executive retains responsibility for approving the Committee agenda, this report provides an opportunity for the Committee to discuss and endorse its work programme going forward.
He kōrerorero | Discussion
5 The 2024 forward work programme for the Risk and Assurance Committee as developed by the Group Manager Corporate Services is attached in Appendix 1 to this report.
He take | Issues
6 The establishment and presentation of the forward work programme is in accordance with the Office of the Auditor General’s best practice guidance. This approach is used by other Councils throughout New Zealand.
7 That same best practice also provides for the Committee to review its forward work programme at each subsequent meeting to ensure it remains relevant and can be adapted to changes in the Council’s top 10 organisational risks, as detailed in a separate report to this Committee.
Ngā kōwhiringa | Options
8 The Committee can consider and if necessary, make amendments to the forward work programme attached as Appendix 1 to this report.
Tangata whenua
9 Whilst this report does not directly affect tangata whenua, any such considerations will be included where appropriate in other reports presented to the Committee as part of the approved work programme.
Panonitanga āhuarangi | Climate change
10 There are no climate change considerations for this report.
Ahumoni me ngā rawa | Financial and resourcing
11 There are no additional financial considerations for this report.
Ture me ngā Tūraru | Legal and risk
12 There are no legal considerations or risks for this report.
Ngā pānga ki ngā kaupapa here | Policy impact
13 There is no impact on existing Council policies.
TE whakawhiti kōrero me te tūhono | Communications & engagement
Te mahere tūhono | Engagement planning
14 No engagement planning is required for this report.
Whakatairanga | Publicity
15 The approved forward work programme will be publicised through the publication of the agenda and minutes of the Council meetings.
Ngā āpitihanga | Attachments
1. Forward
Work Programme 2024 ⇩
15 February 2024 |
9 Te Whakaū i ngā Āmiki | Confirmation of Minutes
Author: Jessica Mackman, Senior Advisor, Democracy Services
Authoriser: Mark de Haast, Group Manager Corporate Services
Taunakitanga | Recommendations That the minutes of the Risk and Assurance Committee meeting of 9 November 2023 be accepted as a true and correct record. |
Ngā āpitihanga | Attachments
1. Minutes
of Risk and Assurance Committee Meeting - 9 November 2023 ⇩
15 February 2024 |
10 TE WHAKAŪNGA O NGĀ ĀMIKI KĀORE E WĀTEA KI TE MAREA | CONFIRMATION OF PUBLIC EXCLUDED MINUTES
11 Purongo Kāore e Wātea ki te Marea | Public Excluded Reports
Resolution to Exclude the Public
That, pursuant to Section 48 of the Local Government Official Information and Meetings Act 1987, the public now be excluded from the meeting for the reasons given below, while the following matters are considered. The general subject matter of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:
|