Audit and Risk Subcommittee Wednesday 30 June 2021 at 10.00am
|
|
|
|
Audit and Risk Subcommittee
30 June 2021
Audit and Risk Subcommittee Agenda
Meeting to be held in the Council Chamber
36 Water Street, Whangārei
on Wednesday 30 June 2021, commencing at 10.00am
Recommendations contained in the agenda are NOT decisions of the meeting. Please refer to minutes for resolutions.
MEMBERSHIP OF THE Audit and Risk Subcommittee
Chairperson, Colin Kitchen
Councillor Amy Macdonald |
Councillor Joce Yeoman |
Councillor Rick Stolwerk |
Ex-Officio Penny Smart |
Independent Audit & Risk Advisor Danny Tuato'o |
Independent Advisor Stuart Henderson |
KARAKIA / WHAKATAU
RĪMITI (ITEM) Page
1.0 Ngā Mahi Whakapai/Housekeeping
2.0 Ngā Whakapahā/apologies
3.0 Ngā Whakapuakanga/declarations of conflicts of interest
4.0 Ngā Whakaae Miniti (Confirmation of Minutes)
4.1 Confirmation of Minutes - Audit & Risk Subcommittee Minutes 31 March 2021 3
5.1 Receipt of Action Sheet 7
6.1 2021-31 Long Term Plan Audit Report 9
6.2 2020-21 Annual Report: Timetable and Deloitte Planning Report 28
6.3 Internal Audit Update - Counter-Fraud Gap Analysis Report and Far North District Council Rating Review Report 50
6.4 Risk Management Activity Update 84
7.0 Kaupapa ā Roto (Business with the Public Excluded) 126
7.1 Confirmation of Confidential Minutes - Audit & Risk Subcommittee - 31 March 2021
Audit and Risk Subcommittee item: 4.1
30 June 2021
TITLE: |
Confirmation of Minutes - Audit & Risk Subcommittee Minutes 31 March 2021 |
ID: |
A1450746 |
From: |
Judith Graham, Corporate Excellence P/A |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on |
That the minutes of the Audit & Risk Subcommittee meeting held on 31 March 2021, be confirmed as a true and correct record.
Attachments/Ngā tapirihanga
Attachment 1: Audit & Risk Subcommittee Minutes - 31 March 2021 ⇩
30 June 2021
TITLE: |
Receipt of Action Sheet |
ID: |
A1450900 |
From: |
Judith Graham, Corporate Excellence P/A |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on |
Whakarāpopototanga / Executive summary
The purpose of this report is to enable the meeting to receive the current action sheet.
That the action sheet be received.
Attachments/Ngā tapirihanga
Attachment 1: Audit & Risk March action sheet ⇩
Audit and Risk Subcommittee item: 6.1
30 June 2021
TITLE: |
2021-31 Long Term Plan Audit Report |
ID: |
A1450850 |
From: |
Judith Graham, Corporate Excellence P/A |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on |
Whakarāpopototanga / Executive summary
The attached 2021-31 Long Term Plan Audit report completed by Deloitte are the results and insights arising from the audit of the LTP which Deloitte consider appropriate for the attention of the Audit & Risk Subcommittee. The 2021-31 LTP audit report is set down for discussion and Peter Gulliver from Deloitte will be joining the meeting virtually to answer any questions.
That the report ‘2021-31 Long Term Plan Audit Report’ by Judith Graham, Corporate Excellence P/A and dated 18 June 2021, be received.
Attachments/Ngā tapirihanga
Attachment 1: 2021-31 Long Term Plan Audit Report ⇩
30 June 2021
TITLE: |
2020-21 Annual Report: Timetable and Deloitte Planning Report |
ID: |
A1450655 |
From: |
Simon Crabb, Finance Manager |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on 09 June 2021 |
Whakarāpopototanga / Executive summary
As part of the 2020-21 Annual Report process, Deloitte have prepared a planning report outlining their planned approach, and the key areas of focus for this year’s audit. This report is attached as Attachment 1.
Peter Gulliver of Deloitte (Audit Partner) will attend the June Audit and Risk Subcommittee meeting to discuss the 2020-21 planning report, and answer any questions.
That the report ‘2020-21 Annual Report: Timetable and Deloitte Planning Report’ by Simon Crabb, Finance Manager and dated 8 June 2021, be received.
Background/Tuhinga
A schedule of the high-level milestone dates for the 2020-21 Audit programme is presented over the page.
Attachments/Ngā tapirihanga
Attachment 1: Deloitte - 2020-21 Audit Planning Report ⇩
30 June 2021
TITLE: |
Internal Audit Update - Counter-Fraud Gap Analysis Report and Far North District Council Rating Review Report |
ID: |
A1448376 |
From: |
Simon Crabb, Finance Manager |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on 22 June 2021 |
Executive summary/Whakarāpopototanga
All the reviews proposed in Councils 2020-21 Internal Audit programme have been completed.
Insurable Risk Profile review |
Completed – November 2020 |
Presented to Subcommittee in December 2020 |
Counter-Fraud Gap Analysis |
Completed – May 2021. |
Refer Attachment 1 |
FNDC Rating Review |
Completed – June 2021. |
Refer Attachment 2 |
Human Resources Procedures |
Completed – May 2021. |
Scheduled to be presented to Subcommittee in September 2021 |
The proposed programme for the next two years was established at the Subcommittees December 2020 meeting, and is set out below:
Proposed Audit Programme |
|
2021 / 2022 |
2022 / 2033 |
· WDC Rating review · Property Management review · Procurement review · Risk Management |
· KDC Rating review · Externally Managed Funds Review (SIPO, governance, reporting, treasury management) · Legislative compliance |
This report presents the findings along with an action plan arising from the:
· Counter- Fraud Gap Analysis and the
· Far North District Councils Rating Review
That the report ‘Internal Audit Update - Counter-Fraud Gap Analysis Report and Far North District Council Rating Review Report’ by Simon Crabb, Finance Manager and dated 28 May 2021, be received.
Background/Tuhinga
1. Counter-Fraud Gap Analysis – Refer attachment 1.
a. Summary
The Counter-Fraud Gap Analysis was undertaken to identify the specific actions required to improve councils’ approach to managing, and actively reducing, its exposure to fraud and corruption risks.
The Gap analysis compared council’s current anti-fraud and corruption framework against 102 elements of “better practice” to provide a view of council’s strengths and weakness in its overall counter-fraud and corruption efforts.
b. Action Plan
The 3 key improvements identified as a high priority to strengthen councils counter-fraud and corruption programme are:
Priority Improvement |
Action to be taken to close the Gap |
Completion Date |
Complete a Fraud and Corruption Risk Assessment |
Utilise the year 2 internal audit budget earmarked for Risk Management to:
Undertake a phased approach to implementing the recommended Fraud and Corruption Risk Assessment, by engaging Deloitte to initially complete a risk assessment with a focus on councils’ corruption specific risks.
The Deloitte approach: · Identify any known or potential corruption risks, · Evaluate the design of controls currently in place, · Recommend the design of any new or improved controls. · As part of this approach Deloitte will complete analytical testing to identify any unknown relationships between employees and suppliers. Any additional analytics testing will be discussed and agreed subject to the findings of the corruption specific risk assessment.
|
23 December 2021
with a view of presenting the findings to the subcommittee in Feb/March 2022 |
Strengthen the Management of Third parties |
Utilise the year 2 internal audit budget earmarked for Procurement Review to:
Secure an independent “whistle-blower” service that suppliers and/or employees can contact should they suspect fraudulent or corrupt behaviour has taken place within council’s business.
Update (and legally review) council’s new vendor forms, and supplier agreements/contract to reflect the supplier’s obligation to inform council of any significant governance or ownership changes.
Engage council’s communications department to prepare a letter to all suppliers informing them of Councils fraud detection programme and the availability of a whistle-blower service.
Update Councils website and Intranet with a declaration emphasising council’s anti-fraud and anti-corruption stance.
|
23 December 2021
|
2. Far North District Council (FNDC) Rating Review - Refer attachment 2.
a. Summary
Deloitte performed a review of the FNDC rating process to test the controls and identify any improvements in respect to:
· user access to, and maintenance of, the Rating Information Database (RID),
· compliance with NRC authority,
· application, collection, and allocation of rating transactions,
· and the process and preparation of the reporting provided to NRC.
b. Action Plan
The 3 key improvements identified as a high priority to strengthen the rating process at FNDC are:
High risk Improvement |
Action to be taken |
Completion Date |
User access rights to the Rates Maintenance function should be comprehensively reviewed and revised to ensure appropriate access levels |
The General Manager Corporate Excellence will send a letter to FNDC requesting that: · the current rates maintenance access rights are revised to reflect the appropriate functionality, · a schedule is provided to NRC detailing the updated user positions, roles, access functionality and justification for access functionality. · the schedule outlined above is updated and included as part of the FNDC “Revenues and Collection” report presented to NRC quarterly.
In addition, FNDC will be asked to explore the feasibility of activating the audit trail function in their rates system (Pathways). |
23 December 2021
|
The procedure guiding the preparation of the quarterly rates reconciliation should be documented by FNDC. |
FNDC will be a requested (as part of the letter mentioned above) that they prepare a “procedure document” that details the reports, steps and checks involved when preparing the quarterly rates reconciliation spreadsheets, and that the underlying system reports are also provided to NRC as part of the FNDC reconciliation package.
In addition, FNDC will be asked to explore the feasibility of adjusting the parameters of the underlying system reports to make them easier to work with. |
19 October 2021 |
The Payment Allocation sequence should be agreed upon and documented within the Annual Rating Services Agreement |
Simpson Grierson will be engaged to draft up a variation to the current rating services agreement (or policy as required) to document the agreed process to allocate a part payment of a rates assessment.
FNDC will need to liaise with their software supplier to fully understand the current process and then action any modifications required to achieve an altered allocation process. |
23 December 2021
|
Attachments/Ngā tapirihanga
Attachment 1: Deloitte Counter-Fraud Gap Analysis Report ⇩
Attachment 2: Deloitte Far North District Council Rating Review Report ⇩
30 June 2021
TITLE: |
Risk Management Activity Update |
ID: |
A1449888 |
From: |
Kym Ace, Corporate Systems Champion |
Authorised by Group Manager: |
Bruce Howse, Group Manager - Corporate Excellence, on |
Whakarāpopototanga / Executive summary
The Risk Management Activity Update outlines the summary of Council’s progress in risk management related activities including updates on the Corporate and Fraud Risk Registers
1. That the report ‘Risk Management Activity Update’ by Kym Ace, Corporate Systems Champion and dated 2 June 2021, be received.
2. That the Subcommittee reviews the registers.
Background/Tuhinga
Activity
We have undertaken a review of the risk register to recategorize and summarise the risks. The detailed fraud, dishonesty and corruption risks have been captured in their own register as a sub-set of the Corporate Fraud, Dishonesty and Corruption risk.
Risk Registers
The top 10 risk scores in the corporate risks, their risk types, pre-control (inherent) and post control (residual) rating/scores and trending (traffic light) are summarised in Appendix 1.
The detailed corporate risk register including treatments and signoff details are reported in Appendix 2.
The detailed fraud dishonesty and corruption register including treatments and signoff details are reported in Appendix 3.
Attachments/Ngā tapirihanga
Attachment 1: Top 10 Risk Scores - June 2021 ⇩
Attachment 2: Detailed Risk Register - Corporate Risks June 2021 ⇩
Attachment 3: Risk Register Fraud Dishonesty and Corruption - June 2021 ⇩
Audit and Risk Subcommittee ITEM: 7.0
30 June 2021
TITLE: |
Whakarāpopototanga / Executive Summary
The purpose of this report is to recommend that the public be excluded from the proceedings of this meeting to consider the confidential matters detailed below for the reasons given.
1. That the public be excluded from the proceedings of this meeting to consider confidential matters.
2. That the general subject of the matters to be considered whilst the public is excluded, the reasons for passing this resolution in relation to this matter, and the specific grounds under the Local Government Official Information and Meetings Act 1987 for the passing of this resolution, are as follows:
Item No. |
Item Issue |
Reasons/Grounds |
7.1 |
Confirmation of Confidential Minutes - Audit & Risk Subcommittee - 31 March 2021 |
The public conduct of the proceedings would be likely to result in disclosure of information, as stated in the open section of the meeting -. |
3. That the Independent Financial Advisors be permitted to stay during business with the public excluded.
Considerations
1. Options
Not applicable. This is an administrative procedure.
2. Significance and Engagement
This is a procedural matter required by law. Hence when assessed against council policy is deemed to be of low significance.
3. Policy and Legislative Compliance
The report complies with the provisions to exclude the public from the whole or any part of the proceedings of any meeting as detailed in sections 47 and 48 of the Local Government Official Information Act 1987.
4. Other Considerations
Being a purely administrative matter; Community Views, Māori Impact Statement, Financial Implications, and Implementation Issues are not applicable.