I hereby give notice that an ordinary meeting of the Audit and Risk Committee will be held on:
|
Date:
Time:
Meeting Room:
Venue:
|
Tuesday, 18
February 2014
2.00pm
Council
Chambers
Auckland Town Hall
301-305 Queen Street
Auckland
|
|
Audit and Risk Committee
OPEN AGENDA
|
MEMBERSHIP
|
Chairperson
|
Cr Sir John Walker, KNZM, CBE
|
|
|
Deputy Chairperson
|
Cr Dr Cathy Casey
|
|
|
Members
|
Cr Cameron Brewer
|
|
|
|
Cr Bill Cashmore
|
|
|
|
Cr Sharon Stewart, QSM
|
|
|
|
Mr Roy Tiffin, FCA
|
|
|
|
Cr Penny Webster
|
|
|
Ex-officio
|
Mayor Len Brown
|
|
|
|
Deputy Mayor Penny Hulse
|
|
(Quorum 4 members)
|
|
|
Mike Giddey
Democracy Advisor
13 February 2014
Contact Telephone: (09) 307 7565
Email: mike.giddey@aucklandcouncil.govt.nz
Website: www.aucklandcouncil.govt.nz
|
TERMS
OF REFERENCE
Responsibilities
The Audit and Risk Committee will be responsible for:
·
Providing objective advice and recommendations
to the Governing Body regarding the sufficiency, quality and results of
assurance on the adequacy and functioning of the council’s risk management,
control and governance frameworks and processes.
·
Exercising active oversight of all areas of
Auckland Council control and accountability (including Council Controlled
Organisations), in an integrated and systematic way, such that the results of
risk and assurance reviews and external audits may be incorporated in the
priority-setting and strategic planning processes.
·
Liaison with Audit NZ and, where necessary, the
audit committees of CCOs to ensure robust financial audits and reviews of the
Auckland Council group.
|
Audit and Risk
Committee
18 February
2014
|
|
ITEM TABLE OF
CONTENTS PAGE
1 Apologies 5
2 Declaration of Interest 5
3 Confirmation of Minutes 5
4 Petitions 5
5 Public Input 5
5.1 Grace Haden 5
6 Local Board Input 5
7 Extraordinary Business 6
8 Notices of Motion 6
9 Office of the Auditor-General 7
10 Auditor-General Report on Mangawhai Waste Water Scheme 9
11 Selection of Second External Appointee 13
12 Update on Ethics and Integrity Activities 15
13 Update on Risk Management Activities 19
14 Consideration of Extraordinary Items
PUBLIC EXCLUDED
15 Procedural Motion to Exclude the Public 23
C1 Update on Internal Audit Activities 23
At the close of the agenda no apologies had been received.
2 Declaration of Interest
Members are reminded of the need to be vigilant to stand aside from
decision making when a conflict arises between their role as a member and any
private or other external interest they might have.
3 Confirmation of Minutes
|
That the Audit and Risk Committee:
a)
confirm the ordinary minutes of its meeting,
held on Friday, 13 December 2013, including the
confidential section, as a true and correct record.
|
4 Petitions
At the close of the agenda no requests to present petitions had been
received.
5 Public Input
Standing Order 3.21 provides for Public Input. Applications to
speak must be made to the Committee Secretary, in writing, no later than two
(2) working days prior to the meeting and must include the subject matter.
The meeting Chairperson has the discretion to decline any application that does
not meet the requirements of Standing Orders. A maximum of thirty (30)
minutes is allocated to the period for public input with five (5)
minutes speaking time for each speaker.
|
5.1 Grace Haden
|
|
Purpose
1. Grace Haden
has requested time to speak to the Audit and Risk Committee.
Executive Summary
2. Grace Haden
wishes to show how corruption occurs in council.
|
|
Recommendation/s
That the Audit and Risk Committee:
a) receive the
presentation from Grace Haden.
|
6 Local Board Input
Standing Order 3.22 provides for Local Board Input. The Chairperson
(or nominee of that Chairperson) is entitled to speak for up to five (5)
minutes during this time. The Chairperson of the Local Board (or nominee of
that Chairperson) shall wherever practical, give two (2) days notice of
their wish to speak. The meeting Chairperson has the discretion to decline any
application that does not meet the requirements of Standing Orders.
This right is in addition to the right under Standing Order 3.9.14
to speak to matters on the agenda.
At the close of the agenda no requests for local board input had
been received.
7 Extraordinary Business
Section 46A(7) of the Local Government Official Information and
Meetings Act 1987 (as amended) states:
“An item that is not on the agenda for a meeting may be dealt with
at that meeting if-
(a) The local authority by resolution so
decides; and
(b) The presiding member explains at the
meeting, at a time when it is open to the public,-
(i) The reason why the item is not on the agenda; and
(ii) The reason why the discussion of the item
cannot be delayed until a subsequent meeting.”
Section 46A(7A) of the Local Government Official Information and
Meetings Act 1987 (as amended) states:
“Where an item is not on the agenda for a meeting,-
(a) That item may be discussed at that meeting
if-
(i) That item is a minor matter relating to
the general business of the local authority; and
(ii) the presiding member explains at the
beginning of the meeting, at a time when it is open to the public, that the
item will be discussed at the meeting; but
(b) no resolution, decision or recommendation
may be made in respect of that item except to refer that item to a subsequent
meeting of the local authority for further discussion.”
8 Notices of Motion
At the close of the agenda no requests for notices of motion had
been received.
|
Audit and Risk
Committee
18 February
2014
|
|
Office
of the Auditor-General
File No.:
CP2014/01900
Purpose
1. To provide an
opportunity for the Auditor-General or her representative to attend the meeting
and address the committee.
Executive
Summary
2. The Auditor-General
or her representative will address the meeting.
|
Recommendation/s
That the Audit and Risk Committee:
a) receive the
information provided by the Auditor-General or her representative.
|
Attachments
There are no
attachments for this report.
Signatories
|
Author
|
Mike Giddey - Democracy Advisor
|
|
Authoriser
|
Grant Taylor - Governance Director
|
|
Audit and Risk
Committee
18 February
2014
|
|
Auditor-General Report on Mangawhai Waste Water Scheme
File No.:
CP2014/01518
Purpose
1. To inform the
committee of the risks and lessons relevant to Auckland Council arising from
the Auditor-General’s report on the Mangawhai Community Wastewater Scheme.
Executive Summary
2. The
Auditor-General’s report on the Mangawhai Community Wastewater scheme has
highlighted risks concerning accountability, governance, management, PPP
arrangements and audit standards which are relevant to Auckland Council.
|
Recommendation/s
That the Audit and Risk Committee:
a) receive the
update on the Auditor-General’s Report on the Mangawhai Waste Water Scheme.
|
Discussion
3. In November
2013 the Auditor-General published a report describing how Kaipara District
Council (KDC) managed the Mangawhai community wastewater scheme between 1996
and 2012, also covering the role of other agencies including the Office of the
Auditor-General itself.
4. The
Auditor-General concluded that:
· KDC failed to attend to its fundamental
legal and accountability obligations
· KDC effectively lost control of a major
infrastructure project
· Some of the work done on behalf of the
Auditor-General fell short of the standards that she expected
5. In particular,
KDC had problems with governance, management and record-keeping; exercised poor
contracting and decision-making; and entered into complicated financial
arrangements without fully understanding the detail.
6. Auckland
Council Legal department has summarised the key lessons from the report that
are relevant to Auckland Council as follows:
|
Accountability
|
Governance
|
|
· Public entities should be
meticulous about legality (legal compliance is not optional)
· Good record-keeping is the
foundation of effective accountability
· Workshops can supplement formal
council meetings, but not replace them
· Contractors need to be tied into
public sector accountability mechanisms
|
· Elected members need to understand
their role and stick to it - maintaining broad view, setting direction and
monitoring, rather than detailed operational matters
· Common sense is a legitimate
governance tool - members of governance bodies should sense-check advice that
they receive
· Understand what assurance is needed
and where it will be obtained - understanding the role of different auditors
and assurance providers
· Audit committees can provide useful
support – the ability to appoint external members can manage gaps in the
governing body’s skills and experience
|
|
Management
|
PPP
Arrangements
|
|
· There are limits to contracting out
– public entities must still retain the ability to “steer the boat”
· It is important for public entities
to maintain appropriate financial management capacity and capability and to
stick to their sphere of competence
· Project governance and management
is important
|
· Do not underestimate what is
involved in a PPP arrangement.
· Accounting should not drive the
decision to enter into a PPP – the focus should be on affordability, not
whose books the asset and debt appear on
· Transfer of risk is not an end in
itself, and is likely to have to be paid for through a risk premium
· PPPs are unlikely to succeed fully
if the contract is not for "the complete package"
|
7. Much of the
above takes the form of key principles and guidance for decision makers.
However the “Accountability” comments include administrative and procedural
requirements, such as record keeping and not replacing formal council meetings
by workshops.
8. Auckland
Council currently uses workshops and briefing sessions as required to support
decision making. However, the decisions are then made in publicly-notified meetings
with appropriate minute taking. The Quality Policy Advice project has
developed guidelines for staff working with elected members in developing
policy, and ensure compliance with record-keeping requirements and the Local
Government Act.
9. The report
states that contractors need to be tied into public sector accountability
mechanisms. Council has a legislative requirement to maintain adequate records
to provide transparency over the use of public funds. This includes work done
by contractors, therefore contracts should tie contractors into these
requirements on record-keeping and access to information.
10. Internal Audit
will work with Legal to determine if Auckland Council currently has gaps in
this area, and if required include more detailed work in our audit plan.
11. Significant
progress has been made on contract record-keeping and ensuring appropriate
contractual arrangements are in place, with the implementation of Contract
Management in SAP. Since 1 July 2013, a contract must be loaded in SAP for all
suppliers with spend of greater than $25k.
12. The “Management”
section reinforces the need for good project management. Internal Audit has
recently reviewed Project Management at Auckland Council, which is covered in
the “Update on Internal Audit Activities” report to this meeting.
13. Risk has also
reviewed a current Auckland Council project, Payment Card Security / Data
Security Standards Compliance, against the criteria above and did not identify
any material gaps.
14. The report also
identified weaknesses in some of the audit work carried out by Audit NZ on
behalf of the Auditor-General. An independent review of Audit NZ’s work found
that the auditor:
· did
not have a sufficiently complete understanding of the wastewater project, and
did not adequately assess the risk of the project
· placed
too much reliance on management’s advice or knowledge rather than independent
testing or review
· did
not adequately document audit testing or how conclusions were reached
· did
not adequately assess whether KDC had complied with applicable legislation
15. Internal Audit
will consider key organisation risks when developing its 3 year audit plan for
2014/15 onwards.
16. We have
developed an updated audit methodology which includes revised audit working papers
and documentation standards, which will be mandatory on all audits. This will
be introduced through a team training session at the end of February.
Consideration
Local Board Views
17. Consideration of
Local Board views was not required for this report.
Maori Impact Statement
18. The report does
not have any particular benefits or adverse effects on Maori.
General
19. None.
Implementation Issues
20. None.
Attachments
There are no
attachments for this report.
Signatories
|
Author
|
Nick Rennie - Internal Audit Manager
|
|
Authoriser
|
Grant Taylor - Governance Director
|
|
Audit and Risk
Committee
18 February
2014
|
|
Selection of Second External Appointee
File No.:
CP2014/01411
Purpose
1. To recommend an
approach to selecting a second external appointee to the committee.
Executive
Summary
2. It is proposed
to invite expressions of interest for a second external appointee who should
have skills and experience to complement those of Mr Roy Tiffin.
|
Recommendation/s
That the Audit and Risk Committee:
a) approve the
proposed approach for the selection of a second external appointee.
b) decide on two
members of the committee to join the Governance Director on a selection
panel.
|
Discussion
3. At the last
meeting the committee agreed to recommend to the Governing Body that two
external members be appointed to the Audit and Risk Committee. Roy Tiffin has
been reappointed as one external member, and a selection process is required to
identify the second.
4. Expressions of interest for a
second member can be requested, supported by direct approaches to known
individuals, or to professional bodies including the New
Zealand Institute of Chartered Accountants and the Institute of Internal
Auditors.
5. Selection of
suitable candidates for interview would be based on a set of evaluation
criteria, with candidates being assessed and interviewed by a selection panel.
It is proposed that the selection panel be the Governance Director and two
members of the committee.
6. Evaluation
criteria should be based on best practice, such as the Office of the Auditor
General’s Good Practice Principles for Audit Committees in the Public Sector.
This states that audit committee members should have:
· financial
expertise;
· knowledge
of governance, assurance, and risk management best practice;
· a
good knowledge of the sector or industry in which the public entity operates;
and
· other
attributes as deemed appropriate (for example, legal or technology experience).
7. The
Auditor-General’s report on the Mangawhai Wastewater Scheme, covered in a
separate report for this meeting, specifically emphasises the importance of
audit committee external members in public sector organisations, as a means of
increasing the financial, risk, and business decision making capability of the
governing body as a whole.
8. In this case it
would be appropriate for the second external member to have skills and
experience that complement those of Roy Tiffin, the existing appointee. For
example, a Chartered Accountant (or similar) with management experience in
large private or public sector organisations.
Consideration
Local
Board Views
9. Consideration
of Local Board views was not required for this report.
Maori
Impact Statement
10. The report does
not have any particular benefit or adverse effects on Maori.
General
11. None.
Implementation
Issues
12. None.
Attachments
There are no
attachments for this report.
Signatories
|
Author
|
Nick Rennie - Internal Audit Manager
|
|
Authoriser
|
Grant Taylor - Governance Director
|
|
Audit and Risk
Committee
18 February
2014
|
|
Update on Ethics and Integrity Activities
File No.:
CP2014/01712
Purpose
1. This report
summarises the activities undertaken by the Ethics and Integrity department
since the last report to the Audit and Risk Committee in December 2013.
Executive
Summary
2. The Ethics and
Integrity department consists of the Ethics and Integrity Officer, with some
administration assistance in the registration of gifts over the Christmas
period.
3. Due to work
load and the holiday break no general Ethics and Integrity training was planned
for January and February 2014.
4. The activity in
the area of Ethics and Integrity remains predominantly reactive and
consultative.
5. There is been
little new investigation activity since our last report in December but current
and historic investigations continue to keep this area busy.
6. A lack of
capacity or resource for the ethics and integrity area has potential for both
reputational and financial risk to the organisation. However there have been
recent discussions to try and address this issue.
|
Recommendation/s
That the Audit and Risk Committee:
a) receive the Update
on Ethics and Integrity Activities report.
|
Discussion
7. The table below
summaries the activities of the Ethics and Integrity department since the last
meeting:
|
Function
|
Actions
|
Key Outcomes
|
|
Prevention
Other
|
Delivery of December Ethics and integrity
training which is open to all staff
Continuing discussion around policy and process reviews of
gifts and inducements, conflict of interest gaps, work place strategies and
values workshops.
As at 6 February we were informed by
police that a previous staff member of ATEED was convicted and sentenced to
40 hours community service and ordered to pay $4,964 in reparation. This
person had been charged with several thefts as a result of a combined
investigation by ATEED staff, Ethics and Integrity, and the Security manager.
The Executive Chair of Transparency
International NZ (Co-Director Integrity Plus NIS) met with us to
explore the opportunities of a closer relationship with Auckland Council as
it is believed that this is an area where we could be taking a lead role.
There is further information currently been sourced and
considered before moving this forward.
|
Increased awareness of expectations and individual staff
responsibilities within Auckland Council and wider CCO’s
Increased awareness of expectations and individual staff
responsibilities within Auckland Council and wider CCO’s
Transparency international NZ (www.transparency.org.nz) is
an internationally credible organisation actively encouraging transparency
and anti-corruption and Auckland Councils’ reputation and learning
opportunities would be enhanced by any association.
|
|
Response
|
Investigations:
· Internal Focus – three continuing and
one new investigation
· External Threats – oversight on three
active investigations
30 queries have been registered which may not fall into
the investigation category but can involve as much if not more time commitment.
These can involve advice around Gifts, Conflicts of Interest, Data Access
requests and general ethics and integrity queries.
|
Accountability
Current and future risk assessment and mitigation
More exposure and understanding for the business of the
Ethics and Integrity area.
Prevention and understanding of external threats to
Auckland Council
|
|
Gift Register
|
296 gifts have been registered over the December and
January period to an estimated value of $16,770.
Met and assisted ACPL and Treasury with understanding of
their needs around gift policy and register.
|
Transparent records
Increased awareness of the requirements in this area.
Provides mitigation in case of scrutiny.
Registration detail enables evaluation of possible
exposure to staff and council in procurement and decision making processes.
|
|
Conflicts
of interest
|
In this period, ten conflict of interest forms have been
completed and sent for registration.
|
Transparent records
Mitigation to minimise risk to
the staff member, and the business.
Data to evaluate possible
exposure to staff around procurement practices
|
Consideration
Local
Board Views
8. Local boards
have not been consulted because the report deals primarily with internal
management issues.
Maori
Impact Statement
9. The report does
not have any particular benefit or adverse effects on Maori.
General
10. None
Implementation
Issues
11. None
Attachments
There are no
attachments for this report.
Signatories
|
Author
|
Gary Hale – Ethics and Integrity Officer
|
|
Authorisers
|
Alan Brookbanks - Human Resources Director
Grant Taylor - Governance Director
|
|
Audit and Risk
Committee
18 February
2014
|
|
Update on Risk Management Activities
File No.:
CP2014/01842
Purpose
1. This report
summarises the activities undertaken by the Risk Management department since
the last report to the Audit and Risk Committee in December 2013.
Executive
Summary
2. The Risk
Management department continued to implement the Enterprise Risk Management
Policy and Framework as per the Enterprise Risk Management Strategic Plan 2012
-17.
|
Recommendation/s
That the Audit and Risk Committee:
a) receive the
Update on Risk Management Activities report.
|
Discussion
3. Enterprise Risk Management (ERM)
Policy
· We
have conducted a detailed review of the ERM Policy to ensure it is
comparable to industry standard. As a result it is proposed that the current
policy include detailed accountabilities to clarify responsibilities and to
include the “three lines of defence” accountability framework in the policy.
The final version of the Policy will be submitted shortly.
4. CCO Review
· On
13 December 2013, the Audit and Risk Committee had moved that “management be
requested to consider how the Audit and Risk Committee should exercise
oversight of risk and audit issues in the Council Controlled Organisations (CCO), including whether the CCO Audit and
Risk Committees be invited to attend the Auckland Council Audit and Risk
Committee to report on significant risks which affect the Group”.
The above is being considered through the CCO Review currently
underway by the Treasury, CCO Governance and External Partnerships department
and the Risk team will work closely with the Review team to identify current
issues and opportunities to improve the management of risk across the Auckland
Council family.
5.
Organisation-wide Risk Registers
o Key risks are recorded in the
centralised business reporting system (Opal3) as a tactical solution to provide
a single point visibility for effective risk management. There is concern that
Opal3 does not have the capacity at this stage to hold substantial amount of
risk information and developers would need to further develop the system. This
issue is being discussed with IS and a report back to the Committee will be
provided at a later stage.
6. Operational
Risks
· Key operational
risks are being identified by each business unit on a monthly basis and are
reported to the Executive Leadership Team.
7. Enterprise
Risk Management Framework
· The ERM Framework
identifies risk categories with relevant risk tolerance limits. To ensure
adequate mitigation is in place, specific risk frameworks are being continually
developed in high risk/strategic areas to get greater coverage from a risk
management perspective. The following are in progress:
o Programme and
Project Risk Framework – ongoing monitoring of NewCore programme risks
continues, via a monthly review of the risks with the project team.
o Liability Risk
Framework – to ensure that Council minimizes potential risk exposures around
financial liability, through contractual arrangements, health and safety and
other regulatory or compliance requirements, the team continues to work with
the relevant areas, as and when required. There is a council-wide project
being undertaken to have consistency in procurement processes, particularly
focusing on acceptable levels of Professional Indemnity and Public Liability
insurances.
o Treasury Risk
Framework – quarterly and ad hoc meetings, as appropriate, are held with the
Treasurer to review treasury risks, potential non-compliance to policy and
emerging risks in the debt markets. .
o Asset Management
Planning – providing on-going risk management advice to the project team.
o Fraud Risk
Framework – we continue to work closely with the Ethics and Integrity Officer
to minimize fraud risk.
8. Risk
Management Workshop
· Workshops are
ongoing.
9. CCO
Engagement
· CCO engagement is
ongoing as part of the risk management strategies. Key focus in the last
quarter was on Auckland Council Property Limited (ACPL).
10. Project
Risk Management
· Risk Management
provides advice and support to the various project teams by ensuring risks are
identified, documented and monitored as part of the Programme and Project Risk
Framework.
· The Auditor-General recently released recommended criteria against
which public sector initiatives can be evaluated. Risk team selected the
Payment Card Industry Data Security Standard (PCIDSS) Remediation project as a
case study to evaluate the applicable criteria against the project. There were
no material gaps identified for this project.
· The projects that Risk
Management department is actively involved in are:
o NewCore
o Workplace Strategy
o The Southern
Initiative
o Asset Management
Planning
o Payment Card
Industry Data Security Standards (PCIDSS)
o Waiheke Library
o Lopdell House and Gallery
Refurbishment
o Project Connect
o NorSGa (to date
not actively advised)
o Quay Street
Seawall (to date not actively advised)
o Auckland Harbour
Bridge SkyPath (to date not actively advised)
o World Masters
Games (2017) – not initiated yet.
Consideration
Local
Board Views
11. Local
boards have not been consulted because the report primarily deals with internal
management issues.
Maori
Impact Statement
12. This
report does not have any particular benefit or adverse effects on Maori.
General
13. None.
Implementation
Issues
14. None.
Attachments
There are no
attachments for this report.
Signatories
|
Author
|
Aashmita Naikar – Risk Manager
|
|
Authorisers
|
Alan Brookbanks - Human Resources Director
Grant Taylor - Governance Director
|
|
Audit and Risk
Committee
18 February
2014
|
|
Exclusion of the Public: Local Government Official
Information and Meetings Act 1987
That the Audit and Risk Committee:
a) exclude the
public from the following part(s) of the proceedings of this meeting.
The general
subject of each matter to be considered while the public is excluded, the
reason for passing this resolution in relation to each matter, and the specific
grounds under section 48(1) of the Local Government Official Information and
Meetings Act 1987 for the passing of this resolution follows.
This resolution
is made in reliance on section 48(1)(a) of the Local Government Official
Information and Meetings Act 1987 and the particular interest or interests
protected by section 6 or section 7 of that Act which would be prejudiced by
the holding of the whole or relevant part of the proceedings of the meeting in
public, as follows:
C1 Update on Internal Audit Activities
|
Reason for passing this resolution in relation to each
matter
|
Particular interest(s) protected (where applicable)
|
Ground(s) under section 48(1) for the passing of this
resolution
|
|
The public conduct of the part of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding exists under section 7.
|
s7(2)(h) - The withholding of the information is necessary
to enable the local authority to carry out, without prejudice or
disadvantage, commercial activities.
In particular, the report contains financial and
operational information and details of Internal Audit activity which if
released may jeopardise the effective delivery of Internal Audit services.
|
s48(1)(a)
The public conduct of the part of the meeting would be
likely to result in the disclosure of information for which good reason for
withholding exists under section 7.
|
