Agenda of Audit and Risk Committee

TERMS OF REFERENCE

Responsibilities

The Audit and Risk Committee will be responsible for:

· Providing objective advice and recommendations to the Governing Body regarding the sufficiency, quality and results of assurance on the adequacy and functioning of the council’s risk management, control and governance frameworks and processes.

· Exercising active oversight of all areas of Auckland Council control and accountability (including Council Controlled Organisations), in an integrated and systematic way, such that the results of risk and assurance reviews and external audits may be incorporated in the priority-setting and strategic planning processes.

· Liaison with Audit NZ and, where necessary, the audit committees of CCOs to ensure robust financial audits and reviews of the Auckland Council group

EXCLUSION OF THE PUBLIC – WHO NEEDS TO LEAVE THE MEETING

Members of the public

All members of the public must leave the meeting when the public are excluded unless a resolution is passed permitting a person to remain because their knowledge will assist the meeting.

Those who are not members of the public

General principles

· Access to confidential information is managed on a “need to know” basis where access to the information is required in order for a person to perform their role.

· Those who are not members of the meeting (see list below) must leave unless it is necessary for them to remain and hear the debate in order to perform their role.

· Those who need to be present for one confidential item can remain only for that item and must leave the room for any other confidential items.

· In any case of doubt, the ruling of the chairperson is final.

Members of the meeting

· The members of the meeting remain (all Governing Body members if the meeting is a Governing Body meeting; all members of the committee if the meeting is a committee meeting).

· However, standing orders require that a councillor who has a pecuniary conflict of interest leave the room.

· All councillors have the right to attend any meeting of a committee and councillors who are not members of a committee may remain, subject to any limitations in standing orders.

Staff

· All staff supporting the meeting (administrative, senior management) remain.

· Only staff who need to because of their role may remain.

Local Board members

· Local Board members who need to hear the matter being discussed in order to perform their role may remain. This will usually be if the matter affects, or is relevant to, a particular Local Board area.

IMSB

· Members of the IMSB who are appointed members of the meeting remain.

· Other IMSB members and IMSB staff remain if this is necessary in order for them to perform their role.

CCOs

Representatives of a CCO can remain only if required to for discussion of a matter relevant to the CCO.

1 Apologies

Apologies from Mayor LCM Brown and Deputy Mayor PA Hulse have been received.

2 Declaration of Interest

Members are reminded of the need to be vigilant to stand aside from decision making when a conflict arises between their role as a member and any private or other external interest they might have.

3 Confirmation of Minutes

That the Audit and Risk Committee:

a) confirm the ordinary minutes of its meeting held on Tuesday, 16 December 2014, including the confidential section, as a true and correct record.

4 Petitions

At the close of the agenda no requests to present petitions had been received.

5 Public Input

Standing Order 3.21 provides for Public Input. Applications to speak must be made to the Committee Secretary, in writing, no later than two (2) working days prior to the meeting and must include the subject matter. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders. A maximum of thirty (30) minutes is allocated to the period for public input with five (5) minutes speaking time for each speaker.

At the close of the agenda no requests for public input had been received.

6 Local Board Input

Standing Order 3.22 provides for Local Board Input. The Chairperson (or nominee of that Chairperson) is entitled to speak for up to five (5) minutes during this time. The Chairperson of the Local Board (or nominee of that Chairperson) shall wherever practical, give two (2) days notice of their wish to speak. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders.

This right is in addition to the right under Standing Order 3.9.14 to speak to matters on the agenda.

At the close of the agenda no requests for local board input had been received.

7 Extraordinary Business

Section 46A(7) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“An item that is not on the agenda for a meeting may be dealt with at that meeting if-

(a) The local authority by resolution so decides; and

(b) The presiding member explains at the meeting, at a time when it is open to the public,-

(i) The reason why the item is not on the agenda; and

(ii) The reason why the discussion of the item cannot be delayed until a subsequent meeting.”

Section 46A(7A) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“Where an item is not on the agenda for a meeting,-

(a) That item may be discussed at that meeting if-

(i) That item is a minor matter relating to the general business of the local authority; and

(ii) the presiding member explains at the beginning of the meeting, at a time when it is open to the public, that the item will be discussed at the meeting; but

(b) no resolution, decision or recommendation may be made in respect of that item except to refer that item to a subsequent meeting of the local authority for further discussion.”

8 Notices of Motion

At the close of the agenda no requests for notices of motion had been received.

Audit and Risk Committee

18 February 2015

Update on Enterprise Risk Management

File No.: CP2015/01208

Purpose

1. To update the Audit and Risk Committee on Enterprise Risk Management (ERM) activities at Auckland Council.

Executive Summary

2. The Risk team are undertaking a significant review and refresh of the Enterprise Risk Management Strategic Plan, with a clear focus on implementation of the ERM Framework.

3. Implementation plans will initially deliver against reporting gaps in Council risk registers and learning and development of the Risk culture in Council. The plan will also focus on clear and regular reporting, recording and analysis of risks in Council.

4. A new Disclosure Policy has been adopted and a Disclosure Committee established to meet the continuous disclosure requirements of the NZX and new legislation. This signals a clear change to the organisation regarding the continuous disclosure and recording of risks and other relevant information.

Recommendation/s

That the Audit and Risk Committee:

a) receive the Update on Enterprise Risk Management report.

Discussion

5. The intervening holiday period from the last Audit and Risk Committee meeting on 16 December 2014 has seen little change in the risks identified in the Auckland Council Risk report. An update summary is attached to this report (Attachment A). There are no new Special Focus or Core Activity risks reported for inclusion in this report.

6. The Audit and Risk Committee has previously endorsed the Enterprise Risk Management Strategic Plan for 2012-2014 in September 2012. This plan focused on the policy and planning framework for ERM within Council.

7. The Audit and Risk Committee has asked for clarity on the implementation of the ERM framework and the reporting on ERM activities back to the Committee. It is clear that there needs to be a refresh of the ERM roadmap for Council and that is now the main focus of the Risk team.

8. Risk is currently drafting a new Strategic Plan for Enterprise Risk Management for 2015-2017. This plan will outline the following key steps to achieving greater organisation risk maturity:

· Consolidation of current ERM Policy and Framework within Council using a targeted learning and development programme and clear communications plan;

· Creating a clearer reporting framework with a focus on reporting gaps in Council, analysis of reported risks and use of the information for effective decision making;

· Greater collaboration with the CCO’s in implementing Council’s ERM Policy and Framework;

· Checkpoint assessment of Council’s risk maturity; and

· Update of Council’s ERM Policy and Framework.

The draft Strategic Plan for 2015-17 will be reported to the Audit and Risk Committee meeting of 20 May 2015 for endorsement following approval by Council’s ELT.

9. The Risk team expects to implement the use of Hyperion software for recording and reporting of organisation risks by 1 April 2015. This software is an interim measure for electronic risk reporting only and is a new step to allow better recording and reporting of organisation risks. Part of the ERM Strategy for 2015-2017 will be an options analysis of a suitable integrated enterprise risk management software solution for Council.

10. Council now has in place (as at 4 February 2015) a Disclosure Policy that establishes a Disclosure Committee of staff within Council. This policy is primarily to meet the requirements of the Financial Markets Conduct Act 2013 (FMCA), and the continuous disclosure obligations of Council under the NZX Main Board & Debt Market Listing Rules, for Council’s retail bond programme. The key aspects of this policy include the immediate reporting of any information of an exceptional or extraordinary nature to the Disclosure committee and the maintenance of a register of continuous disclosure matters. The Disclosure Committee will make decisions on the materiality of any information provided and whether to disclose the information to the NZX.

11. Under the Securities Act prior to the FMCA, two councillors were delegated the authority via the Governing Body to sign off on retail bond offer documents (December 2012 and March 2014). These retail bond offers were undertaken with the following key steps to satisfy the Governing Body on the offer documentation on behalf of Council:

· Verification by staff and an external law firm as to the accuracy of the offer documentation;

· External legal signoff;

· Review by Council’s trustee (and their legal advisors), Registrar and Paying Agent, and by the Lead Managers; and

· NZX review of the documents.

12. Under the FMCA, councillors are no longer required to sign the offer documents. In addition, staff have implemented a due diligence process that will sit alongside the continuous disclosure process to reduce the risk of liability. During a retail bond issue the Disclosure Committee will oversee the due diligence function on the offer. Any future retail bond issue will include actions listed above in paragraph 11 but will also include the following:

· Confirmation from senior management that council is in compliance with its continuous disclosure and financial reporting obligations;

· Confirmation that all material information has been disclosed (the continuous disclosure process and register will assist with this); and

· Sign off on the offer documents by the Disclosure Committee and the CEO.

Consideration

Local Board Views and Implications

13. Local boards have not been consulted because the report primarily deals with internal management issues.

Maori Impact Statement

14. This report does not have any particular benefit or adverse effects on Maori.

General

15. None.

Implementation Issues

16. None.

Attachments

No.	Title	Page
a View	Auckland Council Risk Report 2015	37

Signatories

Author

Jazz Singh – Head of Risk

Authorisers

Katherine Anderson - General Counsel

Grant Taylor - Governance Director

Audit and Risk Committee

18 February 2015

Auckland Council Risk Report

February 2015

Strategic Risk - Special Focus

There were no changes identified from the risks reported in December 2014. In addition, there were no new risks identified.

Of the total “Special Focus” risks, 30% were high and 70% were moderate as shown in the diagram above. The risks that are rated high are:

1) Non-compliance of the health & safety legislation requirements resulting in organisational breaches.

2) Significant business disruptions caused as a result of natural disasters to AC operations.

3) Significant business disruptions caused as a result of inadequate IT infrastructure to AC operations.

4) Non-realisation of the Transformation programme benefits (NewCore programme) leading to significant financial losses and reputational damage.

5) Inadequate/poor advice provided to elected members leading to poor decisions with negative outcomes for Auckland.

Strategic Risk – Core Activity

There were no changes identified from the risks reported in December 2014. In addition, there were no new risks identified.

Of the total “Core Activity” risks, 21% were high and 79% were moderate. The risks that are rated high are:

1) Programme and project delivery structure and processes are not fit for purpose to deliver required results and outcomes at local and regional levels.

2) Inadequate relationship strategy between council and key stakeholders result in failure to obtain ownership and commitment to the Auckland Plan.

3) Inadequate infrastructural and physical assets (Asset Management Planning) and maintenance resulting in major losses.

4) Failure to comply with legislative obligations, resulting in unlawful action and exposure to regulatory and/or government sanctions.

Further details of the above risks are provided in the following tables.

Strategic Risk - Special Focus

Risk Description

Risk Assessment

Risk Rating

(Dec 2014)

Risk Rating

(Jan 2015)

Risk Status

Health & Safety: Non-compliance of health and safety legislation requirements for employees, contractors and public resulting in organisational breaches (e.g. prosecution and penalties, injury and/or illness or permanent disability, fatalities, multiple lawsuits and jail terms).

High

No Change

Business Disruptions*: Significant business disruption due to natural disasters.

High

No Change

Business Disruptions: Significant business disruption due to security risks.

Moderate

No Change

Business Disruptions: Significant business disruption due to inadequate IT infrastructure.

High

Moderate

No Change

Transformation and Change Management: Non-realisation of Transformation programme benefits – NewCore Programme.

High

No Change

Transformation and Change Management: Non-realisation of Transformation programme benefits – All other programmes (excluding NewCore).

Moderate

No Change

Quality Policy Advice: Inadequate/poor advice provided to elected members leading to poor decisions with negative outcomes for Auckland.

High

No Change

Council Governance: Governance frameworks, structures and processes do not meet Council or best practice requirements including External Stakeholder Relations results in failure to obtain ownership and commitment to the Auckland Plan).

Moderate

No Change

Maori Responsiveness: Non-delivery of agreed Maori well-being priorities to meet Treaty of Waitangi obligations.

Moderate

No Change

Brand and Reputation Management: Behaviour of key person(s)/group(s) does not align with Auckland Vision.

Moderate

No Change

* Denotes insurance coverage as agreed by AC in the Insurance Programme.

Strategic Risk – Core Activity

Risk Description

Risk Assessment

Risk Rating

(Dec 2014)

Risk Rating

(Jan 2014)

Risk Status

People and Performance Management: Ineffective management of employee performance.

Moderate

No Change

Programme and Project Delivery: Structure and processes are not fit for purpose to deliver required results and outcomes at local and regional levels.

High

No Change

External Stakeholder Relations: Inadequate relationship strategy between council and key stakeholders (business-to-business, business-to-customers, business-to-suppliers) results in failure to obtain ownership and commitment to the Auckland Plan.

High

No Change

Infrastructural and physical assets*: Inadequate policy advice and delivery of physical assets and critical infrastructure.

Moderate

No Change

Infrastructural and physical assets (Asset Management Planning): Inadequate asset management planning and maintenance.

High

No Change

CCO Governance and Relationship: Governance frameworks, structures and processes do not meet Council policy or legislative oversight requirements.

Moderate

No Change

Fraud & Unethical Behaviour*: Fraud perpetrated within Council or significant unethical behaviour leading to major financial, reputational and operational impacts on Council.

Moderate

No Change

Financial Management Strategies: Strategies and/or processes employed result in unacceptable financial, non-delivery of key services, or reputational risk exposures.

Moderate

No Change

Privacy and Confidentiality: Policy or system breaches result in legal, financial and reputational exposures.

Moderate

No Change

Compliance with legislative obligations: Failure to comply with legislative obligations, resulting in unlawful action and exposure to regulatory and/or government sanctions.

High

No Change

Delivery of commitments: Inability to deliver against significant commitments (Auckland Plan, Long-term Plan, and Annual Plan) as a result of inadequate level of funding.

Moderate

No Change

Delivery of commitments: Capacity - Lack of necessary resources (skilled people, facilities, systems, processes, suppliers, etc.) to meet service delivery commitments.

Moderate

No Change

Delivery of commitments: Capability - Lack of necessary resources (skilled people, facilities, systems, suppliers, etc.) to meet service delivery commitments.

Moderate

No Change

Delivery of commitments: Unitary Plan - New and independent hearing panel process cannot be supported by Council resources leading to negative reputational impact.

Moderate

No Change

Delivery of commitments: Housing - Cultural Impact Assessments and Environmental Impact Assessments identify less land available for development within Special Housing Areas to meet requirements of Housing Accord leading to negative reputational impact and agreed targets not achieved.

Moderate

No Change

Delivery of commitments: Environmental Sustainability- Not being adequately considered and addressed as part of the strategies and policies e.g. Air quality by-law, Low-Carbon Action Plan, National Policy Statement on Freshwater Management, Hauraki Gulf Marine Spatial Plan.

Moderate

No Change

Procurement and Supplier Management: Processes do not deliver value for money or contractual obligations resulting in financial, legal and non-delivery of services implications.

Moderate

No Change

Regulatory Approvals and Consents (Accreditation)*: Inadequate consents process leading to Council losing license to issue consents.

Moderate

No Change

Regulatory Approvals and Consents*: Regulatory approvals process leading to major customer dissatisfaction.

Moderate

No Change

* Denotes insurance coverage as agreed by AC in the Insurance Programme.

The AC Enterprise Risk Management Framework defines the risk levels based on the “5x5 likelihood and consequences matrix” and the acceptability as shown below:

Consequences	5 Extreme	Moderate	Moderate	High	High	High
	4 Major	Moderate	Moderate	Moderate	High	High
	3 Moderate	Low	Moderate	Moderate	Moderate	High
	2 Minor	Low	Low	Moderate	Moderate	Moderate
	1 Insignificant	Low	Low	Low	Moderate	Moderate
		1 Rare	2 Unlikely	3 Possible	4 Likely	5 Almost Certain
		Likelihood

Risk Level	Significance	Level of Risk Acceptability
Level 1	High	Intolerable (active management by Operational Leaders)
Level 2	Moderate	Tolerate if the cost of risk elimination, transfer or reduction is greater than the improvement gained.
Level 3	Low	Tolerate risk

Risk Status Update

The risk status update shows the movement of the risks from the previous period and is denoted by the following format:

Decrease

No Change

Increase

Report Prepared By:	Risk Manager	Date:	9/2/2015
Reviewed By:	Head of Risk	Date:	10/2/2015
Report Approved By:	General Counsel	Date:	10/2/2015

Audit and Risk Committee

18 February 2015

Exclusion of the Public: Local Government Official Information and Meetings Act 1987

That the Audit and Risk Committee:

a) exclude the public from the following part(s) of the proceedings of this meeting.

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution follows.

This resolution is made in reliance on section 48(1)(a) of the Local Government Official Information and Meetings Act 1987 and the particular interest or interests protected by section 6 or section 7 of that Act which would be prejudiced by the holding of the whole or relevant part of the proceedings of the meeting in public, as follows:

C1 Legislative Compliance Framework Project

Reason for passing this resolution in relation to each matter

Particular interest(s) protected (where applicable)

Ground(s) under section 48(1) for the passing of this resolution

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 7.

s7(2)(c)(i) - The withholding of the information is necessary to protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information or information from the same source and it is in the public interest that such information should continue to be supplied.

In particular, the report contains information and advice concerning an Internal Audit investigation.

s7(2)(c)(ii) - The withholding of the information is necessary to protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to damage the public interest.

In particular, the report contains information and advice concerning an Internal Audit investigation.

s48(1)(a)

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 7.

C2 Update on Integrity and Investigation Activities

Reason for passing this resolution in relation to each matter

Particular interest(s) protected (where applicable)

Ground(s) under section 48(1) for the passing of this resolution

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 6.

s6(a) - The making available of the information would be likely to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences and the right to a fair trial.

In particular, this report contains operational information regarding investigation and other activity, which if released may compromise the effective delivery of our integrity and investigative services.

s48(1)(a)

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 6.

C3 Update on Internal Audit Activities

Reason for passing this resolution in relation to each matter

Particular interest(s) protected (where applicable)

Ground(s) under section 48(1) for the passing of this resolution

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 7.

In particular, the report contains financial and operational information and details of Internal Audit activity which if released may jeopardise the effective delivery or Internal Audit services.

s48(1)(a)

The public conduct of the part of the meeting would be likely to result in the disclosure of information for which good reason for withholding exists under section 7.

Chairperson	Cr Sir John Walker, KNZM, CBE
Deputy Chairperson	Cr Dr Cathy Casey
Members	Cr Cameron Brewer
	Cr Bill Cashmore
	Mr Paul Conder, CA
	Cr Sharon Stewart, QSM
	Mr Roy Tiffin, FCA
	Cr Penny Webster
Ex-officio	Mayor Len Brown, JP
	Deputy Mayor Penny Hulse

Author	Mike Giddey - Democracy Advisor
Authoriser	Grant Taylor - Governance Director