Agenda of Audit and Risk Committee

TERMS OF REFERENCE

Purpose

The purpose of the Audit and Risk Committee is to assist and advise the Governing Body in discharging its responsibility and ownership of governance, risk management, and internal control.

The committee will review the effectiveness of the following aspects of governance, risk management and internal control:

· enterprise risk management (ERM) across the Auckland Council group

· internal and external audit and assurance

· integrity and investigations

· monitoring of compliance with laws and regulations

· significant projects and programmes of work focussing on the appropriate management of risk

· oversight of preparation of the LTP, Annual Report, and other external financial reports required by statute.

The scope of the committee includes the oversight of risk management and assurance across council’s CCOs with respect to risk that is significant to the Auckland Council group.

To perform his or her role effectively, each committee member must develop and maintain his or her skills and knowledge, including an understanding of the committee’s responsibilities, and of the council’s business, operations and risks.

Decision-Making Powers

The committee has no decision making powers.

The committee may request expert advice through the chief executive where necessary.

The committee may make recommendations to the Governing Body and / or chief executive.

Tenure

External members will be appointed for an initial period not exceeding three years, after which they will be eligible for extension or re-appointment, after a formal review of their performance, and have not already served two terms on the committee. Councillors appointed to the committee will automatically cease to hold office at the time of the local authority triennial elections. They may be eligible for re-appointment post those elections if they are returned to office and have not already served two terms on the committee.

The chief executive, and the senior management team members will not be members of the committee.

The members, taken collectively, will have a broad range of skills and experience relevant to the operations of the council. At least one member of the committee should have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

Committee’s responsibilities

The committee’s responsibilities are detailed below.

Forward Work Programme

The committee will agree and approve annually a forward work programme – which will consist of in depth briefings and reviews of specific significant risks and assurance strategies, as contained in the ERM “Top Risks” or Auckland Council’s work plan.

Risk management

· Review, approve and monitor the implementation of the ERM policy, framework and strategy (including risks pertaining to CCOs that are significant to the Auckland Council group).

· Review and approve the council’s “risk appetite” statement.

· Review the effectiveness of risk management and internal control systems including all material financial, operational, compliance and other material controls. This includes legislative compliance (including Health and Safety), significant projects and programmes of work, and significant procurement.

Review risk management reports identifying new and / or emerging risks, and any subsequent changes to the ERM “Top Risk” register.

Internal Audit

· Review annually the Internal Audit Charter – which confirms the authority, independence and scope of the function.

· Review and approve annually and monitor the implementation of the 3 year Internal Audit Strategy and 12 month detailed Internal Audit Plan.

· Review the co-ordination between the risk and internal audit functions – including the integration of the council’s ERM risk profile with the Internal Audit programme. This includes assurance over all material financial, operational, compliance and other material controls. This includes legislative compliance (including Health and Safety), significant projects and programmes of work, and significant procurement.

· Review the reports of the Internal Audit functions dealing with findings, conclusions and recommendations (including assurance over risks pertaining to CCOs that are significant to the Auckland Council group)

Review and monitor management’s responsiveness to the findings and recommendations – enquiring into the reasons that any recommendation is not acted upon.

Fraud and Integrity

· Review and approve annually, and monitor the implementation of, the Fraud and Integrity Strategy, including detailed work programme.

· Review annually the whistleblowing procedures and ensure that arrangements are in place by which staff, may, in confidence, raise concerns about possible improprieties in matters of financial reporting, financial control or any other matters, and that there is proportionate and independent investigation of such matters and appropriate follow-up action.

· Review the procedures in relation to the prevention, detection, reporting and investigation of bribery and fraud.

· Review and monitor policy and process to manage conflicts of interest amongst elected members, local board members, management, staff, consultants and contractors.

Review reports from the Risk, Internal Audit, Integrity and Investigations, external audit and management related to whistle blower, ethics, bribery and fraud related incidents.

Statutory Reporting

Review and monitor the integrity of the interim and annual report including statutory financial statements and any other formal announcements relating to the council’s financial performance, focussing particularly on:

· compliance with, and the appropriate application of, relevant accounting policies, practices and accounting standards

· compliance with applicable legal requirements relevant to statutory reporting

· the consistency of application of accounting policies, across reporting periods, and the Auckland Council group

· changes to accounting policies and practices that may affect the way that accounts are presented

· any decisions involving significant judgement, estimation or uncertainty

· the extent to which financial statements are affected by any unusual transactions and the manner in which they are disclosed

· the disclosure of contingent liabilities and contingent assets

· the clarity of disclosures generally

· the basis for the adoption of the going concern assumption

significant adjustments resulting from the audit.

External Audit

· Discuss with the external auditor before the audit commences:

· the nature and scope of the external audit

· areas of audit focus

· error and materiality levels.

· Review with the external auditors representations required by elected members and senior management, including representations as to the fraud and integrity control environment.

· Review the external auditors management letter and management responses, and inquire into reasons for any recommendations not acted upon.

Where required, the chair may ask a senior representative of the Office of the Auditor General to attend the committee meetings to discuss the office’s plans, findings and other matters of mutual interest.

Interaction with Council Controlled Organisations

Other committees dealing with CCO matters may refer matters to the Audit and Risk Committee for review and advice.

This committee will enquire to ensure adequate processes at a governance level exist to identify and manage risks within a CCO. Where an identified risk may impact on Auckland Council or the wider group, the committee will also ensure that all affected entities are aware of and appropriately managing the risk.

The Head of Risk and Head of Internal Audit are responsible for the provision of quality risk, assurance, insurance and ethics and integrity services for all CCOs except Auckland Transport and Watercare (with the exception of insurance services which are provided to Auckland Transport). Auckland Transport and Watercare have their own risk and assurance functions. The Head of Risk and Head of Internal Audit are responsible for monitoring CCO risk and internal audit strategies with respect to risks that are significant to the Auckland Council group.

Annual Report on the work of the committee

The chair of the committee will submit a written review of the performance of the committee to the chief executive on an annual basis. The review will summarise the activities of the committee and how it has contributed to the council’s governance and strategic objectives. The chief executive will place the report on the next available agenda of the governing body.

Exclusion of the public – who needs to leave the meeting

Members of the public

All members of the public must leave the meeting when the public are excluded unless a resolution is passed permitting a person to remain because their knowledge will assist the meeting.

Those who are not members of the public

General principles

· Access to confidential information is managed on a “need to know” basis where access to the information is required in order for a person to perform their role.

· Those who are not members of the meeting (see list below) must leave unless it is necessary for them to remain and hear the debate in order to perform their role.

· Those who need to be present for one confidential item can remain only for that item and must leave the room for any other confidential items.

· In any case of doubt, the ruling of the chairperson is final.

Members of the meeting

· The members of the meeting remain (all Governing Body members if the meeting is a Governing Body meeting; all members of the committee if the meeting is a committee meeting).

· However, standing orders require that a councillor who has a pecuniary conflict of interest leave the room.

· All councillors have the right to attend any meeting of a committee and councillors who are not members of a committee may remain, subject to any limitations in standing orders.

Independent Māori Statutory Board

· Members of the Independent Māori Statutory Board who are appointed members of the committee remain.

· Independent Māori Statutory Board members and staff remain if this is necessary in order for them to perform their role.

Staff

· All staff supporting the meeting (administrative, senior management) remain.

· Other staff who need to because of their role may remain.

Local Board members

· Local Board members who need to hear the matter being discussed in order to perform their role may remain. This will usually be if the matter affects, or is relevant to, a particular Local Board area.

Council Controlled Organisations

· Representatives of a Council Controlled Organisation can remain only if required to for discussion of a matter relevant to the Council Controlled Organisation.

1 Apologies

At the close of the agenda no apologies had been received.

2 Declaration of Interest

Members are reminded of the need to be vigilant to stand aside from decision making when a conflict arises between their role as a member and any private or other external interest they might have.

3 Confirmation of Minutes

That the Audit and Risk Committee:

a) confirm the ordinary minutes of its meeting, held on Monday, 29 May 2017, including the confidential section, as a true and correct record.

4 Petitions

At the close of the agenda no requests to present petitions had been received.

5 Public Input

Standing Order 7.7 provides for Public Input. Applications to speak must be made to the Governance Advisor, in writing, no later than one (1) clear working day prior to the meeting and must include the subject matter. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders. A maximum of thirty (30) minutes is allocated to the period for public input with five (5) minutes speaking time for each speaker.

At the close of the agenda no requests for public input had been received.

6 Local Board Input

Standing Order 6.2 provides for Local Board Input. The Chairperson (or nominee of that Chairperson) is entitled to speak for up to five (5) minutes during this time. The Chairperson of the Local Board (or nominee of that Chairperson) shall wherever practical, give one (1) day’s notice of their wish to speak. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders.

This right is in addition to the right under Standing Order 6.1 to speak to matters on the agenda.

At the close of the agenda no requests for local board input had been received.

7 Extraordinary Business

Section 46A(7) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“An item that is not on the agenda for a meeting may be dealt with at that meeting if-

(a) The local authority by resolution so decides; and

(b) The presiding member explains at the meeting, at a time when it is open to the public,-

(i) The reason why the item is not on the agenda; and

(ii) The reason why the discussion of the item cannot be delayed until a subsequent meeting.”

Section 46A(7A) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“Where an item is not on the agenda for a meeting,-

(a) That item may be discussed at that meeting if-

(i) That item is a minor matter relating to the general business of the local authority; and

(ii) the presiding member explains at the beginning of the meeting, at a time when it is open to the public, that the item will be discussed at the meeting; but

(b) no resolution, decision or recommendation may be made in respect of that item except to refer that item to a subsequent meeting of the local authority for further discussion.”

8 Notices of Motion

There were no notices of motion.

Audit and Risk Committee

19 July 2017

Audit and Risk Committee - forward work programme

File No.: CP2017/13301

Purpose

1. To review and update the Audit and Risk Committee’s three-year forward work programme

Executive summary

2. The committee approved its three-year forward work programme at its 29 May 2017 meeting. It is good practice to review the forward work programme at each committee meeting, to ensure that it can be adapted quickly if council’s risk profile changes and that it remains relevant to the needs of the committee.

3. There are no substantive changes recommended to the forward work programme that arise from a change in the risk profile of council.

Recommendation/s

That the Audit and Risk Committee:

a) reconfirm the three-year forward work programme.

Comments

4. The forward work programme is attached at Attachment A.

5. The Audit and Risk Committee’s three-year forward work programme was last approved on 29 May 2017.

6. The forward work programme reflects:

· governance, risk management and internal control matters as contained in council’s Enterprise Risk Management Top Risk Register relevant to the committee’s Terms of Reference;

· areas of focus in the Internal Audit programme

· the annual cycle including the audit of council’s Annual Report and the risk, internal audit and integrity, and investigations functions.

7. It is good practice that the committee, as a standing item at each meeting, review and confirm its forward work programme. This is to ensure that the work programme is flexible, can be adapted quickly if council’s risk profile changes and remains relevant to the needs of the committee.

8. For example, it would be appropriate for the committee to consider a change to the approved forward work programme in the event there has been a significant change in the risk profile of council as reflected in the Top Risk Register. Similarly a significant event occurring either within council or in the wider operating environment could result in a change in the work programme of the committee.

9. No such change in council’s risk profile, or significant event has occurred since the last meeting of this committee.

10. The committee should note the following changes to the timing of specific items:

· the internal audit 2017 review, strategy update and 30 June 2018 audit plan will be tabled at the August 2017 meeting of the committee

· the legal risk report has been deferred to the August 2017 meeting of the committee

· the workshop items are being rescheduled, to allow sufficient time to have an in-depth discussion on the topic matters. This will occur prior to the August 2017 meeting of the committee.

Consideration

Local board views and implications

11. The views of local boards have not been sought for this report.

Māori impact statement

12. This report is for information only and does not have direct impact on Māori.

Implementation

13. The forward work programme will be reviewed regularly to meet the needs of the committee.

Attachments

No.	Title	Page
a ⇩	Forward Work Programme	15

Signatories

Author	Mark Maloney - Head of Internal Audit
Authoriser	Phil Wilson - Governance Director

Audit and Risk Committee

19 July 2017

Review Engagement Management Report for the six months ended 31 December 2016 and Interim Audit Management Report for the year ending 30 June 2017

File No.: CP2017/13908

Purpose

1. This report summarises the issues identified by Audit New Zealand during their interim audit and the review engagement and outlines how the council is addressing the issues raised.

Executive summary

2. Audit New Zealand is the council’s external auditor appointed by the Office of the Controller and Auditor-General to conduct the audit on his behalf. Audit New Zealand works with council throughout the year reviewing our internal controls, half year report and disclosures to both the New Zealand and overseas stock exchanges and auditing our annual report. Audit New Zealand issues reports to council throughout the year with recommendations on how the council can enhance and improve our processes and procedures and disclosures.

3. In the second half of the 2016/17 financial year Audit New Zealand has issued two separate reports to council with their recommendations. Council has provided our responses outlining the actions we are undertaking to address the issues raised.

4. The council has acknowledged that in several areas such as the clearing of unallocated receipts, cash handling, the timely completion of mortgagees demands for rates debtors and the assessment of development contribution revenue, the processes did not operate as they should have and that there were issues which needed to be addressed. In many of these areas, the council had identified these issues prior to Audit New Zealand’s reviews and had put in place measures to rectify the issues noted.

5. Audit New Zealand has identified a couple of non-financial performance measures on which council may have not had accurate data to report results. These are in relation to the Department of Internal Affairs mandatory measures on stormwater, where the information is held by Fire and Emergency New Zealand, rather than council. The other significant area is on reporting on consenting activities. As a result of the migration of data into NewCore the council is unable to rely of the previous reports used, to obtain the results. Council is working with Audit New Zealand to ensure the results to be reported in the annual report are supported by appropriate reports.

6. There are no matters raised by Audit New Zealand which council disagrees with. The council is actively addressing the issues raised, and we will address the non-financial reporting issues in particular, to ensure that the matters will not impact on the audit opinion of the council’s annual report.

Recommendation/s

That the Audit and Risk Committee:

a) note the issues raised and the council’s responses to the matters raised in the review engagement and interim audit reports issued by Audit New Zealand.

Comments

7. During the financial year Audit New Zealand undertakes a series of reviews and makes recommendations to enhance council’s internal controls, processes and financial statement preparation. Council responds to the items raised and indicates the actions we will undertake to resolve each issue.

8. In the second half of the 2016/17 financial year Audit New Zealand has issued two management reports, the issues identified in the review engagement associated with the preparation of the interim financial report for the period to 31 December 2016, and the interim audit of the annual report for the year ended 30 June 2017.

9. Significant issues identified by Audit New Zealand in the two reports and the actions undertaken by the council are outlined in paragraphs 10-29 of this report.

Matters raised in both management reports

Development contributions revenue

10. Audit New Zealand has raised two issues regarding development contribution revenue. In the report on the review engagement it was noted that during the period from August 2016 to late December 2016 the council’s development contribution assessment tool was not working. During this time no new assessments of development contribution revenue could be calculated. When the assessment tool was fixed in December 2016 and work was performed to clear the backlog, it was then discovered a follow on issue had occurred in the Manukau area.

11. The second issue with development contribution revenue is outlined in the interim audit report. The council identified that during the time the development contribution tool was not operational in the Manukau area, an administrative error occurred and applicants were advised that no development contributions were required, when in fact the assessment on whether a development contribution was required had not been performed.

12. Following the identification of the issue, a working group was established that investigated how the issue had occurred and how to prevent a reoccurrence in the future. The working group confirmed the action to invoice and seek payment from the 156 customers incorrectly advised that a development contribution was not required on their application.

13. Accordingly, amended processes have been implemented to prevent a reoccurrence and we have contacted the 156 customers advising them of the error and of the requirement to pay a development contribution. Council has received a small number of phone calls regarding the issue and we are confident that payment will be received once actual invoices are issued.

Matters raised in the review engagement management report

Unallocated receipts

14. Audit New Zealand identified an issue regarding the volume and value of unallocated receipts (money received which has not been allocated to the correct invoice on a debtor account). The council is undertaking a programme of work to clear the items, identify why the unallocated receipts are occurring and implement system and process changes to minimise unallocated receipts arising in the future. Work in this area is continuing.

Cash handling controls

15. Inconsistencies in the application of council’s cash handing procedures were identified by Audit New Zealand in the two sites they reviewed. Coincidentally the two sites reviewed by Audit New Zealand had been reviewed as part of the ongoing internal audit programme to review cash handling in cash receipting sites. Audit New Zealand’s findings were consistent with the recommendations made by internal audit. The Internal Audit department is monitoring the implementation of the recommendations.

Increase in the level of rates debtors

16. Audit New Zealand noted that due to some delays in commencing and completing collection processes the level of rates debtors had increased. Council acknowledged due to the implementation of NewCore there had been a delay in producing the notifications to the mortgagees in August 2016. Once Council issued the notification to mortgagees the rates debtor levels returned to prior year levels. We have put in place processes to ensure that the mortgagee data is completed in August each year to avoid this situation reoccurring.

Matters raised in the interim audit management report

Consenting activities: systems and controls

17. In the report on the interim audit, Audit New Zealand noted weakness over council’s reporting of compliance with statutory timeframes for resource and building consent processing. This is mainly due to processing dates and supporting information being input into the system manually and because there are limited review controls over the accuracy of the data.

18. To enhance the accuracy of reported information and to reduce inefficiencies, the council is implementing the Consenting Made Easy programme. The programme consists of a number of initiatives, including review and enhancing of processes across all regulatory activities. Consenting Made Easy initiatives have started to be implemented, including the implementation of Newcore across the region. The full benefits of the programme will be realised towards the end of 2017 as other council-wide projects are fully implemented.

Consenting activities: NewCore reporting and migration

19. Audit New Zealand noted that following the migration of the north and west legacy council information into NewCore in October 2016, the departments have had difficulty generating reliable reports to measure compliance with statutory timeframes. The issues identified indicated there were potential issues with underlying data within the NewCore system, including potential inconsistencies in the way resource consent data from the different legacy systems was migrated into NewCore, and potential errors in the way building consent processing dates are captured and updated in the NewCore system.

20. To address the issues, as part of the migration of data to SAP identified issues in relation to reporting, cleansing or SAP setup, were raised and appropriate plans and strategies developed.

21. Council are working to cleanse the historic legacy data issues and perform checks to verify the accuracy of the non-financial information prior to presenting this to Audit New Zealand for year-end reporting. As a result of the additional work the council needs to perform, we have agreed with Audit New Zealand that we will delay the delivery of the non-financial information until 24 July 2017 to allow time to check the data.

Non-financial reporting housing accord key performance indicators

22. Audit New Zealand recommended that council considered how it would report against the housing accord target, given the housing accord agreement expired during the year. Council has continued to report on the housing accord key performance indicator monthly and intends to report the results for the full financial year in the annual report.

Non-financial reporting stormwater mandatory measures

23. Under the Non-Financial Performance Measures Rules 2013 and schedule 10 of the Local Government Act 2002, council is required to report on two specified stormwater measures. Council has identified that we are unable to report on the mandatory stormwater measures, because they rely on source information based on calls from the public about flooding. If a residence is flooded, council refers callers to Fire and Emergency New Zealand. However, the number of calls that council receives is only a subset of total calls, as some people call Fire and Emergency New Zealand directly.

24. In addition whilst council is able to access information from Fire and Emergency New Zealand, the relevant information is sourced from individual Fire and Emergency New Zealand call-out records. These records often do not record a specific address, or the number of floors flooded, or time to respond. It is also a very manual method to collate the required information.

25. Given we can’t measure this accurately, council’s annual report will note this inability and will instead provide information on the number of flooding events reported to council.

26. To address this measurement issue going forward, we have contacted the Department of Internal Affairs regarding the issues we experience as the same measurement issue will affect other councils. We have suggested that the Department of Internal Affairs relook at this measure, to develop an alternative that can be measured and reported accurately and completely. We have offered to assist the Department of Internal Affairs in the development of a new measure. Alternatively we have suggested that the Department of Internal Affairs work with Fire and Emergency New Zealand to develop data capture systems to accurately and efficiently capture the information that is required to report this measure.

Non-financial reporting food grading

27. In prior years Audit New Zealand has identified weakness in council’s controls for food grading. They have reinforced that the risks associated with weaknesses in the food grading systems, including the risk that incorrectly certified food suppliers are operating, creating a potential public health risk, and have recommended that the council address identified issues.

28. Council has introduced a new quality management system. This was implemented in mid-2016. We believe the new system addresses the risks associated with incorrectly certified food suppliers and the associated public health risks.

29. The system’s design was reviewed by the Internal Audit department prior to implementation. Internal Audit updated their review of this system in April 2017 and is currently completing testing. Any recommendations made will be implemented.

Consideration

Local board views and implications

30. There are no issues relating to reporting at a local board level. Accordingly the views of local boards have not been sought.

Māori impact statement

31. The report does not affect the achievement or reporting on Auckland Council or the council group’s contributions towards Māori outcomes. Council’s contribution to Māori outcomes are reported in the annual report.

Implementation

32. There are no implementation issues.

Attachments

No.	Title	Page
a ⇩	Review Engagement Management Report for the six months ended 31 December 2016	25
b ⇩	Interim Audit Management Report for the year ending 30 June 2017	39

Signatories

Author

Francis Caetano - Group Financial Controller

Authorisers

Kevin Ramsay - General Manager Corporate Finance and Property

Phil Wilson - Governance Director

Audit and Risk Committee

19 July 2017

Risk reporting by substantive council-controlled organisations

File No.: CP2017/13080

Purpose

1. To consider and identify a preferred option for the future risk reporting regime of substantive council-controlled organisations (the CCOs) to the Audit and Risk Committee and agree the process for engaging with the CCOs about the preferred option and implementation.

Executive summary

Risk update from the council-controlled organisations

2. The current arrangement for reporting of risk by CCOs to the Audit and Risk Committee is through:

· quarterly reporting against the CCO statement of intent (quarterly reports). Quarterly reports are received by the Finance and Performance Committee. The risk management sections of the quarterly reports are extracted and reported under separate cover to the Audit and Risk Committee (quarterly risk report).

· an annual audit summary provided by each CCO that identifies any audit issues (annual audit summary).

3. This report includes the CCO quarterly risks report for the quarter ended 31 March 2017 as Attachment A. It is recommended that the Audit and Risk Committee receive this update.

Options for enhanced CCO reporting

4. At its meeting on 1 March 2017, the Audit and Risk Committee requested a report on the available options for enhancing the risk information provided by the CCOs to the Audit and Risk Committee.

5. Current reporting on risk by CCOs varies in the level of disclosure of risks, content, and information. Generally, the focus is on setting out the risk management approach and processes in place by each CCO. The CCOs provide a statement of assurance that controls are operating effectively and no events have occurred that would impact on Auckland Council.

6. It is recommended that the reporting of risks by the CCOs be enhanced to ensure the Audit and Risk Committee can fulfil its terms of reference established by the governing body and the Finance and Performance Committee and, in particular, execute its responsibilities concerning interaction with the CCOs.

7. The recommended option is to enhance the status quo arrangements together with additional reporting by CCOs is as follows:

· enhance the current arrangement for the CCOs to provide assurance and high level information regarding risk management processes (through quarterly reports and annual audit summaries) by further clarifying the information that is to be provided and by enhancing the relevant reporting templates accordingly

· CCOs to provide separately to the council’s enterprise risk management team (ERM team) on a quarterly basis the top risk information/register that has been reported to each CCO’s Audit and Risk Committee (or equivalent) (top risk information/register)

· Audit and Risk Committee to receive top risks register/ information in confidence, under cover of a report from ERM team (top risks report). In order to stream line reporting to the Committee, this will be reported together with the quarterly risk update

· CCO senior executives to attend the Audit and Risk Committee every six months at a scheduled time in the Audit and Risk Committee work programme or as required by the committee

· recommend to the Finance and Performance Committee that the CCO Governance Manual is amended to include the enhanced reporting arrangements and reporting templates.

Recommended process

8. The recommended process for implementing this proposal and engaging with the CCOs is for:

· the chair of the Audit and Risk Committee and the council’s chief executive to jointly write to the chief executives and the board chairs of each CCO outlining the desire to enhance the current risk information to the council; and

· request a senior manager be nominated from each CCO as representative on a risk reporting working group to discuss the proposal, confirm requirements and agree implementation and timeframes.

9. The desired timeframe for the CCOs to provide their first top risk register would be at the same time as their quarterly reports which are due December 2017.

Recommendation/s

That the Audit and Risk Committee:

a) receive the Risk Reporting by council-controlled organisations report

b) receive the council-controlled organisations quarterly risks report for the quarter ended 31 March 2017

c) approve the preferred option for reporting risk to the committee as follows:

· enhance the current arrangement for the substantive council-controlled organisations to provide assurance and high level information regarding risk management processes (through quarterly reports and annual audit summaries) by further clarifying the information that is to be provided and by enhancing the relevant reporting templates accordingly

· substantive council-controlled organisations to provide separately to the council’s enterprise risk management team on a quarterly basis the top risk information/register that has been reported to each council-controlled organisation’s Audit and Risk Committee (or equivalent)

· the committee to receive a top risks register in confidence, under cover of a report from enterprise risk management team In order to stream line reporting to the committee, this will be reported together with the quarterly risk update

· council-controlled organisation senior executives to attend the committee every six months at a scheduled time in the committee work programme or as required by the committee

· recommend to the Finance and Performance Committee that council’s Governance Manual for Substantive CCOs is amended to include the enhanced reporting arrangements and reporting templates.

d) approve the process for engaging with the council-controlled organisations and implement reporting as follows:

· the chair of the committee and the council’s chief executive to jointly write to the chief executives and the board chairs of each council-controlled organisation outlining the desire to enhance the current risk information to the council; and

· request a senior manager be nominated from each council-controlled organisation as representative on a risk reporting working group to discuss the proposal, confirm requirements and agree implementation and timeframes.

Comments

Current state - background

10. The Audit and Risk Committee Terms of Reference establish the scope and remit of the committee. This includes review of risk management across the council group and oversight of risk management and assurance across the CCOs with respect to risk that is significant to the council group. Terms of Reference adopted by Governing Body on 1 November 2016 with relevant sections highlighted is provided as Attachment B.

11. The boards of directors for each CCO are responsible for the oversight of risk management for their respective CCOs.

12. The current approach to risk reporting, as contained in council’s Governance Manual for Substantive CCOs 2015, requires each CCO to provide to the council:

· an annual summary of any risk matters raised through the annual audit process and associated actions/plans to resolve these based on an ‘Audit Summary Letter template

· quarterly reports as part of the statement of intent programme. This includes key information regarding their risk management processes and any key risks relevant to the council group. A quarterly report template is provided to the CCOs.

Annual audit reporting

13. The requirement for annual audit summaries was established from July 2014 when the Audit and Risk Committee passed a resolution to obtain oversight of CCO risk.

14. Senior CCO executives generally attend the Audit and Risk Committee annually to provide a verbal update on any audit issues raised, and to answer questions from the committee.

15. The most recent report on the annual audit summaries and attendance by senior CCO executives was received by the Audit and Risk Committee on 13 September 2016 Audit and Risk Committee meeting [CP2016/18405].

Quarterly reporting

16. The requirement for the CCOs to each provide risk information as part of their quarterly reports was established from December 2014 when the Audit and Risk Committee requested that the CCOs include:

· how key risks are identified, assessed and managed

· an update on the approach to risk management, internal audit and external audit

· progress on current internal and external audit issues

· any financial impacts that will affect council group

· any key risks that are of a senior management or governance level that could impact on the wellbeing or reputation of the CCO or council.

17. The information/ update is extracted from the quarterly reports by the council CCO Governance and External Partnerships department and is the basis of the quarterly risk report to the Audit and Risk Committee.

18. Generally the CCOs have not attended the Audit and Risk Committee meeting at which the summary report is received.

19. The quarterly risk report for the quarter ending 31 March 2017 is attached as Attachment A.

Issues with current reporting arrangements

20. Currently the information provided is inconsistent across the CCOs, is high level and does not detail actual top risks or information on how risks have been rated, managed, treated or controlled. We note that council’s Governance Manual for Substantive CCOs is likely to be updated next in 2018.

21. More information is required to achieve oversight and monitoring of risks that are sitting with the CCOs. Oversight is necessary to ensure that risks are being managed appropriately and enable CCO risks to be appropriately integrated and treated across the council group.

22. The key issues are:

· how to ensure the Audit and Risk Committee has access to and is receiving sufficient information to discharge its responsibilities

· the level of detail CCOs provide on their risk management activities and specific risks in the quarterly reports

· inconsistency of information provided between CCOs

· frequency of reporting - reporting information provided quarterly and attendance at committee annually.

Outcome, objectives for change

23. The objective is for the Audit and Risk Committee to be able to receive sufficient information to have oversight and assurance to ensure appropriate and effective risk management across the council group.

Options

24. We have identified five options for risk reporting by the CCOs:

Table: Options for reporting risk information

Option

Pros and Cons

Risks

Option 1: Continue status quo

High-level risk information and assurances in quarterly reports.

Annual audit summary reports on any audit matters concerning risk.

Annual attendance by CCO executives at the Audit and Risk Committee.

Pros:

Established process.

The attestation/ assurance process limits the amount of sensitive information being shared.

The attestation or assurance statements are a control that provides some certainty that CCOs are managing risks.

Cons:

Does not provide information to council to identify risks that could adversely affect council.

Inconsistency in information.

Lack of transparency and understanding of actual risks.

CCOs decide, interpret and report what information council needs to receive. CCOs may not be aware of the potential impact of risks in CCOs on council and the wider council group.

Audit and Risk Committee has still has insufficient information to complete responsibilities.

Council impacted by unidentified risks owned by CCOs – surprises, reputational risk.

Option 2: Enhance status quo

Continue status quo (as per option 1) but further clarify the council’s expectations for information to be provided by the CCOs.

Enhance current reporting templates to assist with consistency and completeness.

Pros:

Work with current arrangement.

Improve information already being provided.

Cons:

Will require work to agree information required and enhance templates.

Is still high level and subject to interpretation by CCOs.

CCOs may have to do slightly more to complete reports (depending on the changes to the templates).

As Option 1

Option 3: Enhance status quo together with additional reporting of top risks (recommended option)

In addition to enhanced status quo in option 2:

CCOs to provide the ERM team quarterly with their top risk information or register

(i.e. reports/ information provided to their Audit and Risk Committee or equivalent).

ERM team to prepare streamlined summary report to Audit and Risk Committee containing both:

quarterly risk report information

top risk report.

Pros:

Improved oversight of risks within the CCOs.

Enhanced information with actual reporting already going to CCO audit and risk committees.

Administratively efficient - little additional work by the CCOs to complete report.

Will reduce need for CCOs interpreting information for council and only reporting what is judged to affect council.

Cons:

May contain information not relevant to the council or relating to governance and operational matters outside the scope of committee.

Each CCO may have different reporting requirements and formats for top risks, or may not report top risks at all.

Confidentiality/ sensitivity of risk reports.

The top risks information/ register may still not provide the risk information that the council requires to adequately assess how CCO risks affect the council.

Option 4a: CCOs provide complete risk registers

CCOs provide a complete set of all CCO risk registers to the ERM team.

Pros:

Significant increase in information and visibility/ transparency.

Cons:

Too much information and significant administrative resource by CCOs and ERM team.

Unnecessary to have access to all risk registers as operational risks owned by CCOs. Top risks are critical and more likely to impact on council group.

Onerous task and insufficient resource turns the analysis of complete risk registers into a ‘box-ticking’ exercise.

Option 5 –Regular meetings and sharing of information between council’s Head of Risk and CCO risk managers

Pros:

Generates more information.

Assist in relationship building with CCOs and ensuring the ERM team at Council obtains a sense of the risk exposure of CCOs that may adversely affect the council.

An established relationship around enterprise risk with CCOs means greater receptiveness, resulting in cooperation and collaboration.

Cons:

Informal process reliant on relationships.

Time consuming

No standard requirements or form method of recording and reporting information.

The meeting structure may be ineffective to obtain sufficient and appropriate risk information for reporting purposes.

Process steps to get to preferred option

25. The recommended process for implementing this proposal and engaging with the CCOs is as follows:

· request a senior manager be nominated from each CCO as representative on a risk reporting working group to discuss the proposal, confirm requirements and agree implementation and timeframes.

26. The desired timeframe for the CCOs to provide their first top risk register/ information would be at the same time as their quarterly reports in December 2017. A report containing both the top risk report and the quarterly risk report would then go up to the following Audit and Risk Committee.

Consideration

Local board views and implications

27. The matters raised in this report relate to CCO accountability and governance which is the responsibility of governing body. As such, the views of particular local boards were not sought.

Māori impact statement

28. Oversight of CCO risk by council’s Audit and Risk Committee has no specific implications for Māori wellbeing and does not raise any matters requiring iwi consultation.

Implementation

29. Implement recommended engagement with CCOs and commence reporting in December 2017.

Attachments

No.	Title	Page
a ⇩	Substantive CCOs quarterly risks report March 2017	67
b ⇩	Audit and Risk Committee Terms of Reference - sections concerning CCOs	73

Signatories

Authors

Emma Mosely – Strategic Advisor, Risk & Compliance

Alastair Cameron - Manager - CCO Governance & External Partnerships

Authorisers

Alastair Cameron - Manager - CCO Governance & External Partnerships

James Hassall - Director Legal and Risk (Acting)

Phil Wilson - Governance Director

Audit and Risk Committee

19 July 2017

Treaty Audit Response Work Programme

File No.: CP2017/13366

Purpose

1. This report updates the committee on the approach to measurement of the Treaty Audit Response Work Programme, the roles and responsibilities of those involved in monitoring progress and the progress to date.

Executive summary

2. The Internal Audit department, as part of its routine work programme, monitors the council group’s implementation of the Treaty Audit Response Work Programme. Inclusion of this activity in the department’s work programme is in response to recommendations arising from the Independent Māori Statutory Board’s 2015 Treaty of Waitangi Audit (Treaty Audit).

3. In accordance with this committee’s forward work plan, the Internal Audit department reports on a six-monthly basis to this committee.

4. At its March 2017 meeting this committee requested that the Internal Audit department report to its July 2017 meeting on the approach to the measurement of the Treaty Audit Response Work Programme, and the steps in place in setting up a final year programme.

5. Measurement of the Treaty Audit Response Work Programme is addressed by the respective monitoring and compliance functions performed by Te Waka Angamua, the Waharoa Group, and the Internal Audit department of council. The embedding of Te Waka Angamua staff into other departments within council, and the greater level of engagement that now occurs between action owners and the Waharoa Group has strengthened these arrangements.

6. The Internal Audit department performed a stocktake of the status of Treaty Audit recommendations, and the status of individual council department and council-controlled organisation Māori Responsiveness Plans.

7. At the time of writing this report, seven of 24 action groups of the Treaty Audit had been assessed and categorised as ‘closed’. Of the 17 action groups yet to be closed, eight are substantially progressed and nine are partially progressed. The eight action groups that are substantially closed should be completely closed in the first quarter of the 2017/18 year.

8. The nine action groups that are partially progressed will be subject to close monitoring over the next year.

9. Eleven council departments and/or council-controlled organisation Māori Responsiveness Plans have been approved and are being implemented. Seven more plans within the council group are substantially progressed. An additional two plans are partially progressed and eight plans are in the early stages of development.

10. Monitoring of the 10 plans that are either partially progressed or in the early stages of development will occur in the next year.

Recommendation/s

That the Audit and Risk Committee:

a) receive the Treaty Audit Response Programme report

b) note the mechanisms in place to measure the implementation of Treaty Audit recommendations

c) note the progress made in progressing Treaty Audit recommendations and Māori Responsiveness Plans.

d) note the specific areas of monitoring focus over the next 12 months by the Waharoa Group, the Internal Audit department and Te Waka Angamua.

Comments

11. The Independent Māori Statutory Board’s Treaty of Waitangi Audit process sets out a framework for assessing council’s performance against statutory responsibilities and requirements relating to Te Tiriti o Waitangi and to Māori.

12. Te Tiriti o Waitangi Audit Report 2015 includes a “Summary of Recommended Actions”, in which 24 action groups are contained. These are linked to the 67 specific recommendations of the audit report.

13. Recommendation 66 recommends that “the responsibility for monitoring the work programme completion should move from Te Waka Angamua to Internal Audit, an independent function comprising risk and controls experts, well versed in how to undertake substantive follow up activity and with a direct reporting line to the Audit and Risk Committee, a body charged with oversight of risk, control and compliance matters”.

14. The forward work programme of this committee requires the Internal Audit department to report to this committee on a six-monthly basis, on its monitoring work on council’s response to the recommendations contained in Te Tiriti o Waitangi Audit Report 2015.

15. In addition the committee requested that the Internal Audit department report to the July 2017 meeting on its approach to the measurement of the Treaty Audit Response Work Programme, and the steps in place in setting up a final year programme (Resolution number AUD/2017/7).

16. To inform the response to this request we have performed the following work:

· reviewed the monitoring and compliance regime in place to monitor and report progress in implementing Treaty Audit recommendations

· undertaken a stocktake of the current state of progress in implementing Treaty Audit recommendations in order to identify which recommendations are at risk of not being implemented by 30 June 2018, and which will be the subject of specific monitoring by the Internal Audit department and the Waharoa Group over the next 12 months

· undertaken a stocktake of the current state of progress in approving and implementing Maori Responsiveness Plans, including assessing which Māori Responsiveness Plans are at risk of not being implemented by 30 June 2018, and which will be the subject of specific monitoring by the Internal Audit department and the Waharoa Group over the next 12 months.

Monitoring and Compliance – roles and responsibilities

17. There are three mechanisms in place that monitor progress in implementing Treaty Audit recommendations – the role performed by Te Waka Angamua, the work of the Waharoa group and the work performed by the Internal Audit department.

Te Waka Angamua

18. Te Waka Angamua (a department of council) was restructured in mid-2016. The impact of this restructuring was to temporarily stall progress on the Treaty Audit Response Programme through the latter part of 2016.

19. The restructure of Te Waka Angamua is complete and the Treaty Audit Response Work Programme should benefit from the restructure because Māori responsiveness roles are now embedded in departments of the council organisation. This includes the establishment of ‘virtual hubs’ in the Operations Division and the Strategy Division. These hubs consist of dedicated full-time staff embedded in the office of the Chief Operating Officer, the Development Project Office, the Community Facilities department, the Plans and Places department and the Southern Initiative department.

20. We now see evidence of the Treaty Audit Response Work Programme starting to regain momentum.

21. Discussions with Te Waka Angamua, and the staff embedded in the departments clearly confirm the recognition by Te Waka Angamua of their responsibility for monitoring progress in implementing Māori Responsiveness Planning at a departmental level.

The Waharoa Group

22. The Waharoa Group is comprised of representatives from the Internal Audit department, Te Waka Angamua and the Independent Māori Statutory Board secretariat. Its role is to monitor progress and apply criteria for closure of actions and each related Treaty Audit recommendation.

23. PWC Limited performed a health check on the monitoring and compliance role this group performs in late 2016. The results of the health check were reported to this committee in March 2017.

24. A key recommendation resulting from the health check is that the Waharoa Group should engage more closely with recommendation action owners in agreeing outcomes and closure criteria. This recommendation has been implemented. Recommendation action owners are now regularly engaging with the Waharoa Group. This is allowing the Waharoa Group to more effectively monitor progress in implementing recommendations.

The Internal Audit department

25. The primary focus of the Internal Audit department’s work has been the provision of direct and timely feedback on Māori Responsiveness Plans. The department also participates in the Waharoa Group, which monitors progress against Treaty Audit recommendations.

26. The work performed by the Internal Audit department in relation to outcomes for Māori is:

· review of Māori Responsiveness Plans and action owner’s individual project plans – assessing whether they are suitable to achieve Treaty Audit recommendation objectives

· obtaining regular updates from audit action owners about their progress in executing individual project plans

· periodic testing (via enquiry, observation, review and testing of underlying controls, processes and documentation) to assess whether individual project plans, internal controls and underlying processes are being implemented as intended

· review of the Treaty Audit Response Work Programme component of the quarterly report to the Finance and Performance Committee of the Te Toa Takitini Māori Responsiveness Portfolio

· reporting to the Audit and Risk Committee.

Monitoring of progress – Treaty Audit recommendations

27. Each of the actions recommended in Te Tiriti o Waitangi Audit Report 2015 has a set of agreed closure criteria. When these are met the Waharoa Group agrees to close the action (and the linked Treaty Audit recommendation). When all actions within a group are complete, the action group can be closed.

28. As at the date of this report seven of 24 action groups have been assessed by the Waharoa Group as closed. Of the remaining 17 action groups, eight are substantially progressed, and due for closure in the next three months. Nine are partially progressed.

29. A summary of the status of Treaty Audit recommendations and action groups is provided as Attachment A.

30. The nine action groups that are partially progressed will be subject to close engagement and monitoring by the Waharoa Group, Te Waka Angamua and the Internal Audit department over the next year.

Monitoring of progress – Māori responsiveness planning

31. Māori Responsiveness planning is progressing steadily. Eleven departmental Māori Responsiveness Plans have been approved and are being implemented. Seven plans are substantially progressed. Two plans are partially progressed with a further eight plans in the early stages of development.

32. The 10 departments and/or council-controlled organisation Māori Responsiveness Plans that are either partially progressed or in the preliminary stages will be subject to close engagement and monitoring by the Waharoa Group, Te Waka Angamua and the Internal Audit department over the next year.

33. A summary of the status of Māori Responsiveness Plans is provided as Attachment B.

Consideration

Local board views and implications

34. The views of local boards have not been sought in relation to this report.

Māori impact statement

35. The Treaty of Waitangi Audit Response Work Programme enables the council group to strengthen responsiveness to Māori through targeted actions and improvements.

Implementation

36. The Internal Audit department will continue to monitor the Treaty Audit response programme through 2017 and 2018.

Attachments

No.	Title	Page
a ⇩	Status of Implementation of Treaty Audit Recommendations	81
b ⇩	Status of Maori Responsiveness Plans	91

Signatories

Author	Mark Maloney - Head of Internal Audit
Authoriser	Phil Wilson - Governance Director

Audit and Risk Committee

19 July 2017

Update on risk management and insurance activities

File No.: CP2017/11861

Purpose

1. To update the committee on risk management and insurance activities at Auckland Council.

Executive summary

2. Council's Top Risk Register, maintained by the Executive Leadership Team has been updated in accordance with the quarterly review. Active mitigation strategies are in place to ensure top risks are being managed appropriately. A July 2016 snapshot of the Top Risk Register and Top Risk Report are provided for discussion (Attachments A and B respectively).

3. Based on the results of the 2016 Deloitte risk maturity perception survey, targeted initiatives have been developed and included in a team business plan for the 2017/2018 financial year. A summary of some of the key risk and insurance team objectives and initiatives is contained in Attachment C.

4. The risk team continues with the implementation of the Risk and Compliance Champions Refresh Programme. The executive leadership team and the senior leadership team have nominated risk and compliance champions for most departments within the organisation. Training and engagement is being undertaken with them and a risk and compliance forum established.

5. A 2018-2020 Risk Strategy is being developed to move the council to an “integrated” maturity level by 2020. The draft Risk Strategy will be brought to the Audit and Risk Committee for consideration and endorsement in September 2017.

6. The council group insurance renewal programme 2017/2018 was considered and approved by the Finance and Performance Committee on 20 June 2017. The council group programme has been placed in accordance with the Finance and Performance Committee decisions.

7. A confidential high level summary of the 2017/2018 council group insurance programme effective 30 June 2017 is attached for the information of the committee in Attachment D.

8. The Fire and Emergency New Zealand Act 2017 was enacted on 11 May 2017. This Act establishes Fire and Emergency New Zealand from 1 July 2017, and implements a significant change to the fire sector - reforming the Fire Service, moving rural fire services from local authorities to Fire and Emergency New Zealand, changing the funding scheme and the fire service levy.

9. While the council group insurance renewal process 2017/2018 was not affected by the anticipated levy changes and increases, council will be subject to significant increases in fire levy charges in the 2018/2019 and 2019/20 insurance renewals. Additional budget will likely need to be allocated for fire service levy increases in the order of $387,000 or 40% more than the levy paid at the 2017/2018 renewal.

Recommendation/s

That the Audit and Risk Committee:

a) receive the update on risk management activities within Auckland Council

b) receive the update on insurance activities for the Auckland Council group

c) note the placement of the 2017/2018 council group insurance programme, which became effective on 30 June 2017.

Comments

Risk team - programme of work

10. The risk team is developing a Risk Strategy that has the aim of achieving an integrated level of risk maturity for the council organisation by 2020. The draft strategy will be brought to the committee in September 2017.

11. The risk team has also developed a business plan for the 2017/2018 financial year to implement key work programmes to deliver key objectives and outcomes identified for the Legal and Risk department. Priority initiatives include ongoing work to improve the quality of risk registers, roll-out of the Risk and Compliance Champion Refresh Programme and the insurance renewal programme as discussed below.

12. A summary of some of the key risk and insurance objectives and initiatives is provided as Attachment C.

Top Risks

13. Scheduled quarterly conversations with members of the executive and senior leadership teams in June 2017 have resulted in changes to the Top Risk Report.

14. These changes include:

· reframed and clarified risk descriptions

· reviewed and updated risk ratings

· identification and agreement of risk owners

· updated risk treatment plans

15. Of the top 27 top risks, there are 11 high, 16 moderate risks and no low ranked risks. The next review is due in August 2017. The updated Top Risk Report will be reported to the committee in September 2017.

16. For ease of reference by committee and the executive leadership team, the Risk team have created a new reporting table that provides a snapshot of the Top Risks. This new table has been split into risk category and includes the risk, risk description, risk ranking and owner. This new format now allows the reader immediate visibility of where council’s high risks are.

17. A copy of the updated snapshot and detailed Top Risk report (Auckland Council Risk Report July 2017) is attached as Attachment A and B respectively.

Risk and Compliance Champions Refresh Programme

18. The Risk and Compliance Champion Refresh Programme was outlined to the committee on 1 March 2017 [CP 2017/00174].

19. Implementation of the refresh is well underway and aims to improve our risk maturity, while helping embed a stronger risk and compliance culture. The goal is to establish a well-supported risk community, reduce silos, improve risk register and compliance activities, and enable better decision making and risk management.

20. Over the last quarter the following key outcomes have been achieved :

· the risk team has met with the executive leadership team and their respective senior leaders

· over 49 nominations for the Risk and Compliance Champions Refresh Programme have been received from the executive and senior leadership teams.

· a comprehensive training programme involving new reference and information materials and a ‘hands-on’ workshop has been developed

· in the last six weeks the Risk team has held six two-hour training workshops with the nominated champions, with more sessions planned in coming weeks

· a number of senior leaders and champions have requested the risk team conduct additional risk workshops with their business units

· the feedback from the workshop sessions has been extremely positive, and the Risk team expects to receive comprehensive and refreshed operational risk registers from each department by 31 August 2017

· a risk and compliance community of practice has been formed with regular quarterly meetings scheduled. The first forum is planned for 8 August 2017.

Insurance renewal

21. The insurance renewal programme was considered and approved by the Finance and Performance Committee on 20 June 2017.

22. The Finance and Performance Committee delegated approval of the final placement of the insurance policies to the chair of the Finance and Performance Committee, chief executive and the group chief financial officer. The council group programme was fully placed under delegation by 30 June 2017.

23. The final council group insurance programme is consistent with the indicative and proposed programmes considered by the committee on 29 May 2017 and the Finance and Performance Committee on 20 June 2017.

24. At the request of the Finance and Performance Committee, cover for terrorism has been added to the programme. Terrorism cover is included as part of the material damage policy up to a loss limit of $20 million.

25. The successful completion of the placement of the 2017/2018 renewal programme delivers several important outcomes including:

(a) group policies across the whole council group for our key insurance policies

(b) council group utilising a single insurance broker

(d) consistent policy wordings and a consistent approach to insurance across the group

(e) significant improvements in coverage – especially with regards to below ground asset cover

(f) extended coverage in the areas of statutory liability, employer liability, drone liability, environmental liability, cyber and terrorism

(g) good diversification of insurers and across insurance markets.

26. A summary of the council group insurance renewal placement that became effective on 30 June 2017 is attached as Attachment D. This summary contains confidential and commercially sensitive information is therefore contained in the confidential section of the agenda.

Corporate policies

27. In conjunction with the Do it Right programme and in accordance with the corporate policy framework, the council has been reviewing its corporate policies (those policies that concern staff behaviours and apply to all council staff (e.g. concerning sensitive expenditure, fraud, bullying and code of conduct).

28. It has is recognised that corporate policies form a critical part of our guidance for staff and are necessary for enabling and ensuring staff to do the right thing. The executive leadership team and council’s corporate policy steering group have recently developed a new approach for corporate policies aimed at enabling staff, supporting trust and achieving our goal of becoming a high performing organisation.

29. A new approach and implementation plan is being developed that will include council. The substantive council-controlled organisations and key stakeholders from across council. It will engage staff so that we achieve a council-group approach for corporate policies based on core principles.

30. Initial planning and discussions with the council-controlled organisations, key policy owners and senior leaders and staff has commenced. The new approach will be implemented over the next six to twelve months. The goal is to launch new policies containing clear principles for all staff in the areas of staff health, safety and wellbeing, integrity, and information in the first quarter of 2017.

Fire and Emergency New Zealand Act 2017

31. The Fire and Emergency New Zealand Bill received Royal assent on 11 May 2017 to become the Fire and Emergency New Zealand Act 2017.

32. This Act established Fire and Emergency New Zealand on 1 July 2017, and marked the most significant change to the fire sector for 70 years.

33. The Act reformed the fire service and changed the funding scheme and the fire service levy. Levy regulations have been passed to implement the new scheme.

34. The Act also restructures the rural fire service and moves the service from local government to Fire and Emergency New Zealand. Council entered into an agreement with Fire and Emergency New Zealand (effective 1 July 2017) to transfer the assets to Fire and Emergency New Zealand as required by this legislative change.

35. On 15 May 2017, the Governor General passed regulations to establish a transition period for the part of the Act that relates to the change in the levy. These regulations set the levy from 1 July 2017 and contain a transition arrangement to gradually introduce the increased levy payable over the next two years.

36. The fire service levy is payable on council’s building/property (including rolling stock), motor vehicle and contract works policies.

37. The council group insurance renewal process 2017/2018 was not affected by the anticipated fire service levy changes and increases as this renewal process was completed 30 June 2017, before the Act came into force.

38. However, the new rates will result in a significant increase to the levy rate paid next year at the 20187/20198 renewal which will have a direct impact on cost.

39. Using the current qualifying insurance programmes as starting point and assuming no change, the increase in levy rates will generate a likely levy cost to council next year of $1,350,000. This is an increase of $387,000 or 40 percent over the levy paid at the 2017/2018 renewal.

40. From 1 January 2019, a second and possibly more significant change will be made to the fire service levy regime. From this date the basis on which the levy will be calculated on property insurance will change from the current indemnity value calculation to one based on policy sum insured. The current levy exemptions for certain types of property will also be removed and replaced with an updated and yet to be finalised schedule of exemptions. The revised schedule of exempt property is not expected to be published until August 2017.

41. To complicate matters it is also proposed to extend the types of insurance policies subject to a levy from 1 January 2019. Currently a levy is applied to any property insurance policy (both commercial and domestic) that covers the peril of fire (including fire following natural disaster) and motor vehicle policies. The Act extends this to now include those policies offering any form of property insurance. This could include such things as public liability policies that cover third party property damage.

42. The effect of these changes on council’s future fire levy costs is unknown until such time as the revised exempt property list, the 2019 Fire and Emergency New Zealand levy rates and the final confirmed list of policy types subject to the levy are released.

43. The Act provides a process for exemptions from the levy to be established in some cases. Exemptions for fine arts, roads bridges, tunnels, water infrastructure (such as the three waters reticulation network), reservoirs, dams and the likes are currently the subject of consultation by the Department of Internal Affairs.

44. The council group has provided information to the Department of Internal Affairs about the financial impact of the fire service levy changes from 2019 to support an exemption to these assets. It is anticipated that an exemption for fine arts collections will be enacted.

Consideration

Local board views and implications

45. Local boards are affected by many of the top risks as they represent risks to the entire council organisation. While no specific consultation has been done for this report, risk management activity will have benefit for local board activities.

46. The risk team has engaged with the risk and compliance champions from the Local Board Services department which has resulted in the completion and maintenance of a comprehensive risk register.

Māori impact statement

47. This information report does not have any particular benefit or adverse effects on Māori.

48. Māori outcomes and, in particular, council obligations to meet established legal and other responsibilities to Māori and satisfy all reasonable expectations of responsiveness is included and managed through the Enterprise Risk Framework - Top Risks register.

49. Meeting outcomes for Māori has been identified as a strategic risk to council (refer Top Risk No. 23 for the risk treatment plan summary in place to address this risk). The treatment plan includes initiatives being led by Te Waka Angamua, oversight by the council chief executive’s leadership group on Māori transformational initiatives, a monitoring and reporting framework and the Treaty of Waitangi elements of the Internal Audit department work programme.

Attachments

No.	Title	Page
a ⇩	Snapshot Top Risk Register - July 2017	99
b ⇩	Auckland Council Top Risk Report July 2017	101
c ⇩	Risk and Insurance Team - summary of key objectives and initiatives 2017/2018	121
d ⇩	Summary of Auckland Council Group Insurance Placements Effective 30 June 2017 - Confidential

Signatories

Authors

Selvan Naidoo - Senior Risk Advisor

Emma Mosely – Strategic Advisor, Risk & Compliance

Authorisers

Cecilia Tse - Head of Risk

James Hassall - Director Legal and Risk (Acting)

Phil Wilson - Governance Director

Audit and Risk Committee

19 July 2017

Exclusion of the Public: Local Government Official Information and Meetings Act 1987

That the Audit and Risk Committee:

a) exclude the public from the following part(s) of the proceedings of this meeting.

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution follows.

This resolution is made in reliance on section 48(1)(a) of the Local Government Official Information and Meetings Act 1987 and the particular interest or interests protected by section 6 or section 7 of that Act which would be prejudiced by the holding of the whole or relevant part of the proceedings of the meeting in public, as follows:

13 Update on risk management and insurance activities - Attachment d - Summary of Auckland Council Group Insurance Placements Effective 30 June 2017

Reason for passing this resolution in relation to each matter

Particular interest(s) protected (where applicable)

Ground(s) under section 48(1) for the passing of this resolution