Agenda of Audit and Risk Committee

Terms of Reference

Purpose

The purpose of the Audit and Risk Committee is to assist and advise the Governing Body in discharging its responsibility and ownership of governance, risk management, and internal control.

The committee will review the effectiveness of the following aspects of governance, risk management and internal control:

· enterprise risk management (ERM) across the Auckland Council group

· internal and external audit and assurance

· integrity and investigations

· monitoring of compliance with laws and regulations

· significant projects and programmes of work focussing on the appropriate management of risk

· oversight of preparation of the LTP, Annual Report, and other external financial reports required by statute.

The scope of the committee includes the oversight of risk management and assurance across council’s CCOs with respect to risk that is significant to the Auckland Council group.

To perform his or her role effectively, each committee member must develop and maintain his or her skills and knowledge, including an understanding of the committee’s responsibilities, and of the council’s business, operations and risks.

Decision-Making Powers

The committee has no decision making powers.

The committee may request expert advice through the chief executive where necessary.

The committee may make recommendations to the Governing Body and / or chief executive.

Tenure

External members will be appointed for an initial period not exceeding three years, after which they will be eligible for extension or re-appointment, after a formal review of their performance, and have not already served two terms on the committee. Councillors appointed to the committee will automatically cease to hold office at the time of the local authority triennial elections. They may be eligible for re-appointment post those elections if they are returned to office and have not already served two terms on the committee.

The chief executive, and the senior management team members will not be members of the committee.

The members, taken collectively, will have a broad range of skills and experience relevant to the operations of the council. At least one member of the committee should have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

Committee’s responsibilities

The committee’s responsibilities are detailed below.

Forward Work Programme

The committee will agree and approve annually a forward work programme – which will consist of in depth briefings and reviews of specific significant risks and assurance strategies, as contained in the ERM “Top Risks” or Auckland Council’s work plan.

Risk management

· Review, approve and monitor the implementation of the ERM policy, framework and strategy (including risks pertaining to CCOs that are significant to the Auckland Council group).

· Review and approve the council’s “risk appetite” statement.

· Review the effectiveness of risk management and internal control systems including all material financial, operational, compliance and other material controls. This includes legislative compliance (including Health and Safety), significant projects and programmes of work, and significant procurement.

Review risk management reports identifying new and / or emerging risks, and any subsequent changes to the ERM “Top Risk” register.

Internal Audit

· Review annually the Internal Audit Charter – which confirms the authority, independence and scope of the function.

· Review and approve annually and monitor the implementation of the 3 year Internal Audit Strategy and 12 month detailed Internal Audit Plan.

· Review the co-ordination between the risk and internal audit functions – including the integration of the council’s ERM risk profile with the Internal Audit programme. This includes assurance over all material financial, operational, compliance and other material controls. This includes legislative compliance (including Health and Safety), significant projects and programmes of work, and significant procurement.

· Review the reports of the Internal Audit functions dealing with findings, conclusions and recommendations (including assurance over risks pertaining to CCOs that are significant to the Auckland Council group)

Review and monitor management’s responsiveness to the findings and recommendations – enquiring into the reasons that any recommendation is not acted upon.

Fraud and Integrity

· Review and approve annually, and monitor the implementation of, the Fraud and Integrity Strategy, including detailed work programme.

· Review annually the whistleblowing procedures and ensure that arrangements are in place by which staff, may, in confidence, raise concerns about possible improprieties in matters of financial reporting, financial control or any other matters, and that there is proportionate and independent investigation of such matters and appropriate follow-up action.

· Review the procedures in relation to the prevention, detection, reporting and investigation of bribery and fraud.

· Review and monitor policy and process to manage conflicts of interest amongst elected members, local board members, management, staff, consultants and contractors.

Review reports from the Risk, Internal Audit, Integrity and Investigations, external audit and management related to whistle blower, ethics, bribery and fraud related incidents.

Statutory Reporting

Review and monitor the integrity of the interim and annual report including statutory financial statements and any other formal announcements relating to the council’s financial performance, focussing particularly on:

· compliance with, and the appropriate application of, relevant accounting policies, practices and accounting standards

· compliance with applicable legal requirements relevant to statutory reporting

· the consistency of application of accounting policies, across reporting periods, and the Auckland Council group

· changes to accounting policies and practices that may affect the way that accounts are presented

· any decisions involving significant judgement, estimation or uncertainty

· the extent to which financial statements are affected by any unusual transactions and the manner in which they are disclosed

· the disclosure of contingent liabilities and contingent assets

· the clarity of disclosures generally

· the basis for the adoption of the going concern assumption

significant adjustments resulting from the audit.

External Audit

· Discuss with the external auditor before the audit commences:

· the nature and scope of the external audit

· areas of audit focus

· error and materiality levels.

· Review with the external auditors representations required by elected members and senior management, including representations as to the fraud and integrity control environment.

· Review the external auditors management letter and management responses, and inquire into reasons for any recommendations not acted upon.

Where required, the chair may ask a senior representative of the Office of the Auditor General to attend the committee meetings to discuss the office’s plans, findings and other matters of mutual interest.

Interaction with Council Controlled Organisations

Other committees dealing with CCO matters may refer matters to the Audit and Risk Committee for review and advice.

This committee will enquire to ensure adequate processes at a governance level exist to identify and manage risks within a CCO. Where an identified risk may impact on Auckland Council or the wider group, the committee will also ensure that all affected entities are aware of and appropriately managing the risk.

The Head of Risk and Head of Internal Audit are responsible for the provision of quality risk, assurance, insurance and ethics and integrity services for all CCOs except Auckland Transport and Watercare (with the exception of insurance services which are provided to Auckland Transport). Auckland Transport and Watercare have their own risk and assurance functions. The Head of Risk and Head of Internal Audit are responsible for monitoring CCO risk and internal audit strategies with respect to risks that are significant to the Auckland Council group.

Annual Report on the work of the committee

The chair of the committee will submit a written review of the performance of the committee to the chief executive on an annual basis. The review will summarise the activities of the committee and how it has contributed to the council’s governance and strategic objectives. The chief executive will place the report on the next available agenda of the governing body.

Exclusion of the public – who needs to leave the meeting

Members of the public

All members of the public must leave the meeting when the public are excluded unless a resolution is passed permitting a person to remain because their knowledge will assist the meeting.

Those who are not members of the public

General principles

· Access to confidential information is managed on a “need to know” basis where access to the information is required in order for a person to perform their role.

· Those who are not members of the meeting (see list below) must leave unless it is necessary for them to remain and hear the debate in order to perform their role.

· Those who need to be present for one confidential item can remain only for that item and must leave the room for any other confidential items.

· In any case of doubt, the ruling of the chairperson is final.

Members of the meeting

· The members of the meeting remain (all Governing Body members if the meeting is a Governing Body meeting; all members of the committee if the meeting is a committee meeting).

· However, standing orders require that a councillor who has a pecuniary conflict of interest leave the room.

· All councillors have the right to attend any meeting of a committee and councillors who are not members of a committee may remain, subject to any limitations in standing orders.

Independent Māori Statutory Board

· Members of the Independent Māori Statutory Board who are appointed members of the committee remain.

· Independent Māori Statutory Board members and staff remain if this is necessary in order for them to perform their role.

Staff

· All staff supporting the meeting (administrative, senior management) remain.

· Other staff who need to because of their role may remain.

Local Board members

· Local Board members who need to hear the matter being discussed in order to perform their role may remain. This will usually be if the matter affects, or is relevant to, a particular Local Board area.

Council Controlled Organisations

· Representatives of a Council Controlled Organisation can remain only if required to for discussion of a matter relevant to the Council Controlled Organisation.

Audit and Risk Committee

12 September 2019

ITEM TABLE OF CONTENTS PAGE

1 Apologies 11

2 Declaration of Interest 11

3 Confirmation of Minutes 11

4 Petitions 11

5 Public Input 11

6 Local Board Input 11

7 Extraordinary Business 12

8 Audit and Risk Committee Work Programme 13

9 Preparation of the draft Auckand Council Annual Report 2018/2019 and the draft Auckland Council Summary Annual Report 2018/2019 19

10 Quarterly Risk Update - September 2019 25

11 Health, Safety and Wellbeing Update - September 2019 45

12 Update on management of fire risks in parks and reserves 57

13 Update on City Rail Link: programme governance, project status and management of risk 61

14 Consideration of Extraordinary Items

PUBLIC EXCLUDED

15 Procedural Motion to Exclude the Public 63

C1 Council-controlled organisations' financial and quarterly risk updates 63

C2 Draft Auckland Council Annual Report 2018/2019 and draft Auckland Council Summary Annual Report 2018/2019 64

C3 Office of the Auditor-General and Audit New Zealand briefing 64

C4 Legal Risk Report 64

C5 Assurance Services Update 65

1 Apologies

An apology from Mayor P Goff has been received.

2 Declaration of Interest

Members are reminded of the need to be vigilant to stand aside from decision making when a conflict arises between their role as a member and any private or other external interest they might have.

3 Confirmation of Minutes

That the Audit and Risk Committee:

a) confirm the ordinary minutes of its meeting, held on Tuesday, 27 August 2019, including the confidential section, as a true and correct record.

4 Petitions

At the close of the agenda no requests to present petitions had been received.

5 Public Input

Standing Order 7.7 provides for Public Input. Applications to speak must be made to the Governance Advisor, in writing, no later than one (1) clear working day prior to the meeting and must include the subject matter. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders. A maximum of thirty (30) minutes is allocated to the period for public input with five (5) minutes speaking time for each speaker.

At the close of the agenda no requests for public input had been received.

6 Local Board Input

Standing Order 6.2 provides for Local Board Input. The Chairperson (or nominee of that Chairperson) is entitled to speak for up to five (5) minutes during this time. The Chairperson of the Local Board (or nominee of that Chairperson) shall wherever practical, give one (1) day’s notice of their wish to speak. The meeting Chairperson has the discretion to decline any application that does not meet the requirements of Standing Orders.

This right is in addition to the right under Standing Order 6.1 to speak to matters on the agenda.

At the close of the agenda no requests for local board input had been received.

7 Extraordinary Business

Section 46A(7) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“An item that is not on the agenda for a meeting may be dealt with at that meeting if-

(a) The local authority by resolution so decides; and

(b) The presiding member explains at the meeting, at a time when it is open to the public,-

(i) The reason why the item is not on the agenda; and

(ii) The reason why the discussion of the item cannot be delayed until a subsequent meeting.”

Section 46A(7A) of the Local Government Official Information and Meetings Act 1987 (as amended) states:

“Where an item is not on the agenda for a meeting,-

(a) That item may be discussed at that meeting if-

(i) That item is a minor matter relating to the general business of the local authority; and

(ii) the presiding member explains at the beginning of the meeting, at a time when it is open to the public, that the item will be discussed at the meeting; but

(b) no resolution, decision or recommendation may be made in respect of that item except to refer that item to a subsequent meeting of the local authority for further discussion.”

No.	Title	Page
a ⇩	Audit and Risk Committee Workprogramme September 2019 update	15

Audit and Risk Committee

12 September 2019

Preparation of the draft Auckand Council Annual Report 2018/2019 and the draft Auckland Council Summary Annual Report 2018/2019

File No.: CP2019/16874

Te take mō te pūrongo

Purpose of the report

1. To inform the Audit and Risk Committee of the process followed to prepare the Auckland Council Annual Report 2018/2019 and the Auckland Council Summary Annual Report 2018/2019

Whakarāpopototanga matua

Executive summary

2. The Governing Body, at their meeting on 26 September 2019, will be asked to adopt the Auckland Council Annual Report 2018/2019 and the Auckland Council Summary Annual Report 2018/2019. Preparing and publishing these annual reports is a legislative requirement.

3. The annual reports, covering the 12 months to 30 June 2019, have been prepared by council staff and audited by Audit New Zealand on behalf of the Deputy Auditor-General. The annual reports compare and comment on the performance of Auckland Council and the Auckland Council Group against the budgets and performance targets set in year one of the amended 10-year Budget 2018-2028.

4. The Deputy Auditor-General will attend this meeting to comment, during the confidential part of the meeting, on the:

· audit process

· draft proposed audit opinion, including commentary on the key audit matters

· status of the Auckland Council Annual Report 2018/2019 and the Auckland Council Summary Annual Report 2018/2019.

5. There are no significant outstanding audit or process issues relating to the annual reports.

Ngā tūtohunga

Recommendation/s

That the Audit and Risk Committee:

a) note that there are no significant outstanding issues relating to the audit and process for the preparation of the Auckland Council Annual Report 2018/2019 and the Auckland Council Summary Annual Report 2018/2019

b) note the draft Auckland Council Annual Report 2018/2019 and the draft Auckland Council Summary Annual Report 2018/2019 will be discussed later in this meeting in confidence.

Horopaki

Context

6. The Audit and Risk Committee reviews the quality of the annual reports and the processes followed to prepare them.

7. The Audit and Risk Committee liaises with Audit New Zealand to ensure a robust financial audit of the Auckland Council Group.

8. The Finance and Performance Committee reviews the financial and operational performance of the Auckland Council Group.

9. This report, together with comments from the Deputy Auditor-General at this meeting and the report from Audit New Zealand, assists the Audit and Risk Committee to fulfil its duty as noted above.

10. Audit New Zealand will report on any matters arising from their audit of the annual reports in their final management report.

Tātaritanga me ngā tohutohu

Analysis and advice

Draft Annual Report 2018/2019 Volume 1: Overview and Service Performance

11. Volume 1 provides an overview of the financial and non-financial performance of the Auckland Council Group.

12. It reports the revenue and expenditure for each group of activities in the Auckland Council Group within funding impact statements. The format of the funding impact statements is prescribed by the Local Government Act 2002. The regulations require us to compare actual performance against the most recently published plan at balance date; being the amended 10-year Budget 2018-2028.

13. For each of the activities delivered by the group, the amended 10-year Budget 2018-2028 includes the levels of service statements and associated performance measures.

Draft Annual Report 2018/2019 Volume 2: Local Boards

14. Auckland Council has a legislative requirement to report each local board’s service performance results and their funding impact statements. Local board reporting is measured against both the first year of the amended 10-year Budget 2018-2028 and the Annual Plan 2017/2018.

15. The draft local board reports have been presented to each local board for their review and their feedback has been incorporated where appropriate.

Draft Annual Report 2018/2019 Volume 3: Financial Statements

16. Volume 3 includes the Auckland Council and Auckland Council Group’s statutory financial statements. This year we have also included the group’s consolidated funding impact statement which was previously included in volume 1. This brings all the detailed consolidated information into volume 3.

17. At the meeting on 5 June 2019, the Audit and Risk Committee approved the proforma financial statements, subject to any updates identified during the year end close and audit process.

18. The financial statements also contain disclosures required by financial reporting standards, Local Government (Financial Reporting and Prudence) Regulations 2014 and the Local Government Act 2002.

19. A full disclosure checklist has been completed and will be available for inspection during the confidential part of this meeting.

Draft Summary Annual Report 2018/2019

20. The Auckland Council Summary Annual Report 2018/2019 is an abridged version of the three annual report volumes and provides highlights, performance information and information about the Auckland Council Group, including governance, community engagement and the group’s commitment to sustainability.

Ngā whakaaweawe me ngā tirohanga a te rōpū Kaunihera

Council group impacts and views

21. The draft Auckland Council Annual Report 2018/2019 reflects the results of the group for the year ended 30 June 2019. The council-controlled organisations are involved in the preparation of this information.

Ngā whakaaweawe ā-rohe me ngā tirohanga a te poari ā-rohe

Local impacts and local board views

22. The draft Auckland Council Annual Report 2018/2019 Volume 2: Local Boards, includes a section featuring the achievements in each local board area. Local boards were engaged to collect and review this information and each chair has prepared a message which is included in their respective report.

Tauākī whakaaweawe Māori

Māori impact statement

23. The draft Auckland Council Annual Report 2018/2019 covers all aspects of the group’s governance and public accountability. The draft report and summary report include commentary on the group’s contribution to outcomes for Māori, the role of the Independent Māori Statutory Board and the council’s Te Waka Angamua - Māori Strategy and Relations Department.

Ngā ritenga ā-pūtea

Financial implications

24. There are no financial implications directly arising from the information contained in the report as no financial decision is sought.

Ngā raru tūpono me ngā whakamaurutanga

Risks and mitigations

Risk of error, omission or non-compliance in preparation of annual report and summary annual report

25. There is a risk that errors or non-compliance with legislation and accounting standards could occur in the preparation of the annual report and summary annual report. To mitigate this risk, quality assurance reviews were performed on the consolidated results and commentary and the year-end reports. The reviews focused on accuracy, completeness and reasonableness of disclosures, legislative compliance and adherence to Auckland Council communications standards.

26. There is also a risk that the annual report or summary annual report presents a biased view of the performance of the Auckland Council Group. Trust lens reviewers are used to review these reports to ensure that we are telling a fair and balanced story, that good news stories are truthful and accurate and the poor performance stories are honest and transparent. They review the overall story for consistency through all volumes.

Compliance reviews

27. Auckland Council legal services review the annual report and summary annual report for compliance with local government legislation.

28. Mayne Wetherell reviews volume 3 of the annual report as well as the summary annual report for compliance with New Zealand Stock Exchange listing rules, and compliance with Financial Reporting Act 2013 and the Financial Markets Conduct Act 2013.

Reviews of accuracy, completeness and fairness

29. A number of reviews of the annual reports take place by people with differing levels and areas of involvement in financial reporting. A summary of the reviews is as follows:

Reviewer	Volume 1	Volume 2	Volume 3	Summary Annual Report
Group chief financial officer	ü	ü	ü	ü
General manager corporate finance and property	ü	ü	ü	ü
Treasurer and General manager financial transactions			ü
General manager financial strategy and planning	ü	ü	ü	ü
Group financial controller	ü	ü	ü	ü
Manager corporate and local board performance	ü	ü		ü
Manager group accounting and reporting	ü	ü	ü	ü
Manager financial strategy	ü	ü	ü	ü
Senior group reporting technical accountant	ü	ü	ü	ü
Financial compliance manager	ü	ü	ü	ü
Trust lens reviewers	ü	ü	ü	ü
Legal services	ü	ü	ü	ü
Mayne Wetherell			ü	ü

30. In addition to these reviews, the council’s Financial Control unit completes a detailed reporting checklist to ensure all reporting and disclosure requirements have been met. The group financial controller will have an annual report checklist and sign-off document available, providing assurance that reporting and disclosure requirements have been complied with.

31. Two trust lens reviewers provided feedback on the financial statements. Both reviewers are not within Auckland Council’s Finance Division, and neither were involved in the preparation of the annual report or summary annual report.

32. All the quality assurance reviewers who perform reviews from a financial perspective are Chartered Accountant or Chartered Financial Analyst qualified and have the appropriate technical accounting skills and knowledge.

Disclosures from council-controlled organisations and Ports of Auckland Limited

33. There is a risk that significant matters that affect the financial performance, financial position or cash flows of council-controlled organisations or Ports of Auckland Limited may not be adequately disclosed.

34. To mitigate this risk, each council-controlled organisation provides an audited financial reporting pack, based on a standardised pack issued by Auckland Council’s Financial Control unit. This audited financial information is consolidated to form the Auckland Council Group financial statements.

35. The group financial controller obtains short and long-form representation letters from the respective CFO/CEOs and Audit Committee chairs/boards which cover the completeness, accuracy and adequacy of disclosures provided in their financial reporting packs. In addition, the group financial controller will obtain updates from the respective CFOs just prior to the Governing Body meeting at which the annual report is adopted, to ensure nothing else has arisen since the representation letters were signed that could materially affect their financial reporting disclosures.

Delay in Audit New Zealand’s final clearance

36. There is a risk of delay in Audit New Zealand’s final clearance due to unresolved technical matters.

37. The Financial Control unit has been working with Audit New Zealand to address technical issues early, however some matters cannot be cleared by Audit New Zealand until they have audited the relevant information subsequent to year end.

Ngā koringa ā-muri

Next steps

38. The Audit and Risk Committee will discuss the draft Auckland Council Group Annual Report 2018/2019 and the Summary Annual Report 2018/2019 in confidence, after which it will recommend the annual reports’ adoption to the Governing Body. The committee will then have completed its responsibilities for the annual reports.

Ngā tāpirihanga

Attachments

There are no attachments for this report.

Ngā kaihaina

Signatories

Authors

Tracy Gers - Group Accounting & Reporting Manager

Francis Caetano - Group Financial Controller

Authorisers

Kevin Ramsay - General Manager Corporate Finance and Property

Matthew Walker - Group Chief Financial Officer

Phil Wilson - Governance Director

Audit and Risk Committee

12 September 2019

Quarterly Risk Update - August 2019

File No.: CP2019/15873

Te take mō te pūrongo

Purpose of the report

1. The report updates the Audit and Risk Committee on risk management activities at Auckland Council for the period from June 2019 to August 2019.

Whakarāpopototanga matua

Executive summary

2. The quarterly review of the council’s top risks register was completed in August 2019. The register has 11 top risks, of which there are seven ‘high’ and four ‘moderate’ rated risks.

3. The ‘climate change mitigation and adaptation – part 1 risk deep dive’ was completed in May 2019. The second part of this ‘deep dive’ will begin in October 2019 working in conjunction with the council-controlled organisations. Planning for the ‘service delivery’ risk deep dive is underway, with the terms of reference and scope to be finalised in October 2019.

4. The implementation of our revised Enterprise Risk Management Framework which encompasses council’s refreshed risk matrix is underway along with ongoing embedding and continuous improvement activities.

5. For the 36th America’s Cup (AC36) programme, the overall risk profile is stable and rated as ‘green’. The project interdependencies continue to be identified, with a view to improve clarity and certainty in the development of effective risk mitigations. The programme risk register at 28 August 2019, is made up of 26 risks, of which five are rated high and 21 are rated medium – after controls have been put in place. All risks continue to be actively managed by the project owners.

Ngā tūtohunga

Recommendation/s

That the Audit and Risk Committee:

a) receive the Quarterly Risk Update report

b) note the update of the risk management work that has been performed by the enterprise risk team

c) note the update of the 36^th America’s Cup (AC36) Programme.

Horopaki

Context

6. The report provides an update on risk activities for Auckland Council to enable the committee to fulfil their governance and oversight role in relation to effective enterprise risk management.

Tātaritanga me ngā tohutohu

Analysis and advice

Top risks review

7. Council’s top risks are reviewed on an annual and quarterly basis with the Executive Leadership Team and internal subject matter experts to continually validate and update the risk descriptions, causes, mitigations and risk assessments.

8. The objectives of the quarterly top risks review are to:

· confirm current risks identified, assessments and ownership

· identify any new or emerging risks that pose a legitimate threat to the achievement of council’s strategic objectives in the next 12 months

· ensure council’s material risks, together with related controls, are well documented to enable effective risk oversight by council management staff, the Audit and Risk Committee and the Governing Body.

9. The top risks register has 11 top risks, of which there are seven rated as high and four moderate – after controls have been put in place. There has been a change in the residual rating for one top risk, being ‘climate change mitigation and adaptation’. This risk rating changed from moderate to high in July 2019 following an extensive review of the risk rating, subsequent discussions with the Executive Leadership Team of council, Environment and Community Committee, Audit and Risk Committee and Governing Body.

10. The June to August 2019 review did not result in any new risks being added or further rating changes, however minor changes were made to certain risk drivers, controls and mitigations as these are constantly reviewed. Risk ownership has also been amended to reflect portfolio changes within the executive leadership team.

11. The current top risks register along with a residual risk heat map has been included within this report as Attachment A.

Risk Deep Dives

12. Top risks are subject to ‘deep dives’ on a rotational basis (as reflected in this committee’s forward work programme) to provide assurance to council’s Executive Leadership Team and the Audit and Risk Committee that the risks are being effectively managed and controls are operating as intended.

13. Planning for the ‘service delivery’ risk deep dive in currently underway. The finalised scope and terms of reference will be presented to the Executive Leadership Team in October 2019 and we expect to report the outcome to this committee at the December 2019 meeting.

14. The second phase of the ‘climate change mitigation and adaptation’ risk deep dive will commence in October 2019. In this phase, the enterprise risk team will work with the council-controlled organisations to review their activities in relation to their mitigation and adaptation to climate change. This phase and key timeframes are currently being planned.

15. To date, four risk deep dives have been completed:

Risk Deep Dive	Date Completed
Cyber security	July 2018
Fit for purpose community assets	October 2018
Climate change – Part 1	May 2019
Crown reforms	June 2019

16. For each of the deep dives, there were a number of recommendations outlined. These recommendations are currently being followed up with the risk owners and their teams with ongoing monitoring and assurance provided.

Enterprise Risk Management Framework

17. Council’s risk management framework was last formally reviewed in 2017. The framework is a living document and is subject to regular reviews and updates to ensure it continues to be fit for purpose.

18. The Enterprise Risk team has reviewed a key aspect of the framework – the risk matrix, considering recent changes to the risk management standards in ISO31000:2018 and a refresh of council’s strategy in 2019. Under the refreshed strategy, the focus areas are customer and community group experience, delivering for Auckland and employee experience.

19. Through receiving input from subject matter experts across the council and to ensure alignment with the council’s refreshed strategy, several changes were made to the risk matrix. These are outlined below and are consistent with council’s approach of simplification and align with the refocused objectives to 2022.

· New risk categories: the risk categories provide guidance on the range of potential risks that staff must consider in their day-to-day operations which may impact on the council achieving its objectives. The categories have been reduced from 19 to 12, reflecting a consolidation of similar category types and removing any that are more accurately regarded as impact.

· Changing the types of impact: minor changes were made to the types of impact on the 5x5 matrix, so that they are aligned with the council’s refreshed strategy.

· Likelihood tables: as a result of feedback from users, these have now been simplified to reflect likelihood in terms of probability in percentages.

· Impact levels: changes were made to the impact levels (i.e. moving between minor, moderate, major etc.) where clarity was made to reflect more acceptable thresholds for our organisation. The areas most impacted are programme delivery, employee engagement and budgets.

20. The changes are being communicated and rolled out to business units, starting with application in projects and programme risks.

Enterprise Risk Management Strategy and Plan

21. The Enterprise Risk Team is making good progress against the existing 3-year Enterprise Risk Management Strategy and Plan. The team will be developing a new strategy and plan over the next quarter and will bring this to the committee for endorsement in early 2020. Insight and feedback from the committee at today’s meeting will inform part of the planning and development process.

22. The expectation is that a key area of focus will be in building resilience. For example, in the context of crisis management and business continuity, Auckland Emergency Management and security risk oversight.

23. To ensure improved alignment of the upcoming Enterprise Risk Management Strategy with other lines of defence functions, the Risk and Assurance departments, together with other assurance functions at the council will work closely to achieve shared outcomes.

Quality Advice Programme – risk workshops

24. The third and final risk workshop for staff took place on 21 August 2019 as part of the council’s ongoing Quality Advice Programme.

25. These workshops were to provide guidance to authors of council reports who advise on risks and mitigations to decision makers. In total the enterprise risk team have provided training to over 40 staff under this programme from various areas of expertise.

26. Further risk capability workshops and training for the organisation is planned as part of our upcoming strategy 2021– 2023.

Risk management tool

27. The Enterprise Risk Team are exploring opportunities for an online risk management tool to improve capturing quality reporting of risk data across all business units and teams. Initial discussions and demonstrations are currently underway.

28. The 36^th America’s Cup programme has recently implemented a new risk management platform, ‘Active Risk Manager’, which has been successfully rolled out across the programme and has provided the Enterprise Risk Team with valuable insight into the platform and its functionality.

36th America’s Cup (AC36) Programme update

29. The risk workstream for the AC36 programme is being led by Auckland Council and forms part of the Programme Management Office (PMO) which provides leadership, guidance and oversight for the risk management activities across the programme.

30. AC36 project and workstream leaders are required to maintain project and workstream risk registers. Monthly, the risk lead team works with the project leads to update risk registers and review and challenge the rationality of risks assessments and effectiveness of mitigations.

31. High and extreme risks (after controls have been put in place) and any other escalated topical risks, are reported to Joint Chief Executive Steering Group comprising of Auckland Council Group; Ministry of Business Innovation and Employment (on behalf of the Crown); America’s Cup Event Limited; New Zealand Police; State Services Commission and Mana Whenua.

32. The council’s Chief Risk Officer chairs the Risk Advisory Group which supports the Joint Chief Executive Group on risk management, with a focus on management of Inter-agency risks of the programme. There have been two meetings of the Risk Advisory Group to date and these continue on a monthly basis.

33. The overall AC36 programme risk profile is stable and rated as ‘green’. The programme risk register at 28 August 2019, comprises of 26 risks, of which, 5 are rated ‘high’ and 21 are rated ‘medium’ – all after controls have been put in place. All risks continue to be actively managed by the project owners.

34. The key project risks and issues currently identified and being managed include:

· delays in the development of the Events project plan by America’s Cup Event Limited

· challenges in implementation of the host venue agreement to ensure obligations of all parties under the agreement are met

· insufficient programme funding and resources.

Ngā whakaaweawe me ngā tirohanga a te rōpū Kaunihera

Council group impacts and views

35. The Enterprise Risk Team continue to work closely with council-controlled organisations about their top risks and reporting these to the Auckland Council Group. Separately, council-controlled organisations provide individual risk update reports on a quarterly basis and there is regular interaction with the risk practitioners from the council-controlled organisations.

36. In the context of the council, risk and control owners across council have been consulted to complete the risk registers including validation of risk descriptions, causes and mitigations.

Ngā whakaaweawe ā-rohe me ngā tirohanga a te poari ā-rohe

Local impacts and local board views

37. No specific consultation has been undertaken with local boards for this report. Risk management activities will have benefit for local board activities.

Tauākī whakaaweawe Māori

Māori impact statement

38. Given the specific legislative responsibilities to Māori and Te Tiriti o Waitangi (Treaty of Waitangi) across many of council functions, there may be some incidental impact to Māori by the risks council faces. Whilst no specific consultation has been undertaken with Māori for this report, the risk management activities will have benefit for the council’s Māori Responsiveness activities.

Ngā ritenga ā-pūtea

Financial implications

39. There are no financial implications directly arising from this information report.

Ngā raru tūpono me ngā whakamaurutanga

Risks and mitigations

40. This information report relates to various risk matters which are summarised throughout this document.

Ngā koringa ā-muri

Next steps

41. The next quarterly risk update report will be provided to the committee early in the new political term.

Ngā tāpirihanga

Attachments

No.	Title	Page
a ⇩	Auckland Council Top Risks Register (including Residual Risk Heat Map) as at 30 August 2019	31

Ngā kaihaina

Signatories

Author

Tama Rawhiti - Senior Risk Advisor

Authorisers

Cecilia Tse - Chief Risk Officer

Dani Gardiner - General Counsel

Phil Wilson - Governance Director

Audit and Risk Committee

12 September 2019

Health, Safety and Wellbeing Update - September 2019

File No.: CP2019/16241

Te take mō te pūrongo

Purpose of the report

1. To update the committee on Auckland Council’s health and safety performance between June and August 2019.

Whakarāpopototanga matua

Executive summary

2. Auckland Council’s strategic health and safety vision is ‘to become a leading organisation for health and safety by 2020’. Good progress is being made against the strategy.

3. Auckland Councils aggregated Safe365 (Health and Safety capability) score increased to 58 per cent for the period to August 2019 and at the time of writing this report has reached 60 per cent which was the June 2019 target. As per our strategy we are now aiming towards 75 per cent by end of June 2020.

Ngā tūtohunga

Recommendation/s

That the Audit and Risk Committee:

a) refer this report to the Governing Body and draw the attention of elected members to their duties under the Health and Safety at Work Act 2015

b) note that this report will be provided to all local boards for their information.

Horopaki

Context

4. Under the Health and Safety at Work Act 2015 all elected members are deemed officers and must exercise a duty of due diligence in relation to health and safety. These quarterly reports provide information to assist elected members to carry out that role.

Tātaritanga me ngā tohutohu

Analysis and advice

5. The key metrics considered from a health and safety perspective are:

· Safe365 health and safety capability indicator (lead indicator)

· people leaders trained in their health, safety and wellbeing responsibilities (lead indicator)

· new starters - health, safety and wellbeing inductions

· critical risk reporting and assurance audits

· reporting index.

6. These can be seen in the dashboard provided in Attachment A.

Ngā whakaaweawe me ngā tirohanga a te rōpū Kaunihera

Council group impacts and views

7. The Safe365 indicator provides a holistic view of performance across the council by measuring performance across the highest risk areas and then aggregating it. The council’s score over the period to August 2019 increased by 6 per cent to 58 percent, and at the time of writing this report has reached 60 per cent. Sixty per cent is deemed an indicator of being in overall compliance.

Chart 1 – Safe365 Starburst – Auckland Council Aggregate

Safe 365 Key: 1. Director knowledge, 2. Management knowledge, 3. Worker / Contractor knowledge, 4. Health and safety management system, 5. Verification and audit activities, 6. Emergency preparedness, 7. Health and safety data collection, 8. Management reporting, 9. Worker/Contractor engagement, 10. Culture and behaviours.

8. The ‘Lost Time Injury Frequency Rate’ measures the number of lost time injuries per one million hours worked. In 2015, council set an aspirational target for the Lost Time Injury Frequency Rate of <2.25. Despite maintaining a successful performance during most of 2018 we have seen an increase above our set target. This has remained static for the last quarter at 2.68. We are moving away from this lag indicator as a measure of safety performance.

9. We have a new health and safety dashboard comprised of various new metrics that are more ‘lead’ focussed provided in Attachment A.

Chart 2: Security incidents for the period June-August 2019

10. Violence remain council’s number one risk.

· The top three security incidents for this quarter were theft/dishonesty, threatening or abusive communication, and anti-social behaviour of our customers towards our staff members.

· There were 53 incidents of threatening, or abusive communication directed towards our customer facing staff members. Many of these incidents occur within leisure centres and at service centres, 33 of these occurred at our libraries.

· Our staff members were subject to eleven incidents of assault/violence cases this quarter. These incidents occurred at libraries, service centres and council offices.

Due diligence duties

11. The Executive Leadership Team commenced its safety walk rounds in August 2019. The first site visited was Manukau where the Regulatory Service department, customer service call centre and the Southern Initiative were visited.

12. As ‘officers’ (under the Act) elected members have the duties set out in the table below. This also shows measures underway to support those duties.

Duty	Support provided
Duty 1 - Acquire and keep up to date with health and safety knowledge and matters	Health and safety training for designated ‘officers’ Health and safety training has been ongoing to ensure elected members and senior management are well informed and up to date on health and safety matters. Planning is now taking place for the upcoming elections and the upcoming induction training for any new elected members. The Kura Kawana (elected member development) programme is now refocussing on more practical skills for elected members and will be including a tour of facilities. Induction A new process has been introduced for new council executives to receive a bespoke health and safety induction, covering their departmental risk profile, their critical risks and establishing expectations for our senior leaders on health and safety. Third Party Administrator The Corporate HSW team is making good progress on joining the implementation of the Third-Party Administrator programme. An audit will be taking place 18-20 September by ACC to decide whether we can enter the Accredited employer programme.
Duty 2 - Understand council’s operations and associated hazards/risks	Site visits A health and safety site visit plan for the chief executive, executive lead team members and elected members is in place. This was recently bolstered with the Executive Leadership Team committing to carrying out monthly visits to local sites to better understand local health, safety and wellbeing issues. Health Safety and Wellbeing committee The executive lead team operates as the Health Safety and Wellbeing Committee which creates better visibility and understanding of council operations and the health and safety risks in their parts of the organisation. These have been taking place quarterly.
Duty 3 - Ensure the council has appropriate resourcing and processes to eliminate/minimise risks	Corporate training programme A key focus of the current strategy is to build capability within the organisation and to prioritise high risk business areas. A corporate training programme has now been agreed mandating all people leaders to complete a one day ‘Managing Safely’ course. This course has been developed from the Institute of Occupational Safety and Health’s own Managing Safely course, a well-respected and known international standard. We are currently reviewing this training with a view to add more applicable skills like Risk Assessment and Incident investigation. This metric is tracked within our new dashboard as a Key Performance Indicator. Currently we are 31.5 per cent and are looking to lift this to 75 per cent.
Duty 4 - Ensure the council has appropriate processes for receiving and considering information regarding incidents, hazards and risks and for responding in a timely way to that information	Management framework and reporting A management framework is now in place. It is designed to ensure robust safety governance, processes, guidance and positive behaviours around health and safety. Risk Manager is also working effectively as our reporting tool for unsafe conditions, incidents and near misses. Triage The Corporate team continues to triage incidents. This assures the quality of the data and furthermore tasks ‘reasonably expected’ actions to people leaders in the business as incidents arise in Risk Manager. This helps safeguard the organisation further to ensure incidents are not closed without knowledgeable oversight and that any serious incidents involving critical risk are appropriately investigated either by the local health and safety specialist or by the Corporate team.
Duty 5 - Ensure the council has, and implements, processes for complying with any duty or obligation	Policy statement The chief executive and mayor have signed the Health and Safety Policy Statement, and this has been implemented alongside the new Health and Safety Framework. This must be re-signed following the elections. Our Charter The health and safety section in Our Charter (we look after our safety and wellbeing) is being prepared for application to all council-controlled organisations. A working group has met and agreed the first draft.
Duty 6 -Take reasonable steps to verify the provision and use of resources and processes through reviews and audits	Safety audits Safe365 audits continue to be carried out across the operations division. This has externally verified capability of departments and allowed council to see gaps at the departmental and council divisional levels. Infrastructure and Environmental Services had an outstanding result in its externa verification audit, waste solutions scoring 76 per cent, our highest ‘verified’ score to date. A learnings campaign on this is to follow across enterprise. Assurance framework Assurance audits are now taking place. Once again, our dashboard shows the audits that have taken place in the last quarter.

Ngā whakaaweawe ā-rohe me ngā tirohanga a te poari ā-rohe

Local impacts and local board views

13. Briefings for elected members, including local boards, have now been completed across all areas.

14. This report will be provided to all local boards together with a briefing from staff.

Tauākī whakaaweawe Māori

Māori impact statement

15. Auckland Council staff work with the Independent Māori Statutory Board and the council’s co-governance entities, such as the Tūpuna Maunga Authority, Te Poari o Kaipātiki ki Kaipara, the Ngāti Whātua Ōrākei Reserves Board and Te Motu a Hiaroa (Puketutu Island) Trust to ensure they have information and support to comply with their duties under the legislation.

16. The People and Performance department have integrated Health Safety Wellbeing plans into council’s Māori employment strategy (known as the Mahi Strategy).

Ngā ritenga ā-pūtea

Financial implications

17. There are no financial implications in this report.

18. As reflected in the Corporate Risk Register, non-compliance with Health and Safety Legislation and poor performance in this area can carry substantial fines and impacts to operational costs through incidents and or poor productivity.

Ngā raru tūpono me ngā whakamaurutanga

Risks and mitigations

19. The risk of non-compliance with health and safety is recorded in the council’s top risk register. As set out above, controls are in place to monitor and respond to critical risks through the Risk Manager System.

Ngā koringa ā-muri

Next steps

20. Staff will continue with the implementation of the Health and Safety Strategy, embedding the new Health and Safety Framework, which now includes our Wellbeing Strategy.

Ngā tāpirihanga

Attachments

No.	Title	Page
a ⇩	Health & Safety Dashboard	51

Ngā kaihaina

Signatories

Authors

Oliver Sanandres - Head of Health, Safety and Wellbeing

Authorisers

Patricia Reade - Director People and Performance

Phil Wilson - Governance Director

Audit and Risk Committee

12 September 2019

Update on management of fire risks in parks and reserves

File No.: CP2019/15091

Te take mō te pūrongo

Purpose of the report

1. To provide a briefing to the Audit and Risk Committee on the management of fire risks in the network of council parks and reserves and in the Atkinson Norman Reserve, Green Bay, Auckland.

Whakarāpopototanga matua

Executive summary

2. Following a public input item to the Audit and Risk Committee on 26 February 2019 concerning fire risk in Atkinson Norman Reserve, Green Bay, Auckland, the committee requested information about council’s management of the risk of fire in its network of reserves and parks, and how council’s insurance may respond in the event of fire in a park.

3. The specific issues raised concerning Atkinson Norman Reserve have been investigated by The Community Facilities and Legal Services departments. The operational issues including maintenance and signage have been addressed and responses provided to the member of the public.

4. The likelihood and consequences of the risk of fire in individual parks and open spaces varies depending on the location, use, landscape and vegetation type. Council has a range of mitigations including maintaining fire breaks and closing park areas at night-time. Tailored mitigation measures are employed to provide appropriate and responsive risk management on a case-by-case basis.

5. Fire risk in parks and reserves are managed through the ‘full facilities maintenance’ contracts. Key performance requirements include for vegetation to be maintained to a specific service level through regular mowing and trimming and the monitoring and reporting.

6. Staff are comfortable that the maintenance contracts and the processes for managing the contracts and arrangements with Fire and Emergency New Zealand sufficiently mitigate the risk of fire and fire damage outside of the park boundaries.

7. Ongoing risk and issue management for parks is also informed by feedback from stakeholders including members of the community, local boards and elected members as well as contractors and council staff. When an issue or concern is raised, a request to rectify the problem is raised for the contractors to address.

8. Auckland Council’s insurance programme does not insure land, including any reserves and park land. However, the public liability policy purchased under this programme may respond to any third-party damage believed to have been caused by the council or any of its business activities. The policy’s response will be entirely dependent on the circumstances leading to the event and whether the council can be held legally liable for its actions or inactions.

9. Staff from Community Facilities, Insurance, and the Parks and Places departments will be attending to provide a verbal briefing and answer any questions from the Audit and Risk Committee.

Ngā tūtohunga

Recommendation/s

That the Audit and Risk Committee:

a) note the information contained in this report.

Horopaki

Context

10. On 26 February 2019, a member of the public appeared before the Audit and Risk Committee to bring to the Committee’s attention his concerns about an alleged breach by Auckland Council regarding its duties and obligations in relation to the Deed of Gift of Atkinson Park.

11. Subsequently, the committee asked for further information about council’s management of the risk of fire in its network of reserves and parks, and how this impacts on council insurance. This report provides a response to that request.

Tātaritanga me ngā tohutohu

Analysis and advice

12. Auckland Council manages approximately 4000 parks. Of these, 224 are dedicated sports parks and 800 winter sports fields. There are 27 regional parks.

13. The specific issues raised concerning Atkinson Norman Reserve including fire risk have been considered and responded to by the Community Facilities and Legal Services departments. The operational issues including signage have been addressed and responses provided to the member of the public.

14. Whilst it is not possible to control every area, council does recognise the importance of minimising public nuisance, fire and pest incursion with appropriate measures in the park network.

15. A range of measures are used to mitigate fire risk on Regional Parks including:

· facilities are provided for safe cooking on Regional Parks (electric barbeques)

· Park Ranger’s undertake regular patrol of high-risk areas to ensure visitors are complying with park use requirements

· park development takes into account best practice design principals for fire risk management – this includes using tracks as fire breaks and appropriately locating facilities

· undertaking vegetation management to reduce fire risk to campsites and higher risk areas.

· staff being trained in fire response, who work across the regional park network and regularly liaise with Fire and Emergency New Zealand to understand fire risk throughout the year

· providing information and education to park users on safe park use which includes the lighting of open fires

· we assess risks on an ongoing basis and may impose additional restrictions where fire risk is elevated (park ranger function on regional parks).

16. The Community Facilities department engages contractors to maintain parks and reserves. This includes maintaining the vegetation (e.g. mowing lawns and maintaining trees). Contractors are responsible for ensuring our parks and open spaces are free of any known combustible material and detritus.

17. Natural and built measures are used to protect and act as a buffer between council land and privately-owned property in case of fire. Contract managers are assigned to each contract and there are processes for monthly reporting and checking of service levels are being adequately implemented.

18. Members of the public are encouraged to use council’s email and phone service centre to raise their concerns around risk or public nuisance such as noise. The council is continuously receiving feedback from, and consulting with the community, regarding design parameters and appropriate interventions for risk management. Real-time information is used to determine hotspots, which in turn are managed on a case by case basis.

19. Fire risk is managed and mitigated by ensuring the adoption and full implementation of advice from the Fire and Emergency New Zealand. The fire service manages any fire event and offer feedback and learnings to improve mitigations. Council uses this feedback to ensure a preventative approach to fire risk.

20. Council has an obligation to minimise public nuisances and manages hotspots with a variety of means. This includes locking parks and reserves at night wherever possible, sharing information with New Zealand Police and contractors and responding to noise control complaints.

21. Members of the public are strongly encouraged to contact council and the New Zealand Police if they see something that is causing an immediate risk to the safety of a person, people or property.

22. Between 1 July 2018 and 30 June 2019, the council risk and insurance department received nine claims related to fire and arson in public parks. Public toilets, footbridges and children’s playgrounds were some of the key assets primarily targeted by arsonists. Records do not contain information of any fires in this period that have resulted in damage to private properties from fire.

23. The council’s insurance programme does not insure land and therefore does not insure reserves and park land. However, the public liability policy purchased under this programme may respond to any third-party damage believed to have been caused by the council or any of its business activities. The policy’s response will depend on the circumstances leading to the event and whether the council can be held legally liable for its actions or inactions.

Ngā whakaaweawe me ngā tirohanga a te rōpū Kaunihera

Council group impacts and views

24. This matter relates solely to the council entity and does not impact on the group.

Ngā whakaaweawe ā-rohe me ngā tirohanga a te poari ā-rohe

Local impacts and local board views

25. Local boards do not have a role in decision-making relating to the management of fire risk in parks and reserves.

Tauākī whakaaweawe Māori

Māori impact statement

26. The Auckland Council is a party to various co-governance arrangements with mana whenua over discrete land blocks. In those cases, fire risk management is undertaken independently by those co-governance entities with advice from Fire and Emergency New Zealand.

Ngā ritenga ā-pūtea

Financial implications

27. There are no financial implications arising from this report.

Ngā raru tūpono me ngā whakamaurutanga

Risks and mitigations

28. From discussions with the relevant departments we are comfortable that the risks have been identified and managed. The contract arrangements and park management oversight, arrangements with Fire and Emergency New Zealand and ongoing monitoring and response to the risks and issues are considered adequate at this time.

Ngā koringa ā-muri

Next steps

29. There is no further action resulting from the advice in this report.

Ngā tāpirihanga

Attachments

There are no attachments for this report.

Ngā kaihaina

Signatories

Authors

Emma Mosely – Deputy Head of Assurance Services

Maureen Glassey - Principal Advisor Governance Elected Members

Authoriser

Phil Wilson - Governance Director

Audit and Risk Committee

12 September 2019

Exclusion of the Public: Local Government Official Information and Meetings Act 1987

That the Audit and Risk Committee

a) exclude the public from the following part(s) of the proceedings of this meeting.

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution follows.

This resolution is made in reliance on section 48(1)(a) of the Local Government Official Information and Meetings Act 1987 and the particular interest or interests protected by section 6 or section 7 of that Act which would be prejudiced by the holding of the whole or relevant part of the proceedings of the meeting in public, as follows:

C1 Council-controlled organisations' financial and quarterly risk updates

Reason for passing this resolution in relation to each matter

Particular interest(s) protected (where applicable)

Ground(s) under section 48(1) for the passing of this resolution