Audit and Risk Management Committee

Agenda

 

 

Notice of Meeting:

An ordinary meeting of the Audit and Risk Management Committee will be held on:

 

Date:                                     Tuesday 13 February 2018

Time:                                    1pm

Venue:                                 Council Chambers, Level 2, Civic Offices,
53 Hereford Street, Christchurch

 

 

Membership

Chair

Deputy Chair

Members

Ms Sue Sheldon

Councillor Raf Manji

Councillor Vicki Buck

Councillor Phil Clearwater

Councillor Pauline Cotter

Mayor Lianne Dalziel

Councillor David East

Deputy Mayor Andrew Turner

Mr Mark Russell

Mr Michael Rondel

 

 

13 February 2018

 

 

 

Principal Advisor

Carol Bellette

General Manager Finance and Commercial

 

Mark Saunders

Committee and Hearings Advisor

941 6436

mark.saunders@ccc.govt.nz

www.ccc.govt.nz

Note:  The reports contained within this agenda are for consideration and should not be construed as Council policy unless and until adopted.  If you require further information relating to any reports, please contact the person named on the report.
To view copies of Agendas and Minutes, visit:
https://www.ccc.govt.nz/the-council/meetings-agendas-and-minutes/

 


Audit and Risk Management Committee

13 February 2018

 

Audit and Risk Management Committee - Terms of Reference

 

 

 

 

Chair

Sue Sheldon (Independent)

Deputy Chair

Councillor Manji as the Chair of the Finance and Performance Committee

Membership

Mayor Dalziel and Deputy Mayor Turner

The Chair of the following committees:

§   Innovation and Sustainable Development Committee

§   Social and Community Development Committee

§   Infrastructure, Transport and Environment Committee

§   Regulatory Performance Committee

2 External Members

Quorum

Half of the members if the number of members (including vacancies) is even, or a majority of members if the number of members (including vacancies) is odd.

Meeting Cycle

To be separately considered

Reports To

Council

 

 

Purpose

To assist the Council to discharge its responsibility to exercise due care, diligence and skill in relation to the oversight of:

§    the robustness of the internal control framework;

§    the integrity and appropriateness of external reporting, and accountability arrangements within the organisation for these functions;

§    the robustness of risk management systems, process and practices;

§    internal and external audit;

§    accounting policy and practice;

§    compliance with applicable laws, regulations, standards and best practice guidelines for public entities; and

§    the establishment and maintenance of controls to safeguard the Council’s financial and non-financial assets.

The foundations on which this Committee operates, and as reflected in this Terms of Reference, includes: independence; clarity of purpose; competence; open and effective relationships and no surprises approach.

 

Procedure

In order to give effect to its advice the Committee should make recommendations to the Council and to Management.

The Committee should meet the internal and the external auditors without Management present as a standing agenda item at each meeting where external reporting is approved, and at other meetings if requested by any of the parties.

The external auditors, the internal audit manager and the co-sourced internal audit firm should meet outside of formal meetings as appropriate with the Committee Chair.

The Committee Chair will meet with relevant members of Management before each Committee meeting and at other times as required.

 

Responsibilities

Internal Control Framework

§    Consider the adequacy and effectiveness of internal controls and the internal control framework including overseeing privacy and cyber security.

§    Enquire as to the steps management has taken to embed a culture that is committed to probity and ethical behaviour.

§    Review the processes or systems in place to capture and effectively investigate fraud or material litigation should it be required.

§    Seek confirmation annually and as necessary from internal and external auditors, attending Councillors, and management, regarding the completeness, quality and appropriateness of financial and operational information that is provided to the Council.

Risk Management

§    Review and consider Management’s risk management framework in line with Council’s risk appetite, which includes policies and procedures to effectively identify, treat and monitor significant risks, and regular reporting to the Council.

§    Assist the Council to determine its appetite for risk.

§    Review the principal risks that are determined by Council and Management, and consider whether appropriate action is being taken by management to treat Council’s significant risks. Assess the effectiveness of, and monitor compliance with, the risk management framework.

§    Consider emerging significant risks and report these to Council where appropriate.

Internal Audit

§    Review and approve the annual internal audit plan, such plan to be based on the Council’s risk framework. Monitor performance against the plan at each regular quarterly meeting.

§    Monitor all internal audit reports and the adequacy of management’s response to internal audit recommendations.

§    Review six monthly fraud reporting and confirm fraud issues are disclosed to the external auditor.

§    Provide a functional reporting line for internal audit and ensure objectivity of internal audit.

§    Oversee and monitor the performance and independence of internal auditors, both internal and co-sourced. Review the range of services provided by the co-sourced partner and make recommendations to Council regarding the conduct of the internal audit function.

§    Monitor compliance with the delegations policy.

 

External Reporting and Accountability

§    Consider the appropriateness of the Council’s existing accounting policies and practices and approve any changes as appropriate.

§    Contribute to improve the quality, credibility and objectivity of the accounting processes, including financial reporting.

§    Consider and review the draft annual financial statements and any other financial reports that are to be publicly released, make recommendations to Management.

§    Consider the underlying quality of the external financial reporting, changes in accounting policy and practice, any significant accounting estimates and judgements, accounting implications of new and significant transactions, management practices and any significant disagreements between Management and the external auditors, the propriety of any related party transactions and compliance with applicable New Zealand and international accounting standards and legislative requirements.

§    Consider whether the external reporting is consistent with Committee members’ information and knowledge and whether it is adequate for stakeholder needs.

§    Recommend to Council the adoption of the Financial Statements and Reports and the Statement of Service Performance and the signing of the Letter of Representation to the Auditors by the Mayor and the Chief Executive.

§    Enquire of external auditors for any information that affects the quality and clarity of the Council’s financial statements, and assess whether appropriate action has been taken by management.

§    Request visibility of  appropriate management signoff on the financial reporting and on the adequacy of the systems of internal control; including certification from the Chief Executive, the Chief Financial Officer and the General Manager Corporate Services that risk management and internal control systems are operating effectively;

§    Consider and review the Long Term and Annual Plans before adoption by the Council.  Apply similar levels of enquiry, consideration, review and management sign off as are required above for external financial reporting.

§    Review and consider the Summary Financial Statements for consistency with the Annual Report.

External Audit

§    Annually review the independence and confirm the terms of the audit engagement with the external auditor appointed by the Office of the Auditor General. Including the adequacy of the nature and scope of the audit, and the timetable and fees.

§    Review all external audit reporting, discuss with the auditors and review action to be taken by management on significant issues and recommendations and report to Council as appropriate.

§    The external audit reporting should describe: Council’s internal control procedures relating to external financial reporting, findings from the most recent external audit and any steps taken to deal with such findings, all relationships between the Council and the external auditor, Critical accounting policies used by Council, alternative treatments of financial information within Generally Accepted Accounting Practice that have been discussed with Management, the ramifications of these treatments and the treatment preferred by the external auditor.

§    Ensure that the lead audit engagement and concurring audit directors are rotated in accordance with best practice and NZ Auditing Standards.

Compliance with Legislation, Standards and Best Practice Guidelines

§    Review the effectiveness of the system for monitoring the Council’s compliance with laws (including governance legislation, regulations and associated government policies), with Council’s own standards, and Best Practice Guidelines.

Appointment of Independent Members

§    Identify skills required for Independent Members of the Audit and Risk Management Committee.  Appointment panels will include the Mayor or Deputy Mayor, Chair of Finance & Performance Committee and Chair of Audit & Risk Management Committee. Council approval is required for all Independent Member appointments.

§    The term of the Independent members should be for three years.  (It is recommended that the term for independent members begins on 1 April following the Triennial elections and ends 31 March three years later.  Note the term being from April to March provides continuity for the committee over the initial months of a new Council.)

§    Independent members are eligible for re-appointment to a maximum of two terms. By exception the Council may approve a third term to ensure continuity of knowledge.

 

Long Term Plan Activities

1.                   Consider and review the Long Term and Annual Plans before adoption by the Council.  Apply similar levels of enquiry, consideration, review and management sign off as are required above for external financial reporting.

 


Audit and Risk Management Committee

13 February 2018

 

Part A        Matters Requiring a Council Decision

Part B         Reports for Information

Part C         Decisions Under Delegation

 

 

TABLE OF CONTENTS

 

C       1.       Apologies.......................................................................................................................... 7

B       2.       Declarations of Interest................................................................................................... 7

C       3.       Confirmation of Previous Minutes................................................................................. 7

B       4.       Public Forum.................................................................................................................... 7

B       5.       Deputations by Appointment........................................................................................ 7

B       6.       Presentation of Petitions................................................................................................ 7

STAFF REPORTS

A       7.       Approval of Protected Disclosures Policy................................................................... 13

C       8.       Resolution to Exclude the Public................................................................................. 31  

 

 


Audit and Risk Management Committee

13 February 2018

 

 

1.   Apologies

At the close of the agenda no apologies had been received.

2.   Declarations of Interest

Members are reminded of the need to be vigilant and to stand aside from decision making when a conflict arises between their role as an elected representative and any private or other external interest they might have.

3.   Confirmation of Previous Minutes

That the minutes of the Audit and Risk Management Committee meeting held on Wednesday, 29 November 2017  be confirmed (refer page 8).

4.   Public Forum

A period of up to 30 minutes may be available for people to speak for up to five minutes on any issue that is not the subject of a separate hearings process.

5.   Deputations by Appointment

There were no deputations by appointment at the time the agenda was prepared. 

6.   Petitions

There were no petitions received at the time the agenda was prepared.


Audit and Risk Management Committee

13 February 2018

 

 

 

Audit and Risk Management Committee

Open Minutes

 

 

Date:                                     Wednesday 29 November 2017

Time:                                    8.33am

Venue:                                 Council Chambers, Level 2, Civic Offices,
53 Hereford Street, Christchurch

 

 

Present

Chair

Deputy Chair

Members

Ms Sue Sheldon

Councillor Raf Manji

Mayor Lianne Dalziel

Deputy Mayor Andrew Turner

Councillor Vicki Buck

Councillor Phil Clearwater

Councillor Pauline Cotter

Councillor David East

Mr Mark Russell

Mr Michael Rondel

 

 

29 November 2017

 

 

 

Principal Advisor

Carol Bellette

General Manager Finance and Commercial

 

Mark Saunders

Committee Advisor

941 6436

mark.saunders@ccc.govt.nz

www.ccc.govt.nz

To view copies of Agendas and Minutes, visit:
www.ccc.govt.nz/Council/meetingminutes/agendas/index

 


Part A        Matters Requiring a Council Decision

Part B         Reports for Information

Part C         Decisions Under Delegation

 

 

 

The agenda was dealt with in the following order.

1.   Apologies

Part C

There were no apologies.

2.   Declarations of Interest

Part B

There were no declarations of interest recorded.

3.   Confirmation of Previous Minutes

Part C

Committee Resolved ARCM/2017/00014

Committee Decision

That the minutes of the Audit and Risk Management Committee meeting held on Tuesday, 3 October 2017, be confirmed.

Chair Sheldon/Deputy Mayor                                                                                                                                Carried

 

4.   Public Forum

Part B

There were no public forum presentations.

5.   Deputations by Appointment

Part B

There were no deputations by appointment.

6.   Presentation of Petitions

Part B

There was no presentation of petitions.

 

7.   Asset Management Improvement Programme Update

 

Committee Comment

1.         The Committee received the information in the report and, noting the technical nature of the language in the report, requested that staff prepare a plain-English summary to carry forward into a planned workshop for Councillors.

2.         The Committee made recommendations to Council regarding requesting further reporting on the asset management improvement programme.

 

Staff Recommendations

That the Audit and Risk Management Committee:

1.         Receive the information in this report.

 

Committee Resolved ARCM/2017/00015

Part C

That the Audit and Risk Management Committee:

1.         Receive the information in this report.

2.         Request staff to prepare a plain-English summary of the information in the report.

Chair Sheldon/Councillor Clearwater                                                                                                                  Carried

 

Committee Decided ARCM/2017/00016

Part A

That the Council:

1.         Request that staff report on the asset management improvement programme to the Finance and Performance Committee on a six-monthly basis.

2.         Request that there is reporting to the Audit and Risk Management Committee following the July risk maturity assessment.

Chair Sheldon/Councillor Clearwater                                                                                                                  Carried

 

8.   Audit New Zealand Management Report for the year ended 30 June 2017

 

Committee Comment

1.         The Committee accepted the staff recommendations without change.

2.        

 

Staff Recommendations

That the Audit and Risk Management Committee:

1.         Consider the recommendations made by Audit New Zealand in the Management Report and management’s response to these; and

2.         Recommend to Council that it receive the Audit New Zealand Management Report for the year ended 30 June 2017.

 

 

Committee Resolved ARCM/2017/00017

Part C

That the Audit and Risk Management Committee:

1.         Consider the recommendations made by Audit New Zealand in the Management Report and management’s response to these; and

2.         Recommend to Council that it receive the Audit New Zealand Management Report for the year ended 30 June 2017.

Mr Rondel/Councillor Cotter                                                                                                                                  Carried

 

 

Committee Decided ARCM/2017/00018

Part A

That the Council:

1.         Receive the Audit New Zealand Management Report for the year ended 30 June 2017.

Mr Rondel/Councillor Cotter                                                                                                                                  Carried

 

 

9     Resolution to Exclude the Public

 

Committee Resolved ARCM/2017/00019

Part C

That David Seath and Aloysius Teh of Deloitte, and Andrew Timlin and Andy Burns of Audit New Zealand, remain after the public have been excluded for Item 12 of the public excluded agenda as they have knowledge that is relevant to that item and will assist the Committee.

That at 9:45am the resolution to exclude the public set out on pages 41 to 42 of the agenda be adopted.

Chair Sheldon/Councillor East                                                                                                                                  Carried

 

The public were re-admitted to the meeting at 11:50am.

 

   

Meeting concluded at 11:51am.

 

CONFIRMED THIS 13TH DAY OF FEBRUARY 2018

 

Sue Sheldon

Chair

 


Audit and Risk Management Committee

13 February 2018

 

 

7.        Approval of Protected Disclosures Policy

Reference:

17/1511402

Contact:

Judith Cheyne

Judith.Cheyne@ccc.govt.nz

941 8649

 

 

1.   Purpose of Report

1.1       The purpose of this report is for the Audit and Risk Management Committee to recommend to Council that it approve a new Protected Disclosures Policy and adjust the delegations made under the Protected Disclosures Act 2000.

 

2.   Staff Recommendations

That the Audit and Risk Management Committee:

1.         Recommend to Council that it approve the new Protected Disclosures Policy attached to this report.

2.         Amend the wording, and Council officers to whom delegations under the Protected Disclosures Act 2000 are made, as follows:

 

Protected Disclosures Act 2000

 

 

Section

Delegation

CEO

Protected Disclosures Officer

All

All of its responsibilities, duties, and powers under this Act (to be exercised in accordance with the procedures in Council’s Protected Disclosures policy), except the power to adopt the internal procedures (Policy) under section 11.

 

ü

ü

 

 

 

3.   Key Points

3.1       The Council is required to have internal procedures for receiving and dealing with information about serious wrongdoing in or by the Council.  The Council does this through its Protected Disclosures Policy. If any person to whom the Policy applies believes, on reasonable grounds, that there is serious wrongdoing occurring within or by the Council, they are expected to report it in accordance with the terms of the Policy.  This is commonly known as ‘whistleblowing’.

3.2       The Policy describes how to make a disclosure and provides procedures to protect anyone who makes a disclosure about serious wrongdoing.  The policy applies to serious wrongdoing occurring either before or after this proposed Policy’s implementation. 

3.3       The existing Protected Disclosures Policy (see attachment 1) has been reviewed by Council staff, and re-drafted (see attachment 2) as part of the Internal Policy Review programme, utilising the new policy template and the Centre of Excellence.

3.4       The Policy needed to be refreshed to provide:

3.4.1   better alignment with the legislation and other policies (in particular the Fraud Policy);

3.4.2   improved and clearer content; and

3.4.3   to clarify roles and responsibilities.

There is some overlap between the Protected Disclosures Policy and the Fraud Policy.  However, not all fraud reporting is necessarily made as a protected disclosure, so it is considered appropriate to keep the policies separate.

3.5       The Executive Leadership Team approved the Fraud Policy in December 2017, but the Protected Disclosures Policy is a policy that needs to meet the statutory requirements under section 11 of the Protected Disclosures Act 2000 (PDA):

(1) Every public sector organisation must have in operation appropriate internal procedures for receiving and dealing with information about serious wrongdoing in or by that organisation.

(2) The internal procedures must—

(a) comply with the principles of natural justice; and

(b) identify the persons in the organisation to whom a disclosure may be made; and

(c) include reference to the effect of sections 8 to 10..

(3) Information about the existence of the internal procedures, and adequate information on how to use the procedures, must be published widely in the organisation and must be republished at regular intervals.

 

3.6       The Council has reserved for itself the power to approve the internal procedures/policy made under section 11 (all the other responsibilities, duties and powers under the PDA are currently delegated by the Council to the Chief Executive and Head of Legal Services).

3.7       The draft new Policy incorporates feedback from staff in Risk and Audit, Legal, HR and the Centre of Excellence.  The Executive Leadership Team has endorsed the new policy to be forwarded to the Council for final approval.

3.8       A change made in the revised Protected Disclosures Policy (and Fraud Policy) is that the Fraud Control Officer role is being re-named to become the Protected Disclosures Officer.  Although the role is renamed it will remain as one of the duties of the Head of Risk and Audit.  

3.9       Previously, protected disclosures were to be reported to the Head of Legal Services, but on advice from the Legal Services Unit there is a possible risk of a conflict of interest with the Legal Unit’s role to protect the interests of Council.

3.10    Staff therefore also recommend that a new delegation of powers under the PDA be made to Protected Disclosures Officer, in place of the Head of Legal Services, to align with the new Policy. The wording of the existing delegation under the PDA can also be amended for better readability.

 

 

Attachments

No.

Title

Page

a

Existing Protected Disclosures Act Policy

16

b

Draft Protected Disclosure Policy

23

 

 

Signatories

Author

Judith Cheyne - Associate General Counsel

Approved By

John Higgins - Acting Head of Legal Services

Anne Columbus - General Manager Corporate Services

  


Audit and Risk Management Committee

13 February 2018

 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 


Audit and Risk Management Committee

13 February 2018

 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator


 

PDF Creator

 

 


Audit and Risk Management Committee

13 February 2018

 

 

8.    Resolution to Exclude the Public

Section 48, Local Government Official Information and Meetings Act 1987.

 

I move that the public be excluded from the following parts of the proceedings of this meeting, namely items listed overleaf.

 

Reason for passing this resolution: good reason to withhold exists under section 7.

Specific grounds under section 48(1) for the passing of this resolution: Section 48(1)(a)

 

Note

 

Section 48(4) of the Local Government Official Information and Meetings Act 1987 provides as follows:

 

“(4)     Every resolution to exclude the public shall be put at a time when the meeting is open to the public, and the text of that resolution (or copies thereof):

 

             (a)       Shall be available to any member of the public who is present; and

             (b)       Shall form part of the minutes of the local authority.”

 

This resolution is made in reliance on Section 48(1)(a) of the Local Government Official Information and Meetings Act 1987 and the particular interest or interests protected by Section 6 or Section 7 of that Act which would be prejudiced by the holding of the whole or relevant part of the proceedings of the meeting in public are as follows:


Audit and Risk Management Committee

13 February 2018

 

 

 

ITEM NO.

GENERAL SUBJECT OF EACH MATTER TO BE CONSIDERED

SECTION

SUBCLAUSE AND REASON UNDER THE ACT

PLAIN ENGLISH REASON

WHEN REPORTS CAN BE RELEASED

9

Public Excluded Audit and Risk Management Committee Minutes - 29 November 2017

 

 

Refer to the previous public excluded reason in the agendas for these meetings.

 

10

Fraud Status Report

s7(2)(b)(ii), s7(2)(f)(ii)

Prejudice Commercial Position, Protection from Improper Pressure or Harassment

Public exclusion is necessary to allow disclosure and discussion of sensitive information.

Upon confirmation from Head of Risk and Audit

11

Quarterly Procurement Report - Quarter 2 - 2017/18

s7(2)(b)(ii), s7(2)(h), s7(2)(i)

Prejudice Commercial Position, Commercial Activities, Conduct Negotiations

The following information may prejudice the Council's commercial position.

When the Chief Executive determines there are no longer any reasons to withhold the information under the Act.

12

Internal Audit Status Report

s7(2)(e), s7(2)(f)(ii), s7(2)(j)

Prevention of Material Loss, Protection from Improper Pressure or Harassment, Prevention of Improper Advantage

Prevent the use of Internal Audit findings being utilised for improper advantage.

Consideration of release when reported findings have been closed.

13

Risk Management Status Report

s7(2)(c)(ii), s7(2)(f)(ii)

Prevent Damage to the Public Interest, Protection from Improper Pressure or Harassment

Prevent the improper use and misinterpretation of information.

Consideration of release pending status of risks and management activity.

14

Risk Management Reporting (ChristchurchNZ and Vbase)

s7(2)(b)(ii)

Prejudice Commercial Position

Discusses matters that may be commercially sensitive.

When the Chief Executive determines there are no longer any reasons to withhold the information under the Act.

15

ARMC Long Term Plan 2018-28 Report

s7(2)(b)(ii), s7(2)(g)

Prejudice Commercial Position, Maintain Legal Professional Privilege

The information to be used as the basis for preparation of the Council's Long Term Plan remains subject to change.  Premature release of this information, before it is adopted by the Council, could prejudice those people and entities that may be affected by any changes made.
The Committee may seek at the meeting legal advice on matters relating to the preparation and adoption of the Long Term Plan.

Upon the Chief Executive being satisfied, in her discretion, that there are no longer grounds for withholding the information.