A black text on a white background

Description automatically generated

Audit and Risk Management Committee

Agenda

Notice of Meeting:

An ordinary meeting of the Audit and Risk Management Committee will be held on:

Date: Monday 16 October 2023

Time: 9:30am

Venue: Council Chambers, Level 2, Civic Offices,
53 Hereford Street, Christchurch

Membership

Chairperson

Deputy Chairperson

Members

Mr Michael Wilkes

Councillor Jake McLellan

Councillor Tyrone Fields

Councillor Sam MacDonald

Councillor Tim Scandrett

Ms Jacqueline Robertson Cheyne

Mrs Hilary Walton

11 October 2023

Principal Advisor

Leah Scales

General Manager - Resources / CFO

Tel: 941 8999

Luke Smeele

Democratic Services Advisor

941 6374

luke.smeele@ccc.govt.nz

www.ccc.govt.nz

Audit and Risk Management Committee

16 October 2023

Audit and Risk Management Committee - Terms of Reference Ngā Ārahina Mahinga

Chair	Mr Michael Wilkes (Independent)
Deputy Chair	Councillor McLellan
Membership	Councillor Fields Councillor MacDonald Councillor Scandrett External Members: Mrs Hilary Walton Ms Jacqueline Robertson Cheyne
Quorum	Half of the members if the number of members (including vacancies) is even, or a majority of members if the number of members (including vacancies) is odd.
Meeting Cycle	Quarterly and as required
Reports To	Council

Purpose

To assist the Council to discharge its responsibility to exercise due care, diligence and skill in relation to the oversight of:

· the robustness of the internal control framework;

· the integrity and appropriateness of external reporting, and accountability arrangements within the organisation for these functions;

· the robustness of risk management systems, process and practices;

· internal and external audit;

· accounting policy and practice;

· compliance with applicable laws, regulations, standards and best practice guidelines for public entities; and

· the establishment and maintenance of controls to safeguard the Council’s financial and non-financial assets.

The foundations on which this Committee operates, and as reflected in this Terms of Reference, includes: independence; clarity of purpose; competence; open and effective relationships and no surprises approach.

Procedure

· In order to give effect to its advice the Committee should make recommendations to the Council and to Management.

· The Committee should meet the internal and the external auditors without Management present as a standing agenda item at each meeting where external reporting is approved, and at other meetings if requested by any of the parties.

· The external auditors, the internal audit manager and the co-sourced internal audit firm should meet outside of formal meetings as appropriate with the Committee Chair.

· The Committee Chair will meet with relevant members of Management before each Committee meeting and at other times as required.

Responsibilities

Internal Control Framework

· Consider the adequacy and effectiveness of internal controls and the internal control framework including overseeing privacy and cyber security.

· Enquire as to the steps management has taken to embed a culture that is committed to probity and ethical behaviour.

· Review the processes or systems in place to capture and effectively investigate fraud or material litigation should it be required.

· Seek confirmation annually and as necessary from internal and external auditors, attending Councillors, and management, regarding the completeness, quality and appropriateness of financial and operational information that is provided to the Council.

Risk Management

· Review and consider Management’s risk management framework in line with Council’s risk appetite, which includes policies and procedures to effectively identify, treat and monitor significant risks, and regular reporting to the Council.

· Assist the Council to determine its appetite for risk.

· Review the principal risks that are determined by Council and Management, and consider whether appropriate action is being taken by management to treat Council’s significant risks. Assess the effectiveness of, and monitor compliance with, the risk management framework.

· Consider emerging significant risks and report these to Council where appropriate.

Internal Audit

· Review and approve the annual internal audit plan, such plan to be based on the Council’s risk framework. Monitor performance against the plan at each regular quarterly meeting.

· Monitor all internal audit reports and the adequacy of management’s response to internal audit recommendations.

· Review six monthly fraud reporting and confirm fraud issues are disclosed to the external auditor.

· Provide a functional reporting line for internal audit and ensure objectivity of internal audit.

· Oversee and monitor the performance and independence of internal auditors, both internal and co-sourced. Review the range of services provided by the co-sourced partner and make recommendations to Council regarding the conduct of the internal audit function.

· Monitor compliance with the delegations policy.

External Reporting and Accountability

· Consider the appropriateness of the Council’s existing accounting policies and practices and approve any changes as appropriate.

· Contribute to improve the quality, credibility and objectivity of the accounting processes, including financial reporting.

· Consider and review the draft annual financial statements and any other financial reports that are to be publicly released, make recommendations to Management.

· Consider the underlying quality of the external financial reporting, changes in accounting policy and practice, any significant accounting estimates and judgements, accounting implications of new and significant transactions, management practices and any significant disagreements between Management and the external auditors, the propriety of any related party transactions and compliance with applicable New Zealand and international accounting standards and legislative requirements.

· Consider whether the external reporting is consistent with Committee members’ information and knowledge and whether it is adequate for stakeholder needs.

· Recommend to Council the adoption of the Financial Statements and Reports and the Statement of Service Performance and the signing of the Letter of Representation to the Auditors by the Mayor and the Chief Executive.

· Enquire of external auditors for any information that affects the quality and clarity of the Council’s financial statements, and assess whether appropriate action has been taken by management.

· Request visibility of appropriate management signoff on the financial reporting and on the adequacy of the systems of internal control; including certification from the Chief Executive, the Chief Financial Officer and the General Manager Corporate Services that risk management and internal control systems are operating effectively;

· Consider and review the Long Term and Annual Plans before adoption by the Council. Apply similar levels of enquiry, consideration, review and management sign off as are required above for external financial reporting.

· Review and consider the Summary Financial Statements for consistency with the Annual Report.

External Audit

· Annually review the independence and confirm the terms of the audit engagement with the external auditor appointed by the Office of the Auditor General. Including the adequacy of the nature and scope of the audit, and the timetable and fees.

· Review all external audit reporting, discuss with the auditors and review action to be taken by management on significant issues and recommendations and report to Council as appropriate.

· The external audit reporting should describe: Council’s internal control procedures relating to external financial reporting, findings from the most recent external audit and any steps taken to deal with such findings, all relationships between the Council and the external auditor, Critical accounting policies used by Council, alternative treatments of financial information within Generally Accepted Accounting Practice that have been discussed with Management, the ramifications of these treatments and the treatment preferred by the external auditor.

· Ensure that the lead audit engagement and concurring audit directors are rotated in accordance with best practice and NZ Auditing Standards.

Compliance with Legislation, Standards and Best Practice Guidelines

· Review the effectiveness of the system for monitoring the Council’s compliance with laws (including governance legislation, regulations and associated government policies), with Council’s own standards, and Best Practice Guidelines.

Appointment of Independent Members

· Identify skills required for Independent Members of the Audit and Risk Management Committee. Appointment panels will include the Mayor or Deputy Mayor, Chair of Finance & Performance Committee and Chair of Audit & Risk Management Committee. Council approval is required for all Independent Member appointments.

· The term of the Independent members should be for three years. (It is recommended that the term for independent members begins on 1 April following the Triennial elections and ends 31 March three years later. Note the term being from April to March provides continuity for the committee over the initial months of a new Council.)

· Independent members are eligible for re-appointment to a maximum of two terms. By exception the Council may approve a third term to ensure continuity of knowledge.

Long Term Plan Activities

Audit and Risk Management Committee Forward Work Programme 2023

2023	Feb	Apr	Jun	Aug	Annual Report Oct	Dec
Update Reports	· Risk and Assurance · Procurement	· Risk and Assurance · Cyber Security	· Risk and Assurance · Procurement · Major Litigation Report	· Major Litigation Report	· Cyber Security · Risk and Assurance · LTP Update · Procurement	· Risk and Assurance · Procurement · Te Kaha
Other Reports	· Holidays Act Remediation Programme Completion · Christchurch City Holdings	· Te Kaha	· LTP Process · Cyber Security Report · Parakiore · Report to Governors FY22	· Situational Safety Report	· CCHL · Audit Fees Proposal · Conflict of Interest and Gift Declaration	· Changes to Procurement Framework
Annual Report		· External Reporting and Audit Programme for 2022/23 Update		· Update on critical judgments, estimates & assumptions · Financial Statements Update - Valuations	· Financial Statements and Annual Report	· Debenture trust audit report · Audit NZ Management Letter from prior year’s audit
Annual Plan	· Draft Annual Plan		· Final Annual Plan

Audit and Risk Management Committee

16 October 2023

Unconfirmed

A black text on a white background

Description automatically generated

Audit and Risk Management Committee

Open Minutes

Date: Thursday 3 August 2023

Time: 2:02pm

Venue: Council Chambers, Level 2, Civic Offices,
53 Hereford Street, Christchurch

Present

Chairperson

Deputy Chairperson

Members

Mr Michael Wilkes

Councillor Jake McLellan

Councillor Tyrone Fields

Councillor Sam MacDonald

Mrs Hilary Walton

Principal Advisor

Leah Scales

General Manager - Resources / CFO

Tel: 941 8999

Luke Smeele

Committee & Hearings Advisor

941 6374

luke.smeele@ccc.govt.nz

www.ccc.govt.nz

Part A Matters Requiring a Council Decision

Part B Reports for Information

Part C Decisions Under Delegation

The agenda was dealt with in the following order.

1. Apologies Ngā Whakapāha

Part C

Committee Resolved ARCM/2023/00009

That the apologies received from Jacqueline Robertson Cheyne and Tim Scandrett be accepted.

Councillor MacDonald/Councillor McLellan Carried

2. Declarations of Interest Ngā Whakapuaki Aronga

Part B

There were no declarations of interest recorded.

3. Confirmation of Previous Minutes Te Whakaāe o te hui o mua

Part C

Committee Resolved ARCM/2023/00010

That the minutes of the Audit and Risk Management Committee meeting held on Tuesday, 20 June 2023 be confirmed.

Councillor MacDonald/Councillor McLellan Carried

4. Public Forum Te Huinga Whānui

Part B

There were no public forum presentations.

5. Deputations by Appointment Ngā Huinga Whakaritenga

Part B

There were no deputations by appointment.

6. Presentation of Petitions Ngā Pākikitanga

Part B

There was no presentation of petitions.

7. Resolution to Exclude the Public

Committee Resolved ARCM/2023/00011

Part C

That Chantelle Gernetzky and Debbie Bradfield of Audit New Zealand, remain after the public have been excluded and Scott McClay of Deloitte can remain for item number 9 of the public excluded agenda as they have knowledge that is relevant to those items and will assist the Council.

AND

That at 2:04pm the resolution to exclude the public set out on pages 15 to 17 of the agenda be adopted.

Councillor Fields/Councillor McLellan Carried

The public were re-admitted to the meeting at 4:18pm.

Meeting concluded at 4:18pm.

CONFIRMED THIS 16^th DAY OF OCTOBER 2023

Michael Wilkes

Chairperson

Audit and Risk Management Committee

16 October 2023

7. Procurement and Contracts Unit FY23 Q4 Report
Reference / Te Tohutoro:	23/337302
Report of / Te Pou Matua:	Paul Cateriano, Head of Procurement and Contracts (paul.cateriano@ccc.govt.nz)
General Manager / Pouwhakarae:	Leah Scales, General Manager Resources/Chief Financial Officer (Leah.Scales@ccc.govt.nz)

1. Nature of Information Update and Report Origin

1.1 Quarterly Audit and Risk Management Committee Report.

1.2 Procurement and Contract Management Compliance Monitoring and Reporting.
Report to Audit and Risk Management Committee every quarter on monitoring compliance.

2. Officer Recommendations Ngā Tūtohu

That the Audit and Risk Management Committee:

1. Receive the information in the Quarterly Procurement Report for the months of April, May and June 2023 (FY2023 Q4 Report).

3. Long Term Plan Activity Reports

3.1 LTP/AP22: 13.1.21.1 Procurement and Contract Management is managed as a shared service delivery - Performance.
Return on Investment (ROI) = total Cost Reduction/Avoidance

3.1.1 Total commercial benefits for the Procurement and Contracts Unit on FY23 is $18,346,800. This includes a mix of both Capex and Opex cost reduction and avoidance.

3.1.2 As total cost of the Procurement and Contracts Unit in FY22/23 was $2,602,600, the Return on Investment (ROI) for the Unit for FY22/23 is 7. Expectation of the Unit is to have an ROI of 3.

3.1.3 For a detailed breakdown of all the Financial Benefits please refer to Attachment A – Financial Benefits FY23.

3.1.4 Below a summary of the final financial benefits for FY23.

3.1.5 Project actual savings are an average of all projects completed in FY23 to date and are calculated as per the below:

· A cost reduction is when the awarded amount is lower than the pre-tender estimate.

· A cost avoidance is when the awarded amount is larger than the estimated amount, but lower than the tendered amount.

3.2 LTP/AP22: 13.1.21.2 Procurement and Contract Management is managed as a shared service delivery
Non-financial return through procurement activity - 85% of sourcing activity and contract management activity to achieve Non-Financial outcomes annually.

Sustainable return through procurement activity - 85% of sourcing activity and contract management activity to achieve sustainable outcomes annually.

3.2.1 Non-Financial return through procurement activity for FY23 was 90.79%. This includes a mix of multiple non-financial benefits such as Process Improvement initiatives, Risk Mitigation, KPI Improvement, amongst others.

3.2.2 Sustainable return through procurement activity for FY23 was 37.83%. This includes only Social, Environmental and Economic benefits reported through a Procurement activity.

3.2.3 The Procurement and Contracts Leadership Team is developing a training module for all REPC Unit staff on how to properly capture and report on sustainable benefits as 100% of our sourcing activities should be achieving this target now that it is a mandatory requirement for all tenders.

3.2.4 See below a summary of the Non-Financial and Sustainable return through Procurement for FY23. For a detailed breakdown of the benefits please refer to Attachment B - Non-Financial Benefits for FY23.

3.3 LTP/AP22: 13.1.22.1 Procurement and Contract Management is managed as a shared service delivery.
95% of all procurement activity more than $100k (Excl. GST) put to market through RFP/T.

3.3.1 100% of all the procurement activity over $100k in FY23 followed the Council Procurement Framework and was put to marked through a Request for Proposal (RFP) or a Request for Tender (RFT). A total of 32% of all of that activity was over $100k.

3.3.2 The table below shows a summary of the procurement activity in FY23.

3.4 LTP/AP22: 13.1.22.3 Procurement and Contract Management is managed as a shared service delivery - Conformance.
100% of Procurement & Contract recommended Departures have valid procurement plans/strategies and risk assessment.

3.4.1 There were 25 departures submitted this quarter. 100% of all Departures submitted had a valid procurement plan and a risk assessment.

3.4.2 The rationale for not going to market is justified based on the Office of the Auditor General Procurement Guidance for Public Entities.

4. Other Council Procurement Information

4.1 Off-Contract Spend.

4.1.1 There has been a decrease of $1.17M in Off-Contract spend compared to previous reporting period. Current off contract spend represents 13.73% of total spend. We expect to see a reduction in off-contract spend even further, as the Procurement and Contract Units together with Finance, are currently carrying out multiple in-person trainings across all Council Units.

4.2 Purchase Orders raised after Invoice.

4.2.1 There has been a decrease in purchase orders raised after invoice of 3.9% compared to the last reporting period. Approximately 8.87% of Purchase Orders created have been created after receiving the invoice.

4.2.2 We expect to drive this number close to zero as we are currently making a process change due to the SAP Improvement Programme that all Purchase Order will need to be linked to an active Contract. Invoices without a Purchase Order number will not be able to be paid under the new Accounts Payable process, unless it is related to an emergency procurement. Internal and external communication to all our stakeholders and suppliers about this change has already commenced in September 2023.

Attachments / Ngā Tāpirihanga

No.	Title	Reference	Page
a	Attachment A - Financial Benefits FY23 (Under Separate Cover) - Confidential	23/1586948
b	Attachment B - Non-Financial Benefits for FY23 (Under Separate Cover) - Confidential	23/1586950

In addition to the attached documents, the following background information is available:

Document Name – Location / File Link

Not applicable

Confirmation of Statutory Compliance / Te Whakatūturutanga ā-Ture

Compliance with Statutory Decision-making Requirements (ss 76 - 81 Local Government Act 2002).

(a) This report contains:

(i) sufficient information about all reasonably practicable options identified and assessed in terms of their advantages and disadvantages; and

(ii) adequate consideration of the views and preferences of affected and interested persons bearing in mind any proposed or previous community engagement.

(b) The information reflects the level of significance of the matters covered by the report, as determined in accordance with the Council's significance and engagement policy.

Signatories / Ngā Kaiwaitohu

Authors

Paul Cateriano - Head of Procurement & Contracts

Jo van den Heever - Principal Advisor Procurement

Elizabeth Espin - Team Leader Procurement Special Projects

Chris Banks - Senior Procurement Reporting Analyst

Luke Stevens - Manager Procurement

Approved By

Russell Holden - Acting General Manager Resources/Chief Financial Officer

Audit and Risk Management Committee

16 October 2023

8. Conflict of Interest and Gift Declaration
Reference / Te Tohutoro:	22/1523345
Report of / Te Pou Matua:	Wade Morris, Legal Counsel
General Manager / Pouwhakarae:	Lynn McClelland, Assistant Chief Executive Strategic Policy and Performance (lynn.mcclelland@ccc.govt.nz)

1. Nature of Information Update and Report Origin

1.1 The purpose of this report is to provide an update on outstanding action ARMC/2020/00039.

1.2 On 2 December 2020, the Audit and Risk Management Committee resolved that staff investigate the improvement opportunities noted at paragraph 3.1 and report back to the Committee.

2. Officer Recommendations Ngā Tūtohu

That the Audit and Risk Management Committee:

1. Receive the information in the Conflict of Interest and Gift Declaration Report.

2. Note the support available to Elected Members to support compliance with conflict-of-interest obligations.

3. Brief Summary

3.1 In a report to the Audit and Risk Committee in 2020 staff noted the following improvement opportunities with respect to Elected Members’ interests:

3.1.1 Update and finalise Elected Members’ Code of Conduct.

3.1.2 Development of a clear, centralised Conflict of Interest policy/procedure document for the Mayor and Councillors. Such a policy would cover gifts and hospitality and may extend to Community Board Members.

3.1.3 Update and simplify the Councillors’ register of interest and requirement documents and process.

3.1.4 Update the Council’s Conflict of Interest standing agenda item.

3.1.5 Update Elected Member induction material/process and Big Tin Can folders to improve ease of location reference and coverage of Conflicts of Interest.

3.1.6 Consider how interests and gifts can be more effectively administered, via a system/web tool.

3.2 In the intervening period, all but one of the improvement opportunities noted above have been implemented or are underway. The Code of Conduct is the matter that has not been fully implemented at the time of writing this report, but a revised version is in development and Councillors have been briefed on it. We anticipate adoption of the revised version by December 2023.

3.3 The outstanding improvement opportunity originally identified is the development of a conflict-of-interest policy.

3.4 Staff consider that a specific conflict of interest policy is superfluous given:

3.4.1 The implementation of the other actions;

3.4.2 Processes around conflicts of interest are well provided for in the Code of Conduct applicable to elected members;

3.4.3 Elected members are provided with conflict-of-interest training at the beginning of each term;

3.4.4 Advice has been circulated from an external legal services provider in relation to conflicts that apply for councillors who are appointed to council-controlled and council organisations.

3.4.5 Elected members can request advice concerning conflicts of interests from Council’s Legal & Democratic Services;

3.4.6 The changes to the Local Government Act 2002 in relation to pecuniary interests, which included the provision of further guidance and advice to support compliance; and

3.4.7 The inability to enforce a policy.

Attachments / Ngā Tāpirihanga

There are no attachments to this report.

In addition to the attached documents, the following background information is available:

Document Name – Location / File Link

Not applicable

Confirmation of Statutory Compliance / Te Whakatūturutanga ā-Ture

Compliance with Statutory Decision-making Requirements (ss 76 - 81 Local Government Act 2002).

(a) This report contains:

(i) sufficient information about all reasonably practicable options identified and assessed in terms of their advantages and disadvantages; and

(ii) adequate consideration of the views and preferences of affected and interested persons bearing in mind any proposed or previous community engagement.

(b) The information reflects the level of significance of the matters covered by the report, as determined in accordance with the Council's significance and engagement policy.

Signatories / Ngā Kaiwaitohu

Author

Wade Morris - Legal Counsel

Approved By

Helen White - Head of Legal & Democratic Services

Lynn McClelland - Assistant Chief Executive Strategic Policy and Performance

Audit and Risk Management Committee

16 October 2023

9. LTP 2024-34 Update
Reference / Te Tohutoro:	23/1545492
Report of / Te Pou Matua:	Peter Ryan, Head of Corporate Planning & Performance
Senior Manager / Pouwhakarae:	Lynn McClelland, Assistant Chief Executive Strategic Policy and Performance (lynn.mcclelland@ccc.govt.nz)

1. Purpose and Origin of Report Te Pūtake Pūrongo

1.1 The purpose of this report is to provide an update on progress against the approved LTP work programme to the Audit and Risk Management Committee (ARMC), including any risks or impediments to the project and its key workstreams.

1.2 Consideration and review of the Long Term and Annual Plans before adoption by the Council is specified in the ARMC Terms of Reference.

2. Officer Recommendations Ngā Tūtohu

That the Audit and Risk Management Committee:

1. Receive the information in the LTP 2024-34 Update Report.

2. Note the LTP 2024-34 project update and Audit NZ Self-Assessment.

3. Brief Summary

3.1 The ARMC has requested updates on the implementation of the LTP 2024-34 development project plan workstreams (Attachment A).

3.2 As part of LTP development, Audit NZ recommend completion of their LTP Self-Assessment review (Attachment B.)

4. Background Information Te Horopaki

4.1 Under the Local Government Act 2002 a local authority must have an LTP in place at all times. The structure, timing, information provided, and consultation processes are defined by the legislation. LTPs are audited by the Office of the Auditor-General through Audit NZ, and both draft and final LTPs are published with the audit opinion.

4.2 The flagship document of the LTP is the Consultation document (CD) which must set out the challenges facing the city as well as the options and recommendations of the Council for community consultation. This is the key document from resident’s point of view.

4.3 It is supported by Infrastructure and Financial Strategies that must have a minimum horizon of 30 years. These too must set out the challenges, options and recommendations that inform the LTP, as well as guiding the development of the capital programme.

4.4 Supporting these are technical documents (activity and asset management plans) that span the Council’s services.

4.5 The ARMC has requested regular updates on the implementation of the Long-term Plan (LTP) 2024-34 development project plan.

4.6 At the previous meeting of 20 June 2023 ARMC received:

4.6.1 the Letter of Expectation from the Mayor and Council to staff, which sets out priorities to be addressed as well as defining the LTP 2024-34 process;

4.6.2 confirmation of governance structure for the LTP; Council is the decision-making body, the Executive Leadership Team acts as the Steering Group, supported by an operational Programme Management Group;

4.6.3 the adopted draft Strategic Framework, and how Climate Resilience is being embedded in the LTP 2024;

4.6.4 information regarding the high-level phasing and timings for the project;

4.6.5 an outline of the individual workstreams within the project, including progress updates to that point;

4.6.6 key risks, including how these are reported and managed.

4.7 This latest LTP 2024 progress report (Attachment A) summarises (at a high level) risks to the overall project work streams, as well as risks to specific work streams.

4.8 Each work stream is led by an accountable Head of Service, and Heads of Service have provided the information in these attachments. They will be available at the ARMC meeting for further information as required.

4.9 Audit NZ has previously supplied a detailed self-assessment tool to gauge readiness and progress for the LTP and have confirmed this tool remains suitable for use with some small adjustment. The Self-Assessment for LTP 2024-34 (Attachment B) has been reviewed by the Executive Leadership Team.

4.10 Risks fall into two types – content risk (in terms of the accuracy and timeliness of content within a workstream) and alignment risk (in terms of consistency between workstreams i.e., the Financial Strategy, the Infrastructure Strategy, capital programme and asset plans).

4.11 During the development phase of the LTP the focus is naturally on content risk. The areas of greatest risk lie (as they normally do) finding the optimum balance between service delivery, capital programme delivery, and rates increases.

4.12 To achieve this, it is essential to develop a Financial Strategy that is aligned with the Infrastructure Strategy and activity plan budgets.

4.13 Alignment of the FS with a significant savings opex programme and an affordable/deliverable capital programme is also critical.

4.14 Finally, the FS informs the way in which options for community consultation should occur in the Consultation Document.

4.15 Framing these options in a way that can be easily understood by the community (and which clearly set out the implications of those options) is critical to the success of the LTP, and to minimise the risk of criticism or (successful) challenge to the LTP process.

4.16 Other key risk areas include confidence around asset condition and performance data, and ability to meet the project milestones and timeline.

4.17 As these issues are resolved (or substantively resolved), focus will move to alignment risks.

Attachments Ngā Tāpirihanga

No.	Title	Reference	Page
a ⇩	LTP 2024-34 Project Update	23/1602401	22
b ⇩	CCC LTP Self Assessment (Audit NZ)	23/1621140	35

In addition to the attached documents, the following background information is available:

Document Name – Location / File Link

Not applicable

Confirmation of Statutory Compliance Te Whakatūturutanga ā-Ture

Compliance with Statutory Decision-making Requirements (ss 76 - 81 Local Government Act 2002).

(a) This report contains:

(i) sufficient information about all reasonably practicable options identified and assessed in terms of their advantages and disadvantages; and

(ii) adequate consideration of the views and preferences of affected and interested persons bearing in mind any proposed or previous community engagement.

(b) The information reflects the level of significance of the matters covered by the report, as determined in accordance with the Council's significance and engagement policy.

Signatories Ngā Kaiwaitohu

Authors

Amber Tait - Performance Analyst

Boyd Kedzlie - Senior Business Analyst

Approved By

Peter Ryan - Head of Corporate Planning & Performance

Lynn McClelland - Assistant Chief Executive Strategic Policy and Performance

Audit and Risk Management Committee

16 October 2023

10. Audit and Risk Quarterly Update
Reference / Te Tohutoro:	23/1539528
Report of / Te Pou Matua:	Nicholas Hill, Head of Risk and Assurance (Nicholas.Hill@ccc.govt.nz)
Senior Manager / Pouwhakarae:	Leah Scales, General Manager Resources/Chief Financial Officer (Leah.Scales@ccc.govt.nz)

1. Purpose and Origin of Report Te Pūtake Pūrongo

1.1 Risk and Assurance regularly supports management across a range of matters that may be relevant to the Committee. Progress reporting to the Committee about improving the maturity of the Council's risk and assurance related systems.

1.2 Council Risk and Assurance Unit.

2. Officer Recommendations Ngā Tūtohu

That the Audit and Risk Management Committee:

1. Receive the information in the Risk and Assurance Update Report.

3. Risk Management Update

Risk Assurance Statement

3.2 During the reporting period the Protected Disclosure Officer received three (3) separate disclosures of concerns around serious wrongdoing. The disclosures have been reviewed and communicated with the Chief Executive for decision on further action.

Activity during the quarter

3.1 The risk function has supported the Long-Term Planning Project Team with refreshing the risk associated with the project. The aim of this process was to ensure that all risks are still relevant and to identify any new or emerging risks.

3.2 The Risk and Assurance unit ran an hour-long risk workshop with the Executive Leadership Team (ELT). The workshop covered the perceived understanding of the current working environment. The workshop was also an opportunity to introduce new staff members to the ELT and prepare for the Councillor Risk Workshop.

3.3 The risk function ran a risk workshop with Councillors, Executive Leadership Team and independent ARMC members. The workshop covered risk 101 and explored their risk appetite against the draft strategic priorities. The workshop was well received by those who attended.

3.4 The implementation of agreed actions from the internal fraud audit continues. We have developed two eLearning packages: Fraud and Corruption Prevention and Protected Disclosures. These trainings cover essential definitions, interactive knowledge checks and how staff can report concerns within and outside the Council.

Activity planned for the next quarter

3.5 The risk function will work alongside People and Culture to develop an improvement work program focusing on the conflict-of-interest process at the Council.

3.6 The risk function will continue to implement and embed the internal fraud audit recommendations.

Situational safety risk assessment

3.7 In response to a request from ARMC, the Risk and Assurance team have developed a high-level risk assessment around the situational safety of elected members and high-profile senior staff. Although high-level, the risk assessment has reviewed several keys areas as outlined below.

3.8 Staff feeling – a survey was sent to both senior and high-profile staff asking some basic questions around perceived risk and how high profile they believed they were. Results of the survey were analysed and factored into the risk assessment.

3.9 Climate Activism - Climate Activism in New Zealand, is diverse and dynamic, with various groups and individuals pushing for climate action at different levels of society. The movement is characterized by a sense of urgency and a commitment to holding both the government and private sector accountable for addressing climate change.

3.10 Physical threats - refer to actions or circumstances that pose a direct danger or harm to a person's physical well-being, safety, or bodily integrity. These threats can manifest in various forms, including violence, assault, accidents, or natural disasters, and may result in physical injuries or harm.

3.11 Psychological threats - involve situations or actions that can harm an individual's mental or emotional well-being. These threats can encompass various forms of stress, manipulation, intimidation, Harassment, or emotional abuse, and may lead to psychological distress, anxiety, or trauma.

3.12 Reputational threats – such a scandal, in fighting, negative media coverage, social media attacks, hacking, data breaches, or online harassment all contribute to reputational damage. The Council and its staff are under constant scrutiny, in the name of being held accountable by the people of Christchurch City. Any mistake or perceived mistake is analysed, publicised, and dissected by media and self-appointed watchdogs. These agencies or individuals often see it as their responsibility to call out anything they disagree with using both the mainstream and social media as a platform.

3.13 A Vulnerability Assessment has also been undertaken as part of the risk assessment. Physical, Cyber and Reputational Vulnerability were analysed, and relevant controls identified and assessed for effectiveness.

3.14 WorkSafe guidelines have also been reviewed to ensure we are in line with best practice around controls for key areas such as architectural/layout, policies and procedures, training, emergency process and other security measures.

3.15 The risk assessment is complete; however, the report and recommendations are still being compiled. The report will be presented and discussed with ELT in the next two weeks and presented to ARMC at the next appropriate opportunity.

4. Internal Audit Update

Internal Audit Statement

4.1 Internal Audit continues to provide independent review and support to the other business units as necessary. While several discussions have been held with various business units over the quarter, there are no matters of material significance that needs to be reported.

Activity during the quarter

4.2 The primary focus for the Internal Audit team during the quarter has been the finalisation and assisting in management response to the independent review of the Christchurch Wastewater Treatment Plant fire and recovery response.

4.2.1 The review primarily focuses on how the Council responded to the fire, and how the Council communicated key decisions and concerns to the wider community.

4.2.2 The final report has been received and endorsed by the ELT.

4.2.3 The management action plan has been completed as collaboration between a number of business units that are involved in the key processes. The management action plan has also been endorsed by the ELT.

4.2.4 The final report along with the management action plan will be presented to the Council in the next Council meeting on 18 October.

4.3 Internal Audit team also assisted in finalising the management action plan in response to the independent FTE controls review. This matter is discussed as a separate agenda item for the ARMC meeting.

4.4 Internal Audit has reviewed and updated the Internal Audit Plan to reflect the risks currently relevant to the Council. The Audit Plan has gone through multiple internal quality assurance reviews and have been reviewed by the Council’s Internal Audit Partner, KPMG for reasonableness. The Internal Audit Plan will need to be discussed with the ARMC Chair initially before it is presented to the ARMC for feedback and endorsement.

4.5 Internal Audit is also in process of planning and developing the Council’s assurance mapping based on identified strategic risks. The assurance mapping is intended to provide a snapshot view of the Council’s strategic risks and captures both the gross risk scores prior to any assurance and controls and the net risk score post all assurance. This tool will assist to determine whether assurance is required, and whether internal audit review is required.

4.6 To gain coverage and assurance over wider business operations and risks, the Internal Audit team are working on developing and establishing methodology for speed analysis reviews. Whilst the speed analysis review will not be replacing the traditional audit reviews which are more complex in nature, the speed analysis review is planned to be completed on a rotational basis along with the traditional audit reviews. The traditional audits are more detailed and complex, which are inherently more time consuming. The speed analysis review intends to review a specific pain spot within a process to provide audit recommendations in a more time efficient manner.

Activity planned for the next quarter

4.7 Internal Audit will continue to work through planned and unplanned work based on priority and risk. Due to high volume of high-risk unplanned work, there is backlog of planned work and this will be addressed accordingly.

4.8 Internal Audit will finalise the Internal Audit Plan subsequent to review and endorsement from the relevant stakeholders.

4.9 Internal Audit will work towards finalising the assurance mapping and speed analysis review methodology.

4.10 Internal Audit will continue to support other business units with independent review and support as necessary.

Attachments Ngā Tāpirihanga

There are no attachments to this report.

In addition to the attached documents, the following background information is available:

Document Name – Location / File Link

Not applicable

Confirmation of Statutory Compliance Te Whakatūturutanga ā-Ture

Compliance with Statutory Decision-making Requirements (ss 76 - 81 Local Government Act 2002).

(a) This report contains:

(i) sufficient information about all reasonably practicable options identified and assessed in terms of their advantages and disadvantages; and

(ii) adequate consideration of the views and preferences of affected and interested persons bearing in mind any proposed or previous community engagement.

(b) The information reflects the level of significance of the matters covered by the report, as determined in accordance with the Council's significance and engagement policy.

Signatories Ngā Kaiwaitohu

Authors

Min Jang - Senior Internal Auditor

Nicholas Hill - Head of Risk & Assurance

Mary Hampton - Senior Risk Advisor

Mike Marr - Manager Internal Audit

Approved By

Russell Holden - Acting General Manager Resources/Chief Financial Officer

Audit and Risk Management Committee

16 October 2023

ITEM NO.	GENERAL SUBJECT OF EACH MATTER TO BE CONSIDERED	SECTION	SUBCLAUSE AND REASON UNDER THE ACT	PLAIN ENGLISH REASON	WHEN REPORTS CAN BE RELEASED
7.	Procurement and Contracts Unit FY23 Q4 Report
	Attachment a - Attachment A - Financial Benefits FY23	s7(2)(b)(ii), s7(2)(h), s7(2)(j)	Prejudice Commercial Position, Commercial Activities, Prevention of Improper Advantage	Terms negotiated with suppliers that could prejudice their commercial position	27 September 2024 On review of Head of Procurement and Contracts
	Attachment b - Attachment B - Non-Financial Benefits for FY23	s7(2)(b)(ii), s7(2)(h), s7(2)(j)	Prejudice Commercial Position, Commercial Activities, Prevention of Improper Advantage	Terms negotiated with suppliers that could prejudice their commercial position	27 September 2024 On review of Head of Procurement and Contracts
12.	Public Excluded Audit and Risk Management Committee Minutes - 3 August 2023			Refer to the previous public excluded reason in the agendas for these meetings.
13.	Cyber Security Programme Update and Report	s7(2)(c)(i)	Protection of Source of Information	Disclosure of our approach to cyber security will increase the risk of Council being a target, resulting in potential service disruptions and / or information breaches that will not be in the public interest.	This report may only be released if the Chief Executive has determined that there are no longer any reasons under the Local Government Official Information and meeting Act to withhold the information.
14.	Audit Engagement Letter and Fees Proposal Update	s7(2)(h)	Commercial Activities	Negotiations on the level and structure of the fee proposals are in discussion.	When a suitable audit fees agreement has been reached with Audit New Zealand and confirmed to by the Audit and Risk Management Committee.
15.	Council Draft Annual Report for the year ended 30 June 2023	s7(2)(b)(ii), s7(2)(h)	Prejudice Commercial Position, Commercial Activities	The information to be used as the basis for the finalisation of the Council's 2023 Annual Report remains subject to change. The Committee has a responsibility to consider and review the annual report before adoption by the Council and to hold it in confidence before it is finalised for adoption, and it is in the public interest that the committee can review the annual report before it is publicly available.	31 October 2023 The information included in, and attached to, the staff report will be available on the public agenda for the 31 October 2023 meeting of the Council.
16.	FTE Controls Review	s7(2)(a), s7(2)(b)(ii)	Protection of Privacy of Natural Persons, Prejudice Commercial Position	To protect the privacy of individuals.	On reveiw and appropriate redaction of the report by the Official Information team and by the Head of Legal and Democratic Services and then approved by the appropriate delegates.
17.	Christchurch City Holdings Ltd - FY23 Update to ARMC Report	s7(2)(b)(ii)	Prejudice Commercial Position	The release of the internal control system review would prejudice the commerical position of CCHL.	That the Report may only be released if the Chief Executive has determined that there are no longer any reasons under the Local Government Official Information and Meetings Act to withhold the information.