Agenda of Risk and Audit Subcommittee Meeting

HASTINGS DISTRICT COUNCIL

Risk and Audit Subcommittee MEETING

Tuesday, 28 November 2017

VENUE:

Council Chamber

Ground Floor

Civic Administration Building

Lyndon Road East

Hastings

TIME:

9.00am

A G E N D A

1. Apologies

At the close of the agenda no apologies had been received.

At the close of the agenda no requests for leave of absence had been received.

2. Conflict of Interest

Members need to be vigilant to stand aside from decision-making when a conflict arises between their role as a Member of the Council and any private or other external interest they might have. This note is provided as a reminder to Members to scan the agenda and assess their own private interests and identify where they may have a pecuniary or other conflict of interest, or where there may be perceptions of conflict of interest.

If a Member feels they do have a conflict of interest, they should publicly declare that at the start of the relevant item of business and withdraw from participating in the meeting. If a Member thinks they may have a conflict of interest, they can seek advice from the Chief Executive or Executive Advisor/Manager: Office of the Chief Executive (preferably before the meeting).

It is noted that while Members can seek advice and discuss these matters, the final decision as to whether a conflict exists rests with the member.

3. Confirmation of Minutes

Minutes of the Risk and Audit Subcommittee Meeting held Monday 4 September 2017.

(Previously circulated)

4. Health and Safety Risk Management Update 5

5. Treasury Activity and Funding 9

6. Annual Review of Treasury Management Policy and Treasury Performance 19

7. Strategic Risk Management Update 23

8. Audit Report for the Financial Year ended 30 June 2017 45

9. General Update Report and Status of Actions 55

10. Internal Audit Update 59

11. Water Services 63

12. Additional Business Items

13. Extraordinary Business Items

File Ref: 17/1003

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Health and Safety Advisor

Jennie Kuzman

SUBJECT: Health and Safety Risk Management Update

1.0 SUMMARY

1.1 The purpose of this report is to provide an update to the subcommittee in regards to the management of Health and Safety risks within Council.

1.2 This issue arises due to the Health and Safety at Work Act 2015 and the requirement of that legislation for Elected Members to exercise due diligence to ensure that Council complies with its Health and Safety duties and obligations.

2.0 BACKGROUND

2.1 At its June 2016 meeting, Council accepted the recommendations from the Audit and Risk Subcommittee in relation to Health and Safety reporting. The recommendations were:

2.2 Monthly reporting in the form of a ‘high level dashboard report’ to Council

2.3 Quarterly reporting at a more detailed level to Council and

2.4 Quarterly reporting on Health and Safety risk management to the Audit and Risk Subcommittee.

2.5 This report serves as a quarterly report to the Risk and Audit Subcommittee on Health and Safety risk management.

3.0 CURRENT SITUATION

3.1 Health and Safety Risk Management

3.2 As previously reported to the Audit and Risk subcommittee during the September 2017 meeting, the 12 critical Health and Safety Risks are currently being analysed by officers using “Bow Tie” risk evaluation methodology.

3.3 “Bow Tie” is a risk evaluation method which allows development of a diagram to effectively communicate how critical risks should be managed. A Bow Tie diagram is able to give an overview of multiple plausible scenarios and how they can be prevented and mitigated in a single diagram.

3.4 Officers are currently working through a procurement process to acquire software for specific use in Bow Tie analysis, it is expected that this process will be completed within the next month.

3.5 2017/18 Organisational Health and Safety Goals and Objectives

3.6 Health and Safety goals and objectives for the 2017/18 year have been developed and approved by the Leadership Management Team for implementation across Council.

3.7 These objectives are listed below and set out in more detail in attachment 1.

· Continue to promote and imbed the importance of ‘Near Miss’ and ‘Hazard Identification’ reporting throughout the organisation.

· Continue to promote injury prevention initiatives throughout the organisation in order to minimise the risk of significant incidents relating to manual handling from occurring.

· Increase safety engagement with contractors to minimise the risk of significant incidents from occurring.

· Establish a driver training programme to minimise the risk of significant incidents from occurring and monitor uptake/ effectiveness

· Establish a programme to educate staff in relation to occupational health and wellbeing risks.

3.8 Progress towards completion of these goals and objectives will be provided to Council as a part of the Quarterly Health and Safety Report

4.0 SIGNIFICANCE AND ENGAGEMENT

4.1 This report does not trigger Council’s Significance and Engagement Policy and no consultation is required.

5.0 RECOMMENDATIONS AND REASONS

A) That the report of the Health and Safety Advisor titled “Health and Safety Risk Management Update” dated 28/11/2017 be received.

Attachments:

Organisation Health and Safety Goals and Objectives 2017- 2018

HR-03-01-17-245

File Ref: 17/1070

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Manager Strategic Finance

Brent Chamberlain

SUBJECT: Treasury Activity and Funding

1.0 SUMMARY

1.1 The purpose of this report is to update the Subcommittee on treasury activity and funding issues.

1.2 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost effective to households and businesses. Good quality infrastructure means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future requirements.

1.3 This report concludes by recommending that the report on treasury activity and funding is received.

2.0 BACKGROUND

2.1 The Hastings District Council has a Treasury Policy which forms part of the 2015-25 Long Term Plan and a Treasury Management Policy. Under these policy documents responsibility for monitoring treasury activity is delegated to the Risk and Audit Subcommittee.

2.2 Council is provided with independent treasury advice by Stuart Henderson of PricewaterhouseCoopers and receives weekly and monthly updates on market conditions.

2.3 Under the Treasury Policy, formal reporting to Council occurs quarterly and regular more in depth treasury reporting is provided for the Risk and Audit Subcommittee.

3.0 CURRENT SITUATION

3.1 Council’s debt portfolio is managed within the macro limits set out in the Treasury Policy. It is recognised that from time to time Council may fall out of policy due to timing issues as debt moves closer to maturity and shifts from one time band to another. The treasury policy allows for officers to take the necessary steps to move Council’s funding profile back within policy in the event that a timing issue causes a policy breach.

3.2 The following table sets out Council’s overall compliance with Treasury Management Policy as at 31 October 2017:

Measure	Compliance	Actual	Minimum	Maximum
Liquidity	ü	116%	110%	170%
Fixed debt	ü	95%	55%	95%
Funding profile: 0 – 3 years 3 – 5 years 5 years +	ü ü ü	42% 28% 29%	10% 20% 10%	50% 60% 60%

Council is currently compliant with Treasury Management Policy.

3.3 The current total core net external debt is $60.7m as at 31 October 2017. This is supported by the Debt Status Report as at 31 October 2017 (Attachment 1). Core external debt remains unchanged from the August report.

3.4 The chart below shows the key drivers of the expected movement in borrowings over the next year. This is based on projects that have started already, or are highly likely to commence before 30 June 2018 and indicates a forecast debt position of $86.7m.

The chart identifies the major projects underway, however the smaller renewal projects have been aggregated into the “Other” heading.

3.5 The graph below shows the Council’s position for funding risk with $60.7 million of financing facilities as at 31 October 2017. Officers are working towards getting an external credit rating from S&P Global Ratings by March 2018. There may be a need for additional facilities before then and the Local Government Funding Agency (LGFA) short term lending facilities are an efficient and cost effective option until the credit rating is in place. This will allow the Officers to convert this short term debt to longer term debt at a later date making use of the discounted interest a credit rating attracts. The current liquidity ratio of 116% within the policy band of 110% - 170%. Council’s current debt profile is within policy, with good treasury management practices in place.

3.6 While the Council is currently in policy, if it doesn’t borrow any further funds before the 30^th June 2018, the two existing LGFA loans with LGFA of $20m each with end dates of March 2019 and May 2021 will both fall into the 0-3 year profile pushing Council out of policy. Officers are currently working with PWC to develop a plan to stay within policy which will include any new debt being longer dated, and extending the maturity of the Westpac seasonal loan facility beyond year three.

3.7 Officers are currently working with PWC on reviewing its interest rate strategy. Since the September meeting the Council has entered into two new forward start swaps with ASB Bank:

Notional (NZ$m)	Start Date	Maturity Date	Interest Rate
3.00	21-Jan-20	21-Jan-25	3.365%
3.00	26-Oct-20	26-Oct-25	3.205%

3.8 This is below the PWC recommended target level of 3.75% for retail swaps in the 5 to 10 year length.

3.9 The graph above shows what wholesale 10 year swap rates over the past 18 months. While the Reserve Bank has indicated that it doesn’t plan to increase the OCR rate until 2019 at the earliest, recent upwards movements in the swap rates have been driven by the markets expectation that the US Federal Reserve will start hiking their US Treasury Bond rates from December 2017 and from the coalition uncertainties in NZ. The NZ elections (October 2017) have caused less of a reaction in the market place than the protracted US elections that were held a year earlier.

3.10 PWC has also recommended further forward swaps with a 12 year maturity at levels below the current market rate. Officers have placed leave orders in the market that will only be actioned if the market takes another dip in rates and these rates are struck.

Notional (NZ$m)	Start Date	Maturity Date	Proposed Leave Order Rate
2.00	20-Jun-24	20-Jun-29	3.70%
3.00	25-Aug-24	25-Aug-29	3.70%
5.00	19-Oct-24	19-Jul-29	3.70%
3.00	15-Sep-20	15-Mar-29	3.40%

3.11 Officers are actively managing the interest rate and funding risk and currently there is adequate interest rate cover in place based on the projected funding requirements.

3.12 The following graph shows Council’s fixed debt is within the policy minimum and policy maximum set out in Council’s Treasury Management Policy. This graph also incorporates Council’s current forecast debt over the long term. The projected external debt requirement for the next 12 months is forecast to increase which will provide Council with the opportunity to take advantage of funding longer term debt at historically low levels of interest.

Fig: Interest Swap Profile

Officers are currently working on the draft LTP for 2018-28 which will give a better forward view of the expected debt profile over the next 10 years. The first cut of this (which included the full capex wish list from Council Officers) had debt breaching the forecast shown above. This wish list is currently being refined and prioritised and the final list should be firmed up by early 2018, which will give a more accurate debt profile.

3.13 Any new debt will be considered along with Council’s working capital requirements and liquidity ratios.

4.0 MARKET COMMENTARY

4.1 The Reserve Bank of New Zealand (RBNZ) has held the Official Cash Rate at 1.75% on 9 November 2017. The RBNZ stated;

Global economic growth continues to improve, although inflation and wage outcomes remain subdued. Commodity prices are relatively stable. Bond yields and credit spreads remain low and equity prices are near record levels. Monetary policy remains easy in the advanced economies but is gradually becoming less stimulatory.

The exchange rate has eased since the August Statement and, if sustained, will increase tradables inflation and promote more balanced growth.

GDP in the June quarter grew broadly in line with expectations, following relative weakness in the previous two quarters. Employment growth has been strong and GDP growth is projected to strengthen, with a weaker outlook for housing and construction offset by accommodative monetary policy, the continued high terms of trade, and increased fiscal stimulus.

The Bank has incorporated preliminary estimates of the impact of new government policies in four areas: new government spending; the KiwiBuild programme; tighter visa requirements; and increases in the minimum wage. The impact of these policies remains very uncertain.

House price inflation has moderated due to loan-to-value ratio restrictions, affordability constraints, reduced foreign demand, and a tightening in credit conditions. Low house price inflation is expected to continue, reinforced by new government policies on housing.

Annual CPI inflation was 1.9 percent in September although underlying inflation remains subdued. Non-tradables inflation is moderate but expected to increase gradually as capacity pressures increase. Tradables inflation has increased due to the lower New Zealand dollar and higher oil prices, but is expected to soften in line with projected low global inflation. Overall, CPI inflation is projected to remain near the midpoint of the target range and longer-term inflation expectations are well anchored at 2 percent.

Monetary policy will remain accommodative for a considerable period. Numerous uncertainties remain and policy may need to adjust accordingly.

4.2 The graph below shows how the NZ interest rate curve has moved over the past 21 months.

The PWC Treasury Advisory Team believe that both short-term (although not till after mid 2018) and long-term interest rates could move higher due to additional inflation caused by increased government election spending promises, lower NZ dollar exchange rates causing more expensive imports, and a lower immigration policy combined with higher minimum wage rates leading to higher wages expectations. This may cause the Reserve Bank to raise the OCR earlier than originally thought.

5.0 FUNDING FACILITIES

5.1 Attachment 1 shows details of Council’s current debt facilities together with details of expiry dates and margins.

5.2 Council’s liquidity ratio of 116% at 31 October 2017 (based on net external debt of $60.7m and total debt facilities of $70.7m) is within policy (policy 110% - 170%). Officers are comfortable with this ratio because of continued uncertainty on debt forecasts and the ability to increase debt from the LGFA at relatively short notice.

6.0 Recommendations

That the report of the Manager Strategic Finance titled Treasury Activity and Funding dated 28/11/2017 be received.

Attachments:

Public Debt Status 30 September 2017

CG-14-25-00022

File Ref: 17/1133

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Manager Strategic Finance

Brent Chamberlain

Business Analyst

Cambell Thorsen

SUBJECT: Annual Review of Treasury Management Policy and Treasury Performance

1.0 SUMMARY

1.1 The purpose of this report is to update the Subcommittee on the outcome of the annual review of the Treasury Management Policy and Treasury Performance.

1.2 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.3 This report concludes by recommending the Annual Review of Treasury Management Policy and Treasury Performance be received and that the Subcommittee recommend to the Finance and Monitoring Committee changes to the Treasury Management Policy.

2.0 BACKGROUND

2.1 The Treasury Management Policy requires that an annual review be conducted which includes a review of Treasury Performance as set in Section 6 of the Treasury Management Policy.

3.0 CURRENT SITUATION

3.1 In accordance with Council’s Treasury Management Policy, an annual review of the Treasury Policy has been conducted in conjunction with Stuart Henderson of PricewaterhouseCoopers New Zealand (PwC), Council’s Independent Treasury Advisor. The proposed amendments are marked up as Attachment 2.

3.2 Stuart Henderson has provided a covering letter setting out the key observations and recommendations made as part of the Treasury Review assignment. A copy of this covering letter has been included as Attachment 1.

3.3 One of the considerations that the Subcommittee had asked Officers to consider when reviewing the existing policy was the fact that historically debt forecasts have never been hit due to delays in capital work being undertaken. Officers took advice from PwC on this matter and suggested to them that the interest rate cover be calculated on 80% of future debt forecasts, rather than the historical 100%.

3.4 PwC’s recommendation was that this should be corrected through more robust forecasts rather than interest rate risk policies. It was their recommendation that short term debt forecasts should have a higher degree of accuracy, and that the longer term interest rate cover thresholds already have reducing percentages of cover reflecting the increasing uncertainly of debt forecasts the further out you go.

3.5 Review of Treasury Management Performance

3.6 Council takes a prudent approach to financial management including the management of its interest rate risk. Council enters into long term swaps to manage its interest risk over a long period. As a consequence of the current low interest rate environment swap rates have reduced but these are not expected to remain. Council’s interest rate risk management policy takes a long term view protecting Council from interest rate volatility and providing Council with a high degree of certainty in interest rates.

3.7 Interest Costs versus Budget.

3.8 Interest costs continue to track significantly below budget as a consequence of debt levels being below budget, active treasury management and continuing historic interest rate lows.

3.9 Bank and Lender Service Provision.

3.10 Attached as Attachment 3 are details of bank and lender service provisions including the share of interest rate cover held and debt facilities.

3.11 As at 30 June 2017 Council had $70.741m of funding facilities in place. Council has funded $60m of its debt through the Local Government Funding Agency (LGFA). Bank facilities of $10m are undrawn. The LGFA continues to provide Council with longer term borrowing options at very competitive rates.

3.12 Council has $57.5m of interest rate swap cover in place as at 31 October 2017, and a further $64.5m of interest rate swaps with forward starts.

3.13 Overall Treasury performance continues to be dominated by the continued historical lows in base interest rates and swap rates.

3.14 The Council’s External Auditors have not made any comments or recommendations on the treasury function including internal controls, accounting treatment and reporting.

3.15 Clause 6.2 Management of Debt and Interest Rate Risk - Composite Benchmark Indicator Rate - Micro Benchmark –

3.16 This measures the actual weighted average interest rate for the financial year against the micro benchmark inclusive of bank margins. The Micro benchmark is based on a risk neutral position within existing policy. In essence it is measuring management’s performance in managing within the existing policy. The Composite Benchmark is calculated as follows:

Composite Benchmark Indicator Rate
Weighting	Rate
20%	Average 90-day bank bill bid-rate for the reporting month
16%	5 year interest rate swap bid-rate, 1 year ago
16%	5 year interest rate swap bid-rate, 2 years ago
16%	5 year interest rate swap bid-rate, 3 years ago
16%	5 year interest rate swap bid-rate, 4 years ago
16%	5 year interest rate swap bid-rate, 5 years ago

3.17 The weighted average interest rate for the year ended 30 June 2017 was 5.0% compared to the micro benchmark indicator of 3.15%. The reason for the difference of 1.85% between the actual position and the micro benchmark position is that long term swap rates are at historical lows and that the majority of the swaps were entered into in a period when swap rates were significantly higher. In addition the weighted average interest expense also includes the fixed costs of unused financing facilities which are a cost of maintaining liquidity. Attached as Attachment 4 is a graph showing the micro benchmark indicator compared Council’s cost of funds from 2012 to 2017. We would expect that the micro benchmark would move closer to the weighted average cost of debt as the 5 year swap rate increases and as the Reserve Bank lift the Official Cash Rate (OCR).

3.18 Officers continue to take opportunities as appropriate to take forward start swaps to take advantage of the current favourable market conditions.

4.0 RECOMMENDATIONS AND REASONS

A) That the report of the Manager Strategic Finance titled “Annual Review of Treasury Management Policy and Treasury Performance” dated 28/11/2017 be received.

B) That the Risk and Audit Subcommittee recommend that Council approve changes to the Treasury Management Policy included in Attachment 2.

Attachments:

1	Hastings District Council Policy review cover letter November 2017	PMD-02-06-03-17-34	Separate Doc
2	Treasury Management Policy November 2017 - marked up version	PMD-02-06-03-17-33	Separate Doc
3	Bank Lender Service Provision as at 31 October 2017	FIN-15-5-17-656	Separate Doc
4	Micro Benchmark Indicator from 2012-2017	FIN-15-5-17-657	Separate Doc

File Ref: 17/1080

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Quality Assurance and Business Services Manager

Regan Smith

District Customer Services Manager

Greg Brittin

SUBJECT: Strategic Risk Management Update

1.0 SUMMARY

1.1 The purpose of this report is to update the Subcommittee on progress made on analysis of the strategic risks adopted by Council and to present stage 1 Bow Tie analysis for; Infrastructure Service Failure (Risk #4), Ineffective Regulatory Oversight (Risk #5), Demographic change (Risk #7) and Information Security Failure (Risk #8).

1.2 This issue arises from adoption of the Strategic Risk Register by Council.

The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.3 This report concludes by recommending that the report be received and further analysis of the critical controls be undertaken.

2.0 BACKGROUND

2.1 The Bow Tie risk assessment method has been selected by Council as the means for analysing the 20 strategic risks listed on the Strategic Risk Register adopted by Council on 31 July 2017.

2.2 The Bow Tie risk assessment method was selected by Council as it is an effective tool to demonstrate causal relationships in complex systems. A Bowtie diagram does two things. First of all, it gives a visual summary of all plausible accident scenarios that could exist around a certain Hazard. Second, by identifying control measures the Bowtie displays what the organisation does to control those scenarios.

2.3 The Bow Tie analysis covering the key risk event and associated threats, consequences and control barriers have already been provided to the Subcommittee for the following risks:

· Civil Defence Emergency (Risk #2).

· Health & Safety Incident (Risk #3).

3.0 CURRENT SITUATION

3.1 Through a series of workshops held with the relevant subject matter experts, including external representatives where this was appropriate, information has been gathered to build the first stage of the Bow Tie diagrams for following strategic risks (Note: copies of the 1-page summary, which is based on the Bow Tie information, and the full Bow Tie diagrams for these risks are attached for review):

3.1.1 Infrastructure Service Failure (Risk #4): The probability of a significant event is reduced through application of high service levels to all infrastructure services. These service levels are achieved through robust asset management planning based on international standards, which are monitored by external audits and 3 yearly external peer reviews.

3.1.2 Ineffective Regulatory Oversight (Risk #5): Effective regulatory oversight is achieved through a structured processes for receiving and evaluating applications relating to legislated activities, and active monitoring of actual works undertaken in the district. This work is undertaken by appropriately trained and competent staff that have suitable authority delegated from Council.

3.1.3 Demographic change (Risk #7): Through application of robust demographic forecasts and community consultation in long term planning Council strives to match service investment with anticipated community needs and aspirations.

3.1.4 Information Security Failure (Risk #8): Council runs a replicated server environment with a robust firewall, backed up to cloud storage. Training and regular reminders are provided to staff about cyber security measures on a regular basis to reduce risk to a tolerable level.

3.2 Bow Tie diagrams have not yet been completed for Water Supply Contamination (Risk #1) and Adverse Environmental Change (Risk #6) for the following reasons:

3.2.1 Water Supply Contamination: Work on the water service change project, as previously reported, has continued. This work is a key element in addressing the water supply contamination strategic risk. As a result it has been necessary to coordinate the timing for assembling the Bow Tie summary with the review project.

3.2.2 Adverse Environmental Change: During initial discussion on Demographic Change risk significant overlap with Adverse Environmental Change was identified. As a result, the focus was put on completing the Demographic Change risk as it was felt a large portion of the threat, consequences and controls would be similar.

3.3 In addition to the risk analysis work completed, a project Steering Group has been established to oversee implementation of risk management processes throughout Council. The Steering Group is made up of the Chief Financial Officer, Group Manager: Economic Growth and Organisation Improvement, Group Manager: Human Resources, Health and Safety Advisor, District Customer Services Manager and Risk and Corporate Services Manager.

4.0 NEXT STEPS

4.1 Analysis will be completed to compile stage 1 Bow Tie diagrams for the following strategic risks for presentation at the next Risk & Audit Subcommittee meeting:

4.1.1 Water supply contamination.

4.1.2 Adverse Environmental Change.

4.1.3 Investment Failure

4.1.4 Procurement Failure

4.2 In addition, the second phase of the Bow Tie analysis will be completed to confirm the effectiveness of the controls listed in the Civil Defence and Health & Safety Bow Tie diagrams for presentation to Risk & Audit Subcommittee.

4.3 A 6 month update report for Council is also due early in the New Year. As a result, it is recommended that a report be made to Council that presents the 1-page risk summaries for those risks reported to this Subcommittee.

5.0 RECOMMENDATIONS AND REASONS

A) That the report of the Quality Assurance and Business Services Manager titled “Strategic Risk Management Update” dated 28/11/2017 be received.

B) That an update report be provided to Council that includes 1-page strategic risk summaries for; Civil Defence Emergency (Risk #2), Health & Safety Incident (Risk #3), Infrastructure Service Failure (Risk #4), Ineffective Regulatory Oversight (Risk #5), Demographic change (Risk #7) and Information Security Failure (Risk #8).

With the reasons for this decision being that the objective of the decision will contribute to meeting the current and future needs of communities for good quality local infrastructure and local public services in a way that is most cost-effective for households and business by:

i) Ensuring strategic risks to the Council are effectively managed.

Attachments:

1	Governance Strategic Risk Summary Infrastructure Services Failure for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-104
2	Governance Strategic Risk Bow Tie Analysis Infrastructure Services Failure for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-105
3	Governance Strategic Risk Summary Ineffective Regulatory Oversight for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-106
4	Governance Strategic Risk Bow Tie Analysis Ineffective Regulatory Oversight for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-107
5	Policies, Procedures, Delgtns, Warrants & Manuals - Manuals - Risk Management - Governance Strategic Risk Summary Demographic Change for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-108
6	Policies, Procedures, Delgtns, Warrants & Manuals - Manuals - Risk Management - Governance Strategic Risk Bow Tie Analysis Demographic Change for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-109
7	Governance Strategic Risk Summary Information Security Failure for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-110
8	Governance Strategic Risk Bow Tie Analysis Information Security Failure Overview for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-111
9	Governance Strategic Risk Bow Tie Analysis Information Security Failure Page 1 for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-112
10	Governance Strategic Risk Bow Tie Analysis Information Security Failure Page 2 for Risk and Audit Subcommittee 14 November 2017	PMD-03-81-17-113

File Ref: 17/1129

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Financial Controller

Aaron Wilson

SUBJECT: Audit Report for the Financial Year ended 30 June 2017

1.0 SUMMARY

1.1 The purpose of this report is to inform the Subcommittee about the Audit Management Letter for the year ended 30 June 2017.

1.2 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.3 This report concludes by recommending that the Audit Report for the year ended 30 June 2017 be received.

2.0 BACKGROUND

2.1 An audit of the financial statements of the Council was completed for the year ended 30 June 2017 by Audit New Zealand. An audit is undertaken every year on the financial statements and working papers of the Council.

2.2 On completion of the audit, an audit report is produced to highlight any issues identified during the audit and suggested improvements.

2.3 Megan Wassilieff and Jessica Noiseux will be in attendance at the Subcommittee.

3.0 CURRENT SITUATION

3.1 The report to Council from Audit New Zealand on the audit of Hastings District Council and the group for the year ended 30 June 2017 has been received and is attached as Attachment 1.

3.2 There was significant improvements made to the end of the financial year and audit processes this year. However there is still room for improvement and officers will be working on an improvement plan and having further discussions with Audit to ensure further efficiencies can be gained.

4.0 The report from Audit New Zealand is broken into 5 sections which are covered off below:

4.1 Audit Opinion

4.2 Audit issued an unmodified audit opinion on October 26^th which ultimately means they were satisfied that the financial statements and statement of service performance fairly reflected the activity for the year and the financial position at the end of the year.

4.3 Significant Issues considered

4.4 This year end it was the turn of the transport and parks assets to be revalued and the report from audit noted that Council has correctly accounted for the revaluation of those infrastructure assets.

4.5 Compliance with significant legislation

4.6 The Audit process reviews the systems and procedures that Council employs to identify and comply with legislative requirements that could have a significant effect on the financial statements.

4.7 Other Audit findings

4.8 The report notes one misstatement identified during the audit that was not corrected. That misstatement relates to $187,000 the recognition of revenue relating to the Fitzroy Avenue development. Officers believe that recognising this revenue at 30 June 2017 would be premature as the development is very close to completion and will be reported in the 2017/18 financial year when it is complete.

4.9 Mandatory Disclosures

4.10 The report also covers off a number of Mandatory Disclosures that audit are required to make and it is noted that there are no matters arising from those disclosures.

5.0 RECOMMENDATIONS AND REASONS

A) That the report of the Financial Controller titled “Audit Report for the Financial Year ended 30 June 2017” dated 28/11/2017 be received.

Attachments:

Report to Council on the audit of Hastings District Council and group for the year ended 30 June 2017

FIN-07-01-17-393

File Ref: 17/1130

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Manager Strategic Finance

Brent Chamberlain

SUBJECT: General Update Report and Status of Actions

1.0 SUMMARY

1.1 The purpose of this report is to update the Subcommittee on various matters including actions raised at previous meetings.

1.2 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.3 This report concludes by recommending that the report titled “General Update Report and Status of Actions” from the Manager Strategic Finance be received.

2.0 BACKGROUND

2.1 The Audit & Risk Subcommittee members requested that officer’s report back at each meeting with progress that has been made on actions that have arisen from the Audit & Risk Subcommittee meetings. Attached as Attachment 1 is the Audit & Risk Subcommittee Action Schedule as at 28 November 2017.

3.0 CURRENT SITUATION

3.1 2018-28 Long Term Plan

3.1.1 The 2018-28 Long Term Plan is providing Council with many challenges as it responds to meeting the new requirements for water supply, aging infrastructure and a desire from the community to improve the level of service provided in our parks and open spaces. A strong desire to improve the vitality of our CBD and town centres is also putting pressure on forecast debt levels.

3.1.2 The Subcommittee will at its February 2018 meeting receive the draft Financial Strategy, Infrastructure Strategy and relevant Asset Management summaries for consideration prior to Council adoption.

3.2 Tech One Upgrade

3.2.1 Work is continuing on the scope and nature of the upgrade to the Technology One Finance Module in order to minimise risk and cost and maximise benefit. It is now not expected that a complete install of the Finance Module will be required which may mean that future improvements which would include the Procure to Pay function and Electronic Purchase Orders could be achieved sooner than previously expected.

3.3 Credit Rating

3.3.1 Standard & Poor’s(S&P) have been engaged to provide Council with a credit rating as previously approved by Council. S&P are expected to be onsite the week commencing 18 December and will be interviewing the Mayor, Chief Executive, Chief Financial Officer, Group Manager Asset Management and Group Manager Economic Growth and Organisational Improvement. They will also be looking to get an update on the Hawke’s Bay economy to help inform their process. We have requested that the credit rating be available for public release by early March 2018 to enable Council to have this as part of the Long Term Plan conversation with the community.

4.0 SIGNIFICANCE AND ENGAGEMENT

4.1 This report does not trigger Council’s Significance and Engagement Policy and no consultation is required.

5.0 RECOMMENDATIONS AND REASONS

That the report of the Manager Strategic Finance titled “General Update Report and Status of Actions” dated 28/11/2017 be received.

Attachments:

Risk & Audit Subcommittee Action Sheet

CG-14-25-00018

File Ref: 17/1131

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Chief Financial Officer

Bruce Allan

SUBJECT: Internal Audit Update

1.0 SUMMARY

1.1 The purpose of this report is to update the Subcommittee about progress being made with the Internal Audit plan.

1.2 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.3 This report concludes by recommending that the Internal Audit update be received.

2.0 BACKGROUND

2.1 In September 2017 the Risk and Audit Subcommittee received the draft Internal Audit Plan for 2017/18. In that plan it was noted that the first focus for the plan will be to understand more fully the fraud risks that council faces and in order to do that Crowe Horwath would be undertaking some fraud risk gap analysis to help us understand where practical actions can be taken to move toward better practice. Complementing this will be some suspicious transaction analysis using Crowe Horwath’s data analytic tools.

3.0 CURRENT SITUATION

3.1 Fraud Risk Assessment

3.2 The Audit Conclusion states the following:

“Our review leads us to the overall conclusion that, whilst specific fraud control plans and strategies specifically designed to prevent, detect and respond to fraud exist, further development of these plans and strategies is required. There is also only limited awareness of these plans and strategies amongst Council staff.

Additionally the need for managers and staff across the Council to understand and apply their responsibilities in monitoring, identifying and reporting suspicious activity has not been fully implemented and communicated.

Whilst we did not undertake any detailed control testing as part of this review, a number of observations relating to potential improvements in internal control were identified and have been included in this report for management consideration.

The diagram below summarises against each attribute inherent within the better practice model for fraud control strategies (S), fraud prevention (P), fraud detection (D) and fraud response (R) to fraud.

The diagram should be read in accordance with the following colour coding:

Green Area - current performance against the better practice model.

Red Area - the difference between current performance and the better practice model.”

3.3 The report makes a number of recommendations particularly in relation to improving the assessment tools Council has as its disposal and the awareness of fraud policies and procedures for reporting fraud.

3.4 The assessment tools have been strengthened with the addition of this fraud risk management review and the data analytics recently undertaken.

3.5 Officers accept that we can do better with staff training and development of policies and procedures and will be reviewing how they are regularly communicated to staff and their accessibility through Council’s intranet. The policy review and communication will also address some of the weaknesses around fraud reporting systems with staff being made more aware of Councils Protected Disclosures Policy.

3.6 Data Analytics

3.6.1 The objective of the data analytics was to perform a data analysis review that involved an analysis of master file data and transaction data for payroll and vendor (accounts payable) payments. The transactional data testing covered the period 1 July 2016 to 30 June 2017 with the master data testing as at the date of extraction which was 7 September July 2017. The data analysis work did not include assessment of the respective internal controls within the business processing areas and was limited to factual reporting of identified data anomalies as per the specified tests undertaken.

3.7 The testing outcomes were achieved by the extraction, validation and analysis of the relevant data files from the payroll and finance application systems. This data was then imported into data analysis software where the specified tests are performed upon the logical structure and reasonableness of the data, to identify any anomalies.

3.8 Crowe Horwath have provided workbooks of the high level summary findings of the testing, associated risks and where appropriate recommendations for further investigation of transactions or masterfile data identified as suspicious as well as the detailed supporting results spreadsheets highlighting individual transactions and anomalies in masterfile data that we consider require further investigation.

3.9 The analysis provided recommendations or comments on the outcomes of the analysis on 56 separate tests for the payroll and vendor masterfile and transactional data. Officers have reviewed the recommendations and have not found any suspicious transactions.

3.10 Audit Action Plan

3.10.1 Attached as Attachment 1 is an updated Audit Action sheet providing the Subcommittee with a view of the status of recommendations made from previous internal and external audits. Good progress has been made on addressing recommendations and the new recommendations from the recent audit work have now been included.

4.0 RECOMMENDATIONS AND REASONS

A) That the report of the Chief Financial Officer titled “Internal Audit Update” dated 28/11/2017 be received.

Attachments:

Audit Action Sheet

CG-14-25-00021

File Ref: 17/1250

REPORT TO: Risk and Audit Subcommittee

MEETING DATE: Tuesday 28 November 2017

FROM: Chief Executive

Ross McLeod

SUBJECT: Water Services

1.0 SUMMARY

1.1 The purpose of this report is to enable staff to update the Subcommittee on progress with the Water Services Change Programme.

1.2 The Water Services Change Programme was commissioned by the Chief Executive in June 2017, following receipt of the capability and capacity review into the water services area that recommended that change work be undertaken. This followed on from the Havelock North water contamination event, and issues identified in some of Council’s water supply arrangements.

1.3 In terms of governance oversight of the programme, Council asked that the Chief Executive report progress on the change programme to the Risk and Audit Subcommittee on a regular basis. Council is also receiving updates.

1.4 The Council is required to give effect to the purpose of local government as prescribed by Section 10 of the Local Government Act 2002. That purpose is to meet the current and future needs of communities for good quality local infrastructure, local public services, and performance of regulatory functions in a way that is most cost–effective for households and businesses. Good quality means infrastructure, services and performance that are efficient and effective and appropriate to present and anticipated future circumstances.

1.5 The objective of this decision relevant to the purpose of local government is to provide governance oversight to the water services change programme in order to help Council ensure safe drinking water and fit for purpose, effective and efficient water services across the three waters.

1.6 This report concludes by recommending that the information be received.

2.0 BACKGROUND

2.1 The Havelock North water contamination event led to the identification of some areas of Council’s organisational arrangements and performance that were not at the required standard. While the Inquiry found that Council did not cause the contamination event and outbreak (surface water from a pond in the Mangateretere Stream contaminated the aquifer and was drawn into the water supply), the Chief Executive moved to address the issues identified and undertake a significant review and improvement programme across the three waters activities.

2.2 The Chief Executive commissioned a capability and capacity review of the water services area. This was part of wider array of initiatives to ensure water safety and improve systems and performance that included additional resourcing and support, modified processes and the use of new systems. The review was carried out by a review team comprising Bruce Robertson, Ross Waugh and Neil Taylor. A copy of the review report was circulated to members separately at the time of the first report to the Subcommittee.

2.3 The review identified a number of findings and implications of those findings. It made a number of recommendations which the Chief Executive adopted without modification.

2.4 In order to deliver on the review recommendations and enable improvement more broadly, a change management programme was initiated. This is led by a change management team (CMT) that makes recommendations to the Chief Executive. The CMT is led by an independent Chairman, Mr Garth Cowie, and comprises a number of senior staff and an independent technical advisor, Mr Jim Graham, a water industry expert now with Water New Zealand.

2.5 The CMT is supported by a programme/change manager, and work is carried out through a series of workstreams that involve a combination of internal staff and external expertise.

2.6 The aim of the work being undertaken is to deliver a water supply that is among the safest in the country and, more broadly, the most cost-effective three waters arrangements. “Operationalised” risk management is one of the key areas of focus for the CMT to ensure that risks are actively being managed at an operational level.

3.0 CURRENT SITUATION

3.1 Work on the change programme is well underway. Good progress is being made in addressing the recommendations of the review team, with changes being made across the various workstreams.

3.2 The Chief Executive and members of the CMT will brief the Risk and Audit Subcommittee on aspects of the work programme and be available to answer questions. A six-monthly report to Council will be made on 14 December 2017.

4.0 RECOMMENDATIONS AND REASONS

A) That the report of the Chief Executive titled “Water Services” dated 28/11/2017 be received.

With the reasons for this decision being that the objective of the decision will contribute to meeting the current and future needs of communities for good quality local infrastructure in a way that is most cost-effective for households and business by:

i) Providing for effective Governance oversight of the water services change programme.

Attachments:

There are no attachments for this report.

Hastings District Council

Lyndon Road East, Hastings