Agenda of Audit and Risk Committee

PALMERSTON NORTH CITY COUNCIL

Audit and Risk Committee MEETING

21 August 2017

Order of Business

NOTE: The Audit and Risk Committee meeting coincides with the ordinary meeting of the Finance and Performance Committee meeting. The format for the meeting will be as follows:

- Audit and Risk Committee will open and adjourn immediately to following the Finance and Performance Committee.

- Finance and Performance Committee will open, conduct its business and then close.

1. Apologies

2. Notification of Additional Items

Pursuant to Sections 46A(7) and 46A(7A) of the Local Government Official Information and Meetings Act 1987, to receive the Chairperson’s explanation that specified item(s), which do not appear on the Agenda of this meeting and/or the meeting to be held with the public excluded, will be discussed.

Any additions in accordance with Section 46A(7) must be approved by resolution with an explanation as to why they cannot be delayed until a future meeting.

Any additions in accordance with Section 46A(7A) may be received or referred to a subsequent meeting for further discussion. No resolution, decision or recommendation can be made in respect of a minor item.

3. Public Comment

To receive comments from members of the public on matters specified on this Agenda or, if time permits, on other Committee matters.

(NOTE: If the Committee wishes to consider or discuss any issue raised that is not specified on the Agenda, other than to receive the comment made or refer it to the Chief Executive, then a resolution will need to be made in accordance with clause 2 above.)

4. Confirmation of Minutes Page 7

“That the minutes of the Audit and Risk Committee meeting of 15 May 2017 Part I Public be confirmed as a true and correct record.”

5. Health and Safety April - June 2017 Page 11

Memorandum, dated 3 August 2017 from the Human Resources Manager, Wayne Wilson.

6. Business Continuity Planning PNCC update Page 15

Memorandum, dated 27 July 2017 from the Head of Emergency Management, Stewart Davies.

7. Internal Audit 2016/17 Annual Report Page 21

Memorandum, dated 10 July 2017 from the Senior Internal Auditor, Vivian Watene.

8. Risk Management Progress YTD June 2017 Page 59

Memorandum, dated 20 July 2017 from the Senior Internal Auditor, Vivian Watene.

9. Operational Risk Profile Review 2017 Page 93

Memorandum, dated 11 July 2017 from the Senior Internal Auditor, Vivian Watene.

10. FY 2017 Audit Interim Management Report Page 105

Memorandum, dated 27 July 2017 from the Financial Accountant, Keith Allan.

11. Auditor Engagement Page 115

Memorandum, dated 27 July 2017 from the Financial Accountant, Keith Allan.

12. Committee Work Schedule Page 137

13. Exclusion of Public

To be moved:

“That the public be excluded from the following parts of the proceedings of this meeting listed in the table below.

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under Section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

General subject of each matter to be considered	Reason for passing this resolution in relation to each matter	Ground(s) under Section 48(1) for passing this resolution

This resolution is made in reliance on Section 48(1)(a) of the Local Government Official Information and Meetings Act 1987 and the particular interest or interests protected by Section 6 or Section 7 of that Act which would be prejudiced by the holding of the whole or the relevant part of the proceedings of the meeting in public as stated in the above table.

Also that the persons listed below be permitted to remain after the public has been excluded for the reasons stated.

Acting Chief Executive (David Wright), Chief Financial Officer (Grant Elliott), General Manager, City Enterprises (Ray McIndoe), General Manager, City Future (Sheryl Bryant), Acting General Manager, City Networks (Rob Green), General Manager, Customer Services (Peter Eathorne), General Manager, Libraries and Community Services (Debbie Duncan), Human Resources Manager (Wayne Wilson) and Acting Strategic Communications Manager (Jane McSweeney) because of their knowledge and ability to provide the meeting with advice on matters both from an organisation-wide context (being members of the Council’s Management Team) and also from their specific role within the Council.

Legal Counsel (John Annabell), because of his knowledge and ability to provide the meeting with legal and procedural advice.

Governance and Support Team Leader (Kyle Whitfield) and Committee Administrators (Penny Odell, Carly Chang and Rachel Corser), because of their knowledge and ability to provide the meeting with procedural advice and record the proceedings of the meeting.

[Add Council Officers], because of their knowledge and ability to assist the meeting in speaking to their report and answering questions, noting that such officer will be present at the meeting only for the item that relate to their respective report.

[Add Third Parties], because of their knowledge and ability to assist the meeting in speaking to their report/s [or other matters as specified] and answering questions, noting that such person/s will be present at the meeting only for the items that relate to their respective report/s [or matters as specified].

PALMERSTON NORTH CITY COUNCIL

Palmerston North City Council

Minutes of the Audit and Risk Committee Meeting Part I Public, held in the Convention Centre, 354 Main Street, Palmerston North on 15 May 2017, commencing at 9.00am

Members

Present:

Councillor Vaughan Dennison (in the Chair), The Mayor (Grant Smith) and Councillors Brent Barrett, Susan Baty, Rachel Bowen, Adrian Broad, Gabrielle Bundy-Cooke, Leonie Hapeta, Jim Jefferies, Lorna Johnson, Duncan McCann, Karen Naylor, Bruno Petrenas, Aleisha Rutherford and Tangi Utikere.

Apologies:

The Mayor (Grant Smith) (for lateness) and Councillors Rachel Bowen (for lateness), Lew Findlay QSM and Karen Naylor.

11-17

Apologies

Moved Vaughan Dennison, seconded Aleisha Rutherford.

The COMMITTEE RESOLVED

1. That the Committee receive the apologies.

The meeting adjourned at 9.01am

The meeting resumed at 9.52am

When the meeting resumed at 9.52am the Mayor (Grant Smith) and Councillor Rachel Bowen were present.

12-17

Confirmation of Minutes

Moved Vaughan Dennison, seconded Bruno Petrenas.

The COMMITTEE RESOLVED

1. That the minutes of the Audit and Risk Committee meeting of 20 February 2017 Part I Public be confirmed as a true and correct record.

13-17

Health and Safety Report Jan - Mar 2017

Memorandum, dated 4 May 2017 from the Human Resources Manager, Wayne Wilson.

Moved Vaughan Dennison, seconded Leonie Hapeta.

The COMMITTEE RESOLVED

1. That the Audit and Risk Committee note the information contained within the report dated 4 May 2017 and titled “Health and Safety Report Jan – Mar 2017”.

14-17

Management Agreed Audit Corrective Actions - March 2017 Progress Status

Memorandum, dated 20 April 2017 from the Senior Internal Auditor, Vivian Watene.

Moved Vaughan Dennison, seconded Bruno Petrenas.

The COMMITTEE RESOLVED

1. That the Committee receive the Memorandum dated 20 April 2017 and titled “Management Agreed Audit Corrective Actions – March 2017 Progress Status” for information.

15-17

Two New Audit Reviews - Development Contributions and Fuel Card Management

Memorandum, dated 20 April 2017 from the Senior Internal Auditor, Vivian Watene and the Internal Auditor, David Osborne.

Moved Vaughan Dennison, seconded Susan Baty.

The COMMITTEE RESOLVED

1. That the Committee receive the Development Contributions and Fuel Card Management audit reviews for information.

2. That the Committee note the audit issues identified and the related Management responses to the audit issues.

16-17

Committee Work Schedule

Moved Vaughan Dennison, seconded Bruno Petrenas.

The COMMITTEE RESOLVED

1. That the Audit and Risk Committee receive its Work Schedule dated May 2017.

The meeting finished at 11.07am.

Confirmed 21 August 2017

Chairperson

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Health and Safety April - June 2017

DATE: 8 March 2017

AUTHOR/S: Wayne Wilson, Human Resources Manager, Headquarters

RECOMMENDATION(S) TO Council

1. That the Audit and Risk Committee note the information contained within this report.

1. Report

This report covers the period 1 April to 30 June 2017. The information included in this report is discussed at the appropriate H&S Committee, the Main H&S Committee and Management Team.

Risks and Control Plans

Simpson Grierson are preparing a Health and Safety Plan for Officers. It is envisaged that this will cover the role of Elected Members in relation to their duty of due diligence and the expectations of the Chief Executive. Work has continued with identifying and assessing the significance of the risks present at Council worksites and updating our Health and Safety Manual. The following risks have been identified as the most significant for Council requiring further work.

§ Moving vehicles

§ Working alone

§ Violence/Robbery in the workplace

§ Working in and around traffic

§ Asbestos

§ Cutting underground services

§ Working in trenches

§ Working in confined spaces

§ Hazardous chemicals

§ Working at heights

§ Tree felling

§ Plant and machinery

We already have Standard Operating Procedures and mitigation strategies in place for these as hazards but are aligning these with the risk paradigm of the new Act.

Hazards, Incidents and Near Misses Reported

Quarter	Sep 15	Dec 15	Mar 16	Jun 16	Sep 16	Dec 16	Mar 17	Jun 17
Hazards	6	3	12*	15	21	15	10	7
Incidents	10	14	12*	40	45	31	56	20
Near Misses	7	5	5*	21	67	24	24	28
Lost Time (days)	102.7	52.5	32.6	67.3	154.6	215.0	215.6	140
L.T. Injuries	8	2	5	10	11	14	13	9

*Introduction of new system.

In the first quarter of 2016 we transitioned from a paper system to an electronic one. Reporting increased after this.

Two injuries accounted for 73% of the lost time, one is for a shoulder injury and the other is a back injury requiring surgery. All of the injuries occurred in City Enterprises.

One incident in the quarter was identified as requiring notification to Worksafe. However, Worksafe responded that they did not require the organisation to provide further information or reports. Irrespective of their advice the Council completed an investigation of the incident and found that the injury was caused by poor judgement from the employee.

Investigations

One completed this quarter as per above.

Previous Investigations

Number of Recommendations 24

Number of Recommendations Completed 22

The 2 outstanding recommendations relate to a formal external review of our H&S processes and procedures which is planned for next financial year.

General

ACC Levy: The Council ACC levy is $152,236 but with the experience rating of 10.05% and WSMP discount of 20% this reduces to $134,029.

H&S Training: All new staff receive induction training when they commence. The percentage of staff that have completed H&S induction training is 99%.

1. Compliance and administration

Does the Committee have delegated authority to decide? If Yes quote relevant clause(s) from Delegations Manual <Enter clause>	Yes
Are the decisions significant?	No
If they are significant do they affect land or a body of water?	No
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?	No
Is there funding in the current Annual Plan for these actions?	No
Are the recommendations inconsistent with any of Council’s policies or plans?	No

Attachments

Nil

Wayne Wilson

Human Resources Manager

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Business Continuity Planning PNCC update

DATE: 27 July 2017

AUTHOR/S: Stewart Davies, Head of Emergency Management, City Enterprises

RECOMMENDATION(S) TO Council

1. That the Audit & Risk Committee note this report the programme for and progress of the Business Continuity Planning within the organisation.

2. That Business Continuity Planning update be reported to the Committee 6 monthly.

1. ISSUE

Early in 2017 the Chief Executive engaged Kestrel Group to carry out a review of business continuity plans for all of Council. This review showed some disparity amongst the different areas of Council business as to preparation and readiness in relation to business as usual in the event of an unplanned disruption to normal services.

2. BACKGROUND

Since 2014 there have been several attempts to manage business continuity with limited success and inconsistency in relation to plans, impact and subsequent reviews and training.

3. OVERVIEW OF PROGRAMME

The Emergency Management division have been tasked to coordinate business continuity planning post the Kestrel Group review in conjunction with them. The following programme has been adopted for completion in October 2017. To date items 1 and 2 have been completed with item 3 being delivered in late August 2017.

1. Policy development and update following review by PNCC Management

2. Development of crisis management structure, roles, responsibilities and activation process.

3. Preparation and delivery of Business Impact Analysis workshops – 6 workshops at 4 hours per workshop.

4. Development of business continuity workarounds.

5. Development of crisis management / business continuity plan.

6. Preparation of training session and scenario exercise for Crisis management team and business unit representatives.

7. Development of testing and maintenance programme.

This programme covers all of Council business activities and divisions

Documents relating to item 2 are appended. All this work is directed by a Management Team Policy “Business Continuity Management”. The guiding principles of the policy are:

· Palmerston North City Council continues to operate in all types of events, including those affecting the organisation only, or the wider community.

· Palmerston North City Council is responsible for its own business activities

· There is a current Crisis Management and Business Continuity Plan(s) that are regularly tested with the aim of ensuring that risk is mitigated to an acceptable level

· The BCM programme is updated to take account of the organisations changing needs

· The Policy is based on the BS ISO 22301:2012

· The policy, BCM and CM/BCPs are effectively implemented and maintained

· Where Palmerston North City Council is dependent upon delivery of a service or product from a third party which is critical to maintain service provision to customers, the contractual arrangements with the third party should define Palmerston North City Council's expectations with regard to the continued provision of the service or product, and may require the third party to produce evidence of business continuity plans and testing

4. NEXT STEPS

Implement and deliver the programme outlined in this memorandum to be co-ordinated by the Civil Defence & Emergency Management team in conjunction with Kestrel Group.

5. Compliance and administration

Does the Committee have delegated authority to decide? If Yes quote relevant clause(s) from Delegations Manual <Enter clause>	No
Are the decisions significant?	No
If they are significant do they affect land or a body of water?	No
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?	No
Is there funding in the current Annual Plan for these actions?	Yes
Are the recommendations inconsistent with any of Council’s policies or plans?	No

Attachments

1.	PNCC Crisis Response Structure Responsibilities ⇩
2.	PNCC BCM Response Structure 2017 ⇩

Stewart Davies

Head of Emergency Management

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Internal Audit 2016/17 Annual Report

DATE: 10 July 2017

AUTHOR/S: Vivian Watene, Senior Internal Auditor, City Corporate

RECOMMENDATION(S) TO Audit and Risk Committee

1. Note the satisfactory completion of the 2016/17 Internal Audit Plan, on time and within budget.

ISSUE

1. In accordance with the Internal Audit Charter, this Memorandum informs the Committee on the outcomes and findings of the Internal Audit activities.

BACKGROUND

2. We have completed all the planned reviews except for Management’s request not to review its Business Continuity Plans (BCPs).

3. Overall Management has agreed to implement 85% of all the internal audit suggested improvements. The balance of the recommendations was either due to Management having accepted the risks or as a result of other practical reasons preventing a full implementation. This is a fair and reasonable outcome.

4. In early 2017, Management commissioned an external independent peer-review of its BCPs against the recognised international and national business continuity standards. We agreed with Management that an internal audit review so soon after the external peer-review would not have added value to the organisation.

5. The reviewer considered that with the current BCPs, Palmerston North City Council (PNCC) does not demonstrate that it will be able to function to the fullest possible extent in the event of an incident affecting PNCC as an organisation e.g. building fire or a major Information Technology event (cyber).

6. PNCC has both legislative and statutory requirements to deliver its services albeit at a reduced level. It is the reviewer's recommendation for PNCC to put in place a work programme to develop a comprehensive business continuity management capability.

7. Management has taken on board the recommended improvements as a result of the peer review.

8. The Organisation recently implemented the first phase of a technology plan that would see access to systems available to staff within 1 hour of a full system failover (abnormal termination of applications). The issues of how and where the staff can access those systems are yet to be addressed in full.

9. The organisation is said to be well protected and prepared with multiple layers of security now in place in relation to an event such as a cyber-attack. Should the counter-measures prove ineffective, the Information Management will trigger its BCP.

AUDITORS INDEPENDENCE

10. For the first time since the inception of the Palmerston North City Council’s Internal Audit Division in 2004, Management has had to address the impairment to the auditors’ independence. This issue has now been addressed. The scope limitation, restriction to the personnel and information, and the alleged predetermined audit conclusion were the main concerns during the latter part of the year.

2016/17 INTERNAL AUDIT PLAN (NEW AND ROUTINE AUDIT REVIEWS)

New Internal Audit Reviews:

11. All completed new reviews for 2016/17 were reported separately during the year (see Appendix A Page 1 for timing of reporting), except for the last review for the year entitled Libraries Cash Collections which is in Appendix B attached to this Memorandum for information.

12. Libraries Cash Collections audit objectives were to ensure the cash handling policies were followed and that there was sufficient internal control in place to safeguard the employees and the public money.

13. The audit noted that despite several improvements made over the past year to the cash handling procedures, the cash handling at the libraries fell short in meeting the best practise guidelines and the organisation’s cash handling policy. The audit recommended more than 40 process improvements. Management has agreed to implement some 80% of these recommendations. The rest of the recommendations Management largely agreed in principle but subject to its further investigations.

Routine Audit Reviews:

14. Accounts Payable and Accounts Receivable Date Analysis: We have conducted the Accounts Payable and Accounts Receivable analytical review the usual desktop backend way of analysing a large data groups during this reporting period. All anomalies were investigated and they were either resolved or are being addressed.

15. We have also worked from the front end with different groups of managers, system operators and practitioners to brainstorm on the possible gaps and weaknesses in the various Council systems and processes in City Corporate, Customer Services and partly City Enterprises.

16. These brainstorm sessions entitled ‘Can We Beat the Systems?” also discussed the internal controls that are currently in place and how these internal controls might be further enhanced and strengthened.

17. The gaps and weaknesses identified during the above mentioned brainstorming sessions that were urgent and critical have been rectified. Other improvements to the existing internal controls have either been implemented or will be put into practice. All the brainstorm sessions are documented for future follow-up, where appropriate.

18. A total of 20 brainstorm sessions were held. We envisage more brainstorm sessions will continue into the next financial year to complete City Enterprises and to cover the rest of the Council Units. Management has considered these brainstorm sessions useful, worthwhile and is supportive of them.

19. Cash Spot Checks: Management continues to carry out cash spot-checks on some of the Council’s cash handling sites. Arrangements have now put in place for Management to carry out cash spot check at the rest of the cash handling sites. Management has also reviewed the Cash Handling Procedures for a number of the Council remote cash collection sites against the Office of the Auditor General Best Practice Guides. Due to impending closure of the Bunnythorpe Transfer Station, Management did not resolve the issue where the said facility has no electricity supply, no cash register and no EFTPOS machine.

20. Credit Card Usage and Staff Disbursements: In sampling staff disbursements and credit cards transactions, we noted a number of transactions did not provide the appropriate supporting receipts. In addition, a justifiable business purpose was not stated or unclear for some transactions. Stating a justifiable business purpose is part of the governing principles for approving an expense. The Council is unable to claim back Goods and Services Tax (GST) from the Inland Revenue Department without the appropriate GST invoices/receipts.

21. Journal Authorisation and Supporting Documents: Some 16% (or $9.3m) of April 2017 journal samples were tested. All journals samples complied with the following criteria. This is a good and commendable outcome.

· Appropriateness,

· Adequacy of supporting documents,

· Completeness, and

· Clarity of journals.

22. Miscellaneous Sample Checks – Balance Sheet Reconciliation: The timeliness of the Balance Sheet Reconciliations has improved during the 4^th Quarter of the financial year where the reconciliations have now been performed in a timely manner and a majority of the recommendations were also independently reviewed. Management is confident that this good practice will continue.

23. During the financial year there was an issue regarding the Balance Sheet reconciliation. The issue was that not all reconciliations on the Balance Sheet accounts were being carried out and some were not completed nor independently reviewed in a timely manner. Audit New Zealand recommended that all reconciliations should be prepared in a timely manner, and independently reviewed. The non- performance in this aspect could have affected the accuracy and integrity of the Council’s financial information presented to the public.

24. A good internal control to ensure the Council’s assets and liabilities are accurate and complete is through effective and timely reconciliation and independently reviewed processes. These processes should be followed throughout the year.

25. Payroll Master File Changes Audit: Payroll Master File changes were reviewed weekly and all documents required and all issues were resolved.

26. Follow Up on the Prior Agreed Corrective Actions: Follow-up on the prior agreed to corrective actions is an important part of an audit function. Both Management Team and the Audit and Risk Committee received quarterly follow-up progress updates during the year. Details on the progress made to both External Audit recommendations and the timeline missed by longer than 6 months for the Internal Audit suggested improvements are appended to this Memorandum.

27. For the external Audit recommendations and their progress status, refer to another agenda item to this Committee entitled FY 2017 Audit Interim Management Report by the Financial Accountant dated 27 July 2017.

28. Appendix C is a ’Timeline Missed’ schedule on the management agreed corrective actions based on the recent follow-up of the prior internal audit reviews. Items listed on this schedule are items that management has missed the agreed to action deadline by more than 6 months. Management’s comments on the progress toward full implementation are included.

29. Some 16 actions from the list were implemented since last reported. This will be the last time they are listed on the schedule. On the other hand, 4 items were added onto the schedule from the recent follow-up of the prior audits.

Risk Management

30. Management’s YTD June 2017 quarterly risk management progress review on its Strategic and Operational Risk Profiles is a separate agenda item for this meeting.

31. Management generally reviews the Operational Risk Profile every year. The outcome of the most recent review is another agenda item for this meeting.

32. The Strategic Risk Profile is reviewed 3 yearly to align with the Council’s 10 Year Plan planning timeframe. This Profile is at the 2^nd year end of its 3 Year life span. The Management Team and the Audit and Risk Committee monitor risk management progress every 6 months.

NEXT STEP

33. To deliver next year’s Internal Audit Plan approved by this Committee in February 2017.

Compliance and administration

Does the Committee have delegated authority to decide?	Yes
Are the decisions significant?	No
If they are significant do they affect land or a body of water?
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?
Is there funding in the current Annual Plan for these actions?
Are the recommendations inconsistent with any of Council’s policies or plans?

Attachments

1.	Appendix A to Internal Audit 2016-17 Annual Report Year End Project Status ⇩
2.	Appendix B to Internal Audit 2016-17 Annual Report Libraries Cash Collections Audit ⇩
3.	Appendix C to Internal Audit 2016-17 Annual Report Internal Audit Management Corrective ⇩

Vivian Watene

Senior Internal Auditor

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Risk Management Progress YTD June 2017

DATE: 20 July 2017

AUTHOR/S: Vivian Watene, Senior Internal Auditor, City Corporate

RECOMMENDATION(S) TO Audit and Risk Committee

That the Committee note:

1. Management’s risk management progress made to the Strategic and Operational Risk Profiles.

2. The Year-to-Date Residual Risk status for the key Strategic and Operational risks.

ISSUE

1. To inform the Committee on its risk management Year to Date June 2017 progress as outlined on Appendixes A and B for the key Strategic Risks and Appendix C for the key Operational Risks.

2. The year-end reassessed residual risks are also included in this review, as resolved by the Audit and Risk Committee at its February 2015 meeting.

BACKGROUND

3. Apart from the relevant managers giving their progress on the risk treatment for the Strategic and Operational risk profiles, the Audit and Risk Committee requested that for every reporting period the Management Team also reassesses the residual risk of the key risks under its care.

Strategic Risk Profile (Appendixes A and B)

4. For the 5 key Strategic Risks (Appendix A), the residual risks at June 2017 were reassessed based on Appendix B.

5. The Strategic Risk Profile is at its second year-end of a three-year life span. The positive effect expected from the risk treatment plans has showed through for Risks 76, 77, 79 and 80 as illustrated in the following Matrix and paragraphs 6-22.

6. On the Matrix A below:

· The Black Dotted Lines represent the Gross Risk (round shaded circle) assessed 2 years ago in July 2015 for each of the 5 Risks and forecasted Residual Risk (round clear circle) 3 years into the future i.e. June 2018.

· The White Solid Lines indicate the Residual Risk reassessed (clear rectangle) at the end of Year 2 at June 2017.

Matrix A

7. Risk 76 reads ‘Poor City image and reputation’ from the Outsiders perspective (76a) and from the Residents’ (76b).

8. The Risk Matrix above shows from the ‘Outsiders’ (76a) perspective about the City, the Residual Risk has moved (white arrow) to ‘High’. This reflects the improved City position in tourism ranking as a significant destination for visitors improving from 13^th place two years ago to now 12^th ahead of Marlborough District, New Plymouth, Hastings and Napier to name a few. There is also a 12.3% increase in the total domestic and international visitor spending in the year ended May 2017 when compared to the visitors’ spending 2 years ago.

9. The Residual Risk for Risk 76b from the Residents’ perspective remained at the ‘Medium’ range, (see the Risk Matrix on paragraph 6) as there is no indication that it has shifted.

10. The forecasted Residual Risk for Risk 76a and 76b ultimately is ‘Low’, indicated by the black dotted arrows on Matrix A.

11. Risk 77 reads ‘Lack vibrancy in the CBD’

12. The Risk Matrix on paragraph 6 above shows the Residual Risk for Risk 77 moved (white arrow) to ‘High’ considering a suite of community events held in the CBD through the Palmy Unleashed initiatives. Other initiatives aimed at increasing the CBD vibrancy such as all day parking in the City centre and free Saturday parking up to 11am and other projects focus on keeping commercial activity centred in the core of the City have all contributed to increasing the vibrancy of the CBD.

13. The forecasted Residual Risk for Risk 77 ultimately is ‘Low’ indicated by the black dotted line on Matrix A.

14. Risk 79 reads ‘Decline in City economy and jobs’.

15. The Risk Matrix on paragraph 6 above shows that the Residual Risk for Risk 79 at the end of the second year has improved due to the recent decision by Fairfax to bring its call centre back to New Zealand from the Philippines, locating it in Palmerston North. Goodman Fielder has announced restructuring plans, which will increase the number of jobs at its Ernest Adams bakery in Palmerston North, while Presidential Homes has experienced significant growth in the number of relocatable homes it is constructing in the City.

16. The forecasted Residual Risk for Risk 79 ultimately is ‘Medium’, indicated by the black dotted line on Matrix A.

17. Risk 80 reads ‘Low level of trust and engagement with Council’.

18. The Risk Matrix on paragraph 6 above shows that the Residual Risk for Risk 80 two years on has shifted to ‘High’. (Note: The ‘likelihood’ for this risk was shifted from ‘Almost Certain’ to ‘Likely’ at the end of Year 1 because it was thought that through the focus groups many people have passive support for and trust in Council’s attempts to involve them in its decision making). During the past 12 months PNCC has continued to engage with the community with a wide range of topics. During the year, the He Ara Kotahi Manawatū River Cycle and Pedestrian Bridge won the award for the New Zealand Planning Institute Best Practice for Consultation Processes. Besides Council purchased a van for its ‘Let’s Talk’ sessions, and it also increased its administrative resources to help ensure its consultation and communication was timely and engaging.

19. The forecasted Residual Risk for Risk 80 ultimately is ‘Low’ indicated by the black dotted line on Matrix A.

20. Risk 81 reads ‘Council's financial position is not sustainable’.

21. Though the wastewater treatment upgrade estimated to cost between $30m to $100m is the project that will significantly affect the Council’s financial position, a more accurate estimate is some 10 months away. At June 2017 the Council’s Financial Position remained sustainable and therefore the residual risk at June 2017 for Risk 81 is rated at ‘High’ (Re Matrix on paragraph 6).

22. The forecasted Residual Risk for Risk 81 ultimately is ‘High’ indicated by the black dotted line on Matrix A.

Operational Risk Profile (Appendix C)

23. The Matrix below shows the Gross Risk for the four key Operational Risks at the start of 2016/17 and forecasted (Black Arrows) Residual Risk at June 2017. The June 2017 reassessed Residual Risk are represented by the White Arrows. (Note: This Matrix is reviewed annually and therefore it is less cluttered than Matrix A which is for a 3 -Year time span).

24. On Matrix B below:

· The Black Dotted Lines represent the Gross Risk (round shaded circle) assessed in July 2016 for each of the 4 Risks and forecasted Residual Risk (round clear circle) to June 2017.

· The White Solid Lines indicate the Residual Risk reassessed (round white circle) in June 2017.

Matrix B

25. The residual risk for all four risks has not reached their forecasted positions with reasons outlined below. A large proportion of work towards achieving the forecasted residual risk position has commenced and is planned to be completed during the next two quarters of the year.

26. Risk 15 reads ‘Council does not deliver the capital (new and renewal) programmes within approved scope of works, planned timeframes and budget’.

27. The Capital Programmes in Risk 15 has two components: New and Renewal. Though the Renewal Programmes have not been delivered as planned (82% of $21.8m budget spent; refer to paragraph 31 for more details), it was the New Capital Programmes that were continuously lagging considerably below expectations (49% of $31m budget delivered), often due to the over optimistic and unrealistic timeframes placed on the Programmes. In some cases third party funding was unable to be secured within the planned timeframes.

28. The Residual Risk for Risk 15 remained ‘Critical’ though it was predicted at the mid- point review that it should reduce to ‘High’ for the year ended June 2017. Overall some $19.7m (or 37%) capital expenditure was not delivered for 2016/17.

29. Management has developed systems and processes during the year, and the implementation of several initiatives are to be continued into the next financial year aiming at the goal of delivering approved capital programmes.

30. Risk 48 reads ‘Council’s infrastructure assets are not managed in accordance with the adopted Asset Management Plans (AMPs) and/or granted Resource Consents’.

31. The Residual Risk for Risk 48 has not moved to the desired status (black dotted line) mainly due to the non-delivery of some renewal programmes, which despite having been scheduled in the AMPs, have been deferred because wider considerations apply. In particular :-

· Jacks Creek Bridge Renewal, which is located on the proposed Regional Rural Freight Route, warrants replacement to a higher standard than the narrow local rural bridge that exists at present. There is a difference of opinion between Council & NZTA as to what that increase in standard should be. This needs to be resolved before a commitment to the physical works can be made.

· Traffic Signal Renewals in the City Centre have been deferred to ensure integration with the pending streetscape upgrading proposals.

· A portion of the Footpath Renewals Programme assigned to the Cuba Street (George St to Pitt St) co-ordinated streetscape renewal package, was delayed to extend engagement over the design details, with property owners and businesses.

· Civic Administration Building Refurbishments were deferred to await the outcomes of earthquake prone building legislation which has only recently come into force, a full fire control assessment of the building, along with a review of floor space allocations.

· Library Roof & Heating Ventilation Air Condition (HAVC) Replacement deferred to be co-ordinated with the Library for the Future Project.

32. Risk 58 reads ‘PNCC is not meeting its responsibilities for an emergency or a civil defence emergency event because it is unable to deliver the basic services’.

33. Risk 58 has not reached its forecasted state because the organisation has not yet finalised its Business Continuity Plans (BCPs), an important document to assists its preparedness for an emergency event. The organisation has engaged an external consultant to assist with completing the BCPs by November 2017.

34. Risk 59 reads ‘Council's activity preparation in key areas does not align to the Long Term Plan (LTP) programmes approval and budget processes and vice versa’

35. Risk 59 has not reached its forecasted state as more works are required to be completed by September 2017 to ascertain different Units’ technology and equipment needs to feed into the 10 Year Plan 2018/28 planning process.

NEXT STEPS

36. To inform the Audit and Risk Committee Management’s risk management 6 months progress at its February 2018 meeting.

Compliance and administration

Does the Committee have delegated authority to decide?	Yes
Are the decisions significant?	No
If they are significant do they affect land or a body of water?	No
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?	No
Is there funding in the current Annual Plan for these actions?	Yes
Are the recommendations inconsistent with any of Council’s policies or plans?	No

Attachments

1.	Appendix A to Risk Management Progress YTD June 2017 Strategic Risk Profile ⇩
2.	Appendix B to Risk Management Progress YTD June 2017 Strategic Risk Profile Word Document ⇩
3.	Appendix C to Risk Management Progress YTD June 2017 Operational Risk Profile ⇩

Vivian Watene

Senior Internal Auditor

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Operational Risk Profile Review 2017

DATE: 7 November 2017

AUTHOR/S: Vivian Watene, Senior Internal Auditor, City Corporate

RECOMMENDATION(S) TO Audit and Risk Committee

1. That the Committee note the outcome of Management’s review of its Operational Risk Profile.

ISSUE

1. Management generally reviews its Operational Risk Profile (the Profile) annually at the end of each financial year to maintain the currency and adequacy of its risk management.

2. The outcome of the most recent review is the subject of this Memorandum.

BACKGROUND

3. The Management Team reviewed the Profile to ascertain if the risk descriptions have been adequately articulated and are fitting to the current operating environment.

4. Management also re-examined the risk treatments, reassessed the Gross (inherit risk without treatments) and Residual (risk after treatments) Risks of each of the four risks.

5. In addition, Management also considered if there were other risks (or opportunities) in the horizon for inclusion in the Profile.

OUTCOME OF THE REVIEW

6. Management considered no new risks to be added to the existing Operational Risk Profile of four key risks. Minor changes were made to the existing Profile and are shaded yellow in Appendix A.

7. Appendix B shows, at a glance, the risk descriptions, Gross and Residual Risks of these 4 key risks. Shaded round circles represent Gross Risk whereas clear round circles represent Residual Risk.

Next Step

8. This Committee will receive a six-monthly update on Management’s risk management progress on the risks contained in this Operational Risk Profile. The first progress update is in February 2018.

Compliance and administration

Does the Committee have delegated authority to decide?	Yes
Are the decisions significant?	No
If they are significant do they affect land or a body of water?	No
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?	No
Is there funding in the current Annual Plan for these actions?	Yes
Are the recommendations inconsistent with any of Council’s policies or plans?	No

Attachments

1.	Appendix A to Operational Risk Profile Review 2017 Operational Risk Profile ⇩
2.	Appendix B to Operational Risk Profile Review 2017 Operational Risk Matrix ⇩

Vivian Watene

Senior Internal Auditor

PALMERSTON NORTH CITY COUNCIL

Memorandum

TO: Audit and Risk Committee

MEETING DATE: 21 August 2017

TITLE: Auditor Engagement

DATE: 27 July 2017

AUTHOR/S: Keith Allan, Financial Accountant, City Corporate

RECOMMENDATION TO Council

1. That the Committee recommends to Council that it receives the Audit Proposal and Engagement letters for the years ending 30 June 2017, 2018 and 2019 and that Council note the appointment of Audit New Zealand as Auditors and approve acceptance of the letters by the Mayor.

1. ISSUE

Audit New Zealand are the statutory auditors of the Council and Group and have provided the Audit Proposal and Engagement Letters relating to the financial audit of the annual report for the years ending 30 June 2017, 2018 and 2019 dated 2 August 2017.

These letters are required by Audit New Zealand to detail the terms of the audit engagement, their approach to each audit, set out the respective requirements of each party and detail the audit fee budget for each year. Essentially the annual reports issued are reports prepared by the Council on which Audit New Zealand are issuing an opinion. These letters deal with the overall engagement and appointment with an annual arrangements letter then acknowledged by the Mayor detailing the more specific requirements and arrangements of each years audit.

2. BACKGROUND

An Audit Proposal Letter was received in March 2014 covering the years to 30 June 2016 with an updated Audit Engagement Letter received April 2016 for the 30 June 2016 year. These were provided to the Committee and signed by the Mayor at those times. With the expiry of those letters updated appointment letters are needed to cover the next three year period. There are no significant changes from the existing letters.

3. NEXT STEPS

It is recommended that the Committee discuss the 2017 Audit Proposal Letter and Engagement Letter and recommend that Council approve appointment of Audit New Zealand as Auditors and approve acceptance of the letters by the Mayor.

4. Compliance and administration

Does the Committee have delegated authority to decide? If Yes quote relevant clause(s) from Delegations Manual <Enter clause>	No
Are the decisions significant?	No
If they are significant do they affect land or a body of water?	No
Can this decision only be made through a 10 Year Plan?	No
Does this decision require consultation through the Special Consultative procedure?	No
Is there funding in the current Annual Plan for these actions?	Yes
Are the recommendations inconsistent with any of Council’s policies or plans?	No

Attachments

1.	Audit NZ Engagement letter 2017 to 2019 ⇩
2.	Audit NZ Proposal letter 2017 to 2019 ⇩

Keith Allan

Financial Accountant

Vaughan Dennison (Chairperson)
Bruno Petrenas (Deputy Chairperson)
Grant Smith (The Mayor)
Brent Barrett	Jim Jefferies
Susan Baty	Lorna Johnson
Rachel Bowen	Duncan McCann
Adrian Broad	Karen Naylor
Gabrielle Bundy-Cooke	Aleisha Rutherford
Lew Findlay QSM	Tangi Utikere
Leonie Hapeta