IPSWICH
CITY
COUNCIL
AGENDA
of the
Audit and Risk Management Committee
Held in the Council Chambers
2nd floor – Council Administration Building
45 Roderick Street
IPSWICH QLD 4305
On Wednesday, 6 November 2019
At 1.00 pm - 3.00 pm
MEMBERS OF THE Audit and Risk Management Committee |
|
Graeme Stratford Dr Annette Quayle Greg Chemello Rob Jones Stan Gallo |
Chairperson and External Member Member of Interim Management Committee Member of Interim Management Committee |
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
Audit and Risk Management Committee AGENDA
1.00 pm - 3.00 pm on Wednesday, 6 November 2019
Council Chambers
Item No. |
Item Title |
Page No. |
1 |
Report - Audit and Risk Management Committee No. 2019(05) of 9 October 2019 |
9 |
2 |
ICT STrategy Update |
16 |
3 |
Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department) |
27 |
4 |
Planned Agenda for the Audit and Risk Management Committee for 2020 |
32 |
5 |
Audit and Risk Management Committee Charter |
39 |
6 |
**Insurance and Risk Update |
64 |
7 |
**Corporate Governance Section's Performance in relation to Legislative Compliance |
73 |
8 |
**Internal Audit Charter Review |
81 |
9 |
**Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019 |
84 |
10 |
**Summary of Recent Internal Audit Reports Issued |
93 |
11 |
**Overdue Recommendations as at 16 August 2019 |
96 |
12 |
**Queensland Audit Office Final Management Letter to Ipswich City Council |
100 |
13 |
**Queensland Audit Office Briefing Paper for Ipswich City Council |
101 |
14 |
Next Meeting |
- |
15 |
General Business |
- |
16 |
Private Session of Member (if required) |
- |
** Item includes confidential papers
Audit and Risk Management Committee NO. 5
6 November 2019
AGENDA
1. Report - Audit and Risk Management Committee
No. 2019(05) of
9 October 2019
This is the report of the Audit
and Risk Management Committee No. 2019(05) of
9 October 2019.
Recommendation
That the report be received and the contents noted.
2. ICT STrategy Update
This is a report providing an update on implementation progress against the ICT Strategy approved by the Executive Leadership Team (ELT) on 8 August 2019. This update has been requested for the November Audit and Risk Management Committee (ARMC) meeting. .
Recommendation
That the schedule, progress and reported matters in the attached ICT Strategy Implementation Status Update, be noted.
3. Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department)
This is a progress report outlining the Planning and Regulatory Services Department’s actions in complying with the Queensland Audit Office (QAO) recommendations outlined in QAO 2018 Closing Report (adopted by Council on 4 December 2018).
Recommendation
That the report be received and the contents noted.
4. Planned Agenda for the Audit and Risk Management Committee for 2020
This is a report concerning the proposed structured and planned agenda for the Audit and Risk Management Committee for the period 1 January 2020 to 31 December 2020. This document was reviewed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 and the suggested changes in Attachment 1 are shown in track changes.
Recommendation
That the 2020 planned agenda for the Audit and Risk Management Committee be adopted.
5. Audit and Risk Management Committee Charter
This is a report concerning a review of the Audit and Risk Management Committee Charter. The Charter was reviewed and discussed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 with suggested changes outlined in track changes in Attachment 2.
Recommendation
That the Audit and Risk Management Committee Charter as detailed in Attachment 2 be adopted.
6. **Insurance and Risk Update
This is a report concerning Council’s Insurance statistics for the period 1 July 2019 to 30 September 2019 and the implementation status of Transformational Project #7 Risk Management Framework (TP#7).
Recommendation
That the report be received and the contents noted.
7. **Corporate Governance Section's Performance in relation to Legislative Compliance
This is a report concerning the performance of the Corporate Governance Section (the Section) in relation to managing Council’s legislative compliance in the management of Complaints, Right to Information and Information Privacy functions for the period 1 July 2019 to 30 September 2019 (the Quarter).
Recommendation
That the report be received and the contents noted.
8. **Internal Audit Charter Review
This is a report concerning a proposed update of the Internal Audit Charter. The Charter was reviewed and discussed at the Risk Management Committee Strategy Meeting held on 24 October 2019.
Recommendation
That the proposed Internal Audit Charter as detailed in Attachment 2 be adopted.
9. **Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019
This is a report concerning the activities of Internal Audit undertaken since 16 August 2019 and the current status of these activities.
Recommendation
That the report be received, the contents noted and the recommendations in Attachments 3 and 4, be considered finalised and archived.
10. **Summary of Recent Internal Audit Reports Issued
This is a report concerning recently completed internal audits and the subsequent reports released since the previous report dated 16 August 2019.
Recommendation
That the report be received and the contents noted.
11. **Overdue Recommendations as at 16 August 2019
This is a report concerning the status of each Department's progress in actioning the internal and external audit recommendations due or overdue for implementation.
Recommendation
That the report be received and considered.
12. **Queensland Audit Office Final Management Letter to Ipswich City Council
This is a report concerning submission of the final management letter to Ipswich City Council from the Queensland Audit Office.
Recommendation
That the report be received and the contents noted.
13. **Queensland Audit Office Briefing Paper for Ipswich City Council
This is a report concerning the submission of a briefing paper for October 2019 to the Audit and Risk Management Committee.
Recommendation
That the report be received and the contents noted.
14. NEXT MEETING
The next meeting is scheduled for Wednesday, 12 February 2020.
15. GENERAL BUSINESS
16. PRIVATE SESSION OF MEMBER (IF REQUIRED)
** Item includes confidential papers
and any other items as considered necessary.
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 1
SUBJECT: Report - Audit and Risk Management Committee No. 2019(05) of 9 October 2019
AUTHOR: Committee Manager
DATE: 31 October 2019
This is the report of the Audit and Risk Management Committee No. 2019(05) of 9 October 2019.
That the report be received and the contents noted.
1. |
Audit and Risk Management Committee Report No. 2019(05) of
9 October 2019 ⇩ |
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
Item 1 / Attachment 1.
Audit and Risk Management Committee NO. 2019(04)
9 October 2019
Report of the Audit and Risk Management Committee
for the Audit and Risk Management Committee
MEMBERS’ ATTENDANCE: Dr Annette Quayle (Acting Chairperson and External Member); Greg Chemello (Interim Administrator), Robert Jones (Interim Management Committee)
MEMBERS’ APOLOGIES: Graeme Stratford (Chairperson and External Member), Stan Gallo (Interim Management Committee)
OTHER ATTENDANCE: David Farmer (Chief Executive Officer), Jeff Keech (Acting General Manager – Corporate Services), Freddy Beck (Chief Audit Executive), Lisa Fraser (Queensland Audit Office), Patrick Flemming (Queensland Audit Office) and Tony Welsh (Interim ICT Management Support)
1. Report - Audit and Risk Management Committee No. 2019(03) of 28 August 2019 This is the report of the Audit and Risk Management Committee No. 2019(03) of 28 August 2019. |
Recommendation That the report be received and the contents noted.
|
2. Information Security Controls Remediation Works This is a report providing an update on remediation work across a range of Information Security Controls requested by the Audit and Risk Management Committee at the 28 August 2019 meeting. |
Recommendation That the Interim Administrator of Ipswich City Council resolve: That the report be received and the contents noted.
|
3. Queensland Audit Office Closing Report This is a report by the Queensland Audit Office concerning the Queensland Audit Office Report as at 4 October 2019.
|
“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.” |
Recommendation That the Interim Administrator of Ipswich City Council resolve: That the report be received and the contents noted.
|
4. 2018-2019 Annual Financial Statements and 2018-2019 Management Representation Letter This is a report concerning the 2018-2019 annual financial statements and 2018-2019 management representation letter.
|
“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.” |
Recommendation The Audit and Risk Management Committee endorses the recommendations that the Interim Administrator of Ipswich City Council resolves: A. That the 2018-2019 annual financial statements as detailed in Attachment 1 to the report of the Principal Financial Accountant dated 2 October 2019, including changes to the note disclosures as detailed in the report by the Acting General Manager (Corporate Services) tabled at the meeting (Item 6 of these minutes), be approved for certification by the Interim Administrator and Chief Executive Officer. B. That the 2018-2019 management representation letter as detailed in Attachment 2 to the report of the Principal Financial Accountant dated 2 October 2019 be approved for certification by the Interim Administrator and Chief Executive Officer.
|
5. 2018-2019 Annual Financial Statement for Controlled Entities This is a report concerning the 2018-2019 Annual Financial Statements and associated documents for the following controlled entities of Ipswich City Council (Council): · Ipswich City Properties Pty Ltd · Ipswich City Developments Pty Ltd · Ipswich City Enterprises Pty Ltd · Ipswich City Enterprises Investments Pty Ltd
|
“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.” |
Recommendation That the Audit and Risk Management Committee resolve: That the report of the Treasury Accounting Manager dated 3 October 2019 be received and the contents noted.
|
6. UPDATED CHANGES TO 2018-2019 FINANCIAL STATEMENTS This is a report by the Acting General Manager (Corporate Services) outlining recommended changes to the 2018-2019 financial statements included in the Agenda for the Audit and Risk Committee of 9 October 2019 following further review by the Queensland Audit Office and Committee members. |
Recommendation The Audit and Risk Management Committee endorses the recommendation that the Interim Administrator of Ipswich City Council resolve: That the suggested changes outlined in this report be made to the 2018-2019 financial statements for finalisation and certification. |
Attachments 1. [Updated changes to 2018-2019 Financial Statements |
7. NEXT MEETING
The next meeting is scheduled for Wednesday, 6 November 2019.
8. GENERAL BUSINESS
The Acting General Manager (Corporate Services) thanked the Queensland Audit Office for all their support and work with regards to the financial statements
PROCEDURAL MOTIONS AND FORMAL MATTERS
The meeting commenced at 9.45am.
The meeting closed at 11.22am.
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
Item 1 / Attachment 1.
Minutes of Council Ordinary Meeting
28 October 2019
Held in the Council Chambers
2nd Floor of the Council Administration Building
45 Roderick Street
Ipswich
E X T R A C T
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
Item 1 / Attachment 1.
Governance Committee No. 2019(10)
22 October 2019
E X T R A C T
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 2
SUBJECT: ICT STrategy Update
AUTHOR: Interim Information and Communications Management and Support Manager
DATE: 28 October 2019
This is a report providing an update on implementation progress against the ICT Strategy approved by the Executive Leadership Team (ELT) on 8 August 2019. This update has been requested for the November Audit and Risk Management Committee (ARMC) meeting. .
That the schedule, progress and reported matters in the attached ICT Strategy Implementation Status Update, be noted.
Not applicable
Listening, leading and financial management
Council developed an ICT Strategy in response to the Transformation Program (TP#17). This strategy was supported by a cross-council working group and approved by ELT on 8 August 2019. The Implementation Plan presented in the ICT Strategy identified 24 discrete initiatives, spanning 3 years.
The Audit and Risk Management Committee has requested an update on progress, outcomes and issues impacting on the ICT Strategy implementation plan. This is the first report provided on the mobilisation of ICT Strategy implementation initiatives. An overview of the planned implementation initiatives, and progress to date, is attached.
Most initiatives that rely on BAU resourcing have mobilised well:
· Disaster Recovery Enablement (ITSM06)
· Staff Plan - Phase 1 (Leadership & Engagement) (ITCAP01)
· Staff Plan - Phase 2 (Job Restructuring) (ITCAP02)
The new ICT Steering Committee has been established to include all members of ELT, Finance Manager and ICT Leadership with the Chief Audit Executive invited to observe. The inaugural meeting will be scheduled for the end of November.
Resource constraints are slowing the mobilisation of:
· Rebuild ICT Governance & Controls Function (ITGOV02)
· ICT Directives Overhaul (ITGOV05)
· Platform of the Future (PotF) (BP07) Phase 1: Platform Research & Requirements
· Architecture and Application Portfolio Management Uplift (ITCAP04)
Four initiatives that need wider organisational design consideration and alignment will be taken to the IT Steering Committee for guidance:
· Digital / SmartCity / ICT Operating Model (ITGOV03) (Consulting Engagement Brief drafted)
· Digital Services UX Uplift (BP06) (On-Hold)
· Information Management Operating Model (ITGOV04)
· GIS & Spatial Systems Operating Model & Architecture (BP05) (Consulting Engagement Brief drafted)
The most pressing issue for the Audit and Risk Management Committee to note is resourcing and mobilising the first phase (scoping and planning) for the Platform of the Future (PotF). The PotF is the most significant aspect of the ICT Strategy and planning and management of this transformational, cross-enterprise program will challenge Council change maturity. It will enable new structures and roles in ICT Branch and the newly formed Coordination and Performance (Business Improvement) team, which aims to take lead accountability for all Council transformational projects. Barbara Dart (Manager, Performance in the Coordination and Performance Department) has been engaged and work is underway to resolve how PotF may be approached as a business led transformation project.
Not applicable
A risk profile has been assessed for approximately 47 Initiatives that form the Roadmap Phased Plan in the ICT Strategy.
Financial and other resource estimates have been provided as part of the ICT Strategy. These estimates will be refined as more information becomes available from research and market testing. Estimates have been reflected in ICT capital and operating budgets.
Internal stakeholders from Council have been consulted extensively throughout the preparation of the ICT Strategy. In particular, all key deliverables have been reviewed and endorsed by an appointed business Reference Group (BRG), the Whole of Council TP Steering Committee, ELT and IMC.
A new ICT Steering Committee will meet regularly from November to govern the implementation of the ICT Strategy.
1. |
ICT Strategy Update ⇩ |
2. |
ICT Strategy Highlights ⇩ |
Tony Welsh
Interim Information and Communications Management and Support Manager
I concur with the recommendations contained in this report.
Andrew Knight
General Manager - Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 3
SUBJECT: Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department)
AUTHOR: Senior Business Support Officer
DATE: 22 October 2019
This is a progress report outlining the Planning and Regulatory Services Department’s actions in complying with the Queensland Audit Office (QAO) recommendations outlined in QAO 2018 Closing Report (adopted by Council on 4 December 2018).
That the report be received and the contents noted.
Queensland Audit Office. There was no declaration of conflicts of interest.
Managing growth and delivering key infrastructure
Following QAO’s 2018 audit of Ipswich City Council’s financial records and processes, Planning and Regulatory Services Department have undertaken a body of work to comply with the QAO’s recommendations. Issues identified by the QAO that relate to the (former) Planning and Development Department included:
1. No policies or procedures in relation to developer infrastructure contributions;
2. Reconciliation of Infrastructure Charges Notice (ICN) Register to Pathway for outstanding developer infrastructure contributions; and
3. Lack of transparency in calculation of fee variations.
As advised in the previous Audit and Risk Management Committee report on 28 August 2019, items 1 and 3 have been addressed. Item 2 regarding entries in the Infrastructure Charges Notice Register has now also been resolved with outstanding infrastructure contributions reconciling between the Register and Pathway. To maintain the integrity of this data, detailed work instructions will need to be prepared to outline the processes for managing the Register and Pathway moving forward, including:
· Inserting contributions into the Infrastructure Charges Register;
· Recording payments, refunds, offsets and credits utilised in the Register; and
· Reconciling the Infrastructure Charges Register with Pathway.
The last update provided to Audit and Risk Management Committee in August identified a $97.3 million reduction of outstanding contributions since October 2018, with a total of $206.7 million outstanding. While these contributions show as outstanding in Pathway, at least $177 million of this total were not payable as the development had not commenced or is under construction.
The current balance of outstanding contributions for the same period (since 15 October 2018) is now $147 million. The below table shows the comparison of outstanding infrastructure contributions between June, August and October 2019 as well as the breakdown of contributions not yet payable and contributions legitimately outstanding.
|
JUNE 2019 |
AUGUST 2019 |
OCTOBER 2019 |
|||
No. of applications |
Contributions |
No. of applications |
Contributions |
No. of applications |
Contributions |
|
Development not commenced (contributions not payable) |
296 |
$93,999,499 (41.9%) |
288 |
$86,985,427 (42%) |
263 |
$70,555,742 (48%) |
Under construction/ staged development (contributions not payable) |
122 |
$93,322,535 (41.6%) |
116 |
$90,187,639 (44%) |
99 |
$68,964,184 (47%) |
Audit underway (contributions outstanding) |
76 |
$37,243,826 (16.5%) |
63 |
$29,566,811 (14%) |
35 |
$7,625,023 (5%) |
Development completed (contributions not collected) |
1* |
$11,026 (<1%) |
1* |
$11,026 (<1%) |
1* |
$10,818 (<1%) |
TOTAL |
495 |
$224,576,886 |
468 |
$206,750,903 |
398 |
$147,155,767 |
*Note: this application relates to a development at Braeside road, Bundamba where legal assistance has been sought, and contributions continue to remain outstanding. A recalculation of these contributions was completed which accounts for the different figure in October.
Of the $59.6 million reduction since August 2019, approximately $42.2 million of these contributions have been reduced through the process of reconciling credits across various Infrastructure Agreement Registers and Cross Crediting Registers within Pathway. The process of reconciling these registers is progressing, with 22 of the 31 Infrastructure Agreement Registers reconciled, another 7 Register audits in progress and 2 Registers not yet started.
While the reconciliation of the Infrastructure Charges Register with Pathway finalises the recommendations that QAO identified for Planning and Regulatory Services Department, a subsequent body of work is required to maintain and refine the management of outstanding infrastructure contributions:
· Continued reconciliation of offsets and credit transactions between ICN Register, the Infrastructure Agreements Registers and Pathway;
· Continued auditing of contributions paid and credits utilised in the Infrastructure Agreements Registers;
· Monthly reporting to the General Manager on the progress of development compliance audits for applications that have outstanding infrastructure contributions;
· Monthly reconciliations between the ICN Register and Pathway to ensure completeness and accuracy of outstanding infrastructure contributions;
· Investigation of a software program to manage infrastructure charging through a dedicated software package that coordinates with existing systems;
· Develop a series of processes for:
o managing the Infrastructure Charges Notice Register, including instructions on how to insert new entries, record payments and reconcile the Register with Pathway.
o recording and monitoring outstanding infrastructure contributions that are being paid under an agreed payment plan.
o monitoring outstanding infrastructure contributions in relation to Reconfiguring a Lot applications.
o auditing and maintaining bank guarantees held for developer contributions by the Planning and Regulatory Services Department.
· Identify instances where contributions have not been inserted into Pathway through a review of all decided development applications without infrastructure charges recorded; and
· Expand the scope of the Variation of Development Applications Fees Procedure to incorporate fee variations applied to (former) Health and Regulatory Services fees and include:
o clear wording to state that all information in relation to the request and reasons for the decision are to be recorded in Council’s corporate information systems.
o a process to review the decision if the applicant chooses to appeal.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Planning Act 2016
There are no risk management implications associated with this report (as it is for noting only), however there are risk management implications with not complying with the QAO recommendations related to this matter.
All costs associated with completing the QAO recommendations have been absorbed within the Planning and Regulatory Services Department operational budget. Therefore, there are no financial implications associated with this update report.
The contents of this report do not require community consultation.
The Planning and Regulatory Services Department have complied with all of the QAO recommendations as outlined in the QAO 2018 Closing Report. To ensure systems are adequately maintained moving forward, work will continue to complete the work already commenced and refine the processes around managing infrastructure contributions and fee variations.
Trish Standen
Senior Business Support Officer
I concur with the recommendations contained in this report.
Nicole Yiannou
Business Support Manager
I concur with the recommendations contained in this report.
Brett Davey
Acting General Manager - Planning and Regulatory Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 4
SUBJECT: Planned Agenda for the Audit and Risk Management Committee for 2020
AUTHOR: Chief Audit Executive
DATE: 25 October 2019
This is a report concerning the proposed structured and planned agenda for the Audit and Risk Management Committee for the period 1 January 2020 to 31 December 2020. This document was reviewed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 and the suggested changes in Attachment 1 are shown in track changes.
That the 2020 planned agenda for the Audit and Risk Management Committee be adopted.
The intention is for the Audit and Risk Management Committee is to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual activities will to a varying degree support these themes, but the main objective for the Committee is to support the organisation in achieving its objectives.
The purpose of the report is to have a planned and structure agenda to consider and cover matters of importance to the Committee.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
The planned agenda assists in guiding the activities of the Audit and Risk Management Committee in considering important aspects regarding governance, control and risk activities in helping Council achieve its objectives to an appropriate and effective level.
No additional resources are required because of this report. However the cost in the preparation of reports and or presentations and specific circumstances will dictate if matters have to be assessed or investigated and also management will have to consider the financial implications to implement the recommendations generated or supported through the activities of this Committee.
For this purpose the members and attendees of the Audit and Risk Management Committee were consulted in the establishment of the planned agenda.
This planned agenda is important to ensure an effective and efficient committee.
1. |
Draft Planned Dates for Audit and Risk Management
Committee for 2020 ⇩ |
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 5
SUBJECT: Audit and Risk Management Committee Charter
AUTHOR: Chief Audit Executive
DATE: 25 October 2019
This is a report concerning a review of the Audit and Risk Management Committee Charter. The Charter was reviewed and discussed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 with suggested changes outlined in track changes in Attachment 2.
That the Audit and Risk Management Committee Charter as detailed in Attachment 2 be adopted.
The intention is for the Audit and Risk Management Committee is to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual activities will to a varying degree support these themes, but the main objective for the Committee is to support the organisation in achieving its objectives.
The purpose of this activity is to regularly review and updated the Audit and Risk Management Committee Charter to keep it current and appropriate.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
The Audit and Risk Management Charter as a whole guides the activities of internal audit to minimise and control the risks the activity faces.
No additional resources are required because of this report. However situations will dictate if matters have to be assessed or investigated and also management will have to consider the financial implications to implement the recommendations generated or supported through the activities of this Committee.
For this purpose the members and attendees of the Audit and Risk Management Committee were consulted in updating this charter.
The Audit and Risk Management Committee Charter is an important document to guide the Committees in its oversight activities and to safeguard Council as a whole.
1. |
Current Audit and Risk Management Committee Charter as at
18 Septemeber 2018 copy ⇩ |
2. |
Proposed Audit and Risk Management Committee Charter -
tracked changes ⇩ |
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 6
SUBJECT: Insurance and Risk Update
AUTHOR: Corporate Governance Manager
DATE: 29 October 2019
This is a report concerning
Council’s Insurance statistics for the period 1 July 2019 to
30 September 2019 and the implementation status of Transformational Project #7
Risk Management Framework (TP#7).
That the report be received and the contents noted.
Related parties to this report include:
All members of ELT, Risk and Government Steering Committee Members, Council’s third level Managers, Risk Management Coordinator, Senior Insurance Officer and the Corporate Governance Manager. There are no perceived conflict of interest issues regarding this report.
Listening, leading and financial management
To inform the Committee of:
1. Corporate Insurance Statistics for the Quarter
2. Status of Transformational Project No. 7 Risk Management
1. Corporate Insurance Statistics for the period 1 July 2019 to 30 September 2019
The following table and graph provide a high-level snapshot of insurance claims for the period (refer Attachment 1 for detail):
QUARTERLY REPORTING INSURANCE - Jul to Sept 2019 |
Pending |
Not Progressed |
Accepted |
Denied |
TOTAL |
INSURANCE CLAIMS <$7,500 |
5 |
|
6 |
7 |
18 |
MOTOR VEHICLE CLAIMS (MV) <$1,500 |
|
2 |
5 |
|
7 |
MOTOR VEHICLE CLAIMS (MV) >$1,500 |
5 |
|
|
|
5 |
LGM INSURANCE CLAIMS (JLTA) |
3 |
|
|
|
3 |
EMPLOYEE PRACTICES LIABILITY (EPL) |
1 |
|
|
|
1 |
TOTAL |
14 |
2 |
11 |
7 |
34 |
The following table and graph provide a high-level snapshot of LGM Insurance Claims Over $15,000 for the period. For details of claims received during the Quarter refer Attachment 2.
LGM Insurance Claim Description |
Liability Denied |
Under Investigation |
Settled |
Report Only |
Grand Total |
C&O Liability |
18 |
18 |
|||
Professional Indemnity - Financial Loss |
2 |
4 |
6 |
||
Public Liability - Personal Injury |
1 |
6 |
7 |
||
Public Liability - Property Damage |
1 |
1 |
|||
Employee Practices Liability - EPL |
1 |
1 |
|||
Professional Indemnity - Property Damage |
1 |
1 |
|||
Grand Total |
1 |
26 |
1 |
6 |
34 |
2. Status of Transformational Project No. 7 Risk Management Framework (TP#7)
The purpose of the TP#7 project is to develop a better practice and consistent whole of Council approach to Enterprise Risk Management (ERM) in order to proactively identify, manage and respond to issues that represent risks to achieving Council’s strategic objectives.
The project consists of five (5) subprojects:
1. Enterprise Risk Management Program (ERM Program)
2. Fraud and Corruption Control Program (FCCP)
3. Good Decision making and Ethics Principles
4. Business Continuity Planning (BCP)
5. Project Risk Management Model
Subproject Updates as at 28 octobeR 2019:
1. Enterprise Risk Management Program (ERM Program)
Risk Management Policy and Framework
The Risk Management Framework (the Framework), Policy, Procedure and Administrative Directive was endorsed by ELT on 24 October 2019. The Framework has been written to ensure all members of the organisation can understand the purpose of the Framework and that:
· Council has in place transparent and responsible enterprise-wide risk management processes which align with best practice;
· Risks and opportunities inherent in the provision of Council services to the Ipswich Community are managed in a prudent manner;
· Council activities are conducted so as to ensure compliance with the relevant Acts, Regulations, Codes and Standards;
· Council workers are aware of and effectively exercise their risk management responsibilities;
· Adequate risk management information, training and supervision are provided to all workers, contractors, consultants, committees and volunteers;
· Council activities are clearly linked to and support one or more of the strategic objectives outlined in the Corporate and Operational Plans;
· Council maintains Corporate and Departmental risk registers.
It is acknowledged that research revealed some organisations adopt in-depth Enterprise Risk Management Frameworks. However, after discussions with the project team and advice from Price Waterhouse and Cooper (PWC) the project team believed a more succinct framework document was more appropriate for the current Enterprise Risk Management culture of the organisation.
The Framework will be reviewed in accordance with Council’s Policy Review Timetable and, as the organisation’s understanding of Enterprise Risk Management, grows the Framework can be amended to provide more comprehensive information. The Framework should be considered a living document.
Corporate Risk Registers
The Corporate Risk Register has been approved by the CEO. Each risk has had a General Manager allocated as the risk owner (with three risks having two GM's as the risk owner). The next step (which will be undertaken as a BAU activity) during October and November 2019 is to review the risk descriptions, the causes, the impacts, likelihood and consequence rating and develop action plans for the eight risks which are the primary area of focus for review at the November workshop with ELT/IMC and second round Departmental Workshops.
Departmental Risk Registers
The five Departmental Risk Registers have been created. Going forward, further review of the registers will be undertaken as a BAU activity by Corporate Governance. Meetings are being held with the GM's during the last week of September and first week of October 2019. To review the risks, allocate a Branch Manager as the risk owner to the relevant risks. Then during October and November 2019 review of the risk descriptions, the causes, the impacts, likelihood and consequence rating and development of action plans for the risks which are the primary area of focus for each Department at the November/December Departmental workshops with the GM's and Branch Managers.
General Managers have been asked to determine if Risk Registers should be developed at the Branch Level and advised that the Corporate Risk Coordinator would be able to facilitate such workshops and provide advice on determining controls etc.
Following endorsement of the Enterprise Risk Management documents by the Steering Committee, adoption of the Framework by Council, the Corporate Risk Register and Departmental Risk Registers will be finalised during November/December 2019.
Risk Appetite
Price, Waterhouse and Cooper (PWC) still developing a Risk Appetite Statement for Council. after consultation and discussion with ICC it has been decided that the Statement will not be finalised until early in the new year after the next round of Risk Workshops (Nov/Dec 2019) and be finalised prior to the return of elected representatives.
Reporting
PWC have provided "draft" templates for reporting. The Project Team is still progressing the reporting timeframes and reporting templates with the TP#1 project team.
Risk Management Training
PWC have provided a Risk Management Training pack which will be used and included in the Induction training for all new staff. In the longer term risk management training will be developed, a Learning and Development Request Form was submitted at the end of August 2019 to the Transformational Project Coordination Team.
2. Fraud and Corruption Control Program (FCCP)
A Draft FCCP report was received from PWC in early October 2019. The Risk Management Coordinator met with the Chief Executive Officer (CEO) and discussed the detail contained in the report in relation to PWC’s:
· Review of Council’s current Fraud and Corruption Framework
· Outcome of maturity assessment of the current fraud and control practices as either ‘Reactive’ or ‘Foundation’ against the AS8001-2008 element and benchmarks of:
o Planning and Resourcing
§ Fraud and corruption control planning
§ Review of the fraud and corruption control plan
§ Fraud and corruption control resources
§ Internal audit activity in the control of fraud and corruption
o Prevention
§ Implementing and maintain an integrity framework
§ Senior Management commitment to controlling the risk of fraud and corruption
§ Line Management accountability
§ Internal control
§ Assessing Fraud and corruption risk
§ Communication and awareness
§ Employment screening
§ Supplier and customer vetting
§ Controlling the risk of corruption
o Detection
§ Implementing a fraud and corruption detection program
§ Role of the external auditor in detection of fraud
§ Avenues for reporting suspected incidents
§ Whistleblower Protection program
o Response
§ Policies and procedures
§ Investigation
§ Internal reporting and escalation
§ Disciplinary procedures
§ External reporting
§ Civil action for recovery of losses – policy for recover action
§ Review of internal controls
§ Insurance
· Identified strengths of the current Framework
· Recommended improvements as identified against the above Elements
The CEO requested the RMC undertake research with other local authorities to identify their FCCPs and prepare a report on a proposed way forward to adopt the draft PWC’s FCCP.
Fraud and Corruption Risk Register
The current Fraud and Corruption Risk Register is scheduled for review and update in November 2019.
Establishment of a Fraud and Control Committee
Pending endorsement by ELT of FCCP, discussions will be undertaken with the CEO and IA to determine membership of the Fraud and Control Committee.
Reporting
PWC are now preparing draft report templates for the consideration of the Project Team. ELT will be provided the opportunity to review and discuss the templates and endorse the proposed report regime.
3. Good Decision making and Ethics principles
Due to unforeseen staff absence, work has not progressed on sub-project as planned. The Officer was scheduled to return to work on Monday 21 October but is again on unplanned leave. The project schedule for this sub-project will be reviewed and new deliverable dates approved by the Risk and Governance Steering Committee.
4. Business Continuity Planning
The following key deliverables are not completed and operationalised as Business as Usual (BAU):
· Business Continuity Management (BCM) Administrative Directive
· BCM Framework
· Business Continuity Plan (BCP) Template
· Business Impact Analysis (BIA)
Develop organisational BCPs
The following documents have been endorsed and operationalised:
• ICC Business Continuity Plan
• ICC Property Response Plan
• ICC People and Culture Plan
• ICC Media and Communications Response Plan
• ICC ICT Incident Management Directive
The documents are available on the E-Hub and have been made available to ELT members on a USB stick. ICT Disaster Plan will be progressed over the next few months and transitioned to BAU for the RMC in January 2020.
5. Project Risk Management Model (PRM Model).
The PRM Model is now finalised and operationalised. The PRM Model outlines the requirement for a consistent approach to Project Risk Management within Council to ensure the ability of projects to succeed. It provides guidance and direction based on the Council ERMF and its principles. The document allows officers with limited experience to be able to develop meaningful Project Risk Management Plans and populate Risk Registers.
In managing risk and insurance for the organisation Council officers perform their duties in keeping with the Local Government Principles of:
· transparent and effective processes, and decision-making in the public interest;
· good governance of, and by, local government; and
· ethical and legal behaviour of Councillors and local government employees
The following table outlines the relevant legislation and the administrative functions and services provided by the Section:
Relevant Legislation |
Corporate Services Section Functions and Services Provided |
Local Government Act 2009 Local Government Regulation 2012 AS/NZS ISO 31000:2009 Risk Management – Principles and Guidelines
|
Manage and coordinate:
· the implementation of Council’s Risk Management Framework · public liability claims from external customers · public liability claims for Councillors and staff · negotiate (within Delegated Authority), on behalf of Council any insurance resolutions · the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc. · the renewal of Council insurance policies (excluding Workers Compensation) · the provision of expert insurance and risk advice to both external and internal stakeholders · recover costs from damaged made by third parties to Council assets |
It is essential that TP#7 Risk Management be successfully implemented and that risk management is embedded in the organisation. The management of corporate risks lies with the CEO and all General Managers, with department risk management the responsibility of the respective General Manager. The Corporate Governance Section and the Risk Management Coordinator can provide the necessary framework, policy, procedures, advice etc., but successful risk management will only be achieved if senior management takes responsibility for managing the risk and fraud registers, implements appropriate controls and leads the organisation in developing a strong risk management culture and increasing the organisation’s risk management capabilities.
TP#7 has a financial year (FY) budget of $87,000. FY actuals and commitments to date (costs incurred with engagement of PWC) total $176,437. The current FY forecast is $204,000 resulting in a variance of $166,600. The project budget is monitored by the Project Lead and by the TPCT.
This report did not require community engagement.
Council has, for some time, needed to implement a better practice Risk Management Framework and to increase the culture and capability of the organisation to manage risk efficiently and effectively. With the successful delivery of TP#07 Risk Management Framework, Council is positioning itself be an exemplar Council in the management of Risk and Insurance
|
CONFIDENTIAL |
1. |
|
2. |
Angela Harms
Corporate Governance Manager
I concur with the recommendations contained in this report.
Andrew Knight
General Manager - Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 7
SUBJECT: Corporate Governance Section's Performance in relation to Legislative Compliance
AUTHOR: Corporate Governance Manager
DATE: 29 October 2019
This is a report concerning the performance of the Corporate Governance Section (the Section) in relation to managing Council’s legislative compliance in the management of Complaints, Right to Information and Information Privacy functions for the period 1 July 2019 to 30 September 2019 (the Quarter).
That the report be received and the contents noted.
There are no related parties.
Listening, leading and financial management
To inform the Committee on how the Section has performed and managed the below functions for the Quarter:
· Management of Right to Information and Information Privacy Applications
· Delivery of Transformational TP#06 Complaints Management Framework
1. Management of Complaints
The below graph and table provide details of the management of all complaint types for the Quarter:
Complaint Type |
Open |
Closed |
||
New |
Legacy |
New |
Legacy |
|
Administrative Action Complaints |
5 |
1 |
2 |
1 |
Privacy Complaints |
0 |
0 |
0 |
0 |
Publication Scheme Complaints |
0 |
0 |
0 |
0 |
Ombudsman reviews |
2 |
0 |
2 |
0 |
Ombudsman direct referrals received |
1 |
0 |
1 |
0 |
OIC reviews |
0 |
0 |
0 |
0 |
General Administrative Action Complaints |
35 |
0 |
21 |
10 |
General Staff Complaints |
0 |
0 |
0 |
0 |
Internal Reviews on AACs |
0 |
0 |
0 |
0 |
General/Dept. complaints worked on and referred to Dept. for response |
52 |
3 |
41 |
6 |
Figures for infringement review for the period July 2019 – 30 September 2019
· 999 CES Requests for infringement notices (these requests vary and also included waiving a PIN)
· 887 PATHWAY requests received specifically requesting a PIN be waived – 706 PINs waived and 181 upheld
These figures are not indicative of Q1- 2019-2020, matters from previous reporting periods are carried over into this reporting period and current figures will likely carry forward to the subsequent reporting period due to PINS being placed on hold during review periods.
Significant increase in General/Dept. complaints worked on and referred to Departments for response in this reporting period. This is indicative of the soft roll out of the Complaints Management Unit (CMU) and the business engaging in the new Complaints Management Framework. It is anticipated that there will be another notable increase in all General complaint types in the next reporting period, after the CMU has gone live on 18 November 2019.
A rise in General Administrative Action complaints is noted and again would be indicative of the soft roll out of the CMU.
A slight decrease in Administrative Action Complaints received in this period indicates success in the internal review process. More advice being sought by operational areas when drafting responses and the provision of template responses to the business areas means that responses are customer centric with the language used being understood by customers.
There were no requests for Internal Reviews on Administrative Action Complaints in this period. This will be monitored in future reporting periods. Initial indicators are that the new review process and changes to customer responses having a stronger customer focus may be the drivers here. Monitoring of different processing stages (reviews) will also be undertaken to ensure the efficiency of the new Framework and ensuing processes in complaints management.
The percentage of cases closed (new and legacy) has increased. It is anticipated this will continue to improve when the CMU is fully resourced.
2. Management of Right to Information and Information Privacy Applications
Council did not receive any Information Privacy Applications for the quarter. The below table provides details of the management of all RTI Applications for the Quarter:
|
July |
August |
September |
RTI Applications Received |
1 |
1 |
2 |
RTI Applications completed/closed |
1 |
2 |
1 |
IP applications Received |
0 |
1 |
3 |
IP applications completed/closed |
0 |
0 |
1 |
All RTI Applications were processed in accordance with legislative requirements, Council Policy and Procedures.
3. Status of the Transformational Projects which impact the Integrity and Governance Section’s management of complaints and RTI/IP applications
3.1 TP#6 Complaints Management Framework
The purpose of the project is to ensure a better practice, legislatively compliant and transparent whole of Council approach to:
· formal complaints made against Council as a result of dissatisfaction with services provided or a failure to provide a service; and
· complaints and reports of wrongdoing against council or staff, including allegations of fraud, corrupt conduct and public interest disclosures.
The project has progressed throughout the Quarter and current status and activities planned for the next period are shown below:
Key Deliverable |
Progress achieved this period |
Activities planned for next period |
Complaints Management Policy & procedure |
Policy and Procedure nearly finalised at which point the documents will need to be endorsed by ELT, Risk and Governance Steering Committee and the Policy formally adopted by Council and the Procedure approved by the CEO. Comms have been drafted for the WIRE to ensure staff are aware amendments made to Policy and Procedure. This advice will also be included in meetings to be held with operational business teams. |
Post adoption put up comms on WIRE. |
Unreasonable Complaint Conduct (UCC) Policy and Manual |
Comms prepared for the WIRE for staff to ensure awareness. Discussions have been held with CCED who are drafting a policy entitled Unreasonable Customer Conduct. It has been identified the CCED Policy could potentially cause confusion with staff as to which policy to use with customers displaying bad behaviour. Conversation and agreement with CCED Policy staff to change the name of their Policy. |
Both Policies to go out to business areas for feedback prior to ELT and Steering Committee endorsement and adoption by Council. Tool box talks to be undertaken with operational teams to ensure staff understanding their responsibilities for managing UCC. |
Meet with Department GMs and Level 3 Managers |
Presentations at operational team meetings to discuss rollout of CMU continued during the period. Presentations focused on the benefits the CMU will provide their business areas and how Councillor received complaints will be managed. Presentations have been well received. A handout on the CMU and responsibilities of operational staff has been developed to support presentations. These will be delivered to relevant staff prior to go live date. Positive feedback has been received thus far from soft roll out. Appears a general acceptance on new Complaints Management Framework and CMU. |
Post go live date 11 November - GMs and Level 3 Managers will be consulted for feedback on how the new Complaints Management Framework is impacting/benefitting their areas. |
Develop comms to support process |
Comms finalised with the inclusion of Go Live date. Comms discussing changes to internal review process for infringement notices has included in “In Touch” magazine being posted to Wire next week. |
Proposed roll out date has been changed from 21 October to 11 November to accommodate the recruitment process for roles in CMU to be filled before roll out. |
Supporting procedures and scripting |
Procedures and scripting will continue to be worked on to meet deliverable time frame |
Procedures and scripting will continue to be worked on to meet deliverable time frame |
Develop supporting templates |
To be commenced |
Development of supporting templates will be commenced during period |
Rollout of web content |
Currently sitting with Marketing Manager and linked to web page amendments for TP#13 Return to Elected Representation. |
Once format of web content is approved, progress to roll out. Review efficiency of web content (on line lodgement for complaints) by monitoring reporting on source of complaint. |
On boarding of required governance resources to support Complaints function |
Interviews for Customer Liaison Officer is complete. Awaiting final sign off from Andrew Knight on 21 Oct before advising successful candidate. Interviews for project officer role are on Monday 21 October. Anticipating on boarding of both resources to be completed prior to go live date 11 November |
Development of training of resources |
Reporting |
Ongoing consultation with operational areas to establish what reports they require. Once known reports will be built to accommodate business reporting needs. |
Confirming Objective can capture the complaints information and produce required reports.
Liaison with Objective representatives has revealed reporting requirements are possible. May need to undertake some configuration changes to Objective. Working with ICT staff to progress. |
The following Project Risks and Issues have been identified and appropriate mitigation and actions put in place. Risks and Issues will continue to be reviewed monthly by the Project Lead throughout the life of the Project.
Risk Description |
Risk Mitigation/s |
Initial Severity |
Mitigated Severity |
Lack of acceptance of Complaints Framework will result in: · siloed approaches to managing complaints across the organisation · no centralised repository of related information · inability to make informed changes to business processes based on complaint data · inability to effectively communicate with customers regarding delays or changes in service · legislative non-compliance |
· Creation of Complaints Management Unit (CMU) to be centralised unit for complaints management within Council · Better practice for recording and reporting on all complaints and provision of advice to business to drive performance improvements · Better practice in monitoring of timeframes and resolutions received for complaints |
M |
M |
Objective system may not be able to be configured as per ICC requirements resulting in inability to produce suitable and sufficient reporting to support the monitoring of the Complaints Management Process |
Increase functionality in Objective (through the purchase or creation of other modules) to allow for effective reporting. This includes the creation of metadata fields that are relevant to capturing complaints management data. |
H |
M |
The project’s budget has been monitored throughout the period. Actuals and commitments reflect training costs when engaging the Office of the Information Commissioner in PID Awareness and Managing Organisational Risk.
FY Budget |
FY Actuals & Commitments to Date |
FY Forecast |
FY Variance |
$0 |
$17 627 |
$50 000 |
$50 000 |
There are no financial/resource implications.
The greatest risk to the organisation is the lack of awareness by staff of their responsibilities under Council’s Complaint Management Framework, the Public Record Act, and RTI and IP Acts. All outside staff have attended Public Records Act, RTI Act and IP Act Training delivered by the TP#6 Project Lead. Internal staff have undertaken Office of the Information Commissioner RTI and IP Training and Queensland State Archives Records Challenge Training online via E-Hub. Training in Records, RTI and IP Act obligations and responsibilities is now a component of induction training and will be incorporated into annual refresher training for all staff.
Council has an obligation under the RTI and IP Acts to work towards open proactive disclosure, administrative access and information sharing (the “push model”). The Section will engage a consultant in early 2020 to develop a 12 month project plan using the recent organisational ‘scorecard’ developed by the Office of the Information Commission (OIC). The aim of the project plan will be to improve the organisation’s implementation of the “push model” and hopefully increase our scorecard results for the next OIC assessment. The project plan will be delivered by the Section as BAU.
The following table outlines the relevant legislation and the administrative functions and services provided by the Branch:
Relevant Legislation |
Integrity and Governance Team Administrative Functions and Services Provided |
Local Government Act 2009 and Local Government Regulation 2012 |
Management complaint types:
· Administrative Action Complaints and Internal Reviews · Privacy Complaints · Publication Scheme Complaints · Ombudsman Review of Complaint Management · Ombudsman Direct Referral of Complaints · Office of Information Commission (OIC) Complaint Reviews · Operational i.e. General Department complaints referred to relevant Council Depart./Branch for resolution |
Right to Information Act 2006 |
Management of Right to Information Applications for:
· access to information that is not administratively available · internal review of a reviewable decision |
Information Privacy Act 2006 |
Management of Information Privacy Applications:
· for personal information · to amend personal information or · to investigate complaints of privacy breaches · internal review of a reviewable decision |
COMMUNITY and OTHER CONSULTATION
This report did not require community engagement.
The Integrity and Governance Section has performed its responsibilities and obligations in relation to maintaining Council’s compliance with the Local Government Act, Local Government Regulation, Right to Information Act and Information Privacy Act for the previous Quarter.
|
CONFIDENTIAL |
1. |
Angela Harms
Corporate Governance Manager
I concur with the recommendations contained in this report.
Andrew Knight
General Manager - Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 8
SUBJECT: Internal Audit Charter Review
AUTHOR: Chief Audit Executive
DATE: 25 October 2019
This is a report concerning a proposed update of the Internal Audit Charter. The Charter was reviewed and discussed at the Risk Management Committee Strategy Meeting held on 24 October 2019.
That the proposed Internal Audit Charter as detailed in Attachment 2 be adopted.
Not applicable
The intention is for the Internal Audit activity to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual internal audits and corrupt conduct investigations will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.
The purpose of this activity is to regularly review and updated the Internal Audit Charter in line with better practice and The International Professional Practices Framework (IPPF) for Internal Auditors.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
Crime and Corruption Act 2001
The Internal Audit Charter as a whole guides the activities of internal audit to minimise and control the risks the activity faces. Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements. As per the corrupt conduct investigation the findings and risks vary in each situation and are discussed in the confidential reports. Having said that the key risks are still that the information might not be well presented, well understood or do not generate an appropriate response.
Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources are required because of this report. However situations will dictate if internal audits and investigations have to be outsourced and also management will have to consider the financial implications to implement the recommendations as per the individual reports.
Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports. For investigations the appropriate consultations take place as the situation allows and requires.
For this purpose the members and attendees of the Audit and Risk Management Committee were consulted in updating this charter.
The Internal Audit Charter is an important document to guide internal audit activities and to safeguard Council as a whole.
|
CONFIDENTIAL |
1. |
|
2. |
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 9
SUBJECT: Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019
AUTHOR: Chief Audit Executive
DATE: 29 October 2019
This is a report concerning the activities of Internal Audit undertaken since 16 August 2019 and the current status of these activities.
That the report be received, the contents noted and the recommendations in Attachments 3 and 4, be considered finalised and archived.
Not applicable
The intention is for the Internal Audit activity to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual internal audits and corrupt conduct investigations will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.
The purpose of this report is to keep the Audit and Risk Management Committee informed and to report on performance of the Internal Audit Branch:
• Report the status of the audits currently under way
• Summary of the activities of the Internal Audit Branch
• Annual Performance Report and Assertion on Internal Auditing Standards
• Report the status of the audit recommendations from completed audits
The supply of the information to the Mayor, the Chief Executive Officer and Audit and Risk Management Committee, is a requirement of the Internal Audit Charter.
Internal Audit Report Register (Attachment 1)
This is a historic register recording the reference number of formal reports produced, audits commenced, report status and date completed for the last number of years.
Audits, Reviews, Projects and Activities (Attachment 2)
This is a report on audits, reviews, projects and activities that were conducted during the period or in progress as at 29 October 2019.
Audit Recommendations (Attachments 3 and 4)
Extracted from the Audit Recommendations System, these reports list all Internal and External Audit recommendations (with management comments and responses) that managers advise have been implemented since the report made to the last Audit and Risk Management Committee meeting. This report is presented to the Audit and Risk Management Committee prior to the recommendations being finalised and/or archived.
Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources were required because of this report. However situations will dictate if internal audits and investigations have to be outsourced and also management will have to consider their implications to implement the recommendations as per the individual reports.
Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements. As per the corrupt conduct investigation, the findings and risks vary in each situation and are discussed in the confidential reports. Having said that the key risks are still if the information is not well presented, well understood or does not generate an appropriate response.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
Crime and Corruption Act 2001
Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports. For investigations the appropriate consultations take place as the situation allows and requires.
During the period under review the Internal Audit Branch undertook a number of activities, including as listed in Attachment 2.
During the course of Internal Audit activities, contributions to the improvement of operational procedures, practices and the control environment have been achieved.
1. |
Internal Audit Register ⇩ |
|
|
|
CONFIDENTIAL |
2. |
|
3. |
|
4. |
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 10
SUBJECT: Summary of Recent Internal Audit Reports Issued
AUTHOR: Chief Audit Executive
DATE: 29 October 2019
This is a report concerning recently completed internal audits and the subsequent reports released since the previous report dated 16 August 2019.
That the report be received and the contents noted.
Not applicable
The intention is for the Internal Audit activity to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual internal audits and corrupt conduct investigations will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.
Since 16 August 2019, Internal Audit has issued/finalised 2 Internal Audit reports/Consulting Tasks and the extracts of the reports containing the audit recommendations, management response and agreed action by date, are attached to enable any further discussion that may be required by the Audit and Risk Management Committee.
Control Environment Opinion Summary over Areas in Scope of Audits |
5 |
4 |
3 |
2 |
1 |
Objective (A1819-11) |
|
|
P |
|
|
Operation of Fleet and Plant Audit (A1819-12) |
|
|
P |
|
|
Rating Definitions |
|
5 |
Indicates unacceptable control environment or critical operating or control problems or extreme exposure. |
4 |
Indicates unsatisfactory control environment or significant operational, procedural or control deficiencies or high exposure. |
3 |
Indicates limited control environment or some operational, procedural or control deficiencies, issues or moderate exposure |
2 |
Indicates acceptable control environment or minor operational, procedural or control deficiencies, issues or exposure. |
1 |
Indicates well controlled environment or no or limited unfavourable audit findings, observations or exposure. |
Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources were required because of this report.
Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements. As per the corrupt conduct investigation, the findings and risks vary in each situation and are discussed in the confidential reports. Having said that the key risks are still if the information is not well presented, well understood or does not generate an appropriate response.
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports.
The attached executive summary of reports provides for the individual opinion as per each report.
|
CONFIDENTIAL |
1. |
|
2. |
|
3. |
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 11
SUBJECT: Overdue Recommendations as at 16 August 2019
AUTHOR: Chief Audit Executive
DATE: 29 October 2019
Executive Summary
This is a report concerning the status of each Department's progress in actioning the internal and external audit recommendations due or overdue for implementation.
Recommendation/s
That the report be received and considered.
RELATED PARTIES
Not applicable
Advance Ipswich Theme Linkage
The intention is for the Internal Audit activity to support all five themes:
Strengthening our local economy and building prosperity
Managing growth and delivering key infrastructure
Caring for the community
Caring for the environment
Listening, leading and financial management
Individual internal audits will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.
Purpose of Report/Background
Every month each Department Head is requested to update the status of both the internal and external audit recommendations due for implementation within their area of responsibility.
Traffic lights have been introduced based on the request of the Audit and Risk Management Committee. The following is an indication of what each indicator could mean:
|
Green |
Light |
Orange |
Light |
Red |
|
Under control Reasonable number Low overall risk |
|
Need to monitor Number increasing Moderate overall risk |
|
Need to be addressed Number problematic High overall risk |
The following Departments’ progress towards the implementation of Internal Audit recommendations, for which they are responsible, is summarised below:
Corporate Services |
|
||||
Date of Report |
Total overdue |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
1 |
0 |
0 |
1 |
|
In relation to: Independent Validation of Internal Audit Self-Assessment (201609) |
Infrastructure and Environment |
|
||||
Date of Report |
Total overdue |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
3 |
0 |
0 |
3 |
|
In relation to: State Emergency Services SES (A1617-18)Arboriculture (A1718-01), Enviroplan Levy (A1718-09) |
Planning and Regulatory Services |
|
||||
Date of Report |
Total overdue |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
6 |
0 |
0 |
2 |
|
In relation to: Cemeteries (201504), Immunisation Program (A1718-11), Security and Safety Cameras (A1718-17) |
All other departments had no recommendations overdue for more than 3 months.
Financial/RESOURCE IMPLICATIONS
Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources are required because of this report. However management will have to consider their implications to implement the recommendations as per the individual reports.
RISK MANAGEMENT IMPLICATIONS
Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
COMMUNITY and OTHER CONSULTATION
Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports.
Conclusion
Total Internal Audit recommendations overdue for more than 3 months and level of risk:
Minimal and Low not indicated.
Date of Report |
Total overdue |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
10 |
0 |
0 |
6 |
|
16 August 2019 |
7 |
0 |
0 |
3 |
Total Internal Audit recommendations open and level of risk:
Date of Report |
Total open |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
47 |
0 |
3 |
30 |
|
16 August 2019 |
37 |
0 |
3 |
22 |
Total External Audit recommendations overdue and level of risk:
Ratings as used by QAO.
Date of Report |
Total overdue |
High |
Moderate |
Low |
|
29 October 2019 |
6 |
1 |
2 |
3 |
|
16 August 2019 |
3 |
1 |
2 |
0 |
Total External Audit recommendations open and level of risk:
Date of Report |
Total open |
High |
Moderate |
Low |
|
29 October 2019 |
9 |
3 |
3 |
3 |
|
16 August 2019 |
14 |
3 |
10 |
1 |
Total Investigation/Ad Hoc Report recommendations overdue and level of risk:
Minimal and Low not indicated.
Date of Report |
Total overdue |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
0 |
0 |
0 |
0 |
|
16 August 2019 |
0 |
0 |
0 |
0 |
Total Investigation/Ad Hoc Report recommendations open and level of risk:
Date of Report |
Total open |
Catastrophic |
High |
Moderate |
|
29 October 2019 |
34 |
0 |
7 |
19 |
|
16 August 2019 |
0 |
0 |
0 |
0 |
Overall Status |
|
The number of overdue recommendations have gone up slightly. The Investigations/ Ad-hoc Reports have now also been added which has pushed the numbers up significantly but this is positive in that these are also now monitored. |
Attachments and Confidential Background Papers
Freddy Beck
Chief Audit Executive
I concur with the recommendations contained in this report.
Freddy Beck
Chief Audit Executive
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 12
SUBJECT: Queensland Audit Office Final Management Letter to Ipswich City Council
AUTHOR: Committee Manager
DATE: 31 October 2019
This is a report concerning submission of the final management letter to Ipswich City Council from the Queensland Audit Office.
That the report be received and the contents noted.
The purpose of the report is to provide the Audit and Risk Management Committee with a copy of the final Management Letter for Ipswich City Council.
|
CONFIDENTIAL |
1. |
Vicki Lukritz
Committee Manager
I concur with the recommendations contained in this report.
Andrew Knight
General Manager - Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee Meeting Agenda |
6 November 2019 |
ITEM: 13
SUBJECT: Queensland Audit Office Briefing Paper for Ipswich City Council
AUTHOR: Committee Manager
DATE: 31 October 2019
This is a report concerning the submission of a briefing paper for October 2019 to the Audit and Risk Management Committee.
That the report be received and the contents noted.
The purpose of the report is to provide information to the Audit and Risk Management Committee in the form of a briefing paper.
|
CONFIDENTIAL |
1. |
Vicki Lukritz
Committee Manager
I concur with the recommendations contained in this report.
Angela Harms
Corporate Governance Manager
“Together, we proudly enhance the quality of life for our community”