Item No.	Item Title	Page No.
1	Report - Audit and Risk Management Committee No. 2019(05) of 9 October 2019	9
2	ICT STrategy Update	16
3	Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department)	27
4	Planned Agenda for the Audit and Risk Management Committee for 2020	32
5	Audit and Risk Management Committee Charter	39
6	**Insurance and Risk Update	64
7	**Corporate Governance Section's Performance in relation to Legislative Compliance	73
8	**Internal Audit Charter Review	81
9	**Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019	84
10	**Summary of Recent Internal Audit Reports Issued	93
11	**Overdue Recommendations as at 16 August 2019	96
12	**Queensland Audit Office Final Management Letter to Ipswich City Council	100
13	**Queensland Audit Office Briefing Paper for Ipswich City Council	101
14	Next Meeting	-
15	General Business	-
16	Private Session of Member (if required)	-

Audit and Risk Management Committee NO. 5

6 November 2019

AGENDA

1. Report - Audit and Risk Management Committee No. 2019(05) of
9 October 2019

This is the report of the Audit and Risk Management Committee No. 2019(05) of
9 October 2019.

Recommendation

That the report be received and the contents noted.

2. ICT STrategy Update

This is a report providing an update on implementation progress against the ICT Strategy approved by the Executive Leadership Team (ELT) on 8August 2019. This update has been requested for the November Audit and Risk Management Committee (ARMC) meeting. .

Recommendation

That the schedule, progress and reported matters in the attached ICT Strategy Implementation Status Update, be noted.

3. Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department)

This is a progress report outlining the Planning and Regulatory Services Department’s actions in complying with the Queensland Audit Office (QAO) recommendations outlined in QAO 2018 Closing Report (adopted by Council on 4 December 2018).

Recommendation

That the report be received and the contents noted.

4. Planned Agenda for the Audit and Risk Management Committee for 2020

This is a report concerning the proposed structured and planned agenda for the Audit and Risk Management Committee for the period 1 January 2020 to 31 December 2020. This document was reviewed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 and the suggested changes in Attachment 1 are shown in track changes.

Recommendation

That the 2020 planned agenda for the Audit and Risk Management Committee be adopted.

5. Audit and Risk Management Committee Charter

This is a report concerning a review of the Audit and Risk Management Committee Charter. The Charter was reviewed and discussed at the Audit and Risk Management Committee Strategy Meeting held on 24 October 2019 with suggested changes outlined in track changes in Attachment 2.

Recommendation

That the Audit and Risk Management Committee Charter as detailed in Attachment 2 be adopted.

6. **Insurance and Risk Update

This is a report concerning Council’s Insurance statistics for the period 1 July 2019 to 30 September 2019 and the implementation status of Transformational Project #7 Risk Management Framework (TP#7).

Recommendation

That the report be received and the contents noted.

7. **Corporate Governance Section's Performance in relation to Legislative Compliance

This is a report concerning the performance of the Corporate Governance Section (the Section) in relation to managing Council’s legislative compliance in the management of Complaints, Right to Information and Information Privacy functions for the period 1 July 2019 to 30 September 2019 (the Quarter).

Recommendation

That the report be received and the contents noted.

8. **Internal Audit Charter Review

This is a report concerning a proposed update of the Internal Audit Charter. The Charter was reviewed and discussed at the Risk Management Committee Strategy Meeting held on 24 October 2019.

Recommendation

That the proposed Internal Audit Charter as detailed in Attachment 2 be adopted.

9. **Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019

This is a report concerning the activities of Internal Audit undertaken since 16 August 2019 and the current status of these activities.

Recommendation

That the report be received, the contents noted and the recommendations in Attachments 3 and 4, be considered finalised and archived.

10. **Summary of Recent Internal Audit Reports Issued

This is a report concerning recently completed internal audits and the subsequent reports released since the previous report dated 16 August 2019.

Recommendation

That the report be received and the contents noted.

11. **Overdue Recommendations as at 16 August 2019

This is a report concerning the status of each Department's progress in actioning the internal and external audit recommendations due or overdue for implementation.

Recommendation

That the report be received and considered.

12. **Queensland Audit Office Final Management Letter to Ipswich City Council

This is a report concerning submission of the final management letter to Ipswich City Council from the Queensland Audit Office.

Recommendation

That the report be received and the contents noted.

13. **Queensland Audit Office Briefing Paper for Ipswich City Council

This is a report concerning the submission of a briefing paper for October 2019 to the Audit and Risk Management Committee.

Recommendation

That the report be received and the contents noted.

14. NEXT MEETING

The next meeting is scheduled for Wednesday, 12 February 2020.

15. GENERAL BUSINESS

16. PRIVATE SESSION OF MEMBER (IF REQUIRED)

** Item includes confidential papers

and any other items as considered necessary.

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Item 1 / Attachment 1.

Audit and Risk Management Committee NO. 2019(04)

9 October 2019

Report of the Audit and Risk Management Committee

for the Audit and Risk Management Committee

MEMBERS’ ATTENDANCE: Dr Annette Quayle (Acting Chairperson and External Member); Greg Chemello (Interim Administrator), Robert Jones (Interim Management Committee)

MEMBERS’ APOLOGIES: Graeme Stratford (Chairperson and External Member), Stan Gallo (Interim Management Committee)

OTHER ATTENDANCE: David Farmer (Chief Executive Officer), Jeff Keech (Acting General Manager – Corporate Services), Freddy Beck (Chief Audit Executive), Lisa Fraser (Queensland Audit Office), Patrick Flemming (Queensland Audit Office) and Tony Welsh (Interim ICT Management Support)

1. Report - Audit and Risk Management Committee No. 2019(03) of 28 August 2019

This is the report of the Audit and Risk Management Committee No. 2019(03) of 28 August 2019.

Recommendation

That the report be received and the contents noted.

2. Information Security Controls Remediation Works

This is a report providing an update on remediation work across a range of Information Security Controls requested by the Audit and Risk Management Committee at the 28 August 2019 meeting.

Recommendation

That the Interim Administrator of Ipswich City Council resolve:

That the report be received and the contents noted.

3. Queensland Audit Office Closing Report

This is a report by the Queensland Audit Office concerning the Queensland Audit Office Report as at 4 October 2019.

“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.”

Recommendation

That the Interim Administrator of Ipswich City Council resolve:

That the report be received and the contents noted.

4. 2018-2019 Annual Financial Statements and 2018-2019 Management Representation Letter

This is a report concerning the 2018-2019 annual financial statements and 2018-2019 management representation letter.

“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.”

Recommendation

The Audit and Risk Management Committee endorses the recommendations that the Interim Administrator of Ipswich City Council resolves:

A. That the 2018-2019 annual financial statements as detailed in Attachment 1 to the report of the Principal Financial Accountant dated 2 October 2019, including changes to the note disclosures as detailed in the report by the Acting General Manager (Corporate Services) tabled at the meeting (Item 6 of these minutes), be approved for certification by the Interim Administrator and Chief Executive Officer.

B. That the 2018-2019 management representation letter as detailed in Attachment 2 to the report of the Principal Financial Accountant dated 2 October 2019 be approved for certification by the Interim Administrator and Chief Executive Officer.

5. 2018-2019 Annual Financial Statement for Controlled Entities

This is a report concerning the 2018-2019 Annual Financial Statements and associated documents for the following controlled entities of Ipswich City Council (Council):

· Ipswich City Properties Pty Ltd

· Ipswich City Developments Pty Ltd

· Ipswich City Enterprises Pty Ltd

· Ipswich City Enterprises Investments Pty Ltd

“The attachment/s to this report are confidential in accordance with section 275(1)(h) of the Local Government Regulation 2012.”

Recommendation

That the Audit and Risk Management Committee resolve:

That the report of the Treasury Accounting Manager dated 3 October 2019 be received and the contents noted.

6. UPDATED CHANGES TO 2018-2019 FINANCIAL STATEMENTS

This is a report by the Acting General Manager (Corporate Services) outlining recommended changes to the 2018-2019 financial statements included in the Agenda for the Audit and Risk Committee of 9 October 2019 following further review by the Queensland Audit Office and Committee members.

Recommendation

The Audit and Risk Management Committee endorses the recommendation that the Interim Administrator of Ipswich City Council resolve:

That the suggested changes outlined in this report be made to the 2018-2019 financial statements for finalisation and certification.

Attachments

1. [Updated changes to 2018-2019 Financial Statements

7. NEXT MEETING

The next meeting is scheduled for Wednesday, 6 November 2019.

8. GENERAL BUSINESS

The Acting General Manager (Corporate Services) thanked the Queensland Audit Office for all their support and work with regards to the financial statements

PROCEDURAL MOTIONS AND FORMAL MATTERS

The meeting commenced at 9.45am.

The meeting closed at 11.22am.

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5868982

ITEM: 2

SUBJECT: ICT STrategy Update

AUTHOR: Interim Information and Communications Management and Support Manager

DATE: 28 October 2019

Executive Summary

Recommendation/s

That the schedule, progress and reported matters in the attached ICT Strategy Implementation Status Update, be noted.

RELATED PARTIES

Not applicable

Advance Ipswich Theme

Listening, leading and financial management

PURPOSE OF REPORT/BACKGROUND

Council developed an ICT Strategy in response to the Transformation Program (TP#17). This strategy was supported by a cross-council working group and approved by ELT on 8 August 2019. The Implementation Plan presented in the ICT Strategy identified 24 discrete initiatives, spanning 3 years.

The Audit and Risk Management Committee has requested an update on progress, outcomes and issues impacting on the ICT Strategy implementation plan. This is the first report provided on the mobilisation of ICT Strategy implementation initiatives. An overview of the planned implementation initiatives, and progress to date, is attached.

Most initiatives that rely on BAU resourcing have mobilised well:

· Disaster Recovery Enablement (ITSM06)

· Staff Plan - Phase 1 (Leadership & Engagement) (ITCAP01)

· Staff Plan - Phase 2 (Job Restructuring) (ITCAP02)

The new ICT Steering Committee has been established to include all members of ELT, Finance Manager and ICT Leadership with the Chief Audit Executive invited to observe. The inaugural meeting will be scheduled for the end of November.

Resource constraints are slowing the mobilisation of:

· Rebuild ICT Governance & Controls Function (ITGOV02)

· ICT Directives Overhaul (ITGOV05)

· Platform of the Future (PotF) (BP07) Phase 1: Platform Research & Requirements

· Architecture and Application Portfolio Management Uplift (ITCAP04)

Four initiatives that need wider organisational design consideration and alignment will be taken to the IT Steering Committee for guidance:

· Digital / SmartCity / ICT Operating Model (ITGOV03) (Consulting Engagement Brief drafted)

· Digital Services UX Uplift (BP06) (On-Hold)

· Information Management Operating Model (ITGOV04)

· GIS & Spatial Systems Operating Model & Architecture (BP05) (Consulting Engagement Brief drafted)

The most pressing issue for the Audit and Risk Management Committee to note is resourcing and mobilising the first phase (scoping and planning) for the Platform of the Future (PotF). The PotF is the most significant aspect of the ICT Strategy and planning and management of this transformational, cross-enterprise program will challenge Council change maturity. It will enable new structures and roles in ICT Branch and the newly formed Coordination and Performance (Business Improvement) team, which aims to take lead accountability for all Council transformational projects. Barbara Dart (Manager, Performance in the Coordination and Performance Department) has been engaged and work is underway to resolve how PotF may be approached as a business led transformation project.

Legal/Policy Basis

Not applicable

RISK MANAGEMENT IMPLICATIONS

A risk profile has been assessed for approximately 47 Initiatives that form the Roadmap Phased Plan in the ICT Strategy.

Financial/RESOURCE IMPLICATIONS

Financial and other resource estimates have been provided as part of the ICT Strategy. These estimates will be refined as more information becomes available from research and market testing. Estimates have been reflected in ICT capital and operating budgets.

COMMUNITY and OTHER CONSULTATION

Internal stakeholders from Council have been consulted extensively throughout the preparation of the ICT Strategy. In particular, all key deliverables have been reviewed and endorsed by an appointed business Reference Group (BRG), the Whole of Council TP Steering Committee, ELT and IMC.

Conclusion

A new ICT Steering Committee will meet regularly from November to govern the implementation of the ICT Strategy.

Attachments and Confidential Background Papers

1.	ICT Strategy Update ⇩
2.	ICT Strategy Highlights ⇩

Tony Welsh

Interim Information and Communications Management and Support Manager

I concur with the recommendations contained in this report.

Andrew Knight

General Manager - Corporate Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5857238

ITEM: 3

SUBJECT: Update on Queensland Audit Office Recommendations (Planning and Regulatory Services Department)

AUTHOR: Senior Business Support Officer

DATE: 22 October 2019

Executive Summary

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

Queensland Audit Office. There was no declaration of conflicts of interest.

Advance Ipswich Theme

Managing growth and delivering key infrastructure

Purpose of Report/Background

Following QAO’s 2018 audit of Ipswich City Council’s financial records and processes, Planning and Regulatory Services Department have undertaken a body of work to comply with the QAO’s recommendations. Issues identified by the QAO that relate to the (former) Planning and Development Department included:

1. No policies or procedures in relation to developer infrastructure contributions;

2. Reconciliation of Infrastructure Charges Notice (ICN) Register to Pathway for outstanding developer infrastructure contributions; and

3. Lack of transparency in calculation of fee variations.

As advised in the previous Audit and Risk Management Committee report on 28 August 2019, items 1 and 3 have been addressed. Item 2 regarding entries in the Infrastructure Charges Notice Register has now also been resolved with outstanding infrastructure contributions reconciling between the Register and Pathway. To maintain the integrity of this data, detailed work instructions will need to be prepared to outline the processes for managing the Register and Pathway moving forward, including:

· Inserting contributions into the Infrastructure Charges Register;

· Recording payments, refunds, offsets and credits utilised in the Register; and

· Reconciling the Infrastructure Charges Register with Pathway.

The last update provided to Audit and Risk Management Committee in August identified a $97.3 million reduction of outstanding contributions since October 2018, with a total of $206.7 million outstanding. While these contributions show as outstanding in Pathway, at least $177 million of this total were not payable as the development had not commenced or is under construction.

The current balance of outstanding contributions for the same period (since 15 October 2018) is now $147 million. The below table shows the comparison of outstanding infrastructure contributions between June, August and October 2019 as well as the breakdown of contributions not yet payable and contributions legitimately outstanding.

	JUNE 2019		AUGUST 2019		OCTOBER 2019
	No. of applications	Contributions	No. of applications	Contributions	No. of applications	Contributions
Development not commenced (contributions not payable)	296	$93,999,499 (41.9%)	288	$86,985,427 (42%)	263	$70,555,742 (48%)
Under construction/ staged development (contributions not payable)	122	$93,322,535 (41.6%)	116	$90,187,639 (44%)	99	$68,964,184 (47%)
Audit underway (contributions outstanding)	76	$37,243,826 (16.5%)	63	$29,566,811 (14%)	35	$7,625,023 (5%)
Development completed (contributions not collected)	1*	$11,026 (<1%)	1*	$11,026 (<1%)	1*	$10,818 (<1%)
TOTAL	495	$224,576,886	468	$206,750,903	398	$147,155,767

*Note: this application relates to a development at Braeside road, Bundamba where legal assistance has been sought, and contributions continue to remain outstanding. A recalculation of these contributions was completed which accounts for the different figure in October.

Of the $59.6 million reduction since August 2019, approximately $42.2 million of these contributions have been reduced through the process of reconciling credits across various Infrastructure Agreement Registers and Cross Crediting Registers within Pathway. The process of reconciling these registers is progressing, with 22 of the 31 Infrastructure Agreement Registers reconciled, another 7 Register audits in progress and 2 Registers not yet started.

While the reconciliation of the Infrastructure Charges Register with Pathway finalises the recommendations that QAO identified for Planning and Regulatory Services Department, a subsequent body of work is required to maintain and refine the management of outstanding infrastructure contributions:

· Continued reconciliation of offsets and credit transactions between ICN Register, the Infrastructure Agreements Registers and Pathway;

· Continued auditing of contributions paid and credits utilised in the Infrastructure Agreements Registers;

· Monthly reporting to the General Manager on the progress of development compliance audits for applications that have outstanding infrastructure contributions;

· Monthly reconciliations between the ICN Register and Pathway to ensure completeness and accuracy of outstanding infrastructure contributions;

· Investigation of a software program to manage infrastructure charging through a dedicated software package that coordinates with existing systems;

· Develop a series of processes for:

o managing the Infrastructure Charges Notice Register, including instructions on how to insert new entries, record payments and reconcile the Register with Pathway.

o recording and monitoring outstanding infrastructure contributions that are being paid under an agreed payment plan.

o monitoring outstanding infrastructure contributions in relation to Reconfiguring a Lot applications.

o auditing and maintaining bank guarantees held for developer contributions by the Planning and Regulatory Services Department.

· Identify instances where contributions have not been inserted into Pathway through a review of all decided development applications without infrastructure charges recorded; and

· Expand the scope of the Variation of Development Applications Fees Procedure to incorporate fee variations applied to (former) Health and Regulatory Services fees and include:

o clear wording to state that all information in relation to the request and reasons for the decision are to be recorded in Council’s corporate information systems.

o a process to review the decision if the applicant chooses to appeal.

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Planning Act 2016

RISK MANAGEMENT IMPLICATIONS

There are no risk management implications associated with this report (as it is for noting only), however there are risk management implications with not complying with the QAO recommendations related to this matter.

Financial/RESOURCE IMPLICATIONS

All costs associated with completing the QAO recommendations have been absorbed within the Planning and Regulatory Services Department operational budget. Therefore, there are no financial implications associated with this update report.

COMMUNITY and OTHER CONSULTATION

The contents of this report do not require community consultation.

Conclusion

The Planning and Regulatory Services Department have complied with all of the QAO recommendations as outlined in the QAO 2018 Closing Report. To ensure systems are adequately maintained moving forward, work will continue to complete the work already commenced and refine the processes around managing infrastructure contributions and fee variations.

Trish Standen

Senior Business Support Officer

I concur with the recommendations contained in this report.

Nicole Yiannou

Business Support Manager

I concur with the recommendations contained in this report.

Brett Davey

Acting General Manager - Planning and Regulatory Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

PDF Creator

Doc ID No: A5869240

ITEM: 6

SUBJECT: Insurance and Risk Update

AUTHOR: Corporate Governance Manager

DATE: 29 October 2019

Executive Summary

This is a report concerning Council’s Insurance statistics for the period 1 July 2019 to
30 September 2019 and the implementation status of Transformational Project #7 Risk Management Framework (TP#7).

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

Related parties to this report include:

All members of ELT, Risk and Government Steering Committee Members, Council’s third level Managers, Risk Management Coordinator, Senior Insurance Officer and the Corporate Governance Manager. There are no perceived conflict of interest issues regarding this report.

Advance Ipswich Theme

Listening, leading and financial management

Purpose of Report/Background

To inform the Committee of:

1. Corporate Insurance Statistics for the Quarter

2. Status of Transformational Project No. 7 Risk Management

1. Corporate Insurance Statistics for the period 1 July 2019 to 30 September 2019

The following table and graph provide a high-level snapshot of insurance claims for the period (refer Attachment 1 for detail):

QUARTERLY REPORTING INSURANCE - Jul to Sept 2019	Pending	Not Progressed	Accepted	Denied	TOTAL
INSURANCE CLAIMS <$7,500	5		6	7	18
MOTOR VEHICLE CLAIMS (MV) <$1,500		2	5		7
MOTOR VEHICLE CLAIMS (MV) >$1,500	5				5
LGM INSURANCE CLAIMS (JLTA)	3				3
EMPLOYEE PRACTICES LIABILITY (EPL)	1				1
TOTAL	14	2	11	7	34

The following table and graph provide a high-level snapshot of LGM Insurance Claims Over $15,000 for the period. For details of claims received during the Quarter refer Attachment 2.

LGM Insurance Claim Description	Liability Denied	Under Investigation	Settled	Report Only	Grand Total
C&O Liability		18			18
Professional Indemnity - Financial Loss		2		4	6
Public Liability - Personal Injury	1	6			7
Public Liability - Property Damage				1	1
Employee Practices Liability - EPL			1		1
Professional Indemnity - Property Damage				1	1
Grand Total	1	26	1	6	34

2. Status of Transformational Project No. 7 Risk Management Framework (TP#7)

The purpose of the TP#7 project is to develop a better practice and consistent whole of Council approach to Enterprise Risk Management (ERM) in order to proactively identify, manage and respond to issues that represent risks to achieving Council’s strategic objectives.

The project consists of five (5) subprojects:

1. Enterprise Risk Management Program (ERM Program)

2. Fraud and Corruption Control Program (FCCP)

3. Good Decision making and Ethics Principles

4. Business Continuity Planning (BCP)

5. Project Risk Management Model

Subproject Updates as at 28 octobeR 2019:

1. Enterprise Risk Management Program (ERM Program)

Risk Management Policy and Framework

The Risk Management Framework (the Framework), Policy, Procedure and Administrative Directive was endorsed by ELT on 24 October 2019. The Framework has been written to ensure all members of the organisation can understand the purpose of the Framework and that:

· Council has in place transparent and responsible enterprise-wide risk management processes which align with best practice;

· Risks and opportunities inherent in the provision of Council services to the Ipswich Community are managed in a prudent manner;

· Council activities are conducted so as to ensure compliance with the relevant Acts, Regulations, Codes and Standards;

· Council workers are aware of and effectively exercise their risk management responsibilities;

· Adequate risk management information, training and supervision are provided to all workers, contractors, consultants, committees and volunteers;

· Council activities are clearly linked to and support one or more of the strategic objectives outlined in the Corporate and Operational Plans;

· Council maintains Corporate and Departmental risk registers.

It is acknowledged that research revealed some organisations adopt in-depth Enterprise Risk Management Frameworks. However, after discussions with the project team and advice from Price Waterhouse and Cooper (PWC) the project team believed a more succinct framework document was more appropriate for the current Enterprise Risk Management culture of the organisation.

The Framework will be reviewed in accordance with Council’s Policy Review Timetable and, as the organisation’s understanding of Enterprise Risk Management, grows the Framework can be amended to provide more comprehensive information. The Framework should be considered a living document.

Corporate Risk Registers

The Corporate Risk Register has been approved by the CEO. Each risk has had a General Manager allocated as the risk owner (with three risks having two GM's as the risk owner). The next step (which will be undertaken as a BAU activity) during October and November 2019 is to review the risk descriptions, the causes, the impacts, likelihood and consequence rating and develop action plans for the eight risks which are the primary area of focus for review at the November workshop with ELT/IMC and second round Departmental Workshops.

Departmental Risk Registers

The five Departmental Risk Registers have been created. Going forward, further review of the registers will be undertaken as a BAU activity by Corporate Governance. Meetings are being held with the GM's during the last week of September and first week of October 2019. To review the risks, allocate a Branch Manager as the risk owner to the relevant risks. Then during October and November 2019 review of the risk descriptions, the causes, the impacts, likelihood and consequence rating and development of action plans for the risks which are the primary area of focus for each Department at the November/December Departmental workshops with the GM's and Branch Managers.

General Managers have been asked to determine if Risk Registers should be developed at the Branch Level and advised that the Corporate Risk Coordinator would be able to facilitate such workshops and provide advice on determining controls etc.

Following endorsement of the Enterprise Risk Management documents by the Steering Committee, adoption of the Framework by Council, the Corporate Risk Register and Departmental Risk Registers will be finalised during November/December 2019.

Risk Appetite

Price, Waterhouse and Cooper (PWC) still developing a Risk Appetite Statement for Council. after consultation and discussion with ICC it has been decided that the Statement will not be finalised until early in the new year after the next round of Risk Workshops (Nov/Dec 2019) and be finalised prior to the return of elected representatives.

Reporting

PWC have provided "draft" templates for reporting. The Project Team is still progressing the reporting timeframes and reporting templates with the TP#1 project team.

Risk Management Training

PWC have provided a Risk Management Training pack which will be used and included in the Induction training for all new staff. In the longer term risk management training will be developed, a Learning and Development Request Form was submitted at the end of August 2019 to the Transformational Project Coordination Team.

2. Fraud and Corruption Control Program (FCCP)

A Draft FCCP report was received from PWC in early October 2019. The Risk Management Coordinator met with the Chief Executive Officer (CEO) and discussed the detail contained in the report in relation to PWC’s:

· Review of Council’s current Fraud and Corruption Framework

· Outcome of maturity assessment of the current fraud and control practices as either ‘Reactive’ or ‘Foundation’ against the AS8001-2008 element and benchmarks of:

o Planning and Resourcing

§ Fraud and corruption control planning

§ Review of the fraud and corruption control plan

§ Fraud and corruption control resources

§ Internal audit activity in the control of fraud and corruption

o Prevention

§ Implementing and maintain an integrity framework

§ Senior Management commitment to controlling the risk of fraud and corruption

§ Line Management accountability

§ Internal control

§ Assessing Fraud and corruption risk

§ Communication and awareness

§ Employment screening

§ Supplier and customer vetting

§ Controlling the risk of corruption

o Detection

§ Implementing a fraud and corruption detection program

§ Role of the external auditor in detection of fraud

§ Avenues for reporting suspected incidents

§ Whistleblower Protection program

o Response

§ Policies and procedures

§ Investigation

§ Internal reporting and escalation

§ Disciplinary procedures

§ External reporting

§ Civil action for recovery of losses – policy for recover action

§ Review of internal controls

§ Insurance

· Identified strengths of the current Framework

· Recommended improvements as identified against the above Elements

The CEO requested the RMC undertake research with other local authorities to identify their FCCPs and prepare a report on a proposed way forward to adopt the draft PWC’s FCCP.

Fraud and Corruption Risk Register

The current Fraud and Corruption Risk Register is scheduled for review and update in November 2019.

Establishment of a Fraud and Control Committee

Pending endorsement by ELT of FCCP, discussions will be undertaken with the CEO and IA to determine membership of the Fraud and Control Committee.

Reporting

PWC are now preparing draft report templates for the consideration of the Project Team. ELT will be provided the opportunity to review and discuss the templates and endorse the proposed report regime.

3. Good Decision making and Ethics principles

Due to unforeseen staff absence, work has not progressed on sub-project as planned. The Officer was scheduled to return to work on Monday 21 October but is again on unplanned leave. The project schedule for this sub-project will be reviewed and new deliverable dates approved by the Risk and Governance Steering Committee.

4. Business Continuity Planning

The following key deliverables are not completed and operationalised as Business as Usual (BAU):

· Business Continuity Management (BCM) Administrative Directive

· BCM Framework

· Business Continuity Plan (BCP) Template

· Business Impact Analysis (BIA)

Develop organisational BCPs

The following documents have been endorsed and operationalised:

• ICC Business Continuity Plan

• ICC Property Response Plan

• ICC People and Culture Plan

• ICC Media and Communications Response Plan

• ICC ICT Incident Management Directive

The documents are available on the E-Hub and have been made available to ELT members on a USB stick. ICT Disaster Plan will be progressed over the next few months and transitioned to BAU for the RMC in January 2020.

5. Project Risk Management Model (PRM Model).

The PRM Model is now finalised and operationalised. The PRM Model outlines the requirement for a consistent approach to Project Risk Management within Council to ensure the ability of projects to succeed. It provides guidance and direction based on the Council ERMF and its principles. The document allows officers with limited experience to be able to develop meaningful Project Risk Management Plans and populate Risk Registers.

Legal/Policy Basis

In managing risk and insurance for the organisation Council officers perform their duties in keeping with the Local Government Principles of:

· transparent and effective processes, and decision-making in the public interest;

· good governance of, and by, local government; and

· ethical and legal behaviour of Councillors and local government employees

The following table outlines the relevant legislation and the administrative functions and services provided by the Section:

Relevant Legislation	Corporate Services Section Functions and Services Provided
Local Government Act 2009 Local Government Regulation 2012 AS/NZS ISO 31000:2009 Risk Management – Principles and Guidelines	Manage and coordinate: · the implementation of Council’s Risk Management Framework · public liability claims from external customers · public liability claims for Councillors and staff · negotiate (within Delegated Authority), on behalf of Council any insurance resolutions · the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc. · the renewal of Council insurance policies (excluding Workers Compensation) · the provision of expert insurance and risk advice to both external and internal stakeholders · recover costs from damaged made by third parties to Council assets

Relevant Legislation

Corporate Services Section

Functions and Services Provided

Local Government Act 2009

Local Government Regulation 2012

AS/NZS ISO 31000:2009 Risk Management – Principles and Guidelines

Manage and coordinate:

· the implementation of Council’s Risk Management Framework

· public liability claims from external customers

· public liability claims for Councillors and staff

· negotiate (within Delegated Authority), on behalf of Council any insurance resolutions

· the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc.

· the renewal of Council insurance policies (excluding Workers Compensation)

· the provision of expert insurance and risk advice to both external and internal stakeholders

· recover costs from damaged made by third parties to Council assets

RISK MANAGEMENT IMPLICATIONS

It is essential that TP#7 Risk Management be successfully implemented and that risk management is embedded in the organisation. The management of corporate risks lies with the CEO and all General Managers, with department risk management the responsibility of the respective General Manager. The Corporate Governance Section and the Risk Management Coordinator can provide the necessary framework, policy, procedures, advice etc., but successful risk management will only be achieved if senior management takes responsibility for managing the risk and fraud registers, implements appropriate controls and leads the organisation in developing a strong risk management culture and increasing the organisation’s risk management capabilities.

Financial/RESOURCE IMPLICATIONS

TP#7 has a financial year (FY) budget of $87,000. FY actuals and commitments to date (costs incurred with engagement of PWC) total $176,437. The current FY forecast is $204,000 resulting in a variance of $166,600. The project budget is monitored by the Project Lead and by the TPCT.

COMMUNITY and OTHER CONSULTATION

This report did not require community engagement.

Conclusion

Council has, for some time, needed to implement a better practice Risk Management Framework and to increase the culture and capability of the organisation to manage risk efficiently and effectively. With the successful delivery of TP#07 Risk Management Framework, Council is positioning itself be an exemplar Council in the management of Risk and Insurance

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Insurance Claims for the Period 1 July to 30 September 2019
2.	LGM Insurance Claims Over $15,000 for the period

Angela Harms

Corporate Governance Manager

I concur with the recommendations contained in this report.

Andrew Knight

General Manager - Corporate Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5869344

ITEM: 7

SUBJECT: Corporate Governance Section's Performance in relation to Legislative Compliance

AUTHOR: Corporate Governance Manager

DATE: 29 October 2019

Executive Summary

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

There are no related parties.

Advance Ipswich Theme Linkage

Listening, leading and financial management

Purpose of Report/Background

To inform the Committee on how the Section has performed and managed the below functions for the Quarter:

· Management of Complaints

· Management of Right to Information and Information Privacy Applications

· Delivery of Transformational TP#06 Complaints Management Framework

1. Management of Complaints

The below graph and table provide details of the management of all complaint types for the Quarter:

Complaint Type	Open		Closed
Complaint Type	New	Legacy	New	Legacy
Administrative Action Complaints	5	1	2	1
Privacy Complaints	0	0	0	0
Publication Scheme Complaints	0	0	0	0
Ombudsman reviews	2	0	2	0
Ombudsman direct referrals received	1	0	1	0
OIC reviews	0	0	0	0
General Administrative Action Complaints	35	0	21	10
General Staff Complaints	0	0	0	0
Internal Reviews on AACs	0	0	0	0
General/Dept. complaints worked on and referred to Dept. for response	52	3	41	6

Figures for infringement review for the period July 2019 – 30 September 2019

· 999 CES Requests for infringement notices (these requests vary and also included waiving a PIN)

· 887 PATHWAY requests received specifically requesting a PIN be waived – 706 PINs waived and 181 upheld

These figures are not indicative of Q1- 2019-2020, matters from previous reporting periods are carried over into this reporting period and current figures will likely carry forward to the subsequent reporting period due to PINS being placed on hold during review periods.

Significant increase in General/Dept. complaints worked on and referred to Departments for response in this reporting period. This is indicative of the soft roll out of the Complaints Management Unit (CMU) and the business engaging in the new Complaints Management Framework. It is anticipated that there will be another notable increase in all General complaint types in the next reporting period, after the CMU has gone live on 18 November 2019.

A rise in General Administrative Action complaints is noted and again would be indicative of the soft roll out of the CMU.

A slight decrease in Administrative Action Complaints received in this period indicates success in the internal review process. More advice being sought by operational areas when drafting responses and the provision of template responses to the business areas means that responses are customer centric with the language used being understood by customers.

There were no requests for Internal Reviews on Administrative Action Complaints in this period. This will be monitored in future reporting periods. Initial indicators are that the new review process and changes to customer responses having a stronger customer focus may be the drivers here. Monitoring of different processing stages (reviews) will also be undertaken to ensure the efficiency of the new Framework and ensuing processes in complaints management.

The percentage of cases closed (new and legacy) has increased. It is anticipated this will continue to improve when the CMU is fully resourced.

2. Management of Right to Information and Information Privacy Applications

Council did not receive any Information Privacy Applications for the quarter. The below table provides details of the management of all RTI Applications for the Quarter:

	July	August	September
RTI Applications Received	1	1	2
RTI Applications completed/closed	1	2	1
IP applications Received	0	1	3
IP applications completed/closed	0	0	1

All RTI Applications were processed in accordance with legislative requirements, Council Policy and Procedures.

3. Status of the Transformational Projects which impact the Integrity and Governance Section’s management of complaints and RTI/IP applications

3.1 TP#6 Complaints Management Framework

The purpose of the project is to ensure a better practice, legislatively compliant and transparent whole of Council approach to:

· formal complaints made against Council as a result of dissatisfaction with services provided or a failure to provide a service; and

· complaints and reports of wrongdoing against council or staff, including allegations of fraud, corrupt conduct and public interest disclosures.

The project has progressed throughout the Quarter and current status and activities planned for the next period are shown below:

Key Deliverable	Progress achieved this period	Activities planned for next period
Complaints Management Policy & procedure	Policy and Procedure nearly finalised at which point the documents will need to be endorsed by ELT, Risk and Governance Steering Committee and the Policy formally adopted by Council and the Procedure approved by the CEO. Comms have been drafted for the WIRE to ensure staff are aware amendments made to Policy and Procedure. This advice will also be included in meetings to be held with operational business teams.	Post adoption put up comms on WIRE.
Unreasonable Complaint Conduct (UCC) Policy and Manual	Comms prepared for the WIRE for staff to ensure awareness. Discussions have been held with CCED who are drafting a policy entitled Unreasonable Customer Conduct. It has been identified the CCED Policy could potentially cause confusion with staff as to which policy to use with customers displaying bad behaviour. Conversation and agreement with CCED Policy staff to change the name of their Policy.	Both Policies to go out to business areas for feedback prior to ELT and Steering Committee endorsement and adoption by Council. Tool box talks to be undertaken with operational teams to ensure staff understanding their responsibilities for managing UCC.
Meet with Department GMs and Level 3 Managers	Presentations at operational team meetings to discuss rollout of CMU continued during the period. Presentations focused on the benefits the CMU will provide their business areas and how Councillor received complaints will be managed. Presentations have been well received. A handout on the CMU and responsibilities of operational staff has been developed to support presentations. These will be delivered to relevant staff prior to go live date. Positive feedback has been received thus far from soft roll out. Appears a general acceptance on new Complaints Management Framework and CMU.	Post go live date 11 November - GMs and Level 3 Managers will be consulted for feedback on how the new Complaints Management Framework is impacting/benefitting their areas.
Develop comms to support process	Comms finalised with the inclusion of Go Live date. Comms discussing changes to internal review process for infringement notices has included in “In Touch” magazine being posted to Wire next week.	Proposed roll out date has been changed from 21 October to 11 November to accommodate the recruitment process for roles in CMU to be filled before roll out.
Supporting procedures and scripting	Procedures and scripting will continue to be worked on to meet deliverable time frame	Procedures and scripting will continue to be worked on to meet deliverable time frame
Develop supporting templates	To be commenced	Development of supporting templates will be commenced during period
Rollout of web content	Currently sitting with Marketing Manager and linked to web page amendments for TP#13 Return to Elected Representation.	Once format of web content is approved, progress to roll out. Review efficiency of web content (on line lodgement for complaints) by monitoring reporting on source of complaint.
On boarding of required governance resources to support Complaints function	Interviews for Customer Liaison Officer is complete. Awaiting final sign off from Andrew Knight on 21 Oct before advising successful candidate. Interviews for project officer role are on Monday 21 October. Anticipating on boarding of both resources to be completed prior to go live date 11 November	Development of training of resources
Reporting	Ongoing consultation with operational areas to establish what reports they require. Once known reports will be built to accommodate business reporting needs.	Confirming Objective can capture the complaints information and produce required reports. Liaison with Objective representatives has revealed reporting requirements are possible. May need to undertake some configuration changes to Objective. Working with ICT staff to progress.

The following Project Risks and Issues have been identified and appropriate mitigation and actions put in place. Risks and Issues will continue to be reviewed monthly by the Project Lead throughout the life of the Project.

Risk Description

Risk Mitigation/s

Initial Severity

Mitigated Severity

Lack of acceptance of Complaints Framework will result in:

· siloed approaches to managing complaints across the organisation

· no centralised repository of related information

· inability to make informed changes to business processes based on complaint data

· inability to effectively communicate with customers regarding delays or changes in service

· legislative non-compliance

· Creation of Complaints Management Unit (CMU) to be centralised unit for complaints management within Council

· Better practice for recording and reporting on all complaints and provision of advice to business to drive performance improvements

· Better practice in monitoring of timeframes and resolutions received for complaints

Objective system may not be able to be configured as per ICC requirements resulting in inability to produce suitable and sufficient reporting to support the monitoring of the Complaints Management Process

Increase functionality in Objective (through the purchase or creation of other modules) to allow for effective reporting. This includes the creation of metadata fields that are relevant to capturing complaints management data.

The project’s budget has been monitored throughout the period. Actuals and commitments reflect training costs when engaging the Office of the Information Commissioner in PID Awareness and Managing Organisational Risk.

FY Budget	FY Actuals & Commitments to Date	FY Forecast	FY Variance
$0	$17 627	$50 000	$50 000

Financial/RESOURCE IMPLICATIONS

There are no financial/resource implications.

RISK MANAGEMENT IMPLICATIONS

The greatest risk to the organisation is the lack of awareness by staff of their responsibilities under Council’s Complaint Management Framework, the Public Record Act, and RTI and IP Acts. All outside staff have attended Public Records Act, RTI Act and IP Act Training delivered by the TP#6 Project Lead. Internal staff have undertaken Office of the Information Commissioner RTI and IP Training and Queensland State Archives Records Challenge Training online via E-Hub. Training in Records, RTI and IP Act obligations and responsibilities is now a component of induction training and will be incorporated into annual refresher training for all staff.

Council has an obligation under the RTI and IP Acts to work towards open proactive disclosure, administrative access and information sharing (the “push model”). The Section will engage a consultant in early 2020 to develop a 12 month project plan using the recent organisational ‘scorecard’ developed by the Office of the Information Commission (OIC). The aim of the project plan will be to improve the organisation’s implementation of the “push model” and hopefully increase our scorecard results for the next OIC assessment. The project plan will be delivered by the Section as BAU.

Legal/Policy Basis

The following table outlines the relevant legislation and the administrative functions and services provided by the Branch:

Relevant Legislation	Integrity and Governance Team Administrative Functions and Services Provided
Local Government Act 2009 and Local Government Regulation 2012	Management complaint types: · Administrative Action Complaints and Internal Reviews · Privacy Complaints · Publication Scheme Complaints · Ombudsman Review of Complaint Management · Ombudsman Direct Referral of Complaints · Office of Information Commission (OIC) Complaint Reviews · Operational i.e. General Department complaints referred to relevant Council Depart./Branch for resolution
Right to Information Act 2006	Management of Right to Information Applications for: · access to information that is not administratively available · internal review of a reviewable decision
Information Privacy Act 2006	Management of Information Privacy Applications: · for personal information · to amend personal information or · to investigate complaints of privacy breaches · internal review of a reviewable decision

COMMUNITY and OTHER CONSULTATION

This report did not require community engagement.

Conclusion

The Integrity and Governance Section has performed its responsibilities and obligations in relation to maintaining Council’s compliance with the Local Government Act, Local Government Regulation, Right to Information Act and Information Privacy Act for the previous Quarter.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Complaints for the quarter

Angela Harms

Corporate Governance Manager

I concur with the recommendations contained in this report.

Andrew Knight

General Manager - Corporate Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5864065

ITEM: 8

SUBJECT: Internal Audit Charter Review

AUTHOR: Chief Audit Executive

DATE: 25 October 2019

Executive Summary

This is a report concerning a proposed update of the Internal Audit Charter. The Charter was reviewed and discussed at the Risk Management Committee Strategy Meeting held on 24 October 2019.

Recommendation/s

That the proposed Internal Audit Charter as detailed in Attachment 2 be adopted.

RELATED PARTIES

Not applicable

Advance Ipswich Theme

The intention is for the Internal Audit activity to support all five themes:

Strengthening our local economy and building prosperity

Managing growth and delivering key infrastructure

Caring for the community

Caring for the environment

Listening, leading and financial management

Individual internal audits and corrupt conduct investigations will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.

Purpose of Report/Background

The purpose of this activity is to regularly review and updated the Internal Audit Charter in line with better practice and The International Professional Practices Framework (IPPF) for Internal Auditors.

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Local Government Regulation 2012

Crime and Corruption Act 2001

RISK MANAGEMENT IMPLICATIONS

The Internal Audit Charter as a whole guides the activities of internal audit to minimise and control the risks the activity faces. Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements. As per the corrupt conduct investigation the findings and risks vary in each situation and are discussed in the confidential reports. Having said that the key risks are still that the information might not be well presented, well understood or do not generate an appropriate response.

Financial/RESOURCE IMPLICATIONS

Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources are required because of this report. However situations will dictate if internal audits and investigations have to be outsourced and also management will have to consider the financial implications to implement the recommendations as per the individual reports.

COMMUNITY and OTHER CONSULTATION

Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports. For investigations the appropriate consultations take place as the situation allows and requires.

For this purpose the members and attendees of the Audit and Risk Management Committee were consulted in updating this charter.

Conclusion

The Internal Audit Charter is an important document to guide internal audit activities and to safeguard Council as a whole.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Current Internal Audit Charter as at 16 October 2018
2.	Proposed Internal Audit Charter

Freddy Beck

Chief Audit Executive

I concur with the recommendations contained in this report.

Freddy Beck

Chief Audit Executive

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5865895

ITEM: 9

SUBJECT: Internal Audit Branch Activities Report for the period 16 August 2019 to 29 October 2019

AUTHOR: Chief Audit Executive

DATE: 29 October 2019

Executive Summary

This is a report concerning the activities of Internal Audit undertaken since 16 August 2019 and the current status of these activities.

Recommendation/s

That the report be received, the contents noted and the recommendations in Attachments 3 and 4, be considered finalised and archived.

RELATED PARTIES

Not applicable

Advance Ipswich Theme Linkage

The intention is for the Internal Audit activity to support all five themes:

Strengthening our local economy and building prosperity

Managing growth and delivering key infrastructure

Caring for the community

Caring for the environment

Listening, leading and financial management

Purpose of Report/Background

The purpose of this report is to keep the Audit and Risk Management Committee informed and to report on performance of the Internal Audit Branch:

• Report the status of the audits currently under way

• Summary of the activities of the Internal Audit Branch

• Annual Performance Report and Assertion on Internal Auditing Standards

• Report the status of the audit recommendations from completed audits

The supply of the information to the Mayor, the Chief Executive Officer and Audit and Risk Management Committee, is a requirement of the Internal Audit Charter.

Internal Audit Report Register (Attachment 1)

This is a historic register recording the reference number of formal reports produced, audits commenced, report status and date completed for the last number of years.

Audits, Reviews, Projects and Activities (Attachment 2)

This is a report on audits, reviews, projects and activities that were conducted during the period or in progress as at 29 October 2019.

Audit Recommendations (Attachments 3 and 4)

Extracted from the Audit Recommendations System, these reports list all Internal and External Audit recommendations (with management comments and responses) that managers advise have been implemented since the report made to the last Audit and Risk Management Committee meeting. This report is presented to the Audit and Risk Management Committee prior to the recommendations being finalised and/or archived.

Financial/RESOURCE IMPLICATIONS

Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources were required because of this report. However situations will dictate if internal audits and investigations have to be outsourced and also management will have to consider their implications to implement the recommendations as per the individual reports.

RISK MANAGEMENT IMPLICATIONS

Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements. As per the corrupt conduct investigation, the findings and risks vary in each situation and are discussed in the confidential reports. Having said that the key risks are still if the information is not well presented, well understood or does not generate an appropriate response.

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Local Government Regulation 2012

Crime and Corruption Act 2001

COMMUNITY and OTHER CONSULTATION

Conclusion

During the period under review the Internal Audit Branch undertook a number of activities, including as listed in Attachment 2.

During the course of Internal Audit activities, contributions to the improvement of operational procedures, practices and the control environment have been achieved.

Attachments and Confidential Background Papers

1.	Internal Audit Register ⇩

	CONFIDENTIAL
2.	Internal Audit Activity Report
3.	Internal Audit Recommendations Implemented
4.	External Audit Recommendations Implemented

Freddy Beck

Chief Audit Executive

I concur with the recommendations contained in this report.

Freddy Beck

Chief Audit Executive

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5865905

ITEM: 10

SUBJECT: Summary of Recent Internal Audit Reports Issued

AUTHOR: Chief Audit Executive

DATE: 29 October 2019

Executive Summary

This is a report concerning recently completed internal audits and the subsequent reports released since the previous report dated 16 August 2019.

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

Not applicable

Advance Ipswich Theme Linkage

The intention is for the Internal Audit activity to support all five themes:

Strengthening our local economy and building prosperity

Managing growth and delivering key infrastructure

Caring for the community

Caring for the environment

Listening, leading and financial management

Purpose of Report/Background

Since 16 August 2019, Internal Audit has issued/finalised 2 Internal Audit reports/Consulting Tasks and the extracts of the reports containing the audit recommendations, management response and agreed action by date, are attached to enable any further discussion that may be required by the Audit and Risk Management Committee.

Control Environment Opinion Summary over Areas in Scope of Audits	5	4	3	2	1
Objective (A1819-11)			P
Operation of Fleet and Plant Audit (A1819-12)			P

Rating Definitions
5	Indicates unacceptable control environment or critical operating or control problems or extreme exposure.
4	Indicates unsatisfactory control environment or significant operational, procedural or control deficiencies or high exposure.
3	Indicates limited control environment or some operational, procedural or control deficiencies, issues or moderate exposure
2	Indicates acceptable control environment or minor operational, procedural or control deficiencies, issues or exposure.
1	Indicates well controlled environment or no or limited unfavourable audit findings, observations or exposure.

Financial/RESOURCE IMPLICATIONS

Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources were required because of this report.

RISK MANAGEMENT IMPLICATIONS

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Local Government Regulation 2012

COMMUNITY and OTHER CONSULTATION

Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports.

Conclusion

The attached executive summary of reports provides for the individual opinion as per each report.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Executive Summary of Recent Reports Issued
2.	Audit Report No. A1819-11
3.	Audit Report No. A1819-12

Freddy Beck

Chief Audit Executive

I concur with the recommendations contained in this report.

Freddy Beck

Chief Audit Executive

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

6 November

2019

Doc ID No: A5865911

ITEM: 11

SUBJECT: Overdue Recommendations as at 16 August 2019

AUTHOR: Chief Audit Executive

DATE: 29 October 2019

Executive Summary

This is a report concerning the status of each Department's progress in actioning the internal and external audit recommendations due or overdue for implementation.

Recommendation/s

That the report be received and considered.

RELATED PARTIES

Not applicable

Advance Ipswich Theme Linkage

The intention is for the Internal Audit activity to support all five themes:

Strengthening our local economy and building prosperity

Managing growth and delivering key infrastructure

Caring for the community

Caring for the environment

Listening, leading and financial management

Individual internal audits will to a varying degree support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.

Purpose of Report/Background

Every month each Department Head is requested to update the status of both the internal and external audit recommendations due for implementation within their area of responsibility.

Traffic lights have been introduced based on the request of the Audit and Risk Management Committee. The following is an indication of what each indicator could mean:

Light

Green

Light

Orange

Light

Red

Under control

Reasonable number

Low overall risk

Need to monitor

Number increasing

Moderate overall risk

Need to be addressed

Number problematic

High overall risk

The following Departments’ progress towards the implementation of Internal Audit recommendations, for which they are responsible, is summarised below:

Corporate Services
Date of Report	Total overdue	Catastrophic	High	Moderate
29 October 2019	1	0	0	1
In relation to: Independent Validation of Internal Audit Self-Assessment (201609)

Infrastructure and Environment
Date of Report	Total overdue	Catastrophic	High	Moderate
29 October 2019	3	0	0	3
In relation to: State Emergency Services SES (A1617-18)Arboriculture (A1718-01), Enviroplan Levy (A1718-09)

Planning and Regulatory Services
Date of Report	Total overdue	Catastrophic	High	Moderate
29 October 2019	6	0	0	2
In relation to: Cemeteries (201504), Immunisation Program (A1718-11), Security and Safety Cameras (A1718-17)

All other departments had no recommendations overdue for more than 3 months.

Financial/RESOURCE IMPLICATIONS

Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources are required because of this report. However management will have to consider their implications to implement the recommendations as per the individual reports.

RISK MANAGEMENT IMPLICATIONS

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Local Government Regulation 2012

COMMUNITY and OTHER CONSULTATION

Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports.

Conclusion

Total Internal Audit recommendations overdue for more than 3 months and level of risk:

Minimal and Low not indicated.

Date of Report	Total overdue	Catastrophic	High	Moderate
29 October 2019	10	0	0	6
16 August 2019	7	0	0	3

Total Internal Audit recommendations open and level of risk:

Date of Report	Total open	Catastrophic	High	Moderate
29 October 2019	47	0	3	30
16 August 2019	37	0	3	22

Total External Audit recommendations overdue and level of risk:

Ratings as used by QAO.

Date of Report	Total overdue	High	Moderate	Low
29 October 2019	6	1	2	3
16 August 2019	3	1	2	0

Total External Audit recommendations open and level of risk:

Date of Report	Total open	High	Moderate	Low
29 October 2019	9	3	3	3
16 August 2019	14	3	10	1

Total Investigation/Ad Hoc Report recommendations overdue and level of risk:

Minimal and Low not indicated.

Date of Report	Total overdue	Catastrophic	High	Moderate
29 October 2019	0	0	0	0
16 August 2019	0	0	0	0

Total Investigation/Ad Hoc Report recommendations open and level of risk:

Date of Report	Total open	Catastrophic	High	Moderate
29 October 2019	34	0	7	19
16 August 2019	0	0	0	0

Overall Status
The number of overdue recommendations have gone up slightly. The Investigations/ Ad-hoc Reports have now also been added which has pushed the numbers up significantly but this is positive in that these are also now monitored.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Recommendations Statistics and Overdue Summary
2.	Internal Audit Recommendations overdue for more than 3 months
3.	External Audit Recommendations overdue for more than 3 months
4.	Investigations/Ad-hoc Report Recomendations overdue for more than 3 months (nil return)

Freddy Beck

Chief Audit Executive

I concur with the recommendations contained in this report.

Freddy Beck

Chief Audit Executive

“Together, we proudly enhance the quality of life for our community”

1.	Current Audit and Risk Management Committee Charter as at 18 Septemeber 2018 copy ⇩
2.	Proposed Audit and Risk Management Committee Charter - tracked changes ⇩

INTRODUCTION

RECOMMENDATION

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme

PURPOSE OF REPORT/BACKGROUND

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Executive Summary

Recommendation/s

RELATED PARTIES

Not applicable

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Not applicable

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme Linkage

Purpose of Report/Background

Financial/RESOURCE IMPLICATIONS

RISK MANAGEMENT IMPLICATIONS

Legal/Policy Basis

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers