Item No.	Item Title	Page No.
1	Report - Audit and Risk Management Committee No. 2019(05) of 6 November 2019	7
2	Tax Risk Management Update 2019 - ARMC February 2020	15
3	Corporate Governance Section's Performance in relation to Legislative Compliance	19
4	Summary of Recent Internal Audit Reports Issued	33
5	**Internal Audit Branch Activities Report for the period 29 October 2019 to 4 February 2020	36
6	**Overdue Recommendations as at 4 February 2020	45
7	**Insurance and Risk Update	49
8	**Business Transformation & Strategic Projects Update	57
9	**Queensland Audit Office 2020 Draft External Audit Plan and Briefing Paper	59
10	Next Meeting	-
11	General Business	-
12	Private Session of Member (if required)	-

Audit and Risk Management Committee

Meeting Agenda

12 February

2020

Doc ID No: A5981873

ITEM: 2

SUBJECT: Tax Risk Management Update 2019 - ARMC February 2020

AUTHOR: Principal Taxation Accountant

DATE: 3 February 2020

Executive Summary

This is a report by the Principal Taxation Officer dated 3 February 2020 concerning taxation risk management issues for the year ended 31 December 2019.

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

There are not impacts on related parties.

Advance Ipswich Theme

Strengthening our local economy and building prosperity

Purpose of Report/Background

Council has approximately $38 million of tax risk with Goods and Services Tax (GST) representing approximately $16 million and Pay As You Go Withholding (PAYGW) representing $21 million. The balance of the tax risk is represented by Fringe Benefits Tax (FBT) and Fuel Tax Credits (FTC) of approximately $300,000 and $500,000 respectively. These amounts are relatively unchanged from last year.

The ATO applies a risk differentiation framework to customise their interactions based on their understanding of an organisation’s risk position, circumstances, choices and behaviours. The framework is used to assess an organisation’s tax risk levels with regards to potential consequences of non-compliance. During 2019 the ATO did not discuss the framework as frequently as it has in previous years.

The ATO also applies a compliance model as a structured way of understanding and improving taxpayer compliance. This model shows a spectrum of taxpayer attitudes towards compliance. The aim is to encourage non-complying taxpayers to take on an attitude of being 'willing to do the right thing'.

Council strives to be a full participant in the Australian taxation system and has had minimal audit and query activity from the ATO during the year. This implies that Council is a low risk taxpayer under the ATO’s risk differentiation framework. Generally Council’s risk has been consistently low.

The Corporate Taxation Team also provide advice in relation to PAYG withholding as required however the calculation and remittance of the PAYG withheld is part of Council’s payroll processes and therefore not specifically addressed in this report.

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Not Applicable

RISK MANAGEMENT IMPLICATIONS

GST

The ATO GST governance and risk management checklist for large businesses has been frequently updated and work has been performed to improve Council’s processes and policies to further mitigate any perceived GST risk. The checklist covers areas of governance and risk management, processing and reporting, resources, controls, capability and assurance that are applicable to Council’s GST obligations.

The tax team continue to meet monthly to recognise any work completed and to plan further projects necessary to address key risk areas identified in the checklist. The tax team has determined that the risk of GST being reported and processed incorrectly is very low with regards to those key areas in the checklist. Changes to GST legislation or ATO guidance will continue to be monitored and added to the checklist over the coming year.

Division 81

Council self-assesses the GST status of fees and charges. There were no significant changes made during the year. The tax team will support the review of all fees and charges by checking the GST treatment and will offer technical advice and support to the departments when needed.

For all other fees and charges the tax team will perform periodic reviews of the revenue tax codes in Council’s Pathways system to ensure the correct tax treatments are being applied. These checks happen on an ad-hoc basis.

Vendor Validation

Council has reports to compare its supplier database to the database provided by the Australian Business Register (ABR). Any discrepancies can be highlighted through these reports. The database is updated via a data download from the ABR. The accounts payable team update the reports quarterly and notify any suppliers that have invalid information. This process is due to be reviewed during the 2020 year.

Appropriations

Government to government payments that are on a non-commercial basis are out of scope for GST. There have been no significant issues arising from these types of transactions during the year. Government departments have improved their self-assessment of the appropriations they pay to Council and the appropriate wording for GST is commonly included in the relevant written agreements. Any potential issues with appropriations received by Council will be addressed as they arise.

FBT

The tax team monitor FBT risks for Council and review related transactions monthly. The 2019 FBT return was reviewed and lodged by Council’s external tax advisor and there are some minor changes Council will need to apply to its treatment of motor vehicles.

During the 2019 year we completed a position paper regarding third party benefits and their impact on Council for tax. Council’s tax advisor has reviewed the position paper and agree with the treatment for FBT going forward. During the year there were minimal benefits of this type. This issue is not significant in terms of increasing Council’s FBT risk.

Private Binding Ruling

On 6 March 2018 Council applied for a renewal of the private binding ruling for Councillor advertising expenses confirming that advertising expenses paid for by Council are not subject to FBT. The ruling has been renewed by the ATO up to the FBT year ending 31 March 2022.

Taxable Payments Annual Report

Council has successfully lodged its second taxable payments annual report from the Oracle system to the ATO. All payments made for services paid for by Council from 1 July 2018 to 31 June 2019 were reported. The Finance Branch and Information and Communications Technology Branch will monitor for any feedback from the ATO and will work together to prepare for the 2020 report.

New Payroll Single Touch Payroll

Council has successfully completed the single touch payroll implementation and now report the payment of taxable salaries and wages to the ATO weekly via the new electronic system. The implementation for a new payroll system was completed by the extended start date granted by the ATO.

Fuel Tax Credits

Council has not received any further contact from its tax advisor to review its fuel tax credits claim. We do not expect to make any further claims based on the past work performed by the tax advisor and consider the claim to now be complete.

The fuel tax credit rate increases in February and August each year.

FINANCIAL/RESOURCE IMPLICATIONS

There are no financial or resource implications.

COMMUNITY and OTHER CONSULTATION

There is no community and other consultation required.

Conclusion

Council is a full participant in the Australian taxation system and has not been the focus of any audit activity from the ATO during the year. Council is a low risk taxpayer under the ATO’s risk differentiation framework. Council’s tax continues to be consistently low.

Travis Pitman

Principal Taxation Accountant

I concur with the recommendations contained in this report.

Jeffrey Keech

Manager, Finance

I concur with the recommendations contained in this report.

Sonia Cooper

General Manager Corporate Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

12 February

2020

Doc ID No: A6039070

ITEM: 3

SUBJECT: Corporate Governance Section's Performance in relation to Legislative Compliance

AUTHOR: Governance Manager

DATE: 31 January 2020

Executive Summary

This is a report concerning the performance of the Corporate Governance Section (the Section) in relation to managing Council’s legislative compliance in the management of Complaints, Right to Information and Information Privacy functions for the period 1 October 2019 to 31 December 2019 (the Quarter).

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

There are no related parties.

Advance Ipswich Theme Linkage

Listening, leading and financial management

Purpose of Report/Background

To inform the Committee on how the Section has performed and managed the below functions for the Quarter:

· Management of Complaints

· Management of Right to Information and Information Privacy Applications

· Delivery of Transformational TP#06 Complaints Management Framework

1. Management of Complaints

Since the roll out of the Complaints Management Unit (CMU) in Qtr. 2 there has been a change to the review stages for complaints.

General Administrative Action Complaints (General Complaints) are noted as complaints managed under stage one review by the CMU. This means that it’s the first time the complaint has been managed by the CMU. The CMU receipt the complaint, provide it to the relevant business area for their investigation and response back to the CMU, with the response then reviewed and released by a Customer Liaison Officer (CLO). If a customer is dissatisfied with the outcome from that review they can escalate their complaint for a stage 2 review.

Stage two reviews are recognised as an Administrative Action Complaint and are undertaken by the CMU by a CLO different to the CLO that released the initial response. If a customer is dissatisfied with the outcome from that review, they can escalate their complaint for a stage 3 review.

Stage three reviews are recognised as an internal review by the Integrity and Complaints Manager. If a customer remains dissatisfied with that review outcome they can escalate their concerns to the relevant external authority.

The below graph and table provide details of the management of all complaint types for the Quarter.

Complaint Type	Open		Closed
Complaint Type	New	Legacy	New	Legacy
Administrative Action Complaints	4	0	4	0
Privacy Complaints	0	0	0	0
Publication Scheme Complaints	0	0	0	0
Ombudsman reviews	0	0	0	0
Ombudsman direct referrals received	2	0	2	0
OIC reviews	0	0	0	0
General Administrative Action Complaints	107	1	96	1
General Staff Complaints	19	1	17	1
Internal Reviews on AACs	0	0	0	0
Total	132	2	119	2

There has been a significant spike this quarter in General Complaints compared to the previous quarter. This is indicative of the success of engagement from the business in having all complaints directed into the CMU as the central intake point. It is anticipated that there will be another notable increase in the next reporting period as more awareness is raised with Council customers through the update to the website content and advice provided by the business along with State and Federal Members’ offices.

The report indicates that the CMU received 107 General Complaints up from 35 last quarter with 96 of these complaints successfully closed, 7 are still in progress and 4 are suspended due to lack of information provided by the complainant. These complaints range from Operational Work Issues, Road Maintenance, Rates Complaint, Parking Complaints and Animal Management to name a few major complaints categories. Moving forward with the complaints catalogue created in Objective, database reports can be run that can be examined for trend analysis of issues deriving from varying business areas. This analysis can be included in future quarterly reports as a top ten issues across Council.

Figures show a slight increase in General Staff Complaints. The report shows that within the 19 complaints received, 17 were successfully closed, 1 still in progress and 1 was suspended. These complaints are mainly waste truck drivers’ behaviours while servicing bins, compliance officers who are looking after enforcement notices, animal management officers and parking infringement officers. This reporting data has allowed CMU to provide feedback to relevant departments to allow the opportunity for their review of expected behaviours will all staff as Council strives to achieve strong customer service focus in all service delivery moving forward.

A slight decrease of Administrative Action Complaints from 5 to 4 indicates success in the current internal review process. This is also supported by no internal review requests being made during this quarter. Figures also support that responses being released from the CMU are addressing all core issues in complaints received and, are customer centric with the language used being understood by customers.

No requests were made for Privacy Complaints, Public Scheme Complaints, and OIC Reviews.

This will be monitored in future reporting periods. Monitoring of different processing stages reviews will also be undertaken to ensure the efficiency of the new framework and ensuring processes in complaints management.

There continues to be no requests for Internal Reviews on Administrative Action Complaints in this period. This will be monitored in future reporting periods. Indicators are that the new review process and changes to customer responses having a stronger customer focus may be the drivers here. Monitoring of different processing stages (reviews) will continue to ensure the efficiency of the new Framework and ensuing processes in complaints management.

The handling times of complaints is decreasing which is indicative of the CMU being fully resourced and having robust processes in place.

INFRINGEMENT REVIEW REPORT

Work is being undertaken in the reporting space in the CMU to improve current reporting styles to better suit business needs.

It has been identified that previous stats on infringement reviews has not provided clarity on the complexities around data variances of infringements issued versus reviews of the same, particularly around timeframes that can occur from when an infringement is first issued to when a review outcome is achieved.

To provide an oversight of those timeframes, a year of data has been provided in this report.

Moving forward this report will evolve to dovetail in with potential improved reports being delivered from PRS, which will provide a clearer perspective on what are the drivers for infringements being issued.

Review outcomes will be examined to provide opportunity for trend analysis to drive business improvement which would in turn provide insights for consideration in future education initiatives and resourcing in relevant business areas.

According to the data extracted from Council’s Crystal Report for 2019, Council issued lesser infringements as the year progressed from Qtr. 1 2018-2019 to Qtr.2 2019-2020 with 1713 and 1212 respectively as per the above graph.

The drop in infringements (local laws) issued in Qtr. 2 2019-2020 could be indicative of fixed school cameras not utilised in the time period. Based on advice received, there has been a reduction in the use of contingency workers (local laws and parking) towards the end of the year, which might likely also be an indicator for the reduction in numbers of PINS issued. Moving forward work will be undertaken to consult with PRS as they move to improve reporting in that space to provide better clarity on figure fluctuations.

Within the issued PINS for every quarter, the report shows a slight fluctuation of Infringements that received review requests. Having Jan-Mar quarter as the highest and Oct-Jan quarter as the lowest. Drivers for a reduction in review requests could be a flow on effect in education initiatives where a decision can be made for infringements issued to be waived.

DECISION MADE FOR UPHELD AND WAIVED PINS 2019

DECISION MADE	JAN - MAR 2019	APR - JUN 2019	JUL - SEP 2019	OCT - DEC 2019
Waived	675	599	809	481
Upheld	215	160	191	166
TOTAL DECISION MADE	890	759	1000	647

According to the table and graph above, Qtr. 1 2019-2020 recorded the highest number of PINS that were waived with 809 Infringements and, Qtr.1 2018-2019 scored the highest PINS upheld of 215 Infringements.

Moving forward closer work with PRS will allow for better interpretation of this data with the ability for an understanding to be developed of what if any initiatives, or seasonal issues – weather patterns etc. would drive significant variances in numbers.

CODES	JAN-MAR 2019	APR-JUN 2019	JUL-SEP 2019	OCT - DEC 2019
1	49	49	43	39
2	87	69	113	71
3	1	2	2	0
4	40	18	23	7
5	0	0	1	1
6	8	2	4	5
6 (A)	205	128	186	86
6 (B)	13	22	33	24
6 ( C)	0	1	0	0
6 (D)	4	1	4	3
6 (E)	3	1	0	1
6 (F)	35	22	24	11
6 (G)	1	0	0	0
7	1	0	38	15
ELECT	4	8	2	2
NO EXEMPTION	175	123	179	159
OTH	2	4	2	1
OWN	2	70	132	76
PPWTD	1	1	0	0
PK	0	0	0	2
SPER	35	30	10	3
WTHNPI	224	208	203	138
WTHNWN	0	0	1	0

EXEMPTION CODES	DEFINITION
1	Incorrect/Incomplete/Unclear Information – A notice has been issued containing incorrect or incomplete information (e.g. Incorrect vehicle registration number, incorrect name of offender or incorrect offence code) and this has caused the PIN to be invalid or the information recorded on the PIN is so unclear that it cannot be read.
2	Medical Certification – A medical certificate or other acceptable supporting documentation including statements from witnesses can be produced confirming that the medical condition or a medical situation at the time of the offence caused or substantially contributed to the offence occurring and that in view of such circumstances, the PIN should be withdrawn.
3	Motor Vehicle Breakdown (regulated Parking Offence) - Evidence can be produced to prove a vehicle had a mechanical problem at the time of the parking offence and that the circumstances caused the driver to park illegally.
4	People with a Disability (Regulated Parking Offences) – A valid disabled persons parking permit can be produced in instances where the vehicle would not have been issued with a PIN had the permit been affixed to the vehicle.
5	Charity Workers (Regulated Parking Offences) – The person to whom the PIN was issued was at the time of the alleged offence undertaking a bona-fide temporary duty on behalf of a charitable organisation and the offence did not involve traffic/pedestrian obstruction or safety related offences (withdrawal of a PIN under this criterion will only be applied to a first offence)
6	Extraordinary Circumstances - In a case where an application is not addressed by the abovementioned circumstances, the decision maker may determine that the circumstances are sufficient to warrant the withdrawal of the PIN.
6 (A)	Extraordinary Circumstances – Instances where a decision to uphold the PIN would be contrary to Council’s Corporate Plan, Vision, Mission and Values.
6 (B)	Extraordinary Circumstances – Instances where the likelihood of successful prosecution is low.
6 (D)	Extraordinary Circumstances – The person to whom the infringement notice was issued was involved in an emergency situation at the time of the alleged offence. (Proof of the emergency would be required, eg. Doctor’s certificate, statutory declaration, oaths acted witness statements)
6 (F)	Extraordinary Circumstances – Ambiguous, illegible, malfunctioning or damaged signage or devices which would lead to confusion about the requirements. (For ‘malfunction of parking meters, evidence is to include a witness statement or statutory declaration that correct monies were deposited into regulated parking devices)
7	Interstate Vehicle or Overseas Driver
ELECT	Offender has Elected to have the PIN decided in Magistrates Court
PPWTD	Prosecution Panel Withdrawn
NO EXEMPTION	PIN has been UPHELD
OTH	Other Circumstances
OWN	Owner cannot be located
SPER	Referred to SPER

INFRINGEMENT REVIEW REPORT FOR QTR 2 2019-2020

TOTAL PINS ISSUED	OCT - DEC 2019
LOCAL LAWS INFRINGEMENTS	15
ANIMAL INFRINGEMENTS	72
ANPR INFRINGEMENTS	463
OTHER PARKING INFRINGEMENTS	662
GRAND TOTAL	1212

TOTAL PINS REVIEWED	OCT - DEC 2019
ANIMAL INFRINGEMENTS	1
ANPR INFRINGEMENTS	65
LOCAL LAWS INFRINGEMENT	0
OTHER PARKING INFRINGEMENTS	77
GRAND TOTAL	143

TOTAL PINS UPHELD	OCT - DEC 2019
ANIMAL INFRINGEMENTS	1
ANPR INFRINGEMENTS	78
LOCAL LAWS INFRINGEMENT	0
OTHER PARKING INFRINGEMENTS	87
GRAND TOTAL	166

TOTAL PINS WAIVED	OCT - DEC 2019
ANIMAL INFRINGEMENTS	4
ANPR INFRINGMENTS	174
LOCAL LAWS INFRINGEMENTS	2
OTHER PARKING INFRINGEMENTS	301
GRAND TOTAL	481

2. Management of Right to Information and Information Privacy Applications

All RTI and Privacy Applications were processed in accordance with legislative requirements, Council Policy and Procedures. The below tables provide details of the management of all Applications for the period.

RTI Management	No.
Carried over from previous Qtr.	0
Received	9
Closed	6
Open and carried into next Qtr.	3

IP Management	No.
Carried over from previous Qtr.	5
Received	2
Closed	5
Open and will carried into next Qtr.	2

Two RTI Application’s received during this quarter are still pending (awaiting payment of application fee).

3. Status of the Transformational Projects which impact the Integrity and Governance Section’s management of complaints and RTI/IP applications

3.1 TP#6 Complaints Management Framework

The purpose of the project is to ensure a better practice, legislatively compliant and transparent whole of Council approach to:

· formal complaints made against Council as a result of dissatisfaction with services provided or a failure to provide a service; and

· complaints and reports of wrongdoing against council or staff, including allegations of fraud, corrupt conduct and public interest disclosures.

The project has progressed throughout the Quarter. All but two key deliverables are 100% delivered (Key Deliverables 1 and 2 are 90% implemented) it is anticipated that the Project will be formally closed in March 2020 by the Risk and Governance Steering Committee. Any unimplemented deliverables will be transitioned to business as usual activities.

No.	Key Deliverable	Progress achieved this period	Activities planned for next period
1	Complaints Management Policy & procedure	Continued to monitor current policies to ensure efficacy.	Legal Services Team updating policies to reflect Human Rights Act coming into effect in January 2020. Decision has been made to update/amend the Complaints Management Framework to state that all decisions made with HRA components the HRA must be considered. Post elections all other policies will be amended and put up to Committee for adoption. Discoverable evidence must be available. Considerations will be had on what this looks like. Thoughts are an assessment criteria will be developed to ensure compliance by decision makers. A new procedure is likely to be required to dovetail in with the new HRA policy being adopted.
2	Unreasonable Complaint Conduct (UCC) Policy and Manual	Once adopted tool box talks to be undertaken with operational teams so full understanding is had on responsibilities of all staff for managing UCC. This will be done quarterly to ensure staff remain current on how to use the policy	See above - this policy and procedure will now require review by Legal Services Team to ensure it is meeting HRA. This will be completed by the end of February and will sit in draft ready to go up to Committee once council comes out of caretaker mode.
3	Develop supporting templates	Continue to develop templates to build a resource for CLOs to use for first point resolution where available.	This will be an ongoing process to develop templates to build a resource for CLOs to use for first point resolution where available.
4	Rollout of web content	Web content has been tested and ready to go live on 6 December. Online complaints form being finalised with Carly Gregory and ICT team to be ready for 6 December	Review efficacy of web content (on line lodgement for complaints) by monitoring reporting on source of complaint.
5	On boarding of required governance resources to support Complaints function	Both new starts have been trained and are delivering BAU as required	Continue to present new capability building opportunities
6	Reporting	Deliver end of month report and work towards the development of Quarterly reports to suit each dept. needs. This will continue to be reviewed and amended to ensure appropriate reports are delivered.	New Quarterly report will be delivered with request for feedback on whether it is meeting business needs

The following Project Risks and Issues have been identified and appropriate mitigation and actions put in place. Risks and Issues will continue to be reviewed monthly by the Project Lead throughout the life of the Project.

Risk Description

Risk Mitigation/s

Initial Severity

Mitigated Severity

Lack of acceptance of Complaints Framework will result in:

· siloed approaches to managing complaints across the organisation

· no centralised repository of related information

· inability to make informed changes to business processes based on complaint data

· inability to effectively communicate with customers regarding delays or changes in service

· legislative non-compliance

· Creation of Complaints Management Unit (CMU) to be centralised unit for complaints management within Council

· Better practice for recording and reporting on all complaints and provision of advice to business to drive performance improvements

· Better practice in monitoring of timeframes and resolutions received for complaints

Objective system may not be able to be configured as per ICC requirements resulting in inability to produce suitable and sufficient reporting to support the monitoring of the Complaints Management Process

Increase functionality in Objective (through the purchase or creation of other modules) to allow for effective reporting. This includes the creation of metadata fields that are relevant to capturing complaints management data.

The project’s budget has been monitored throughout the period. Actuals and commitments reflect training costs when engaging the Office of the Information Commissioner in PID Awareness and Managing Organisational Risk.

FY Budget	FY Actuals & Commitments to Date	FY Forecast	FY Variance
$18 000	$17 627	$18 000	$372.73

Financial/RESOURCE IMPLICATIONS

There are no financial/resource implications.

RISK MANAGEMENT IMPLICATIONS

The greatest risk to the organisation is the lack of awareness by staff of their responsibilities under Council’s Complaint Management Framework, the Public Record Act, and RTI and IP Acts. All outside staff have attended Public Records Act, RTI Act and IP Act Training delivered by the TP#6 Project Lead. Internal staff have undertaken Office of the Information Commissioner RTI and IP Training and Queensland State Archives Records Challenge Training online via E-Hub. Training in Records, RTI and IP Act obligations and responsibilities is now a component of induction training and will be incorporated into annual refresher training for all staff.

Council has an obligation under the RTI and IP Acts to work towards open proactive disclosure, administrative access and information sharing (the “push model”). The Section will engage a consultant in early 2020 to develop a 12 month project plan using the recent organisational ‘scorecard’ developed by the Office of the Information Commission (OIC). The aim of the project plan will be to improve the organisation’s implementation of the “push model” and hopefully increase our scorecard results for the next OIC assessment. The project plan will be delivered by the Section as BAU.

Legal/Policy Basis

The following table outlines the relevant legislation and the administrative functions and services provided by the Branch:

Relevant Legislation	Integrity and Complaints Team Administrative Functions and Services Provided
Local Government Act 2009 and Local Government Regulation 2012 State Penalties Enforcement Act 1999 State Penalties Enforcement Regulation 2014 Withdrawal of Infringement Notice Policy (Council resolution, 27 February 2018) ALARMS risk rating (Council resolution, 26 April 2007)	Management complaint types: · Administrative Action Complaints and Internal Reviews · Privacy Complaints · Publication Scheme Complaints · Ombudsman Review of Complaint Management · Ombudsman Direct Referral of Complaints · Office of Information Commission (OIC) Complaint Reviews · Operational i.e. General Department complaints referred to relevant Council Depart./Branch for resolution · Infringement Reviews
Right to Information Act 2006	Management of Right to Information Applications for: · access to information that is not administratively available · internal review of a reviewable decision
Information Privacy Act 2006	Management of Information Privacy Applications: · for personal information · to amend personal information or · to investigate complaints of privacy breaches · internal review of a reviewable decision

Relevant Legislation

Integrity and Complaints Team

Administrative Functions and Services Provided

Local Government Act 2009 and Local Government Regulation 2012

State Penalties Enforcement Act 1999

State Penalties Enforcement Regulation 2014

Withdrawal of Infringement Notice Policy (Council resolution, 27 February 2018)

ALARMS risk rating (Council resolution, 26 April 2007)

Management complaint types:

· Administrative Action Complaints and Internal Reviews

· Privacy Complaints

· Publication Scheme Complaints

· Ombudsman Review of Complaint Management

· Ombudsman Direct Referral of Complaints

· Office of Information Commission (OIC) Complaint Reviews

· Operational i.e. General Department complaints referred to relevant Council Depart./Branch for resolution

· Infringement Reviews

Right to Information Act 2006

Management of Right to Information Applications for:

· access to information that is not administratively available

· internal review of a reviewable decision

Information Privacy Act 2006

Management of Information Privacy Applications:

· for personal information

· to amend personal information or

· to investigate complaints of privacy breaches

· internal review of a reviewable decision

COMMUNITY and OTHER CONSULTATION

This report did not require community engagement.

Conclusion

The Governance Section has performed its responsibilities and obligations in relation to maintaining Council’s compliance with the Local Government Act, Local Government Regulation, Right to Information Act and Information Privacy Act for the previous Quarter.

Angela Harms

Governance Manager

I concur with the recommendations contained in this report.

Tony Dunleavy

Manager Legal and Governance (General Counsel)

I concur with the recommendations contained in this report.

Sonia Cooper

General Manager Corporate Services

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

12 February

2020

Doc ID No: A6034744

ITEM: 6

SUBJECT: Overdue Recommendations as at 4 February 2020

AUTHOR: Chief Audit Executive

DATE: 4 February 2020

Executive Summary

This is a report concerning the status of each Department's progress in actioning the internal and external audit recommendations due or overdue for implementation.

Recommendation/s

That the report be received and considered.

RELATED PARTIES

Not applicable

Advance Ipswich Theme Linkage

The intention is for the Internal Audit activity to support all five themes:

Strengthening our local economy and building prosperity

Managing growth and delivering key infrastructure

Caring for the community

Caring for the environment

Listening, leading and financial management

Individual internal audits will, to a varying degree, support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.

Purpose of Report/Background

Every month each Department Head is requested to update the status of both the internal and external audit recommendations due for implementation within their area of responsibility.

Traffic lights have been introduced based on the request of the Audit and Risk Management Committee. The following is an indication of what each indicator could mean:

Light

Green

Light

Orange

Light

Red

Under control

Reasonable number

Low overall risk

Need to monitor

Number increasing

Moderate overall risk

Need to be addressed

Number problematic

High overall risk

The following Departments’ progress towards the implementation of Internal Audit recommendations, for which they are responsible, is summarised below:

Coordination & Performance
Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	1	0	0	1
In relation to: Business Case Development (A1819-01)

Corporate Services
Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	4	0	1	2
In relation to: Independent Validation of Internal Audit Self-Assessment (201609) ), Procurement and Contract Management (A1617-15), Service Request Management (A1617-17), Arboriculture (A1718-01)

Infrastructure and Environment
Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	1	0	0	1
In relation to: Enviroplan Levy (A1718-09)

Planning and Regulatory Services
Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	6	0	0	2
In relation to: Cemeteries (201504), Immunisation Program (A1718-11), Security and Safety Cameras (A1718-17), Penalty Infringement Process (A1819-13), Animal Management Branch – Pound Operations (A1819-15)

All other departments had no recommendations overdue for more than 3 months.

Financial/RESOURCE IMPLICATIONS

Resources are provided to internal audit through the annual audit plan and budgeting processes. No additional resources are required because of this report. However management will have to consider their implications to implement the recommendations as per the individual reports.

RISK MANAGEMENT IMPLICATIONS

Each of the individual reports provides for a control environment opinion as well as individual risk ratings per individual findings and recommendations. The importance is for management to implement the individual recommendations well to either address or diminish the exposure for Council, or explain why it is acceptable to not implement the suggested improvements.

Legal/Policy Basis

This report and its recommendations are consistent with the following legislative provisions:

Local Government Act 2009

Local Government Regulation 2012

COMMUNITY and OTHER CONSULTATION

Internal Audit mostly consults internally to the organisation and its management in conducting the internal audits and finalising the reports.

Conclusion

Total Internal Audit recommendations overdue for more than 3 months and level of risk:

Minimal and Low not indicated.

Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	15	0	1	8
29 October 2019	10	0	0	6

Total Internal Audit recommendations open and level of risk:

Date of Report	Total open	Catastrophic	High	Moderate
4 February 2020	32	0	1	21
29 October 2019	47	0	3	30

Total External Audit recommendations overdue and level of risk:

Ratings as used by QAO.

Date of Report	Total overdue	High	Moderate	Low
4 February 2020	6	1	2	3
29 October 2019	6	1	2	3

Total External Audit recommendations open and level of risk:

Date of Report	Total open	High	Moderate	Low
4 February 2020	7	2	2	3
29 October 2019	9	3	3	3

Total Investigation/Ad Hoc Report recommendations overdue and level of risk:

Minimal and Low not indicated.

Date of Report	Total overdue	Catastrophic	High	Moderate
4 February 2020	2	0	0	1
29 October 2019	0	0	0	0

Total Investigation/Ad Hoc Report recommendations open and level of risk:

Date of Report	Total open	Catastrophic	High	Moderate
4 February 2020	6	0	0	4
29 October 2019	34	0	7	19

Overall Status
The total number of overdue recommendations have gone up slightly, but the overall number of open recommendations have gone down significantly. This is a positive result in the light of Investigations/Ad-hoc Reports now forming part of all the statistics.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Recommendations Statistics and Overdue Summary
2.	Internal Audit Recommendations overdue for more than 3 months
3.	External Audit Recommendations overdue for more than 3 months
4.	Investigations/Ad-hoc report recommendations overdue for more than 3 moths

Freddy Beck

Chief Audit Executive

I concur with the recommendations contained in this report.

Freddy Beck

Chief Audit Executive

“Together, we proudly enhance the quality of life for our community”

Audit and Risk Management Committee

Meeting Agenda

12 February

2020

Doc ID No: A6016760

ITEM: 7

SUBJECT: Insurance and Risk Update

AUTHOR: Governance Manager

DATE: 20 January 2020

Executive Summary

This is a report concerning Council’s Insurance Statistics for the period 1 October 2019 to
31 December 2019 and the implementation status of Transformational Project # 7 Risk Management Framework (TP#7).

Recommendation/s

That the report be received and the contents noted.

RELATED PARTIES

Related parties to this report include:

All members of ELT, Business Transformation Program Steering Committee members, Council’s third level Managers, Principal Risk and Compliance Specialist, Senior Insurance Officer and the Corporate Governance Manager. There are no perceived conflict of interest issues regarding this report.

Advance Ipswich Theme

Listening, leading and financial management

Purpose of Report/Background

To inform the Committee of:

1. Corporate Insurance Statistics for the Quarter

2. Status of Transformational Project # 7 Risk Management

1. Corporate Insurance Statistics for the period 1 October 2019 to 31 December 2019

The following table and graph provide a high-level of insurance claims for the period (refer Attachment 1 for detail):

2. Status of Transformational Project No. 7 Risk Management Framework (TP#7)

The purpose of the TP#7 project is to develop a better practice and consistent whole of Council approach to Enterprise Risk Management (ERM) in order to proactively identify, manage and respond to issues that represent risks to achieving Council’s strategic objectives.

The project consists of five (5) subprojects:

1. Enterprise Risk Management Program (ERM Program)

2. Fraud and Corruption Control Program (FCCP)

3. Good Decision making and Ethics Principles

4. Business Continuity Planning (BCP)

5. Project Risk Management Model

Subproject Updates as at 27 december 2019:

1. Enterprise Risk Management Program (ERM Program)

· 2^nd round of Corporate/Departmental risk workshops were held during November 2019 to review and update risk registers.

· Insurance and Risk Section will now undertake review work with the GMs/BMs in relation to identified action plans for update at the workshops in March 2020.

· Finance have been provided with the Corporate/Departmental risk actions plans for further discussions with ELT for inclusion in next year’s budget.

· During the 1^st quarter of 2020, will undertake a further analysis of the controls in place for the Corporate and Departmental risk registers

· A calendar has been prepared for 2020’s risk workshops with the first ELT Risk Committee scheduled for 4 February 2020 and the Departmental workshops commencing in March 2020.

· Sean Madigan, GM Co-ordination and Performance will be presenting today’s committee on how he is managing his departmental risks and contributing to the overall management of corporate risks.

Corporate Risk Register

During October and November 2019 a review was undertaken to review the risk descriptions, the causes, the impacts, likelihood and consequence rating and develop action plans for the eight risks which are the primary area of focus for review at the February 2020 workshop with ELT.

Departmental Risk Registers

A review was undertaken of the five Departmental risk registers during October and November 2019 to review of the risk descriptions, the causes, the impacts, likelihood and consequence rating and development of action plans for the risks which are the primary area of focus for each Department at the March 2020 Departmental workshops with the GM's and Branch Managers.

Risk Profile

For discussion at the ELT Risk Committee meeting to be held on 3 April 2020 will be the Risks for Consideration – potential Corporate Risks as per the descriptions below, which were identified by PWC in their one-on-one meetings with the CEO and General Manager’s during November 2019.

· State/Federally funded infrastructure meeting growth demands and social equity

· Commercial disputes

· Climate Change

· Department outcomes align with Council Strategy

· Internal Audit/Ethical Standards

Risk Appetite

Price, Waterhouse and Cooper (PWC) still developing a Risk Appetite Statement for Council. after consultation and discussion with ICC it has been decided that the Statement will not be finalised until early in the new year after the next round of Risk Workshops (February/March 2020) and be finalised prior to the return of elected representatives.

Reporting

PWC have provided "draft" templates for reporting. The Project Team is still progressing the reporting timeframes and reporting templates with the TP#1 project team.

Implementation of the Risk Management Framework and Training.

The Risk Management Framework (the framework), Procedure and Administrative Directive that were adopted and endorsed last year are to be added to the WIRE in January 2020.

PWC have provided a Risk Management Training pack which will be used and included in the Induction training for all new staff from February 2020. In the longer term risk management training is in the process of being developed based on the framework, Procedure and Administrative Directive and will be rolled out during the first half of 2020.

2. Fraud and Corruption Control

The Fraud and Corruption Control Policy, Administrative Directive and Fraud and Corruption Control Plan (FCCP) that were adopted and endorsed last year are to be added to the WIRE in January 2020.

The final Fraud Control Framework Review report was received from PWC in early December 2019. This report along with the Management’s Responses to the sixteen (16) recommendations will be presented for consideration at the ELT Risk Committee meeting on 4 February 2020.

Fraud and Corruption Control Risk Register

A totally new Fraud and Corruption Control Risk Register has been developed and will be presented for consideration at the ELT Risk Committee meeting on 4 February 2020.

During the 1^st quarter of 2020, will undertake a further analysis of the controls in place for the Fraud and Corruption Control risk register.

Establishment of a Fraud and Corruption Control Committee

Pending endorsement by ELT of the management’s responses to the sixteen (16) recommendations in the PWC report, discussions will be undertaken with the CEO and IA to determine the establishment of a Fraud and Corruption Control Committee.

Reporting

PWC have provided "draft" templates for reporting. The Project Team is still progressing the reporting timeframes and reporting templates with the TP#1 project team.

3. Good Decision making and Ethics Principles

Due to unforeseen staff absence, work has not progressed on sub-project as planned. The Officer was scheduled to return to work on Monday 21 October but is again on unplanned leave. The project schedule for this sub-project will be reviewed and new deliverable dates approved by the Risk and Governance Steering Committee.

4. Business Continuity Planning

The Business Continuity Management Administrative Directive, Framework, Business Continuity Plan template, Business Impact Analysis (BIA) template and Business Continuity Plan and four (4) Response Plans were adopted and endorsed last year.

The documents are available on the WIRE and have been made available to ELT members on a USB stick. ICT Disaster Plan will be progressed over the next few months and transitioned to BAU.

The development of a Business Continuity test exercise will commence in the near future in the anticipation that the exercise will be carried out in the first half of 2020.

5. Project Risk management Model

Completed and now operationalised and BAU.

Legal/Policy Basis

In managing risk and insurance for the organisation Council officers perform their duties in keeping with the Local Government Principles of:

· transparent and effective processes, and decision-making in the public interest;

· good governance of, and by, local government; and

· ethical and legal behaviour of Councillors and local government employees

The following table outlines the relevant legislation and the administrative functions and services provided by the Section:

Relevant Legislation	Corporate Services Section Functions and Services Provided
Local Government Act 2009 Local Government Regulation 2012 AS/NZS ISO 31000:2018 Risk Management – Principles and Guidelines	Manage and coordinate: · the implementation of Council’s Risk Management Framework · public liability claims from external customers · public liability claims for Councillors and staff · negotiate (within Delegated Authority), on behalf of Council any insurance resolutions · the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc. · the renewal of Council insurance policies (excluding Workers Compensation) · the provision of expert insurance and risk advice to both external and internal stakeholders · recover costs from damaged made by third parties to Council assets

Relevant Legislation

Corporate Services Section

Functions and Services Provided

Local Government Act 2009

Local Government Regulation 2012

AS/NZS ISO 31000:2018 Risk Management – Principles and Guidelines

Manage and coordinate:

· the implementation of Council’s Risk Management Framework

· public liability claims from external customers

· public liability claims for Councillors and staff

· negotiate (within Delegated Authority), on behalf of Council any insurance resolutions

· the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc.

· the renewal of Council insurance policies (excluding Workers Compensation)

· the provision of expert insurance and risk advice to both external and internal stakeholders

· recover costs from damaged made by third parties to Council assets

RISK MANAGEMENT IMPLICATIONS

It is essential that TP#7 Risk Management be successfully implemented and that risk management is embedded in the organisation. The management of corporate risks lies with the CEO and all General Managers, with department risk management the responsibility of the respective General Manager. The Corporate Governance Section and the Principal Risk and Compliance Specialist can provide the necessary framework, policy, procedures, advice etc., but successful risk management will only be achieved if senior management takes responsibility for managing the risk and fraud registers, implements appropriate controls and leads the organisation in developing a strong risk management culture and increasing the organisation’s risk management capabilities.

Financial/RESOURCE IMPLICATIONS

TP#7 has a financial year (FY) budget of $87,000. FY actuals and commitments to date (costs incurred with engagement of PWC) total $176,437. The current FY forecast is $204,000 resulting in a variance of $166,600. The project budget is monitored by the Project Lead and by the TPCT.

COMMUNITY and OTHER CONSULTATION

This report did not require community engagement.

Conclusion

Council has, for some time, needed to implement a better practice Risk Management Framework and to increase the culture and capability of the organisation to manage risk efficiently and effectively. With the successful delivery of TP#07 Risk Management Framework, Council is positioning itself be an exemplar Council in the management of Risk and Insurance.

Attachments and Confidential Background Papers

	CONFIDENTIAL
1.	Insurance Claims for the Period 1 October to 31 December 2019
2.	LGM Insurance Claims over $15,000 for the period

Angela Harms

Governance Manager

I concur with the recommendations contained in this report.

Tony Dunleavy

Manager Legal and Governance (General Counsel)

I concur with the recommendations contained in this report.

Sonia Cooper

General Manager Corporate Services

“Together, we proudly enhance the quality of life for our community”

Rating Definitions
5	Indicates unacceptable control environment or critical operating or control problems or extreme exposure.
4	Indicates unsatisfactory control environment or significant operational, procedural or control deficiencies or high exposure.
3	Indicates limited control environment or some operational, procedural or control deficiencies, issues or moderate exposure
2	Indicates acceptable control environment or minor operational, procedural or control deficiencies, issues or exposure.
1	Indicates well controlled environment or no or limited unfavourable audit findings, observations or exposure.

	CONFIDENTIAL
1.	Audit & Risk summary report - 12th Feb 2020
2.	TP4 - Asset Management - Project close report
3.	Strategic Asset Management Framework
4.	Asset Management Strategy
5.	Asset Management Policy
6.	Buildings and Facilities AMP
7.	Drainage and Flood Mitigation AMP
8.	Parks and Recreation AMP
9.	Roads and Transport AMP
10.	Grievance Management - Implementation Plan
11.	Performance Management - Implementation Plan
12.	TP3 Procurement - Implementation Plan
13.	Project Close Register (Actions for Transition to BAU)

Control Environment Opinion Summary over Areas in Scope of Audits	5	4	3	2	1

1.	Internal Audit Register ⇩

	CONFIDENTIAL
2.	Internal Audit Activity Report
3.	Internal Audit Recommendations Implemented
4.	External Audit Recommendations Implemented
5.	Investigations/Ad-hoc Report Recommendations Implemented

	CONFIDENTIAL
1.	2020 Draft External Audit Plan
2.	ICC briefing paper as at 12 February 2020

INTRODUCTION

RECOMMENDATION

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme Linkage

Purpose of Report/Background

Financial/RESOURCE IMPLICATIONS

RISK MANAGEMENT IMPLICATIONS

Legal/Policy Basis

COMMUNITY and OTHER CONSULTATION

Conclusion

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme Linkage

Purpose of Report/Background

Financial/RESOURCE IMPLICATIONS

RISK MANAGEMENT IMPLICATIONS

Legal/Policy Basis

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

RELATED PARTIES

Advance Ipswich Theme

Purpose of Report/Background

Legal/Policy Basis

RISK MANAGEMENT IMPLICATIONS

Financial/RESOURCE IMPLICATIONS

COMMUNITY and OTHER CONSULTATION

Conclusion

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

PURPOSE OF REPORT/BACKGROUND

Attachments and Confidential Background Papers

Executive Summary

Recommendation/s

PURPOSE OF REPORT/BACKGROUND

Attachments and Confidential Background Papers