Risk and Assurance Committee Agenda

NOTICE IS GIVEN that the next meeting of the Risk and Assurance Committee will be held via Zoom (Audio Visual Meeting) on:

Thursday 2 December 2021 COMMENCING AT 09:30 am

 

This meeting will be livestreamed and recorded.

The Public section of this meeting will be livestreamed and recorded and uploaded to Bay of Plenty Regional Council’s website. Further details on this can be found after the Terms of Reference within the Agenda. The livestream will be at Council’s YouTube channel: Bay of Plenty Regional Council - YouTube

Fiona McTavish

Chief Executive, Bay of Plenty Regional Council Toi Moana

24 November 2021

 


 

Risk and Assurance Committee

Membership

Chairperson

Cr David Love

Deputy Chairperson

Bruce Robertson (Independent)

Members

Cr Bill Clark

Cr Stuart Crosby

Cr Andrew von Dadelszen

Cr Te Taru White

Ex Officio

Chairman Doug Leeder

Quorum

Three members, consisting of half the number of members

Meeting frequency

Quarterly

Purpose

Monitor the effectiveness of Council’s funding and financial policies and frameworks to ensure the Council is managing its finances in an appropriate manner.

Monitor the effectiveness of Council's performance monitoring framework.

Ensure that Council is delivering on agreed outcomes.

Role

·             Monitor the effectiveness of Council’s funding and financial policies and Council’s performance monitoring framework (financial and non-financial);

·             Review Council’s draft Annual Report prior to Council’s adoption;

·             Receive and review external audit letters and management reports;

·             Approve and review the internal audit plan and review the annual programme report;

·             Approve, review and monitor Council’s risk framework and policy;

·             Review the risk register;

·             Monitor Council’s legislative compliance and receive reporting on non-compliance matters as part of risk management reporting.

Power to Act

To make all decisions necessary to fulfil the role and scope of the committee subject to the limitations imposed.

Power to Recommend

To Council and/or any standing committee as it deems appropriate.

·             The Risk and Assurance Committee is not delegated authority to:

·             Develop, review or approve strategic policy and strategy.

·             Develop, review or approve Council’s Financial Strategy, funding and financial policies and non-financial operational policies and plans.

The Risk and Assurance Committee reports directly to the Regional Council.


 

Recording of Meetings

Please note the Public section of this meeting is being recorded and streamed live on Bay of Plenty Regional Council’s website in accordance with Council's Live Streaming and Recording of Meetings Protocols which can be viewed on Council’s website. The recording will be archived and made publicly available on Council's website within two working days after the meeting on www.boprc.govt.nz for a period of three years (or as otherwise agreed to by Council).

All care is taken to maintain your privacy; however, as a visitor in the public gallery or as a participant at the meeting, your presence may be recorded. By remaining in the public gallery, it is understood your consent is given if your image is inadvertently broadcast.

Opinions expressed or statements made by individual persons during a meeting are not the opinions or statements of the Bay of Plenty Regional Council. Council accepts no liability for any opinions or statements made during a meeting.

 


Bay of Plenty Regional Council - Toi Moana

Governance Commitment

mō te taiao, mō ngā tāngata - our environment and our people go hand-in-hand.

 

 

We provide excellent governance when, individually and collectively, we:

·       Trust and respect each other

·       Stay strategic and focused

·       Are courageous and challenge the status quo in all we do

·       Listen to our stakeholders and value their input

·       Listen to each other to understand various perspectives

·       Act as a team who can challenge, change and add value

·       Continually evaluate what we do

 

 

TREAD LIGHTLY, THINK DEEPLY,
ACT WISELY, SPEAK KINDLY.


Risk and Assurance Committee                                                                                 2 December 2021

Recommendations in reports are not to be construed as Council policy until adopted by Council.

Agenda

1.       Apologies

2.       Public Forum

3.       Items not on the Agenda

4.       Order of Business

5.       Declaration of Conflicts of Interest

6.       Public Excluded Business to be Transferred into the Open

7.       Minutes

Minutes to be Confirmed

7.1       Risk and Assurance Committee Minutes - 21 October 2021                                                                                        1

8.       Reports

Information Only

8.1       Committee Chairperson's Report                                      1

Attachment 1 - Risk and Assurance Work Programme - March to September 2022                                                                     1

Attachment 2 - Risk and Assurance Completed Work Programme - March to October 2021                                                         1

8.2       Internal Audit status update                                              1

8.3       Key Risk Register                                                                 1

9.       Public Excluded Section

Resolution to exclude the public

Excludes the public from the following parts of the proceedings of this meeting as set out below:

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

Item No.

Subject of each matter to be considered

Reason for passing this resolution in relation to each matter

Grounds under Section 48(1) for the passing of this resolution

When the item can be released into the public

9.1

Public Excluded Risk and Assurance Committee Minutes - 21 October 2021

As noted in the relevant Minutes.

As noted in the relevant Minutes.

To remain in public excluded.

 

Minutes to be Confirmed

9.1       Public Excluded Risk and Assurance Committee Minutes - 21 October 2021

10.     Public Excluded Business to be Transferred into the Open

11.     Readmit the Public

12.     Consideration of Items not on the Agenda


Risk and Assurance Committee Minutes

21 October 2021

 

Risk and Assurance Committee

Open Minutes

Commencing:               Thursday 21 October 2021, 09:30 am

Venue:                           Regional House, 1 Elizabeth Street, Tauranga and via Zoom

Chairperson:                 Cr David Love

Deputy Chairperson:   Bruce Robertson

Members:                      Cr Bill Clark

Cr Stuart Crosby

Cr Andrew von Dadelszen

Cr Te Taru White

Chairman Doug Leeder (Ex Officio)

In Attendance:             Councillors: Paula Thompson, Jane Nees, Matemoana McDonald, Lyall Thurston and Kevin Winters

Staff: Mat Taylor – General Manager Corporate; Namouta Poutasi – General Manager, Strategy and Science; Debbie Hyland – Finance & Transport Operations Manager; Jessica Easton – Legal and Commercial Manager; Andy Dixon – Treasury & Tax Specialist; Yvonne Tatton – Governance Manager; Steven Slack – Risk & Assurance Manager; Aaron Huggins – Principal Internal Auditor; Nicola Green Principal Advisor, Policy & Planning; Zhivan Alach – Organisational Performance Manager; Tobias Fransson – Performance Analyst and Merinda Pansegrouw – Committee Advisor

External Presenters: Leon Pieterse and Anton Labuschagne – Audit New Zealand

 

Declaration of Public Recording

Committee members and the public were reminded that the public section of the meeting was being recorded and would be made available on the Bay of Plenty Regional Council website following the meeting and archived for a period of three years as noted on page 4 of the agenda.

Recordings of Meeting:     Risk & Assurance Committee - 21 October 2021 - YouTube

Risk and Assurance Committee - 21 October 2021 - Part Two - YouTube 

 

1.     Order of Business

Members agreed to the reordering of items to accommodate external presenters from Audit New Zealand for items 8.5 “Audit New Zealand Final Management Report on Long Term Plan 2021-2031” and 8.6 “2020/21 Draft Annual Report Review”.

2.     Declaration of Conflicts of Interest

None.

3.     Minutes

Minutes to be Confirmed

3.1

Risk and Assurance Committee Minutes - 10 June 2021

 

Resolved

That the Risk and Assurance Committee:

1       Confirms the Risk and Assurance Committee Minutes - 10 June 2021 as a true and correct record.

Love/Robertson

CARRIED

 

4.     Reports

Information Only

4.1

Committee Chairperson's Report

General Manager, Corporate Mat Taylor presented the report, updating members on the Risk and Assurance Committee’s activities and the updated Risk and Assurance Work Programme for 2021.

 

Items for Staff Follow Up:

·    To consider including auditing of the delivery of Provincial Growth Fund (PGF) and other Crown Infrastructure Partnership Funding Streams as a future workstream

·    To consider a stronger reporting mechanism to capture the impacts of the Covid-19 pandemic in terms of business interruption/reporting/looking ahead in the context of “living with Covid-19 in the future”.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Committee Chairperson's Report.

Love/Robertson

CARRIED

 

4.2

Chairman's Discretionary Fund 2020/21

General Manager, Corporate Mat Taylor presented the report.

Chairman David Love stated that, in his capacity as Chairman of the Board of Management for Classic Flyers and being involved in the Rotary Club supporting the Rotary Youth Driver Awareness (RYDA), he had been advised that he had no conflict of interest to declare for this item.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Chairman's Discretionary Fund 2020/21.

Love/Robertson

CARRIED

 

4.3

Expenditure and Koha Report for the year ended 30 June 2021

Presented by Debbie Hyland – Finance & Transport Operations Manager and Andy Dixon – Treasury & Tax Specialist, assisted by Jessica Easton – Legal and Commercial Manager.

Key Points:

·    Redacted information in the report related to the names of private individuals rather than associations/public entities

·    Confirmed that Toi Moana’s expenditure system/payments processes had been extensively reviewed by Audit New Zealand.

Key Point - Members:

·    Noted that the payment of $1.8 m to Otago Regional Council related to the implementation of the Regional Integrated Ticketing System (RITS).

Key Points - Staff:

·    Had implemented a contracts model since August 2021 that allowed the tracking of contracts against spending and financial systems; provided transparency of what was happening across the organisation; enabled the tracking of spending against contractors/contracts and suppliers.  All new contracts would be uploaded to provide greater reporting capability/visibility over all of Council’s spending in future

·    A formal policy “Te Mana O Te Koha (Koha Guidelines)” guiding the payment of koha was in place and had been applied.

 

Items for Staff Follow Up:

·    Un-redacted version of the item’s attachment “Expenditure and Koha Report for the year ended 30 June 2021” to be provided to Committee Members via electronic mail

·    In future, redacted information to be provided to Committee Members in the public excluded part of the agenda of meetings

·    A copy of Council’s Koha Payment Policy “Te Mana O Te Koha (Koha Guidelines)” to be distributed to Committee Members.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Expenditure and Koha Report for the year ended 30 June 2021.

Love/Robertson

CARRIED

 

4.4

Summary of Councillors' Expenditure July 2020 - June 2021

Presented by Governance Manager Yvonne Tatton.

Key Points - Staff:

·    Confident that a robust checking procedure was in place to ensure payments were correct

·    In terms of Council policy, the “Good Decision Making Certification”/RMA-certification was deemed as Council related business

·    The variance in payment between $950 and $990 for communication allowance related to the issuing of printers based on an earlier policy which had since been amended

·    The Elected & Appointed Members Allowances & Expenses Policy clarified that, “Council business” related to seminars, training courses and conferences where members attended as an official representative on the Council’s behalf and with the approval of the Chairman. “Professional development” referred to where a Councillor attended a conference/seminar that was of interest to them, but not essential to the representation or business of Council.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Summary of Councillors' Expenditure July 2020 - June 2021.

Love/Robertson

CARRIED

 

4.5

Essential Freshwater Policy Programme Risks

Presented by Nicola Green Principal Advisor, Policy & Planning, supported by Namouta Poutasi – General Manager, Strategy and Science.

Key Points:

·    Outlined the significant risks for the Essential Freshwater Policy Programme relating to legislated obligations, environmental outcomes, progressing partnerships with Māori, and relationships

·    Risks had been presented to the Strategy and Policy Committee who had referred them to the Risk and Assurance Committee for information

·    Was confident that staff had actions in place to minimise/mitigate risks where possible

·    Changes to risks over time:

o Timeframes: review of deadline for notification to be reviewed by the Strategy and Policy Committee at its next meeting

o Overseer: Government’s position had since been released and  staff was investigating alternative options for consideration of a future replacement tool.

Key Points - Members:

·    Endorsed the referral of the Essential Freshwater Policy Programme risks from the Strategy and Policy Committee to the Risk and Assurance Committee as good corporate governance

Key Point - Staff:

·    Project Lead Team was continuously reviewing the risks of the programme as part of best practice project management principles.

 

Items for Staff Follow Up:

·    Verify if Waikato Regional Council was currently using Overseer as a tool and provide feedback to Committee Members accordingly.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Essential Freshwater Policy Programme Risks.

Love/Robertson

CARRIED

 

4.6

Local Government Official Information and Meetings Act 1987 - Annual Report 1 July 2020 to 30 June 2021

Presented by Legal and Commercial Manager Jessica Easton.

 

Items for Staff Follow Up:

·    Future annual reports to the Risk and Assurance Committee on Local Government Official Information and Meetings Act 1987 (LGOIMA) to include a breakdown of staff resources spent on LGOIMA requests

·    Future LGOIMA annual reports to include a schedule detailing the nature of the LGOIMA requests

·    In the interim, available information on staff resources spent on LGOIMA requests for the July 2020 to June 2021 period to be provided to Committee Members informally

·    Provide a breakdown of requests received from iwi-based organisations as part of future LGOIMA annual reports; in the meantime informally advise Committee Members of this information for the July 2020 to June 2021 period.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Local Government Official Information and Meetings Act 1987 - Annual Report 1 July 2020 to 30 June 2021.

Love/Robertson

CARRIED

 

4.7

Internal Audit Status Update and 2020/21 Annual Report

Presented by Principal Internal Auditor Aaron Huggins.

Key Points - Members:

·    Expressed appreciation for the significant progress made in closing internal audit reviews/actions.

Key Points - Staff:

·    Confirmed that the Internal Audit scope of work/reporting on Information Communication and Technology (ICT) Security would include taking into account a culture of cyber security/clear role and responsibilities/holistic risk management and incident management

·    Security actions would be aligned with requirements from the New Zealand Information Security Manual (NZISM) as directed by the Government Communications Security Bureau (GCSB).

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Internal Audit Status Update and 2020/21 Annual Report.

Love/Robertson

CARRIED

 

10:20 am - The meeting  adjourned.

10:45 am - The meeting  reconvened.

4.8

2020/21 Draft Annual Report Review

 

Presented by Debbie Hyland - Finance & Transport Operations Manager, Zhivan Alach, Organisational Performance Manager and Tobias Fransson, Performance Analyst.

Audit Director Leon Pieterse and Audit Manager Anton Labuschagne, Audit New Zealand (Audit NZ) attended to response to questions relating to the audit process.

Key Points:

·    Draft Annual Report 2020/21 for the Bay of Plenty Regional Council Toi Moana contained the draft financial and non-financial performance results of the Council for the year ended 30 June 2021 and consolidated financial statements for the Council Group which included 100% Council-owned subsidiary (Quayside Holdings) and majority owned Council-owned subsidiary (Toi Moana Trust)

The Draft was submitted to the Risk and Assurance Committee in its role to receive and review the draft Annual Report. In the meantime Audit NZ’s auditing process was ongoing.

Key Points – Audit NZ:

·    Auditing was progressing well with all aspects on track to finalise the process for planned adoption by Council on 10 November 2021

·    However, a possible lag in process due to staff shortage remained a risk, and would continue to keep Council informed

·    Currently reviewing the Statement of Service Performance (SSP)/Patronage evidence reporting requirements – technical clearance.

Key Points - Staff:

·    Confirmed that total expenditure for staff (including contractors and consultants) was within the allocated budget.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, 2020/21 Draft Annual Report review.

Love/Robertson

CARRIED

 

4.9

Audit New Zealand Final Management Report on Long Term Plan 2021-2031

Presented by Finance & Transport Operations Manager Debbie Hyland.

 

Audit Director Leon Pieterse and Audit Manager Anton Labuschagne, Audit New Zealand (Audit NZ) were available to respond to any questions.

 

Resolved

That the Risk and Assurance Committee:

1       Receives the report, Audit New Zealand Final Management Report on Long Term Plan 2021-2031.

Love/Robertson

CARRIED

 

5.     Public Excluded Section

Resolved

Resolution to exclude the public

1       Excludes the public from the following parts of the proceedings of this meeting as set out below:

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

Item No.

Subject of each matter to be considered

Reason for passing this resolution in relation to each matter

Grounds under Section 48(1) for the passing of this resolution

When the item can be released into the public

5.1

Public Excluded Risk and Assurance Committee Minutes - 10 June 2021

As noted in the relevant Minutes.

As noted in the relevant Minutes.

To remain in public excluded.

5.2

Infrastructure Insurance Review - Flood Risk Assessment

Withholding the information is necessary to enable any local authority holding the information to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).

48(1)(a)(i) Section 7 (2)(i).

On the Chief Executive's approval.

5.3

Legal Services - Annual Report 1 July 2020 to 30 June 2021

Withholding the information is necessary to maintain legal professional privilege; Withholding the information is necessary to enable any local authority holding the information to carry out, without prejudice or disadvantage, commercial activities; Withholding the information is necessary to enable any local authority holding the information to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).

48(1)(a)(i) Section 7 (2)(g); 48(1)(a)(i) Section 7 (2)(h); 48(1)(a)(i) Section 7 (2)(i).

To remain in public excluded.

5.4

Legislative Compliance - Annual Report 1 July 2020 to 30 June 2021

Making the information available would be likely to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial; Withholding the information is necessary to maintain legal professional privilege.

48(1)(a)(i) Section 6 (a); 48(1)(a)(i) Section 7 (2)(g).

To remain in public excluded.

5.5

Completed Audit Reviews (Q4 FY20/21)

Withholding the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.

48(1)(a)(i) Section 7 (2)(j).

To remain in public excluded.

5.6

Key Risk Register

Withholding the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.

48(1)(a)(i) Section 7 (2)(j).

On the Chief Executive's approval.

Love/Robertson

CARRIED

 

6. Public Excluded Business to be Transferred into the Open

 

6.1

Item 9.5 - Completed Audit Reviews (Q4 FY20/21)

Tabled Document 1 - Public Excluded Item 9.5 released into the Open (Report and Attachments 1 and 2): Objective ID A3964755   

 

 

Resolved

That the Risk and Assurance Committee:

1       Confirms that the report “Completed Audit Reviews (Q4 FY20/21)” and its attachments be release into the Public.

Love/Robertson

CARRIED

12:30 pm – the meeting closed.

 

 

Confirmed                                                                                                                      

                                                                                                                    Cr David Love

Chairperson, Risk and Assurance Committee


 


 

 

 

 

Report To:

Risk and Assurance Committee

Meeting Date:

2 December 2021

Report Writer:

Mat Taylor, General Manager, Corporate

Report Authoriser:

Mat Taylor, General Manager, Corporate

Purpose:

Update on Risk and Assurance Committee Activities

 

 

Committee Chairperson's Report

 

Executive Summary

This report provides the Committee with an update on Risk and Assurance Committee activities.

 

Recommendations

That the Risk and Assurance Committee:

1       Receives the report, Committee Chairperson's Report.

 

1.         Introduction

The report shows an updated Risk and Assurance Work Programme and an updated Risk and Assurance Completed Work Programme.

1.1       Alignment with Strategic Framework

 

A Healthy Environment

Freshwater for Life

Safe and Resilient Communities

A Vibrant Region

The Way We Work

We continually seek opportunities to innovate and improve.

 

1.1.1    Community Well-beings Assessment

Dominant Well-Beings Affected

¨ Environmental

 

¨ Cultural

 

¨ Social

 

þ Economic

 

 

 

2.         Risk and Assurance Work Programme

Appendix 1 shows the Risk and Assurance Work Programme for 2022. This Work Programme sets out the planned and scheduled reporting to the Risk and Assurance Committee.

The appendix is categorised to identify the broad areas of responsibility for the Committee. Other items may be added by councillors and staff should this be required to respond to issues as they occur throughout the year.

3.         Risk and Assurance Completed Work Programme

Appendix 2 shows the Risk and Assurance Completed Work Programme for the period March to October 2021.

4.         Considerations

4.1       Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

4.2       Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3       Implications for Māori

There are no implications for Māori.

4.4       Financial Implications

This work is being undertaken within the current budget for the Government Activity in Year 1 of the Long Term Plan 2018 – 2028.

5.         Next Steps

None

 

Attachments

Attachment 1 - Risk and Assurance Work Programme - March to September 2022

Attachment 2 - Risk and Assurance Completed Work Programme - March to October 2021   


Risk and Assurance Committee                                                                     2 December 2021

PDF Creator


Risk and Assurance Committee                                                                     2 December 2021

PDF Creator

PDF Creator


 

 

 

 

Report To:

Risk and Assurance Committee

Meeting Date:

2 December 2021

Report Writer:

Aaron Huggins, Principal Internal Auditor

Report Authoriser:

Mat Taylor, General Manager, Corporate

Purpose:

To provide an update on the internal audit program and the audit plan.

 

 

Internal Audit status update

 

Executive Summary

This report provides an update on the status of internal audit activities as at 30 September 2021 and includes:

·          The status of internal audit reviews in the current year;

·          The status of follow up of internal audit recommendations and management actions to 30 September 2021.

 

Recommendations

That the Risk and Assurance Committee:

1.         Receives the report, Internal Audit status update.

 

1.         Introduction

This report provides the quarterly update on internal audit activity undertaken by internal audit staff and external assurance specialists as part of Bay of Plenty Regional Council’s co-sourced internal audit approach.  It includes:

·      The status of internal audit reviews in the current year;

·      The status of follow up of internal audit recommendations and management actions to 30 September 2021.

1.1       Alignment with Strategic Framework

 

The Way We Work

We continually seek opportunities to innovate and improve.

2.         Internal Audit Work Plan 2021/22 Status

Based on the Internal Audit Work Plan 2020/21 the following table summarises the status of internal audit reviews for 2020/21.

Review

Field work

GM Sponsor

Status

Status of Internal Audit

Planning /Scope

Fieldwork

Draft Report

Mgmt Actions

Final Report

Project management

BOPRC

Corporate

In Progress

In Progress

 

 

 

 

Business continuity management

BOPRC

Chief Executive

In Progress

In Progress

 

 

 

 

Pest management plan

BOPRC

Integrated Catchments

In Progress

In Progress

 

 

 

 

Risk management

Co-Source

Corporate

In Progress

In Progress

 

 

 

 

Laboratory services – benefits realisation

BOPRC

Regulatory Services

In Progress

In Progress

 

 

 

 

Post-COVID funding readiness

BOPRC

Integrated Catchments

In Progress

In Progress

 

 

 

 

Compliance process

BOPRC

Regulatory Services

In Progress

In Progress

 

 

 

 

Payroll

BOPRC

People & Leadership

In Progress

In Progress

 

 

 

 

ICT Security Review (20/21)

BOPRC

Corporate

Complete

Complete

Complete

In Progress

 

 

The ICT Security Review (from the 2020/21 Internal Audit Plan) is nearing completion, and is expected to be presented at the next Risk and Assurance Committee meeting.  We note that during the course of the review the Digital team continue to proactively address identified issues where they present potential security gaps.

3.         Internal Audit Follow Up

Internal Audit has reviewed all open management actions as part of the follow up work in the 2020/21 Work Plan.

Management actions

At the start of the quarter (1 July 2021) there were 44 open management actions.

During the quarter four actions were closed and no actions were added. The total of actions open as at 30 September 2021 is 41, the majority of these relate to Policy Framework (ten), Fraud Risk Assessment (nine), and Consents (six).

Figure 1 Open management actions (as at 30 September 2021)

Fraud Risk – Both the Finance and Payroll teams continue to work with an external vendor to implement system changes.

Of the open actions 10 are past their original due date.  The overdue actions relate predominately to Asset Management (four) and Procurement (two).  Workplans are underway in the relevant teams to address these actions during the financial year.

Improvement actions

For framework reviews which have identified continuous improvement actions, these actions will be disclosed separately to give assurance to the Risk and Assurance committee that these actions continue to be monitored to ensure BOPRC’s frameworks improve and develop.

At the start of the quarter (1 July 2021) there was 1 open Health & Safety improvement action.  These were previously reported as ‘other’, and refer to recommendations made by KPMG in 2018 for BOPRC to incorporate into its Health & Safety continuous improvement work programme which is ongoing.

Figure 2 Open Health & Safety improvement actions (as at 30 September 2021)

4.         Considerations

4.1       Risks and Mitigations

            The matters addressed in this report are of a procedural nature.

4.2       Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3       Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

5.         Next Steps

To note the Internal Audit status update (as at 30 September 2021).

 

  


 

 

 

 

Report To:

Risk and Assurance Committee

Meeting Date:

2 December 2021

Report Writer:

Steven Slack, Risk & Assurance Manager

Report Authoriser:

Mat Taylor, General Manager, Corporate

Purpose:

To provide an update on the proposed changes to the Key Risk Register

 

 

Key Risk Register

 

Executive Summary

Council’s Key Risk Register provides risk related information for our most significant and high profile risks.

Risks in relation to the Long Term Plan 2021-2031 Community Outcomes are identified, and these strategic risks are included in the Key Risk Register.

A workshop with the Risk and Assurance Committee was held on 21st October and the recommended changes in the way risks are reported are outlined in this report, to then be incorporated in future Key Risk Register reporting.

 

Recommendations

That the Risk and Assurance Committee:

1       Receives the report, Key Risk Register

1.         Introduction

Council’s risk management framework was adopted in 2012.

The risk management framework includes a process for producing a Key Risk Register which records the most significant risks for Council.

On 21 October 2021 the Risk and Assurance Committee had a workshop on the current Key Risk Reporting process and on the basis of this workshop several changes in the ways of reporting risks have been recommended.

These recommendations included:

·    Inclusion of Risk Velocity, to identify risks that can escalate quickly

·    Opportunities, to identify positive impacts that risks and issues can lead to

·    Revolving emerging and operational risks, to keep risks current and fresh

This report will outline the proposed changes to carry forward into how the Key Risk Register is reported from 2022. 

1.1       Alignment with Strategic Framework

 

The Way We Work

We continually seek opportunities to innovate and improve.

 

2.         Key Risks Register Recommendations

2.1       Risk Velocity Classification

Some risks are ongoing risks for BOPRC. While they require active monitoring their status is unlikely to change significantly over the short to medium term. Other risks may emerge that require a strategic focus for a limited time. Risk ‘velocity’ refers to the time for the risk to impact on the organisation. It is an estimate of the timeframe within which a risk may occur.  Risk velocity will used at BOPRC to determine the reporting frequency for the Leadership Team and the Risk & Assurance Committee.

It is proposed that the following categories be used to determine the risk velocity of risks on the Key Risk Register.

Risk velocity

Expected timeframe for risk escalation

Reporting frequency

Very High

Very rapid, little or no warning, instantaneous

·      Daily monitoring by General Manager

·      Weekly update to Leadership Team; escalate significant changes more frequently if required

·    Update RAC of significant changes as required, otherwise quarterly.

High

Days/weeks

·      Weekly monitoring by GM

·      Update LT on a weekly basis of significant changes

·    Update RAC of significant changes as required, otherwise quarterly.

Medium

1 to 2 months

·      Fortnightly monitoring by GM

·      Monthly update to LT

·    Update RAC of significant changes as required, otherwise quarterly.

Low

3 to 6 months

·      Monthly monitoring by GM

·      Quarterly update to LT (as required)

·    Update to RAC if required, otherwise every six months

Very Low

Over 6 months

·      Quarterly monitoring by LT

·    Update to RAC if required, otherwise Annually

The velocity of the risk is a key factor to determine how often the risk is monitored by Management and reported to the Leadership Team and Risk and Assurance Committee, with those risks with higher velocity reported more often than those that are only likely to materialise in a longer timeframe. If there is a significant change in the risk it will be elevated to the Risk and Assurance Committee.

2.2       Opportunity

One of the Risk Management Framework developments that was raised and discussed at the Workshop was to include a broader focus on risks and opportunities that are presented when issues arise.

These opportunities will be incorporated in risk reporting to management and governance so that an understanding of issues and risks, and why certain mitigating actions are taken, can be incorporated when making decisions on risk appetite.

2.3       Emerging or Operational Risks

Another improvement suggested at the Risk and Assurance Committee Workshop was to incorporate in to each Key Risk Register (on a revolving basis), risks that are emerging or represent a significant operational program or project.

Whilst a number of risks within the risk register are long term in nature, incorporating these emerging and operational risks will allow the Risk and Assurance Committee to have oversight of a broader range of risks, including those related to significant operational activities. 

These risks are presented in detail at other committees and forums, however, including these within the Key Risk Register on a rotating basis ensures that the Risk and Assurance Committee has oversight.

Key Emerging / Operational Risk – Example for future reporting

 

Inherent Score

Description

What’s the Risk?

Owner

Likelihood

Impact

Total

COVID-19 response

COVID-19 impacts on our ability to deliver for our communities

Leadership Team 
(Chief Executive)

5

5

25

Risk Velocity

Very High

COVID-19, both where the virus is and the Government requirements surrounding it can change rapidly, with shifts in alert levels happening with very little notice. 

As the country transitions to having COVID-19 in the community, these changes are likely to accelerate before they start to stabilise. 

 

Opportunity

·      Develop resiliency in face of a very challenging environment.

·    Develop our People Leaders in responding to change, managing their teams in times of uncertainty and adapting to ever changing situations

·    Trial new ways of working and technology to support the new ways of working

·    Improve and test business continuity plans

 

Current Score

 

What are we doing about the risk?

 

Likelihood

Impact

Total

Mitigating Actions and Controls

I.   Leadership

The Leadership Team formally reviews the current situation with COVID-19 each week, and provides regular updates to staff with direction for action when required.

II.  Guidance

We continually monitor the COVID-19 situation and Government updates to provide guidance to staff as to how to keep safe from COVID-19, updating this guidance when new information becomes available.

III. Encouraging Vaccination

BOPRC has encouraged staff and councillors to get vaccinated, providing support for both staff and their families to access vaccination centres so that the effects of COVID-19 on our communities, services, and our staff are minimised.

IV. Business Continuity Planning

BOPRC has continually updated its business continuity planning, including trialling different settings across the organisation so as to be prepared in both changing alert levels, frameworks and exposure risk to ensure that these plans can enable operations to continue.

4

3

12

3.         Conclusion

This report highlights the Council’s key changes to the Key Risk Register reporting risks along with reporting of two current emerging or operational risks, both to highlight these risks, but also illustrate how the risks will look if the recommended changes in Key risk reporting is adopted.  

4.         Considerations

4.1       Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

5.         Next Steps

Any Risks identified by the committee will be reviewed and assessed and changes adopted will be incorporated in future Key Risk Register reporting.