Risk and Assurance Committee Agenda NOTICE IS GIVEN that the next meeting of the Risk and Assurance Committee will be held via Zoom (Audio Visual Meeting) on: Thursday 2 December 2021 COMMENCING AT 09:30 am
This meeting will be livestreamed and recorded. The Public section of this meeting will be livestreamed and recorded and uploaded to Bay of Plenty Regional Council’s website. Further details on this can be found after the Terms of Reference within the Agenda. The livestream will be at Council’s YouTube channel: Bay of Plenty Regional Council - YouTube |
Fiona McTavish Chief Executive, Bay of Plenty Regional Council Toi Moana 24 November 2021 |
Membership
Chairperson |
Cr David Love |
Deputy Chairperson |
Bruce Robertson (Independent) |
Members |
Cr Bill Clark Cr Stuart Crosby Cr Andrew von Dadelszen Cr Te Taru White |
Ex Officio |
Chairman Doug Leeder |
Quorum |
Three members, consisting of half the number of members |
Meeting frequency |
Quarterly |
Purpose
Monitor the effectiveness of Council’s funding and financial policies and frameworks to ensure the Council is managing its finances in an appropriate manner.
Monitor the effectiveness of Council's performance monitoring framework.
Ensure that Council is delivering on agreed outcomes.
Role
· Monitor the effectiveness of Council’s funding and financial policies and Council’s performance monitoring framework (financial and non-financial);
· Review Council’s draft Annual Report prior to Council’s adoption;
· Receive and review external audit letters and management reports;
· Approve and review the internal audit plan and review the annual programme report;
· Approve, review and monitor Council’s risk framework and policy;
· Review the risk register;
· Monitor Council’s legislative compliance and receive reporting on non-compliance matters as part of risk management reporting.
Power to Act
To make all decisions necessary to fulfil the role and scope of the committee subject to the limitations imposed.
Power to Recommend
To Council and/or any standing committee as it deems appropriate.
· The Risk and Assurance Committee is not delegated authority to:
· Develop, review or approve strategic policy and strategy.
· Develop, review or approve Council’s Financial Strategy, funding and financial policies and non-financial operational policies and plans.
The Risk and Assurance Committee reports directly to the Regional Council.
Recording of Meetings
Please note the Public section of this meeting is being recorded and streamed live on Bay of Plenty Regional Council’s website in accordance with Council's Live Streaming and Recording of Meetings Protocols which can be viewed on Council’s website. The recording will be archived and made publicly available on Council's website within two working days after the meeting on www.boprc.govt.nz for a period of three years (or as otherwise agreed to by Council).
All care is taken to maintain your privacy; however, as a visitor in the public gallery or as a participant at the meeting, your presence may be recorded. By remaining in the public gallery, it is understood your consent is given if your image is inadvertently broadcast.
Opinions expressed or statements made by individual persons during a meeting are not the opinions or statements of the Bay of Plenty Regional Council. Council accepts no liability for any opinions or statements made during a meeting.
Bay of Plenty Regional Council - Toi Moana
Governance Commitment
mō te taiao, mō ngā tāngata - our environment and our people go hand-in-hand.
We provide excellent governance when, individually and collectively, we:
· Trust and respect each other
· Stay strategic and focused
· Are courageous and challenge the status quo in all we do
· Listen to our stakeholders and value their input
· Listen to each other to understand various perspectives
· Act as a team who can challenge, change and add value
· Continually evaluate what we do
TREAD LIGHTLY, THINK DEEPLY,
ACT WISELY, SPEAK KINDLY.
Risk and Assurance Committee 2 December 2021
Recommendations in reports are not to be construed as Council policy until adopted by Council.
1. Apologies
2. Public Forum
3. Items not on the Agenda
4. Order of Business
5. Declaration of Conflicts of Interest
6. Public Excluded Business to be Transferred into the Open
7. Minutes
Minutes to be Confirmed
7.1 Risk and Assurance Committee Minutes - 21 October 2021 1
8. Reports
Information Only
8.1 Committee Chairperson's Report 1
Attachment 1 - Risk and Assurance Work Programme - March to September 2022 1
Attachment 2 - Risk and Assurance Completed Work Programme - March to October 2021 1
8.2 Internal Audit status update 1
8.3 Key Risk Register 1
Resolution to exclude the public
Excludes the public from the following parts of the proceedings of this meeting as set out below:
The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:
Subject of each matter to be considered |
Reason for passing this resolution in relation to each matter |
Grounds under Section 48(1) for the passing of this resolution |
When the item can be released into the public |
|
9.1 |
Public Excluded Risk and Assurance Committee Minutes - 21 October 2021 |
As noted in the relevant Minutes. |
As noted in the relevant Minutes. |
To remain in public excluded. |
Minutes to be Confirmed
9.1 Public Excluded Risk and Assurance Committee Minutes - 21 October 2021
10. Public Excluded Business to be Transferred into the Open
11. Readmit the Public
Risk and Assurance Committee Minutes |
21 October 2021 |
Open Minutes
Commencing: Thursday 21 October 2021, 09:30 am
Venue: Regional House, 1 Elizabeth Street, Tauranga and via Zoom
Chairperson: Cr David Love
Deputy Chairperson: Bruce Robertson
Members: Cr Bill Clark
Cr Stuart Crosby
Cr Andrew von Dadelszen
Cr Te Taru White
Chairman Doug Leeder (Ex Officio)
In Attendance: Councillors: Paula Thompson, Jane Nees, Matemoana McDonald, Lyall Thurston and Kevin Winters
Staff: Mat Taylor – General Manager Corporate; Namouta Poutasi – General Manager, Strategy and Science; Debbie Hyland – Finance & Transport Operations Manager; Jessica Easton – Legal and Commercial Manager; Andy Dixon – Treasury & Tax Specialist; Yvonne Tatton – Governance Manager; Steven Slack – Risk & Assurance Manager; Aaron Huggins – Principal Internal Auditor; Nicola Green Principal Advisor, Policy & Planning; Zhivan Alach – Organisational Performance Manager; Tobias Fransson – Performance Analyst and Merinda Pansegrouw – Committee Advisor
External Presenters: Leon Pieterse and Anton Labuschagne – Audit New Zealand
Declaration of Public Recording
Committee members and the public were reminded that the public section of the meeting was being recorded and would be made available on the Bay of Plenty Regional Council website following the meeting and archived for a period of three years as noted on page 4 of the agenda.
Recordings of Meeting: Risk & Assurance Committee - 21 October 2021 - YouTube
Risk and Assurance Committee - 21 October 2021 - Part Two - YouTube
1. Order of Business
Members agreed to the reordering of items to accommodate external presenters from Audit New Zealand for items 8.5 “Audit New Zealand Final Management Report on Long Term Plan 2021-2031” and 8.6 “2020/21 Draft Annual Report Review”.
2. Declaration of Conflicts of Interest
None.
3. Minutes
Minutes to be Confirmed
3.1 |
Risk and Assurance Committee Minutes - 10 June 2021 |
|
Resolved That the Risk and Assurance Committee: 1 Confirms the Risk and Assurance Committee Minutes - 10 June 2021 as a true and correct record. Love/Robertson CARRIED |
4. Reports
Information Only
4.1 |
Committee Chairperson's Report General Manager, Corporate Mat Taylor presented the report, updating members on the Risk and Assurance Committee’s activities and the updated Risk and Assurance Work Programme for 2021. |
|
Items for Staff Follow Up: · To consider including auditing of the delivery of Provincial Growth Fund (PGF) and other Crown Infrastructure Partnership Funding Streams as a future workstream · To consider a stronger reporting mechanism to capture the impacts of the Covid-19 pandemic in terms of business interruption/reporting/looking ahead in the context of “living with Covid-19 in the future”. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Committee Chairperson's Report. Love/Robertson CARRIED |
4.2 |
Chairman's Discretionary Fund 2020/21 General Manager, Corporate Mat Taylor presented the report. Chairman David Love stated that, in his capacity as Chairman of the Board of Management for Classic Flyers and being involved in the Rotary Club supporting the Rotary Youth Driver Awareness (RYDA), he had been advised that he had no conflict of interest to declare for this item. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Chairman's Discretionary Fund 2020/21. Love/Robertson CARRIED |
4.3 |
Expenditure and Koha Report for the year ended 30 June 2021 Presented by Debbie Hyland – Finance & Transport Operations Manager and Andy Dixon – Treasury & Tax Specialist, assisted by Jessica Easton – Legal and Commercial Manager. Key Points: · Redacted information in the report related to the names of private individuals rather than associations/public entities · Confirmed that Toi Moana’s expenditure system/payments processes had been extensively reviewed by Audit New Zealand. Key Point - Members: · Noted that the payment of $1.8 m to Otago Regional Council related to the implementation of the Regional Integrated Ticketing System (RITS). Key Points - Staff: · Had implemented a contracts model since August 2021 that allowed the tracking of contracts against spending and financial systems; provided transparency of what was happening across the organisation; enabled the tracking of spending against contractors/contracts and suppliers. All new contracts would be uploaded to provide greater reporting capability/visibility over all of Council’s spending in future · A formal policy “Te Mana O Te Koha (Koha Guidelines)” guiding the payment of koha was in place and had been applied. |
|
Items for Staff Follow Up: · Un-redacted version of the item’s attachment “Expenditure and Koha Report for the year ended 30 June 2021” to be provided to Committee Members via electronic mail · In future, redacted information to be provided to Committee Members in the public excluded part of the agenda of meetings · A copy of Council’s Koha Payment Policy “Te Mana O Te Koha (Koha Guidelines)” to be distributed to Committee Members. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Expenditure and Koha Report for the year ended 30 June 2021. Love/Robertson CARRIED |
4.4 |
Summary of Councillors' Expenditure July 2020 - June 2021 Presented by Governance Manager Yvonne Tatton. Key Points - Staff: · Confident that a robust checking procedure was in place to ensure payments were correct · In terms of Council policy, the “Good Decision Making Certification”/RMA-certification was deemed as Council related business · The variance in payment between $950 and $990 for communication allowance related to the issuing of printers based on an earlier policy which had since been amended · The Elected & Appointed Members Allowances & Expenses Policy clarified that, “Council business” related to seminars, training courses and conferences where members attended as an official representative on the Council’s behalf and with the approval of the Chairman. “Professional development” referred to where a Councillor attended a conference/seminar that was of interest to them, but not essential to the representation or business of Council. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Summary of Councillors' Expenditure July 2020 - June 2021. Love/Robertson CARRIED |
4.5 |
Essential Freshwater Policy Programme Risks Presented by Nicola Green Principal Advisor, Policy & Planning, supported by Namouta Poutasi – General Manager, Strategy and Science. Key Points: · Outlined the significant risks for the Essential Freshwater Policy Programme relating to legislated obligations, environmental outcomes, progressing partnerships with Māori, and relationships · Risks had been presented to the Strategy and Policy Committee who had referred them to the Risk and Assurance Committee for information · Was confident that staff had actions in place to minimise/mitigate risks where possible · Changes to risks over time: o Timeframes: review of deadline for notification to be reviewed by the Strategy and Policy Committee at its next meeting o Overseer: Government’s position had since been released and staff was investigating alternative options for consideration of a future replacement tool. Key Points - Members: · Endorsed the referral of the Essential Freshwater Policy Programme risks from the Strategy and Policy Committee to the Risk and Assurance Committee as good corporate governance Key Point - Staff: · Project Lead Team was continuously reviewing the risks of the programme as part of best practice project management principles. |
|
Items for Staff Follow Up: · Verify if Waikato Regional Council was currently using Overseer as a tool and provide feedback to Committee Members accordingly. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Essential Freshwater Policy Programme Risks. Love/Robertson CARRIED |
4.6 |
Local Government Official Information and Meetings Act 1987 - Annual Report 1 July 2020 to 30 June 2021 Presented by Legal and Commercial Manager Jessica Easton. |
|
Items for Staff Follow Up: · Future annual reports to the Risk and Assurance Committee on Local Government Official Information and Meetings Act 1987 (LGOIMA) to include a breakdown of staff resources spent on LGOIMA requests · Future LGOIMA annual reports to include a schedule detailing the nature of the LGOIMA requests · In the interim, available information on staff resources spent on LGOIMA requests for the July 2020 to June 2021 period to be provided to Committee Members informally · Provide a breakdown of requests received from iwi-based organisations as part of future LGOIMA annual reports; in the meantime informally advise Committee Members of this information for the July 2020 to June 2021 period. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Local Government Official Information and Meetings Act 1987 - Annual Report 1 July 2020 to 30 June 2021. Love/Robertson CARRIED |
4.7 |
Internal Audit Status Update and 2020/21 Annual Report Presented by Principal Internal Auditor Aaron Huggins. Key Points - Members: · Expressed appreciation for the significant progress made in closing internal audit reviews/actions. Key Points - Staff: · Confirmed that the Internal Audit scope of work/reporting on Information Communication and Technology (ICT) Security would include taking into account a culture of cyber security/clear role and responsibilities/holistic risk management and incident management · Security actions would be aligned with requirements from the New Zealand Information Security Manual (NZISM) as directed by the Government Communications Security Bureau (GCSB). |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Internal Audit Status Update and 2020/21 Annual Report. Love/Robertson CARRIED |
10:20 am - The meeting adjourned.
10:45 am - The meeting reconvened.
4.8 |
2020/21 Draft Annual Report Review |
|
Presented by Debbie Hyland - Finance & Transport Operations Manager, Zhivan Alach, Organisational Performance Manager and Tobias Fransson, Performance Analyst. Audit Director Leon Pieterse and Audit Manager Anton Labuschagne, Audit New Zealand (Audit NZ) attended to response to questions relating to the audit process. Key Points: · Draft Annual Report 2020/21 for the Bay of Plenty Regional Council Toi Moana contained the draft financial and non-financial performance results of the Council for the year ended 30 June 2021 and consolidated financial statements for the Council Group which included 100% Council-owned subsidiary (Quayside Holdings) and majority owned Council-owned subsidiary (Toi Moana Trust) The Draft was submitted to the Risk and Assurance Committee in its role to receive and review the draft Annual Report. In the meantime Audit NZ’s auditing process was ongoing. Key Points – Audit NZ: · Auditing was progressing well with all aspects on track to finalise the process for planned adoption by Council on 10 November 2021 · However, a possible lag in process due to staff shortage remained a risk, and would continue to keep Council informed · Currently reviewing the Statement of Service Performance (SSP)/Patronage evidence reporting requirements – technical clearance. Key Points - Staff: · Confirmed that total expenditure for staff (including contractors and consultants) was within the allocated budget. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, 2020/21 Draft Annual Report review. Love/Robertson CARRIED |
4.9 |
Audit New Zealand Final Management Report on Long Term Plan 2021-2031 Presented by Finance & Transport Operations Manager Debbie Hyland.
Audit Director Leon Pieterse and Audit Manager Anton Labuschagne, Audit New Zealand (Audit NZ) were available to respond to any questions. |
|
Resolved That the Risk and Assurance Committee: 1 Receives the report, Audit New Zealand Final Management Report on Long Term Plan 2021-2031. Love/Robertson CARRIED |
5. Public Excluded Section
Resolved Resolution to exclude the public 1 Excludes the public from the following parts of the proceedings of this meeting as set out below: The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:
Love/Robertson CARRIED |
6. Public Excluded Business to be Transferred into the Open
6.1 |
Item 9.5 - Completed Audit Reviews (Q4 FY20/21) Tabled Document 1 - Public Excluded Item 9.5 released into the Open (Report and Attachments 1 and 2): Objective ID A3964755
|
|
Resolved That the Risk and Assurance Committee: 1 Confirms that the report “Completed Audit Reviews (Q4 FY20/21)” and its attachments be release into the Public. Love/Robertson CARRIED |
12:30 pm – the meeting closed.
|
Confirmed
Cr David Love
Chairperson, Risk and Assurance Committee
|
|
|
|
||
Report To: |
Risk and Assurance Committee |
|
Meeting Date: |
2 December 2021 |
|
Report Writer: |
Mat Taylor, General Manager, Corporate |
|
Report Authoriser: |
Mat Taylor, General Manager, Corporate |
|
Purpose: |
Update on Risk and Assurance Committee Activities |
|
Committee Chairperson's Report
Executive Summary This report provides the Committee with an update on Risk and Assurance Committee activities. |
That the Risk and Assurance Committee:
1 Receives the report, Committee Chairperson's Report.
The report shows an updated Risk and Assurance Work Programme and an updated Risk and Assurance Completed Work Programme.
1.1 Alignment with Strategic Framework
A Healthy Environment |
|
Freshwater for Life |
|
Safe and Resilient Communities |
|
A Vibrant Region |
|
The Way We Work |
We continually seek opportunities to innovate and improve. |
1.1.1 Community Well-beings Assessment
Dominant Well-Beings Affected |
|||
¨ Environmental
|
¨ Cultural
|
¨ Social
|
þ Economic
|
2. Risk and Assurance Work Programme
Appendix 1 shows the Risk and Assurance Work Programme for 2022. This Work Programme sets out the planned and scheduled reporting to the Risk and Assurance Committee.
The appendix is categorised to identify the broad areas of responsibility for the Committee. Other items may be added by councillors and staff should this be required to respond to issues as they occur throughout the year.
3. Risk and Assurance Completed Work Programme
Appendix 2 shows the Risk and Assurance Completed Work Programme for the period March to October 2021.
4. Considerations
4.1 Risks and Mitigations
There are no significant risks associated with this matter/subject/project/initiative.
4.2 Climate Change
The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.
4.3 Implications for Māori
There are no implications for Māori.
4.4 Financial Implications
This work is being undertaken within the current budget for the Government Activity in Year 1 of the Long Term Plan 2018 – 2028.
5. Next Steps
None
Attachment 1 - Risk and Assurance Work Programme - March to September 2022 ⇩
Attachment 2 - Risk and Assurance Completed Work Programme - March to October 2021 ⇩
|
|
|
|
||
Report To: |
Risk and Assurance Committee |
|
Meeting Date: |
2 December 2021 |
|
Report Writer: |
Aaron Huggins, Principal Internal Auditor |
|
Report Authoriser: |
Mat Taylor, General Manager, Corporate |
|
Purpose: |
To provide an update on the internal audit program and the audit plan. |
|
Internal Audit status update
Executive Summary This report provides an update on the status of internal audit activities as at 30 September 2021 and includes: · The status of internal audit reviews in the current year; · The status of follow up of internal audit recommendations and management actions to 30 September 2021. |
That the Risk and Assurance Committee:
1. Receives the report, Internal Audit status update.
1. Introduction
This report provides the quarterly update on internal audit activity undertaken by internal audit staff and external assurance specialists as part of Bay of Plenty Regional Council’s co-sourced internal audit approach. It includes:
· The status of internal audit reviews in the current year;
· The status of follow up of internal audit recommendations and management actions to 30 September 2021.
1.1 Alignment with Strategic Framework
The Way We Work |
We continually seek opportunities to innovate and improve. |
2. Internal Audit Work Plan 2021/22 Status
Based on the Internal Audit Work Plan 2020/21 the following table summarises the status of internal audit reviews for 2020/21.
Review |
Field work |
GM Sponsor |
Status |
Status of Internal Audit |
||||
Planning /Scope |
Fieldwork |
Draft Report |
Mgmt Actions |
Final Report |
||||
Project management |
BOPRC |
Corporate |
In Progress |
In Progress |
|
|
|
|
Business continuity management |
BOPRC |
Chief Executive |
In Progress |
In Progress |
|
|
|
|
Pest management plan |
BOPRC |
Integrated Catchments |
In Progress |
In Progress |
|
|
|
|
Risk management |
Co-Source |
Corporate |
In Progress |
In Progress |
|
|
|
|
Laboratory services – benefits realisation |
BOPRC |
Regulatory Services |
In Progress |
In Progress |
|
|
|
|
Post-COVID funding readiness |
BOPRC |
Integrated Catchments |
In Progress |
In Progress |
|
|
|
|
Compliance process |
BOPRC |
Regulatory Services |
In Progress |
In Progress |
|
|
|
|
Payroll |
BOPRC |
People & Leadership |
In Progress |
In Progress |
|
|
|
|
ICT Security Review (20/21) |
BOPRC |
Corporate |
Complete |
Complete |
Complete |
In Progress |
|
|
The ICT Security Review (from the 2020/21 Internal Audit Plan) is nearing completion, and is expected to be presented at the next Risk and Assurance Committee meeting. We note that during the course of the review the Digital team continue to proactively address identified issues where they present potential security gaps.
3. Internal Audit Follow Up
Internal Audit has reviewed all open management actions as part of the follow up work in the 2020/21 Work Plan.
Management actions
At the start of the quarter (1 July 2021) there were 44 open management actions.
During the quarter four actions were closed and no actions were added. The total of actions open as at 30 September 2021 is 41, the majority of these relate to Policy Framework (ten), Fraud Risk Assessment (nine), and Consents (six).
Figure 1 Open management actions (as at 30 September 2021)
Fraud Risk – Both the Finance and Payroll teams continue to work with an external vendor to implement system changes.
Of the open actions 10 are past their original due date. The overdue actions relate predominately to Asset Management (four) and Procurement (two). Workplans are underway in the relevant teams to address these actions during the financial year.
Improvement actions
For framework reviews which have identified continuous improvement actions, these actions will be disclosed separately to give assurance to the Risk and Assurance committee that these actions continue to be monitored to ensure BOPRC’s frameworks improve and develop.
At the start of the quarter (1 July 2021) there was 1 open Health & Safety improvement action. These were previously reported as ‘other’, and refer to recommendations made by KPMG in 2018 for BOPRC to incorporate into its Health & Safety continuous improvement work programme which is ongoing.
Figure 2 Open Health & Safety improvement actions (as at 30 September 2021)
4. Considerations
4.1 Risks and Mitigations
The matters addressed in this report are of a procedural nature.
4.2 Climate Change
The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.
4.3 Financial Implications
There are no material unbudgeted financial implications and this fits within the allocated budget.
5. Next Steps
To note the Internal Audit status update (as at 30 September 2021).
|
|
|
|
||
Report To: |
Risk and Assurance Committee |
|
Meeting Date: |
2 December 2021 |
|
Report Writer: |
Steven Slack, Risk & Assurance Manager |
|
Report Authoriser: |
Mat Taylor, General Manager, Corporate |
|
Purpose: |
To provide an update on the proposed changes to the Key Risk Register |
|
Key Risk Register
Executive Summary Council’s Key Risk Register provides risk related information for our most significant and high profile risks. Risks in relation to the Long Term Plan 2021-2031 Community Outcomes are identified, and these strategic risks are included in the Key Risk Register. A workshop with the Risk and Assurance Committee was held on 21st October and the recommended changes in the way risks are reported are outlined in this report, to then be incorporated in future Key Risk Register reporting. |
That the Risk and Assurance Committee:
1 Receives the report, Key Risk Register
1. Introduction
Council’s risk management framework was adopted in 2012.
The risk management framework includes a process for producing a Key Risk Register which records the most significant risks for Council.
On 21 October 2021 the Risk and Assurance Committee had a workshop on the current Key Risk Reporting process and on the basis of this workshop several changes in the ways of reporting risks have been recommended.
These recommendations included:
· Inclusion of Risk Velocity, to identify risks that can escalate quickly
· Opportunities, to identify positive impacts that risks and issues can lead to
· Revolving emerging and operational risks, to keep risks current and fresh
This report will outline the proposed changes to carry forward into how the Key Risk Register is reported from 2022.
1.1 Alignment with Strategic Framework
The Way We Work |
We continually seek opportunities to innovate and improve. |
2. Key Risks Register Recommendations
2.1 Risk Velocity Classification
Some risks are ongoing risks for BOPRC. While they require active monitoring their status is unlikely to change significantly over the short to medium term. Other risks may emerge that require a strategic focus for a limited time. Risk ‘velocity’ refers to the time for the risk to impact on the organisation. It is an estimate of the timeframe within which a risk may occur. Risk velocity will used at BOPRC to determine the reporting frequency for the Leadership Team and the Risk & Assurance Committee.
It is proposed that the following categories be used to determine the risk velocity of risks on the Key Risk Register.
Risk velocity |
Expected timeframe for risk escalation |
Reporting frequency |
Very High |
Very rapid, little or no warning, instantaneous |
· Daily monitoring by General Manager · Weekly update to Leadership Team; escalate significant changes more frequently if required · Update RAC of significant changes as required, otherwise quarterly. |
High |
Days/weeks |
· Weekly monitoring by GM · Update LT on a weekly basis of significant changes · Update RAC of significant changes as required, otherwise quarterly. |
Medium |
1 to 2 months |
· Fortnightly monitoring by GM · Monthly update to LT · Update RAC of significant changes as required, otherwise quarterly. |
Low |
3 to 6 months |
· Monthly monitoring by GM · Quarterly update to LT (as required) · Update to RAC if required, otherwise every six months |
Very Low |
Over 6 months |
· Quarterly monitoring by LT · Update to RAC if required, otherwise Annually |
The velocity of the risk is a key factor to determine how often the risk is monitored by Management and reported to the Leadership Team and Risk and Assurance Committee, with those risks with higher velocity reported more often than those that are only likely to materialise in a longer timeframe. If there is a significant change in the risk it will be elevated to the Risk and Assurance Committee.
2.2 Opportunity
One of the Risk Management Framework developments that was raised and discussed at the Workshop was to include a broader focus on risks and opportunities that are presented when issues arise.
These opportunities will be incorporated in risk reporting to management and governance so that an understanding of issues and risks, and why certain mitigating actions are taken, can be incorporated when making decisions on risk appetite.
2.3 Emerging or Operational Risks
Another improvement suggested at the Risk and Assurance Committee Workshop was to incorporate in to each Key Risk Register (on a revolving basis), risks that are emerging or represent a significant operational program or project.
Whilst a number of risks within the risk register are long term in nature, incorporating these emerging and operational risks will allow the Risk and Assurance Committee to have oversight of a broader range of risks, including those related to significant operational activities.
These risks are presented in detail at other committees and forums, however, including these within the Key Risk Register on a rotating basis ensures that the Risk and Assurance Committee has oversight.
Key Emerging / Operational Risk – Example for future reporting
|
Inherent Score |
||||
Description |
What’s the Risk? |
Owner |
Likelihood |
Impact |
Total |
COVID-19 response |
COVID-19 impacts on our ability to deliver for our communities |
Leadership Team |
5 |
5 |
25 |
Risk Velocity |
Very High |
||||
COVID-19, both where the virus is and the Government requirements surrounding it can change rapidly, with shifts in alert levels happening with very little notice. As the country transitions to having COVID-19 in the community, these changes are likely to accelerate before they start to stabilise.
|
|||||
Opportunity |
|||||
· Develop resiliency in face of a very challenging environment. · Develop our People Leaders in responding to change, managing their teams in times of uncertainty and adapting to ever changing situations · Trial new ways of working and technology to support the new ways of working · Improve and test business continuity plans |
|||||
|
Current Score |
||||
What are we doing about the risk?
|
Likelihood |
Impact |
Total |
||
Mitigating Actions and Controls I. Leadership The Leadership Team formally reviews the current situation with COVID-19 each week, and provides regular updates to staff with direction for action when required. II. Guidance We continually monitor the COVID-19 situation and Government updates to provide guidance to staff as to how to keep safe from COVID-19, updating this guidance when new information becomes available. III. Encouraging Vaccination BOPRC has encouraged staff and councillors to get vaccinated, providing support for both staff and their families to access vaccination centres so that the effects of COVID-19 on our communities, services, and our staff are minimised. IV. Business Continuity Planning BOPRC has continually updated its business continuity planning, including trialling different settings across the organisation so as to be prepared in both changing alert levels, frameworks and exposure risk to ensure that these plans can enable operations to continue. |
4 |
3 |
12 |
3. Conclusion
This report highlights the Council’s key changes to the Key Risk Register reporting risks along with reporting of two current emerging or operational risks, both to highlight these risks, but also illustrate how the risks will look if the recommended changes in Key risk reporting is adopted.
4. Considerations
4.1 Financial Implications
There are no material unbudgeted financial implications and this fits within the allocated budget.
5. Next Steps
Any Risks identified by the committee will be reviewed and assessed and changes adopted will be incorporated in future Key Risk Register reporting.