Agenda of Risk and Assurance Committee - Wednesday, 14 June 2023

Risk and Assurance Committee

Membership

Chairperson	Cr Stuart Crosby
Deputy Chairperson (Independent)	Bruce Robertson
Members	Cr Ron Scott Cr Andrew von Dadelszen Cr Te Taru White Cr Kevin Winters
Ex Officio	Chairman Doug Leeder
Quorum	Three members, consisting of half the number of members
Meeting frequency	Quarterly

Purpose

Monitor the effectiveness of Council’s funding and financial policies and frameworks to ensure the Council is managing its finances in an appropriate manner.

Monitor the effectiveness of Council's performance monitoring framework.

Ensure that Council is delivering on agreed outcomes.

Role

· Monitor the effectiveness of Council’s funding and financial policies and Council’s performance monitoring framework (financial and non-financial).

· Review Council’s draft Annual Report prior to Council’s adoption.

· Receive and review external audit letters and management reports.

· Approve and review the internal audit plan and review the annual programme report.

· Approve, review and monitor Council’s risk framework and policy.

· Review the risk register.

· Monitor Council’s legislative compliance and receive reporting on non-compliance matters as part of risk management reporting.

Power to Act

To make all decisions necessary to fulfil the role and scope of the committee subject to the limitations imposed.

Power to Recommend

To Council and/or any standing committee as it deems appropriate.

The Risk and Assurance Committee is not delegated authority to:

· Develop, review or approve strategic policy and strategy.

· Develop, review or approve Council’s Financial Strategy, funding and financial policies and non-financial operational policies and plans.

The Risk and Assurance Committee reports directly to the Regional Council.

Recording of Meetings

Please note the Public section of this meeting is being recorded and streamed live on Bay of Plenty Regional Council’s website in accordance with Council's Live Streaming and Recording of Meetings Protocols which can be viewed on Council’s website. The recording will be archived and made publicly available on Council's website within two working days after the meeting on www.boprc.govt.nz for a period of three years (or as otherwise agreed to by Council).

All care is taken to maintain your privacy; however, as a visitor in the public gallery or as a participant at the meeting, your presence may be recorded. By remaining in the public gallery, it is understood your consent is given if your image is inadvertently broadcast.

Opinions expressed or statements made by individual persons during a meeting are not the opinions or statements of the Bay of Plenty Regional Council. Council accepts no liability for any opinions or statements made during a meeting.

Risk and Assurance Committee 14 June 2023

Recommendations in reports are not to be construed as Council policy until adopted by Council.

Agenda

1. Apologies

2. Public Forum

3. Items not on the Agenda

4. Order of Business

5. Declaration of Conflicts of Interest

6. Public Excluded Business to be Transferred into the Open

7. Minutes

Minutes to be Confirmed

7.1 Risk and Assurance Committee Minutes - 8 March 2023 1

8. Reports

8.1 Chairperson's Report 1

Attachment 1 - Risk and Assurance Work Programme for 2023 1

Attachment 2 - Risk and Assurance Completed Work Programme March 2023 1

8.2 External Audit Engagement Letter 2023-2025 and Audit Plan 2022/23 1

Attachment 1 - Audit NZ Engagement Letter 2023 to 2025 1

Attachment 2 - Audit NZ Audit Plan 2023 1

8.3 Internal Audit Status Update 1

Attachment 1 - Waka Kotahi 2023 Bay of Plenty Regional Council Final Audit Report 1

8.4 Internal Audit Work Programme 2023/24 1

Attachment 1 - Internal Audit Work Plan 2023-26 1

8.5 Rates Setting for 2023/24 Financial Year - Legal Compliance 1

Attachment 1 - Draft Rates Setting Report 1

8.6 Assets Register - Data Improvements 1

9. Public Excluded Section

Resolution to exclude the public

Excludes the public from the following parts of the proceedings of this meeting as set out below:

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

Item No.	Subject of each matter to be considered	Reason for passing this resolution in relation to each matter	Grounds under Section 48(1) for the passing of this resolution	When the item can be released into the public
9.1	Public Excluded Risk and Assurance Committee Minutes - 8 March 2023	As noted in the relevant Minutes.	As noted in the relevant Minutes.	To remain in public excluded.
9.2	Key Risk Register	Withholding the information is necessary to enable any local authority holding the information to carry on, without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).	48(1)(a)(i) Section 7 (2)(i).	On the Chief Executive's approval.

Minutes to be Confirmed

9.1 Public Excluded Risk and Assurance Committee Minutes - 8 March 2023

Reports

9.2 Key Risk Register

Attachment 1 - Key Risk Register - March 2023

Attachment 2 – Key Risk Register - Heat Map March 2023

10. Public Excluded Business to be Transferred into the Open

11. Readmit the Public

12. Consideration of Items not on the Agenda

Risk and Assurance Committee Minutes

8 March 2023

Risk and Assurance Committee

Open Minutes

Commencing: Wednesday 8 March 2023, 9.30 am

Venue: Council Chambers, Regional House, 1 Elizabeth Street, Tauranga

Chairperson: Cr Stuart Crosby

Deputy Chairperson: Member (Independent) Bruce Robertson

Members: Cr Ron Scott

Cr Andrew von Dadelszen

Cr Te Taru White

Cr Kevin Winters

In Attendance: Councillors: Cr Kat Macmillan, Cr Matemoana McDonald (via Zoom), Cr Jane Nees (via Zoom)

Staff: Mat Taylor – General Manager Corporate; Chris Ingle – General Manager Integrated Catchments; Kumaren Perumal – Chief Financial Officer; Gillian Payne – Principal Advisor; Steven Slack – Risk & Assurance Manager; Aaron Huggins – Principal Internal Auditor; Mark Le Comte – Principal Advisor, Finance (via Zoom), Annabel Chappell – Manager, Special Projects (via Zoom); Jenny Teeuwen – Committee Advisor

External: Leon Pieterse - Audit Director, Anton Labuschagne - Audit Manager, and Aimee Smith – Senior Auditor, Audit New Zealand

Apologies: Cr Kevin Winters for late arrival.

Committee members and the public were reminded that the public section of the meeting was being livestreamed and recorded and that the recording would be available on the Bay of Plenty Regional Council YouTube channel following the meeting.

Recording link: Risk and Assurance Committee - 8 March 2023 - YouTube

1. Apologies

Resolved

That the Risk and Assurance Committee:

1 Accepts the apology from Cr Kevin Winters for lateness tendered at the meeting.

Robertson/von Dadelszen

CARRIED

2. Items not on the Agenda

The passing of Mr Max Lewis prior to Christmas was acknowledged. Mr Lewis was a long-term submitter to the Bay of Plenty Regional Council (Council) and a true contributor to the community.

3. Declaration of Conflicts of Interest

There were none declared.

4. Reports

Information Only

4.1

Chairperson's Report

Presented by: Mat Taylor – General Manager, Corporate

Key Points

· Highlighted the Risk and Assurance work programme for 2023 as well as the completed work programme for 2022.

In Response to Questions

· The delay of the Audit Arrangements Letter for the Audit to 30 June 2022 that was showing on the 2023 work programme as coming to this meeting, was due to lack of resources. Audit New Zealand’s aim was to have all councils’ 2022/23 audits across the country completed by 31 October 2023. It was expected that this item would be available to present to the 14 June 2023 meeting of this Committee.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Chairperson's Report.

White/von Dadelszen

CARRIED

4.2

Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ended 30 June 2022

Presented by: Mat Taylor – General Manager, Corporate

Kumaren Perumal – Chief Financial Officer

Leon Pieterse - Audit Director, Audit New Zealand

Anton Labuschagne - Audit Manager, Audit New Zealand

Key Points

· The audit report set out the findings and recommendations arising from the final audit performed over the period October to December 2022.

· There were eight open recommendations; none were prioritised as urgent, seven were categorised as necessary, and one was categorised as beneficial.

· Overall the audit had gone well and Council had been well prepared.

9.43am – Cr Kevin Winters entered the meeting.

In Response to Questions

· Audit New Zealand was comfortable with the information flow from external groups and how these integrated into Council and was satisfied that Council was doing all that could be done to ensure deadlines were met.

· The recommendation for the National Policy Statement for Freshwater Management (NPS-FM) programme had been noted and would be factored into the work programme.

· Council’s Procurement Policy included different elements. The general policy was last updated in 2016. Updates to individual elements within the policy could be more recent as these happened as advice and/or guidance was received and best practices were developed.

· Audit New Zealand would consider Council’s response to their recommendations around the ICT Policy.

· The transition of the Rating Information Database (RID) to an internal process was showing as still in progress as it had not yet been tested by Audit New Zealand. Testing was on the work programme for this year’s audit.

· Providing valuation, confirmation and assurance for investments that were not in the open market was difficult, but this did not necessarily make them risky investments.

· The review cycle for some of the Finance policies had already been identified and included in the Finance Team’s work programme. This included the Sensitive Expenditure Policy.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ended 30 June 2022.

Robertson/White

CARRIED

4.3

Efficiency and Effectiveness Gains and Progress on Benchmarking

Presented by: Kumaren Perumal – Chief Financial Officer

Gillian Payne – Principal Advisor

Key Points

· Highlighted some of the efficiency and effectiveness initiatives that had been planned and implemented by the organisation.

· Provided an update on the regional and unitary councils’ benchmarking group that had been initiated by Council, and the approach of the initiative.

In Response to Questions

· Benchmarking outside of the sector was intended as part of the future scope of the benchmarking initiative.

· Savings made from the rating project led directly to savings for ratepayers.

· Project Insight would provide Councillors with an interactive tool that enabled monitoring of financial performance at desired levels of detail that could then be linked to non-financial performance information.

· The benchmarking framework would set a series of measures as a starting point for various activities across the councils. Continual best practice would be achieved by the regular reporting and monitoring of those measures by the councils.

Councillors commended staff on the progress made in both benchmarking and making efficiency saving so far, and asked that this work continues.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Efficiency and Effectiveness Gains and Progress on Benchmarking.

Winters/von Dadelszen

CARRIED

4.4

Internal Audit Status Update

Presented by: Aaron Huggins – Principal Internal Auditor

Steven Slack – Risk & Assurance Manager

In Response to Questions

· The due date for orange and red improvements would be included as part of the Internal Audit Status Update going forward.

· Work to incorporate the outstanding recommendations for Business Continuity Planning (BCP) was underway. A greater focus and emphasis would be placed on IT as a result of lessons learned from Covid and cyclone Gabrielle.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Internal Audit Status Update.

Scott/White

CARRIED

2. Public Excluded Section

Resolved

Resolution to exclude the public

1 Excludes the public from the following parts of the proceedings of this meeting as set out below:

Item No.	Subject of each matter to be considered	Reason for passing this resolution in relation to each matter	Grounds under Section 48(1) for the passing of this resolution	When the item can be released into the public
2.1	Completed Internal Audit Reviews	Withholding the information is necessary to protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information, or information from the same source, and it is in the public interest that such information should continue to be supplied.	48(1)(a)(i) Section 7 (2)(c)(i).	On the Chief Executive's approval.
2.2	Key Risk Register	Withholding the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.	48(1)(a)(i) Section 7 (2)(j).	On the Chief Executive's approval.

Winters/Scott

CARRIED

11.30am – the meeting closed.

Confirmed

Cr Stuart Crosby

Chairperson, Risk and Assurance Committee



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Mat Taylor, General Manager, Corporate
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	Update on Risk and Assurance Committee Activities

Chairperson's Report

Executive Summary

This report provides the Committee with an update on Risk and Assurance Committee activities.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Chairperson's Report.

1. Introduction

The report shows an updated Risk and Assurance Work Programme for the year ahead, and an updated Risk and Assurance Completed Work Programme.

1.1 Alignment with Strategic Framework

A Healthy Environment
Freshwater for Life
Safe and Resilient Communities
A Vibrant Region
The Way We Work	We continually seek opportunities to innovate and improve.

1.1.1 Community Well-beings Assessment

Dominant Well-Beings Affected

¨ Environmental

¨ Cultural

¨ Social

þ Economic

2. Risk and Assurance Work Programme

Attachment 1 shows the Risk and Assurance Work Programme for 2023. This Work Programme sets out the planned and scheduled reporting to the Risk and Assurance Committee.

The attachment is categorised to identify the broad areas of responsibility for the Committee. Other items may be added by councillors and staff should this be required to respond to issues as they occur throughout the year.

3. Risk and Assurance Completed Work Programme

Attachment 2 shows the Risk and Assurance Completed Work Programme for the March 2023 meeting, being the first Committee meeting of the Triennium.

4. Considerations

4.1 Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

4.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3 Implications for Māori

There are no implications for Māori.

4.4 Financial Implications

This work is being undertaken within the current budget for the Governance Activity of the Long Term Plan 2021 – 2031.

5. Next Steps

None.

Attachments

Attachment 1 - Risk and Assurance Work Programme for 2023 ⇩

Attachment 2 - Risk and Assurance Completed Work Programme March 2023 ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Nolene Naude, Financial Accounting Team Lead and Kumaren Perumal, Chief Financial Officer
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	For the Risk and Assurance Committee to receive the Audit Engagement Letter for 30 June 2023 to 30 June 2025 and the Audit Plan for the year ending 30 June 2023.

External Audit Engagement Letter 2023-2025 and Audit Plan 2022/23

Executive Summary

The purpose of this report is to provide the Committee an overview of the key elements of Audit New Zealand’s (Audit NZ) Audit Engagement Letter for the audit of the Bay of Plenty Regional Council and Group’s (Council) Annual Report for the financial years 2023-2025 and proposed Audit Plan for the year ending 30 June 2023.

Leon Pieterse (Audit Director) and Warren Goslett (Audit Manager) will attend the Committee meeting to present the Engagement Letter and Audit Plan and respond to questions from the Committee.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, External Audit Engagement Letter 2023-2025 and Audit Plan 2022/23.

1. Introduction

The Audit Engagement Letter outlines the terms of the audit engagement, the respective responsibilities of Council and the Appointed Auditor and the objectives of the annual audit. The Engagement Letter confirms Audit NZ as Council’s appointed audit service provider for the financial years ending 30 June 2023 to 30 June 2025.

The Audit Plan sets out the audit arrangements and discusses the audit risks, issues, audit process, reporting protocols and audit logistics specifically for the year ending 30 June 2023.

1.1 Legislative Framework

The audit of the Bay of Plenty Regional Council is carried out under Section 15 of the Public Audit Act 2001 (the Act) which states that “the Auditor General must from time to time audit the financial statements, accounts, and other information that a public entity is required to have audited.”

1.2 Alignment with Strategic Framework

The Way We Work

We deliver value to our ratepayers and our customers.

1.2.1 Community Well-beings Assessment

Dominant Well-Beings Affected

þ Environmental

þ Cultural

þ Social

þ Economic

The audit undertaken by Audit NZ places focus on Council’s financial and non-financial performance for the year ending 30 June 2023 and promotes all four aspects of community well-being.

2. Audit Engagement Letter

The Audit Engagement letter for the financial years ending 30 June 2023 to 30 June 2025 is included as Attachment 1 to this report. The engagement letter outlines the responsibilities of Council and the Appointed Auditor.

3. Audit Plan

Audit NZ’s proposed Audit plan for the audit of the Bay of Plenty Regional Council and Group for the year ending 30 June 2023 is included as Attachment 2 to this report.

3.1 Audit Risks and Issues

Audit NZ has identified the following risks and issues which will be reviewed and tested during the audit:

· The risk of management override of internal controls

· Revaluation of property, plant and equipment

· Implementation of Rates

· Valuation of the Put Option

· Consolidation of group financial statements

· Adoption of PBE FRS 48: Service Performance Reporting

The Office of the Auditor General (OAG) has identified the impacts of recent flooding event as an area of audit focus.

3.2 Group Audit

Audit NZ’s audit approach is to ensure they have sufficient information to issue an opinion on the Council Group, which comprises Council (parent), the Quayside Group and Toi Moana Trust.

The audit plan discusses the areas of focus relating to the audit of the Council Group as a whole.

3.3 Materiality

In performing their audit, Audit NZ will apply the following materiality settings:

Parent Financial Statements Materiality

· Overall materiality $47 million

· Specific materiality $4.8 million

· Clearly trivial threshold $240,000

Audit NZ has also identified several measures as material and assessed materiality for planning purposes.

Group Financial Statements Materiality

· Overall materiality $247 million

· Specific materiality $12.4 million

· Clearly trivial threshold $620,000

3.4 Timetable

The key dates relating to the 2022/23 external audit are summarised in the table below.

Date	Description
6 June 2023 (2 weeks)	First interim audit in progress
11 September 2023	Final audit commences
11 September 2023	Audit of consolidated accounts
13 October 2023	Verbal audit clearance
26 October 2023	Audit opinion issued
13 November 2023	Final detailed Report to Council issued

4. Considerations

4.1 Risks and Mitigations

There are no significant risks associated with the Audit NZ‘s Audit plan and Engagement Letter. The audit fees letter for the 2022/23 audit will be provided to Council following Audit NZ’s receipt of fee confirmation from the OAG.

4.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3 Implications for Māori

There are no direct implications for Māori arising as a result of this report.

4.4 Community Engagement

Engagement with the community is not required as the recommended proposal / decision relates to internal Council matters only.

4.5 Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

5. Next Steps

Following this meeting, staff will arrange for the Engagement Letter to be signed by Chairman Doug Leeder on behalf of Council.

Audit NZ will complete the interim audit and staff will begin preparations for the final audit for the year ending 30 June 2023. This will include preparation of year-end guidance for the Council Group.

Attachments

Attachment 1 - Audit NZ Engagement Letter 2023 to 2025 ⇩

Attachment 2 - Audit NZ Audit Plan 2023 ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Aaron Huggins, Principal Internal Auditor
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	To provide an update on the internal audit program and the audit plan.

Internal Audit Status Update

Executive Summary

This report provides an update on the status of internal audit activities as at 31 March 2023 and includes:

· The status of internal audit reviews in the current year;

· The status of follow up of internal audit recommendations and management actions to 31 March 2023;

· Information on other relevant assurance reviews performed at BOPRC.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Internal Audit Status Update.

1. Introduction

This report provides an update on internal audit activity undertaken by internal audit staff and external assurance specialists as part of Bay of Plenty Regional Council’s co-sourced internal audit approach. It includes:

· The status of internal audit reviews in the current year;

· The status of follow up of internal audit recommendations and management actions to 31 March 2023;

· Information on other relevant assurance reviews performed at BOPRC.

1.1 Alignment with Strategic Framework

The Way We Work

We continually seek opportunities to innovate and improve.

2. Internal Audit Work Plan 2022/23 Status

Based on the Internal Audit Work Plan 2022/23 the following table summarises the status of internal audit reviews for 2022/23.

Review	Field work	GM Sponsor	Status	Status of Internal Audit
Review	Field work	GM Sponsor	Status	Planning /Scope	Fieldwork	Draft Report	Mgmt Actions	Final Report
CDEM Administering Authority	BOPRC	Regulatory Services	In Progress	Complete
Compliance process	BOPRC	Regulatory Services	Complete	Complete	Complete	Complete	Complete	Complete
Focus Catchments	BOPRC	Integrated Catchments	Deferred to FY23/24	Complete	Deferred to FY23/24	Deferred to FY23/24	Deferred to FY23/24	Deferred to FY23/24
Payroll	BOPRC	People & Leadership	Complete	Complete	Complete	Complete	Complete	Complete
Protected Disclosures (Whistleblower)	BOPRC	People & Leadership	In Progress	Complete
Rates process review	BOPRC	Corporate	In Progress	Complete	In progress (50%)
Climate change	BOPRC	Integrated Catchments	In Progress	Complete	Complete	In progress (25%)
Project management (21/22)	BOPRC	Corporate	Complete	Complete	Complete	Complete	Complete	Complete

Delivery of the 2022/23 internal audit programme is currently progressing on schedule.

The Focus Catchments audit has been deferred to FY23/24; this is to allow for more data to be assimilated to incorporate effectiveness trends into the review.

3. Internal Audit Follow Up

Internal Audit has reviewed all open management actions as part of the follow up work in the 2022/23 Work Plan.

3.1 Management actions

At the start of the quarter (1 January 2023) there were 80 open management actions.

The following graph highlights the progress made within BOPRC to address open audit actions during the quarter to 31 March 2023:

Figure 1 Open management actions (1 January 2023 vs 31 March 2023)

During the quarter six actions were closed. The total of actions open as at 31 March 2023 is 74, the majority of these relate to ICT Security (28), Regional Pest Management Plan (13), and Policy Framework (10).

Of the 74 open actions, as at 31 March 2023 14 of them were past due:

Review	Past due	Not due
Fraud Risk Assessment	1	0
Gravel Extraction	3	0
Policy Framework	0	10
ICT Security	10	18
RPMP	0	13
BCP	0	6
Compliance	0	4
Payroll	0	1
Project Management	0	8
*Total*	14	60

Figure 2 management action ageing (as at 31 March 2023)

For the past due audit actions work streams continue to be underway to address them:

· Fraud Risk Assessment – work is underway to update contract workflow rules, implement updated dashboard reporting, and update purchasing workflow rules. This is estimated to be complete by June 2024.

· Gravel Extraction – the three open actions relate to updating the Regional Gravel Management Plan and reviewing the associated fees and charges. Work has commenced to update the Regional Gravel Management Plan, while fees and charges will be reviewed during the next Long-Term Plan.

· ICT Security audit – a Cyber Security Strategy is being finalised. Project charters and scopes have been prepared to address the higher risk actions, and process reviews are intended to be undertaken to address the moderate and low risk actions. The Digital team advise they are prioritising the higher risk-rated actions first.

The remaining audit actions relate to Internal Audit Reviews completed later during the 2021/22 financial year through to the 2022/23 financial year and are not yet due for completion.

3.2 Improvement actions

At the start of the quarter (1 January 2023) there were nineteen open improvement actions. These typically have a longer estimated completion timeframe than audit actions, and refer to operational improvements rather than formal risk mitigations.

The following graph highlights the progress made within BOPRC to address open improvement opportunity actions during the quarter to 31 March 2023:

Figure 3 Open improvement actions (1 January 2023 vs 31 March 2023)

The Health & Safety improvement remains open and refers to the last phase of the critical risk project rollout.

The Risk Management and the Laboratory Services Benefits Realisation reviews were completed during the 2021/22 financial year and are not yet due for completion.

4. Other assurance reviews

Waka Kotahi undertook an Investment Audit of the Bay of Plenty Regional Council (BOPRC) in 2023. Summarised below are the findings of that audit. Attachment 1 sets out the full report.

Waka Kotahi Extract

Waka Kotahi Audit Rating Assessment

Recommendations

The table below captures the audit recommendations. Agreed dates are provided for the implementation of recommendations by BOPRC.

The audit report was also formally shared with the Public Transport Committee on 7 June 2023. It is included as information only, noting the recommendations include reference to BOPRC’s procurement processes (specifically, contract management). This review will be used as an input into scoping both the upcoming Procurement (FY24) and Contracts Management (FY25) internal audits.

5. Considerations

5.1 Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

5.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

5.3 Implications for Māori

No implications identified – matters are of a procedural nature only.

5.4 Community Engagement

Engagement with the community is not required as the recommended proposal / decision [relates to internal Council matters only].

5.5 Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

6. Next Steps

To note the Internal Audit status update (as at 31 March 2023).

Attachments

Attachment 1 - Waka Kotahi 2023 Bay of Plenty Regional Council Final Audit Report ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Aaron Huggins, Principal Internal Auditor
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	To present the updated Internal Audit Work Programme to the Risk and Assurance Committee for approval

Internal Audit Work Programme 2023/24

Executive Summary

This report presents the updated Internal Audit Work Programme 2023/24. It covers audits to be performed in 2023/24, and potential audits for 2024/25 and 2025/26.

The Risk and Assurance Committee is asked to:

· Review the programme and note if any alterations are required

· Approve the programme

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Internal Audit Work Programme 2023/24, and

2 Approves the Internal Audit Work Plan 2023/24, 2024/25, 2025/26, including the detailed work plan for 2023/24.

1. Introduction

The Internal Audit Work Programme is updated each year. It notes the internal audits that will be performed during the upcoming financial year (2023/24) and potential audits to be performed in the subsequent two years. It is prepared via review of the BOPRC Key Risk Register, consideration of discussion during Risk and Assurance Committee meetings, and formal discussions with BOPRC’s Leadership Team.

The Internal Audit Work Programme has been presented to, and endorsed by, the Leadership Team. It now requires approval by the Risk and Assurance Committee to enable the internal audits for 2023/24 to be performed.

1.1 Alignment with Strategic Framework

The Way We Work

We continually seek opportunities to innovate and improve.

2. Proposed Internal Audit Work Plan to 2025/26

This Work Plan is a rolling three-year plan which is reviewed annually.

During 2023, Internal Audit undertook a planning process to refresh the Internal Audit Work Plan for the three years 2023/24 to 2025/26 (provided in Attachment 1).

A risk-based approach has continued to be used to assess the internal audit needs of the Bay of Plenty Regional Council and audit priorities.

We held discussions with the Chief Executive, General Managers and selected Managers, reviewed prior plans and reviewed the ‘audit universe’ of other Councils.

The Internal Audit work programme for 2023/24 has been developed based on the level of resources currently available. This is one full time Principal Internal Auditor, and funding for consultancy services sufficient for two to three reviews – depending on scope.

The proposed detailed work plan for 2023/24 is provided within the plan and is shown in the following table:

The Internal Audit Work Plan for the three years 2023/24 to 2025/26 has been given management approval by the Chief Executive and is now provided to the Risk and Assurance Committee for its review and approval.

3. Considerations

3.1 Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

3.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

3.3 Implications for Māori

No implications identified – matters are of a procedural nature only.

3.4 Community Engagement

Engagement with the community is not required as the recommended proposal / decision [relates to internal Council matters only].

3.5 Financial Implications

If the recommendation is adopted by Council, will it result in:

If the answer is ‘no’ to both questions please select the dropdown option 1 and complete appropriately.

If the answer is ‘yes’ to either question please select “Budget Implications” in the building block below and liaise with your Management Accountant in order to complete the Financial Impact table.

There are no material unbudgeted financial implications and this fits within the allocated budget.

4. Next Steps

Next Steps: What next? What resources are needed? Further analysis? Timeframes ahead. Any consultation planned. Remind Council of the process ahead. Next update to Council?

Conclusion: Short concluding remarks. Referring back to recommendations. No new content.

To approve the Internal Audit Plan as per the recommendations.

Attachments

Attachment 1 - Internal Audit Work Plan 2023-26 ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Mark Le Comte, Principal Advisor, Finance; Karlo Keogh, Finance Support Team Lead; Jo Pellew, Rates Manager and Kumaren Perumal, Chief Financial Officer
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	For the Risk and Assurance Committee to receive confirmation that the rates setting process for 2023/24 is legally compliant.

Rates Setting for 2023/24 Financial Year - Legal Compliance

Executive Summary

This report provides the draft Bay of Plenty Regional Council rates setting recommendations to ensure continued statutory compliance for the rates setting process for the 2023/24 financial year.

An external legal review of the rates resolution and rates Funding Impact Statement for 2023/24 financial year has been undertaken. The attached draft report to Council “Rates Setting for the 2023/24 Financial Year” incorporates amendments arising from this review.

The amount of each rate and the relevant dates relating to arrears being collected by other councils will be added to the final rates setting report, when it is available.

Council is scheduled to set rates for the 2023/24 financial year at its meeting on 29 June 2023.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Rates Setting for 2023/24 Financial Year - Legal Compliance.

1. Introduction

Setting rates for the financial year requires Council resolutions that comply with the requirements of the Local Government Act 2002 (LGA) and the Local Government (Rating) Act 2002 (LG(R)A)

1.1 Legislative Framework

The LGA and LG(R)A set out the processes required to set rates. This involves adoption of the Long-Term Plan/Annual Plan, including the Funding Impact Statement, and then setting rates for the financial year in accordance with the Funding Impact Statement (FIS).

1.2 Alignment with Strategic Framework

A Healthy Environment
Freshwater for Life
Safe and Resilient Communities
A Vibrant Region
The Way We Work	We deliver value to our ratepayers and our customers.

Rates revenue supports the delivery of all our work to achieve the Community Outcomes.

1.2.1 Community Well-beings Assessment

Dominant Well-Beings Affected

¨ Environmental

¨ Cultural

¨ Social

¨ Economic

Rates revenue supports the delivery of all of our work to improve the well-beings.

2. Rates Setting

2.1 Rates Resolution

The Rates Resolution is a local authority’s formal legal decision to impose specific rates on a community and creates the obligation to pay. Each rate must be set in accordance with the relevant FIS and Long-Term Plan.

The preparation of the Rates Resolution must be in accordance with section 23 of the Rating Act. The rates set in the resolution must:

a) Relate to a financial year

b) Be set in accordance with the relevant provisions of the Council’s LTP and FIS for that financial year.

2.2 Annual Plan

The Annual Plan shows what the Council intends to do and how it will go about delivering on its objectives for the coming financial year.

The detailed legal requirements for the content of the Annual Plan are set out in Schedule 10, Part 2 of the LGA. This includes the FIS and rating base information which are directly related to the Rates Resolution.

2.3 Funding Impact Statement

The FIS is a detailed explanation to the community of the rates that will be charged, how they will be calculated and what they will be used for. Ratepayers should be able to work out what they will pay from this document.

The FIS must be in the prescribed form, and must identify:

a) The sources of funding to be used by the local authority.

b) The amount of funds expected to be produced from each source; and

c) How the funds are to be applied.

3. Local Government Rate Setting Reviews

3.1 Audit Implications

While the Annual Plan is not subject to an audit process, Audit New Zealand carries out an Annual Plan legal compliance assessment as part of the Annual Report audit process.

3.2 Legal Review

External legal advice has been sought to perform a statutory compliance review for the 2023/24 financial year’s rate setting process.

Feedback from this process has been incorporated into the draft paper “Rates Setting for the 2023/24 Financial Year” (Attachment 1) and the FIS included in the draft Annual Plan 2023/24.

4. Considerations

4.1 Risks and Mitigations

The main risk relates to the rates setting process not being legislatively compliant. This has been managed through a full external legal review of the FIS and draft Rates Resolution.

Risks related to the amount of rates to be collected and levels of service have been discussed separately through the Annual Plan process.

4.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3 Implications for Māori

Council’s Revenue and Financing Policy and the policy on the Remission and Postponement of Rates on Māori Freehold Land support the principles set out in the Preamble to Te Ture Whenua Māori Act 1993. Māori freehold land may, in certain circumstances, be eligible for rates remissions.

Māori owners of General Land are affected in the same way as any other member of the community in the same situation regarding property ownership and ability to pay.

4.4 Community Engagement

INFORM

Whakamōhio

To provide affected communities with balanced and objective information to assist them in understanding the problems, alternatives and/or solutions.

Council deliberated on the draft Annual Plan 2023/24 at the 25 May 2023 meeting. This followed a series of Council workshops through late 2022 and early 2023. Council determined that the draft Annual Plan 2023/24 did not include significant or material changes from year three of the Long-Term Plan 2021-2031 and that community consultation was therefore not necessary.

4.5 Financial Implications

The work required to set rates for 2023/24 is planned under the Finance Activity in the Annual Plan 2022/23. Costs related to rates collection are planned under the Finance Activity in the draft Annual Plan 2023/24.

5. Next Steps

The next steps for this process are to finalise the amount of all rates based on decisions from the 25 May 2023 Annual Plan deliberations meeting, and set any relevant dates for rates arrears that remain under the administration of other councils.

At the 29 June 2023 meeting, Council will receive recommendations to adopt the Annual Plan 2023/24 and adopt the Rates Resolutions.

Attachments

Attachment 1 - Draft Rates Setting Report ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	14 June 2023
Report Writer:	Kirsty Brown, Rivers and Drainage Assets Manager
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	To provide an overview of the ongoing data improvement work underway and the associated Annual Report implications.

Assets Register - Data Improvements

Executive Summary

The Assets Team have been working on a continuous improvement programme to enhance the asset data of the assets register to enable effective management of the assets throughout their lifecycle.

Overall, the data improvement programme has optimised the management of the Rivers and Drainage assets with improved financial reporting accuracy.

During 2022/23, the improvement programme has identified $4.8 million in previously unrecorded assets.

There are indications that a prior period error may be disclosed in the draft 2022/23 Annual Report. The disclosure is being revisited by Audit NZ, and the outcome of their review will be communication during the audit process.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Assets Register - Data Improvements.

1. Introduction

The Assets team have been developing and implementing a continuous improvement programme to enhance asset management processes, systems, and data. One of the key areas of improvement is the data quality of the fixed assets register. This includes enhancing the asset register with updated asset information to ensure reliability e.g. removing disposed assets.

These improvements optimise asset management and requires financial and audit adjustments to be made as outlined in this report. The Council manages and maintains assets through Asset Management Plans.

1.1 Alignment with Strategic Framework

Safe and Resilient Communities	We support community safety through flood protection and navigation safety.
A Vibrant Region	We invest appropriately in infrastructure to support sustainable development.
The Way We Work	We continually seek opportunities to innovate and improve.

1.1.1 Community Well-beings Assessment

Dominant Well-Beings Affected

þ Environmental

Medium - Positive

þ Cultural

High - Positive

þ Social

High - Positive

þ Economic

High - Positive

2. Assets Data Improvement

2.1 Background

The continuous improvement programme to enhance the asset data throughout their lifecycle. This involves updating asset information, such as:

· Capturing historical assets.

· Updating assets with attribute information.

· Splitting assets with multiple components which had been added to the register as a single asset.

· Removing assets from the register that no longer exist or should have been disposed of.

2.1.1 Annual Asset Valuation 2022/23

Council has a formal process of updating asset values on an annual basis (1 July each year). The primary purpose of the valuation is to provide information for:

· Infrastructure insurance purposes.

· Calculating the level of depreciation (impacts targeted rates).

· Updating values in Council’s financial management system.

· Complying with accounting standards.

Through the data improvement programme assets have been identified or amended in the asset register and have now been included in the 2022/23 annual valuation.

For the 2022/23 financial year, the total value of unrecorded asset data is $4.8 million (2020/21 - $577,000 and 2021/22 - $253,000).

2.1.2 Audit Implications

Audit NZ have been advised of the $4.8 million of assets in advance of the final Annual Report audit visit. This approach aims to proactively manage the accounting treatment of this matter in advance of the finalisation of the audit process.

The initial opinion from Audit NZ suggests that the unrecorded assets should be disclosed as a prior period error in the draft 2022/23 Annual Report. This is because the costs should have been classified as capital expenditure. Audit NZ is currently finalising their technical view on this matter.

If Audit NZ confirms their initial view on this matter, Council will be required to disclose a prior period error in draft 2022/23 Annual Report and each subsequent financial year where the asset data improvements exceed the determined materiality level through future audit processes.

3. Considerations

3.1 Risks and Mitigations

To ensure Annual Report data accuracy the Assets Team will be working closely with the Finance Team to ensure financial awareness, and to seek advice and guidance.

3.2 Climate Change

Mitigation			Adaptation
Reduce GHG emissions	Produce GHG emissions	Sequester carbon	Anticipate climate change impacts	Respond to climate change impacts
☐	☐	☐	☒	☒

Robust data ensures that we are better equipped to adapt to the consequences of climate change and supports service delivery throughout a changing environment.

3.3 Implications for Māori

Iwi and hapū have a strong interest in the long-term management of our rivers and waterways. The work undertaken is fundamentally of interest to Māori, as kaitiaki.

3.4 Community Engagement

INFORM

Whakamōhio

To provide affected communities with balanced and objective information to assist them in understanding the problems, alternatives and/or solutions.

3.5 Financial Implications

This programme of work and financial reporting will provide a more comprehensive and reliable representation of Council’s asset portfolio.

There are minor financial implications including:

· A marginal increase in depreciation costs e.g. additional assets valued at $4.8 million for 2022/23 results in an estimated increase of $33,000 per annum in depreciation.

· Additional assets in the fixed asset register will have a slight impact on premiums with an estimated increase of $10,000 in costs.

4. Next Steps

Future actions will include working closely with the Finance Team and Audit NZ to ensure financial awareness, seek advice and guidance.