Agenda of Risk and Assurance Committee - Wednesday, 27 November 2024

Risk and Assurance Committee

Membership

Chairperson	Cr Stuart Crosby
Deputy Chairperson (Independent)	Bruce Robertson
Members	Cr Ron Scott Cr Andrew von Dadelszen Cr Te Taru White Cr Kevin Winters
Ex Officio	Chairman Doug Leeder
Quorum	Three members, consisting of half the number of members
Meeting frequency	Quarterly

Purpose

Monitor the effectiveness of Council’s funding and financial policies and frameworks to ensure the Council is managing its finances in an appropriate manner.

Monitor the effectiveness of Council's performance monitoring framework.

Ensure that Council is delivering on agreed outcomes.

Role

· Monitor the effectiveness of Council’s funding and financial policies and Council’s performance monitoring framework (financial and non-financial).

· Review Council’s draft Annual Report prior to Council’s adoption.

· Receive and review external audit letters and management reports.

· Approve and review the internal audit plan and review the annual programme report.

· Approve, review and monitor Council’s risk framework and policy.

· Review the risk register.

· Monitor Council’s legislative compliance and receive reporting on non-compliance matters as part of risk management reporting.

Power to Act

To make all decisions necessary to fulfil the role and scope of the committee subject to the limitations imposed.

Power to Recommend

To Council and/or any standing committee as it deems appropriate.

The Risk and Assurance Committee is not delegated authority to:

· Develop, review or approve strategic policy and strategy.

· Develop, review or approve Council’s Financial Strategy, funding and financial policies and non-financial operational policies and plans.

The Risk and Assurance Committee reports directly to the Regional Council.

Recording of Meetings

Please note the Public section of this meeting is being recorded and streamed live on Bay of Plenty Regional Council’s website in accordance with Council's Live Streaming and Recording of Meetings Protocols which can be viewed on Council’s website. The recording will be archived and made publicly available on Council's website within two working days after the meeting on www.boprc.govt.nz for a period of three years (or as otherwise agreed to by Council).

All care is taken to maintain your privacy; however, as a visitor in the public gallery or as a participant at the meeting, your presence may be recorded. By remaining in the public gallery, it is understood your consent is given if your image is inadvertently broadcast.

Opinions expressed or statements made by individual persons during a meeting are not the opinions or statements of the Bay of Plenty Regional Council. Council accepts no liability for any opinions or statements made during a meeting.

Risk and Assurance Committee 27 November 2024

Recommendations in reports are not to be construed as Council policy until adopted by Council.

Agenda

1. Apologies

2. Public Forum

3. Items not on the Agenda

4. Order of Business

5. Declaration of Conflicts of Interest

6. Public Excluded Business to be Transferred into the Open

7. Minutes

Minutes to be Confirmed

7.1 Risk and Assurance Committee Minutes - 25 September 2024 1

8. Reports

8.1 Chairperson's Report 1

Attachment 1 - Appendix 1 - Risk and Assurance Work Programme Mar 2025 - Jun 2025 1

Attachment 2 - Appendix 2 - Risk and Assurance Completed Work Programme March 2023 to Sept 2024 1

8.2 Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ended 30 June 2024 1

Attachment 1 - Report to Council on the audit of BOPRC for the year ending 30 June 2024 1

8.3 Expenditure and Koha report for the year ended 30 June 2024 1

Attachment 1 - Hei Maanaki (Koha Guidelines) 1

Attachment 2 - Koha for the twelve months ended 30 June 2024 - REDACTED 1

Attachment 3 - Koha for the twelve months ended 30 June 2024 - UNREDACTED - Public Excluded

Attachment 4 - Sensitive expenditure spend for the year ended 30 June 2024 1

Attachment 5 - Supplier Payments Report for Year Ending 30 June 2024 - REDACTED 1

Attachment 6 - Supplier Payments Report as at 30 June 2024 - UNREDACTED - Public Excluded

8.4 Internal Audit Update and Completed Audit Reports 1

Attachment 1 - Science Management Framework Review Internal Audit Report - Executive Summary 1

9. Public Excluded Section

Resolution to exclude the public

Excludes the public from the following parts of the proceedings of this meeting as set out below:

The general subject of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the Local Government Official Information and Meetings Act 1987 for the passing of this resolution are as follows:

Item No.	Subject of each matter to be considered	Reason for passing this resolution in relation to each matter	Grounds under Section 48(1) for the passing of this resolution	When the item can be released into the public
8.3	Expenditure and Koha report for the year ended 30 June 2024 - Attachment 3 - Koha for the twelve months ended 30 June 2024 - UNREDACTED - Public Excluded	Withholding the information is necessary to protect the privacy of natural persons, including that of deceased natural persons.	48(1)(a)(i) Section 7 (2)(a).	To remain in public excluded.
8.3	Expenditure and Koha report for the year ended 30 June 2024 - Attachment 6 - Supplier Payments Report as at 30 June 2024 - UNREDACTED - Public Excluded	Withholding the information is necessary to protect the privacy of natural persons, including that of deceased natural persons.	48(1)(a)(i) Section 7 (2)(a).	To remain in public excluded.
9.1	Public Excluded Risk and Assurance Committee Minutes - 25 September 2024	As noted in the relevant Minutes.	As noted in the relevant Minutes.	To remain in public excluded.
9.2	Key Risk Register	Withholding the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.	48(1)(a)(i) Section 7 (2)(j).	On the Chief Executive's approval.
9.3	Flood Implications Work Programme Update	Withholding the information is necessary to maintain legal professional privilege.	48(1)(a)(i) Section 7 (2)(g).	On the Chief Executive's approval.

8.3 Expenditure and Koha report for the year ended 30 June 2024

Attachment 3 - Koha for the twelve months ended 30 June 2024 - UNREDACTED - Public Excluded

Attachment 6 - Supplier Payments Report as at 30 June 2024 - UNREDACTED - Public Excluded

Minutes to be Confirmed

9.1 Public Excluded Risk and Assurance Committee Minutes - 25 September 2024

Reports

9.2 Key Risk Register

Attachment 1 - Key Risk Register September 2024

9.3 Flood Implications Work Programme Update

10. Public Excluded Business to be Transferred into the Open

11. Readmit the Public

12. Consideration of Items not on the Agenda

Risk and Assurance Committee Minutes

25 September 2024

Risk and Assurance Committee

Open Minutes

Commencing: Wednesday 25 September 2024, 9.30 am

Venue: Council Chambers, Regional House, 1 Elizabeth Street, Tauranga, and via Zoom (Audio Visual Meeting)

Chairperson: Cr Stuart Crosby

Deputy Chairperson: Bruce Robertson (Independent Member)

Members: Cr Ron Scott

Cr Andrew von Dadelszen

Cr Te Taru White (via Zoom)

Chairman Doug Leeder (Ex Officio)

In Attendance: Councillors: Cr Jane Nees, Cr Kat Macmillan, Cr Lyall Thurston

Staff: Fiona McTavish – Chief Executive; Mat Taylor – General Manager, Corporate; Chris Ingle – General Manager, Integrated Catchments; Reuben Fraser – General Manager, Regulatory Services (via Zoom); Kumaren Perumal – Chief Financial Officer; Steven Slack – Risk & Assurance Manager; Monique Brooks - Legal and Commercial Manager; Jenny Teeuwen – Committee Advisor

External: Leon Pieterse and Warren Goslett - Audit NZ (via Zoom)

Apologies: Cr Kevin Winters

1. Chairperson’s Opening Statement

The Chairperson, Cr Stuart Crosby, declared the meeting open and reminded those present that the public section of the meeting was being livestreamed and recorded and that the recording would be available on the Bay of Plenty Regional Council YouTube channel following the meeting, link: Risk and Assurance Committee - 25 September 2024 (youtube.com).

2. Apologies

Resolved

That the Risk and Assurance Committee:

1 Accepts the apology from Cr Winters tendered at the meeting.

Crosby/Robertson

CARRIED

3. Order of Business

The Chairperson noted that in the Public Excluded session, item 10.2: Presentation - Hawke’s Bay Cyclone Gabrielle Review, would be taken at 11.00am to accommodate the availability of the presenter, Kyle Christensen.

4. Declaration of Conflicts of Interest

Councillors Crosby and White declared a conflict of interest for item 9.2: Progress update on the Draft Annual Report for the year ended 30 June 2024, for matters regarding Quayside, both being Directors of Quayside Holdings Ltd.

5. Minutes

Minutes to be Confirmed

5.1

Risk and Assurance Committee Minutes - 5 June 2024

Resolved

That the Risk and Assurance Committee:

1 Confirms the Risk and Assurance Committee Minutes - 5 June 2024 as a true and correct record.

von Dadelszen/Scott

CARRIED

6. Reports

6.1

Chairperson's Report

Presented by: Mat Taylor – General Manager, Corporate

In Response to Questions

· Bay of Plenty Regional Council Toi Moana (BOPRC) had championed benchmarking across the regional sector but had encountered some reluctance. It was hoped that central government’s recent comments around benchmarking may invigorate this.

· Examples of how BOPRC was working collaboratively across the sector included:

- Regional and Unitary Councils Aotearoa (Te Uru Kahika) were currently working on presenting back to central government on the core services that regional councils should be providing and how they should be measured, and BOPRC was involved in this.

- The regional council sector was also collectively looking at how Victoria and New South Wales (Australia) undertook benchmarking, and would present the findings back to the Department of Internal Affairs (DIA) to support the ministerial direction.

- Work was also being undertaken through the Corporate Special Interest Group (SIG) around benchmarking in the corporate area so this was consistent across councils.

- Considering use of best available technology e.g. water allocation technology.

- Working collaboratively across the sector to utilise best practice:

o BOPRC Dive Team – kept Bay of Plenty region’s harbours and estuaries safe from marine pests, and were contracted around New Zealand by other councils.

o Northland Regional Council (NRC) were the lead council for the eradication of Caulerpa seaweed; they would provide assistance to this region if the pest was found here.

o Horizons Regional Council (HRC) were the only council in New Zealand that had flood modellers on staff. BOPRC could use the expertise of that unit as opposed to contracting it in.

- BOPRC undertook deliverability reviews that were reported through to this committee, particularly in the corporate area to look at reducing corporate costs.

· Having an agreed set of performance measures that central government was interested in and BOPRC could demonstrate was the key next step.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Chairperson's Report.

Crosby/Robertson

CARRIED

6.2

Progress update on the Draft Annual Report for the year ended 30 June 2024

Presented by: Kumaren Perumal – Chief Financial Officer

AJ Prinsloo – Finance Manager

Leon Pieterse – Audit NZ (via Zoom)

Warren Goslett – Audit NZ (via Zoom)

Key Points

· Provided update on the preparation of the Annual Report for the year ended 30 June 2024 and the progress of the document’s audit process to date.

· Still on track for verbal audit clearance for the Annual Report on 15 October 2024 and adoption of the Annual Report on 23 October 2024.

In Response to Questions

· A performance measure for the reduction of BOPRC carbon emissions by 26% was included in the Annual Report.

· Nothing extraordinary had been identified by either the Finance team or Audit NZ during the estimates and underlying assumptions review exercise.

· The Annual Report covered and closed off the last annual plan of the 2021/31 Long Term Plan (LTP) so some of the language/terminology might now seem out of date.

· Prudent debt management – suggested that BOPRC’s key liquid assets should be identified for clearer understanding/readability. In conjunction with Audit NZ, staff would look at re-wording for better clarity.

· It was noted that central government direction on disclosure around financial prudence was quite prescriptive, especially around the explanations for each benchmark, and was to ensure consistency across the sector and to enable central government to use the data for comparability reasons. Staff, along with Audit NZ would consider if there was any flexibility around the disclosure narrative.

· Additional commentary to give better context to actual results against targets for the “Percentage of monitored river and stream sites that meet the swimmability requirements” performance measure would be considered.

· The current 2024/34 LTP no longer had a performance measure for Return on Investment (ROI) against volunteers.

Key Points - Members

· Would like to see biosecurity included and feature prominently in the Strategic Priorities list.

· Suggested that “Ensuring the region was adapting to a changing climate” should be moved to the top of the list of Strategic Priorities.

· Suggested that an alternative be considered for the phrase “cost of living crisis” e.g. challenging financial times, or similar.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Progress update on the Draft Annual Report for the year ended 30 June 2024.

Robertson/von Dadelszen

CARRIED

6.3

Chairman's Discretionary Fund 2023/24

Presented by: Mat Taylor – General Manager, Corporate

In Response to Questions

· The annual Chairman’s Discretionary Fund budget was $15,000.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Chairman's Discretionary Fund 2023/24.

von Dadelszen/Crosby

CARRIED

6.4

Local Government Official Information & Meetings Act 1987 - Annual Report 2023/24

Presented by: Monique Brooks - Legal and Commercial Manager

In Response to Questions

· The topic of the customer complaint that was still open with the Ombudsman was confidential and could not be disclosed in the Open session of this meeting.

· BOPRC did have repeat Local Government Official Information & Meetings Act (LGOIMA) requesters from time to time.

· There were no common themes for requests, but there were particular hot topics from time to time e.g. use of public funds, transport.

· There had been no particular requests for information regarding BOPRC’s Open versus Public Excluded meetings/workshops.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Local Government Official Information & Meetings Act 1987 - Annual Report 2023/24.

von Dadelszen/Scott

CARRIED

6.5

Internal Audit Annual Report 2023/24 and Status Update

Presented by: Steven Slack – Risk & Assurance Manager

In Response to Questions

· ICT security actions – the audit action included a broad range of systems and there was confidence that the core high risk systems had been investigated and the associated actions closed, but there were still a number of low risk systems to be investigated and therefore the overall ICT Security audit action remained open.

Resolved

That the Risk and Assurance Committee:

1 Receives the report, Internal Audit Annual Report 2023/24 and Status Update.

von Dadelszen/Crosby

CARRIED

1. Public Excluded Section

Resolved

Resolution to exclude the public

1 Excludes the public from the following parts of the proceedings of this meeting as set out below:

Item No.	Subject of each matter to be considered	Reason for passing this resolution in relation to each matter	Grounds under Section 48(1) for the passing of this resolution	When the item can be released into the public
1.1	Public Excluded Risk and Assurance Committee Minutes - 5 June 2024	As noted in the relevant Minutes.	As noted in the relevant Minutes.	To remain in public excluded.
1.2	Hawke's Bay Cyclone Gabrielle Review	Withholding the information is necessary to avoid prejudice to measures that prevent or mitigate material loss to members of the public.	48(1)(a)(i) Section 7 (2)(e).	To remain in public excluded.
1.3	Completed Internal Audit Reviews	Withholding the information is necessary to protect information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information, or information from the same source, and it is in the public interest that such information should continue to be supplied.	48(1)(a)(i) Section 7 (2)(c)(i).	On the Chief Executive's approval.
1.4	Legal Services - Annual Report 2023/24	Making the information available would be likely to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial; Withholding the information is necessary to maintain legal professional privilege.	48(1)(a)(i) Section 6 (a); 48(1)(a)(i) Section 7 (2)(g).	To remain in public excluded.
1.5	Legislative Compliance - Annual Report 2023/24	Making the information available would be likely to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial; Withholding the information is necessary to maintain legal professional privilege.	48(1)(a)(i) Section 6 (a); 48(1)(a)(i) Section 7 (2)(g).	To remain in public excluded.
1.6	Key Risk Register - June 2024	Withholding the information is necessary to enable any local authority holding the information to carry out, without prejudice or disadvantage, commercial activities.	48(1)(a)(i) Section 7 (2)(h).	On the Chief Executive's approval.
1.7	Key Risk Deep Dive Report - Digital and Information Management	Withholding the information is necessary to avoid prejudice to measures that prevent or mitigate material loss to members of the public; Withholding the information is necessary to prevent the disclosure or use of official information for improper gain or improper advantage.	48(1)(a)(i) Section 7 (2)(e); 48(1)(a)(i) Section 7 (2)(j).	To remain in public excluded.

2 That Kyle Christensen be permitted to be present in the public excluded section of the meeting to present item 10.2: Presentation – Hawke’s Bay Cyclone Gabrielle Review.

Scott/von Dadelszen

CARRIED

12.44pm – the meeting closed.

Confirmed

Cr Stuart Crosby

Chairperson, Risk and Assurance Committee



Report To:	Risk and Assurance Committee
Meeting Date:	27 November 2024
Report Writer:	Mat Taylor, General Manager, Corporate
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	Update on Risk and Assurance Committee Activities

Chairperson's Report

Executive Summary

This report provides the Committee with an update on Risk and Assurance Committee activities.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Chairperson's Report.

1. Introduction

The report shows an updated Risk and Assurance Work Programme for the year ahead, and an updated Risk and Assurance Completed Work Programme.

1.1 Alignment with Strategic Framework

How we work

3. What we do, we do well

2. Risk and Assurance Work Programme

Attachment 1 shows the Risk and Assurance Work Programme for 2024/25. This Work Programme sets out the planned and scheduled reporting to the Risk and Assurance Committee.

The attachment is categorised to identify the broad areas of responsibility for the Committee. Other items may be added by councillors and staff should this be required to respond to issues as they occur throughout the year.

3. Risk and Assurance Completed Work Programme

Attachment 2 shows the Risk and Assurance Completed Work Programme for the period March 2023 – September 2024.

4. Considerations

4.1 Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

4.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

4.3 Implications for Māori

There are no implications for Māori.

4.4 Financial Implications

This work is being undertaken within the current budget for the Governance Activity of the Long-Term Plan 2021 – 2031.

Attachments

Attachment 1 - Appendix 1 - Risk and Assurance Work Programme Mar 2025 - Jun 2025 ⇩

Attachment 2 - Appendix 2 - Risk and Assurance Completed Work Programme March 2023 to Sept 2024 ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	27 November 2024
Report Writer:	Nolene Naude, Financial Accounting Team Lead; AJ Prinsloo, Finance Manager and Kumaren Perumal, Chief Financial Officer
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	The Risk and Assurance Committee to receive the Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ending 30 June 2024

Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ended 30 June 2024

Executive Summary

The purpose of this report is to present the Audit New Zealand Report (the Report) on the audit of the Bay of Plenty Regional Council for the year ending 30 June 2024. The report outlines audit findings, recommendations (with accompanying management responses) and prioritises them as urgent, necessary or beneficial. There are a total of six open recommendations as at 30 June 2024, prioritised as necessary.

There were no recommendations prioritised as urgent.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Audit New Zealand Report on the audit of the Bay of Plenty Regional Council for the year ended 30 June 2024.

1. Introduction

The Report sets out findings arising from the final audit performed over the period August to October 2024.

Audit New Zealand has identified areas where Council is performing well along with recommendations for areas where improvements can be made. The report also provides an update on action taken by staff against previous audit recommendations. The final report includes management responses where appropriate.

The Reports includes the results for Council and the Quayside Group. The results for Council are summarised below.

1.1 Alignment with Strategic Framework

How we work

1. We look to add value regionally

The Report provides audit findings on the overall performance of Council outlining recommendations for improvement and progress against prior recommendations. As a result, it supports the delivery of all Community Outcomes and How we work.

1.1.1 Community Well-beings Assessment

Dominant Well-Beings Affected

þ Environmental

þ Cultural

þ Social

þ Economic

The Report outlines audit findings on Council’s financial and non-financial performance for the year ending 30 June 2024, recommendations for improvement and progress on management’s response to prior year recommendations and promotes all aspects of community well-being.

2. Findings from the report

The Report outlines the matters identified during the audit, new recommendations, and the status of previous recommendations.

In addition to the above, the Report also includes the outcome of matters raised in the Audi Plan.

There was one new necessary recommendation raised. Detailed information for each recommendation can be found in Attachment 1.

There are six previous recommendations of which five are open and one closed. A status summary of Audit New Zealand’s recommendations is set out in the following table:

Table 1 Status of Audit New Zealand Recommendations:

Priority	Previous Open Action	New Actions	Closed Actions	Current Open Actions
Beneficial	-	-	-	-
Necessary	6	1	1	6
Urgent	-	-	-	-
Total	6	1	1	6

3. Considerations

3.1 Risks and Mitigations

There are no direct risk implications arising from this report.

3.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

3.3 Implications for Māori

There are no direct implications for Māori arising from this report.

3.4 Community Engagement

Engagement with the community is not required as the recommended proposal / decision relates to internal Council matters only.

3.5 Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

4. Next Steps

Audit New Zealand has highlighted recommendations from the final audit for the year ending 30 June 2024. These have been appropriately noted and actions are underway to address the remaining open recommendations.

Attachments

Attachment 1 - Report to Council on the audit of BOPRC for the year ending 30 June 2024 ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	27 November 2024
Report Writer:	Kumaren Perumal, Chief Financial Officer; AJ Prinsloo, Finance Manager and Nolene Naude, Financial Accounting Team Lead
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	Provide Supplier and Koha expenditure for the twelve months ended 30 June 2024

Expenditure and Koha report for the year ended 30 June 2024

Executive Summary

This report provides financial information about Council’s supplier and koha spend for 2023/24.

The Audit New Zealand Management Report to Council for the year ending 30 June 2022 recommended sensitive expenditure incurred by the Chair and senior management to be reported to those charged with governance to allow oversight.

The annual supplier spend report provides total spend per supplier where the total spend is greater than $50,000 (excluding goods and services tax) for the twelve months ended 30 June 2024.

This report also incorporates Council’s Koha Expenditure for 2023/24 and sensitive expenditure incurred by Elected members and the Leadership Team.

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Expenditure and Koha report for the year ended 30 June 2024.

2 Confirms the public be excluded on the grounds set out in the Local Government Official Information and Meetings Act 1987 from consideration of the following report attachments:

(a) Koha for the twelve months ended 30 June 2024 - UNREDACTED under Section 48(1)(a)(i) Section 7 (2)(a) as withholding the information is necessary to protect the privacy of natural persons, including that of deceased natural persons and that this attachment remain in Public Excluded.

(b) Supplier Payments Report as at 30 June 2024 - UNREDACTED under Section 48(1)(a)(i) Section 7 (2)(a) as withholding the information is necessary to protect the privacy of natural persons, including that of deceased natural persons and that this attachment remain in Public Excluded.

1. Introduction

This annual supplier spend report provides open and transparent information of Council’s significant payments to third parties including suppliers, contractors and consultants for the year ended 30 June 2024. It also provides details of Koha spend.

1.1 Alignment with Strategic Framework

How we work

1. We look to add value regionally

1.1.1 Community Well-beings Assessment

Dominant Well-Beings Affected

þ Environmental

þ Cultural

þ Social

þ Economic

Council’s Expenditure and Koha report for the year ended 30 June 2024 covers all aspects of the Community Well-Beings.

2. Information

The Hei Manaaki (Koha Guidelines) have been attached to this report as requested in prior years (Attachment 1).

The expenditure information has been extracted from Council’s financial management system. The Koha spend and annual supplier spend report for the twelve months ended 30 June 2024 is provided (Attachment 2).

The supplier spend report lists the total spend per supplier for the period stated, where the total is greater than $50,000 (excluding GST). This helps to keep the report length and detail within a manageable size (Attachment 5).

This report provides information for expenditure values only, and it does not show where revenue has been received to offset payments. Statutory bodies e.g. ACC, are excluded from the annual supplier spend report. Some of the information is redacted where appropriate.

Sensitive expenditure for Elected Members and the Leadership Team has been provided to the Committee to allow oversight (Attachment 4). The oversight is a requirement from the Office of the Auditor General and considered good practice. Sensitive expenditure is defined as any spending by an organisation that could be seen to be giving private benefit to staff (and elected members) additional to the business benefit to the organisation.

The sensitive expenditure lists the type of expenditure for the Elected Members and the Leadership Team.

3. Considerations

3.1 Risks and Mitigations

The matters addressed in this report are of an informative nature and there is no need to consider the risks and mitigations.

3.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

3.3 Implications for Māori

The giving of Koha is a cultural practice that is widely supported and implemented. Koha is a gesture of reciprocity, respect and manaakitanga. Koha can be expressed by way of gifts (financial or non-financial) or support in-kind. It is common to acknowledge cultural expertise via Koha or to provide Koha to grieving whānau during tangihanga. There are positive implications of the act of Koha, particularly in demonstrating an understanding and appreciation of tikanga Māori.

3.4 Community Engagement

Engagement with the community is not required as the recommended proposal / decision relates to internal Council matters only.

The report provides information to Council relating to expenditure and koha. As such no community engagement is required.

4. Next Steps

No further specific steps are required.

Attachments

Attachment 1 - Hei Maanaki (Koha Guidelines) ⇩

Attachment 2 - Koha for the twelve months ended 30 June 2024 - REDACTED ⇩

Attachment 3 - Koha for the twelve months ended 30 June 2024 - UNREDACTED (Public Excluded) ⇩

Attachment 4 - Sensitive expenditure spend for the year ended 30 June 2024 ⇩

Attachment 5 - Supplier Payments Report for Year Ending 30 June 2024 - REDACTED ⇩

Attachment 6 - Supplier Payments Report as at 30 June 2024 - UNREDACTED (Public Excluded) ⇩



Report To:	Risk and Assurance Committee
Meeting Date:	27 November 2024
Report Writer:	Steven Slack, Risk and Assurance Manager
Report Authoriser:	Mat Taylor, General Manager, Corporate
Purpose:	To provide an update on the internal audit programme.

Internal Audit Update and Completed Audit Reports

Executive Summary

This report provides an update on the status of internal audit activities as at 30 September 2024 and includes:

· The status of internal audit reviews in the current year;

· The status of follow up of internal audit recommendations and management actions to 30 September 2024.

· The Executive Summary for the Science Management internal audit (Attachment 1).

Recommendations

That the Risk and Assurance Committee:

1 Receives the report, Internal Audit Update and Completed Audit Reports.

1. Introduction

This report provides the annual update on internal audit activity undertaken by internal audit staff and external assurance specialists as part of Bay of Plenty Regional Council’s co-sourced internal audit approach. It includes:

· The status of internal audit reviews in the current year;

· The status of follow up of internal audit recommendations and management actions to 30 September 2024;

· The Executive Summary for the Science Management internal audit (Attachment 1).

1.1 Alignment with Strategic Framework

How we work

6. We innovate and are not afraid to do things differently

2. Internal Audit Work Plan 2024/25

Based on the Internal Audit Work Plan 2024/25 the following table summarises the status of internal audit reviews for 2024/25.

Review	Field work	GM Sponsor	Status	Status of Internal Audit
Review	Field work	GM Sponsor	Status	Planning /Scope	Fieldwork	Draft Report	Mgmt Actions	Final Report
External partner project management	BOPRC	Chief Executive	In Progress	Complete
Focus Catchments	BOPRC	Integrated Catchments	In Progress	Complete	In Progress
Health & Safety	External	Corporate	In Progress	Complete	Complete	Complete	Complete	In Progress
Asset management planning
Community participation, partnerships, & relationships
Finance, investments, & treasury
Forecasting & budgeting	BOPRC	Corporate	In Progress	In Progress
FTE Management
Policy planning cycle
Revenue & financing policy
Privacy of information review

We have appointed Clive Gough as the new Principal Internal Auditor and he commenced work with us on 19^th November. Clive comes to us with a wealth of experience across both the private and public sector here in NZ and Australia.

Clive’s appointment will enable BOPRC to continue delivering the internal audit program and explore expanded opportunities to deliver shared services with Bay of Plenty councils.

3. Internal Audit Follow Up

3.1 Management Actions

Internal Audit has reviewed all open management actions as part of the follow up work in the 2024/25 Work Plan.

Figure 1 Open management actions (1 July 2024 vs 30 September 2024)

Fifteen ICT security actions remain open, while these actions have been partially implemented through temporary controls being put in place or actioned with respect to the high-risk core systems, the action remains open whilst the Digital Team assess whether there is feasibility to implement either an enhanced solution or determine whether the action is required for non-core systems.

A project is currently underway to refresh and enhance the Business Continuity Planning framework.

3.2 Improvement Actions

Internal Audit has reviewed all open improvement actions as part of the follow up work in the 2024/25 Work Plan.

Figure 2 Open improvement actions (1 July 2024 vs 30 September 2024)

4. Completed internal audit reviews

BOPRC Internal Audit team has completed the following audit:

· Science Management Framework Review internal audit.

4.1 Science Management Framework Review

The overall objective of this review was to assess the adequacy and effectiveness of the BOPRC science function to ensure advice is provided in a sufficiently robust and controlled manner.

The Executive Summary for this internal audit is included as Attachment 1.

Based on the results of the review, we have rated the control environment relating to the science management framework as ‘Satisfactory’.

Overall Rating

Satisfactory

The overall rating reflects that the BOPRC science function was found to be sufficiently robust.

The findings largely address enhancements rather than deficiencies.

Enhancements were recommended with respect to:

· Creating a clear succession plan to address any loss of skill or knowledge.

· Improvements over recording of instrument calibration, that meet best practice requirements.

· Establishing a central place on the network drive to manage all science team documents and files.

We also commend the science team for already implementing the calibration finding and acknowledge that the management of documents and files will largely be addressed with the implementation of the new document management system (SharePoint).

Within the science management framework and supporting processes we identified good practices and controls operating effectively including:

· Long-serving staff that hold a large amount of cumulative knowledge and skill.

· A team-based culture that works collaboratively towards common goals (eg. supporting the plan change under the NPSFM programme).

· Ongoing monitoring data is openly shared on various national databases.

· Significant improvements made to its monitoring technologies and tools which assist the team in making more informed decisions.

The ratings scale used for Internal Audits:

Figure 1: Updated Internal Audit Scale

5. Considerations

5.1 Risks and Mitigations

There are no significant risks associated with this matter/subject/project/initiative.

5.2 Climate Change

The matters addressed in this report are of a procedural nature and there is no need to consider climate change impacts.

5.3 Financial Implications

There are no material unbudgeted financial implications and this fits within the allocated budget.

6. Next Steps

To note the Internal Audit Status Update.

Attachments

Attachment 1 - Science Management Framework Review Internal Audit Report - Executive Summary ⇩