Agenda of Audit and Risk Committee

Tasman District Council Audit and Risk Committee Agenda – 18 March 2021

7 Reports

7.1 Internal Audit Update Report

Information Only - No Decision Required

Report To:	Audit and Risk Committee
Meeting Date:	18 March 2021
Report Author:	Charlotte Thomas, Financial Accountant
Report Number:	RFNAU21-03-1

1 Summary

1.1 This report covers a range of internal audit and process matters. The purpose of the Internal Audit function at Tasman District Council (TDC) is to assist the Council to achieve its objectives by providing independent and objective assurance and consulting services to add value and improve the Council’s operations. The Council’s internal audit function continues to monitor and respond to emerging risks. The impact of Covid-19 has extended the timeframes for work programmes for many activities within the Council, including Finance. Significantly, the delay of the Annual Report to mid-December 2020 had a flow-on effect into the rest of the years’ work program for both the external auditor, Audit NZ and the Council.

1.2 Internal Audit Plan – There is still a need to develop a risk-based audit plan with focus areas based on an assurance map. Progress against the current plan includes Sensitive Expenditure, Refuse Centre and Cybersecurity.

1.3 External Audit, Annual Report 2020 - Audit New Zealand’s (Audit NZ) management letter was received, with new recommendations related to asset data reconciliation.

1.4 External Audit, Annual Report 2021 – Audit NZ are experiencing significant delays, no audit plan has been received, and there will be no pre-year end sample testing. This will require additional resource in September to meet the 31 October statutory deadline. We have been advised that this is the same for all councils.

1.5 External Audit, Long Term Plan 2021-31 - External Audit – A revised increased cost estimate for WWL, has resulted in a delay to the LTP Consultation, and the audit opinion is expected to include an emphasis of matter paragraph. Other than the Waimea Water Limited (WWL) matter, the audit progressed smoothly, with no significant issues raised.

1.6 Previous Auditor Recommendations – there has been some progress to implement these, these will be progressed during 2020-21.

1.7 Cybersecurity – A review is in progress, scope attached. (Attachment 1).

1.8 MAGIQ – the future of the Council’s Financial Management System is under review as part of the digital transformation strategy, included in the proposed Long Term Plan (LTP) from 1 July 2021.

1.9 Sensitive Expenditure – a transaction review was performed for six months to 31 December 2020, along with review of benchmark data. Overall results are positive, however, there is room for improvement. The current policy has been redrafted and checked against the latest best practice guide, pending final review.

1.10 Procurement – Since the approval of the Procurement Policy, work has continued on developing a suite of contract templates, forms and intranet documentation to assist in providing consistent procurement practise across Council, and a level of clarity for our contractors/suppliers. A purchase order terms and conditions has also being developed, which will become the Council’s default terms for the purchase of goods/services.

1.11 Taxation - Finance continues to work with PricewaterhouseCoopers (PwC), the annual tax update. (Attachment 2).

1.12 Refuse Centre Review – review completed and draft report received. Management will consider recommendations and the report will be finalised.

2 Draft Resolution

That the Audit and Risk Committee:

1. receives the Internal Audit Update Report.

3 Purpose of the Report

3.1 The purpose of this report is to update the Audit and Risk Committee (ARC) on the status of Internal Audit within the Council. It is also an opportunity for the Committee to provide feedback or suggest focus areas for the Internal Audit Plan 2021.

4 Background and Discussion

Reference	Progress since the last Committee Meeting
1	Review Internal Audit Plan
1.1 1.2 1.3	Regular ongoing work: · Responding and reporting on emerging audit risks associated with the Annual Report (section 2); · Review and implementation of previous recommendations (section 3 below); · Taxation (section 8, included FBT audit in 2020, and a GST audit in 2021); and · Sensitive expenditure. Specific additional internal audit planned 2020-21 (as presented at the December 2020 ARC meeting) · Refuse centre charging - audit completed, section 9. · Cyber Security – audit in progress, (section 9). 2021-22 plan · Risk- assurance map, once the risk identification, is complete; · Fraud risk assessment; · Procurement – review of implementation against the policy; · Review of controls over consents issued to Council; and · Asset data improvements related to Audit NZ findings. It was suggested that a risk-assurance mapping exercise is completed. Work has commenced in this area. A register is being created of relevant audit and assurance matters; this will then be mapped to the Risk Register. Once the risk identification and the assurance map has been completed a risk-based Audit Plan will be developed.
2	External Audit Update –
2.1	Management Letter Annual Report 30 June 2020 ‘Report to the Council on the audit of Tasman District Council’ The draft audit management letter was received on 1 March 2021, the final report will be tabled at this Committee, if available. Key points: · Audit NZ issued unmodified audit opinion dated 18 December 2020, on the Annual Report 30 June 2020, with an emphasis of matter regarding the impact of the Covid-19 Pandemic; · One urgent recommendation related to overpayment to Councillors (refer to the 2 December ARC meeting); · Five recommendations related to Assets – Property, Plant and Equipment; and · One recommendation to improve debt collection process (beneficial). Management responses, including planned actions are included in the report.
2.2	Long Term Plan (LTP) 2021-31 The LTP consultation document was due to be adopted by the Council on 25 February 2021, however, due to the WWL cost overrun announced on 25 February, it was agreed with Audit NZ this needed to be reflected in the LTP budgets. Other than the WWL matter, the audit progressed smoothly with no significant audit issues raised. The consultation document is now scheduled to be adopted at the 18March Full Council Meeting, with the final LTP 2021-2031 to be adopted on the 30 June 2021. The audit opinion is expected to include an ‘Emphasis of Matter’ paragraph regarding the Waimea Water Ltd cost assumptions, along with one on the water reforms.
2.3	Audit Plan 2020-21 Audit NZ is experiencing significant delays due to the effect of the additional work from Covid-19 on both the 2020 Annual Reports, and the LTP audits, which are currently in progress. As a result, the Audit Plan has not yet been received. This sets out the key focus areas and risks, along with the proposed audit timetable. Audit NZ have communicated that: - Audit plan is expected to be received end of April 2021; - An interim audit is expected to occur in late May 2021 to review systems and controls, however a firm commitment of dates is not possible; and - It is likely there will be no pre-year end sample testing, which is similar to other councils. Audit focus areas are expected to be: - Management over-ride of controls (this is mandatory per the auditing standards); - Land and buildings valuation 2021; - Waimea Water Ltd accounting treatment, including accounting for the forecast cost overruns. *Pre-year end testing is normally completed in April – June. The absence of this increases the volume of audit work in September. Audit NZ will assign additional audit resource and will be assigned to meet the statutory deadline, 31 October 2021. This creates a challenge for the Finance section, in terms of the increased workload in September.
3	Previous Audit NZ Recommendations
3.1	A Sensitive Expenditure Policy The Office of the Auditor-General issued a new Sensitive Expenditure guide in October 2020, which the Finance section reviewed against the Councils’ policies. A full update of the policy and guidelines has been drafted. This is pending review and approval. The guidelines provides further detail and clarification, with no substantial changes to current practice. An update will be provided at the next Committee meeting, June 2021.
3.2	Training on Bribery and Corruption. The Serious Fraud Office has produced a training webinar on anti-corruption training, relevant to the Council staff and elected members. Finance found this to be beneficial. This is mandatory for all staff. A Fraud Risk Assessment will be included in the 2021-22 Internal Audit work programme. Next steps are to ascertain whether all staff have viewed the webinar and consider further training needs.
4	Cybersecurity
4.1	Cybersecurity Review Cybersecurity is a high priority to the Council, and has recently appointed a dedicated Cybersecurity Manager. A cybersecurity review is currently in progress, by Crowe (formally Crowe Horwath). The scope of the review is attached. The review will evaluate the maturity of the Council’s processes, policies, procedures, governance and other controls relative to the US National Institute of Standards and Technology (NIST) Cybersecurity Framework. The review will identify areas for improvement and provide recommendations to address the areas identified. An external vulnerability assessment is also being completed as part of this. The final report is expected late March 2021, and will be presented at the next Audit & Risk Committee meeting.
5	Assessment of the current Financial Management Information System - Issues and Risks
5.1	The risks and issues have been addressed, in respect to maintaining a reasonable level of internal control. The future of MaqiQ will be reviewed as part of the digital strategy and any material changes will be considered as part of the Digital Innovation Programme included in the LTP proposals are executed. The Corporate and Governance Services Manager has reported that the Council through the Regional Council Collaboration Group (ReCoCo) is participating in a shared financial systems implementation feasibility assessment. This assessment will assist the Council in its future decision making around the functional requirements for a replacement Financial Management Information System. Internal audit will continue to monitor and report against the MagiQ issues and risks.
6	Sensitive Expenditure Review of Transactions
6.1	The Finance section conducts regular reviews of Sensitive Expenditure to ensure policies have been complied with, including the ‘one up’ approval process and expenditure is prudent. An internal review of sensitive expenditure including travel, credit cards and employee expense claims for six months to 31 December found: - Majority of expenses had good audit trail, including the descriptions being entered into the accounting system to allow more effective analysis to occur. - Travel and accommodation was booked via Orbit, the Council’s preferred supplier. - Occasional missing Tax Invoices due to receipts being lost. - Occasional descriptions, in particular on Purchase Orders of Councilors, were lacking detail. These will be followed up with the relevant staff raising and approving the orders. - Prudence –limits on spend e.g. lunches, are provided to staff on request and discussed what is reasonable in training, including inductions and team leader training. All expenses appeared to be prudent, and within reasonable limits. A meeting was held with Orbit, the preferred travel supplier to discuss process, in particular ensuring value for money. Dashboards were also shared which showed: - Hotels – Council average $134 per night vs Orbit Average of $139. - Days in advance (14 days+ is best value for money) – Council bookings over 14 days were 63%, compared with 61% across Orbit, providing a good base, yet with room for improvement. This indicates that the Council is buying reasonably well. Generally, flights are booked in advance via Orbit. Benchmarking provided and we are doing better than the average business in terms of pre-booking to achieve best value for money. There was travel by Councilors that staff booked less than 14 days in advance including occasional same day travel. Outcomes - Need to complete the update of Sensitive Expenditure Policy and guidelines - Reminder to all Staff and Councilors of the need to keep receipts, and to take a photo as soon as they receive the receipt. - Reminder to staff to record the business purpose in credit cards. - Reminder to book at least 14 days in advance.
7	Procurement
7.1	Since the approval of the Procurement Policy, work has continued on developing a suite of contract templates, forms and intranet documentation to assist in providing consistent procurement practise across the Council, and a level of clarity for our contractors/suppliers. A purchase order ‘terms and conditions’ is also being developed, which will become the Council’s default terms for the purchase of goods/services. A review of Council’s financial delegations has also been conducted (with a focus on those financial delegations under $20k) and the proposed changes will soon be sent to Chief Executive for approval. Following approval, the delegation limit changes will be updated in MagiQ. Refer to Governance Update Report.
8	Taxation
8.1	The Council has a low-risk appetite in regards to taxation matters. The Councils Annual Tax update provided by PricewaterhouseCoopers (PwC) is attached, attachment 1, this includes: - Tax Governance and Risk Management; - A summary of significant work undertaken with Council in the year ended 30 June 2020; - Tax strategy for to 30 June 2023; - Tax developments. Management also received the finalised PwC report on the Council’s compliance with Fringe Benefit Tax (FBT). The report found that overall the Council has a very high level of FBT compliance and actively ensures it is paying the right amount of FBT, which allowed PwC to focus on key areas during their review. An action plan was provided to the Finance section, which is currently being implemented. There were no areas of high risk identified. Medium risk actions relate to motor vehicles, as previously reported to the Audit and Risk Committee, and broadband reimbursements. The full report is available to Committee members on request. The Corporate and Governance Services Manager in conjunction with Nelson City Council and Port Nelson Ltd have agreed to authorise an application to the IRD for a binding ruling on aspects of the Holding Company proposal, particularity equity release.
9	Refuse Centre Audit
9.1	Crowe conducted an internal audit review of charging at refuse centres. Several recommendations were raised which internal audit shall review progress against. The key findings were: · Each operator does not have an individual profile on the POS System; · Selection on POS System for payment of fees via EFT-POS is not automated between POS System and EFT-POS machine; · Public/Non-Commercial Customers have the option to choose to pay by either volume or weight. This could make analysis of trends for the TDC difficult as the TDC is charged by weight for waste removal; · Public/Non-Commercial Customers going over the weighbridge dump their waste first before paying; · Charges by volume or some materials, in which a degree of judgement is involved, is potentially not consistently applied across all operators; · Transactions for non-paying services such as recycling drop-off, not being logged on the odd occasion. Summary of the key recommendations are: · Consistent/mandatory use of weighbridge; · Each operator has a log in; · Automation of the POS system; · Analysis of data for trends. Detailed findings have been shared in a report to Management. Next steps are for the recommendations to be considered by Management and the report finalised.

5 Next Steps / Timeline

5.1 Key priorities for the next quarter are the Long Term Plan and preparing for the Annual Report for 2020-21. Also, continue to progress the matters above.

6 Attachments

1.⇩	Tasman District Council Cybersecurity Audit Scoping Document	13
2.⇩	Tasman District Council Tax Annual Update 2020	21

Tasman District Council Audit and Risk Committee Agenda – 18 March 2021

7.2 Risk Report

Information Only - No Decision Required

Report To:	Audit and Risk Committee
Meeting Date:	18 March 2021
Report Author:	Trudi Zawodny, Operational Governance Manager
Report Number:	RFNAU21-03-2

1 Summary

1.1 This report provides a summary of the Council’s key risks and the current risk profile of the Council.

1.2 The risk dashboard is provided in attachment 1.

1.3 There are 7 Strategic Risks. These are detailed in section 5

§ Climate Change	Cyber Attack
§ Disaster Event	IT Systems Availability and Performance
§ Growth	Service Delivery
§ Project and Programme Activity

1.4 There are 3 Organisational Risks. These are detailed in section 6

§ Pandemic	Council Decisions and Advice
§ Legislative Requirements

2 Draft Resolution

That the Audit and Risk Committee:

1 receives the Risk Report RFNAU21-03-2; and it’s attachment, the Risk Dashboard

3 Purpose of the Report

3.1 This report provides a summary of the Council’s key strategic and organisational risks and the current risk profile.

4 Background and Discussion

4.1 The Council monitors 4 risk types. These are:

Strategic	The risk of an event or impact that is external to the Council and could impact the organisation’s strategies and community objectives, included in the Long Term Plan and Annual Plan.
Organisational	The risk of an event or impact that is internal or external to the Council and could impact the whole organisation (such as health and safety)
Operational	The risk of an event or impact that is internal or external to the Council and could impact one or more Operational activity. Operational risks which are part of 'business as usual' operations will only be included in the Audit and Risk Report if they are determined significantly by the Leadership Team to be raised to a higher audience.
Emerging	Emerging risks are risks that may develop or which already exist and are difficult to quantify but may have a high consequence, high impact if they materialise. Emerging risks will require future analysis but their inclusion in Audit and Risk reporting is intended as a discussion topic, recognising further work and analysis is required.

4.2 The Council Risk Dashboard (attachment 1) provides a snapshot of all risks recorded in the Council’s risk registers. These are managed at a Departmental level.

5 Strategic Risks

5.1 Strategic Risks are defined as the risk of an event or impact that is external to the Council and could impact the organisation’s strategies and community objectives, included in the Long Term Plan and Annual Plan.

5.2 The 7 Strategic Risks which the Council are monitoring are:

5.2.1 Climate Change: Community expectations for the Council to respond to or mitigate anticipated climate change effects cannot be met due to resource and practical limitations resulting in reputational damage.

Management Response: This risk is early in its maturity and requires further analysis to fully understand the consequences of climate change to the Council if not managed appropriately (financial, economic, social, environmental). Further controls are also required; however, initial momentum has started with Council's Tasman Climate Action Plan 2019, zone changes in the TRMP and upcoming Tasman Environmental Plan, and Council's Infrastructure and Activity Management Plans.

The current risk rating remains high until additional controls can be considered and implemented so this risk can be brought within acceptable tolerance levels.

5.2.2 Disaster Event: Council's ability to respond to a disaster event (man-made or natural), and provide community services, is impacted due to human resource capabilities.

Management Response: The Council's organisation-wide business continuity plan is complete and was tested as part of the recent Covid-19 response and lockdown. Additional work is required to finalise and test business continuity plans for each functional area within the Council, which is a high importance control and will be revisited in 2021 by functional managers. An Earthquake Preparedness Plan is the current focus. Earthquake events are the most likely to create widespread disruption to the Council's services and impact on the number of staff who are available to work.

The overall residual risk rating remains within acceptable tolerance levels.

5.2.3 Growth: Growth in the region occurs quicker than planned which impacts the Council's finances and the ability to provide infrastructure and services to high growth areas.

Management Response: Growth and the ability to accurately model and plan for development in the region is a significant strategic risk for the Council and its delivery of services. A growth model is used to track actual and predicted development at least every three years. Additional controls include updated modelling data, which is intended to improve growth predictions along with close consultation with developers. While growth has outstripped predictions in recent years, the Council is comfortable that it is keeping pace with development and the installation of infrastructure.

Leadership discussion is required to establish a risk appetite for significant growth changes as there is no applicable appetite within the Council's risk appetite statement.

5.2.4 Project and Programme Activity: A lack of coordinated project and programme activity across Council results in incomplete projects and/or use of external funding.

Management Response: The Council has established a Programme Management Office, which coordinates the management of shovel ready projects and other Government-funded projects, post-Covid-19. Internal strategic projects may also be managed later. This new central group will contribute to PMO capacity and project management experience within the Council and will provide improved visibility of project activity. Once fully established and operational the PMO will reduce the risk rating to Low, however, the ongoing effectiveness of the PMO will need to be monitored.

5.2.5 Cyber Attack: An ineffective cybersecurity posture makes it easier for attackers to successfully breach Council systems, which could impact it financially, legally, operationally and damage our reputation.

Management Response: Through the Digital Innovation Programme, Council is taking a more strategic cybersecurity approach. This has resulted in the establishment of a Cybersecurity Manager role in 2021 that is now responsible for the creation and execution of a cybersecurity programme to foster an effective cybersecurity culture. Controls will include the adoption of a cybersecurity framework, a concerted and ongoing cybersecurity education programme, implementation of more advanced tooling to identify and eradicate vulnerabilities more quickly across all platforms, and targeted penetration testing including physical assets like our utilities. 2021 will be a mix of focusing on the long term and strategic level, but also putting in quick win controls.

The current risk rating is Moderate. This has increased since the previous report as a result of further analysis. Even though the programme is expected to be very mature by 2023, due to the ever-evolving cyber threat landscape, it may never be able to reduce the cyberattack risk to Low.

5.2.6 Service Delivery: The Council fails to meet public expectations in the delivery of services, which results in public dissatisfaction and reputational damage.

Management Response: Council's vision and the strategic outlook is outlined within the Long Term Plan and Annual Plan. Additional controls such as the newly established PMO along with the more proactive release of Council information through the website will assist in the communication of Council services and projects. Council's reputation is heavily influenced by the responsiveness of all staff to customer interaction.

The overall risk rating of Moderate remains within acceptable levels.

5.2.7 IT Systems Availability and Performance: The loss of availability or significant reduction in a system’s performance may render it ineffective in the delivery of service to one or many Council functions and therefore affect Councils ability to meet our staff and communities requirements.

Management Response: The existing control for this risk is the IT Transformation Business Case, which will deliver new digital channels and services needed to meet citizen’s demands and expectations, and the Council requirement for stable systems and platforms to help them manage their activities efficiently and effectively. The shift from traditional computing to Cloud Computing and alignment to Microsoft's public cloud infrastructure will address many of the typical availability concerns and risks. This enables services and staff to operate independently of the traditional data-centre.

While delivering services from the cloud and enabling users to operate from anywhere reduces availability risks, it does not fully alleviate them. The availability of cloud resources remains a risk. Highly redundant internet links, regional, national and international links are items necessary to further mitigate. With the heightened investment, we should be able to significantly reduce this risk item across the next 5 years. Heightened investment in IT platforms is required to achieve Public Cloud Computing, without it the likelihood of future failures remains.

The current risk rating is within tolerance levels and a shift to Cloud Computing will further lower the risk.

6 Organisational Risks

6.1 Organisational Risks are defined as the risk of an event or impact that is internal or external to the Council and could impact the whole organisation (such as health and safety)

6.2 The 3 Organisational Risks which the Council are monitoring are:

6.2.1 Pandemic - A pandemic occurs (that requires a regional response) resulting in staff absence which impacts council operations.

Management response: The central government and DHB guidance heavily influence this risk, however, the Council has an established pandemic plan that identifies essential and non-essential activities and how those activities should be managed during a pandemic (e.g. influenza, measles). Internal decisions will be made by senior leaders about the re-deployment of staff from non-essential areas to maintain essential services if required.

There are no further mitigations identified and the residual risk rating of Moderate remains outside of the Council's risk appetite recognising Council's low appetite for Health and Safety risk. This risk has been moved from the Strategic risk profile to the Organisational profile.

6.2.2 Council decisions and advice - Staff or Council make a decision or provide advice which may result in a challenge to that decision, including lodgment of legal proceeding.

Management Response: This risk depends on the robustness of the Council's statutory decision-making and the degree to which those receiving the advice or decision, or those affected by the decision. Council employing competent and qualified staff, having in place training and peer review processes, and ensuring adequate reasons are given and communicated to those affected, mitigates the risk. Further work is required to develop and analyse this risk.

6.2.3 Legislative requirements: Staff or Council fail to comply with legislative obligations, which expose the Council to litigation.

Management Response: This risk has many interdependencies and impacts across the Council, including financial, legal, environmental, or health and safety. Controls include further legal training in delegations, legal processes and government regulations, which will reduce the overall risk rating to Low and within tolerance levels.

The current risk rating is moderate, which exceeds the risk appetite of Low.

Attachments

1.⇩

Risk Dashboard

Tasman District Council Audit and Risk Committee Agenda – 18 March 2021

7.3 Governance Activity Report

Information Only - No Decision Required

Report To:	Audit and Risk Committee
Meeting Date:	18 March 2021
Report Author:	Trudi Zawodny, Operational Governance Manager
Report Number:	RFNAU21-03-3

1 Summary

1.1 This report covers a range of Operational Governance activities. The purpose of the Operational Governance function is to assist the Council to achieve its objectives by providing support in a number of areas including responding to LGOIMA requests, Risk Management Processes and Internal Policy Management.

1.2 Risks are covered in a separate report.

1.3 The Delegations Register was last published in December 2020, with the next version due for publication in end of March 2021.

1.4 LGOIMA requests for the 12-month period of July 2019 to June 2020 – 93% were answered within the statutory period. This is consistent with the previous reporting period.

1.5 Ombudsman Enquiries – At the start of February the Council had two investigations underway and one investigation pending with the Office of the Ombudsman. The Office had closed five investigations.

1.6 Privacy – there are no reported privacy breaches for the period from April to June.

2 Draft Resolution

That the Audit and Risk Committee:

1. receives the Governance Activity Report RFNAU21-03-3;

3 Purpose of the Report

3.1 This report provides a summary of the Council’s Governance activities for the period the 1 August to 31 January 2021

4 Background and Discussion

4.1 Delegations Register

The Delegations Register was updated in December 2020 with the following changes:

Part Two	· None
Part Three	· None
Part Four	· Sale and Supply of Alcohol Act s196 Power to carry out the function and duties as secretary of the District Licensing Committee (existing delegation not captured previously) · Schedule One (Financial Delegations) – added Cybersecurity Manager
Part Five	· CN20-10-23 – Updated Joint Councils’ Committee ToR’s

The next update to the printable Delegations Register will be made at the end of March.

4.2 LGOIMA/COMPLAINTS / OMBUDSMAN

The following data covers the period 1 August 2020 – 31 January 2021

Things to note:

§ There have been 122 LGOIMA requests. 6 remain open

§ 93% of LGOIMA requests were answered within the statutory timeframes.

§ 32 complaints were received, with 8 ongoing

§ 63% could be answered within the Policy timeframes.

§ 13 Ombudsman enquiries were opened and 2 remain ongoing

§ Extensions were applied to three cases, due to sourcing of documentation/extensive collation of information required.

During this reporting period, the three databases (LGOIMA/Ombudsman and Complaints) were transferred to Doris and merged into one database.

4.2.1 Response Times (Days taken to Complete)

LGOIMA requests should be responded to within 20 working days. Eight of these requests did not meet that target for the following reasons:

§ Two extensive collation –extensions were requested

§ One missing documents, which were not located – extension requested

§ One we did not provide all the information requested with no explanation, therefore the requester re-opened their enquiry

§ One misclassification – registered as a LGOIMA, whereas it was a complaint.

§ Three missed deadline with no explanation. 1 x 1 day, 1 x 2 days, and 1 x 9 days

4.3 Ombudsman Investigations Completed

Nature of complaint	Outcome
Withholding material	Council has agreed to release some redacted documents.
Failure to respond to LGOIMAs	Ombudsman found that we had not met our statutory obligations to respond to requests; we have complied with the direction to respond to his requests.
Menacing dog classification	Following our response on 21/11/2020, we have received no further communication from the Ombudsman. Assumed closed.
Withholding material and charging	Ombudsman found the charge was unreasonable and some information should be released. The charge was refunded and information released.
Ongoing dispute	Letter agreed with Ombudsman and sent. Complainant notified as unreasonable complainant – incoming emails are now forwarded to LGOIMA inbox.

4.4 Complaints escalated to the Chief Executive

4.4.1 In alignment with the Council’s Complaints Policy, complaints to the Chief Executive will only be considered once all opportunity for the complaint to be resolved by Council Officers has been exhausted. Complaints received directly to the CE, which have not been previously considered by a Council Officer, are not reported here.

4.4.2 Four investigations are underway (two of them are counter complaints against each other)

4.4.3 The following complaints have been closed:

Nature of complaint	Outcome
Historic building compliance (own property)	Responded reiterating the previous position.
Drainage (own property)	Responded reiterating the previous position. Referred complainant to MBIE.
Building consent (own property)	Responded reiterating the previous position, and repeating offers to meet with complainant.
Non-notified building consent (neighbours property)	Responded that we considered our actions appropriate. An Ombudsman investigation has been initiated.
Monitoring of Resource Consent (neighbours property)	Responded reiterating the position that we are satisfied with actions taken by the landowner. Ongoing correspondence with LT member.
Threat to a staff member	Confidential.
Committee decision	Response provided. The Complaint has been escalated to a local member of parliament.

4.5 Privacy

There have been no privacy breaches reported for the quarter of October to December

4.6 Policies

The following new internal policies have been approved:

Policy Name	Date Approved
Birthday Leave	July 2020
E-Bike Policy	August 2020
Remote Working Policy	August 2020
Unreasonable Complainant Policy	August 2020
Procurement Policy	October 2020
Body Worn Video Camera	November 2020

4.7 Update on Audit and Risk Committee Review

4.7.1 The Charter and Terms of Reference have been adopted and published on the public website. They will be included in the next update to the Delegations Register

4.7.2 The number of meetings has been increased from four to five. Due to the schedule for 2021 already being published, we have locked in the date for the Annual Report review, rather than it being optional, and created the option for an extra (sixth) meeting if required.

4.7.3 The Position Description for the Independent Chair has been confirmed and the recruitment process has commenced.

4.7.4 The proposed work-plan is being socialised with contributors and the Committee should start to see additional reports coming through.

5 Next Steps / Timeline

5.1 The key priorities for the next quarter are:

5.1.1 Review of the reporting to the Standing Committees.

5.1.2 Review of the Commercial Committee

5.1.3 Implementation of agreed changes to delegations for Community Boards

Attachments

Nil

Chairperson	Cr D Ogilvie	Cr C Mackenzie
	Cr T Walker
	Cr C Hill	Mr G Naylor

In Attendance:	Mike Drummond (Corporate & Governance Services Manager)	Janine Dowding (Chief Executive)
	Christina Ewing (EA to the CGSM)	Matt McGlinchey (Finance Manager)
	Charlotte Thomas (Senior Accountant)	Trudi Zawodny (Operational Governance Manager)