Audit and Risk
Committee
Agenda – 01 October 2025
6 Reports
6.1
Risk and Assurance
Information Only - No Decision
Required
|
Report
To:
|
Audit
and Risk Committee
|
|
Meeting
Date:
|
1
October 2025
|
|
Report
Author:
|
Amy
Clarke, Acting Assurance & Improvement Manager
|
|
Report
Authorisers:
|
Joanna
Cranness, People and Wellbeing Manager
|
|
Report
Number:
|
RFNAU25-10-1
|
1. Summary
/ Te Tuhinga Whakarāpoto
1.1 This report and
attachments outline key risk and assurance activities for Q1 2025/26. Strategic
risks remain prominent, with financial sustainability rated Very High and
recent flooding events underscoring the interconnected nature of
Council’s risk profile.
1.2 Assurance
activities focused on governance and service delivery, with audits such as the
Harakeke CRM review identifying both strengths and areas for improvement.
1.3 A refreshed
reporting format now supports clearer tracking of progress and challenges
across Council’s risk and assurance landscape.
2. Recommendation/s
/ Ngā Tūtohunga
That the Audit and
Risk Committee
1. receives the Risk and Assurance report RFNAU25-10-1.
3.1 The Quarterly Risk Report (Attachment
1) for Q1 2025/26 highlights the continued prominence of strategic risks,
particularly financial sustainability, which remains rated as Very High. The
June/July 2025 flooding events were a defining feature of the quarter, testing
Council’s disaster preparedness and highlighting the interconnected
nature of strategic and operational risks. These events have led to increased
infrastructure maintenance needs, financial strain, and broader economic
disruption, reinforcing the importance of resilience-building and sustainable
recovery planning.
3.2 Operational
risks also remain significant. The report notes that many risks are
longstanding and increasingly interlinked, with external stressors such as
extreme weather amplifying vulnerabilities.
3.3 Additionally,
the report introduces improvements in risk reporting through SharePoint and
Power BI, aiming to enhance transparency and reduce manual processes. A
strategic risk review and further deep dives are planned to support ongoing
maturity in risk management.
4. Strategic Risks Deep Dives
4.1 In response to a request from the Audit
and Risk Committee, Strategic Risk Owners have been invited to attend ARC
meetings to present and discuss their respective risks. This quarter, the focus
will be on the Financial Strategic Risk (Attachment 2) and Health and
Safety Strategic Risk (Attachment 3). Summaries of each are attached to
provide additional context and background.
5.1 The Quarterly
Assurance Report (Attachment 4) for Q1 2025/26 provides an overview of
completed, ongoing, and planned audits and reviews across Council, with a focus
on strengthening governance, systems, and service delivery.
5.2 Key highlights
include the Independent Quality Assurance review of the Harakeke CRM project (Attachment
5), which identified both strong leadership and areas for improvement, and
the ongoing implementation of recommendations from audits such as LIM,
Aerodrome Assessments, and Procure to Pay. The report also outlines upcoming
assurance activities including external audits and an integrity survey led by
Audit New Zealand.
5.3 The attached
report introduces a refreshed format for quarterly Assurance Reporting,
designed to support more efficient circulation and consideration by ELT, ARC,
and, where required, Council.
|
1.⇩
|
Quarterly
Risk Reporting - Q1 25-26
|
6
|
|
2.⇩
|
Financial
Strategic Risk Summary
|
15
|
|
3.⇩
|
Health and
Safety Strategic Risk Summary
|
20
|
|
4.⇩
|
Quarterly
Assurance Reporting - Q1 25-26
|
25
|
|
5.⇩
|
CRM IQA
Review Summary
|
31
|
Audit and Risk Committee Agenda – 01 October 2025
6.2 Internal Audit Charter and Plan
Information Only - No Decision
Required
|
Report
To:
|
Audit
and Risk Committee
|
|
Meeting
Date:
|
1
October 2025
|
|
Report
Author:
|
Amy
Clarke, Acting Assurance & Improvement Manager
|
|
Report
Authorisers:
|
Joanna
Cranness, People and Wellbeing Manager
|
|
Report
Number:
|
RFNAU25-10-2
|
1. Summary
/ Te Tuhinga Whakarāpoto
1.1 This paper presents an updated Internal
Audit Charter (Attachment 1) and Internal Audit Plan (Attachment 2).
The documents have been developed to reflect current expectations of internal
audit, strengthen alignment with Office of the Auditor-General (OAG) guidance
and ISO standards, and ensure a practical and fit-for-purpose approach
appropriate to Tasman District Council’s size and maturity.
1.2 The Committee is asked to endorse the Charter and Plan, ahead of
them being submitted to Council for final approval.
2. Recommendation/s
/ Ngā Tūtohunga
That the Audit and Risk Committee
1. receives the Internal Audit Charter and Plan report RFNAU25-10-2; and
2. supports the Internal Audit Charter and Internal Audit Plan.
Recommendation to the Tasman District
Council
That the Tasman District Council
1. approves
the Internal Audit Charter and Internal Audit Plan.
3.1 Tasman District Council is committed to
improving its internal assurance and risk management practices. As part of this
effort:
· An updated Internal Audit Charter has been drafted to align with
best practice standards (Office of the Auditor-General, ISO 19011, Institute of
Internal Auditors), while being practical and understandable for a smaller
organisation.
· A new Internal Audit Plan has been developed, based on
Council’s strategic risks, known areas of concern, and available
resources.
3.2 Both documents
support the assurance and oversight role of ARC and Council, while promoting
transparency, accountability, and continuous improvement.
4. Internal Audit Charter
4.1 The revised Internal Audit Charter
replaces the previous version approved in May 2020. While many of the
principles remain aligned, the new Charter reflects improvements in clarity,
structure, and relevance for Tasman District Council today.
4.2 Notable changes include:
4.2.1 Plain English and Practical Focus: The Charter is more
accessible for managers and staff, particularly those unfamiliar with internal
audit concepts.
4.2.2 Updated Roles and Responsibilities: Clearer articulation of
the responsibilities of Internal Audit, the Executive Leadership Team (ELT),
Chief Operating Officer, and ARC.
4.2.3 Strengthened Independence: Dual reporting lines, safeguards,
and professional standards are outlined to ensure objectivity despite
organisational constraints.
4.2.4 Scope and Access Rights: Clarifies Internal Audit’s
authority to access systems, data, and personnel.
4.2.5 Connection to Internal Controls: Explains how internal audit
supports compliance with legislation, regulations, contracts, and external
standards.
4.2.6 Reference to the Three Lines Model: Introduces and explains
the Three Lines Model with a diagram to show the role of internal audit within
wider governance.
4.3 A tracked change
version has not been provided due to significant formatting and structural
differences between the 2020 and 2024 versions.
5.1 The attached Internal Audit Plan
outlines the proposed reviews for the 2024–25 and 2025–26 financial
years. The plan reflects:
· Current resource levels, while retaining flexibility to undertake
additional reviews if needed.
· Alignment to strategic risks, with a mapping of audits to
TDC’s top risks (e.g., financial sustainability, disaster event
preparedness, data and systems resilience).
5.2 The audit
approach balances improvement and assurance, and encourages a proactive,
non-punitive culture of learning and accountability.
6.1 Endorsement by the Audit and Risk
Committee is sought at this meeting.
6.2 Council approval will be sought
following ARC endorsement.
6.3 Internal audit
activities will continue as per the approved plan and updates will be reported
back to ARC regularly.
|
1.⇩
|
Internal
Audit Charter - DRAFT
|
37
|
|
2.⇩
|
Internal
Audit Plan - DRAFT
|
42
|
Audit and Risk Committee Agenda – 01 October 2025
6.4 Report on the 2024-2024 Long Term Plan Review
Information Only - No Decision
Required
|
Report
To:
|
Audit
and Risk Committee
|
|
Meeting
Date:
|
1
October 2025
|
|
Report
Author:
|
Pip
Jamieson, Principal Planner - Strategic Policy
|
|
Report
Authorisers:
|
John
Ridd, Group Manager - Service and Strategy
|
|
Report
Number:
|
RFNAU25-10-4
|
1. Summary
/ Te Tuhinga Whakarāpoto
1.1 This report
provides background to the review of the 2024-2034 Long Term Plan which was
undertaken from August 2024 through to March 2025, a summary of the review
recommendations, and an outline of the plan to address the recommendations.
1.2 The report also
highlights the recommendation to review an appropriate role for the Audit and
Risk Committee in relation to the Long Term Plan.
2. Recommendation/s
/ Ngā Tūtohunga
That the Audit and Risk Committee
1. receives the Report on the 2024-2024 Long Term Plan Review (LTP)
report RFNAU25-10-4; and
2. notes the future Long Term Plan recommendations outlined; and
3. notes the recommendation to review an appropriate role of the Audit
and Risk Committee including an early workshop to establish their role in the
Long Term Plan process for example:
3.1 reviewing
preliminary assumption; and
3.2 reviewing the
draft Consultation Document; and
3.3 reviewing the
supporting documents prior to Audit NZ commencing their review.
3. Purpose
of the Long Term Plan Review
3.1 After the
adoption of the 2024-2034 Long Term Plan (LTP) on 27 June 2024, the Council
engaged the firm Localise to review the LTP documents and process to be able to
improve the design and planning for the next LTP. The objectives of the review
were to:
3.1.1 reflect the community’s aspirations and to manage risk;
3.1.2 enable the Council to consider needs and preferences of
different community groups;
3.1.3 effectively support the Council in strategic decision-making
and civic leadership;
3.1.4 ensure integration and line-of-sight from vision to assets,
services and financial forecasts; and
3.1.5 provide user-friendly narrative with right-sized documentation
that avoids unnecessary low value detail.
4.1 The LTP review
was conducted between August 2024 and March 2025 involving:
4.1.1 compilation of key background information
(legislative requirements, existing processes, documents);
4.1.2 stakeholder surveys, interviews (telephone,
online) with the Motueka and Golden Bay Community Boards, Community
Associations, Youth Council, Chamber of Commerce, Institute of Directors
Regional Committee, Nelson City and Marlborough District Councils, Audit NZ and
Nelson Regional Development Agency;
4.1.3 Te Rūnanga of
Ngāti Kuia, Te Rūnanga o Ngāti Rārua;
4.1.4 staff feedback and an ideas board;
and
4.1.5 workshops with the Council’s
Executive Leadership Team (ELT) and the Council.
4.2 The
review considered four key aspects:
4.2.1 narrative, process design and management;
4.2.2 engagement, consultation and associated
communication;
4.2.3 purpose, strategic direction and
prioritisation; and
4.2.4 documents and key inputs
4.3 Staff
have developed a proposed plan, structure and timeline in order to progress the
recommendations from the review. This has been considered by relevant managers
and the Executive Leadership Team, with the final plan approved and Project
Management Office resource has been engaged to help manage this process.
4.4 Establishment
of the appropriate members for roles on the LTP review project has taken time
as workloads have been adjusted to enable focus on the work.
4.5 The
final plan and structure are outlined under 10.
5.1 The review noted
commitment of the Council, ELT, Managers and Council staff to effective long
term planning, clearly evident genuine community engagement and that the LTP
process is highly intensive requiring substantial effort.
5.2 The Review
identified areas for improvement with the LTP process and documentation:
5.2.1 A highly intensive process requiring
substantial effort and starting late;
5.2.2 uncertainty if the result is commensurate
with the effort required;
5.2.3 engagement information not always fully
integrated into work programmes;
5.2.4 iwi not always being recognised as partners;
5.2.5 not all the key choices in the Consultation
Document being fully considered;
5.2.6 overwhelming and unclear information
presentation with unclear linkage to objectives and financial implications;
5.2.7 unclear role boundaries and
responsibilities;
5.2.8 an unhelpful narrative leading to the
Council not providing vision and strategic priorities;
5.2.9 confusion of the purpose of Activity
Management Plans (assets or activity focused)
5.2.9.1 time consuming to produce and repetitive
content;
5.2.9.2 not always meeting the standard for traditional
asset management plans; and
5.2.9.3 not fully understanding assets resulting in
inappropriate planning and investment.
5.2.10 not fully aligning aspirations with affordability;
5.2.11 hurried preparation of the accompanying documents;
5.2.12 lack of full clarity of the impacts and consequences of
Levels of Service and the measures;
5.2.13 overwhelming activity budget information not always
being considered collectively;
5.2.14 specific financial factors identified were:
5.2.14.1 moving away from a balanced budget;
5.2.14.2 not identifying all of the funding gaps
between LTPs;
5.2.14.3 parameters for budget managers not fully
clarified;
5.2.14.4 exception budgets not always being
reinforced;
5.2.14.5 total budget options not being considered
collectively or linked to strategic objectives; and
5.2.14.6 financial modelling taking time to
develop meaningful options.
6. Key Review Recommendations
6.1 Twenty two
recommendations were made, and grouped around four focuses:
Narratives, process design and
management
6.2 Adaptions to timing of LTP processes,
resourcing, resetting the narrative about LTPs, clearer LTP governance
structures, addressing accountabilities, greater risk management and
partnership with iwi.
Engagement, consultation and associated
communication
6.3 Continuing good outreach, integrating
results of early engagement feedback and improving the process for identifying
key questions in the Consultation Document.
Purpose, strategic direction and
prioritisation
6.4 Clearly engaging and agreeing on the
purpose and benefits of the LTP, undertaking a series of steps early in the new
triennium for the Council visioning and strategy process, mapping activities
against community outcomes and strategic priorities, preparing baseline budgets
to identify underlying financial shortfalls and providing clear guidance and
instructions to budget managers prior to preparing baseline budgets.
6.5 Not entering new costs into first cut
budgets without Executive Leadership Team sign off, identifying and scheduling
key service reviews, Executive Leadership Team and the Council taking a strong
leadership approach in balancing strategic choices and affordability,
developing templates for an ‘activity compendium and workshop
presentations.
Documents and key inputs
6.6 Considering options to improve financial
modelling capability and resourcing, retiring the current Activity Management
Plans to create traditional asset management plans and streamlined activity
statements for all activities, restricting the LTP documents into a shortened
Volume One with Volume Two for rates and financial information and Volume Three
for all the remaining policies and assessments as required.
7. Review Recommendations on the Audit and
Risk Committee
7.1 A recommendation
for greater risk management proposed a workshop be held with the Audit and Risk
Committee to establish their role in the LTP process. Potential areas where the
Committee might be involved are:
7.1.1 reviewing preliminary assumptions; and
7.1.2 reviewing the draft Consultation Document
before it goes to Audit NZ to review.
8. Future Business State Outcomes
8.1 The following
outcomes are anticipated as a result of implementing the recommendations from
the LTP review:
8.1.1 an effective ongoing
process of hearing from the community;
8.1.2 continuous
improvement of reliable, high-quality data and information;
8.1.3 strategic and
systemic asset management;
8.1.4 clear strategic
priorities, budgets and organisational structure;
8.1.5 appropriate revenue
generation and utilisation of resources and expertise; and
8.1.6 clear policies to
ensure work programmes and ways of working across Council will effectively
achieve stated outcomes.
9. Agreed Purpose of the Long Term Plan
9.1 As a result of the LTP review
highlighting the need for the ELT to agree and then communicate clearly, what
the purpose of the LTP is, the following definition was agreed:
A clear line
of sight from community outcomes to priorities, to activities and resourcing.
9.2 It
was also agreed that the aim of implementing the recommendations from the LTP
review could be summarised as a process that delivers a product – with
two focus areas:
9.2.1 a process – cyclical, ongoing process of change,
improvements, and financially sustainable business as usual, that produces -
9.2.2 a product – documentation of a
clear line of sight from community outcomes to priorities, to activities and
resourcing. That includes key objectives and how they are achieved across 10
years, levels of service, key products, financial impacts, and funding
approaches.
10. Plan
to Address Recommendations
10.1 A plan to implement recommendations from the review
has been agreed by the ELT, addressing four key focus areas:
10.1.1 narrative and unclear purpose;
10.1.2 financial understanding, accountability and
modelling;
10.1.3 asset and activity management, levels of
service and measures; and
10.1.4 workloads, communication and information
presentations.
10.2 Key project teams, each with a project lead, have
been established and their work plans, actions, timelines have been
confirmed. The project teams are:
10.2.1 Infrastructure Planning;
10.2.2 Delivery;
10.2.3 Directions;
10.2.4 Information and Data; and
10.2.5 Engagement and Communications, which is to
be considered and integrated across all the project teams work.
10.3 A project team, steering group and a sponsor have been established
with agreed terms of reference and a dedicated project manager from the
Projects Management Office has been assigned to manage the actions of each
project team, report to project team meetings, the LTP Review Steering Group,
and to administer Project and Steering Group meetings.
10.4 Progress of the LTP Review is now considered as one
of the six programmes of work within the Council’s key portfolio
“Planning the Future”.
10.5 The progress of this portfolio is reported to the ELT monthly along
with the other three portfolios (Financial Roadmap, Digital Improvement
Program, Local Water Done Well).
11.1 Monthly reporting to the ELT on the progress of the
Planning the Future portfolio (including the LTP) will continue.
11.2 The
recommended workshop with the Audit and Risk Committee regarding their role in
the LTP has been scheduled for 1 October 2025 with a focus on:
11.2.1 the Audit and Risk Committee’s role
with Audit NZ;
11.2.2 risk assessment and management;
11.2.3 review of the preliminary assumptions; and
11.2.4 review of the draft
Consultation Document before it goes to Audit NZ to review.
11.3 Following
the workshop staff will incorporate feedback into a draft terms of reference
and prepare reporting for future Audit and Risk Committee meetings as
appropriate.
|
1.⇩
|
Long Term
Plan Review Report Final April 2025
|
66
|
