This is Page 2 of the Minutes of the Audit Committee Meeting of The Hills Shire Council held on 21 November 2019. This is Page 3 of the Minutes of the Audit Committee Meeting of The Hills Shire Council held on 21 November 2019. This is Page 4 of the Minutes of the Audit Committee meeting of The Hills Shire Council held on 21 November 2019.
This is page 5 of the minutes of the Hills Shire Council Audit Committee meeting held on 21 November 2019. This is page 6 of the minutes of the Hills Shire Council Audit Committee meeting held on 21 November 2019.
AUDIT COMMITTEE MEETING 18 JUNE, 2020
Internal Audit Report
Period from 1 January to 28 February 2020 (Quarter 1)
Contents
Section A: Executive Summary
Section B: Internal audit Update
B.2 .1 THSC Governance Framework (Health)
Findings Self-assessments using the LGMA/ICAC and AO checklists show a significant improvement in the Council's governance framework/processes from 2018/19. Providing Code of Conduct training in 2019 to all staff to support the Council adopted Code of Conduct. Formalizing the Council's risk management framework with the adoption of an enterprise risk management policy, risk appetite statement, guidance and training.
Including the Council's adopted values in the Council's code of conduct and other relevant documents, including position descriptions and assessment of the extent to which these values are incorporated into daily actions. Relevant leaders have identified strategies that can be implemented throughout 2020 to improve the Council's governance framework.
B.2 .2 Fees and Charges Review
IT ERM Controls Review
As part of the risk assessment process, the team identifies the controls in place to mitigate each identified risk and evaluates those controls resulting in a residual risk assessment. In relation to the above risks, 15 controls were identified in the ERM system of which: 8 were assessed as "very effective" and supported; 6 are rated as. In general, the controls identified in ERM as "highly effective" (and decisions about reliance on those controls) appear to be accurate and reasonable.
Conclusion The assessment of the controls that the Board relies on to mitigate its IT risks appears to be reasonable. Satisfactory The assessment of the controls that the Board relies on to mitigate its IT risks appears to be reasonable.
B2.4 Other audit activities undertaken by Internal Audit in the period
Section C: Governance Update
Better practice/Investigation reports etc. and other information released by the Councils regulatory bodies in the period
C1. External Audit (Audit Office)
C2. Independent Commission against Corruption (ICAC)
C3. Office of Local Government (OLG)
ATTACHMENT 3
Period from 1 March to 15 May 2020 (Quarter 2)
For the committee's information, the following management actions have taken place in the period since the latest internal audit report. As outlined in the report to the Council on 14 April 2020 (Appendix 1), the COVID-19 pandemic has had an impact on the Council's operations and finances. As outlined in the report, the General Manager and Executive Council activated the Business Continuity Plan in March 2020 to minimize this impact and implemented an approach to maintain services as close to normal as possible.
As the Council's IT systems have been able to support a mobile workforce, key controls remain in place throughout this period (with minimal workarounds). To support the Government at this time, ICAC published its paper Tackling Corrupt Behavior During the COVID-19 Outbreak in April 2020, with the aim of raising awareness of fraud and corruption issues experienced in previous periods of economic downturn. As outlined in B2.2, the Council's risk has been largely mitigated, as have the above measures.
OLG Discussion Paper Update - As previously reported to the Audit Committee, THSC responded to the OLG Discussion Paper: New Risk Management and Internal Audit Framework for Local Councils in NSW in January 2020. In recent dialogue with the OLG, they confirmed that As when local elections were postponed due to COVID-19, it was also the start date of the new risk management and internal audit framework. In summary, the timing of many audits has been changed to reflect the impact of the pandemic on the Council's operations (e.g. IT systems access maintenance/audit has been postponed).
Carrying out these audits at a time when there was already too much pressure on the Council's operations was deemed unreasonable and alternative timeframes were agreed with the operation. The publication of the aforementioned ICAC report led to the development of a set of analytical audit procedures that are performed to review the effectiveness of key controls in a timely manner. Some key controls do not exist or are not being implemented properly, and there are opportunities for improvement with high risk.
B.2 .1 Gap Analysis: AO Report on Local Government Report 2019
The outstanding recommendations documented in the 2019 THSC management letter were also followed up with the relevant managers to determine their current status. Strengths • The Council has an experienced and knowledgeable finance team and the process of preparing the Council's financial statements is efficient – this results in the external financial audit being undertaken in early July. The Board has a formalized legal compliance framework in place which is reported to its Audit Committee.
Key components of this framework are the Corporate Counsel and the legal compliance database administered by Risk Management. An independent review of access to key systems is undertaken annually and reported to the Audit Committee. Develop exception reports for changes to employee master files and accounts payable (including bank accounts) distributed weekly.
The Office of Local Government under the Department for Planning, Industry and Environment should develop a cyber security policy by 30 June 2021 to ensure a consistent response. Of these recommendations, the Council's review panel does not currently reflect 'best practice' in practice or composition. A review of the outstanding recommendations in the AO THSC management letter indicated that the Council is currently developing a rate master file exemptions report and that this recommendation is currently outstanding.
The composition and functions of the Council's Audit Committee have been reviewed in detail by the Council and the Audit Committee. To date, implementation of an ARIC will occur when the Council is legally required to do so. Satisfactory Council has addressed most of the recommended actions identified in the audit offices report.
B.2 .2 ICAC Report: Managing corrupt conduct during the COVID-19 Outbreak, April 2020 Audit Number 6
Recruitment and Terminations
The main objectives of this review were to ensure that the Council's recruitment and termination practices are efficient, effective and economical, reflecting legislative requirements and Council best practice. Recruitment has been identified as high risk by ICAC; and a medium risk within the Council's ERM system (R000133- The recruitment process is not appointed on the merit or suitability of the organisation) - in February 2020. It is essential that favouritism, nepotism and other conflicts of interest do not influence the recruitment and selection processes .
Improper recruitment and selection may constitute corrupt conduct as defined by the Independent Commission Against Corruption Act 1988. Corruption-free recruitment helps to “set the tone” for the entire agency (https://icac.nsw. gov.au/preventing-corruption/knowing-your-risks/recruitment-and-selection/4303 This section does not apply to: a) the reappointment, under a new contract, of an officer, or (b) the appointment of an employee if the employment is for:. ii) two or more periods that together do not exceed 12 months in any 2-year period.
These principles are consistent with the NSW Public Sector Workforce Office which advises 'that merit selection designed to ensure that posts are filled on merit is fundamental to the recruitment and selection of public sector employees. Overall, the Audit concluded that the Council's recruitment and termination procedures reflect the requirements of the Local Government Act 1993 and associated regulations. HR policies and procedures available on the Council portal for staff were up to date and reflected the legislative requirements of the Council.
Based on the sample of recruitments and redundancies over the period, appropriate documentation was maintained in Council systems and delegations were in place. In the 10 months, the areas where the most terminations occurred were in the library (8); Development assessment (6); Childcare and social events (5); Project development and HCC (4). The municipality is currently implementing a module within the municipality's financial system to manage the municipality's HR processes.
B2. 5 Other audit activities undertaken by Internal Audit in the period
With regard to local government, the results of the operation Dasha (Canterbury City Council) inquiry are expected to be released shortly. As discussed at the last meeting of the Audit Committee, THSC responded to the OLG discussion paper: A New Risk Management and Internal Audit Framework for Local Councils in NSW in January 2020. The timeframe that OLG is currently working on is to finalize the design of the framework to be completed within 6 months of the next municipal elections.
As these elections have been postponed, this has given the OEC time to review all responses in detail and undertake more research and consultation prior to implementation.
C4: Information and Privacy Commission (IPC)
Land and Environment Court
Directions hearings will be conducted by email, online court, or telephone with the parties and a Court Commissioner; Site inspections for hearings and section 34 conferences will only be conducted if the parties deem it necessary to the case and advise the Court of this no later than 7 days before the hearing begins. Social distancing practices must be observed during the on-site inspection and no objector may attend in person; they must make their submissions in writing.
Courtroom hearings will be held with only a limited number of people in the courtroom and witnesses will be present at designated times. The Court encourages parties to limit oral evidence where possible and advise the Court if cross-examination of witnesses is not required. Ensure that the Board is accountable to the community and complies with legal requirements and supports the elected representatives of the Board in their role in the community.
Council authorizes the general manager to write off interest charges for a period of 6 months on unpaid rates where the ratepayer has entered into a payment plan due to COVID-19. Council cancels the 2020 Orange Blossom Festival due to COVID-19 and a further report on future events will be returned to Council for further consideration. The General Manager shall be authorized to enter into an agreement to defer repayment of the loan due to the Council for a maximum period of six (6) months.
MINUTES of the duly called regular meeting of the Hills Shire Council held in the Council Chambers on the 14th April 2020. This is page 8 of the minutes of the regular meeting of the Hills Shire Council held on the 14th April 2020. A MOTION WAS MOVED BY COUNCILOR DR GANGEMI AND COUNCILOR JETHI THAT the recommendation from the report is accepted.
STRATEGY
Ensure Council is accountable to the community and meets legislative requirements and support Council’s elected
MEETING DATE: 18 JUNE 2020
INTERNAL AUDIT COMMITTEE
MICHAEL EDGAR RESPONSIBLE OFFICER: GENERAL MANAGER
MICHAEL EDGAR
HISTORY
REPORT
IMPACTS Financial
Strategic Plan - Hills Future
RECOMMENDATION 1. The report be received
The expenses tabled of $Nil be noted
ATTACHMENTS Nil
ITEM-4 STATUS REPORTS - AUDIT COMMITTEE MEETING - 21
NOVEMBER 2019
KERRIE WILSON RESPONSIBLE OFFICER: GENERAL MANAGER
The Hills Future - Community Strategic Plan
RECOMMENDATION The report be received
ATTACHMENTS
Questions & Answers – 21 November 2019 (1 page)
ATTACHMENT 1
NOVEMBER 2019
201 INTERNAL AUDIT – NON TENDERED EXPENDITURE
INTERNAL AUDITOR
202 INTERNAL AUDIT COMMITTEE GENERAL MANAGER
