Audit Committee Meeting
Thursday, 15 June 2017
THE HILLS SHIRE CO
UNC
IL
AUDIT COMMITTEE MEETING 15 JUNE, 2017
ITEM SUBJECT PAGE ITEM-1 CONFIRMATION OF MINUTES
ITEM-2 AUDIT OFFICE- PERFORMANCE AUDITS 8
ITEM-3 INTERNAL AUDITORS REPORT 19
ITEM-4 GENERAL MANAGERS EXPENSES AND ACTING GENERAL MANAGER’S EXPENSES
86
ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE MEETING - 12 DECEMBER 2016
88
MINUTES of the duly convened Audit Committee Meeting of The Hills Shire Council
held in the Council Chambers Baulkham Hills on 12 December 2016
This is Page 1 of the Minutes of the Audit Committee Meeting of The Hills Shire
Council held on 12 December 2016
ITEM SUBJECT PAGE
ITEM-1 CONFIRMATION OF MINUTES
ITEM-2 INTERNAL AUDIT STRATEGIC PLAN 2017/2020 3
ITEM-3 INTERNAL AUDIT REPORT 3
ITEM-4 GENERAL MANAGER'S EXPENSES 4
ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE
MEETING - 16 AUGUST 2016
4
QUESTIONS WITHOUT NOTICE 4
MINUTES of the duly convened Audit Committee Meeting of The Hills Shire
Council held in the Council Chambers Baulkham Hills on 12 December 2016
This is Page 2 of the Minutes of the Audit Committee Meeting of The Hills Shire
Council held on 12 December 2016
47 PRESENT
Clr Y D Keane (Mayor, in the Chair)
Clr M G Thomas
Adjunct Professor Jim Taggart OAM
Mr Trevor Bland
Mr Michael Blair
48 IN ATTENDANCE
Mr Dave Walker – General Manager
Ms Kerrie Wilson – Internal Auditor
Mr Dennis Banicevic – External Auditor, PricewaterhouseCoopers
49 APOLOGIES
Clr A J Hay OAM
Clr Dr J N Lowe
50 TIME OF COMMENCEMENT
7.00pm
51 TIME OF COMPLETION
7.47pm
52 DECLARATIONS OF INTEREST
Nil.
53 ARRIVALS AND DEPARTURES
7.27pm Councillor Thomas left the meeting and returned at 7.31pm during Item 3.
54 DISSENT FROM COUNCIL'S DECISIONS
Nil.
55 ADJOURNMENT & RESUMPTION
Nil.
MINUTES of the duly convened Audit Committee Meeting of The Hills Shire
Council held in the Council Chambers Baulkham Hills on 12 December 2016
This is Page 3 of the Minutes of the Audit Committee Meeting of The Hills Shire
Council held on 12 December 2016
ITEM-1 CONFIRMATION OF MINUTES
A MOTION WAS MOVED BY ADJUNCT PROFESSOR JIM TAGGART OAM AND SECONDED
BY MR TREVOR BLAND THAT the Minutes of the Audit Committee Meeting held on
16 August 2016 be confirmed.
THE MOTION WAS PUT AND CARRIED.
56 RESOLUTION
The Minutes of the Audit Committee Meeting held on 16 August 2016 be confirmed.
APOLOGIES
A MOTION WAS MOVED BY MR MICHAEL BLAIR AND SECONDED BY MR TREVOR BLAND
THAT the apologies from Councillors Hay OAM and Dr Lowe be accepted and leave of
absence granted.
THE MOTION WAS PUT AND CARRIED.
57 RESOLUTION
The apologies from Councillors Hay OAM and Dr Lowe be accepted and leave of absence
granted.
ITEM-2 INTERNAL AUDIT STRATEGIC PLAN 2017/2020
A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY COUNCILLOR MR
MICHAEL BLAIR the Recommendation contained in the report be adopted.
THE MOTION WAS PUT AND CARRIED.
58 RESOLUTION
The report be received.
7.27pm Councillor Thomas left the meeting and returned at 7.31pm during Item 3.
ITEM-3 INTERNAL AUDIT REPORT
A MOTION WAS MOVED BY MR MICHAEL BLAIR AND SECONDED BY ADJUNCT
PROFESSOR JIM TAGGART OAM THAT the Recommendation contained in the report be
adopted.
THE MOTION WAS PUT AND CARRIED.
59 RESOLUTION
The report be received.
MINUTES of the duly convened Audit Committee Meeting of The Hills Shire
Council held in the Council Chambers Baulkham Hills on 12 December 2016
This is Page 4 of the Minutes of the Audit Committee Meeting of The Hills Shire
Council held on 12 December 2016
ITEM-4 GENERAL MANAGER'S EXPENSES
A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY MR MICHAEL
BLAIR THAT the Recommendation contained in the report be adopted.
THE MOTION WAS PUT AND CARRIED.
60 RESOLUTION
1. The report be received.
2. The expenses tabled (which outlines a total of $4,629.54) be noted.
ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE
MEETING - 16 AUGUST 2016
A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY MR MICHAEL
BLAIR THAT the Recommendation contained in the report be adopted.
THE MOTION WAS PUT AND CARRIED.
61 RESOLUTION
The report be received.
QUESTIONS WITHOUT NOTICE
62 FINANCIAL IMPACT FROM BOUNDARY ADJUSTMENT WITH THE CITY OF
PARRAMATTA COUNCIL
Mr Bland requested a brief update from the General Manager on how Council’s loss of
land below the M2 to the City of Parramatta Council has impacted financially and what
problems are being experienced.
The General Manager advised the net loss of revenue is approximately $8.5M which will
be addressed in the first couple of years through lower transfers to reserves until the
impact of the revenue from the future growth in the northern part of the Shire. The
other major impact is in terms of staff numbers, with staff protected for 3 years,
however, Parramatta has chosen to take on the staff from the childcare centre in North
Rocks and the library in Carlingford. For a couple of years there will be an overlap of
“surplus” staff, however in the lead up to the proposed change there were approximately
50 vacancies, including 18 outdoor staff, and this will minimise the impact. There will
also be an impact on staff budgets because of the fact that there is staff protection for 3
years. Despite the loss of revenue Council is still Fit for the Future and meet all the
Government ratios.
63 CHRISTMAS WISHES
Mr Blair, Adjunct Professor Jim Taggart OAM and Councillor Thomas wished all
Councillors, staff and colleagues on the Audit Committee a very happy Christmas and
prosperous New Year.
MINUTES of the duly convened Audit Committee Meeting of The Hills Shire Council held in the Council Chambers Baulkham Hills on 12 December 2016
This is Page 5 of the Minutes of the Audit Committee Meeting of The Hills Shire Council held on 12 December 2016
The Minutes of the above Meeting were confirmed at the Audit Committee Meeting held on 15 June 2017.
MAYOR ACTING GENERAL MANAGER
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 8
ITEM-2 AUDIT OFFICE- PERFORMANCE AUDITS DOC INFO
THEME: Proactive Leadership
OUTCOME: 3 Sound governance based on transparency and accountability.
STRATEGY: 3.1 Ensure Council is accountable to the community and meets legislative requirements and support Council’s elected representatives for their role in the community.
MEETING DATE: 15 JUNE 2017
INTERNAL AUDIT COMMITTEE
GROUP: GENERAL MANAGER
AUTHOR: INTERNAL AUDITOR
KERRIE WILSON
RESPONSIBLE OFFICER: ACTING GENERAL MANAGER
MICHAEL EDGAR
REPORT In September 2016 the NSW Parliament passed amendments to the Local Government Act 1993 (the Act), known as the Phase 1 reforms, which focused mainly on improving council governance and strategic business planning. These amendments are embodied in the Local Government Amendment (Governance and Planning) Act. On 1 October 2016, as part of these amendments, the Auditor-General of NSW (Auditor-General) was appointed as the external auditor for all councils from the 2016-17 financial year (s422). In addition to the external audit, s421B outlines that the Auditor-General may conduct performance audits of all or any activities of one or more councils to determine whether the councils are carrying out those activities effectively, economically and efficiently and in compliance with relevant laws. In undertaking performance audits the Auditor-General aims to identify trends, good practices and performance improvement opportunities and to provide strong support for continuous improvement across the sector and creating stronger performing councils. Performance audits are funded by the NSW Government. In late April 2017 the Auditor-General forwarded to Council the Audit Office of New South Wales (Audit Office) Performance Audit Guide for Local Government as well as details of the 3 proposed performance audits that it will undertake in the local government sector in 2017/18 (attached). These audits will involve the Audit Office selecting a sample of NSW Councils to profile in detail and providing the sector with a report outlining the results of their review. The 3 proposed audits are:
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 9
• Councils’ own reporting to their communities on service delivery through conducting a desk top review of reporting in Council annual reports.
• survey fraud controls in place across Councils • examine current shared services arrangements
The Audit Office will contact Council if it is selected in any of the 3 performance audits to be undertaken. Once released, the Audit Office performance audits reports will be forwarded to the Audit Committee for its review and information. The Audit Committee will also be kept up to date, through the Internal Audit Report, with the progress of these reviews. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. Performance audits are funded by the NSW Government. The Hills Future - Community Strategic Plan The observations outlined in the Audit Office Performance audit reports will provide insights into the activities of the NSW Local Government Sector concerning the effectiveness, economy and efficiency and compliance with relevant laws with respect to the nominated audit topic, resulting in recommendations aimed at improving governance and strategic business planning at Council. RECOMMENDATION The letter from the Auditor-General dated 27 April 2017 and the Performance Audit Guide for Local Government is received. ATTACHMENTS 1. The letter from the Auditor-General dated 27 April 2017 and the Performance Audit
Guide for Local Government (9 pages).
AUDIT COMMITTEE MEETING 15 JUNE, 2017
, ~ ..,
BATCH N6: TIME:
.. 3 MAY 2017 en audit office
THE HILLS SHIRE COUNCIL
OF NEW SOUTH WALES
Mayor Yvonne Keane The Hills Shire Council
PO Box 7064
BAULKHAM HILLS BC NSW 2153
Contact Audit Office
Phone No 92757100
Our Ref
Your Ref
27th April 2017
Dear Mayor Keane
Initial local government performance audits
As you are aware, recent amendments to the Local Government Act 1993 have made the
Auditor-General of NSW the Auditor of Local Councils in NSW. In addition to auditing Councils’ annual financial statements, the new mandate provides for the conduct of "Performance Audits’"
I am aware Performance Audits are a new type of audit for Local Government so the purpose of
this letter is to tell you a little bit about them and my approach.
Essentially, performance audits assess whether selected activities or services are carried out
efficiently, effectively and economically. The State Government has provided my Office with
funding to conduct two to three Local Government performance audits annually. I have consulted
with organisations like Local Government NSW and the Office of Local Government regarding topic selection.
In this first year, I have chosen to focus on the sector as a whole, rather than on any individual
council. In this way I hope to improve my Office’s understanding of Local Government and to work
alongside you to provide some general benchmarking or improvement opportunities. My aim is to
support Councils to identify good practice and to make improvements over time.
The first Performance Audit will focus on Councils’ own reporting to their communities on service
delivery. My Office is conducting a desk top review of reporting in Council annual reports and will
select a sample of Councils to profile in more detail.
The second audit will survey fraud controls in place across Councils. And the final performance for
the 2017/18 financial year will examine current shared services arrangements.
We will contact you directly if your Council is selected for more detailed examination in any audit.
I am sure it will be helpful if I publish a forward program of possible performance audits for you to
provide any feedback on. Matters identified in my annual financial audits will also inform the
selection of future topics, which may be a mix of sector wide or more targeted audits. Again, my officers will contact you during the early stages of any audit involving your Council.
Information regarding Performance Audits and my Office’s approach to Local Government can be
found at http://www.audit.nsw.gov.au/ I also enclose our Performance Audit Guide for Local
Government for your information.
You may like to view my current program of State Government Performance Audits to get a better
insight into the nature of performance auditing. You can also discuss any aspect of the audit of
your Council with the Business Team Leader responsible for your Council. Contact details will be
provided to your General Manager in our Client Service Report.
Level 15, 1 Margaret Street, Sydney NSW 2000 I GPO Box 12, SyNSW 2001 I t 02 9275 7100 I f 02 9275 7200 I [email protected]
PAGE 10
AUDIT COMMITTEE MEETING 15 JUNE, 2017
. " ......
I am looking forward to working constructively with you and your officers to carry out my obligations under the Act but to also support you in your work. If you have any questions, please feel free to email me([email protected]).
Please note I have also written to your General Manager asking that this advice be tabled at a
forthcoming council meeting.
With my best regards
~ o ~
Margaret Crawford Auditor-General of NSW
PAGE 11
AUDIT COMMITTEE MEETING 15 JUNE, 2017
I
PERFORMANCE AUDIT GUIDE FOR LOCAL GOVERNMENT
INTRODUCTION
Performance audits assess whether an agency or council is carrying out its activities effectively, and
doing so economically and efficiently and in compliance with relevant laws.
This Guide provides councils (the audited agency) with information about the NSW Audit Office’s
performance audit process. The Guide outlines the legislative framework and the NSW Auditor- General’s authority, and what to expect of the Audit Office during a performance audit.
The Guide also informs councils of their obligations to assist the performance audit team to effectively and efficiently complete their work.
LEGISLATIVE FRAMEWORK
Auditor-General’s authority to conduct performance audits
The Public Finance and Audit Act 1983 (PF&A Act) sets out the Auditor-General’s functions, mandate
and powers.
The Auditor-General’s independence is assured by key provisions in the PF&A Act. Specifically, the
Auditor-General:
o reports directly to NSW Parliament on audits of agency financial reports and performance
o can only be dismissed by a resolution of both houses of the NSW Parliament
o decides on the program of work undertaken by the Audit Office
o is appointed for a non-renewable eight year period. In addition, performance audits are funded
by NSW Parliament, not the agency being audited.
Under the Local Government Amendment (Governance and Planning) Act 2016 (the Act), the Auditor-
General is the auditor of all NSW councils and ’council entities’ from 1 July 2016 and has the mandate
to conduct performance audits.
The Act gives the Auditor-General authority to choose the topics and agencies for review, and to
access required agency information.
The Auditor-General is required to report to the head of the audited agency, the responsible Minister
and Treasurer on the result of a performance audit. In many cases, this will include the Office of Local
Government and its Minister due to their respective roles.
PAGE 12
AUDIT COMMITTEE MEETING 15 JUNE, 2017
\
SUMMARY OF KEY POINTS
In conducting a performance audit, the Audit Office is responsible for:
o obtaining sufficient knowledge of the program or activity being audited
o maintaining a constructive relationship with the audited agency and undertaking adequate
consultation (see Table 1)
o securing and keeping confidential all agency information obtained in the course of the audit.
The head of the audited agency is responsible for:
o nominating up to two suitable liaison officers to work with the audit team
o providing full and free access to people and information within requested timeframes. This
includes providing all information that is relevant to the audit, even if not specifically requested
o a duty of care to the audit team under WHS and anti-discrimination laws, and harassment free
workplace policies.
Performance audits and topic selection
Performance audits assess whether an agency is carrying out its activities effectively, and doing so
economically and efficiently and in compliance with all relevant laws. Activities examined by a
performance audit may include an individual program or service provided by an individual or group of
council’s, all or part of an individual council, or it may consider particular issues affecting the sector as
a whole and may include state agencies as well as council’s. Performance audits cannot question the
merits of government or council’s policy objectives. The Act gives the Auditor-General authority to
select performance audit topics and activities to review. We use a strategic approach to selecting
performance audits, which balances our performance audit program to reflect issues of interest to
Parliament and the community. We include topics that align with the government’s policy objectives
and reform agenda to assess progress and impacts.
Each year, the Auditor-General seeks input from the heads of government agencies and certain
statutory officers, on proposed topics before publishing the performance audit program. The Auditor-
General will also take into account performance audit topic suggestions from the Public Accounts
Committee, Members of Parliament, local councils and members of the public.
Authority to access Council information
The Act provides the Audit Office with full access to information irrespective of any agency obligations
for confidentiality. This overrides any other legislation that might restrict disclosure, such as secrecy or
privacy laws.
The Auditor-General is entitled at all reasonable times to full and free access to information requested
of the audited agency.
The only exception to this access is information that is Cabinet information as defined in the
Government Information (Public Access) Act 2009 (GIPA Act). However, as a matter of convention the
Secretary, Department of Premier and Cabinet, provides relevant Cabinet documents to the Auditor-
General when requested.
Agencies must provide the Audit Office with information requested.
Confidentiality requirements
Under the PF&A Act, any information obtained in the course of undertaking a performance audit must
not be disclosed by Audit Office staff to any person other than staff of the auditee, with the exception
of information relating to improper conduct as detailed in the Act.
All information that the Audit Office receives, and working papers that the Audit Office creates during
an audit, are exempt from the GIPA Act.
PAGE 13
AUDIT COMMITTEE MEETING 15 JUNE, 2017
FOLLOW-UP PROCESS AFTER THE PERFORMANCE AUDIT IS COMPLETED
Approximately 12 months after each performance audit report is tabled in Parliament, the Public
Accounts Committee (the Committee) may follow up action taken by audited agencies in response to
recommendations made by the Auditor-General. As part of the follow up process, the Committee
questions agencies about their response to the recommendations and, if required, conducts public
hearings to examine witnesses. The Auditor-General also provides comments on submissions made
by agencies to the Committee.
After the performance audit report is tabled, we write to the head of each audited agency to confirm
this process and provide a template to assist the audited agency to report to the Committee when
requested.
ROLES AND RESPONSIBILITIES
The Audit Office’s obligations
We aim to complete our work efficiently to minimise the impost on each council. The time to complete this work varies depending on the complexity of the audit topic and the number of councils and state
agencies that may be involved. This may range from six to 12 months.
Knowledge of the program or activity being audited
The audit team will obtain sufficient knowledge to enable it to identify and understand issues relevant
to the program or activity being audited.
Performance audits may be undertaken on topics that require specialised skills and knowledge
beyond those possessed by the audit team. In these cases, we engage consultants to provide expert assistance to the audit team and will discuss this with the audited council. The audit team must ensure
that any consultant engaged for the audit has the necessary competence, capabilities and impartiality to complete the work required.
No surprises approach
The audit team seeks to establish a constructive relationship with each council so that there are ’no
surprises’ in the final audit report. The audit team will explain the audit process at commencement and
will maintain appropriate communication throughout the audit. Council’s General Manager, and
executive staff, are encouraged to provide input at appropriate stages of the audit, such as when the
audit is being scoped, and when preliminary findings, the draft report and potential recommendations
are discussed.
Our audit process outlined in Table 1 provides several formal consultation points for the council to
discuss the audit planning, preliminary findings and draft report during the course of the audit. In
practice, there is ongoing and frequent communication between the audit team and the liaison officers.
Additionally, the head of the audited council and council executive staff can contact the Auditor
General, Deputy Auditor General or Assistant Auditor-General Performance Audit at any time to
discuss the audit. Our contact details are provided to the General Manager and council liaison officers
at the commencement of the audit.
Audit methodology
Our performance audit methodology is designed to satisfy Australian Audit Standards ASAE 3000 and
3500 on performance auditing. The Standards require the audit team to comply with relevant ethical
requirements and plan and perform the audit to obtain reasonable assurance and draw a conclusion
on the audit objective. Our processes have also been designed to comply with the performance audit
requirements specified in the Act.
Security of agency information
The Audit Office treats all audit-related information as ’in-confidence’. Our computer network has
appropriate security measures in place to mitigate unlawful access. Secure arrangements are also in
place to store physical documentation.
PAGE 14
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Sensitive information that, in the Auditor-General’s opinion, is not in the public interest will not be
included in public reports. This may include commercial in confidence information. Any issues that the
council may have about the Auditor-General’s powers and the content of the audit report should be
discussed with the audit team at the earliest opportunity.
The audit team will discuss with council’s liaison officers suitable options and timing to provide information and documentation for the audit. This may include use of a web based secure file transfer
facility to enable audited agencies to securely and efficiently provide requested information.
The audited agency’s obligations
We aim to use council staff time efficiently and effectively and request the council’s cooperation to
facilitate our work. In the planning stage of each audit we will consult with council’s liaison officers and
agree on timely access to people and information (see Table 1).
Nominate up to two liaison officers
Council’s General Manager is asked to nominate up to two liaison officers to work with the audit team.
The liaison officers’ role is important to both the Audit Office and council.
The liaison officer should be a senior member of the council who will keep the General Manager informed of the progress of the audit, and who has authority to make decisions on behalf of the
council, for example, when reviewing the draft audit report and discussing potential audit
recommendations.
The liaison officer will be asked to assist with the day to day administration of the audit, such as
assistance in arranging meetings, access to people and information. Council’s General Manager, or
the nominated liaison officer, may wish to appoint a second liaison officer to assist the audit team with
these matters.
Regular and open communications between the audit team and management of the council help deliver an efficient audit. The audit team will contact the nominated liaison officers regularly during the
audit and will direct most questions and documentation requests through them. Refer to Table 1 for
more details.
It is essential the audit team receives prompt responses to its questions and requests for supporting documentation.
Prepare early for the audit
The letter sent to the General Manager when a performance audit commences includes an indication
of the issues that the performance audit will examine. This is discussed and refined during the
planning phase of the audit outlined in Table 1.
The General Manager can prepare early for the performance audit by:
o reviewing relevant plans, records and source data, and making sure these are up-to-date and
available for the audit team
o gathering documentation on how council monitors and measures the effectiveness, economy and efficiency of the audited activity and have the most recent results ready.
Provide full and free access to people and information
The General Manager and council’s nominated liaison officers are responsible for arranging unrestricted access for the audit team to relevant individuals and documents and for the completeness and accuracy of the information supplied for the audit.
This is particularly important for performance audits. Each performance audit is unique and, as a
result, it is difficult for audit teams to know exactly the documentation relevant to the audit. It is
therefore the council’s responsibility to ensure it provides:
o all information it is aware of that is relevant to the audit, whether or not it is specifically
requested
o all information the audit team requests that is relevant to the audit
PAGE 15
AUDIT COMMITTEE MEETING 15 JUNE, 2017
o unrestricted access to all people in the council from whom it is necessary to obtain audit
evidence.
The General Manager is also requested to advise the audit team:
o if they or their council has any knowledge of any actual, suspected or alleged intentional
misstatement (such as fraud) or non-compliance with laws and re’gulations in relation to the audit topic
o whether there has been any internal or external reviews or audits conducted in relation to the
audit topic.
Comply with work health and safety (WHS) and anti-discrimination laws, and harassment-free workplace policies
The Audit Office is committed to maintaining a high standard of work health and safety, and our staff
are expected to treat each other and council staff with courtesy and respect.
Councils have a duty of care to Audit Office staff under the Work Health and Safety Act 2011,
Regulation, Codes of Practice and recognised industry standards, as appropriate.
If the audit team fails to adhere to anti-discrimination laws or the harassment free workplace policy, the council liaison officers should advise the Assistant Auditor-General Performance Audit
im mediately.
The Audit Office has policies and strategies to prevent and deal with discrimination and harassment.
If the audit team is treated contrary to anti-discrimination laws and the harassment free workplace
policy by any council staff, the audit team will advise the Assistant Auditor-General Performance Audit
immediately. The incident will be raised with the council liaison officers and, if necessary, with the
General Manager and the Auditor-General.
Transmission of agency information
Council’s may provide working papers in hard copy or electronic format. Our preferred format is
electronic documents in Word, Excel, or PDF formats provided bye-mail or through the Audit Office’s
secure file upload service. Details of e-mail addresses to use, or the file upload service, are provided
by the audit team when information is requested.
The audit team may need ’read only’ access the council’s electronic systems. If this is required, the
liaison officer will be asked to arrange the necessary access including log in IDs or access terminals
on-site.
PAGE 16
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PERFORMANCE AUDIT PROCESS
Once initiated, performance audits have three main stages: planning, conduct and reporting. A
description of each of these stages, and the extent of our consultation with the audited council, is
outlined in Table 1.
Table 1-Performance audit stages and consultation with audited
agencies
Planning Audit An audit team is assigned and the audit is initiated.
commences Commencement letters are issued to the General
Manager, Chief Executive, responsible Minister/s, and
the Treasurer. The head of each audited council and
state agency nominates their liaison officers who will
work with the audit team.
Scoping
work
Audit plan
Conduct Evidence
gathering
and analysis
Preliminary
findings
The audit team meets with council’s liaison officers, and
other key stakeholders, to gain an understanding of the
council and activities relevant to the audit topic. The
audit team develops the audit’s scope and focus,
including the audit objective and potential criteria. The
potential audit scope is discussed with council’s liaison
officers.
The audit team finalises the audit scope and develops
the audit plan in consultation with council’s liaison
officers. In addition to the scope and focus, the audit
plan may include
o the audit procedures, including how and what
information is to be collected to answer the audit
criteria
o audit fieldwork and approach, including the people
and locations the audit team will visit during the
audit
o audit schedule, including consultation milestones
and proposed tabling date. A draft audit plan is
provided to the council’s liaison officers for feedback
before being finalised Once finalised, the audit plan
and audit engagement letter are issued to the
General Manager.
Evidence is collected and analysed against the audit
criteria. The audit team must ensure they have sufficient
and appropriate evidence to answer the audit objective and criteria.
Preliminary findings against the audit criteria are
discussed with council’s liaison officers. Additional
relevant evidence may be requested if needed.
Commencement
letters
Draft audit scope and
focus
Audit plan and
engagement letter
Interviews with
relevant council staff
Requests for access
to documents and
information
Preliminary findings
discussed
PAGE 17
AUDIT COMMITTEE MEETING 15 JUNE, 2017
, I
Reporting Draft report
Final report
A draft report is prepared and a meeting held with
council’s liaison officers to discuss their feedback. The
purpose of the draft report is to give the council the
opportunity to identify errors of fact or interpretation, and
to provide additional relevant evidence that addresses
the audit criteria. Responses received from the council
are carefully considered and amendments made as
necessary. During this process the audit team will also
discuss with council’s liaison officers potential
recommendations to be included in the audit report. The
General Manager may wish to meet with the Auditor-
General to discuss the draft audit report and
recommendations before it is finalised.
Draft report
Potential
recommendations
The audit’s final report is issued by the Auditor-General Final statutory report
to the General Manager, Chief Executive, the
responsible Ministerls, and the Treasurer, in accordance
with the Local Government Act 1993. The audit report
includes recommendations to improve accountability and
performance. The General Manager is invited to provide
a written response to the audit report and its
recommendations that will be published with the audit
report.
The audit report is tabled in NSW Parliament and
published on the Audit web site
Tabled report
PAGE 18
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 19
ITEM-3 INTERNAL AUDITORS REPORT DOC INFO
THEME: Proactive Leadership
OUTCOME: 3 Sound governance based on transparency and accountability.
STRATEGY: 3.1 Ensure Council is accountable to the community and meets legislative requirements and support Council’s elected representatives for their role in the community.
MEETING DATE: 15 JUNE 2017
INTERNAL AUDIT COMMITTEE
GROUP: GENERAL MANAGER
AUTHOR: INTERNAL AUDITOR
KERRIE WILSON
RESPONSIBLE OFFICER: ACTING GENERAL MANAGER
MICHAEL EDGAR
EXECUTIVE SUMMARY The Internal Audit report:
• Summarises the work undertaken by the Internal Audit Function and the Audit Committee in the period;
• Highlights areas of improvement within Council’s operations; • Reports the extent to which the work carried out by the function met the
requirements of the approved Internal Audit Plan 2017; • Reports the measures taken by The Hills Shire Council (THSC) to implement the
recommendations of the internal audit reports; • Provides an overview to the Audit Committee of the status of Councils internal
control, risk management and governance processes.
The format of the report reflects: • the recommendations made by the Division of Local Government (DLG) in their
report titled: Internal Audit Guidelines, released September 2010; and, • Audit Committee requirements.
REPORT Attached are the Internal Audit Reports which outlines the audit tasks undertaken by the Internal Audit function in the period to 15 May 2017. The March 2017 Internal Audit Report has been brought forward to this meeting as the meeting planned for 16 March 2017 was cancelled due to the lack of a quorum. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates.
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 20
The Hills Future - Community Strategic Plan This report outlines the results of Audit’s review of Councils high risk activities as identified in the Internal Audit Plan adopted by Council. The recommendations resulting from audit activities are aimed at ensuring that Council stated outcomes are achieved efficiently and effectively and meets the Councils legislative requirements. RECOMMENDATION The report be received. ATTACHMENTS 1. Internal Audit report to 1 March 2017 (34 pages) 2. Internal Audit report to 15 May 2017 (31 pages)
AUDIT COMMITTEE MEETING 15 JUNE, 2017
ATTACHMENT 1
Internal Audit Report
At 1 March 2017
PAGE 21
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part A: Executive Summary
1. Audit Activity to 1 March 2017
From 1 January 2017 Audit has been addressing Year 1 (2017) of its 4 year Strategic Audit Plan. This plan was adopted by the Audit Committee at its meeting on 12 December 2016.
For the calendar year to 1 March 2017, Internal Audit has completed 2 or 11% its 18 planned audits within budget.
The audits undertaken are detailed at Part B and C of this report. Audits completed in the period include:
Governance Health check
Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash
At 1 March 2017, the number of direct days spent on internal auditing was 96% of the total days available and Management had implemented 98% of the agreed audit recommendations.
2. For the Information of the Committee
2.1 Governance and Legislative Changes
Since the last report to the Audit Committee the following relevant documents were released by the Office of Local Government (OLG) in December 2016 and January 2017: http://www.olg.nsw.gov.au/news/16-49-fit-future-improvement-plans-and-integrated-planning-and-reporting http://www.olg.nsw.gov.au/news/16-51-further-phase-1-amendments-local-government-act-commence-and-amending-regulation-made http://www.olg.nsw.gov.au/news/17-01-exhibition-draft-bill-amend-environmental-planning-and-assessment-act-1979 External Audit As previously outlined, the NSW Auditor – General is now the External Auditor for the Council (refer s422 Local Government Amendment (Governance and Planning) Act). Under contractual arrangements, the Audit Office has appointed PWC to be undertake the 2016/17 of THSC external audit on their behalf.
2.2 External Reviews
ICAC review of the City of Botany Bay Council
The ICAC report concerning this review has not yet been released.
OLG: Auburn City Council Public Enquiry
The OLG’s findings concerning the public enquiry into practices at Auburn City Council have not yet been released.
PAGE 22
AUDIT COMMITTEE MEETING 15 JUNE, 2017
When the final reports are released by the relevant regulatory bodies they will be forwarded to
the Audit Committee for information.
The Structure of the Internal Audit Report is as follows:
A: Executive Summary;
B: Comparison of the Actual and planned Audit activity undertaken in the 2017 calendar year from 1 January 2017;
C: Details of the actual internal audit work undertaken in the period to 1 March 2017;
D: Detail of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations;
E: Internal Audit and Audit Committee Key Performance Measures.
Attachment 1: Background to the Internal Audit Function, the Audit Committee, and the audit reporting practices at The Hills Shire Council.
Attachment 2: Risk Assessment Matrix
Attachment 3: List of outstanding audit recommendations (including management comments) at the reporting date
PAGE 23
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part B Comparison of the Actual and Planned Audit Activity undertaken in the 2017 period
B.1 Summary
Councils KPI
Within the Hills Shire Plan the required output of Internal Audit is to:
Implement the Internal Audit Strategic Plan and the Annual Internal Audit Program adopted by the Audit Committee.
The targeted performance measure is:
Audits Completed in the Annual Audit Program
90%
Chart 1 and Table 1, compares the actual audit activity against this KPI.
The Audit Program for the period from 1 January 2017 is included in the Internal Audit Strategic Plan (1 January 2017 - December 2020) which was adopted by the Audit Committee at its meeting on 12 December 2016.
Link: http://www.thehills.nsw.gov.au/Council/Meeting-Agendas-Minutes/Audit-Committee
To monitor the achievement of the adopted audit plan the Audit Committee is provided with an overview and comparison of the planned Audit Activity (as outlined in the adopted Audit Plan) with the actual audit activity undertaken to the date of this report (refer Table 1). The current status of each audit is also provided.
Legend to the Table 1.
Status of the Audit Activity
In progress
Completed
Not yet commenced
Chart 1: Summary of Table 1:
PAGE 24
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Table 1: Comparison of actual audit activity with the adopted 2017 Annual Audit Program
2017 Audit Program Risk
Status of the Planned
Audit at 1 March 2017
1 Governance H Completed. Refer C1.2
2 Risk Management H
3 Fraud and Corruption mitigation strategy/associated processes H Refer C1.1
4 KPI’s (including Enterprise Agreement (EA) implementation) H
5 Financial Statement Review H
6 Review of the use and management of restricted trust funds H
7 Special Projects/Assignments H
8 Investigations H
9 Information Technology/Systems H
10 System Audits M/H
11 Revenue Activities (implementation of adopted fees and charges document) M
12 Payroll H
13 Efficiency and effectiveness of Councils Procurement practices H
14 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash H
Completed. Refer C1.3
15 Recruitment and Terminations H
16 Legislation/Regulation H
17 RMS H
18 Fire Safety Inspections H
Other
Training and Development
Audit Committee
Annual Planning and Reporting
Liaison
Reports previously issued.
PAGE 25
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part C. Details of the Internal Audit Activity undertaken in the period from 1 January 2017
Part C. provides details of the Audit Activity undertaken in the period from 1 January 2017 to 1 March 2017.
This part outlines the:
Internal audit engagements completed or in progress Outcomes of each internal audit engagement undertaken The scope and methodology applicable to each audit activity undertaken Remedial action taken or in progress
The following legend has been used to provide the Audit Committee with an overall opinion of each Audit Activity undertaken:
Audit Opinion
Opinion Rating Table
Excellent Effective control environment with the business area operating efficiently, effectively and economically
Satisfactory Effective control environment; reporting complies with legislation or outputs/KPI’s being achieved
Improvement Required
Improvement required to: the control environment; reporting (to ensure it complies with legislation) or processes need to be improved to ensure efficiency and effectiveness.
Unsatisfactory Control environment is not effective
C 1.1 Corruption Mitigation Strategy and processes (Audit item 3)
Objective, Scope and Methodology: As identified in the Councils fraud and corruption mitigation strategy, internal audit has:
Reviewed ICAC reports relevant to local government in the period to the date of the Audit Committee;
Followed up with Council management those recommendations made by the ICAC that relate to the activities that are undertaken by Council. This follow up is undertaken to ensure that Councils processes are corruption resistant;
Worked with management to implement or modify processes where relevant, to mitigate the corruption risk.
For the information of the Committee:
Since 2008 the ICAC has made 249 recommendations (similar recommendations counted as 1) that relate to activities undertaken by Council. Audit has followed up the recommendations made by the ICAC when the relevant reports have been published.
Council manages its corruption risks through its risk management system.
a) Investigations and public enquiries in progress
The ICAC’s ongoing investigations are as follows (Please note that the following extracts are copied directly from the ICAC website Link: http://www.icac.nsw.gov.au/investigations/current-investigations ):
PAGE 26
AUDIT COMMITTEE MEETING 15 JUNE, 2017
2016 Western Sydney Regional Illegal Dumping Squad - allegations concerning former Western Sydney Regional Illegal Dumping Squad (RIDS) officer (Operation Scania)
The ICAC is investigating allegations that a former Western Sydney Regional Illegal Dumping Squad (RIDS) enforcement officer, Craig Izzard, exercised his public official functions partially and dishonestly by receiving corrupt payments to ignore illegal dumping in areas under his supervision, or to impede investigations by other Western Sydney RIDS officers.
Audit Committee: The Western Sydney RIDS is responsible for investigating the illegal dumping of waste in western Sydney. It is jointly funded by the NSW Environment Protection Authority and the Fairfield, Penrith, Liverpool, Blacktown, Hills (THSC), Parramatta and former Holroyd (now Cumberland) local councils. The allegations concern properties in the Liverpool and Blacktown local government areas. Mr Izzard was located at Penrith City Council.
The public enquiry took place in September 2016. Transcripts are available at the following link. It is expected that the ICAC report will be released shortly:
http://www.icac.nsw.gov.au/investigations/current-investigations/investigationdetail/218
City of Botany Bay Council – allegations concerning former chief financial officer (Operation Ricco)
The ICAC is investigating allegations that former City of Botany Bay Council chief financial officer Gary Goodman, and other Council employees, dishonestly exercised official functions to obtain financial benefits for themselves and others by causing fraudulent payments of more than $4.2 million to be made by the Council through false invoicing to either themselves, or various entities. The ICAC is also investigating allegations that Mr Goodman solicited and received payments as an inducement or reward for showing favourable treatment to contractors. It is also alleged that Mr Goodman and other Council employees dishonestly exercised official functions to obtain financial benefits for themselves and others by using Council resources.
2014
NSW public officials and members of Parliament – allegations concerning corrupt conduct involving Australian Water Holdings Pty Ltd (Operation Credo)
The ICAC is investigating allegations that persons with an interest in Australian Water Holdings Pty Ltd (AWH) obtained a financial benefit through adversely affecting the official functions of Sydney Water Corporation (SWC) by: including expenses incurred in other business pursuits in claims made on SWC for work on the North West Growth Centre; drawing from funds allocated for other purposes; and preventing SWC from ascertaining the true financial position, including the level of the executives’ remuneration.
The Commission is also investigating whether public officials and others were involved in the falsification of a cabinet minute relating to a public private partnership proposal made by AWH intended to mislead the NSW Government Budget Cabinet Committee and obtain a benefit for AWH, and other related matters.
The Commission has been unable to progress the publication of the Operation Credo report owing to the criminal proceedings being conducted by the DPP against Mr Edward Obeid and Mr Moses Obeid. While those proceedings arise out of the Operations Cyrus and Jasper investigations, the Commission is of the view, in accordance with section 18 of the Independent Commission Against Corruption Act 1988, that the publication of the Operation Credo report during the currency of criminal proceedings may prejudice the right of the accused to a fair trial.
PAGE 27
AUDIT COMMITTEE MEETING 15 JUNE, 2017
As there are common elements to this investigation and Operation Spicer, the evidence taken in each operation is taken as evidence in both operations.
For information about the Operation Spicer report, published on 30 August 2016, visit this page.
In both operations Credo and Spicer, the Commission also investigated the circumstances in which false allegations of corruption were made against senior SWC executives.
b) Investigation Reports issued:
The following is a link to the ICAC reports publically listed:
Link: http://www.icac.nsw.gov.au/investigations/past-investigations
In the period 2 investigation reports were issued by the ICAC:
Casino Boolangle LALC – allegations concerning former chief executive officer and former administrative assistant (Operation Nestor) The ICAC investigated allegations that former Casino Boolangle Local Aboriginal Land Council (CBLALC) chief executive officer, Linda Stewart, and former CBLALC administrative assistant, Veronica Skinner, defrauded the CBLALC between 1 June 2010 and 12 October 2011 by issuing fraudulent invoices and certifying documentation to enable them to cash cheques drawn on the CBLALC bank account for their own benefit.
It was also alleged that, between 13 October 2011 and 5 September 2012, Ms Stewart defrauded the CBLALC by issuing fraudulent invoices and certifying documentation to enable her to cash cheques drawn on the CBLALC bank account for her own benefit. The alleged fraud totaled close to $80,000.
In its report on the investigation, made public on 23 February 2017, the Commission makes findings of serious corrupt conduct against Ms Stewart and Ms Skinner.
The ICAC is of the opinion that the advice of the Director of Public Prosecutions should be obtained with respect to the prosecution of Ms Stewart and Ms Skinner for offences of fraud pursuant to section 192E of the Crimes Act 1900 or, in the alternative, for offences of larceny by a servant pursuant to section 156 of the Crimes Act.
Gandangara LALC - allegations concerning chief executive officer and board members (Operation Greer) The ICAC investigated allegations concerning the Gandangara Local Aboriginal Land Council (GLALC) (Operation Greer), including that, between February 2007 and March 2014, GLALC board members partially exercised their official functions by agreeing to employment arrangements with GLALC CEO Mark Johnson under which his company, Waawidji Pty Ltd, derived benefits from the GLALC.
It was also alleged that Mr Johnson improperly exercised his public official functions, by: between March 2011 and April 2013, authorising the transfer of GLALC funds to Gandangara Future Fund Ltd; between 2009 and 2013, authorising the payment of GLALC funds for the benefit of Deerubbin, Walgett and La Perouse Local Aboriginal Land Councils, and partly for the benefit of Waawidji Pty Ltd; and between 2010 and 2014, claiming the provision of benefits from GLALC for himself or Waawidji Pty Ltd, including money, to which he knew he was not lawfully entitled.
In its report on the investigation, made public on 23 February 2017, the Commission makes findings of serious corrupt conduct against Mr Johnson. There are no findings of serious corrupt conduct made against members of the GLALC board.
PAGE 28
AUDIT COMMITTEE MEETING 15 JUNE, 2017
c) ICAC Other
On 6/2/2017 the ICAC released its publication: Report concerning corruption opportunities in the provision of maintenance services. The report is aimed at public officials who are accountable for decisions about facilities maintenance systems and public officials who oversee maintenance contracts. Action to be taken: Audit is to meet with relevant Council Managers to compare Councils current practices with the identified better practice outlined in the report. The results of this activity will be reported to the Audit Committee as part of the procurement audit planned for 2017. d) Office of Local Government (OLG) Public Enquiries
The public enquiries that are being undertaken by the OLG are detailed at the following link: http://www.olg.nsw.gov.au/public-inquiries No public enquiries were undertaken by the OLG in the period.
PAGE 29
AUDIT COMMITTEE MEETING 15 JUNE, 2017
C 1.2 Governance Health check
Audit Number
1
Background
In June 2004 the Independent Commission against Corruption (ICAC) and the Local Government Managers Association (LGMA) developed and released a Governance Health Check manual to:
assist Councils to better understand the elements of governance; and, Provide a simple tool for Councils to measure their progress in relation
to each of the elements on a continuous improvement scale. A full copy of the health check is available at the following link:
Guidance: Governance_Health_Check[1].pdf
Since 2005 the Council has regularly assessed its governance practices using this Governance Health check. Until 2014 the score attributable to Council was manually calculated.
In 2014 the LGMA developed a spread sheet which automatically calculates the Councils governance score. This has been used to assess the Councils governance activities in 2014/2015, 2015/16 and 2016/17.
Audit Objective
Undertake the annual Governance Health Check to ensure that Councils governance practices meet acceptable standards and comply with recommendations resulting from the ICAC/OLG, NSW Ombudsman and other regulatory bodies.
Scope The review was conducted at February 2017.
Method The following method was implemented:
a. Distributing the LGMA spreadsheet review to relevant staff responsible for the governance process and obtaining their input with respect to the implementation of the identified practices.
b. Review the resulting ratings and supporting evidence in coordination with the Senior Coordinator Executive Services.
c. Develop a Governance Improvement Plan where appropriate. Findings Refer to Table 2 below. As shown there has been a slight improvement in the
Councils Governance scorecard from 2016 reflecting the Councils continuous improvement focus.
The key area identified for improvement by using the checklist was:
Coordination of communications concerning Councils governance requirements between staff and Councillors/Others.
Note: It was identified that the ongoing comprehensive communication and awareness process that is currently in place with Council staff is not extended to Councillors and other relevant parties. As a result is it unclear whether governance processes are consistently applied across all Council activities.
Agreed Management Action
The areas identified for improvement have been discussed with the relevant Managers and timeframes have been agreed for implementation.
A comprehensive awareness/communication strategy has been developed and will be implemented from March 2017.
Note:
The Council reports annually on a quality of life indicator (QOL) concerning governance. This indicator was calculated to 2014 as the total of all scores over the 26 elements multiplied by a factor of 4.5. The maximum score that can be calculated to 2014 was 104. This method was devised in the absence of spread sheet.
PAGE 30
AUDIT COMMITTEE MEETING 15 JUNE, 2017
The LGMA spread sheet introduced in 2014 expresses the results as a percentage (out of 100%). For comparison reasons, the % scorecard is 92.68% which equates to 96.38 out of 104. This indicator is reported in the Annual Community Report.
Table 2:
Councils Governance Scorecard 2005 2008 2009 2010 2012 2013 2014
2014/15
2015/16
2016/17
Total of all 26 Elements (Table 1) 78 88 89 93 85.24 90 93.5 93.6 95.7 96.38
Maximum Score of all 26 Elements 104 104 104 104 104 104 104 104 104 104
% of THSC total to Maximum total 75% 85% 86% 89% 82% 87% 90%
90.01%
92.01%
92.68%
Elements multiplied by 4.5 (QOL factor) 351 396 400 418.5 369 405 421 421 431 434
Conclusion
For the information of the Audit Committee, the results of the audit activity were considered as satisfactory as an improvement was observed from 2016:
Satisfactory Effective governance processes are in place.
C 1.3 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash
Audit Number
14
Background
Goods and services that are purchased by an employee on behalf of Council for work related items may be claimed through a reimbursement. There are restrictions as to what staff will and will not be reimbursed for, and where possible purchasing must be through a purchase order.
The current process for reimbursement of Council expenses incurred by staff (including petty cash) was last updated in August 2016.
There are 5 petty cash floats across the organisation with amounts varying from $100 to $1,400. The custodians of these floats are responsible for reconciling and safe keeping of the petty cash float, and they are to ensure that the correct procedures are followed.
The Council also has corporate credit cards issued to staff. The purpose and use of the cards are outlined in the Procurement Cards Procedure.
The vendor and fuel cards are also referred to in the Procurement Cards procedure.
In December 2016 the process for petty cash reimbursements was put on-line (replaced the previous paper based system).
PAGE 31
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Objective
The objective of the audit was to determine whether:
a) Authorised staff are approving staff reimbursements and an appropriate segregation of duties is in place
b) Reimbursed expenses are appropriate and in line with the Council policy/procedure
c) Councils purchasing guidelines are met Method Review the financial records in Councils finance system and procurement card
statements concerning reimbursements/office expense accounts/credit and vendor/procurement cards. Ensure appropriate supporting documentation is in place; ensure that expenditure is approved by staff with appropriate delegations; ensure that the Councils relevant procedures were in place.
Undertake surprise petty cash counts.
Scope Undertake the review for the period to 31 December 2016.
Findings Total Expenditure: Bunnings cards 2016 $92,105; 2015 $89,012 (3% increase). No exceptions noted. Credit cards: purchases reviewed. Exceptions followed up with staff. No material exceptions noted. Office Expenses: 2016 $179,402; 2015 $166,163. Majority of purchases related to stationary. Overall Conclusions: The expenditure across the organisation for staff reimbursements (including petty cash) has been consistent for three calendar years.
The office expenses account (2400) appears to be used for its intended purpose.
The use of Councils Credit cards was generally in line with the purchasing guidelines. It has been recommended that credit card statements be reviewed by the Finance area when received to ensure that the Councils purchase guidelines are in place. Where there appears to be exceptions, the statements should be referred to the relevant card holders manager for review and approval.
Conclusion
For the information of the Audit Committee, the results of the audit activity (based on the level of current activity) were considered:
Satisfactory Adequately managed.
C.2. Other: Audit Activities undertaken in the period since the last Audit Report to the Audit Committee identified as ‘in progress’ at 15 November 2016
C2.1 Sponsorship (Audit item 12 in the 2016 Internal Audit Plan) In 2016 the review of donations and sponsorship was referred to a consultant to review independently on behalf of the Council. The results of the review are to be reported to Council shortly. As an external review has been undertaken, an internal review has not been undertaken (inefficient use of resources). Once the result of the external review is known, the recommendations of that review will be followed up by Internal Audit where relevant.
PAGE 32
AUDIT COMMITTEE MEETING 15 JUNE, 2017
C2.2 Output Budgeting Audit Objectives and method: The overall aim of the review undertaken was to:
Gain an understanding of the Councils budget process; Determine whether the budgets process is effective and efficient in
achieving its aims; Determine whether legislative requirements are being met; Determine whether the budget process and the developed budget allows
the measurement and monitoring of outcomes against goals and Councils strategic outcome
Findings: Council had relevant policies and procedures in place that were up to date; Council had met the legislative requirements and timeframes as outlined in
the Local Government Act, 1993; Timely reporting was in place with respect to Council. An audit of the achievement of Councils KPI’s will be undertaken
separately (as part of the 2017 audit plan). Conclusion No recommendations have been raised as a result of this review. Budget monitoring with respect to procurement will be reviewed in detail as part of the procurement audit planned for 2017.
Satisfactory Effective control environment
C2.3 Rates (Audit item 9 in the 2016 Internal Audit Plan) To date, the external auditor (PWC) has reviewed the financial aspects of the rates process which tests the relevant controls, pensioner rebates, calculation, classification and rates reconciliations in place (that is, notices and assessments as well as income to rates notices issued).
The review of fire safety inspections (identified in the 2017 Internal Audit Plan) has provided Internal Audit with another source of information by which to compare to Council rate revenue with respect to ‘businesses’.
Audit has therefore combined the review of business rates income with the review of fire inspections to ensure that the Councils rates system results in information that is accurate, complete and valid. To date no exceptions have been noted, however final conclusions will not be made until the fire safety inspection review is completed (mid-March).The final results and conclusions concerning the review of fire safety inspections and ‘business rates’ will be reported in the next internal audit report to the Audit Committee.
PAGE 33
AUDIT COMMITTEE MEETING 15 JUNE, 2017
C2.4 Recruitment and Terminations (Audit item 11 in the 2016 Internal Audit Plan)
Audit Number
11
Background
In the period from 1/4/2015 to 7/10/2016 there were 129 recruits and 138 terminations. Total staff numbers and type at the review date was: 657 (part time staff counted as 1 – this is not Councils FTE), made up of:
Councilors: 11 Senior Staff: 4 Contract Staff: 46 Salaried Staff: 276 Sal PT Staff: 113 Wages Staff: 113 Wages PT: 2 Casual: 92
Relevant parts of the Local Government Act 1993 that need to be complied with: s348 – s354A.
Objective
Recruitment and Terminations was identified in the Internal Audit Plan for 2016. The rationale for this was based on the risks associated with factors such as:
Legislative exposure Resourcing impact Corruption risk (assessed as high by the ICAC).
The primary objectives of this review were to:
Ensure that Councils recruitment and termination practices are efficient and meet Councils legislative requirements and best practice. This area was identified as a high risk by the ICAC and within the Councils ERM system (Risk identified in the ERM (R000133) The recruitment process does not appoint on merit or organisation fit)
Secondary Objectives were to :
to assess the efficiency and effectiveness of the internal controls that are in place to manage the key risks arising from recruitment and termination related processes;
to provide Management with recommendations to strengthen the internal control environment and the efficiency and effectiveness of associated operational practices where applicable; and
to provide an independent opinion to Council’s General Manager, the Executive and the Audit Committee on the level of reliance that can be placed on existing internal controls with notification of further actions for improvement, as agreed by Management
Scope and method
The last internal audit undertaken reviewed Councils recruitment activities to 30 March 2015.
This audit reviewed Councils recruitment and termination practices in the period from 1 April 2015 to 7 October 2016 (18 months).
Audit did not review the efficiency of recruiting practices in this period, given that recruitment was suspended during the period to May 2016 because of potential ‘merger’ activity by the State Government. This aspect will be reviewed in future audits.
PAGE 34
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Findings A number of instances were noted during the audit whereby the classification of personnel records in ECM was not appropriate or records were linked to the incorrect personnel file. These were referred to the relevant HR partner and have been corrected. Care should be taken concerning classification in ECM. One instance was found where the pay rate identified in the Letter of Offer was incorrect. This was identified by Payroll and the corrected in the payroll system. Following this instance both Payroll and HR have implemented processes to ensure timely communication of any further instance noted.
It was also noted that terminated staff were not being exited from Councils systems on a timely basis - leaving Councils systems open to access after the staff member had left the Council. Both Councils IT and Human Resource Teams have met and processes have been agreed to ensure that this risk is negated.
Conclusion Issues noted during the review are currently being addressed and corrected. This will be followed up by Internal Audit in April 2017. With the correction of these issues the result of the audit is considered:
Satisfactory Effective control environment
C2.5 Procurement (Audit item 10 in the 2016 Internal Audit Plan)
In 2016 10 days were allocated to the review of tendering and use of consultants. This time has been added to the time allocated in the 2017 (Audit item 23) to allow the more comprehensive review of the Councils purchasing practices to be undertaken. This review is currently being undertaken and the results will be reported to the Audit Committee in the next Internal Audit Report. C3. Other activities undertaken by Audit C3.1 Investigations: Audit reviewed an investigation undertaken with respect to the payment of fines/penalties incurred with respect to Councils fleet. Recommendations have been made with respect to the deficiencies noted in this system. Implementation will be followed up in May 2017. C3.2 Review of the WHS External Action Plan: This action plan has been developed to ensure that the Councils WHS system reflects better practice. Internal Audit will follow-up the results of the Action Plan implementation in May 2017. C3.3 Audit reviewed the 2015/16 Acquittal and 2016 Annual Compliance Return with respect to NSW ADHC (Hills Community Care).
PAGE 35
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part D: Details of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations
Internal Audit monitors all the recommendations raised and agreed with management to ensure that they are implemented within agreed timeframes.
The Audit recommendations outstanding (including Management Comments) at 1 March 2017 are listed at Attachment 3.
D.1 Status of Recommendations
The following is a summary of the status of Internal Audit Reports issued.
It should be noted that although the following audit reports may be listed as ‘finalised’ the area/audit item will still be the subject of future audits.
D1.1 Reports issued to 1 March 2017, where recommendations are still to be implemented:
Reports Year Report Issued Expected Closure Timeframe
Policies and Procedures 2016 31/11/2017
Property Management 2016 30/3/2017
Payroll 2016 30/3/2017
Cash and Cash Related activities
2016 30/3/2017
Revenue (review of Key Controls)
2016 30/3/2017
Recruitment and Terminations
2016 30/3/2017
Fines/penalties with respect to Councils Fleet
2017 30/3/2017
D1.2 Reports issued where recommendations have been implemented in the period to 1 March 2017
The following lists the audits where all agreed recommendations have been addressed in the time period.
Reports Year Report Issued Closure Timeframe
Information Management 2016 30/11/2016
PAGE 36
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part E Internal Audit Key Performance Measures
The following indicators have been developed to measure the performance of Internal Audit and the Audit Committee:
E.1 Service Delivery Benchmarks.
2 or 11% of the audits listed in the Strategic Internal Audit Plan for the period
from 1 January 2017 to 31 December 2017 have been ‘completed’ to date (refer
Part B, Table 1 and Chart 1).
Number of findings implemented to date as a % of items raised in the Audit reports. As discussed at Part D and Attachment 3. Of the 1036 Audit recommendations agreed with Management, 98% (or 1021) have been implemented. Timeframes for the remaining outstanding recommendations are currently being followed up. These outstanding recommendations are detailed at Attachment 3.
On average the number of days between the end of fieldwork to the issue of the final audit reports is approximately 10 working days (Prior report: 10 days). This time includes the drafting of the audit report/finalisation of report; discussion of audit findings; and agreement of management action.
E.2 Cost Control benchmarks
The actual costs of the Internal Audit function to date have been made up of the salary and on costs of the Internal Auditor and the Risk Coordinator. In the period to 1 March 2017, the budget of the Internal Audit function was not exceeded.
The number of direct days spent on internal auditing (excluding hours spent on professional development and training) is 96% of the total days available. 260 days per year have been budgeted in the Internal Audit Strategic Plan.
E.3 Key Information to be reported in the Annual Community Report Concerning the Audit Committee
In the period from 1/7/2016 (Financial Year) to date the Audit Committee has met twice. The meeting times were:
16 August 2016;
12 December 2016
The Audit Committee membership and the number of meetings attended in in the period was as follows:
Mr M. Blair: 2
Mr T Bland: 2
Mayor: 2
Clr A. J. Hay OAM: 0
Clr Dr J. N. Lowe: 0
Adjunct Professor Jim Taggart OAM: 2
Clr M. G. Thomas: 2
PAGE 37
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Attachment 1
Background to the: Internal Audit Function; the Audit Committee; and the audit reporting practices at The Hills Shire Council.
Background
1. Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.
Internal audit’s role is primarily one of providing independent assurance over the internal controls and risk management framework of the council. It should be noted that Management has primary day-to-day responsibility for the design, implementation, and operation of internal controls.
Within THSC the functions, powers, and accountabilities of Internal Audit are set out in the Internal Audit Charter which has been adopted by Council. Internal audit’s core competencies are in the area of internal control, risk and governance. Internal audit’s scope includes the following areas:
Reliability and integrity of financial and operational information Effectiveness and efficiency of operations and resource usage Safeguarding of assets Compliance with laws, regulations, policies, procedures and contracts Adequacy and effectiveness of the risk management framework. The Internal Audit function was created in June 2005. Within Local Government, where in place, the Internal Audit unit is typically made up of 1 or 2 staff members. Within THSC the Internal Audit Unit consists of the Internal Auditor. Projects can be undertaken with the assistance of the Risk Management Coordinator or specialists where required.
2. The Audit Committee plays a pivotal role in the Councils governance framework. It provides council with independent oversight and monitoring of the council’s audit processes, including the council’s internal controls activities. This oversight includes internal and external reporting, internal and external audit, and compliance. Given the key role of the Audit Committee, for it to be most effective it is important that it is properly constituted of appropriately qualified independent members.
The Audit Committee within THSC has been in operation since 2004. Councils Audit Committee is unique in Local Government in that the Committee meets in the public forum (times and dates of meetings are advertised on the Councils webpage) and currently has 3 independent community representatives on the Committee to ensure that there is transparency in Councils processes and the Council remains accountable to the community.
The current members of the Audit Committee are: The Mayor, Clr AJ Hay (OAM), Clr Dr JN Lowe, Clr MG Thomas, Mr Michael Blair, Mr Trevor Bland and Adjunct Professor Jim Taggart (OAM). At the beginning of each Council term the Council undertakes an EOI to obtain interests from suitably qualified community members to be part of the Audit
PAGE 38
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Committee. The functions, powers and accountabilities of the Audit Committee are outlined in the Audit Committee Charter that has been adopted by Council.
3. Legislative Change
In June 2016 the Local Government Amendment (Governance and Planning) Bill 2016 was drafted to amend the Local Government Act 1993 (the Principal Act). In August 2016 the Bill passed through both Houses of the NSW Parliament. S428A of the Bill mandates that Councils put in place an Audit, Risk and Improvement Committee and outlines (in broad terms) what the role of the Committee will be. It is intended that s428A will be supported by a regulatory framework that is likely to comprise of prescription by regulation and operational guidance through guidelines. These guidelines will replace the Internal Audit Guidelines released by the OLG in 2010. Legislatively Councils have until 6 months after the next Council election to implement S428A of the Bill. This provides time for the OLG to consult and draft the necessary guidance and regulations, and Council to implement the required changes.
4. Best Practice
In 2010 the DLG released the Internal Audit Guidelines (http://www.dlg.nsw.gov.au/dlg/dlghome/documents/Information/Internal%20Audit%20Guidelines%20-%20September%202010.pdf. This guideline (the guideline) identifies best practice in local government with respect to Internal Audit and the Audit Committee. As outlined in the introduction, the guidelines were developed to encourage the creation of Internal Audit and Audit Committees in those Councils that did not have the function and to outline how the function should be developed (note: that at the time of the guideline release only approximately 20% of Councils had an Internal Audit function). At 2016 approximately 60% of Councils had in place an Audit Committee. As identified at 3. This guideline is currently being reviewed. It is expected that this will be updated in the next 6 to 12 months.
5. The Strategic Audit Plan
As identified at 3.5 of the DLG Internal Audit Guideline, the Internal Audit function within THSC has a strategic plan in place which is supported by annual plans.
The Strategic plan is based on a risk assessment of the council’s key strategic and operational areas to determine the appropriate timing and frequency of coverage of each of these areas. The plan includes audit judgment of areas that will also be reviewed despite not appearing as a high priority in the council’s risk profile. The plan is developed on a rolling cycle to reflect the terms of Council. The plan is also reviewed annually to ensure that it still aligns with the council’s risk profile. The 4 year Strategic Plan (2017 – 2020) was adopted by the Audit Committee on 12 December 2016. The audit plan covers the period from 1 January 2017 to 31 December 2020 to allow the plan to align with the term of Council.
PAGE 39
AUDIT COMMITTEE MEETING 15 JUNE, 2017
6. Reporting
Internal audit regularly communicates its findings and recommendations to the Audit Committee, General Manager and management of the areas audited through the Internal Audit Report.
The Internal Audit report normally includes background information, the audit objectives and scope, observations/findings/conclusions, key recommendations/ agreed management actions. The format of the report has been modified to satisfy the requirements of the Audit Committee and to reflect the guidelines.
Detailed audit working papers are not distributed to the Audit Committee as they are intended for internal use only. Where audit working papers have findings that are useful to other areas of council, internal audit will share this information on a limited basis. Internal audit working papers are shared with the council's external auditor, where requested, to assist them in the course of their work. Councillors and the community have access to the minutes of the Audit Committee (and the Internal Audit Report) as these are published on the Councils web page. The Internal Audit Report (and Audit Committee papers) is also referred to the Council for adoption to provide greater transparency and accountability.
PAGE 40
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Attachment 2
THSC Risk Matrix
The Councils Risk Matrix (below) reflects the requirements of ASNZS ISO 31000 and has been developed in accordance with this standard.
Risk Matrix Table
Consequence Rating
A B C D E
Lik
eli
ho
od
Ra
tin
g
5 M H H E E
4 L M H H E
3 L M M H H
2 L L M M H
1 L L L M H
L = Low Risk M = Moderate Risk H = High Risk E = Extreme Risk
(Severe/Very High)
Consequence Definition Risk Factors Likelihood
Definition Financial
Reputation Business
Operations Work Health Safety Environment
Project Management
A Insignificant The event is of low consequence
1 Financial loss – Small increase in costs not in line with budget $500 or less
1 Unsubstantiated, low profile media exposure OR no media attention
1 No disruption to services or operations
1 Single minor injury to one person – no lost time OR Insignificant environment issues
1 Project close to time, budget and quality
1 Rare The event is only expected to occur in exceptional circumstances
B Minor The event may threaten a part of the organisation
2 Financial loss – Minor financial impact $501 to $10k
2 Substantiated, low impact, low media profile (not front page news)
2 Minor disruption to services or operations up to one day
2 Medically treated injury to one person, less than 5 days lost time OR Minor environment issues
2 Project has minor issue with time, budget or quality
2 Unlikely The event is not likely to occur
C Moderate The event may threaten many parts of the organisation
3 Financial loss – > $10k to $50k
3 Substantiated, public embarrassment, moderate media profile (front page, one day)
3 Some cessation to services and operations up to several days
3 Minor or medically treated Injury to several people, less than 10 days lost time OR Some environment issues
3 Project has issues with time, budget or quality
3 Possible The event may occur
D Significant The event may threaten achievement of business objectives
4 Financial loss – $50k to $200k
4 Substantiated, public embarrassment, high impact, major media attention (national for 1 week or more)
4 Total cessation to services and operations up to one week
4 Single death, or long term disabling injuries to one or more people OR Substantial environment issues
4 Project has substantial issues with time, budget or quality
4 Likely The event is likely to occur
E Severe The event may stop achievement of business objectives
5 Financial loss – > $200k
5 Substantiated, public embarrassment, multiple impacts, long lasting widespread media coverage, prosecution of Council or Officers
5 Total cessation to services and operations greater than one week
5 Multiple losses of life or permanent disability, plus extensive injuries to several people OR Severe environment issues
5 Large project has severe issues with time, budget or quality
5 Almost certain The event is already occurring or is expected to occur
PAGE 41
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Att
ach
men
t 3
List
an
d S
tatu
s of
Ou
tsta
nd
ing
Au
dit
Rec
omm
end
atio
ns
agre
ed w
ith
Man
agem
ent
at 1
Mar
ch 2
01
7:
Rat
ing
s fo
r A
ud
it R
eco
mm
end
atio
ns
Ver
y H
igh
Ris
k (E
xtre
me)
Com
plet
e re
med
ial a
ctio
n w
ithin
2 w
eeks
or
earlie
r as
req
uire
d.
Hig
h Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
1 c
alen
dar
mon
ths
or a
s ag
reed
Mod
erat
e Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
3 c
alen
dar
mon
ths
or a
s ag
reed
Low
Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
4 c
alen
dar
mon
ths
or a
s ag
reed
Rec
onci
liati
on o
f O
uts
tan
din
g A
ud
it R
ecom
men
dat
ion
s at
1 M
arch
20
17
Dat
e o
f In
tern
al
Au
dit
Rep
ort
T
ota
l R
eco
mm
end
atio
ns
rais
ed b
y A
ud
it s
ince
20
05
(B
rou
gh
t Fo
rwar
d)
Rec
om
men
dat
ion
s R
aise
d
in t
he
per
iod
To
tal
To
tal
Rec
om
men
dat
ion
s im
ple
men
ted
b
y M
anag
emen
t s
ince
20
05
(B
rou
gh
t Fo
rwar
d)
Rec
om
men
dat
ion
s Im
ple
men
ted
in
th
e p
erio
d
Tota
l
Bal
ance
O
uts
tan
din
g
-b
ein
g
mo
nit
ore
d
by
Inte
rnal
Au
dit
30 J
une
2014
92
0
90
4 16
30 S
epte
mbe
r 20
14
920
11
931
904
18
922
9
31 M
arch
201
5 93
1 26
95
7 92
2 20
94
2 15
30 M
ay 2
015
957
10
967
942
13
955
12
30 J
une
2015
96
7 11
97
8 95
5 6
961
17
1 N
ovem
ber
2015
97
8 10
98
8 96
1 6
967
21
1 M
arch
201
6 98
8 5
993
967
18
985
8
1 M
ay 2
016
993
13
1006
98
5 1
986
20
30 J
une
2016
10
06
3 10
09
986
8 99
4 15
15 N
ovem
ber
2016
10
09
11
1020
99
4 12
10
06
14
1 M
arch
201
7 10
20
16
1036
10
06
15
1021
15
PAGE 42
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
C
ash
an
d c
ash
rel
ated
act
ivit
ies
1
Inde
pend
ent
Che
cks
of
the
Pett
y ca
sh a
re n
ot u
nder
take
n re
gula
rly
Ensu
re t
hat
cash
hel
d is
app
ropr
iate
ly
acco
unte
d fo
r.
M
An
audi
t of
all
pett
y ca
sh
float
s is
un
dert
aken
an
nual
ly b
y th
e Fi
nanc
e Te
am.
Last
au
dit
by
Fina
nce
was
und
erta
ken
in J
uly
2015
– a
noth
er
shou
ld o
ccur
in
the
next
3
mon
ths.
Man
ager
Fi
nanc
e
July
201
6
Com
plet
ed.
Inte
rnal
Aud
it un
dert
ook
a re
view
in
ea
rly
2017
.
2
Proc
urem
ent
card
s pr
oced
ure
(sec
tion
8.0)
doe
s no
t re
flect
th
e cu
rren
t pr
actic
e re
gard
ing
the
verific
atio
n of
pur
chas
es b
y th
e G
roup
M
anag
er/M
anag
er.
Proc
edur
e la
st u
pdat
ed M
arch
20
14.
Proc
edur
e is
out
of
date
and
doe
s no
t pr
ovid
e ad
equa
te
guid
ance
. Pu
rcha
sing
act
iviti
es d
o no
t sa
tisfy
the
Cou
ncils
pur
chas
ing
proc
edur
e.
M
Proc
urem
ent
Car
d Pr
oced
ure
be
upda
ted
and
dist
ribu
ted
Man
ager
Fi
nanc
e
July
201
6
Com
plet
e. P
roce
dure
U
pdat
ed.
PAGE 43
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
3
Sta
ff
who
ar
e is
sued
w
ith
the
proc
urem
ent
card
be
ad
vise
d of
the
req
uire
men
ts
of u
se;
the
proc
edur
e m
ay
need
upd
atin
g to
ref
lect
the
us
e of
the
car
d.
Sta
ffs
are
awar
e of
the
lim
itat
ions
in
ha
ving
a
proc
urem
ent
card
. Cou
ncil’
s go
vern
ance
re
quir
emen
ts a
re in
pla
ce.
M
Sta
ff
to
sign
of
f on
th
e co
nditio
ns o
f us
e of
pr
ocur
emen
ts
card
s w
hen
the
card
s ar
e is
sued
.
Cre
dit
card
st
atem
ents
ar
e re
view
ed
by
Fina
nce
once
re
ceiv
ed
to
ensu
re
that
pu
rcha
sing
is
in
lin
e w
ith
the
Cou
ncils
pu
rcha
sing
gui
delin
es.
Whe
re e
xcep
tions
are
no
ted
thes
e st
atem
ents
(a
nd
supp
ortin
g do
cum
ents
) sh
ould
be
refe
rred
to
th
e ca
rd
hold
ers
man
ager
fo
r re
view
and
app
rova
l.
Man
ager
Fi
nanc
e
May
201
7 In
pr
ogre
ss.
All
card
hold
ers
are
still
to
si
gn
the
upda
ted
proc
edur
e.
Fina
nce
to
impl
emen
t pr
oces
s co
ncer
ning
cr
edit
card
sta
tem
ents
4
Proc
urem
ent
card
s pu
rcha
ses
som
etim
es
exce
ed t
he a
mou
nt o
utlin
ed
in t
he p
roce
dure
Purc
hase
s do
no
t m
eet
the
requ
irem
ents
of
th
e pr
oced
ure
alth
ough
the
y ar
e re
quir
ed f
or t
he
cont
inui
ty o
f se
rvic
e M
Con
side
ration
be
gi
ven
to
incr
easi
ng
the
daily
sp
end
limit
and
dele
ting
the
mon
thly
sp
end
limit
on t
he v
endo
rs c
ard.
Man
ager
Fi
nanc
e
July
201
6
Com
plet
e.
Proc
edur
e U
pdat
ed.
PAGE 44
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
5
Pett
y ca
sh
vouc
hers
w
ere
sign
ed b
y st
aff
who
did
not
ha
ve
the
appr
opri
ate
finan
cial
del
egat
ion
Ensu
re
that
ag
reem
ents
ar
e ap
prop
riat
ely
auth
oris
ed
M
Fina
nce
active
ly
revi
ews
the
pett
y ca
sh
vouc
hers
pr
esen
ted
to
it
to
ensu
re
that
th
ey
satisf
y th
e re
leva
nt
proc
edur
e an
d ar
e si
gned
by
an
ap
prop
riat
ely
dele
gate
d of
ficer
.
Man
ager
Fi
nanc
e
July
201
6
Com
plet
e. P
roce
ss
now
‘o
n lin
e’,
Fina
nce
revi
ews
dele
gatio
n.
6
Floa
ts
mad
e av
aila
ble
whe
re
not
appr
opri
atel
y ac
coun
ted
for
Mon
ies
unac
coun
ted
for.
M
Fina
nce
to
follo
w
up
the
reim
burs
emen
t of
ad
vanc
es
mad
e an
d flo
ats
mad
e av
aila
ble
to
the
Civ
ic
Even
ts
team
.
Man
ager
Fi
nanc
e Ju
ly 2
016
Com
plet
e.
Adv
ance
s re
turn
ed.
Proc
edur
es
tight
ened
.
In
form
atio
n M
anag
emen
t
7
Altho
ugh
a lis
t of
Cou
ncils
sy
stem
s ha
d be
en c
ompi
led
it w
as n
oted
tha
t it w
as n
ot
com
plet
e. Th
e IT
M
anag
er
is c
urre
ntly
upd
atin
g th
e lis
t an
d ob
tain
ing
clar
ifica
tion
th
at
all
key
data
ke
pt
in
thes
e sy
stem
s is
als
o be
ing
mai
ntai
ned
in t
he C
ounc
ils
corp
orat
e sy
stem
.
Cou
ncils
Cor
pora
te R
ecor
d is
not
co
mpl
ete.
M
A
com
plet
e lis
t of
sy
stem
s cu
rren
tly
bein
g us
ed b
y Cou
ncil
is
unde
rtak
en
and
assu
ranc
e is
gi
ven
that
ke
y in
form
atio
n is
bei
ng m
aint
aine
d in
th
e Cou
ncils
co
rpor
ate
reco
rd.
Man
ager
- I
T
Aug
ust
2016
Com
plet
e.
List
no
w
com
pile
d.
Info
rmat
ion
in
thes
e sy
stem
s is
be
ing
revi
ewed
by
IT to
en
sure
th
at
the
Cou
ncils
co
rpor
ate
syst
em
is c
ompl
ete.
PAGE 45
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
P
olic
ies
and
Pro
ced
ure
s
8
Cou
ncil’
s po
licy
docu
men
tation
ha
s no
t be
en u
pdat
ed a
nd f
orm
ally
ap
prov
ed
on
a pe
riod
ic
basi
s.
Polic
y do
cum
enta
tion
may
not
be
curr
ent
or a
ppro
pria
tely
app
rove
d M
Polic
y do
cum
enta
tion
be
up
date
d an
d fo
rmal
ly a
ppro
ved.
Coo
rdin
ator
–
Exec
utiv
e Ser
vice
s
Nov
embe
r 20
17
In p
rogr
ess
9
A
num
ber
of
Cou
ncils
pr
oced
ures
w
ere
not
upda
ted
withi
n ag
reed
tim
efra
mes
.
Proc
edur
es b
eing
im
plem
ente
d by
st
aff
may
be
inco
rrec
t or
out
of
date
. M
Proc
edur
al
docu
men
tation
will
be
upda
ted
by
30
Nov
embe
r 20
16.
Coo
rdin
ator
–
Exec
utiv
e Ser
vice
s
Nov
embe
r 20
16
Com
plet
e.
Upd
ated
10
Cou
ncil
staf
f do
not
rec
eive
fo
rmal
tr
aini
ng
conc
erni
ng
the
impl
emen
tation
of
Cou
ncils
po
licie
s an
d pr
oced
ural
req
uire
men
ts
Polic
y an
d pr
oced
ural
re
quir
emen
ts
may
no
t be
im
plem
ente
d re
sulti
ng
in
non-
com
plia
nce.
M
The
indu
ctio
n pr
oces
s be
mod
ified
to
ensu
re
that
new
sta
ff r
ecei
ve
trai
ning
co
ncer
ning
th
e po
licie
s an
d pr
oced
ures
re
leva
nt
to
thei
r re
spon
sibi
litie
s.
Man
ager
-
HR
Nov
embe
r 20
16
In p
rogr
ess
P
rop
erty
Man
agem
ent
11
The
revi
ew
of
the
man
agem
ent
of
the
cond
itio
ns
of
the
licen
ces/
leas
es
has
iden
tifie
d th
at
a fu
rthe
r au
dit/
follo
w up
is
requ
ired
to
ens
ure
that
utilit
y co
sts
are
bein
g pa
ssed
on
to
less
ees
whe
re r
equi
red.
Util
ity
cost
s m
ay n
ot b
e re
cove
red
whe
re a
pplic
able
L
Aud
it
follo
w
up
with
Fina
nce
the
proc
ess
in
plac
e to
en
sure
th
at
Utilit
y co
sts
are
bein
g re
cove
red.
Inte
rnal
Aud
it/M
anag
er F
inan
ce
Mar
ch 2
017
PAGE 46
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
P
ayro
ll
12
Out
door
st
aff
usin
g m
yflo
so
ftw
are
to
proc
ess
thei
r tim
eshe
ets
do
not
nece
ssar
ily
have
un
ique
si
gn o
n pa
ssw
ords
.
Tim
eshe
et da
ta ca
n be
ch
ange
d an
d st
aff
cann
ot
nece
ssar
ily
be
held
re
spon
sibl
e fo
r th
e in
form
atio
n en
tere
d
M
Out
door
st
aff
be
issu
ed
with
uniq
ue
pass
wor
ds.
Man
ager
IT
Mar
ch 2
017
R
even
ue
(Rev
iew
of
Key
Con
trol
s)
13
The
allo
cation
of
du
ties
w
ithi
n th
e Fi
nanc
e Te
am i
s no
t pr
ovid
ing
the
inde
pend
ent
revi
ew
requ
ired
to
en
sure
th
at
ther
e is
a
segr
egat
ion
of
dutie
s.
Seg
rega
tion
of d
utie
s no
t in
pla
ce
M
Whe
re
appr
opri
ate,
op
erat
iona
l re
spon
sibi
litie
s be
al
loca
ted
to
the
corr
ect
posi
tion
s.
Man
ager
Fi
nanc
e
Mar
ch 2
017
14
Com
plet
e pr
oced
ural
do
cum
enta
tion
is
no
t in
pl
ace
to
ensu
re
that
pr
oces
ses
are
cons
iste
ntly
ap
plie
d by
th
e Fi
nanc
e Te
am
Proc
esse
s m
ay
be
not
be
cons
iste
ntly
im
plem
ente
d ac
ross
th
e Fi
nanc
e Te
am.
Unn
eces
sary
re
lianc
e pl
aced
on
th
e Fi
nanc
ial
Acc
ount
ant
to di
rect
st
aff
belo
w
her.
M
Proc
edur
al
docu
men
tation
to
be
cr
eate
d an
d m
ade
avai
labl
e to
st
aff
withi
n th
e Fi
nanc
e Te
am
Man
ager
Fi
nanc
e
Mar
ch 2
017
Cur
rent
ly
bein
g w
ritt
en
up.
90%
co
mpl
ete.
G
over
nan
ce H
ealt
h C
hec
k
PAGE 47
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
15
An
action
pl
an
has
been
de
velo
ped
to
ensu
re
that
th
e Cou
ncils
G
over
nanc
e Pr
oces
ses
refle
ct
best
pr
actic
e.
A
key
action
to
be
un
dert
aken
is
to e
nsur
e th
e co
ordi
nation
of
co
mm
unic
atio
ns c
once
rnin
g Cou
ncils
go
vern
ance
re
quir
emen
ts b
etw
een
staf
f an
d co
unci
llors
an
d ot
her
rele
vant
par
ties
.
Cou
ncil’
s go
vern
ance
pr
oces
ses
may
not
be
cons
iste
ntly
app
lied.
M
Act
ion
Plan
be
im
plem
ente
d
Rel
evan
t M
anag
er
iden
tifie
d in
th
e Act
ion
Plan
Dec
embe
r 20
17
R
ecru
itm
ent
and
Ter
min
atio
ns
16
Tem
pora
ry S
taff
One
te
mpo
rary
st
aff
mem
bers
was
em
ploy
ed f
or
grea
ter
than
12
mon
ths
O
ne
staf
f m
embe
r w
as
plac
ed
into
a
casu
al
posi
tion
w
itho
ut
adve
rtis
ing/
re
fere
nce
chec
ks e
tc.
This
per
son
has
been
em
ploy
ed
in
the
Cou
ncil
for
over
12
mon
ths.
Thes
e ap
poin
tmen
ts
cont
rave
ne
the
requ
irem
ents
of
the
Act
whi
ch
outlin
es
that
su
ch
appo
intm
ents
ca
n be
fo
r a
max
imum
of
12
m
onth
s (N
ote:
th
ese
appo
intm
ents
by
pass
ad
vert
isin
g an
d m
erit
cons
ider
atio
ns
of
recr
uitm
ent)
.
M
Tem
pora
ry
staf
f m
embe
rs
are
empl
oyed
fo
r a
max
imum
of
12
m
onth
s as
out
lined
in
the
Act
. Ti
mel
y ac
tion
be
ta
ken
conc
erni
ng
the
man
agem
ent
of
thes
e ar
rang
emen
ts
to e
nsur
e th
at t
he A
ct
is n
ot c
ontr
aven
ed
Man
ager
-
WSABI
Impl
emen
ted.
Com
plet
ed.
Act
ion
now
ta
ken
by
Cou
ncil
PAGE 48
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
17
Prob
atio
nary
and
Ind
uction
Rec
ords
Fr
om t
he t
estin
g pe
rfor
med
on
10
%
(13)
of
ne
w
recr
uits
, it w
as n
oted
tha
t in
so
me
inst
ance
s pr
obat
iona
ry a
nd i
nduc
tion
reco
rds
wer
e no
t lin
ked
to
the
rele
vant
sta
ff m
embe
r’s
pers
onne
l file
.
In
som
e in
stan
ces
the
rele
vant
doc
umen
tation
had
no
t be
en
dist
ribu
ted
mea
ning
th
at
the
activi
ty
was
not
und
erta
ken:
Pers
onne
l re
cord
s ar
e no
t co
mpl
ete.
Key
HR p
roce
sses
not
in
pla
ce.
Key
HR p
roce
sses
be
unde
rtak
en a
nd li
nked
to
th
e re
leva
nt
Sta
ff
mem
ber’s
pers
onne
l fil
e to
ens
ure
that
the
fil
e is
co
mpl
ete.
Rec
ruitm
ent
unde
rtak
en
does
no
t ap
pear
to
be
ex
cess
ive
and
it
is
uncl
ear
why
re
cord
s ar
e no
t co
mpl
ete.
Man
ager
-
WSABI
Impl
emen
ted.
Com
plet
ed.
Rec
ords
ar
e no
w
linke
d to
th
e re
leva
nt file
.
18
Lett
er o
f O
ffer
Fr
om t
he t
estin
g pe
rfor
med
on
10%
of
new
rec
ruits,
it
was
no
ted
that
in
on
e in
stan
ce (
2008
) a
lett
er o
f of
fers
w
ere
not
linke
d to
th
e pe
rson
nel
file.
Thi
s st
ill
has
not
been
loca
ted.
Pers
onne
l re
cord
s ar
e no
t co
mpl
ete.
Key
HR p
roce
sses
not
in
pla
ce.
M
Lett
er
of
offe
rs
be
linke
d to
th
e pe
rson
nel f
ile
Man
ager
-
WSABI
Impl
emen
ted.
Com
plet
ed.
Rec
ords
ar
e no
w
linke
d to
th
e re
leva
nt file
.
PAGE 49
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
19
Use
of ag
ency
sta
ff
Cur
rent
ly
staf
f co
ntra
cted
th
roug
h an
em
ploy
men
t ag
ency
do
no
t ha
ve
a pe
rson
nel
file
withi
n Cou
ncil.
Altho
ugh
it
has
been
in
dica
ted
that
ap
prop
riat
e ch
ecks
(i
nclu
ding
w
orki
ng
with
child
ren
chec
ks,
are
perf
orm
ed
and
indu
ctio
ns
etc.
un
dert
aken
, ev
iden
ce
coul
d no
t be
sig
hted
.
Cou
ncil’
s re
cord
s ar
e no
t co
mpl
ete
or e
ffec
tive
. M
H
R
inve
stig
ates
m
etho
ds
to
ensu
re
the
effe
ctiv
e m
anag
emen
t of
re
cord
s w
ith
resp
ect
to
‘age
ncy
staf
f’ w
ithi
n Cou
ncils
sy
stem
s.
Man
ager
-
WSABI
Mar
ch 2
017
App
ropr
iate
do
cum
enta
tion
to
be
sc
anne
d an
d fil
ed
withi
n Cou
ncils
sys
tem
s.
20
Impl
emen
tation
of
2.
5 Cas
ual,
Tem
pora
ry
and
agen
cy s
taff g
uide
line
It
appe
ars
that
M
anag
ers
have
em
ploy
ed
som
e ag
ency
st
aff
dire
ctly
by
pass
ing
HR
in
cont
rave
ntio
n to
th
is
guid
elin
e.
Cou
ncils
pro
cedu
ral
requ
irem
ents
m
ay n
ot b
e in
pla
ce
M
HR
ensu
res
that
al
l Cou
ncil
staf
f is
aw
are
of
the
requ
irem
ents
of
thi
s pr
oced
ure
and
that
the
pro
cedu
re i
s im
plem
ente
d.
Man
ager
-
WSABI
Mar
ch 2
017
21
Con
flict
s of
Int
eres
t Th
e di
sclo
sure
of
co
nflic
ts
of in
tere
st is
not
par
t of
the
re
crui
tmen
t pr
oces
s.
Con
flict
s of
int
eres
t m
ay n
ot b
e di
sclo
sed
duri
ng th
e re
crui
tmen
t pr
oced
ure.
Cod
e O
f Con
duct
re
quir
emen
ts m
ay n
ot b
e in
pla
ce.
M
The
form
al
decl
arat
ion
of
CO
I sh
ould
be
incl
uded
as
part
of
th
e re
crui
tmen
t pr
oces
s
Man
ager
-
WSABI
Mar
ch 2
017
To b
e re
view
ed b
y Aud
it
PAGE 50
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
22
Use
of
Con
trac
t Em
ploy
men
t Com
pani
es
It w
as n
oted
in
the
peri
od
that
co
ntra
ct
staf
f w
ere
empl
oyed
thr
ough
Ess
ential
App
oint
men
ts $
93k
and
My
Gat
eway
$4
34k.
Bot
h ar
rang
emen
ts
did
not
satis
fy t
he r
equi
rem
ents
of
the
Cou
ncils
pu
rcha
sing
gu
idel
ines
. Th
e us
e of
M
y G
atew
ay
was
in
co
ntra
vent
ion
of s
55 o
f th
e Lo
cal
Gov
ernm
ent
Act
. Fo
rmal
con
trac
ts a
re n
ot i
n pl
ace
with
eith
er c
ompa
ny.
Con
trav
ention
of
th
e Cou
ncils
pu
rcha
sing
gu
idel
ines
/ten
deri
ng
requ
irem
ents
of th
e Act
.
Poor
con
trac
t m
anag
emen
t
H
HR
ensu
res
that
ap
prop
riat
e co
ntra
cts
are
in
plac
e fo
r al
l ‘a
genc
y st
aff’.
Th
ese
satisf
y Cou
ncils
pr
oced
ural
an
d le
gisl
ativ
e re
quir
emen
ts.
Man
ager
-
WSABI
Mar
ch 2
017
Thes
e fir
ms
are
no
long
er u
sed
thes
e co
mpa
nies
to
so
urce
st
aff.
M
onie
s sp
ent
are
the
sala
ries
to
the
rele
vant
sta
ff t
hat
are
wer
e em
ploy
ed t
hrou
gh
cont
ract
s th
at a
re
still
cur
rent
PAGE 51
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
23
Tim
ely
setu
p of
st
aff
in
Cou
ncils
IT
syst
ems.
Fr
om t
he r
evie
w o
f 29
new
st
arte
r re
cord
s pr
oces
sed
thro
ugh
the
‘New
st
arte
r w
orkf
low
in
EC
M’
it
was
id
entifie
d th
at
the
wor
kflo
ws
crea
ted
by
the
New
Sta
rter
Pro
cess
do
not
appe
ar t
o be
adh
ered
to
in
a la
rge
perc
enta
ge o
f ca
ses
mea
ning
tha
t st
aff
are
not
bein
g se
t up
on
a
timel
y ba
sis
in C
ounc
ils s
yste
ms.
New
Sta
rter
s m
ay n
ot b
e se
t up
in
Cou
ncils
sy
stem
s on
a
tim
ely
basi
s.
One
of
the
dang
ers
in n
ot h
avin
g ac
cess
av
aila
ble
from
th
e co
mm
ence
men
t of
th
e em
ploy
men
t is
th
e te
nden
cy
to
shar
e lo
gons
to
allo
w t
he s
taff t
o w
ork.
M
This
pr
oces
s be
st
anda
rdis
ed
and
impl
emen
ted
on
a tim
ely
basi
s.
Part
of
th
e is
sue
is
the
empl
oyee
do
es
not
exis
t in
Cou
ncils
EC
M
syst
em
until
afte
r th
e re
ques
t ha
s be
en pr
oces
sed.
Th
is
mak
es
it
impo
ssib
le
for
HR
to
link
the
reco
rd
to
the
empl
oyee
in
dex
mak
ing
the
data
di
ffic
ult
to f
ind
in E
CM
or
Pho
enix
.
Man
ager
-
WSABI
Mar
ch 2
017
Proc
ess
now
im
plem
ente
d.
Aud
it t
o re
view
.
24
Tim
ely
term
inat
ion
of s
taff
in C
ounc
ils I
T sy
stem
s.
This
pro
cess
app
ears
to
be
faili
ng i
n th
at a
ll st
aff
are
not
bein
g ex
ited
fr
om th
e sy
stem
on
thei
r ex
it da
te.
Cou
ncils
te
rmin
ated
st
aff
is
not
alw
ays
exited
fr
om
Cou
ncils
sy
stem
s on
a
tim
ely
basi
s.
Leav
ing
Cou
ncils
sys
tem
s op
en t
o ac
cess
aft
er t
he s
taff m
embe
r ha
s le
ft t
he C
ounc
il.
M
Ref
er t
o 23
Man
ager
-
WSABI
Mar
ch 2
017
Proc
ess
now
im
plem
ente
d.
Aud
it t
o re
view
.
PAGE 52
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
25
Rol
e Sta
tem
ents
Fr
om t
he t
estin
g pe
rfor
med
on
10
%
(13)
of
ne
w
recr
uits
, it w
as n
oted
tha
t in
so
me
inst
ance
s ro
le
stat
emen
ts
wer
e no
t in
pl
ace.
Sta
ff
are
empl
oyed
w
itho
ut
a cl
ear
unde
rsta
ndin
g of
the
ir r
oles
an
d re
spon
sibi
litie
s.
M
Rol
e st
atem
ents
sh
ould
be
in p
lace
for
ea
ch
posi
tion
in
Cou
ncil.
Man
ager
-
WSABI
Aug
ust
2017
Fi
nes
/P
enal
ties
(C
oun
cils
Fle
et)
26
Cou
ncil’
s pr
oces
ses
did
not
ensu
re
the
timel
y pr
oces
sing
and
pay
men
t of
SD
RO
fin
es.
Dem
erit
poin
ts
not
corr
ectly
appl
ied.
In
flate
d fin
es/p
enal
ties
incu
rred
by
Cou
ncil.
M
Rev
ised
pr
oced
ures
be
impl
emen
ted
Plac
e M
anag
er
–W
est
War
d
May
201
7
27
The
outs
tand
ing
fines
/pen
alties
w
orkf
low
is
no
t re
ferr
ed
to
the
appr
opri
ate
leve
l in
Cou
ncil
to e
nsur
e tim
ely
proc
essi
ng
and
paym
ent.
Fine
s no
t ad
dres
sed
on a
tim
ely
basi
s. P
enal
ties
incu
rred
M
Out
stan
ding
fin
es/p
enal
ties
w
orkf
low
is
di
rect
ed
to
the
Gen
eral
M
anag
er.
Man
ager
IT
M
arch
201
7
Wor
kflo
w u
pdat
ed.
28
The
Cou
ncils
fac
ilities
pol
icy
is n
ot c
lear
with
resp
ect
to
the
resp
onsi
bilit
y of
Cou
ncill
ors
with
resp
ect
to
fines
/pen
alties
in
curr
ed
whe
n us
ing
Cou
ncils
fle
et
(Cou
ncill
ors
car)
.
Alth
ough
as
sum
ed
that
fin
es/p
enal
ties
ar
e pa
id
whe
re
incu
rred
, th
is i
s no
t cl
ear
in t
he
faci
litie
s po
licy.
M
Con
side
ration
is
give
n to
cl
arify
ing
resp
onsi
bilit
y fo
r fin
es/p
enal
ties
et
c.
incu
rred
by
th
e Cou
ncill
ors/
May
or
in
the
faci
litie
s po
licy.
Sen
ior
Coo
rdin
ator
- G
over
nanc
e Ser
vice
s
Nov
embe
r 20
17
PAGE 53
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at 1
Mar
ch
20
17
29
Fine
s in
curr
ed w
ith
resp
ect
to t
he M
ayor
s ca
r ar
e no
t pr
oces
sed
in t
he s
ame
way
th
at
fines
in
curr
ed
by
Cou
ncil
staf
f ar
e pr
oces
sed
Dem
erit
poin
ts
may
no
t be
ap
plie
d/
exce
ss
fines
an
d pe
naltie
s in
curr
ed b
y Cou
ncil.
M
The
deta
ils
of
the
May
or a
re p
rovi
ded
to
the
Plac
e M
anag
er –
Wes
t W
ard
to e
nsur
e th
e tim
ely
notific
atio
n to
th
e SD
RO
of
fin
e in
form
atio
n. I
t is
the
re
spon
sibi
lity
of
the
May
ors/
Cou
ncill
ors
PA
to
notify
th
e Pl
ace
Man
ager
– W
est
war
d of
th
ese
deta
ils
shou
ld
the
May
or
chan
ge.
Plac
e M
anag
er
– W
est
War
d;
PA
to
May
or/C
oun
cillo
rs
May
201
7
30
Log
book
s co
ncer
ning
th
e Cou
ncill
ors
Car
ar
e in
com
plet
e.
Cou
ncil
may
no
t be
ab
le
to
iden
tify
who
has
inc
urre
d a
fine
whe
n th
e Cou
ncill
ors
car
is u
sed
resu
ltin
g in
pe
naltie
s be
ing
incu
rred
by
Cou
ncil
M
Log
book
s be
m
aint
aine
d an
d co
mpl
eted
.
Plac
e M
anag
er
– W
est
War
d
May
201
7
PAGE 54
AUDIT COMMITTEE MEETING 15 JUNE, 2017
ATTACHMENT 1
Internal Audit Report
At 15 May 2017
PAGE 55
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part A: Executive Summary
1. Audit Activity to 15 May 2017
From 1 January 2017 Internal Audit has been addressing Year 1 (2017) of its 4 year Strategic Audit Plan. This plan was adopted by the Audit Committee at its meeting on 12 December 2016.
For the calendar year to 15 May 2017, Internal Audit has completed 6 or 33% of its 18 planned audits within budget.
The audits undertaken are detailed at Part B and C of this report. Audits completed in the period include:
Risk Management
Fraud and Corruption mitigation strategy/associated processes
Information Technology/Systems
Recruitment and Terminations
At 15 May 2017, the number of direct days spent on internal auditing was 96% of the total days available and Management had implemented 98% of the agreed audit recommendations.
2. For the Information of the Committee
2.1 Governance and Legislative Changes
Since the last report to the Audit Committee the following relevant documents were released in March and May 2017 by the Office of Local Government (OLG): Circular 17-04 http://www.olg.nsw.gov.au/news/17-04-topics-local-government-performance-audit-auditor-general-nsw This circular outlines the topics of the performance audits to be undertaken by the Audit Office of NSW. These audits are discussed in detail in a separate report for the Audit Committee (refer) Circular 17-06 http://www.olg.nsw.gov.au/news/17-06-commencement-phase-1-amendments-%E2%80%93-overview A table outlining the commencement date for each of the Phase 1 amendments to the Local Government Act 1993 made by the Local Government Amendment (Governance and Planning) Act 2016 (the Phase 1 Amendments) is attached to this circular. The table also identifies those provisions that are yet to commence. Of note, the following provisions had ‘Yet to Commence’ at the date of the circular: INTEGRATED PLANNING AND REPORTING (IP&R) � Streamlined IP&R requirements GOVERNANCE Induction and professional development for mayors and councillors � New requirements for the provision of, and reporting on, induction and ongoing professional development programs for mayors and councillors Model Code of Conduct and Procedures � Consolidation of the pecuniary interest provisions into the Model Code of Conduct for Local Councils in NSW
PAGE 56
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Model Code of Meeting Practice � Prescription of a new Model Code of Meeting Practice � Councils will not be required to adopt a new Meeting Code based on the Model Meeting Code until after the next ordinary election following commencement Meetings – reduced number � One-off opportunity for prescribed councils to seek the approval of the Minister for Local Government to reduce the minimum number of council meetings to less than 10 a year Councillors – reduced number � One-off opportunity for prescribed councils to seek the approval of the Minister for Local Government to reduce their councillor numbers (without a constitutional referendum) PERFORMANCE MEASUREMENT FRAMEWORK � Prescription of a performance measurement framework for councils AUDIT COMMITTEES, INTERNAL AUDIT AND RISK Audit, risk and improvement committees � Requirement for councils to appoint audit, risk and improvement committees � Councils will not be required to appoint an audit, risk and improvement committee until 6 months after the next ordinary election following commencement With respect to ‘Audit Committees, risk and improvement committees’ - guidance or regulations supporting Part 4A – Internal Audit, S428A Local Government Amendment (Governance and Planning) Act 2016 have yet to be provided by the Office of Local Government. Once these are released they will be forwarded to the Audit Committee. Circular 17-07to commenced or soon to commence) http://www.olg.nsw.gov.au/news/17-07-update-integrated-planning-and-reporting-manual-%E2%80%93-request-feedback
2.2 External Reviews
ICAC review of the City of Botany Bay Council
The ICAC report concerning this investigation has not yet been released. This report is expected to be released by 1 July 2017.
OLG: Auburn City Council Public Enquiry
The OLG’s final report concerning the public enquiry into practices at Auburn City Council was released on 9 March 2017. The report is available at the following link:
http://www.olg.nsw.gov.au/sites/default/files/Beasley%20SC%20%28Commissioner%29%20-%20Public%20Inquiry%20into%20Auburn%20City%20Council%20-%20Report.pdf
Section 18 of this report titled ‘Recommendations’ (pages 229 to 234) outline the recommendations of this enquiry. As stated, there are a number of legislative and Code of Conduct changes that are being initiated and implemented by the OLG. With the implementation of these changes, it is expected that the majority of recommendations will be addressed. Of interest to the Audit Committee is the statement in paragraph 855: ‘Mr May has also recommended that a senior member of Council staff be appointed as an internal ombudsman to deal with matters such as conflict between councillors and council staff and circumstances where attempts are being made to improperly influence them.’ Within THSC, the Corporate Lawyer/Public Officer fulfils the role of an internal ombudsman.
3. External Audit
3.1 Performance Audits
Please refer to previous comments (2.1).
PAGE 57
AUDIT COMMITTEE MEETING 15 JUNE, 2017
3.2 Client Service Plan
In May 2017, the Audit Office forwarded to Council their Client Service Plan which outlines the focus of their external 2016/17 Financial Audit.
The key issues identified by the Audit Office include:
Asset Management risk and fair value of infrastructure, property plant and Equipment
The Audit Office will focus on the management’s process for determining and agreeing fair value and the impact of Councils asset management/maintenance plans on determining useful life.
Developer Contributions
The Audit Office will focus on Councils systems for capturing and recording developer contributions accurately and in a timely manner. Cut-off testing will also be performed.
Capital Expenditure
The Audit Office will review the Councils allocation between recurrent and capital costs; componentisation of project costs into separate assets; timeliness of updates to the asset registers; process of capitalising WIP.
Procurement and contract management risk
The Audit Office will review tendering procedures to identify any probity and related party issues.
Related Party Disclosure
The Audit Office will audit the related party disclosures of Council to ensure that they comply with AASB 124.
The focus of the Audit Office procedures is on year end testing to ensure that Councils financial statements are materially correct.
Impact on adopted Internal Audit Plan
To ensure the effectiveness and efficiency of Internal Audit the abovementioned Client Service Plan has been compared to the adopted Internal Audit Plan for 2017 to ensure that Internal and External Audit are not reviewing the same audit topics. This comparison has identified that the audit topic: Procurement and contract management risk is planned to be reviewed by both Internal and External Audit and a potential inefficiency may exist. To ensure that this inefficiency does not exist, the Internal Audit will focus on procurement below the tender threshold (not subject to tender).
4. Key Council Documentation
At the 9 May 2017 Council meeting the following was presented:
Hills Shire Plan 2016/17 – review 3.
Council Resolution:
The report was received.
Draft Hills Shire Plan 2017/18 – 2020/2021
https://www.thehills.nsw.gov.au/Contact-Us/Have-Your-Say/Draft-Hills-Shire-Plan-2017-2018?BestBetMatch=hills shire plan|d13b95b2-5146-4b00-9e3e-a80c73739a64|4f05f368-ecaa-4a93-b749-7ad6c4867c1f
Council Resolution:
The Draft Hills Shire Plan containing the Community Strategic Direction – Hills Future, Delivery Program, Operational Plan, and Resourcing Strategy containing the Draft FY 17/18 Budget, Capital Works Program and the Fees & Charges be endorsed and placed on public exhibition from Thursday 11 May 2017 to Wednesday 7 June 2017.
PAGE 58
AUDIT COMMITTEE MEETING 15 JUNE, 2017
The Hills Shire Plan 2016/17 – review 3 has been forwarded to the External Independent Audit Committee Members for their information.
The Hills Shire Plan 2017/18 – 2020/21 will be forwarded to the External Independent Audit Committee Members for their information once finalised.
5. Local Government Internal Auditors Network (LGIAN) Meeting and Other Governance Activities undertaken in the period.
On 7 April 2017 the Council hosted the LGIAN meeting. Approximately 30 Internal Audit and Governance Local Government professionals attended from both regional and non-regional Councils. Various presentations were made including one by the ICAC who presented their corruption prevention paper titled:
Controlling corruption opportunities in the provision of maintenance services (released February 2017).
Relevant Council operational staff also attended this presentation.
Since April 2017, ‘Governance by the Month’ has been implemented. Monthly awareness of a governance topic is raised across Council (Governance Topics are as identified through the Governance Health Check exercise undertaken).
The Structure of the Internal Audit Report is as follows:
A: Executive Summary;
B: Comparison of the Actual and planned Audit activity undertaken in the 2017 calendar year from 1 January 2017;
C: Details of the actual internal audit work undertaken in the period to the date of this report;
D: Detail of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations;
E: Internal Audit and Audit Committee Key Performance Measures.
Attachment 1: Background to the Internal Audit Function, the Audit Committee, and the audit reporting practices at The Hills Shire Council.
Attachment 2: Risk Assessment Matrix
Attachment 3: List of outstanding audit recommendations (including management comments) at the reporting date
PAGE 59
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part B Comparison of the Actual and Planned Audit Activity undertaken in the 2017 period
B.1 Summary
Councils KPI
Within the Hills Shire Plan the required output of Internal Audit is to:
Implement the Internal Audit Strategic Plan and the Annual Internal Audit Program adopted by the Audit Committee.
The targeted performance measure is:
Audits Completed in the Annual Audit Program
90%
Chart 1 and Table 1, compares the actual audit activity against this KPI.
The Audit Program for the period from 1 January 2017 is included in the Internal Audit Strategic Plan (1 January 2017 - December 2020) which was adopted by the Audit Committee at its meeting on 12 December 2016.
Link: http://www.thehills.nsw.gov.au/Council/Meeting-Agendas-Minutes/Audit-Committee
To monitor the achievement of the adopted audit plan the Audit Committee is provided with an overview and comparison of the planned Audit Activity (as outlined in the adopted Audit Plan) with the actual audit activity undertaken to the date of this report (refer Table 1). The current status of each audit is also provided.
Legend to the Table 1.
Status of the Audit Activity
In progress
Completed
Not yet commenced
Chart 1: Summary of Table 1:
PAGE 60
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Table 1: Comparison of actual audit activity with the adopted 2017 Annual Audit Program
2017 Audit Program Risk
Status of the Planned Audit
at 15 May 2017
1 Governance H Refer 1 March 2017 IAR
2 Risk Management H Refer C1.2
3 Fraud and Corruption mitigation strategy/associated processes H Refer C1.1
4 KPI’s (including Enterprise Agreement (EA) implementation) H
5 Financial Statement Review H
6 Review of the use and management of restricted trust funds H
7 Special Projects/Assignments H
8 Investigations H
9 Information Technology/Systems H Refer C1.3
10 System Audits M/H
11 Revenue Activities (implementation of adopted fees and charges document) M
12 Payroll H
13 Efficiency and effectiveness of Councils Procurement practices H
14 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash H
Refer 1 March 2017 IAR
15 Recruitment and Terminations H Refer C1.4
16 Legislation/Regulation H
17 RMS H
18 Fire Safety Inspections H
Other
Training and Development
Audit Committee
Annual Planning and Reporting
Liaison
Reports previously issued.
PAGE 61
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part C. Details of the Internal Audit Activity undertaken in the period
Part C. provides details of the Audit Activity undertaken in the period from 1 March 2017 to 15 May 2017.
This part outlines the:
Internal audit engagements completed or in progress Outcomes of each internal audit engagement undertaken The scope and methodology applicable to each audit activity undertaken Remedial action taken or in progress
The following legend has been used to provide the Audit Committee with an overall opinion of each Audit Activity undertaken:
Audit Opinion
Opinion Rating Table
Excellent Effective control environment with the business area operating efficiently, effectively and economically
Satisfactory Effective control environment; reporting complies with legislation or outputs/KPI’s being achieved
Improvement Required
Improvement required to: the control environment; reporting (to ensure it complies with legislation) or processes need to be improved to ensure efficiency and effectiveness.
Unsatisfactory Control environment is not effective
C 1.1 Corruption Mitigation Strategy and processes (Audit item 3)
Objective, Scope and Methodology: As identified in the Councils fraud and corruption mitigation strategy, internal audit has:
Reviewed ICAC reports relevant to local government in the period to the date of the Audit Committee;
Followed up with Council management those recommendations made by the ICAC that relate to the activities that are undertaken by Council. This follow up is undertaken to ensure that Councils processes are corruption resistant;
Worked with management to implement or modify processes where relevant, to mitigate the corruption risk.
For the information of the Committee:
Since 2008 the ICAC has made 263 recommendations (similar recommendations counted as 1) that relate to activities undertaken by Council. Audit has followed up the recommendations made by the ICAC when the relevant reports have been published.
Council manages its corruption risks through its risk management system.
a) Investigations and public enquiries in progress
The ICAC’s ongoing investigations are as follows (Please note that the following extracts are copied directly from the ICAC website Link: http://www.icac.nsw.gov.au/investigations/current-investigations):
PAGE 62
AUDIT COMMITTEE MEETING 15 JUNE, 2017
2017
NSW Health and the Department of Family and Community Services - allegations concerning the former CEO of the Immigrant Women’s Health Service and the Non-English Speaking Housing Women’s Scheme Inc (Operation Tarlo)
The ICAC is investigating corruption allegations concerning Emman Sharobeem, the former CEO of the Immigrant Women’s Health Service(IWHS) and the Non-English Speaking Housing Women’s Scheme Inc (NESH).
The allegations include that Ms Sharobeem dishonestly exercised her official functions as IWHS CEO by: between 1 July 2009 and 17 February 2016, submitting invoices for reimbursement for goods and services to which she was not entitled and using an IWHS credit card to pay for personal expenses; between 2014 and 2015 submitting, and authorising payment by IWHS of, false invoices for facilitation fees and other services to herself and other persons to which they were not entitled; between 2011 and 2015, submitting, and authorising payment of, invoices by the IWHS for the renovation of her property in Fairfield; and between 2012 and 2014, falsifying IWHS statistics to NSW Health.
Ms Sharobeem is also alleged to have dishonestly exercised her official functions between 2006 and 2016 by claiming to be a psychologist holding two PhD degrees and a masters degree, and further using those qualifications to treat IWHS clients and gain promotion to the position of CEO of the IWHS and the NESH. As NESH CEO, Ms Sharobeem is alleged to have dishonestly exercised her official functions between 17 December 2013 and 23 November 2015 by authorising payments from NESH to be made to her own account, to which she was not entitled.
Between March 2011 and November 2016, Ms Sharobeem is also alleged to have fraudulently obtained and retained appointment as a Board member of the Community Relations Commission (now Multicultural NSW) and the Anti-Discrimination Board (now part of the Department of Justice) by using false academic qualifications.
The IWHS was a not-for-profit non-government organisation (NGO) women’s health service, primarily funded by NSW Health via South West Sydney Local Health District, while the NESH was a not-for-profit NGO contracted and funded by the Department of Family and Community Services to provide affordable housing to women and children. In her capacity as CEO, Ms Sharobeem was a public official for the purposes of the Independent Commission Against Corruption Act 1988.
2016
Western Sydney Regional Illegal Dumping Squad - allegations concerning former Western Sydney Regional Illegal Dumping Squad (RIDS) officer (Operation Scania)
The ICAC is investigating allegations that a former Western Sydney Regional Illegal Dumping Squad (RIDS) enforcement officer, Craig Izzard, exercised his public official functions partially and dishonestly by receiving corrupt payments to ignore illegal dumping in areas under his supervision, or to impede investigations by other Western Sydney RIDS officers.
City of Botany Bay Council – allegations concerning former chief financial officer (Operation Ricco)
The ICAC is investigating allegations that former City of Botany Bay Council chief financial officer Gary Goodman, and other Council employees, dishonestly exercised official functions to obtain financial benefits for themselves and others by causing fraudulent payments of more than $4.2 million to be made by the Council through false invoicing to either themselves, or various entities. The ICAC is also investigating allegations that Mr Goodman solicited and received payments as an inducement or reward for showing favourable treatment to contractors. It is also alleged that Mr Goodman and other Council employees dishonestly exercised official functions to obtain financial benefits for themselves and others by using Council resources.
PAGE 63
AUDIT COMMITTEE MEETING 15 JUNE, 2017
2014
NSW public officials and members of Parliament – allegations concerning corrupt conduct involving Australian Water Holdings Pty Ltd (Operation Credo)
The ICAC is investigating allegations that persons with an interest in Australian Water Holdings Pty Ltd (AWH) obtained a financial benefit through adversely affecting the official functions of Sydney Water Corporation (SWC) by: including expenses incurred in other business pursuits in claims made on SWC for work on the North West Growth Centre; drawing from funds allocated for other purposes; and preventing SWC from ascertaining the true financial position, including the level of the executives’ remuneration.
The Commission is also investigating whether public officials and others were involved in the falsification of a cabinet minute relating to a public private partnership proposal made by AWH intended to mislead the NSW Government Budget Cabinet Committee and obtain a benefit for AWH, and other related matters.
The Commission has been unable to progress the publication of the Operation Credo report owing to the criminal proceedings being conducted by the Director of Public Prosecutions against Mr Edward Obeid and Mr Moses Obeid. While those proceedings arise out of the Operation Jasper investigation, the Commission is of the view, in accordance with section 18 of the Independent Commission Against Corruption Act 1988, that the publication of the Operation Credo report during the currency of criminal proceedings may prejudice the right of the accused to a fair trial.
As there are common elements to this investigation and Operation Spicer, the evidence taken in each operation is taken as evidence in both operations.
For information about the Operation Spicer report, published on 30 August 2016, visit this page.
In both operations Credo and Spicer, the Commission also investigated the circumstances in which false allegations of corruption were made against senior SWC executives.
b) Investigation Reports issued:
The following is a link to the ICAC reports publically listed:
Link: http://www.icac.nsw.gov.au/investigations/past-investigations
In the period no new investigation reports were issued by the ICAC:
c) ICAC: Other relevant corruption prevention publications released
In March 2017 the ICAC released: Keeping it together systems and structures in organisational change.
The aim of this report is to alert public sector managers to the corruption pitfalls during and following organisational change and provide advice on minimising the corruption risks. It explores why and how large-scale organisational change initiatives create opportunities for corruption, with a specific focus on mergers and restructures and the operational factors that agencies should consider when undergoing large-scale change. The report presents case studies from relevant investigations conducted by the NSW Independent Commission Against Corruption. http://www.icac.nsw.gov.au/docman/preventing-corruption/cp-publications-guidelines/4965-keeping-it-together-systems-and-structures-in-organisational-change-14march17/file
PAGE 64
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Action taken: The report has been distributed to all relevant Managers for their information. Council’s practices are to be reviewed in line with the best practice outlined. d) Office of Local Government (OLG) Public Enquiries
The public enquiries that are being undertaken by the OLG are detailed at the following link: http://www.olg.nsw.gov.au/public-inquiries No public enquiries were undertaken by the OLG in the period. C 1.2 Risk Management
Audit Number
2
Background
The Council has had in place an enterprise risk management system for a number of years.
This system establishes a process for the management of risks faced by the Council. The aim of risk management is to maximise opportunities in all council objectives and activities and minimise adversity.
Legislative requirements and applicable standards include the Australian/New Zealand Standard (AS/NZS ISO 31000:2009) and the Local Government Act 1993.
Audit Objective
Assess Council’s risk management framework against the international risk management standard AS/NZS ISO 31000:2009 and against the risk management frameworks and approaches of other organisations of a similar size and nature to Council to ensure legislative compliance and best practice is in place.
Scope The review was conducted at February/March 2017.
Method An independent review was undertaken to comprehensively review the risk management framework in place. This included the:
a. Review of key documentation. b. Interviews with key staff c. Conduct of an on-line survey of Managers to gauge knowledge of, and
attitude towards, Council’s risk management framework d. Evaluation of the risk management framework against the following: AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines
(internationally accepted standard on risk management); Other risk management frameworks of organisations that are of a
similar size and nature to Council Findings A number of opportunities were identified to further evolve and improve the
risk management framework. The most significant of these include:
Ensuring there is a clear mandate and commitment from the elected Council and senior management for an enterprise wide approach to managing risk;
Ensuring consistency in the way the risk management process is documented;
Agreeing on the risk appetite of the organisation and aligning this to the risk assessment criteria;
Implementing regular performance measures and structured risk reporting to enable monitoring of the effectiveness of the risk management framework;
Ensuring clear accountability for managing risk; Continuing to ensure that risk owners receive appropriate training and
support to enable them to effectively manage their risks. An action plan has been developed to address the opportunities highlighted by
the review including: the development of a Risk Management Policy and
PAGE 65
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Agreed Management Action
Comprehensive Strategy; Training program; consistency in documentation; modification of reporting; reassessing the Councils Risk Appetite; and KPI’s. This plan will be implemented in the period to 31 December 2017.
Conclusion
For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified opportunities will ensure that the Councils processes reflect best practice:
Satisfactory Effective system is in place.
C 1.3 Fraud and Corruption Mitigation Strategy/associated processes
Audit Number
3
Background
Recent studies indicate that the incidence of fraud and corruption within Australia is increasing as is the average financial loss associated with this conduct. The impact on the Council (or any organisation) can be devastating and can affect not only those involved in the behaviour, but all staff working for that Council.
The eradication of fraud and corrupt behaviour would be the ideal, but experience shows that this is unrealistic as fraud and corruption can be perpetrated through every source imaginable: customers, suppliers, contractors, employees, managers, executives, councilors and boards. Therefore a minimisation approach has been adopted within Council.
To minimise the potential impact of Fraud and Corruption on the achievement of Councils objectives, an effective strategy should ensure that staff and other relevant parties are:
1) aware of what fraud and corruption is
2) aware of what the Councils values and requirements are, and their obligations as public sector employees;
3) can identify and report suspect activity appropriately and on a timely basis.
Where reported, the Council should have in place a process which allows the timely and appropriate investigation and action of an allegation.
It is also essential that the Council actively discourages fraudulent and corrupt behavior and has systems and processes in place that detect and mitigates potential risks on a timely basis.
Over previous periods, a number of activities have been undertaken to assess the Councils fraud and Corruption Mitigation strategies to ensure that they are effective. These Include:
Undertaking the Fraud Control health check – 2006 Development of Councils Fraud and corruption policy and plan – 2007 Fraud and Corruption Strategy Survey – 2009 Councils Fraud and Corruption Mitigation Strategy Survey – 2012 Review of Councils Fraud and Corruption Strategy in comparison to
best practice – 2015
PAGE 66
AUDIT COMMITTEE MEETING 15 JUNE, 2017
In 2015 the Audit Office released its guidance: Fraud Control Improvement Kit (Managing your fraud control obligations). This document provides guidance and practical advice to help organisations implement and effective fraud control framework. It highlights what should be present within an organisation to make fraud control work and aligns with the Standards Australia Fraud and Corruption Control Standard AS8001-2008. Audit used this guidance to assess the effectiveness of Councils current mitigation practices.
Link: http://www.audit.nsw.gov.au/ArticleDocuments/197/D1506583%20%20FINAL%20Fraud_Control_Improvement_Kit_February_2015%20whole%20kit.pdf-updated%20August2015.pdf.aspx?Embed=Y
Objective
The primary objectives of this review were:
a) to ensure that the Council has an effective fraud control framework and that the framework reflects best practices (Audit Office guidelines and Standards Australia Fraud and Corruption Control standard AS8001-2008).
b) to provide Management with recommendations to strengthen the internal control environment and the efficiency and effectiveness of associated operational practices; and
c) to provide an independent opinion to Council’s General Manager, the Executive and the Audit and Risk Committee on the level of reliance that can be placed on existing internal controls with notification of further actions for improvement, as agreed by Management.
Method Using the Audit Office Fraud Control Improvement kit:
- Assess the Councils fraud control framework by completing the Fraud Control Checklist
- Undertake a high level risk assessment - Undertake the Fraud Health Check - Where identified undertake fraud Improvement workshops.
Scope Undertake the review at March 2017.
Findings Assessment of the Councils fraud control framework by completion of the Fraud Control Checklist:
The fraud control checklist consists of 38 questions covering the topic areas of Leadership; Ethical framework; responsibility structures; fraud control policy; prevention systems; fraud awareness; third party management systems; notification systems; detection systems; and investigations systems. Although current practices are satisfactory, it was identified that improvements in 16 areas would result in the Council reflecting best practice. Action items have been identified and included in an action plan to be implemented over the next 6 months.
High Level Risk Assessment:
Currently Councils high level fraud and corruption risks have been identified and are managed through the Councils Risk Management Module. 27 corruption and fraud risks are currently managed through this system. The guidance identifies further potential risks that could be managed through the Risk Management Module. To accommodate these potential risks (and ensure completeness of the system) the Risk management module is currently being modified.
Fraud Control Health check:
As identified in the Audit Office guidance a survey was undertaken in the period 20/3/2017 to 28/3/2017 to determine if staff have the essential skills to ensure that the Councils strategy is effective and to obtain their perception concerning the processes and systems currently in place within Council. The parameters of the survey were:
PAGE 67
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Participants: All Council staff that had an email account was invited to participate. It is estimated that the applicable population was 500. It is noted that all outdoor staff may not have access to an email account.
Structure: The survey consisted of 10 questions as recommended by the Audit Office in their February 2015 report: Fraud Control Improvement Kit – Managing your fraud control obligations
Demographics: All Council staff (both indoor and outdoor that have access to an email account).
Response Rate: 150 (2012: 147) surveys were completed. This represents a response rate of 30% (2012:27%). This represents a significant response rate; the responses therefore represent a valid sample.
Survey monkey was used allowing an audit trail to exist. The results of the survey were placed into the Fraud control Health Check Worksheet (provided as part of the Fraud Control Improvement Kit). The results achieved were as follows:
Fraud Control Attribute OVERALL RESULTS FOR THE ORGANISATION
1. Leadership
2. Ethical framework
3. Responsibility structures
4. Fraud control policy
5. Prevention systems
6. Fraud awareness
7. Third party management systems
8. Notification systems
9. Detection systems
10. Investigation systems
Overall Business Unit Results
Where the Kit identifies that (legend):
Good Performance
Although assessed as ‘good performance’, one area of improvement was identified:
‘The functions of my work area are regularly assessed to identify and address fraud risks we face’.
Agreed Management Action
An action plan has been developed to address the opportunities identified to ensure that the Councils practices remain effective. Overall 23 action items were identified to be implemented in 2017. To date 5 have been addressed. The balance is to be implemented over the next 6 months.
PAGE 68
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Conclusion
For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified opportunities will ensure that the Councils processes reflect best practice:
Satisfactory Effective system is in place.
C1.4 Information Technology/Systems
Audit Number
9
Background
In 2016 a 4 year IT audit program was developed to address the high risk IT activities. Time to undertake the IT audit program is included in the adopted Internal Audit Strategic Plan.
Audit Objective
To review the effectiveness of key existing controls with respect to fraud risks associated with Information systems.
Scope The review was conducted at February/March 2017.
Method With respect to the 5 identified fraud risks associated with IT (identified in best practice documentation from the Audit Office and the ICAC), review the controls currently in place with Council and determine if they are effective.
Type of Fraud Risk Expected Existing Controls
8. Information Systems
Fraud resulting from a loss of data following disaster or accident, for example, theft of assets not recorded
Business continuity plan that is regularly reviewed
Saving working papers/documents in document management system or network drives that are regularly backed up Regular back up and offsite storage of data
Staff made aware of information security policy and available on intranet
Unauthorised staff accessing systems
Appropriate level of computer access provided to staff Staff reminded of responsibilities, for example, not to share passwords
Automatic log out of computers when extended period away from computer
System controls and checks
Unauthorised release of user name and/or password
Appropriate level of computer access provided to staff Staff reminded of responsibilities, for example, not to share passwords
Misrepresentation of the office by expressing personal views
Policy on communication devices is signed by all employees
PAGE 69
AUDIT COMMITTEE MEETING 15 JUNE, 2017
on office email, intranet or internet
Code of conduct signed by all employees and available on the intranet
Disclaimers on all office emails
Installation of illegal software on office computers and laptops
Policy on communication devices is signed by all employees
Appropriate level of computer access provided to staff
Findings 6 areas were identified where improvements could be made to decrease the potential for IT fraud risks. These include: password control; corporate documents in Councils corporate system; appropriate Level of staff access in Councils corporate systems; automatic logout of Councils systems; and staff awareness of IT security policy. With respect to the appropriate level of staff access, a comprehensive review of Councils 2 major corporate systems has been undertaken and appropriate adjustments to access made. The final system will be reviewed by 6/6/2017.
Agreed Management Action
The results of the review were discussed with the relevant manager. 2 areas for improvement have been addressed. Agreed timelines for implementation are in place for the remaining 4.
Conclusion
For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified improvements will mitigate the identified IT fraud risk:
Satisfactory Control system is in place.
C1.5 Recruitment and Terminations
Audit Number
26
Background
Recruitment has been identified as a high risk in both the Councils Risk Management System (R000133) and by the ICAC. As identified by the ICAC: ‘if recruitment selection processes are questionable or corrupt, then agencies are unlikely to be able to recruit or keep people who will improve the ethical climate of the agency’. It is essential that favouritism, nepotism, and other conflicts of interest do not influence recruitment and selection processes. Improperly conducting recruitment and selection can constitute corrupt conduct as defined by the Independent Commission Against Corruption Act 1988. Corruption-free recruitment and selection helps to "set the tone" for the whole agency (https://icac.nsw.gov.au/preventing-corruption/knowing-your-risks/recruitment-and-selection/4303 ) The Local Government Act (S348-354A) outlines the provisions concerning staff. With respect to recruitment the Act requires (in particular):
PAGE 70
AUDIT COMMITTEE MEETING 15 JUNE, 2017
348 Advertising of staff positions (1) When it is proposed to make an appointment to a position within the
organisation structure of the council, the position must be advertised in a manner sufficient to enable suitably qualified persons to apply for the position….
(3) This section does not apply to: (a) the re-appointment, under a new contract, of a senior staff member, or (b) the appointment of an employee if the term of employment is for:
(i) not more than 12 months, or (ii) two or more periods that together are not more than 12 months in any period of 2 years.
349 Appointments to be on merit (1) When the decision is being made to appoint a person to a position:
(a) only a person who has applied for appointment to the position may be selected, and
(b) from among the applicants eligible for appointment, the applicant who has the greatest merit is to be selected.
(2) The merit of the persons eligible for appointment to a position is to be determined according to:
(a) the nature of the duties of the position, and (b) the abilities, qualifications, experience and standard of work performance
of those persons relevant to those duties. These principles are consistent with the NSW Public Sector Workforce Office that advises ‘that merit selection is designed to ensure that positions are filled on the basis of merit is fundamental to the recruitment and selection of employees in the public sector. To ensure that the best person is selected, public sector agencies need accurate information about the skills, training and qualifications of applicants’.
Objective
Ensure that Councils recruitment and termination practices are efficient, mitigate Councils fraud and corruption risk, satisfy Councils legislative requirements and reflect best practice.
Scope Audit reviewed Councils recruitment and termination practices for the period from 7 October 2016 to 30 March 2017.
During the period reviewed, HR managed: - 55 recruitment and 63 termination activities.
Audit undertakes the review of these activities on a biannual basis
Method Using random and selective sampling, Audit reviewed: Relevant recruitment/termination policies and procedures Advertising Selection and shortlisting of candidates Conflict of interest processes Supporting documentation including qualifications/checks Delegations Temporary appointments Rates of pay Induction and probationary processes
Findings Overall Council’s procedures reflected the requirements of the Local Government Act 1993. Only minor exceptions were noted with respect to the implementation of these procedures. Exceptions to Councils adopted recruitment procedure included:
PAGE 71
AUDIT COMMITTEE MEETING 15 JUNE, 2017
- Procedures concerning advertising for ‘Internal Applicants only’ were not always followed.
- The General Manager was not always informed when only 1 internal staff member applied for a position advertised for ‘internal applicants only’
- Instances were noted where the Councils HR files did not have all the required recruitment information attached to it at the time of Audit. In these cases, once notified, the HR files were updated.
- Recruitment panels concerning HR positions did not include an independent member.
Conclusion: Although the above exceptions were noted to the Councils adopted procedures, Overall council’s recruitment processes appear effective, addressing the Councils legislative, fraud and corruption mitigation risk.
Conclusion For the information of the Audit Committee, the results of the audit activity were considered as satisfactory:
Satisfactory Effective control environment
PAGE 72
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part D: Details of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations
Internal Audit monitors all the recommendations raised and agreed with management to ensure that they are implemented within agreed timeframes.
The Audit recommendations outstanding (including Management Comments) at 15 May 2017 are listed at Attachment 3.
D.1 Status of Recommendations
The following is a summary of the status of Internal Audit Reports issued.
It should be noted that although the following audit reports may be listed as ‘finalised’ the area/audit item will still be the subject of future audits.
D1.1 Reports issued to 15 May 2017, where recommendations are still to be implemented:
Reports Year Report Issued Expected Closure Timeframe
Risk Management 2017 30/12/2017
Governance Health Check 2017 30/12/2017
Fraud and Corruption Mitigation Strategy
2017 30/12/2017
Information Technology/Systems
2017 30/6/2017
Policies and Procedures 2016 31/11/2017
Property Management 2016 30/6/2017
Revenue (review of Key Controls)
2016 30/6/2017
Fines/penalties with respect to Councils Fleet
2017 30/6/2017
D1.2 Reports issued where recommendations have been implemented in the period to 15 May 2017
The following lists the audits where all agreed recommendations have been addressed in the time period.
Reports Year Report Issued Closure Timeframe
Cash and Cash Related activities
2016 30/3/2017
Payroll 2016 30/3/2017
Recruitment and Terminations
2016 30/3/2017
PAGE 73
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Part E Internal Audit Key Performance Measures
The following indicators have been developed to measure the performance of Internal Audit and the Audit Committee:
E.1 Service Delivery Benchmarks.
6 or 33% of the audits listed in the Strategic Internal Audit Plan for the period
from 1 January 2017 to 31 December 2017 have been ‘completed’ to date (refer
Part B, Table 1 and Chart 1).
Number of findings implemented to date as a % of items raised in the Audit reports. As discussed at Part D and Attachment 3. Of the 1044 Audit recommendations agreed with Management, 98% (or 1028) have been implemented. Timeframes for the remaining outstanding recommendations are currently being followed up. These outstanding recommendations are detailed at Attachment 3.
On average the number of days between the end of fieldwork to the issue of the final audit reports is approximately 10 working days (Prior report: 10 days). This time includes the drafting of the audit report/finalisation of report; discussion of audit findings; and agreement of management action.
E.2 Cost Control benchmarks
The actual costs of the Internal Audit function to date have been made up of the salary and on costs of the Internal Auditor and the Risk Coordinator. In the period to 15 May 2017, the budget of the Internal Audit function was not exceeded.
The number of direct days spent on internal auditing (excluding hours spent on professional development and training) is 96% of the total days available. 260 days per year have been budgeted in the Internal Audit Strategic Plan.
E.3 Key Information to be reported in the Annual Community Report Concerning the Audit Committee
In the period from 1/7/2016 (Financial Year) to date the Audit Committee has met twice. The meeting times were:
16 August 2016;
12 December 2016
16 March 2017 (Cancelled)
The Audit Committee membership and the number of meetings attended in in the period was as follows (in alphabetical order):
Mr M. Blair: 2
Mr T Bland: 2
Mayor: 2
Clr A. J. Hay OAM: 0
Clr Dr J. N. Lowe: 0
Adjunct Professor Jim Taggart OAM: 2
Clr M. G. Thomas: 2
PAGE 74
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Attachment 1
Background to the: Internal Audit Function; the Audit Committee; and the audit reporting practices at The Hills Shire Council.
Background
1. Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.
Internal audit’s role is primarily one of providing independent assurance over the internal controls and risk management framework of the council. It should be noted that Management has primary day-to-day responsibility for the design, implementation, and operation of internal controls.
Within THSC the functions, powers, and accountabilities of Internal Audit are set out in the Internal Audit Charter which has been adopted by Council. Internal audit’s core competencies are in the area of internal control, risk and governance. Internal audit’s scope includes the following areas:
Reliability and integrity of financial and operational information Effectiveness and efficiency of operations and resource usage Safeguarding of assets Compliance with laws, regulations, policies, procedures and contracts Adequacy and effectiveness of the risk management framework. The Internal Audit function was created in June 2005. Within Local Government, where in place, the Internal Audit unit is typically made up of 1 or 2 staff members. Within THSC the Internal Audit Unit consists of the Internal Auditor. Projects can be undertaken with the assistance of the Risk Management Coordinator or specialists where required.
2. The Audit Committee plays a pivotal role in the Councils governance framework. It provides council with independent oversight and monitoring of the council’s audit processes, including the council’s internal controls activities. This oversight includes internal and external reporting, internal and external audit, and compliance. Given the key role of the Audit Committee, for it to be most effective it is important that it is properly constituted of appropriately qualified independent members.
The Audit Committee within THSC has been in operation since 2004. Councils Audit Committee is unique in Local Government in that the Committee meets in the public forum (times and dates of meetings are advertised on the Councils webpage) and currently has 3 independent community representatives on the Committee to ensure that there is transparency in Councils processes and the Council remains accountable to the community.
The current members of the Audit Committee are: The Mayor, Clr AJ Hay (OAM), Clr Dr JN Lowe, Clr MG Thomas, Mr Michael Blair, Mr Trevor Bland and Adjunct Professor Jim Taggart (OAM). At the beginning of each Council term the Council undertakes an EOI to obtain interests from suitably qualified community members to be part of the Audit
PAGE 75
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Committee. The functions, powers and accountabilities of the Audit Committee are outlined in the Audit Committee Charter that has been adopted by Council.
3. Legislative Change
In June 2016 the Local Government Amendment (Governance and Planning) Bill 2016 was drafted to amend the Local Government Act 1993 (the Principal Act). In August 2016 the Bill passed through both Houses of the NSW Parliament. S428A of the Bill mandates that Councils put in place an Audit, Risk and Improvement Committee and outlines (in broad terms) what the role of the Committee will be. It is intended that s428A will be supported by a regulatory framework that is likely to comprise of prescription by regulation and operational guidance through guidelines. These guidelines will replace the Internal Audit Guidelines released by the OLG in 2010. Legislatively Councils have until 6 months after the next Council election and after the legislation has ‘commenced’ to implement S428A of the Bill. To date this has not occurred. This provides time for the OLG to consult and draft the necessary guidance and regulations, and Council to implement the required changes.
4. Best Practice
In 2010 the DLG released the Internal Audit Guidelines (http://www.dlg.nsw.gov.au/dlg/dlghome/documents/Information/Internal%20Audit%20Guidelines%20-%20September%202010.pdf. This guideline (the guideline) identifies best practice in local government with respect to Internal Audit and the Audit Committee. As outlined in the introduction, the guidelines were developed to encourage the creation of Internal Audit and Audit Committees in those Councils that did not have the function and to outline how the function should be developed (note: that at the time of the guideline release only approximately 20% of Councils had an Internal Audit function). At 2016 approximately 60% of Councils had in place an Audit Committee. As identified at 3. This guideline is currently being reviewed. It is expected that this will be updated in the next 6 months.
5. The Strategic Audit Plan
As identified at 3.5 of the DLG Internal Audit Guideline, the Internal Audit function within THSC has a strategic plan in place which is supported by annual plans.
The Strategic plan is based on a risk assessment of the council’s key strategic and operational areas to determine the appropriate timing and frequency of coverage of each of these areas. The plan includes audit judgment of areas that will also be reviewed despite not appearing as a high priority in the council’s risk profile. The plan is developed on a rolling cycle to reflect the terms of Council. The plan is also reviewed annually to ensure that it still aligns with the council’s risk profile. The 4 year Strategic Plan (2017 – 2020) was adopted by the Audit Committee on 12 December 2016. The audit plan covers the period from 1 January 2017 to 31 December 2020 to allow the plan to align with the term of Council.
PAGE 76
AUDIT COMMITTEE MEETING 15 JUNE, 2017
6. Reporting
Internal audit regularly communicates its findings and recommendations to the Audit Committee, General Manager and management of the areas audited through the Internal Audit Report.
The Internal Audit report normally includes background information, the audit objectives and scope, observations/findings/conclusions, key recommendations/ agreed management actions. The format of the report has been modified to satisfy the requirements of the Audit Committee and to reflect the guidelines.
Detailed audit working papers are not distributed to the Audit Committee as they are intended for internal use only. Where audit working papers have findings that are useful to other areas of council, internal audit will share this information on a limited basis. Internal audit working papers are shared with the council's external auditor, where requested, to assist them in the course of their work. Councillors and the community have access to the minutes of the Audit Committee (and the Internal Audit Report) as these are published on the Councils web page. The Internal Audit Report (and Audit Committee papers) is also referred to the Council for adoption to provide greater transparency and accountability.
PAGE 77
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Attachment 2
THSC Risk Matrix
The Councils Risk Matrix (below) reflects the requirements of ASNZS ISO 31000 and has been developed in accordance with this standard.
Risk Matrix Table
Consequence Rating
A B C D E
Lik
eli
ho
od
Ra
tin
g
5 M H H E E
4 L M H H E
3 L M M H H
2 L L M M H
1 L L L M H
L = Low Risk M = Moderate Risk H = High Risk E = Extreme Risk
(Severe/Very High)
Consequence Definition Risk Factors Likelihood
Definition Financial
Reputation Business
Operations Work Health Safety Environment
Project Management
A Insignificant The event is of low consequence
1 Financial loss – Small increase in costs not in line with budget $500 or less
1 Unsubstantiated, low profile media exposure OR no media attention
1 No disruption to services or operations
1 Single minor injury to one person – no lost time OR Insignificant environment issues
1 Project close to time, budget and quality
1 Rare The event is only expected to occur in exceptional circumstances
B Minor The event may threaten a part of the organisation
2 Financial loss – Minor financial impact $501 to $10k
2 Substantiated, low impact, low media profile (not front page news)
2 Minor disruption to services or operations up to one day
2 Medically treated injury to one person, less than 5 days lost time OR Minor environment issues
2 Project has minor issue with time, budget or quality
2 Unlikely The event is not likely to occur
C Moderate The event may threaten many parts of the organisation
3 Financial loss – > $10k to $50k
3 Substantiated, public embarrassment, moderate media profile (front page, one day)
3 Some cessation to services and operations up to several days
3 Minor or medically treated Injury to several people, less than 10 days lost time OR Some environment issues
3 Project has issues with time, budget or quality
3 Possible The event may occur
D Significant The event may threaten achievement of business objectives
4 Financial loss – $50k to $200k
4 Substantiated, public embarrassment, high impact, major media attention (national for 1 week or more)
4 Total cessation to services and operations up to one week
4 Single death, or long term disabling injuries to one or more people OR Substantial environment issues
4 Project has substantial issues with time, budget or quality
4 Likely The event is likely to occur
E Severe The event may stop achievement of business objectives
5 Financial loss – > $200k
5 Substantiated, public embarrassment, multiple impacts, long lasting widespread media coverage, prosecution of Council or Officers
5 Total cessation to services and operations greater than one week
5 Multiple losses of life or permanent disability, plus extensive injuries to several people OR Severe environment issues
5 Large project has severe issues with time, budget or quality
5 Almost certain The event is already occurring or is expected to occur
PAGE 78
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Att
ach
men
t 3
List
an
d S
tatu
s of
Ou
tsta
nd
ing
Au
dit
Rec
omm
end
atio
ns
agre
ed w
ith
Man
agem
ent
at 1
5 M
ay 2
01
7:
Rat
ing
s fo
r A
ud
it R
eco
mm
end
atio
ns
Ver
y H
igh
Ris
k (E
xtre
me)
Com
plet
e re
med
ial a
ctio
n w
ithin
2 w
eeks
or
earlie
r as
req
uire
d.
Hig
h Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
1 c
alen
dar
mon
ths
or a
s ag
reed
Mod
erat
e Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
3 c
alen
dar
mon
ths
or a
s ag
reed
Low
Ris
k
Com
plet
e re
med
ial a
ctio
n w
ithin
4 c
alen
dar
mon
ths
or a
s ag
reed
Rec
onci
liati
on o
f O
uts
tan
din
g A
ud
it R
ecom
men
dat
ion
s at
15
May
20
17
Dat
e o
f In
tern
al
Au
dit
Rep
ort
T
ota
l R
eco
mm
end
atio
ns
rais
ed b
y A
ud
it s
ince
20
05
(B
rou
gh
t Fo
rwar
d)
Rec
om
men
dat
ion
s R
aise
d
in t
he
per
iod
To
tal
To
tal
Rec
om
men
dat
ion
s im
ple
men
ted
b
y M
anag
emen
t s
ince
20
05
(B
rou
gh
t Fo
rwar
d)
Rec
om
men
dat
ion
s Im
ple
men
ted
in
th
e p
erio
d
Tota
l
Bal
ance
O
uts
tan
din
g
-b
ein
g
mo
nit
ore
d
by
Inte
rnal
Au
dit
30 J
une
2014
92
0
90
4 16
30 S
epte
mbe
r 20
14
920
11
931
904
18
922
9
31 M
arch
201
5 93
1 26
95
7 92
2 20
94
2 15
15 M
ay 2
015
957
10
967
942
13
955
12
30 J
une
2015
96
7 11
97
8 95
5 6
961
17
1 N
ovem
ber
2015
97
8 10
98
8 96
1 6
967
21
1 M
arch
201
6 98
8 5
993
967
18
985
8
1 M
ay 2
016
993
13
1006
98
5 1
986
20
30 J
une
2016
10
06
3 10
09
986
8 99
4 15
15 N
ovem
ber
2016
10
09
11
1020
99
4 12
10
06
14
1 M
arch
201
7 10
20
16
1036
10
06
15
1021
15
15 M
ay 2
017
1036
8
1044
10
21
7 10
28
16
PAGE 79
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
C
ash
an
d c
ash
rel
ated
act
ivit
ies
1
Sta
ff w
ho a
re i
ssue
d w
ith t
he
proc
urem
ent
card
be
ad
vise
d of
the
req
uire
men
ts o
f us
e; t
he
proc
edur
e m
ay n
eed
upda
ting
to r
efle
ct t
he u
se o
f th
e ca
rd.
Sta
ffs
are
awar
e of
the
lim
itatio
ns i
n ha
ving
a p
rocu
rem
ent
card
. Cou
ncil’
s go
vern
ance
req
uire
men
ts a
re in
pla
ce.
M
Sta
ff t
o si
gn o
ff o
n th
e co
nditi
ons
of
use
of
proc
urem
ents
ca
rds
whe
n th
e ca
rds
are
issu
ed.
Cre
dit
card
st
atem
ents
ar
e re
view
ed b
y Fi
nanc
e on
ce r
ecei
ved
to e
nsur
e th
at p
urch
asin
g is
in
line
with
th
e Cou
ncils
pu
rcha
sing
gu
idel
ines
. W
here
ex
cept
ions
ar
e no
ted
thes
e st
atem
ents
(a
nd
supp
ortin
g do
cum
ents
) sh
ould
be
re
ferr
ed
to
the
card
ho
lder
s m
anag
er
for
revi
ew a
nd a
ppro
val.
Man
ager
Fi
nanc
e
May
201
7 In
pr
ogre
ss.
All
card
hold
ers
are
still
to
sig
n th
e up
date
d pr
oced
ure.
Fina
nce
to
impl
emen
t pr
oces
s co
ncer
ning
cr
edit
card
sta
tem
ents
P
olic
ies
and
Pro
ced
ure
s
2
Cou
ncil’
s po
licy
docu
men
tatio
n ha
s no
t be
en
upda
ted
and
form
ally
ap
prov
ed
on
a pe
riod
ic b
asis
.
Polic
y do
cum
enta
tion
may
no
t be
cu
rren
t or
app
ropr
iate
ly a
ppro
ved
M
Polic
y do
cum
enta
tion
be
upda
ted
and
form
ally
ap
prov
ed.
Coo
rdin
ator
–
Exec
utiv
e Ser
vice
s
Nov
embe
r 20
17
In p
rogr
ess
3
Cou
ncil
staf
f do
no
t re
ceiv
e fo
rmal
tra
inin
g co
ncer
ning
the
im
plem
enta
tion
of
Cou
ncils
po
licie
s an
d pr
oced
ural
re
quirem
ents
Polic
y an
d pr
oced
ural
re
quirem
ents
m
ay n
ot b
e im
plem
ente
d re
sulti
ng i
n no
n-co
mpl
ianc
e.
M
The
indu
ctio
n pr
oces
s be
m
odifi
ed t
o en
sure
tha
t ne
w
staf
f re
ceiv
e tr
aini
ng
conc
erni
ng
the
polic
ies
and
proc
edur
es
rele
vant
to
th
eir
resp
onsi
bilit
ies.
Man
ager
- H
R
June
201
7
In p
rogr
ess
PAGE 80
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
P
rop
erty
Man
agem
ent
4
The
revi
ew o
f th
e m
anag
emen
t of
th
e co
nditi
ons
of
the
licen
ces/
leas
es
has
iden
tifie
d th
at a
fur
ther
aud
it/fo
llow
up
is
requ
ired
to
ensu
re t
hat
utili
ty
cost
s ar
e be
ing
pass
ed
onto
le
ssee
s w
here
req
uire
d.
Util
ity
cost
s m
ay
not
be
reco
vere
d w
here
app
licab
le
L
Aud
it fo
llow
up
w
ith
Fina
nce
the
proc
ess
in
plac
e to
en
sure
th
at
Util
ity
cost
s ar
e be
ing
reco
vere
d.
Inte
rnal
Aud
it/M
anag
er
Fina
nce
June
201
7
Rev
iew
be
ing
final
ised
.
P
ayro
ll
5
Out
door
st
aff
usin
g m
yflo
so
ftw
are
to
proc
ess
thei
r tim
eshe
ets
do n
ot n
eces
sarily
ha
ve
uniq
ue
sign
on
pa
ssw
ords
.
Tim
eshe
et d
ata
can
be c
hang
ed a
nd
staf
f ca
nnot
ne
cess
arily
be
he
ld
resp
onsi
ble
for
the
info
rmat
ion
ente
red
M
Out
door
sta
ff b
e is
sued
w
ith u
niqu
e pa
ssw
ords
.
Man
ager
IT
Mar
ch 2
017
R
even
ue
(Rev
iew
of
Key
Con
trol
s)
6
The
allo
catio
n of
dut
ies
with
in
the
Fina
nce
Team
is
no
t pr
ovid
ing
the
inde
pend
ent
revi
ew r
equi
red
to e
nsur
e th
at
ther
e is
a
segr
egat
ion
of
dutie
s.
Seg
rega
tion
of d
utie
s no
t in
pla
ce
M
Whe
re
appr
opriat
e,
oper
atio
nal
resp
onsi
bilit
ies
be
allo
cate
d to
the
cor
rect
po
sitio
ns.
Man
ager
Fi
nanc
e
June
201
7
7
Com
plet
e pr
oced
ural
do
cum
enta
tion
is n
ot i
n pl
ace
to
ensu
re
that
pr
oces
ses
are
cons
iste
ntly
ap
plie
d by
th
e Fi
nanc
e Te
am
Proc
esse
s m
ay b
e no
t be
con
sist
ently
im
plem
ente
d ac
ross
th
e Fi
nanc
e Te
am.
Unn
eces
sary
rel
ianc
e pl
aced
on
the
Fina
ncia
l Acc
ount
ant
to d
irec
t st
aff
belo
w h
er.
M
Proc
edur
al
docu
men
tatio
n to
be
cr
eate
d an
d m
ade
avai
labl
e to
sta
ff w
ithin
th
e Fi
nanc
e Te
am
Man
ager
Fi
nanc
e
Mar
ch 2
017
PAGE 81
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
G
over
nan
ce H
ealt
h C
hec
k
8
An
actio
n pl
an
has
been
de
velo
ped
to en
sure
th
at th
e Cou
ncils
Gov
erna
nce
Proc
esse
s re
flect
bes
t pr
actic
e.
A k
ey a
ctio
n to
be
unde
rtak
en
is t
o en
sure
the
coo
rdin
atio
n of
co
mm
unic
atio
ns
conc
erni
ng
Cou
ncils
go
vern
ance
re
quirem
ents
be
twee
n st
aff
and
coun
cillo
rs
and
othe
r re
leva
nt p
artie
s.
Cou
ncil’
s go
vern
ance
pr
oces
ses
may
no
t be
con
sist
ently
app
lied.
M
Act
ion
Plan
be
im
plem
ente
d
Rel
evan
t M
anag
er
iden
tifie
d in
th
e Act
ion
Plan
Dec
embe
r 20
17
R
ecru
itm
ent
and
Ter
min
atio
ns
9
Use
of
agen
cy s
taff
Cur
rent
ly
staf
f co
ntra
cted
th
roug
h an
em
ploy
men
t ag
ency
do
no
t ha
ve
a pe
rson
nel
file
with
in
Cou
ncil.
Alth
ough
it
has
been
ind
icat
ed
that
ap
prop
riat
e ch
ecks
(i
nclu
ding
w
orki
ng
with
ch
ildre
n ch
ecks
, ar
e pe
rfor
med
an
d in
duct
ions
et
c.
unde
rtak
en,
evid
ence
cou
ld n
ot
be s
ight
ed.
Cou
ncil’
s re
cord
s ar
e no
t co
mpl
ete
or
effe
ctiv
e.
M
HR inv
estig
ates
met
hods
to
en
sure
th
e ef
fect
ive
man
agem
ent
of r
ecor
ds
with
res
pect
to
‘age
ncy
staf
f’ w
ithin
Cou
ncils
sy
stem
s.
Man
ager
-
WSABI
Mar
ch 2
017
Impl
emen
ted
10
Impl
emen
tatio
n of
2.5
Cas
ual,
Tem
pora
ry
and
agen
cy
staf
f gu
idel
ine
It a
ppea
rs t
hat
Man
ager
s ha
ve
empl
oyed
so
me
agen
cy
staf
f di
rect
ly
bypa
ssin
g H
R
in
cont
rave
ntio
n to
thi
s gu
idel
ine.
Cou
ncils
pro
cedu
ral r
equi
rem
ents
may
no
t be
in p
lace
M
H
R
ensu
res
that
al
l Cou
ncil
staf
f is
aw
are
of
the
requ
irem
ents
of
this
pr
oced
ure
and
that
th
e pr
oced
ure
is
impl
emen
ted.
Man
ager
-
WSABI
Mar
ch 2
017
Proc
edur
e di
stribu
ted
by H
R.
PAGE 82
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
11
Rol
e Sta
tem
ents
Fr
om t
he t
estin
g pe
rfor
med
on
10%
(1
3)
of
new
re
crui
ts,
it w
as
note
d th
at
in
som
e in
stan
ces
role
sta
tem
ents
wer
e no
t in
pla
ce.
Sta
ff
are
empl
oyed
w
ithou
t a
clea
r un
ders
tand
ing
of
thei
r ro
les
and
resp
onsi
bilit
ies.
M
Rol
e st
atem
ents
sh
ould
be
in
pl
ace
for
each
po
sitio
n in
Cou
ncil.
Man
ager
-
WSABI
Aug
ust
2017
Fi
nes
/P
enal
ties
(C
ou
nci
ls F
leet
)
12
Cou
ncil’
s pr
oces
ses
did
not
ensu
re
the
timel
y pr
oces
sing
an
d pa
ymen
t of
SD
RO
fin
es.
Dem
erit
poin
ts n
ot c
orre
ctly
app
lied.
In
flate
d fin
es/p
enal
ties
incu
rred
by
Cou
ncil.
M
Rev
ised
pr
oced
ures
be
im
plem
ente
d
Plac
e M
anag
er
–Wes
t W
ard
M
ay 2
017
13
The
Cou
ncils
fac
ilitie
s po
licy
is
not
clea
r w
ith re
spec
t to
th
e re
spon
sibi
lity
of
Cou
ncill
ors
with
res
pect
to
fines
/pen
altie
s in
curr
ed
whe
n us
ing
Cou
ncils
fle
et (
Cou
ncill
ors
car)
.
Alth
ough
ass
umed
tha
t fin
es/p
enal
ties
are
paid
whe
re i
ncur
red,
thi
s is
not
cl
ear
in t
he f
acili
ties
polic
y.
M
Con
side
ratio
n is
giv
en t
o cl
arify
ing
resp
onsi
bilit
y fo
r fin
es/p
enal
ties
etc.
in
curr
ed
by
the
Cou
ncill
ors/
May
or i
n th
e fa
cilit
ies
polic
y.
Sen
ior
Coo
rdin
ator
- G
over
nanc
e Ser
vice
s
Nov
embe
r 20
17
14
Fine
s in
curr
ed w
ith r
espe
ct t
o th
e M
ayor
s ca
r ar
e no
t pr
oces
sed
in
the
sam
e w
ay
that
fin
es i
ncur
red
by C
ounc
il st
aff
are
proc
esse
d
Dem
erit
poin
ts m
ay n
ot b
e ap
plie
d/
exce
ss f
ines
and
pen
altie
s in
curr
ed b
y Cou
ncil.
M
The
deta
ils o
f th
e M
ayor
ar
e pr
ovid
ed
to
the
Plac
e M
anag
er
–Wes
t W
ard
to
ensu
re
the
timel
y no
tific
atio
n to
the
SD
RO
of
fin
e in
form
atio
n.
It
is
the
resp
onsi
bilit
y of
th
e M
ayor
s/Cou
ncill
ors
PA t
o no
tify
the
Plac
e M
anag
er
– W
est
war
d of
th
ese
deta
ils s
houl
d th
e M
ayor
ch
ange
.
Plac
e M
anag
er
– W
est
War
d;
PA
to
May
or/C
ounc
illo
rs
May
201
7
PAGE 83
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
15
Log
book
s co
ncer
ning
th
e Cou
ncill
ors
Car
are
inco
mpl
ete.
Cou
ncil
may
not
be
able
to
iden
tify
who
ha
s in
curr
ed
a fin
e w
hen
the
Cou
ncill
ors
car
is
used
re
sulti
ng
in
pena
lties
bei
ng in
curr
ed b
y Cou
ncil
M
Log
book
s be
m
aint
aine
d an
d co
mpl
eted
.
Plac
e M
anag
er
– W
est
War
d
May
201
7
R
isk
Man
agem
ent
16
Opp
ortu
nitie
s av
aila
ble
to
ensu
re t
hat
the
Cou
ncils
Ris
k M
anag
emen
t Sys
tem
re
flect
s be
st p
ract
ice
Ris
k M
anag
emen
t sy
stem
may
not
be
effe
ctiv
e.
M
Act
ion
Plan
be
im
plem
ente
d
Ris
k M
anag
emen
t Co-
Ord
inat
or
Dec
embe
r 20
17
Fr
aud
an
d C
orru
pti
on
Mit
igat
ion
Str
ateg
y
17
Opp
ortu
nitie
s av
aila
ble
to
ensu
re t
hat
the
Cou
ncils
Fra
ud
and
Cor
rupt
ion
miti
gatio
n st
rate
gy r
efle
cts
best
pra
ctic
e
Cou
ncils
Fr
aud
and
Cor
rupt
ion
Miti
gatio
n Str
ateg
y m
ay
not
be
effe
ctiv
e.
M
Act
ion
Plan
be
im
plem
ente
d
Inte
rnal
Aud
itor
D
ecem
ber
2017
In
form
atio
n T
ech
no
log
y/S
yste
ms
18
IT G
uide
lines
and
Pro
cedu
res:
Th
e do
cum
ents
on
the
port
al a
t h
ttp:
//se
amle
ss.t
hehi
lls.n
sw.g
ov.a
u/Sta
ff-
Res
ourc
es/G
over
nanc
e/Pr
oced
ures
are
out
of
date
Out
dat
ed g
uida
nce
avai
labl
e to
sta
ff.
M
Upd
ate
guid
elin
es
and
proc
edur
es
Man
ager
–
Info
rmat
ion
Tech
nolo
gy
Jun
e 20
17
19
Pass
wor
ds:
From
w
orks
un
dert
aken
it
appe
ars
that
st
aff
shar
e pa
ssw
ords
an
d w
ould
sh
are
pass
wor
ds
if re
ques
ted
by t
heir M
anag
er o
r G
ener
al
Man
ager
. Th
is
has
been
iden
tifie
d in
Fra
ud C
ontr
ol
guid
ance
as
a H
igh
frau
d risk
.
Cou
ncils
IT
se
curity
m
ay
not
be
effe
ctiv
e H
IT t
ake
actio
n to
rem
ind
staf
f of
th
e Cou
ncils
re
quirem
ents
con
cern
ing
pass
wor
ds
and
IT
secu
rity
.
Man
ager
–
Info
rmat
ion
Tech
nolo
gy
Jun
e 20
17
PAGE 84
AUDIT COMMITTEE MEETING 15 JUNE, 2017
Au
dit
Ob
serv
atio
ns
Effe
ct
Ris
k R
atin
g
Rec
omm
end
atio
n
and
ag
reed
Act
ion
Pla
n
Res
pon
sib
le
Man
ager
To
be
imp
lem
ente
d
by
dat
e:
Sta
tus
at
15
M
ay
20
17
20
Cor
pora
te
Doc
umen
ts
in
Cou
ncils
co
rpor
ate
syst
em:
prev
ious
ly it
was
iden
tifie
d th
at
the
Cou
ncil
was
us
ing
a nu
mbe
r of
sys
tem
s ou
tsid
e th
e co
rpor
ate
syst
em
whe
re
Cou
ncil
info
rmat
ion
may
be
st
ored
.
Info
rmat
ion
in
Cou
ncils
co
rpor
ate
syst
ems
may
not
be
com
plet
e.
H
Proc
ess
be
unde
rtak
en
to d
eter
min
e th
e ex
tent
of
info
rmat
ion
not
stor
ed
in t
he C
ounc
il co
rpor
ate
syst
ems.
App
ropr
iate
ac
tion
be
take
n to
en
sure
th
at
the
iden
tifie
d in
form
atio
n is
pl
aced
int
o th
e Cou
ncils
co
rpor
ate
syst
ems
on a
tim
ely
basi
s
Coo
rdin
ator
–
Cus
tom
er
Ser
vice
/ M
anag
er
– In
form
atio
n Te
chno
logy
Jun
e 20
17
21
Evid
ence
was
fou
nd t
hat
som
e st
aff
mem
bers
ha
d an
in
appr
opriat
e le
vel o
f ac
cess
to
Cou
ncils
cor
pora
te s
yste
ms.
Una
utho
rise
d st
aff
acce
ssin
g sy
stem
s an
d Cou
ncil
docu
men
ts/i
nfor
mat
ion.
H
Acc
ess
be r
evie
wed
and
ap
prop
riat
e ch
ange
s be
m
ade.
All
Man
ager
s J
une
2017
22
Aut
omat
ic
logo
ut
of
Cou
ncils
sy
stem
s: T
his
cont
rol
that
was
pr
evio
usly
in
pl
ace
has
been
tu
rned
off
by
IT.
Una
utho
rise
d st
aff
acce
ssin
g sy
stem
s ha
s be
en id
entif
ied
in F
raud
Con
trol
gu
idan
ce a
s a
Hig
h fr
aud
risk
Una
utho
rise
d st
aff
acce
ssin
g sy
stem
s an
d Cou
ncil
docu
men
ts/i
nfor
mat
ion.
M
Aut
omat
ic
Logo
uts
be
revi
ewed
by
IT
an
d im
plem
ente
d w
here
ap
prop
riat
e.
Man
ager
–
Info
rmat
ion
Tech
nolo
gy
Jun
e 20
17
23
Sta
ff a
re n
ot a
war
e of
Cou
ncils
IT
se
curity
po
licy
and
requ
irem
ents
. Cou
ncils
IT
se
curity
m
ay
not
be
effe
ctiv
e w
ith r
espe
ct t
o st
aff.
M
Act
ion
be t
aken
to
rais
e st
affs
aw
aren
ess
of
its
IT s
ecur
ity r
equi
rem
ents
Man
ager
–
Info
rmat
ion
Tech
nolo
gy
Jun
e 20
17
PAGE 85
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 86
ITEM-4 GENERAL MANAGER AND ACTING GENERAL MANAGER'S EXPENSES
DOC INFO
THEME: Proactive Leadership
OUTCOME: 3 Sound governance based on transparency and accountability.
STRATEGY: 3.1 Ensure Council is accountable to the community and meets legislative requirements and support Council’s elected representatives for their role in the community.
MEETING DATE: 15 JUNE 2017
INTERNAL AUDIT COMMITTEE
GROUP: GENERAL MANAGER
AUTHOR: ACTING GENERAL MANAGER
MICHAEL EDGAR
RESPONSIBLE OFFICER: ACTING GENERAL MANAGER
MICHAEL EDGAR
HISTORY At the Council meeting of 12 October 2004, the Council adopted a Notice of Motion as follows:- 1. The General Manager’s expenses be reviewed and approved by the Mayor prior to
payment. 2. After Approval, the expenses be submitted to the Audit Committee for notation. REPORT A listing of the General Manager’s and Acting General Managers expenses incurred since last reported on 12 December 2016 will be tabled at the Audit Committee Meeting. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. The General Managers expenses are met from Councils adopted budget. The Hills Future - Community Strategic Plan The disclosure of the General Managers expenses ensures that the Council is transparently governed. RECOMMENDATION 1. The report be received.
2. The expenses tabled (which outlines a total of $314.48 for the General Manager and $228.41 for the Acting General Manager) be noted
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 87
ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE MEETING - 12 DECEMBER 2016
THEME: Proactive Leadership
OUTCOME: 1 Value our customers, engage with and inform our community and advocate on their behalf
STRATEGY:
1.1 Facilitate strong two way relationships and partnerships with the community, involve them in local planning and decision making and actively advocate community issues to other levels of government.
MEETING DATE: 15 JUNE 2017
INTERNAL AUDIT COMMITTEE
GROUP: GENERAL MANAGER
AUTHOR: INTERNAL AUDITOR
KERRIE WILSON
RESPONSIBLE OFFICER: ACTING GENERAL MANAGER
MICHAEL EDGAR
REPORT Attached to this report are the responses for the questions asked at the Audit Committee Meeting held on 12 December 2016. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. The Hills Future - Community Strategic Plan The Audit Committee of Council ensures that Council maintains sound governance based on transparency and accountability. RECOMMENDATION The report be received. ATTACHMENTS 1. Questions & Answers – Audit Committee 12 December 2016 (1 page)
AUDIT COMMITTEE MEETING 15 JUNE, 2017
PAGE 88
ATTACHMENT 1
COUNCILLORS QUESTIONS WITHOUT NOTICE
INTERNAL AUDIT MEETING 12 DECEMBER 2016
MINUTE NO.
QUESTION REFERRED TO
62 FINANCIAL IMPACT FROM BOUNDARY ADJUSTMENT WITH THE CITY OF PARRAMATTA COUNCIL
GENERAL MANAGER
Mr Bland requested a brief update from the General Manager on how Council’s loss of land below the M2 to the City of Parramatta Council has impacted financially and what problems are being experienced. The General Manager advised the net loss of revenue is approximately $8.5M which will be addressed in the first couple of years through lower transfers to reserves until the impact of the revenue from the future growth in the northern part of the Shire. The other major impact is in terms of staff numbers, with staff protected for 3 years, however, Parramatta has chosen to take on the staff from the childcare centre in North Rocks and the library in Carlingford. For a couple of years there will be an overlap of “surplus” staff, however in the lead up to the proposed change there were approximately 50 vacancies, including 18 outdoor staff, and this will minimise the impact. There will also be an impact on staff budgets because of the fact that there is staff protection for 3 years. Despite the loss of revenue Council is still Fit for the Future and meets all the Government ratios.
RESPONSE Answered at the meeting. MINUTE NO.
QUESTION REFERRED TO
63 CHRISTMAS WISHES GENERAL MANAGER Mr Blair, Adjunct Professor Jim Taggart OAM and Councillor Thomas
wished all Councillors, staff and colleagues on the Audit Committee a very happy Christmas and prosperous New Year.
RESPONSE No response is required.