Audit Committee Meeting - The Hills Shire · 2020. 3. 11. · Clr Y D Keane (Mayor, in the Chair)...

Audit Committee Meeting

Thursday, 15 June 2017

THE HILLS SHIRE CO

UNC

IL

AUDIT COMMITTEE MEETING 15 JUNE, 2017

ITEM SUBJECT PAGE ITEM-1 CONFIRMATION OF MINUTES

ITEM-2 AUDIT OFFICE- PERFORMANCE AUDITS 8

ITEM-3 INTERNAL AUDITORS REPORT 19

ITEM-4 GENERAL MANAGERS EXPENSES AND ACTING GENERAL MANAGER’S EXPENSES

86

ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE MEETING - 12 DECEMBER 2016

88

MINUTES of the duly convened Audit Committee Meeting of The Hills Shire Council

held in the Council Chambers Baulkham Hills on 12 December 2016

This is Page 1 of the Minutes of the Audit Committee Meeting of The Hills Shire

Council held on 12 December 2016

ITEM SUBJECT PAGE

ITEM-1 CONFIRMATION OF MINUTES

ITEM-2 INTERNAL AUDIT STRATEGIC PLAN 2017/2020 3

ITEM-3 INTERNAL AUDIT REPORT 3

ITEM-4 GENERAL MANAGER'S EXPENSES 4

ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE

MEETING - 16 AUGUST 2016

4

QUESTIONS WITHOUT NOTICE 4

MINUTES of the duly convened Audit Committee Meeting of The Hills Shire

Council held in the Council Chambers Baulkham Hills on 12 December 2016



47 PRESENT

Clr Y D Keane (Mayor, in the Chair)

Clr M G Thomas

Adjunct Professor Jim Taggart OAM

Mr Trevor Bland

Mr Michael Blair

48 IN ATTENDANCE

Mr Dave Walker – General Manager

Ms Kerrie Wilson – Internal Auditor

Mr Dennis Banicevic – External Auditor, PricewaterhouseCoopers

49 APOLOGIES

Clr A J Hay OAM

Clr Dr J N Lowe

50 TIME OF COMMENCEMENT

7.00pm

51 TIME OF COMPLETION

7.47pm

52 DECLARATIONS OF INTEREST

Nil.

53 ARRIVALS AND DEPARTURES

7.27pm Councillor Thomas left the meeting and returned at 7.31pm during Item 3.

54 DISSENT FROM COUNCIL'S DECISIONS

Nil.

55 ADJOURNMENT & RESUMPTION

Nil.





ITEM-1 CONFIRMATION OF MINUTES

A MOTION WAS MOVED BY ADJUNCT PROFESSOR JIM TAGGART OAM AND SECONDED

BY MR TREVOR BLAND THAT the Minutes of the Audit Committee Meeting held on

16 August 2016 be confirmed.

THE MOTION WAS PUT AND CARRIED.

56 RESOLUTION

The Minutes of the Audit Committee Meeting held on 16 August 2016 be confirmed.

APOLOGIES

A MOTION WAS MOVED BY MR MICHAEL BLAIR AND SECONDED BY MR TREVOR BLAND

THAT the apologies from Councillors Hay OAM and Dr Lowe be accepted and leave of

absence granted.


57 RESOLUTION

The apologies from Councillors Hay OAM and Dr Lowe be accepted and leave of absence

granted.

ITEM-2 INTERNAL AUDIT STRATEGIC PLAN 2017/2020

A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY COUNCILLOR MR

MICHAEL BLAIR the Recommendation contained in the report be adopted.


58 RESOLUTION

The report be received.

7.27pm Councillor Thomas left the meeting and returned at 7.31pm during Item 3.

ITEM-3 INTERNAL AUDIT REPORT

A MOTION WAS MOVED BY MR MICHAEL BLAIR AND SECONDED BY ADJUNCT

PROFESSOR JIM TAGGART OAM THAT the Recommendation contained in the report be

adopted.


59 RESOLUTION






ITEM-4 GENERAL MANAGER'S EXPENSES

A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY MR MICHAEL

BLAIR THAT the Recommendation contained in the report be adopted.


60 RESOLUTION

1. The report be received.

2. The expenses tabled (which outlines a total of $4,629.54) be noted.

ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE

MEETING - 16 AUGUST 2016

A MOTION WAS MOVED BY COUNCILLOR THOMAS AND SECONDED BY MR MICHAEL

BLAIR THAT the Recommendation contained in the report be adopted.


61 RESOLUTION


QUESTIONS WITHOUT NOTICE

62 FINANCIAL IMPACT FROM BOUNDARY ADJUSTMENT WITH THE CITY OF

PARRAMATTA COUNCIL

Mr Bland requested a brief update from the General Manager on how Council’s loss of

land below the M2 to the City of Parramatta Council has impacted financially and what

problems are being experienced.

The General Manager advised the net loss of revenue is approximately $8.5M which will

be addressed in the first couple of years through lower transfers to reserves until the

impact of the revenue from the future growth in the northern part of the Shire. The

other major impact is in terms of staff numbers, with staff protected for 3 years,

however, Parramatta has chosen to take on the staff from the childcare centre in North

Rocks and the library in Carlingford. For a couple of years there will be an overlap of

“surplus” staff, however in the lead up to the proposed change there were approximately

50 vacancies, including 18 outdoor staff, and this will minimise the impact. There will

also be an impact on staff budgets because of the fact that there is staff protection for 3

years. Despite the loss of revenue Council is still Fit for the Future and meet all the

Government ratios.

63 CHRISTMAS WISHES

Mr Blair, Adjunct Professor Jim Taggart OAM and Councillor Thomas wished all

Councillors, staff and colleagues on the Audit Committee a very happy Christmas and

prosperous New Year.

MINUTES of the duly convened Audit Committee Meeting of The Hills Shire Council held in the Council Chambers Baulkham Hills on 12 December 2016

This is Page 5 of the Minutes of the Audit Committee Meeting of The Hills Shire Council held on 12 December 2016

The Minutes of the above Meeting were confirmed at the Audit Committee Meeting held on 15 June 2017.

MAYOR ACTING GENERAL MANAGER


PAGE 8

ITEM-2 AUDIT OFFICE- PERFORMANCE AUDITS DOC INFO

THEME: Proactive Leadership

OUTCOME: 3 Sound governance based on transparency and accountability.

STRATEGY: 3.1 Ensure Council is accountable to the community and meets legislative requirements and support Council’s elected representatives for their role in the community.

MEETING DATE: 15 JUNE 2017

INTERNAL AUDIT COMMITTEE

GROUP: GENERAL MANAGER

AUTHOR: INTERNAL AUDITOR

KERRIE WILSON

RESPONSIBLE OFFICER: ACTING GENERAL MANAGER

MICHAEL EDGAR

REPORT In September 2016 the NSW Parliament passed amendments to the Local Government Act 1993 (the Act), known as the Phase 1 reforms, which focused mainly on improving council governance and strategic business planning. These amendments are embodied in the Local Government Amendment (Governance and Planning) Act. On 1 October 2016, as part of these amendments, the Auditor-General of NSW (Auditor-General) was appointed as the external auditor for all councils from the 2016-17 financial year (s422). In addition to the external audit, s421B outlines that the Auditor-General may conduct performance audits of all or any activities of one or more councils to determine whether the councils are carrying out those activities effectively, economically and efficiently and in compliance with relevant laws. In undertaking performance audits the Auditor-General aims to identify trends, good practices and performance improvement opportunities and to provide strong support for continuous improvement across the sector and creating stronger performing councils. Performance audits are funded by the NSW Government. In late April 2017 the Auditor-General forwarded to Council the Audit Office of New South Wales (Audit Office) Performance Audit Guide for Local Government as well as details of the 3 proposed performance audits that it will undertake in the local government sector in 2017/18 (attached). These audits will involve the Audit Office selecting a sample of NSW Councils to profile in detail and providing the sector with a report outlining the results of their review. The 3 proposed audits are:


PAGE 9

• Councils’ own reporting to their communities on service delivery through conducting a desk top review of reporting in Council annual reports.

• survey fraud controls in place across Councils • examine current shared services arrangements

The Audit Office will contact Council if it is selected in any of the 3 performance audits to be undertaken. Once released, the Audit Office performance audits reports will be forwarded to the Audit Committee for its review and information. The Audit Committee will also be kept up to date, through the Internal Audit Report, with the progress of these reviews. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. Performance audits are funded by the NSW Government. The Hills Future - Community Strategic Plan The observations outlined in the Audit Office Performance audit reports will provide insights into the activities of the NSW Local Government Sector concerning the effectiveness, economy and efficiency and compliance with relevant laws with respect to the nominated audit topic, resulting in recommendations aimed at improving governance and strategic business planning at Council. RECOMMENDATION The letter from the Auditor-General dated 27 April 2017 and the Performance Audit Guide for Local Government is received. ATTACHMENTS 1. The letter from the Auditor-General dated 27 April 2017 and the Performance Audit

Guide for Local Government (9 pages).


, ~ ..,

BATCH N6: TIME:

.. 3 MAY 2017 en audit office

THE HILLS SHIRE COUNCIL

OF NEW SOUTH WALES

Mayor Yvonne Keane The Hills Shire Council

PO Box 7064

BAULKHAM HILLS BC NSW 2153

Contact Audit Office

Phone No 92757100

Our Ref

Your Ref

27th April 2017

Dear Mayor Keane

Initial local government performance audits

As you are aware, recent amendments to the Local Government Act 1993 have made the

Auditor-General of NSW the Auditor of Local Councils in NSW. In addition to auditing Councils’ annual financial statements, the new mandate provides for the conduct of "Performance Audits’"

I am aware Performance Audits are a new type of audit for Local Government so the purpose of

this letter is to tell you a little bit about them and my approach.

Essentially, performance audits assess whether selected activities or services are carried out

efficiently, effectively and economically. The State Government has provided my Office with

funding to conduct two to three Local Government performance audits annually. I have consulted

with organisations like Local Government NSW and the Office of Local Government regarding topic selection.

In this first year, I have chosen to focus on the sector as a whole, rather than on any individual

council. In this way I hope to improve my Office’s understanding of Local Government and to work

alongside you to provide some general benchmarking or improvement opportunities. My aim is to

support Councils to identify good practice and to make improvements over time.

The first Performance Audit will focus on Councils’ own reporting to their communities on service

delivery. My Office is conducting a desk top review of reporting in Council annual reports and will

select a sample of Councils to profile in more detail.

The second audit will survey fraud controls in place across Councils. And the final performance for

the 2017/18 financial year will examine current shared services arrangements.

We will contact you directly if your Council is selected for more detailed examination in any audit.

I am sure it will be helpful if I publish a forward program of possible performance audits for you to

provide any feedback on. Matters identified in my annual financial audits will also inform the

selection of future topics, which may be a mix of sector wide or more targeted audits. Again, my officers will contact you during the early stages of any audit involving your Council.

Information regarding Performance Audits and my Office’s approach to Local Government can be

found at http://www.audit.nsw.gov.au/ I also enclose our Performance Audit Guide for Local

Government for your information.

You may like to view my current program of State Government Performance Audits to get a better

insight into the nature of performance auditing. You can also discuss any aspect of the audit of

your Council with the Business Team Leader responsible for your Council. Contact details will be

provided to your General Manager in our Client Service Report.

Level 15, 1 Margaret Street, Sydney NSW 2000 I GPO Box 12, SyNSW 2001 I t 02 9275 7100 I f 02 9275 7200 I [email protected]

PAGE 10

mpereira

Text Box

ATTACHMENT 1


. " ......

I am looking forward to working constructively with you and your officers to carry out my obligations under the Act but to also support you in your work. If you have any questions, please feel free to email me([email protected]).

Please note I have also written to your General Manager asking that this advice be tabled at a

forthcoming council meeting.

With my best regards

~ o ~

Margaret Crawford Auditor-General of NSW

PAGE 11


I

PERFORMANCE AUDIT GUIDE FOR LOCAL GOVERNMENT

INTRODUCTION

Performance audits assess whether an agency or council is carrying out its activities effectively, and

doing so economically and efficiently and in compliance with relevant laws.

This Guide provides councils (the audited agency) with information about the NSW Audit Office’s

performance audit process. The Guide outlines the legislative framework and the NSW Auditor- General’s authority, and what to expect of the Audit Office during a performance audit.

The Guide also informs councils of their obligations to assist the performance audit team to effectively and efficiently complete their work.

LEGISLATIVE FRAMEWORK

Auditor-General’s authority to conduct performance audits

The Public Finance and Audit Act 1983 (PF&A Act) sets out the Auditor-General’s functions, mandate

and powers.

The Auditor-General’s independence is assured by key provisions in the PF&A Act. Specifically, the

Auditor-General:

o reports directly to NSW Parliament on audits of agency financial reports and performance

o can only be dismissed by a resolution of both houses of the NSW Parliament

o decides on the program of work undertaken by the Audit Office

o is appointed for a non-renewable eight year period. In addition, performance audits are funded

by NSW Parliament, not the agency being audited.

Under the Local Government Amendment (Governance and Planning) Act 2016 (the Act), the Auditor-

General is the auditor of all NSW councils and ’council entities’ from 1 July 2016 and has the mandate

to conduct performance audits.

The Act gives the Auditor-General authority to choose the topics and agencies for review, and to

access required agency information.

The Auditor-General is required to report to the head of the audited agency, the responsible Minister

and Treasurer on the result of a performance audit. In many cases, this will include the Office of Local

Government and its Minister due to their respective roles.

PAGE 12


\

SUMMARY OF KEY POINTS

In conducting a performance audit, the Audit Office is responsible for:

o obtaining sufficient knowledge of the program or activity being audited

o maintaining a constructive relationship with the audited agency and undertaking adequate

consultation (see Table 1)

o securing and keeping confidential all agency information obtained in the course of the audit.

The head of the audited agency is responsible for:

o nominating up to two suitable liaison officers to work with the audit team

o providing full and free access to people and information within requested timeframes. This

includes providing all information that is relevant to the audit, even if not specifically requested

o a duty of care to the audit team under WHS and anti-discrimination laws, and harassment free

workplace policies.

Performance audits and topic selection

Performance audits assess whether an agency is carrying out its activities effectively, and doing so

economically and efficiently and in compliance with all relevant laws. Activities examined by a

performance audit may include an individual program or service provided by an individual or group of

council’s, all or part of an individual council, or it may consider particular issues affecting the sector as

a whole and may include state agencies as well as council’s. Performance audits cannot question the

merits of government or council’s policy objectives. The Act gives the Auditor-General authority to

select performance audit topics and activities to review. We use a strategic approach to selecting

performance audits, which balances our performance audit program to reflect issues of interest to

Parliament and the community. We include topics that align with the government’s policy objectives

and reform agenda to assess progress and impacts.

Each year, the Auditor-General seeks input from the heads of government agencies and certain

statutory officers, on proposed topics before publishing the performance audit program. The Auditor-

General will also take into account performance audit topic suggestions from the Public Accounts

Committee, Members of Parliament, local councils and members of the public.

Authority to access Council information

The Act provides the Audit Office with full access to information irrespective of any agency obligations

for confidentiality. This overrides any other legislation that might restrict disclosure, such as secrecy or

privacy laws.

The Auditor-General is entitled at all reasonable times to full and free access to information requested

of the audited agency.

The only exception to this access is information that is Cabinet information as defined in the

Government Information (Public Access) Act 2009 (GIPA Act). However, as a matter of convention the

Secretary, Department of Premier and Cabinet, provides relevant Cabinet documents to the Auditor-

General when requested.

Agencies must provide the Audit Office with information requested.

Confidentiality requirements

Under the PF&A Act, any information obtained in the course of undertaking a performance audit must

not be disclosed by Audit Office staff to any person other than staff of the auditee, with the exception

of information relating to improper conduct as detailed in the Act.

All information that the Audit Office receives, and working papers that the Audit Office creates during

an audit, are exempt from the GIPA Act.

PAGE 13


FOLLOW-UP PROCESS AFTER THE PERFORMANCE AUDIT IS COMPLETED

Approximately 12 months after each performance audit report is tabled in Parliament, the Public

Accounts Committee (the Committee) may follow up action taken by audited agencies in response to

recommendations made by the Auditor-General. As part of the follow up process, the Committee

questions agencies about their response to the recommendations and, if required, conducts public

hearings to examine witnesses. The Auditor-General also provides comments on submissions made

by agencies to the Committee.

After the performance audit report is tabled, we write to the head of each audited agency to confirm

this process and provide a template to assist the audited agency to report to the Committee when

requested.

ROLES AND RESPONSIBILITIES

The Audit Office’s obligations

We aim to complete our work efficiently to minimise the impost on each council. The time to complete this work varies depending on the complexity of the audit topic and the number of councils and state

agencies that may be involved. This may range from six to 12 months.

Knowledge of the program or activity being audited

The audit team will obtain sufficient knowledge to enable it to identify and understand issues relevant

to the program or activity being audited.

Performance audits may be undertaken on topics that require specialised skills and knowledge

beyond those possessed by the audit team. In these cases, we engage consultants to provide expert assistance to the audit team and will discuss this with the audited council. The audit team must ensure

that any consultant engaged for the audit has the necessary competence, capabilities and impartiality to complete the work required.

No surprises approach

The audit team seeks to establish a constructive relationship with each council so that there are ’no

surprises’ in the final audit report. The audit team will explain the audit process at commencement and

will maintain appropriate communication throughout the audit. Council’s General Manager, and

executive staff, are encouraged to provide input at appropriate stages of the audit, such as when the

audit is being scoped, and when preliminary findings, the draft report and potential recommendations

are discussed.

Our audit process outlined in Table 1 provides several formal consultation points for the council to

discuss the audit planning, preliminary findings and draft report during the course of the audit. In

practice, there is ongoing and frequent communication between the audit team and the liaison officers.

Additionally, the head of the audited council and council executive staff can contact the Auditor

General, Deputy Auditor General or Assistant Auditor-General Performance Audit at any time to

discuss the audit. Our contact details are provided to the General Manager and council liaison officers

at the commencement of the audit.

Audit methodology

Our performance audit methodology is designed to satisfy Australian Audit Standards ASAE 3000 and

3500 on performance auditing. The Standards require the audit team to comply with relevant ethical

requirements and plan and perform the audit to obtain reasonable assurance and draw a conclusion

on the audit objective. Our processes have also been designed to comply with the performance audit

requirements specified in the Act.

Security of agency information

The Audit Office treats all audit-related information as ’in-confidence’. Our computer network has

appropriate security measures in place to mitigate unlawful access. Secure arrangements are also in

place to store physical documentation.

PAGE 14


Sensitive information that, in the Auditor-General’s opinion, is not in the public interest will not be

included in public reports. This may include commercial in confidence information. Any issues that the

council may have about the Auditor-General’s powers and the content of the audit report should be

discussed with the audit team at the earliest opportunity.

The audit team will discuss with council’s liaison officers suitable options and timing to provide information and documentation for the audit. This may include use of a web based secure file transfer

facility to enable audited agencies to securely and efficiently provide requested information.

The audited agency’s obligations

We aim to use council staff time efficiently and effectively and request the council’s cooperation to

facilitate our work. In the planning stage of each audit we will consult with council’s liaison officers and

agree on timely access to people and information (see Table 1).

Nominate up to two liaison officers

Council’s General Manager is asked to nominate up to two liaison officers to work with the audit team.

The liaison officers’ role is important to both the Audit Office and council.

The liaison officer should be a senior member of the council who will keep the General Manager informed of the progress of the audit, and who has authority to make decisions on behalf of the

council, for example, when reviewing the draft audit report and discussing potential audit

recommendations.

The liaison officer will be asked to assist with the day to day administration of the audit, such as

assistance in arranging meetings, access to people and information. Council’s General Manager, or

the nominated liaison officer, may wish to appoint a second liaison officer to assist the audit team with

these matters.

Regular and open communications between the audit team and management of the council help deliver an efficient audit. The audit team will contact the nominated liaison officers regularly during the

audit and will direct most questions and documentation requests through them. Refer to Table 1 for

more details.

It is essential the audit team receives prompt responses to its questions and requests for supporting documentation.

Prepare early for the audit

The letter sent to the General Manager when a performance audit commences includes an indication

of the issues that the performance audit will examine. This is discussed and refined during the

planning phase of the audit outlined in Table 1.

The General Manager can prepare early for the performance audit by:

o reviewing relevant plans, records and source data, and making sure these are up-to-date and

available for the audit team

o gathering documentation on how council monitors and measures the effectiveness, economy and efficiency of the audited activity and have the most recent results ready.

Provide full and free access to people and information

The General Manager and council’s nominated liaison officers are responsible for arranging unrestricted access for the audit team to relevant individuals and documents and for the completeness and accuracy of the information supplied for the audit.

This is particularly important for performance audits. Each performance audit is unique and, as a

result, it is difficult for audit teams to know exactly the documentation relevant to the audit. It is

therefore the council’s responsibility to ensure it provides:

o all information it is aware of that is relevant to the audit, whether or not it is specifically

requested

o all information the audit team requests that is relevant to the audit

PAGE 15


o unrestricted access to all people in the council from whom it is necessary to obtain audit

evidence.

The General Manager is also requested to advise the audit team:

o if they or their council has any knowledge of any actual, suspected or alleged intentional

misstatement (such as fraud) or non-compliance with laws and re’gulations in relation to the audit topic

o whether there has been any internal or external reviews or audits conducted in relation to the

audit topic.

Comply with work health and safety (WHS) and anti-discrimination laws, and harassment-free workplace policies

The Audit Office is committed to maintaining a high standard of work health and safety, and our staff

are expected to treat each other and council staff with courtesy and respect.

Councils have a duty of care to Audit Office staff under the Work Health and Safety Act 2011,

Regulation, Codes of Practice and recognised industry standards, as appropriate.

If the audit team fails to adhere to anti-discrimination laws or the harassment free workplace policy, the council liaison officers should advise the Assistant Auditor-General Performance Audit

im mediately.

The Audit Office has policies and strategies to prevent and deal with discrimination and harassment.

If the audit team is treated contrary to anti-discrimination laws and the harassment free workplace

policy by any council staff, the audit team will advise the Assistant Auditor-General Performance Audit

immediately. The incident will be raised with the council liaison officers and, if necessary, with the

General Manager and the Auditor-General.

Transmission of agency information

Council’s may provide working papers in hard copy or electronic format. Our preferred format is

electronic documents in Word, Excel, or PDF formats provided bye-mail or through the Audit Office’s

secure file upload service. Details of e-mail addresses to use, or the file upload service, are provided

by the audit team when information is requested.

The audit team may need ’read only’ access the council’s electronic systems. If this is required, the

liaison officer will be asked to arrange the necessary access including log in IDs or access terminals

on-site.

PAGE 16


PERFORMANCE AUDIT PROCESS

Once initiated, performance audits have three main stages: planning, conduct and reporting. A

description of each of these stages, and the extent of our consultation with the audited council, is

outlined in Table 1.

Table 1-Performance audit stages and consultation with audited

agencies

Planning Audit An audit team is assigned and the audit is initiated.

commences Commencement letters are issued to the General

Manager, Chief Executive, responsible Minister/s, and

the Treasurer. The head of each audited council and

state agency nominates their liaison officers who will

work with the audit team.

Scoping

work

Audit plan

Conduct Evidence

gathering

and analysis

Preliminary

findings

The audit team meets with council’s liaison officers, and

other key stakeholders, to gain an understanding of the

council and activities relevant to the audit topic. The

audit team develops the audit’s scope and focus,

including the audit objective and potential criteria. The

potential audit scope is discussed with council’s liaison

officers.

The audit team finalises the audit scope and develops

the audit plan in consultation with council’s liaison

officers. In addition to the scope and focus, the audit

plan may include

o the audit procedures, including how and what

information is to be collected to answer the audit

criteria

o audit fieldwork and approach, including the people

and locations the audit team will visit during the

audit

o audit schedule, including consultation milestones

and proposed tabling date. A draft audit plan is

provided to the council’s liaison officers for feedback

before being finalised Once finalised, the audit plan

and audit engagement letter are issued to the

General Manager.

Evidence is collected and analysed against the audit

criteria. The audit team must ensure they have sufficient

and appropriate evidence to answer the audit objective and criteria.

Preliminary findings against the audit criteria are

discussed with council’s liaison officers. Additional

relevant evidence may be requested if needed.

Commencement

letters

Draft audit scope and

focus

Audit plan and

engagement letter

Interviews with

relevant council staff

Requests for access

to documents and

information

Preliminary findings

discussed

PAGE 17


, I

Reporting Draft report

Final report

A draft report is prepared and a meeting held with

council’s liaison officers to discuss their feedback. The

purpose of the draft report is to give the council the

opportunity to identify errors of fact or interpretation, and

to provide additional relevant evidence that addresses

the audit criteria. Responses received from the council

are carefully considered and amendments made as

necessary. During this process the audit team will also

discuss with council’s liaison officers potential

recommendations to be included in the audit report. The

General Manager may wish to meet with the Auditor-

General to discuss the draft audit report and

recommendations before it is finalised.

Draft report

Potential

recommendations

The audit’s final report is issued by the Auditor-General Final statutory report

to the General Manager, Chief Executive, the

responsible Ministerls, and the Treasurer, in accordance

with the Local Government Act 1993. The audit report

includes recommendations to improve accountability and

performance. The General Manager is invited to provide

a written response to the audit report and its

recommendations that will be published with the audit

report.

The audit report is tabled in NSW Parliament and

published on the Audit web site

Tabled report

PAGE 18


PAGE 19

ITEM-3 INTERNAL AUDITORS REPORT DOC INFO








KERRIE WILSON


MICHAEL EDGAR

EXECUTIVE SUMMARY The Internal Audit report:

• Summarises the work undertaken by the Internal Audit Function and the Audit Committee in the period;

• Highlights areas of improvement within Council’s operations; • Reports the extent to which the work carried out by the function met the

requirements of the approved Internal Audit Plan 2017; • Reports the measures taken by The Hills Shire Council (THSC) to implement the

recommendations of the internal audit reports; • Provides an overview to the Audit Committee of the status of Councils internal

control, risk management and governance processes.

The format of the report reflects: • the recommendations made by the Division of Local Government (DLG) in their

report titled: Internal Audit Guidelines, released September 2010; and, • Audit Committee requirements.

REPORT Attached are the Internal Audit Reports which outlines the audit tasks undertaken by the Internal Audit function in the period to 15 May 2017. The March 2017 Internal Audit Report has been brought forward to this meeting as the meeting planned for 16 March 2017 was cancelled due to the lack of a quorum. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates.


PAGE 20

The Hills Future - Community Strategic Plan This report outlines the results of Audit’s review of Councils high risk activities as identified in the Internal Audit Plan adopted by Council. The recommendations resulting from audit activities are aimed at ensuring that Council stated outcomes are achieved efficiently and effectively and meets the Councils legislative requirements. RECOMMENDATION The report be received. ATTACHMENTS 1. Internal Audit report to 1 March 2017 (34 pages) 2. Internal Audit report to 15 May 2017 (31 pages)


ATTACHMENT 1

Internal Audit Report

At 1 March 2017

PAGE 21


Part A: Executive Summary

1. Audit Activity to 1 March 2017

From 1 January 2017 Audit has been addressing Year 1 (2017) of its 4 year Strategic Audit Plan. This plan was adopted by the Audit Committee at its meeting on 12 December 2016.

For the calendar year to 1 March 2017, Internal Audit has completed 2 or 11% its 18 planned audits within budget.

The audits undertaken are detailed at Part B and C of this report. Audits completed in the period include:

Governance Health check

Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash

At 1 March 2017, the number of direct days spent on internal auditing was 96% of the total days available and Management had implemented 98% of the agreed audit recommendations.

2. For the Information of the Committee

2.1 Governance and Legislative Changes

Since the last report to the Audit Committee the following relevant documents were released by the Office of Local Government (OLG) in December 2016 and January 2017: http://www.olg.nsw.gov.au/news/16-49-fit-future-improvement-plans-and-integrated-planning-and-reporting http://www.olg.nsw.gov.au/news/16-51-further-phase-1-amendments-local-government-act-commence-and-amending-regulation-made http://www.olg.nsw.gov.au/news/17-01-exhibition-draft-bill-amend-environmental-planning-and-assessment-act-1979 External Audit As previously outlined, the NSW Auditor – General is now the External Auditor for the Council (refer s422 Local Government Amendment (Governance and Planning) Act). Under contractual arrangements, the Audit Office has appointed PWC to be undertake the 2016/17 of THSC external audit on their behalf.

2.2 External Reviews

ICAC review of the City of Botany Bay Council

The ICAC report concerning this review has not yet been released.

OLG: Auburn City Council Public Enquiry

The OLG’s findings concerning the public enquiry into practices at Auburn City Council have not yet been released.

PAGE 22


When the final reports are released by the relevant regulatory bodies they will be forwarded to

the Audit Committee for information.

The Structure of the Internal Audit Report is as follows:

A: Executive Summary;

B: Comparison of the Actual and planned Audit activity undertaken in the 2017 calendar year from 1 January 2017;

C: Details of the actual internal audit work undertaken in the period to 1 March 2017;

D: Detail of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations;

E: Internal Audit and Audit Committee Key Performance Measures.

Attachment 1: Background to the Internal Audit Function, the Audit Committee, and the audit reporting practices at The Hills Shire Council.

Attachment 2: Risk Assessment Matrix

Attachment 3: List of outstanding audit recommendations (including management comments) at the reporting date

PAGE 23


Part B Comparison of the Actual and Planned Audit Activity undertaken in the 2017 period

B.1 Summary

Councils KPI

Within the Hills Shire Plan the required output of Internal Audit is to:

Implement the Internal Audit Strategic Plan and the Annual Internal Audit Program adopted by the Audit Committee.

The targeted performance measure is:

Audits Completed in the Annual Audit Program

90%

Chart 1 and Table 1, compares the actual audit activity against this KPI.

The Audit Program for the period from 1 January 2017 is included in the Internal Audit Strategic Plan (1 January 2017 - December 2020) which was adopted by the Audit Committee at its meeting on 12 December 2016.

Link: http://www.thehills.nsw.gov.au/Council/Meeting-Agendas-Minutes/Audit-Committee

To monitor the achievement of the adopted audit plan the Audit Committee is provided with an overview and comparison of the planned Audit Activity (as outlined in the adopted Audit Plan) with the actual audit activity undertaken to the date of this report (refer Table 1). The current status of each audit is also provided.

Legend to the Table 1.

Status of the Audit Activity

In progress

Completed

Not yet commenced

Chart 1: Summary of Table 1:

PAGE 24


Table 1: Comparison of actual audit activity with the adopted 2017 Annual Audit Program

2017 Audit Program Risk

Status of the Planned

Audit at 1 March 2017

1 Governance H Completed. Refer C1.2

2 Risk Management H

3 Fraud and Corruption mitigation strategy/associated processes H Refer C1.1

4 KPI’s (including Enterprise Agreement (EA) implementation) H

5 Financial Statement Review H

6 Review of the use and management of restricted trust funds H

7 Special Projects/Assignments H

8 Investigations H

9 Information Technology/Systems H

10 System Audits M/H

11 Revenue Activities (implementation of adopted fees and charges document) M

12 Payroll H

13 Efficiency and effectiveness of Councils Procurement practices H

14 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash H

Completed. Refer C1.3

15 Recruitment and Terminations H

16 Legislation/Regulation H

17 RMS H

18 Fire Safety Inspections H

Other

Training and Development

Audit Committee

Annual Planning and Reporting

Liaison

Reports previously issued.

PAGE 25


Part C. Details of the Internal Audit Activity undertaken in the period from 1 January 2017

Part C. provides details of the Audit Activity undertaken in the period from 1 January 2017 to 1 March 2017.

This part outlines the:

Internal audit engagements completed or in progress Outcomes of each internal audit engagement undertaken The scope and methodology applicable to each audit activity undertaken Remedial action taken or in progress

The following legend has been used to provide the Audit Committee with an overall opinion of each Audit Activity undertaken:

Audit Opinion

Opinion Rating Table

Excellent Effective control environment with the business area operating efficiently, effectively and economically

Satisfactory Effective control environment; reporting complies with legislation or outputs/KPI’s being achieved

Improvement Required

Improvement required to: the control environment; reporting (to ensure it complies with legislation) or processes need to be improved to ensure efficiency and effectiveness.

Unsatisfactory Control environment is not effective

C 1.1 Corruption Mitigation Strategy and processes (Audit item 3)

Objective, Scope and Methodology: As identified in the Councils fraud and corruption mitigation strategy, internal audit has:

Reviewed ICAC reports relevant to local government in the period to the date of the Audit Committee;

Followed up with Council management those recommendations made by the ICAC that relate to the activities that are undertaken by Council. This follow up is undertaken to ensure that Councils processes are corruption resistant;

Worked with management to implement or modify processes where relevant, to mitigate the corruption risk.

For the information of the Committee:

Since 2008 the ICAC has made 249 recommendations (similar recommendations counted as 1) that relate to activities undertaken by Council. Audit has followed up the recommendations made by the ICAC when the relevant reports have been published.

Council manages its corruption risks through its risk management system.

a) Investigations and public enquiries in progress

The ICAC’s ongoing investigations are as follows (Please note that the following extracts are copied directly from the ICAC website Link: http://www.icac.nsw.gov.au/investigations/current-investigations ):

PAGE 26


2016 Western Sydney Regional Illegal Dumping Squad - allegations concerning former Western Sydney Regional Illegal Dumping Squad (RIDS) officer (Operation Scania)

The ICAC is investigating allegations that a former Western Sydney Regional Illegal Dumping Squad (RIDS) enforcement officer, Craig Izzard, exercised his public official functions partially and dishonestly by receiving corrupt payments to ignore illegal dumping in areas under his supervision, or to impede investigations by other Western Sydney RIDS officers.

Audit Committee: The Western Sydney RIDS is responsible for investigating the illegal dumping of waste in western Sydney. It is jointly funded by the NSW Environment Protection Authority and the Fairfield, Penrith, Liverpool, Blacktown, Hills (THSC), Parramatta and former Holroyd (now Cumberland) local councils. The allegations concern properties in the Liverpool and Blacktown local government areas. Mr Izzard was located at Penrith City Council.

The public enquiry took place in September 2016. Transcripts are available at the following link. It is expected that the ICAC report will be released shortly:

http://www.icac.nsw.gov.au/investigations/current-investigations/investigationdetail/218

City of Botany Bay Council – allegations concerning former chief financial officer (Operation Ricco)

The ICAC is investigating allegations that former City of Botany Bay Council chief financial officer Gary Goodman, and other Council employees, dishonestly exercised official functions to obtain financial benefits for themselves and others by causing fraudulent payments of more than $4.2 million to be made by the Council through false invoicing to either themselves, or various entities. The ICAC is also investigating allegations that Mr Goodman solicited and received payments as an inducement or reward for showing favourable treatment to contractors. It is also alleged that Mr Goodman and other Council employees dishonestly exercised official functions to obtain financial benefits for themselves and others by using Council resources.

2014

NSW public officials and members of Parliament – allegations concerning corrupt conduct involving Australian Water Holdings Pty Ltd (Operation Credo)

The ICAC is investigating allegations that persons with an interest in Australian Water Holdings Pty Ltd (AWH) obtained a financial benefit through adversely affecting the official functions of Sydney Water Corporation (SWC) by: including expenses incurred in other business pursuits in claims made on SWC for work on the North West Growth Centre; drawing from funds allocated for other purposes; and preventing SWC from ascertaining the true financial position, including the level of the executives’ remuneration.

The Commission is also investigating whether public officials and others were involved in the falsification of a cabinet minute relating to a public private partnership proposal made by AWH intended to mislead the NSW Government Budget Cabinet Committee and obtain a benefit for AWH, and other related matters.

The Commission has been unable to progress the publication of the Operation Credo report owing to the criminal proceedings being conducted by the DPP against Mr Edward Obeid and Mr Moses Obeid. While those proceedings arise out of the Operations Cyrus and Jasper investigations, the Commission is of the view, in accordance with section 18 of the Independent Commission Against Corruption Act 1988, that the publication of the Operation Credo report during the currency of criminal proceedings may prejudice the right of the accused to a fair trial.

PAGE 27


As there are common elements to this investigation and Operation Spicer, the evidence taken in each operation is taken as evidence in both operations.

For information about the Operation Spicer report, published on 30 August 2016, visit this page.

In both operations Credo and Spicer, the Commission also investigated the circumstances in which false allegations of corruption were made against senior SWC executives.

b) Investigation Reports issued:

The following is a link to the ICAC reports publically listed:

Link: http://www.icac.nsw.gov.au/investigations/past-investigations

In the period 2 investigation reports were issued by the ICAC:

Casino Boolangle LALC – allegations concerning former chief executive officer and former administrative assistant (Operation Nestor) The ICAC investigated allegations that former Casino Boolangle Local Aboriginal Land Council (CBLALC) chief executive officer, Linda Stewart, and former CBLALC administrative assistant, Veronica Skinner, defrauded the CBLALC between 1 June 2010 and 12 October 2011 by issuing fraudulent invoices and certifying documentation to enable them to cash cheques drawn on the CBLALC bank account for their own benefit.

It was also alleged that, between 13 October 2011 and 5 September 2012, Ms Stewart defrauded the CBLALC by issuing fraudulent invoices and certifying documentation to enable her to cash cheques drawn on the CBLALC bank account for her own benefit. The alleged fraud totaled close to $80,000.

In its report on the investigation, made public on 23 February 2017, the Commission makes findings of serious corrupt conduct against Ms Stewart and Ms Skinner.

The ICAC is of the opinion that the advice of the Director of Public Prosecutions should be obtained with respect to the prosecution of Ms Stewart and Ms Skinner for offences of fraud pursuant to section 192E of the Crimes Act 1900 or, in the alternative, for offences of larceny by a servant pursuant to section 156 of the Crimes Act.

Gandangara LALC - allegations concerning chief executive officer and board members (Operation Greer) The ICAC investigated allegations concerning the Gandangara Local Aboriginal Land Council (GLALC) (Operation Greer), including that, between February 2007 and March 2014, GLALC board members partially exercised their official functions by agreeing to employment arrangements with GLALC CEO Mark Johnson under which his company, Waawidji Pty Ltd, derived benefits from the GLALC.

It was also alleged that Mr Johnson improperly exercised his public official functions, by: between March 2011 and April 2013, authorising the transfer of GLALC funds to Gandangara Future Fund Ltd; between 2009 and 2013, authorising the payment of GLALC funds for the benefit of Deerubbin, Walgett and La Perouse Local Aboriginal Land Councils, and partly for the benefit of Waawidji Pty Ltd; and between 2010 and 2014, claiming the provision of benefits from GLALC for himself or Waawidji Pty Ltd, including money, to which he knew he was not lawfully entitled.

In its report on the investigation, made public on 23 February 2017, the Commission makes findings of serious corrupt conduct against Mr Johnson. There are no findings of serious corrupt conduct made against members of the GLALC board.

PAGE 28


c) ICAC Other

On 6/2/2017 the ICAC released its publication: Report concerning corruption opportunities in the provision of maintenance services. The report is aimed at public officials who are accountable for decisions about facilities maintenance systems and public officials who oversee maintenance contracts. Action to be taken: Audit is to meet with relevant Council Managers to compare Councils current practices with the identified better practice outlined in the report. The results of this activity will be reported to the Audit Committee as part of the procurement audit planned for 2017. d) Office of Local Government (OLG) Public Enquiries

The public enquiries that are being undertaken by the OLG are detailed at the following link: http://www.olg.nsw.gov.au/public-inquiries No public enquiries were undertaken by the OLG in the period.

PAGE 29


C 1.2 Governance Health check

Audit Number

1

Background

In June 2004 the Independent Commission against Corruption (ICAC) and the Local Government Managers Association (LGMA) developed and released a Governance Health Check manual to:

assist Councils to better understand the elements of governance; and, Provide a simple tool for Councils to measure their progress in relation

to each of the elements on a continuous improvement scale. A full copy of the health check is available at the following link:

Guidance: Governance_Health_Check[1].pdf

Since 2005 the Council has regularly assessed its governance practices using this Governance Health check. Until 2014 the score attributable to Council was manually calculated.

In 2014 the LGMA developed a spread sheet which automatically calculates the Councils governance score. This has been used to assess the Councils governance activities in 2014/2015, 2015/16 and 2016/17.

Audit Objective

Undertake the annual Governance Health Check to ensure that Councils governance practices meet acceptable standards and comply with recommendations resulting from the ICAC/OLG, NSW Ombudsman and other regulatory bodies.

Scope The review was conducted at February 2017.

Method The following method was implemented:

a. Distributing the LGMA spreadsheet review to relevant staff responsible for the governance process and obtaining their input with respect to the implementation of the identified practices.

b. Review the resulting ratings and supporting evidence in coordination with the Senior Coordinator Executive Services.

c. Develop a Governance Improvement Plan where appropriate. Findings Refer to Table 2 below. As shown there has been a slight improvement in the

Councils Governance scorecard from 2016 reflecting the Councils continuous improvement focus.

The key area identified for improvement by using the checklist was:

Coordination of communications concerning Councils governance requirements between staff and Councillors/Others.

Note: It was identified that the ongoing comprehensive communication and awareness process that is currently in place with Council staff is not extended to Councillors and other relevant parties. As a result is it unclear whether governance processes are consistently applied across all Council activities.

Agreed Management Action

The areas identified for improvement have been discussed with the relevant Managers and timeframes have been agreed for implementation.

A comprehensive awareness/communication strategy has been developed and will be implemented from March 2017.

Note:

The Council reports annually on a quality of life indicator (QOL) concerning governance. This indicator was calculated to 2014 as the total of all scores over the 26 elements multiplied by a factor of 4.5. The maximum score that can be calculated to 2014 was 104. This method was devised in the absence of spread sheet.

PAGE 30


The LGMA spread sheet introduced in 2014 expresses the results as a percentage (out of 100%). For comparison reasons, the % scorecard is 92.68% which equates to 96.38 out of 104. This indicator is reported in the Annual Community Report.

Table 2:

Councils Governance Scorecard 2005 2008 2009 2010 2012 2013 2014

2014/15

2015/16

2016/17

Total of all 26 Elements (Table 1) 78 88 89 93 85.24 90 93.5 93.6 95.7 96.38

Maximum Score of all 26 Elements 104 104 104 104 104 104 104 104 104 104

% of THSC total to Maximum total 75% 85% 86% 89% 82% 87% 90%

90.01%

92.01%

92.68%

Elements multiplied by 4.5 (QOL factor) 351 396 400 418.5 369 405 421 421 431 434

Conclusion

For the information of the Audit Committee, the results of the audit activity were considered as satisfactory as an improvement was observed from 2016:

Satisfactory Effective governance processes are in place.

C 1.3 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash

Audit Number

14

Background

Goods and services that are purchased by an employee on behalf of Council for work related items may be claimed through a reimbursement. There are restrictions as to what staff will and will not be reimbursed for, and where possible purchasing must be through a purchase order.

The current process for reimbursement of Council expenses incurred by staff (including petty cash) was last updated in August 2016.

There are 5 petty cash floats across the organisation with amounts varying from $100 to $1,400. The custodians of these floats are responsible for reconciling and safe keeping of the petty cash float, and they are to ensure that the correct procedures are followed.

The Council also has corporate credit cards issued to staff. The purpose and use of the cards are outlined in the Procurement Cards Procedure.

The vendor and fuel cards are also referred to in the Procurement Cards procedure.

In December 2016 the process for petty cash reimbursements was put on-line (replaced the previous paper based system).

PAGE 31


Objective

The objective of the audit was to determine whether:

a) Authorised staff are approving staff reimbursements and an appropriate segregation of duties is in place

b) Reimbursed expenses are appropriate and in line with the Council policy/procedure

c) Councils purchasing guidelines are met Method Review the financial records in Councils finance system and procurement card

statements concerning reimbursements/office expense accounts/credit and vendor/procurement cards. Ensure appropriate supporting documentation is in place; ensure that expenditure is approved by staff with appropriate delegations; ensure that the Councils relevant procedures were in place.

Undertake surprise petty cash counts.

Scope Undertake the review for the period to 31 December 2016.

Findings Total Expenditure: Bunnings cards 2016 $92,105; 2015 $89,012 (3% increase). No exceptions noted. Credit cards: purchases reviewed. Exceptions followed up with staff. No material exceptions noted. Office Expenses: 2016 $179,402; 2015 $166,163. Majority of purchases related to stationary. Overall Conclusions: The expenditure across the organisation for staff reimbursements (including petty cash) has been consistent for three calendar years.

The office expenses account (2400) appears to be used for its intended purpose.

The use of Councils Credit cards was generally in line with the purchasing guidelines. It has been recommended that credit card statements be reviewed by the Finance area when received to ensure that the Councils purchase guidelines are in place. Where there appears to be exceptions, the statements should be referred to the relevant card holders manager for review and approval.

Conclusion

For the information of the Audit Committee, the results of the audit activity (based on the level of current activity) were considered:

Satisfactory Adequately managed.

C.2. Other: Audit Activities undertaken in the period since the last Audit Report to the Audit Committee identified as ‘in progress’ at 15 November 2016

C2.1 Sponsorship (Audit item 12 in the 2016 Internal Audit Plan) In 2016 the review of donations and sponsorship was referred to a consultant to review independently on behalf of the Council. The results of the review are to be reported to Council shortly. As an external review has been undertaken, an internal review has not been undertaken (inefficient use of resources). Once the result of the external review is known, the recommendations of that review will be followed up by Internal Audit where relevant.

PAGE 32


C2.2 Output Budgeting Audit Objectives and method: The overall aim of the review undertaken was to:

Gain an understanding of the Councils budget process; Determine whether the budgets process is effective and efficient in

achieving its aims; Determine whether legislative requirements are being met; Determine whether the budget process and the developed budget allows

the measurement and monitoring of outcomes against goals and Councils strategic outcome

Findings: Council had relevant policies and procedures in place that were up to date; Council had met the legislative requirements and timeframes as outlined in

the Local Government Act, 1993; Timely reporting was in place with respect to Council. An audit of the achievement of Councils KPI’s will be undertaken

separately (as part of the 2017 audit plan). Conclusion No recommendations have been raised as a result of this review. Budget monitoring with respect to procurement will be reviewed in detail as part of the procurement audit planned for 2017.

Satisfactory Effective control environment

C2.3 Rates (Audit item 9 in the 2016 Internal Audit Plan) To date, the external auditor (PWC) has reviewed the financial aspects of the rates process which tests the relevant controls, pensioner rebates, calculation, classification and rates reconciliations in place (that is, notices and assessments as well as income to rates notices issued).

The review of fire safety inspections (identified in the 2017 Internal Audit Plan) has provided Internal Audit with another source of information by which to compare to Council rate revenue with respect to ‘businesses’.

Audit has therefore combined the review of business rates income with the review of fire inspections to ensure that the Councils rates system results in information that is accurate, complete and valid. To date no exceptions have been noted, however final conclusions will not be made until the fire safety inspection review is completed (mid-March).The final results and conclusions concerning the review of fire safety inspections and ‘business rates’ will be reported in the next internal audit report to the Audit Committee.

PAGE 33


C2.4 Recruitment and Terminations (Audit item 11 in the 2016 Internal Audit Plan)

Audit Number

11

Background

In the period from 1/4/2015 to 7/10/2016 there were 129 recruits and 138 terminations. Total staff numbers and type at the review date was: 657 (part time staff counted as 1 – this is not Councils FTE), made up of:

Councilors: 11 Senior Staff: 4 Contract Staff: 46 Salaried Staff: 276 Sal PT Staff: 113 Wages Staff: 113 Wages PT: 2 Casual: 92

Relevant parts of the Local Government Act 1993 that need to be complied with: s348 – s354A.

Objective

Recruitment and Terminations was identified in the Internal Audit Plan for 2016. The rationale for this was based on the risks associated with factors such as:

Legislative exposure Resourcing impact Corruption risk (assessed as high by the ICAC).

The primary objectives of this review were to:

Ensure that Councils recruitment and termination practices are efficient and meet Councils legislative requirements and best practice. This area was identified as a high risk by the ICAC and within the Councils ERM system (Risk identified in the ERM (R000133) The recruitment process does not appoint on merit or organisation fit)

Secondary Objectives were to :

to assess the efficiency and effectiveness of the internal controls that are in place to manage the key risks arising from recruitment and termination related processes;

to provide Management with recommendations to strengthen the internal control environment and the efficiency and effectiveness of associated operational practices where applicable; and

to provide an independent opinion to Council’s General Manager, the Executive and the Audit Committee on the level of reliance that can be placed on existing internal controls with notification of further actions for improvement, as agreed by Management

Scope and method

The last internal audit undertaken reviewed Councils recruitment activities to 30 March 2015.

This audit reviewed Councils recruitment and termination practices in the period from 1 April 2015 to 7 October 2016 (18 months).

Audit did not review the efficiency of recruiting practices in this period, given that recruitment was suspended during the period to May 2016 because of potential ‘merger’ activity by the State Government. This aspect will be reviewed in future audits.

PAGE 34


Findings A number of instances were noted during the audit whereby the classification of personnel records in ECM was not appropriate or records were linked to the incorrect personnel file. These were referred to the relevant HR partner and have been corrected. Care should be taken concerning classification in ECM. One instance was found where the pay rate identified in the Letter of Offer was incorrect. This was identified by Payroll and the corrected in the payroll system. Following this instance both Payroll and HR have implemented processes to ensure timely communication of any further instance noted.

It was also noted that terminated staff were not being exited from Councils systems on a timely basis - leaving Councils systems open to access after the staff member had left the Council. Both Councils IT and Human Resource Teams have met and processes have been agreed to ensure that this risk is negated.

Conclusion Issues noted during the review are currently being addressed and corrected. This will be followed up by Internal Audit in April 2017. With the correction of these issues the result of the audit is considered:


C2.5 Procurement (Audit item 10 in the 2016 Internal Audit Plan)

In 2016 10 days were allocated to the review of tendering and use of consultants. This time has been added to the time allocated in the 2017 (Audit item 23) to allow the more comprehensive review of the Councils purchasing practices to be undertaken. This review is currently being undertaken and the results will be reported to the Audit Committee in the next Internal Audit Report. C3. Other activities undertaken by Audit C3.1 Investigations: Audit reviewed an investigation undertaken with respect to the payment of fines/penalties incurred with respect to Councils fleet. Recommendations have been made with respect to the deficiencies noted in this system. Implementation will be followed up in May 2017. C3.2 Review of the WHS External Action Plan: This action plan has been developed to ensure that the Councils WHS system reflects better practice. Internal Audit will follow-up the results of the Action Plan implementation in May 2017. C3.3 Audit reviewed the 2015/16 Acquittal and 2016 Annual Compliance Return with respect to NSW ADHC (Hills Community Care).

PAGE 35


Part D: Details of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations

Internal Audit monitors all the recommendations raised and agreed with management to ensure that they are implemented within agreed timeframes.

The Audit recommendations outstanding (including Management Comments) at 1 March 2017 are listed at Attachment 3.

D.1 Status of Recommendations

The following is a summary of the status of Internal Audit Reports issued.

It should be noted that although the following audit reports may be listed as ‘finalised’ the area/audit item will still be the subject of future audits.

D1.1 Reports issued to 1 March 2017, where recommendations are still to be implemented:

Reports Year Report Issued Expected Closure Timeframe

Policies and Procedures 2016 31/11/2017

Property Management 2016 30/3/2017

Payroll 2016 30/3/2017

Cash and Cash Related activities

2016 30/3/2017

Revenue (review of Key Controls)

2016 30/3/2017

Recruitment and Terminations

2016 30/3/2017

Fines/penalties with respect to Councils Fleet

2017 30/3/2017

D1.2 Reports issued where recommendations have been implemented in the period to 1 March 2017

The following lists the audits where all agreed recommendations have been addressed in the time period.

Reports Year Report Issued Closure Timeframe

Information Management 2016 30/11/2016

PAGE 36


Part E Internal Audit Key Performance Measures

The following indicators have been developed to measure the performance of Internal Audit and the Audit Committee:

E.1 Service Delivery Benchmarks.

2 or 11% of the audits listed in the Strategic Internal Audit Plan for the period

from 1 January 2017 to 31 December 2017 have been ‘completed’ to date (refer

Part B, Table 1 and Chart 1).

Number of findings implemented to date as a % of items raised in the Audit reports. As discussed at Part D and Attachment 3. Of the 1036 Audit recommendations agreed with Management, 98% (or 1021) have been implemented. Timeframes for the remaining outstanding recommendations are currently being followed up. These outstanding recommendations are detailed at Attachment 3.

On average the number of days between the end of fieldwork to the issue of the final audit reports is approximately 10 working days (Prior report: 10 days). This time includes the drafting of the audit report/finalisation of report; discussion of audit findings; and agreement of management action.

E.2 Cost Control benchmarks

The actual costs of the Internal Audit function to date have been made up of the salary and on costs of the Internal Auditor and the Risk Coordinator. In the period to 1 March 2017, the budget of the Internal Audit function was not exceeded.

The number of direct days spent on internal auditing (excluding hours spent on professional development and training) is 96% of the total days available. 260 days per year have been budgeted in the Internal Audit Strategic Plan.

E.3 Key Information to be reported in the Annual Community Report Concerning the Audit Committee

In the period from 1/7/2016 (Financial Year) to date the Audit Committee has met twice. The meeting times were:

16 August 2016;

12 December 2016

The Audit Committee membership and the number of meetings attended in in the period was as follows:

Mr M. Blair: 2

Mr T Bland: 2

Mayor: 2

Clr A. J. Hay OAM: 0

Clr Dr J. N. Lowe: 0

Adjunct Professor Jim Taggart OAM: 2

Clr M. G. Thomas: 2

PAGE 37


Attachment 1

Background to the: Internal Audit Function; the Audit Committee; and the audit reporting practices at The Hills Shire Council.

Background

1. Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.

Internal audit’s role is primarily one of providing independent assurance over the internal controls and risk management framework of the council. It should be noted that Management has primary day-to-day responsibility for the design, implementation, and operation of internal controls.

Within THSC the functions, powers, and accountabilities of Internal Audit are set out in the Internal Audit Charter which has been adopted by Council. Internal audit’s core competencies are in the area of internal control, risk and governance. Internal audit’s scope includes the following areas:

Reliability and integrity of financial and operational information Effectiveness and efficiency of operations and resource usage Safeguarding of assets Compliance with laws, regulations, policies, procedures and contracts Adequacy and effectiveness of the risk management framework. The Internal Audit function was created in June 2005. Within Local Government, where in place, the Internal Audit unit is typically made up of 1 or 2 staff members. Within THSC the Internal Audit Unit consists of the Internal Auditor. Projects can be undertaken with the assistance of the Risk Management Coordinator or specialists where required.

2. The Audit Committee plays a pivotal role in the Councils governance framework. It provides council with independent oversight and monitoring of the council’s audit processes, including the council’s internal controls activities. This oversight includes internal and external reporting, internal and external audit, and compliance. Given the key role of the Audit Committee, for it to be most effective it is important that it is properly constituted of appropriately qualified independent members.

The Audit Committee within THSC has been in operation since 2004. Councils Audit Committee is unique in Local Government in that the Committee meets in the public forum (times and dates of meetings are advertised on the Councils webpage) and currently has 3 independent community representatives on the Committee to ensure that there is transparency in Councils processes and the Council remains accountable to the community.

The current members of the Audit Committee are: The Mayor, Clr AJ Hay (OAM), Clr Dr JN Lowe, Clr MG Thomas, Mr Michael Blair, Mr Trevor Bland and Adjunct Professor Jim Taggart (OAM). At the beginning of each Council term the Council undertakes an EOI to obtain interests from suitably qualified community members to be part of the Audit

PAGE 38


Committee. The functions, powers and accountabilities of the Audit Committee are outlined in the Audit Committee Charter that has been adopted by Council.

3. Legislative Change

In June 2016 the Local Government Amendment (Governance and Planning) Bill 2016 was drafted to amend the Local Government Act 1993 (the Principal Act). In August 2016 the Bill passed through both Houses of the NSW Parliament. S428A of the Bill mandates that Councils put in place an Audit, Risk and Improvement Committee and outlines (in broad terms) what the role of the Committee will be. It is intended that s428A will be supported by a regulatory framework that is likely to comprise of prescription by regulation and operational guidance through guidelines. These guidelines will replace the Internal Audit Guidelines released by the OLG in 2010. Legislatively Councils have until 6 months after the next Council election to implement S428A of the Bill. This provides time for the OLG to consult and draft the necessary guidance and regulations, and Council to implement the required changes.

4. Best Practice

In 2010 the DLG released the Internal Audit Guidelines (http://www.dlg.nsw.gov.au/dlg/dlghome/documents/Information/Internal%20Audit%20Guidelines%20-%20September%202010.pdf. This guideline (the guideline) identifies best practice in local government with respect to Internal Audit and the Audit Committee. As outlined in the introduction, the guidelines were developed to encourage the creation of Internal Audit and Audit Committees in those Councils that did not have the function and to outline how the function should be developed (note: that at the time of the guideline release only approximately 20% of Councils had an Internal Audit function). At 2016 approximately 60% of Councils had in place an Audit Committee. As identified at 3. This guideline is currently being reviewed. It is expected that this will be updated in the next 6 to 12 months.

5. The Strategic Audit Plan

As identified at 3.5 of the DLG Internal Audit Guideline, the Internal Audit function within THSC has a strategic plan in place which is supported by annual plans.

The Strategic plan is based on a risk assessment of the council’s key strategic and operational areas to determine the appropriate timing and frequency of coverage of each of these areas. The plan includes audit judgment of areas that will also be reviewed despite not appearing as a high priority in the council’s risk profile. The plan is developed on a rolling cycle to reflect the terms of Council. The plan is also reviewed annually to ensure that it still aligns with the council’s risk profile. The 4 year Strategic Plan (2017 – 2020) was adopted by the Audit Committee on 12 December 2016. The audit plan covers the period from 1 January 2017 to 31 December 2020 to allow the plan to align with the term of Council.

PAGE 39


6. Reporting

Internal audit regularly communicates its findings and recommendations to the Audit Committee, General Manager and management of the areas audited through the Internal Audit Report.

The Internal Audit report normally includes background information, the audit objectives and scope, observations/findings/conclusions, key recommendations/ agreed management actions. The format of the report has been modified to satisfy the requirements of the Audit Committee and to reflect the guidelines.

Detailed audit working papers are not distributed to the Audit Committee as they are intended for internal use only. Where audit working papers have findings that are useful to other areas of council, internal audit will share this information on a limited basis. Internal audit working papers are shared with the council's external auditor, where requested, to assist them in the course of their work. Councillors and the community have access to the minutes of the Audit Committee (and the Internal Audit Report) as these are published on the Councils web page. The Internal Audit Report (and Audit Committee papers) is also referred to the Council for adoption to provide greater transparency and accountability.

PAGE 40


Attachment 2

THSC Risk Matrix

The Councils Risk Matrix (below) reflects the requirements of ASNZS ISO 31000 and has been developed in accordance with this standard.

Risk Matrix Table

Consequence Rating

A B C D E

Lik

eli

ho

od

Ra

tin

g

5 M H H E E

4 L M H H E

3 L M M H H

2 L L M M H

1 L L L M H

L = Low Risk M = Moderate Risk H = High Risk E = Extreme Risk

(Severe/Very High)

Consequence Definition Risk Factors Likelihood

Definition Financial

Reputation Business

Operations Work Health Safety Environment

Project Management

A Insignificant The event is of low consequence

1 Financial loss – Small increase in costs not in line with budget $500 or less

1 Unsubstantiated, low profile media exposure OR no media attention

1 No disruption to services or operations

1 Single minor injury to one person – no lost time OR Insignificant environment issues

1 Project close to time, budget and quality

1 Rare The event is only expected to occur in exceptional circumstances

B Minor The event may threaten a part of the organisation

2 Financial loss – Minor financial impact $501 to $10k

2 Substantiated, low impact, low media profile (not front page news)

2 Minor disruption to services or operations up to one day

2 Medically treated injury to one person, less than 5 days lost time OR Minor environment issues

2 Project has minor issue with time, budget or quality

2 Unlikely The event is not likely to occur

C Moderate The event may threaten many parts of the organisation

3 Financial loss – > $10k to $50k

3 Substantiated, public embarrassment, moderate media profile (front page, one day)

3 Some cessation to services and operations up to several days

3 Minor or medically treated Injury to several people, less than 10 days lost time OR Some environment issues

3 Project has issues with time, budget or quality

3 Possible The event may occur

D Significant The event may threaten achievement of business objectives

4 Financial loss – $50k to $200k

4 Substantiated, public embarrassment, high impact, major media attention (national for 1 week or more)

4 Total cessation to services and operations up to one week

4 Single death, or long term disabling injuries to one or more people OR Substantial environment issues

4 Project has substantial issues with time, budget or quality

4 Likely The event is likely to occur

E Severe The event may stop achievement of business objectives

5 Financial loss – > $200k

5 Substantiated, public embarrassment, multiple impacts, long lasting widespread media coverage, prosecution of Council or Officers

5 Total cessation to services and operations greater than one week

5 Multiple losses of life or permanent disability, plus extensive injuries to several people OR Severe environment issues

5 Large project has severe issues with time, budget or quality

5 Almost certain The event is already occurring or is expected to occur

PAGE 41


Att

ach

men

t 3

List

an

d S

tatu

s of

Ou

tsta

nd

ing

Au

dit

Rec

omm

end

atio

ns

agre

ed w

ith

Man

agem

ent

at 1

Mar

ch 2

01

7:

Rat

ing

s fo

r A

ud

it R

eco

mm

end

atio

ns

Ver

y H

igh

Ris

k (E

xtre

me)

Com

plet

e re

med

ial a

ctio

n w

ithin

2 w

eeks

or

earlie

r as

req

uire

d.

Hig

h Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

1 c

alen

dar

mon

ths

or a

s ag

reed

Mod

erat

e Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

3 c

alen

dar

mon

ths

or a

s ag

reed

Low

Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

4 c

alen

dar

mon

ths

or a

s ag

reed

Rec

onci

liati

on o

f O

uts

tan

din

g A

ud

it R

ecom

men

dat

ion

s at

1 M

arch

20

17

Dat

e o

f In

tern

al

Au

dit

Rep

ort

T

ota

l R

eco

mm

end

atio

ns

rais

ed b

y A

ud

it s

ince

20

05

(B

rou

gh

t Fo

rwar

d)

Rec

om

men

dat

ion

s R

aise

d

in t

he

per

iod

To

tal

To

tal

Rec

om

men

dat

ion

s im

ple

men

ted

b

y M

anag

emen

t s

ince

20

05

(B

rou

gh

t Fo

rwar

d)

Rec

om

men

dat

ion

s Im

ple

men

ted

in

th

e p

erio

d

Tota

l

Bal

ance

O

uts

tan

din

g

-b

ein

g

mo

nit

ore

d

by

Inte

rnal

Au

dit

30 J

une

2014

92

0

90

4 16

30 S

epte

mbe

r 20

14

920

11

931

904

18

922

9

31 M

arch

201

5 93

1 26

95

7 92

2 20

94

2 15

30 M

ay 2

015

957

10

967

942

13

955

12

30 J

une

2015

96

7 11

97

8 95

5 6

961

17

1 N

ovem

ber

2015

97

8 10

98

8 96

1 6

967

21

1 M

arch

201

6 98

8 5

993

967

18

985

8

1 M

ay 2

016

993

13

1006

98

5 1

986

20

30 J

une

2016

10

06

3 10

09

986

8 99

4 15

15 N

ovem

ber

2016

10

09

11

1020

99

4 12

10

06

14

1 M

arch

201

7 10

20

16

1036

10

06

15

1021

15

PAGE 42


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

C

ash

an

d c

ash

rel

ated

act

ivit

ies

1

Inde

pend

ent

Che

cks

of

the

Pett

y ca

sh a

re n

ot u

nder

take

n re

gula

rly

Ensu

re t

hat

cash

hel

d is

app

ropr

iate

ly

acco

unte

d fo

r.

M

An

audi

t of

all

pett

y ca

sh

float

s is

un

dert

aken

an

nual

ly b

y th

e Fi

nanc

e Te

am.

Last

au

dit

by

Fina

nce

was

und

erta

ken

in J

uly

2015

– a

noth

er

shou

ld o

ccur

in

the

next

3

mon

ths.

Man

ager

Fi

nanc

e

July

201

6

Com

plet

ed.

Inte

rnal

Aud

it un

dert

ook

a re

view

in

ea

rly

2017

.

2

Proc

urem

ent

card

s pr

oced

ure

(sec

tion

8.0)

doe

s no

t re

flect

th

e cu

rren

t pr

actic

e re

gard

ing

the

verific

atio

n of

pur

chas

es b

y th

e G

roup

M

anag

er/M

anag

er.

Proc

edur

e la

st u

pdat

ed M

arch

20

14.

Proc

edur

e is

out

of

date

and

doe

s no

t pr

ovid

e ad

equa

te

guid

ance

. Pu

rcha

sing

act

iviti

es d

o no

t sa

tisfy

the

Cou

ncils

pur

chas

ing

proc

edur

e.

M

Proc

urem

ent

Car

d Pr

oced

ure

be

upda

ted

and

dist

ribu

ted

Man

ager

Fi

nanc

e

July

201

6

Com

plet

e. P

roce

dure

U

pdat

ed.

PAGE 43


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

3

Sta

ff

who

ar

e is

sued

w

ith

the

proc

urem

ent

card

be

ad

vise

d of

the

req

uire

men

ts

of u

se;

the

proc

edur

e m

ay

need

upd

atin

g to

ref

lect

the

us

e of

the

car

d.

Sta

ffs

are

awar

e of

the

lim

itat

ions

in

ha

ving

a

proc

urem

ent

card

. Cou

ncil’

s go

vern

ance

re

quir

emen

ts a

re in

pla

ce.

M

Sta

ff

to

sign

of

f on

th

e co

nditio

ns o

f us

e of

pr

ocur

emen

ts

card

s w

hen

the

card

s ar

e is

sued

.

Cre

dit

card

st

atem

ents

ar

e re

view

ed

by

Fina

nce

once

re

ceiv

ed

to

ensu

re

that

pu

rcha

sing

is

in

lin

e w

ith

the

Cou

ncils

pu

rcha

sing

gui

delin

es.

Whe

re e

xcep

tions

are

no

ted

thes

e st

atem

ents

(a

nd

supp

ortin

g do

cum

ents

) sh

ould

be

refe

rred

to

th

e ca

rd

hold

ers

man

ager

fo

r re

view

and

app

rova

l.

Man

ager

Fi

nanc

e

May

201

7 In

pr

ogre

ss.

All

card

hold

ers

are

still

to

si

gn

the

upda

ted

proc

edur

e.

Fina

nce

to

impl

emen

t pr

oces

s co

ncer

ning

cr

edit

card

sta

tem

ents

4

Proc

urem

ent

card

s pu

rcha

ses

som

etim

es

exce

ed t

he a

mou

nt o

utlin

ed

in t

he p

roce

dure

Purc

hase

s do

no

t m

eet

the

requ

irem

ents

of

th

e pr

oced

ure

alth

ough

the

y ar

e re

quir

ed f

or t

he

cont

inui

ty o

f se

rvic

e M

Con

side

ration

be

gi

ven

to

incr

easi

ng

the

daily

sp

end

limit

and

dele

ting

the

mon

thly

sp

end

limit

on t

he v

endo

rs c

ard.

Man

ager

Fi

nanc

e

July

201

6

Com

plet

e.

Proc

edur

e U

pdat

ed.

PAGE 44


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

5

Pett

y ca

sh

vouc

hers

w

ere

sign

ed b

y st

aff

who

did

not

ha

ve

the

appr

opri

ate

finan

cial

del

egat

ion

Ensu

re

that

ag

reem

ents

ar

e ap

prop

riat

ely

auth

oris

ed

M

Fina

nce

active

ly

revi

ews

the

pett

y ca

sh

vouc

hers

pr

esen

ted

to

it

to

ensu

re

that

th

ey

satisf

y th

e re

leva

nt

proc

edur

e an

d ar

e si

gned

by

an

ap

prop

riat

ely

dele

gate

d of

ficer

.

Man

ager

Fi

nanc

e

July

201

6

Com

plet

e. P

roce

ss

now

‘o

n lin

e’,

Fina

nce

revi

ews

dele

gatio

n.

6

Floa

ts

mad

e av

aila

ble

whe

re

not

appr

opri

atel

y ac

coun

ted

for

Mon

ies

unac

coun

ted

for.

M

Fina

nce

to

follo

w

up

the

reim

burs

emen

t of

ad

vanc

es

mad

e an

d flo

ats

mad

e av

aila

ble

to

the

Civ

ic

Even

ts

team

.

Man

ager

Fi

nanc

e Ju

ly 2

016

Com

plet

e.

Adv

ance

s re

turn

ed.

Proc

edur

es

tight

ened

.

In

form

atio

n M

anag

emen

t

7

Altho

ugh

a lis

t of

Cou

ncils

sy

stem

s ha

d be

en c

ompi

led

it w

as n

oted

tha

t it w

as n

ot

com

plet

e. Th

e IT

M

anag

er

is c

urre

ntly

upd

atin

g th

e lis

t an

d ob

tain

ing

clar

ifica

tion

th

at

all

key

data

ke

pt

in

thes

e sy

stem

s is

als

o be

ing

mai

ntai

ned

in t

he C

ounc

ils

corp

orat

e sy

stem

.

Cou

ncils

Cor

pora

te R

ecor

d is

not

co

mpl

ete.

M

A

com

plet

e lis

t of

sy

stem

s cu

rren

tly

bein

g us

ed b

y Cou

ncil

is

unde

rtak

en

and

assu

ranc

e is

gi

ven

that

ke

y in

form

atio

n is

bei

ng m

aint

aine

d in

th

e Cou

ncils

co

rpor

ate

reco

rd.

Man

ager

- I

T

Aug

ust

2016

Com

plet

e.

List

no

w

com

pile

d.

Info

rmat

ion

in

thes

e sy

stem

s is

be

ing

revi

ewed

by

IT to

en

sure

th

at

the

Cou

ncils

co

rpor

ate

syst

em

is c

ompl

ete.

PAGE 45


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

P

olic

ies

and

Pro

ced

ure

s

8

Cou

ncil’

s po

licy

docu

men

tation

ha

s no

t be

en u

pdat

ed a

nd f

orm

ally

ap

prov

ed

on

a pe

riod

ic

basi

s.

Polic

y do

cum

enta

tion

may

not

be

curr

ent

or a

ppro

pria

tely

app

rove

d M

Polic

y do

cum

enta

tion

be

up

date

d an

d fo

rmal

ly a

ppro

ved.

Coo

rdin

ator

–

Exec

utiv

e Ser

vice

s

Nov

embe

r 20

17

In p

rogr

ess

9

A

num

ber

of

Cou

ncils

pr

oced

ures

w

ere

not

upda

ted

withi

n ag

reed

tim

efra

mes

.

Proc

edur

es b

eing

im

plem

ente

d by

st

aff

may

be

inco

rrec

t or

out

of

date

. M

Proc

edur

al

docu

men

tation

will

be

upda

ted

by

30

Nov

embe

r 20

16.

Coo

rdin

ator

–

Exec

utiv

e Ser

vice

s

Nov

embe

r 20

16

Com

plet

e.

Upd

ated

10

Cou

ncil

staf

f do

not

rec

eive

fo

rmal

tr

aini

ng

conc

erni

ng

the

impl

emen

tation

of

Cou

ncils

po

licie

s an

d pr

oced

ural

req

uire

men

ts

Polic

y an

d pr

oced

ural

re

quir

emen

ts

may

no

t be

im

plem

ente

d re

sulti

ng

in

non-

com

plia

nce.

M

The

indu

ctio

n pr

oces

s be

mod

ified

to

ensu

re

that

new

sta

ff r

ecei

ve

trai

ning

co

ncer

ning

th

e po

licie

s an

d pr

oced

ures

re

leva

nt

to

thei

r re

spon

sibi

litie

s.

Man

ager

-

HR

Nov

embe

r 20

16

In p

rogr

ess

P

rop

erty

Man

agem

ent

11

The

revi

ew

of

the

man

agem

ent

of

the

cond

itio

ns

of

the

licen

ces/

leas

es

has

iden

tifie

d th

at

a fu

rthe

r au

dit/

follo

w up

is

requ

ired

to

ens

ure

that

utilit

y co

sts

are

bein

g pa

ssed

on

to

less

ees

whe

re r

equi

red.

Util

ity

cost

s m

ay n

ot b

e re

cove

red

whe

re a

pplic

able

L

Aud

it

follo

w

up

with

Fina

nce

the

proc

ess

in

plac

e to

en

sure

th

at

Utilit

y co

sts

are

bein

g re

cove

red.

Inte

rnal

Aud

it/M

anag

er F

inan

ce

Mar

ch 2

017

PAGE 46


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

P

ayro

ll

12

Out

door

st

aff

usin

g m

yflo

so

ftw

are

to

proc

ess

thei

r tim

eshe

ets

do

not

nece

ssar

ily

have

un

ique

si

gn o

n pa

ssw

ords

.

Tim

eshe

et da

ta ca

n be

ch

ange

d an

d st

aff

cann

ot

nece

ssar

ily

be

held

re

spon

sibl

e fo

r th

e in

form

atio

n en

tere

d

M

Out

door

st

aff

be

issu

ed

with

uniq

ue

pass

wor

ds.

Man

ager

IT

Mar

ch 2

017

R

even

ue

(Rev

iew

of

Key

Con

trol

s)

13

The

allo

cation

of

du

ties

w

ithi

n th

e Fi

nanc

e Te

am i

s no

t pr

ovid

ing

the

inde

pend

ent

revi

ew

requ

ired

to

en

sure

th

at

ther

e is

a

segr

egat

ion

of

dutie

s.

Seg

rega

tion

of d

utie

s no

t in

pla

ce

M

Whe

re

appr

opri

ate,

op

erat

iona

l re

spon

sibi

litie

s be

al

loca

ted

to

the

corr

ect

posi

tion

s.

Man

ager

Fi

nanc

e

Mar

ch 2

017

14

Com

plet

e pr

oced

ural

do

cum

enta

tion

is

no

t in

pl

ace

to

ensu

re

that

pr

oces

ses

are

cons

iste

ntly

ap

plie

d by

th

e Fi

nanc

e Te

am

Proc

esse

s m

ay

be

not

be

cons

iste

ntly

im

plem

ente

d ac

ross

th

e Fi

nanc

e Te

am.

Unn

eces

sary

re

lianc

e pl

aced

on

th

e Fi

nanc

ial

Acc

ount

ant

to di

rect

st

aff

belo

w

her.

M

Proc

edur

al

docu

men

tation

to

be

cr

eate

d an

d m

ade

avai

labl

e to

st

aff

withi

n th

e Fi

nanc

e Te

am

Man

ager

Fi

nanc

e

Mar

ch 2

017

Cur

rent

ly

bein

g w

ritt

en

up.

90%

co

mpl

ete.

G

over

nan

ce H

ealt

h C

hec

k

PAGE 47


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

15

An

action

pl

an

has

been

de

velo

ped

to

ensu

re

that

th

e Cou

ncils

G

over

nanc

e Pr

oces

ses

refle

ct

best

pr

actic

e.

A

key

action

to

be

un

dert

aken

is

to e

nsur

e th

e co

ordi

nation

of

co

mm

unic

atio

ns c

once

rnin

g Cou

ncils

go

vern

ance

re

quir

emen

ts b

etw

een

staf

f an

d co

unci

llors

an

d ot

her

rele

vant

par

ties

.

Cou

ncil’

s go

vern

ance

pr

oces

ses

may

not

be

cons

iste

ntly

app

lied.

M

Act

ion

Plan

be

im

plem

ente

d

Rel

evan

t M

anag

er

iden

tifie

d in

th

e Act

ion

Plan

Dec

embe

r 20

17

R

ecru

itm

ent

and

Ter

min

atio

ns

16

Tem

pora

ry S

taff

One

te

mpo

rary

st

aff

mem

bers

was

em

ploy

ed f

or

grea

ter

than

12

mon

ths

O

ne

staf

f m

embe

r w

as

plac

ed

into

a

casu

al

posi

tion

w

itho

ut

adve

rtis

ing/

re

fere

nce

chec

ks e

tc.

This

per

son

has

been

em

ploy

ed

in

the

Cou

ncil

for

over

12

mon

ths.

Thes

e ap

poin

tmen

ts

cont

rave

ne

the

requ

irem

ents

of

the

Act

whi

ch

outlin

es

that

su

ch

appo

intm

ents

ca

n be

fo

r a

max

imum

of

12

m

onth

s (N

ote:

th

ese

appo

intm

ents

by

pass

ad

vert

isin

g an

d m

erit

cons

ider

atio

ns

of

recr

uitm

ent)

.

M

Tem

pora

ry

staf

f m

embe

rs

are

empl

oyed

fo

r a

max

imum

of

12

m

onth

s as

out

lined

in

the

Act

. Ti

mel

y ac

tion

be

ta

ken

conc

erni

ng

the

man

agem

ent

of

thes

e ar

rang

emen

ts

to e

nsur

e th

at t

he A

ct

is n

ot c

ontr

aven

ed

Man

ager

-

WSABI

Impl

emen

ted.

Com

plet

ed.

Act

ion

now

ta

ken

by

Cou

ncil

PAGE 48


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

17

Prob

atio

nary

and

Ind

uction

Rec

ords

Fr

om t

he t

estin

g pe

rfor

med

on

10

%

(13)

of

ne

w

recr

uits

, it w

as n

oted

tha

t in

so

me

inst

ance

s pr

obat

iona

ry a

nd i

nduc

tion

reco

rds

wer

e no

t lin

ked

to

the

rele

vant

sta

ff m

embe

r’s

pers

onne

l file

.

In

som

e in

stan

ces

the

rele

vant

doc

umen

tation

had

no

t be

en

dist

ribu

ted

mea

ning

th

at

the

activi

ty

was

not

und

erta

ken:

Pers

onne

l re

cord

s ar

e no

t co

mpl

ete.

Key

HR p

roce

sses

not

in

pla

ce.

Key

HR p

roce

sses

be

unde

rtak

en a

nd li

nked

to

th

e re

leva

nt

Sta

ff

mem

ber’s

pers

onne

l fil

e to

ens

ure

that

the

fil

e is

co

mpl

ete.

Rec

ruitm

ent

unde

rtak

en

does

no

t ap

pear

to

be

ex

cess

ive

and

it

is

uncl

ear

why

re

cord

s ar

e no

t co

mpl

ete.

Man

ager

-

WSABI

Impl

emen

ted.

Com

plet

ed.

Rec

ords

ar

e no

w

linke

d to

th

e re

leva

nt file

.

18

Lett

er o

f O

ffer

Fr

om t

he t

estin

g pe

rfor

med

on

10%

of

new

rec

ruits,

it

was

no

ted

that

in

on

e in

stan

ce (

2008

) a

lett

er o

f of

fers

w

ere

not

linke

d to

th

e pe

rson

nel

file.

Thi

s st

ill

has

not

been

loca

ted.

Pers

onne

l re

cord

s ar

e no

t co

mpl

ete.

Key

HR p

roce

sses

not

in

pla

ce.

M

Lett

er

of

offe

rs

be

linke

d to

th

e pe

rson

nel f

ile

Man

ager

-

WSABI

Impl

emen

ted.

Com

plet

ed.

Rec

ords

ar

e no

w

linke

d to

th

e re

leva

nt file

.

PAGE 49


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

19

Use

of ag

ency

sta

ff

Cur

rent

ly

staf

f co

ntra

cted

th

roug

h an

em

ploy

men

t ag

ency

do

no

t ha

ve

a pe

rson

nel

file

withi

n Cou

ncil.

Altho

ugh

it

has

been

in

dica

ted

that

ap

prop

riat

e ch

ecks

(i

nclu

ding

w

orki

ng

with

child

ren

chec

ks,

are

perf

orm

ed

and

indu

ctio

ns

etc.

un

dert

aken

, ev

iden

ce

coul

d no

t be

sig

hted

.

Cou

ncil’

s re

cord

s ar

e no

t co

mpl

ete

or e

ffec

tive

. M

H

R

inve

stig

ates

m

etho

ds

to

ensu

re

the

effe

ctiv

e m

anag

emen

t of

re

cord

s w

ith

resp

ect

to

‘age

ncy

staf

f’ w

ithi

n Cou

ncils

sy

stem

s.

Man

ager

-

WSABI

Mar

ch 2

017

App

ropr

iate

do

cum

enta

tion

to

be

sc

anne

d an

d fil

ed

withi

n Cou

ncils

sys

tem

s.

20

Impl

emen

tation

of

2.

5 Cas

ual,

Tem

pora

ry

and

agen

cy s

taff g

uide

line

It

appe

ars

that

M

anag

ers

have

em

ploy

ed

som

e ag

ency

st

aff

dire

ctly

by

pass

ing

HR

in

cont

rave

ntio

n to

th

is

guid

elin

e.

Cou

ncils

pro

cedu

ral

requ

irem

ents

m

ay n

ot b

e in

pla

ce

M

HR

ensu

res

that

al

l Cou

ncil

staf

f is

aw

are

of

the

requ

irem

ents

of

thi

s pr

oced

ure

and

that

the

pro

cedu

re i

s im

plem

ente

d.

Man

ager

-

WSABI

Mar

ch 2

017

21

Con

flict

s of

Int

eres

t Th

e di

sclo

sure

of

co

nflic

ts

of in

tere

st is

not

par

t of

the

re

crui

tmen

t pr

oces

s.

Con

flict

s of

int

eres

t m

ay n

ot b

e di

sclo

sed

duri

ng th

e re

crui

tmen

t pr

oced

ure.

Cod

e O

f Con

duct

re

quir

emen

ts m

ay n

ot b

e in

pla

ce.

M

The

form

al

decl

arat

ion

of

CO

I sh

ould

be

incl

uded

as

part

of

th

e re

crui

tmen

t pr

oces

s

Man

ager

-

WSABI

Mar

ch 2

017

To b

e re

view

ed b

y Aud

it

PAGE 50


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

22

Use

of

Con

trac

t Em

ploy

men

t Com

pani

es

It w

as n

oted

in

the

peri

od

that

co

ntra

ct

staf

f w

ere

empl

oyed

thr

ough

Ess

ential

App

oint

men

ts $

93k

and

My

Gat

eway

$4

34k.

Bot

h ar

rang

emen

ts

did

not

satis

fy t

he r

equi

rem

ents

of

the

Cou

ncils

pu

rcha

sing

gu

idel

ines

. Th

e us

e of

M

y G

atew

ay

was

in

co

ntra

vent

ion

of s

55 o

f th

e Lo

cal

Gov

ernm

ent

Act

. Fo

rmal

con

trac

ts a

re n

ot i

n pl

ace

with

eith

er c

ompa

ny.

Con

trav

ention

of

th

e Cou

ncils

pu

rcha

sing

gu

idel

ines

/ten

deri

ng

requ

irem

ents

of th

e Act

.

Poor

con

trac

t m

anag

emen

t

H

HR

ensu

res

that

ap

prop

riat

e co

ntra

cts

are

in

plac

e fo

r al

l ‘a

genc

y st

aff’.

Th

ese

satisf

y Cou

ncils

pr

oced

ural

an

d le

gisl

ativ

e re

quir

emen

ts.

Man

ager

-

WSABI

Mar

ch 2

017

Thes

e fir

ms

are

no

long

er u

sed

thes

e co

mpa

nies

to

so

urce

st

aff.

M

onie

s sp

ent

are

the

sala

ries

to

the

rele

vant

sta

ff t

hat

are

wer

e em

ploy

ed t

hrou

gh

cont

ract

s th

at a

re

still

cur

rent

PAGE 51


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

23

Tim

ely

setu

p of

st

aff

in

Cou

ncils

IT

syst

ems.

Fr

om t

he r

evie

w o

f 29

new

st

arte

r re

cord

s pr

oces

sed

thro

ugh

the

‘New

st

arte

r w

orkf

low

in

EC

M’

it

was

id

entifie

d th

at

the

wor

kflo

ws

crea

ted

by

the

New

Sta

rter

Pro

cess

do

not

appe

ar t

o be

adh

ered

to

in

a la

rge

perc

enta

ge o

f ca

ses

mea

ning

tha

t st

aff

are

not

bein

g se

t up

on

a

timel

y ba

sis

in C

ounc

ils s

yste

ms.

New

Sta

rter

s m

ay n

ot b

e se

t up

in

Cou

ncils

sy

stem

s on

a

tim

ely

basi

s.

One

of

the

dang

ers

in n

ot h

avin

g ac

cess

av

aila

ble

from

th

e co

mm

ence

men

t of

th

e em

ploy

men

t is

th

e te

nden

cy

to

shar

e lo

gons

to

allo

w t

he s

taff t

o w

ork.

M

This

pr

oces

s be

st

anda

rdis

ed

and

impl

emen

ted

on

a tim

ely

basi

s.

Part

of

th

e is

sue

is

the

empl

oyee

do

es

not

exis

t in

Cou

ncils

EC

M

syst

em

until

afte

r th

e re

ques

t ha

s be

en pr

oces

sed.

Th

is

mak

es

it

impo

ssib

le

for

HR

to

link

the

reco

rd

to

the

empl

oyee

in

dex

mak

ing

the

data

di

ffic

ult

to f

ind

in E

CM

or

Pho

enix

.

Man

ager

-

WSABI

Mar

ch 2

017

Proc

ess

now

im

plem

ente

d.

Aud

it t

o re

view

.

24

Tim

ely

term

inat

ion

of s

taff

in C

ounc

ils I

T sy

stem

s.

This

pro

cess

app

ears

to

be

faili

ng i

n th

at a

ll st

aff

are

not

bein

g ex

ited

fr

om th

e sy

stem

on

thei

r ex

it da

te.

Cou

ncils

te

rmin

ated

st

aff

is

not

alw

ays

exited

fr

om

Cou

ncils

sy

stem

s on

a

tim

ely

basi

s.

Leav

ing

Cou

ncils

sys

tem

s op

en t

o ac

cess

aft

er t

he s

taff m

embe

r ha

s le

ft t

he C

ounc

il.

M

Ref

er t

o 23

Man

ager

-

WSABI

Mar

ch 2

017

Proc

ess

now

im

plem

ente

d.

Aud

it t

o re

view

.

PAGE 52


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

25

Rol

e Sta

tem

ents

Fr

om t

he t

estin

g pe

rfor

med

on

10

%

(13)

of

ne

w

recr

uits

, it w

as n

oted

tha

t in

so

me

inst

ance

s ro

le

stat

emen

ts

wer

e no

t in

pl

ace.

Sta

ff

are

empl

oyed

w

itho

ut

a cl

ear

unde

rsta

ndin

g of

the

ir r

oles

an

d re

spon

sibi

litie

s.

M

Rol

e st

atem

ents

sh

ould

be

in p

lace

for

ea

ch

posi

tion

in

Cou

ncil.

Man

ager

-

WSABI

Aug

ust

2017

Fi

nes

/P

enal

ties

(C

oun

cils

Fle

et)

26

Cou

ncil’

s pr

oces

ses

did

not

ensu

re

the

timel

y pr

oces

sing

and

pay

men

t of

SD

RO

fin

es.

Dem

erit

poin

ts

not

corr

ectly

appl

ied.

In

flate

d fin

es/p

enal

ties

incu

rred

by

Cou

ncil.

M

Rev

ised

pr

oced

ures

be

impl

emen

ted

Plac

e M

anag

er

–W

est

War

d

May

201

7

27

The

outs

tand

ing

fines

/pen

alties

w

orkf

low

is

no

t re

ferr

ed

to

the

appr

opri

ate

leve

l in

Cou

ncil

to e

nsur

e tim

ely

proc

essi

ng

and

paym

ent.

Fine

s no

t ad

dres

sed

on a

tim

ely

basi

s. P

enal

ties

incu

rred

M

Out

stan

ding

fin

es/p

enal

ties

w

orkf

low

is

di

rect

ed

to

the

Gen

eral

M

anag

er.

Man

ager

IT

M

arch

201

7

Wor

kflo

w u

pdat

ed.

28

The

Cou

ncils

fac

ilities

pol

icy

is n

ot c

lear

with

resp

ect

to

the

resp

onsi

bilit

y of

Cou

ncill

ors

with

resp

ect

to

fines

/pen

alties

in

curr

ed

whe

n us

ing

Cou

ncils

fle

et

(Cou

ncill

ors

car)

.

Alth

ough

as

sum

ed

that

fin

es/p

enal

ties

ar

e pa

id

whe

re

incu

rred

, th

is i

s no

t cl

ear

in t

he

faci

litie

s po

licy.

M

Con

side

ration

is

give

n to

cl

arify

ing

resp

onsi

bilit

y fo

r fin

es/p

enal

ties

et

c.

incu

rred

by

th

e Cou

ncill

ors/

May

or

in

the

faci

litie

s po

licy.

Sen

ior

Coo

rdin

ator

- G

over

nanc

e Ser

vice

s

Nov

embe

r 20

17

PAGE 53


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at 1

Mar

ch

20

17

29

Fine

s in

curr

ed w

ith

resp

ect

to t

he M

ayor

s ca

r ar

e no

t pr

oces

sed

in t

he s

ame

way

th

at

fines

in

curr

ed

by

Cou

ncil

staf

f ar

e pr

oces

sed

Dem

erit

poin

ts

may

no

t be

ap

plie

d/

exce

ss

fines

an

d pe

naltie

s in

curr

ed b

y Cou

ncil.

M

The

deta

ils

of

the

May

or a

re p

rovi

ded

to

the

Plac

e M

anag

er –

Wes

t W

ard

to e

nsur

e th

e tim

ely

notific

atio

n to

th

e SD

RO

of

fin

e in

form

atio

n. I

t is

the

re

spon

sibi

lity

of

the

May

ors/

Cou

ncill

ors

PA

to

notify

th

e Pl

ace

Man

ager

– W

est

war

d of

th

ese

deta

ils

shou

ld

the

May

or

chan

ge.

Plac

e M

anag

er

– W

est

War

d;

PA

to

May

or/C

oun

cillo

rs

May

201

7

30

Log

book

s co

ncer

ning

th

e Cou

ncill

ors

Car

ar

e in

com

plet

e.

Cou

ncil

may

no

t be

ab

le

to

iden

tify

who

has

inc

urre

d a

fine

whe

n th

e Cou

ncill

ors

car

is u

sed

resu

ltin

g in

pe

naltie

s be

ing

incu

rred

by

Cou

ncil

M

Log

book

s be

m

aint

aine

d an

d co

mpl

eted

.

Plac

e M

anag

er

– W

est

War

d

May

201

7

PAGE 54


ATTACHMENT 1

Internal Audit Report

At 15 May 2017

PAGE 55

mpereira

Text Box

ATTACHMENT 2

mpereira

Text Box


Part A: Executive Summary

1. Audit Activity to 15 May 2017

From 1 January 2017 Internal Audit has been addressing Year 1 (2017) of its 4 year Strategic Audit Plan. This plan was adopted by the Audit Committee at its meeting on 12 December 2016.

For the calendar year to 15 May 2017, Internal Audit has completed 6 or 33% of its 18 planned audits within budget.

The audits undertaken are detailed at Part B and C of this report. Audits completed in the period include:

Risk Management

Fraud and Corruption mitigation strategy/associated processes

Information Technology/Systems


At 15 May 2017, the number of direct days spent on internal auditing was 96% of the total days available and Management had implemented 98% of the agreed audit recommendations.

2. For the Information of the Committee

2.1 Governance and Legislative Changes

Since the last report to the Audit Committee the following relevant documents were released in March and May 2017 by the Office of Local Government (OLG): Circular 17-04 http://www.olg.nsw.gov.au/news/17-04-topics-local-government-performance-audit-auditor-general-nsw This circular outlines the topics of the performance audits to be undertaken by the Audit Office of NSW. These audits are discussed in detail in a separate report for the Audit Committee (refer) Circular 17-06 http://www.olg.nsw.gov.au/news/17-06-commencement-phase-1-amendments-%E2%80%93-overview A table outlining the commencement date for each of the Phase 1 amendments to the Local Government Act 1993 made by the Local Government Amendment (Governance and Planning) Act 2016 (the Phase 1 Amendments) is attached to this circular. The table also identifies those provisions that are yet to commence. Of note, the following provisions had ‘Yet to Commence’ at the date of the circular: INTEGRATED PLANNING AND REPORTING (IP&R) � Streamlined IP&R requirements GOVERNANCE Induction and professional development for mayors and councillors � New requirements for the provision of, and reporting on, induction and ongoing professional development programs for mayors and councillors Model Code of Conduct and Procedures � Consolidation of the pecuniary interest provisions into the Model Code of Conduct for Local Councils in NSW

PAGE 56


Model Code of Meeting Practice � Prescription of a new Model Code of Meeting Practice � Councils will not be required to adopt a new Meeting Code based on the Model Meeting Code until after the next ordinary election following commencement Meetings – reduced number � One-off opportunity for prescribed councils to seek the approval of the Minister for Local Government to reduce the minimum number of council meetings to less than 10 a year Councillors – reduced number � One-off opportunity for prescribed councils to seek the approval of the Minister for Local Government to reduce their councillor numbers (without a constitutional referendum) PERFORMANCE MEASUREMENT FRAMEWORK � Prescription of a performance measurement framework for councils AUDIT COMMITTEES, INTERNAL AUDIT AND RISK Audit, risk and improvement committees � Requirement for councils to appoint audit, risk and improvement committees � Councils will not be required to appoint an audit, risk and improvement committee until 6 months after the next ordinary election following commencement With respect to ‘Audit Committees, risk and improvement committees’ - guidance or regulations supporting Part 4A – Internal Audit, S428A Local Government Amendment (Governance and Planning) Act 2016 have yet to be provided by the Office of Local Government. Once these are released they will be forwarded to the Audit Committee. Circular 17-07to commenced or soon to commence) http://www.olg.nsw.gov.au/news/17-07-update-integrated-planning-and-reporting-manual-%E2%80%93-request-feedback

2.2 External Reviews

ICAC review of the City of Botany Bay Council

The ICAC report concerning this investigation has not yet been released. This report is expected to be released by 1 July 2017.

OLG: Auburn City Council Public Enquiry

The OLG’s final report concerning the public enquiry into practices at Auburn City Council was released on 9 March 2017. The report is available at the following link:

http://www.olg.nsw.gov.au/sites/default/files/Beasley%20SC%20%28Commissioner%29%20-%20Public%20Inquiry%20into%20Auburn%20City%20Council%20-%20Report.pdf

Section 18 of this report titled ‘Recommendations’ (pages 229 to 234) outline the recommendations of this enquiry. As stated, there are a number of legislative and Code of Conduct changes that are being initiated and implemented by the OLG. With the implementation of these changes, it is expected that the majority of recommendations will be addressed. Of interest to the Audit Committee is the statement in paragraph 855: ‘Mr May has also recommended that a senior member of Council staff be appointed as an internal ombudsman to deal with matters such as conflict between councillors and council staff and circumstances where attempts are being made to improperly influence them.’ Within THSC, the Corporate Lawyer/Public Officer fulfils the role of an internal ombudsman.

3. External Audit

3.1 Performance Audits

Please refer to previous comments (2.1).

PAGE 57


3.2 Client Service Plan

In May 2017, the Audit Office forwarded to Council their Client Service Plan which outlines the focus of their external 2016/17 Financial Audit.

The key issues identified by the Audit Office include:

Asset Management risk and fair value of infrastructure, property plant and Equipment

The Audit Office will focus on the management’s process for determining and agreeing fair value and the impact of Councils asset management/maintenance plans on determining useful life.

Developer Contributions

The Audit Office will focus on Councils systems for capturing and recording developer contributions accurately and in a timely manner. Cut-off testing will also be performed.

Capital Expenditure

The Audit Office will review the Councils allocation between recurrent and capital costs; componentisation of project costs into separate assets; timeliness of updates to the asset registers; process of capitalising WIP.

Procurement and contract management risk

The Audit Office will review tendering procedures to identify any probity and related party issues.

Related Party Disclosure

The Audit Office will audit the related party disclosures of Council to ensure that they comply with AASB 124.

The focus of the Audit Office procedures is on year end testing to ensure that Councils financial statements are materially correct.

Impact on adopted Internal Audit Plan

To ensure the effectiveness and efficiency of Internal Audit the abovementioned Client Service Plan has been compared to the adopted Internal Audit Plan for 2017 to ensure that Internal and External Audit are not reviewing the same audit topics. This comparison has identified that the audit topic: Procurement and contract management risk is planned to be reviewed by both Internal and External Audit and a potential inefficiency may exist. To ensure that this inefficiency does not exist, the Internal Audit will focus on procurement below the tender threshold (not subject to tender).

4. Key Council Documentation

At the 9 May 2017 Council meeting the following was presented:

Hills Shire Plan 2016/17 – review 3.

Council Resolution:

The report was received.

Draft Hills Shire Plan 2017/18 – 2020/2021

https://www.thehills.nsw.gov.au/Contact-Us/Have-Your-Say/Draft-Hills-Shire-Plan-2017-2018?BestBetMatch=hills shire plan|d13b95b2-5146-4b00-9e3e-a80c73739a64|4f05f368-ecaa-4a93-b749-7ad6c4867c1f

Council Resolution:

The Draft Hills Shire Plan containing the Community Strategic Direction – Hills Future, Delivery Program, Operational Plan, and Resourcing Strategy containing the Draft FY 17/18 Budget, Capital Works Program and the Fees & Charges be endorsed and placed on public exhibition from Thursday 11 May 2017 to Wednesday 7 June 2017.

PAGE 58


The Hills Shire Plan 2016/17 – review 3 has been forwarded to the External Independent Audit Committee Members for their information.

The Hills Shire Plan 2017/18 – 2020/21 will be forwarded to the External Independent Audit Committee Members for their information once finalised.

5. Local Government Internal Auditors Network (LGIAN) Meeting and Other Governance Activities undertaken in the period.

On 7 April 2017 the Council hosted the LGIAN meeting. Approximately 30 Internal Audit and Governance Local Government professionals attended from both regional and non-regional Councils. Various presentations were made including one by the ICAC who presented their corruption prevention paper titled:

Controlling corruption opportunities in the provision of maintenance services (released February 2017).

Relevant Council operational staff also attended this presentation.

Since April 2017, ‘Governance by the Month’ has been implemented. Monthly awareness of a governance topic is raised across Council (Governance Topics are as identified through the Governance Health Check exercise undertaken).

The Structure of the Internal Audit Report is as follows:

A: Executive Summary;

B: Comparison of the Actual and planned Audit activity undertaken in the 2017 calendar year from 1 January 2017;

C: Details of the actual internal audit work undertaken in the period to the date of this report;

D: Detail of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations;

E: Internal Audit and Audit Committee Key Performance Measures.

Attachment 1: Background to the Internal Audit Function, the Audit Committee, and the audit reporting practices at The Hills Shire Council.

Attachment 2: Risk Assessment Matrix

Attachment 3: List of outstanding audit recommendations (including management comments) at the reporting date

PAGE 59


Part B Comparison of the Actual and Planned Audit Activity undertaken in the 2017 period

B.1 Summary

Councils KPI

Within the Hills Shire Plan the required output of Internal Audit is to:

Implement the Internal Audit Strategic Plan and the Annual Internal Audit Program adopted by the Audit Committee.

The targeted performance measure is:

Audits Completed in the Annual Audit Program

90%

Chart 1 and Table 1, compares the actual audit activity against this KPI.

The Audit Program for the period from 1 January 2017 is included in the Internal Audit Strategic Plan (1 January 2017 - December 2020) which was adopted by the Audit Committee at its meeting on 12 December 2016.

Link: http://www.thehills.nsw.gov.au/Council/Meeting-Agendas-Minutes/Audit-Committee

To monitor the achievement of the adopted audit plan the Audit Committee is provided with an overview and comparison of the planned Audit Activity (as outlined in the adopted Audit Plan) with the actual audit activity undertaken to the date of this report (refer Table 1). The current status of each audit is also provided.

Legend to the Table 1.

Status of the Audit Activity

In progress

Completed

Not yet commenced

Chart 1: Summary of Table 1:

PAGE 60


Table 1: Comparison of actual audit activity with the adopted 2017 Annual Audit Program

2017 Audit Program Risk

Status of the Planned Audit

at 15 May 2017

1 Governance H Refer 1 March 2017 IAR

2 Risk Management H Refer C1.2

3 Fraud and Corruption mitigation strategy/associated processes H Refer C1.1

4 KPI’s (including Enterprise Agreement (EA) implementation) H

5 Financial Statement Review H

6 Review of the use and management of restricted trust funds H

7 Special Projects/Assignments H

8 Investigations H

9 Information Technology/Systems H Refer C1.3

10 System Audits M/H

11 Revenue Activities (implementation of adopted fees and charges document) M

12 Payroll H

13 Efficiency and effectiveness of Councils Procurement practices H

14 Credit Cards/Procurement Cards/ Reimbursement of expenses incurred by staff/ Petty Cash H

Refer 1 March 2017 IAR

15 Recruitment and Terminations H Refer C1.4

16 Legislation/Regulation H

17 RMS H

18 Fire Safety Inspections H

Other

Training and Development

Audit Committee

Annual Planning and Reporting

Liaison

Reports previously issued.

PAGE 61


Part C. Details of the Internal Audit Activity undertaken in the period

Part C. provides details of the Audit Activity undertaken in the period from 1 March 2017 to 15 May 2017.

This part outlines the:

Internal audit engagements completed or in progress Outcomes of each internal audit engagement undertaken The scope and methodology applicable to each audit activity undertaken Remedial action taken or in progress

The following legend has been used to provide the Audit Committee with an overall opinion of each Audit Activity undertaken:

Audit Opinion

Opinion Rating Table

Excellent Effective control environment with the business area operating efficiently, effectively and economically

Satisfactory Effective control environment; reporting complies with legislation or outputs/KPI’s being achieved

Improvement Required

Improvement required to: the control environment; reporting (to ensure it complies with legislation) or processes need to be improved to ensure efficiency and effectiveness.

Unsatisfactory Control environment is not effective

C 1.1 Corruption Mitigation Strategy and processes (Audit item 3)

Objective, Scope and Methodology: As identified in the Councils fraud and corruption mitigation strategy, internal audit has:

Reviewed ICAC reports relevant to local government in the period to the date of the Audit Committee;

Followed up with Council management those recommendations made by the ICAC that relate to the activities that are undertaken by Council. This follow up is undertaken to ensure that Councils processes are corruption resistant;

Worked with management to implement or modify processes where relevant, to mitigate the corruption risk.

For the information of the Committee:

Since 2008 the ICAC has made 263 recommendations (similar recommendations counted as 1) that relate to activities undertaken by Council. Audit has followed up the recommendations made by the ICAC when the relevant reports have been published.

Council manages its corruption risks through its risk management system.

a) Investigations and public enquiries in progress

The ICAC’s ongoing investigations are as follows (Please note that the following extracts are copied directly from the ICAC website Link: http://www.icac.nsw.gov.au/investigations/current-investigations):

PAGE 62


2017

NSW Health and the Department of Family and Community Services - allegations concerning the former CEO of the Immigrant Women’s Health Service and the Non-English Speaking Housing Women’s Scheme Inc (Operation Tarlo)

The ICAC is investigating corruption allegations concerning Emman Sharobeem, the former CEO of the Immigrant Women’s Health Service(IWHS) and the Non-English Speaking Housing Women’s Scheme Inc (NESH).

The allegations include that Ms Sharobeem dishonestly exercised her official functions as IWHS CEO by: between 1 July 2009 and 17 February 2016, submitting invoices for reimbursement for goods and services to which she was not entitled and using an IWHS credit card to pay for personal expenses; between 2014 and 2015 submitting, and authorising payment by IWHS of, false invoices for facilitation fees and other services to herself and other persons to which they were not entitled; between 2011 and 2015, submitting, and authorising payment of, invoices by the IWHS for the renovation of her property in Fairfield; and between 2012 and 2014, falsifying IWHS statistics to NSW Health.

Ms Sharobeem is also alleged to have dishonestly exercised her official functions between 2006 and 2016 by claiming to be a psychologist holding two PhD degrees and a masters degree, and further using those qualifications to treat IWHS clients and gain promotion to the position of CEO of the IWHS and the NESH. As NESH CEO, Ms Sharobeem is alleged to have dishonestly exercised her official functions between 17 December 2013 and 23 November 2015 by authorising payments from NESH to be made to her own account, to which she was not entitled.

Between March 2011 and November 2016, Ms Sharobeem is also alleged to have fraudulently obtained and retained appointment as a Board member of the Community Relations Commission (now Multicultural NSW) and the Anti-Discrimination Board (now part of the Department of Justice) by using false academic qualifications.

The IWHS was a not-for-profit non-government organisation (NGO) women’s health service, primarily funded by NSW Health via South West Sydney Local Health District, while the NESH was a not-for-profit NGO contracted and funded by the Department of Family and Community Services to provide affordable housing to women and children. In her capacity as CEO, Ms Sharobeem was a public official for the purposes of the Independent Commission Against Corruption Act 1988.

2016

Western Sydney Regional Illegal Dumping Squad - allegations concerning former Western Sydney Regional Illegal Dumping Squad (RIDS) officer (Operation Scania)

The ICAC is investigating allegations that a former Western Sydney Regional Illegal Dumping Squad (RIDS) enforcement officer, Craig Izzard, exercised his public official functions partially and dishonestly by receiving corrupt payments to ignore illegal dumping in areas under his supervision, or to impede investigations by other Western Sydney RIDS officers.

City of Botany Bay Council – allegations concerning former chief financial officer (Operation Ricco)

The ICAC is investigating allegations that former City of Botany Bay Council chief financial officer Gary Goodman, and other Council employees, dishonestly exercised official functions to obtain financial benefits for themselves and others by causing fraudulent payments of more than $4.2 million to be made by the Council through false invoicing to either themselves, or various entities. The ICAC is also investigating allegations that Mr Goodman solicited and received payments as an inducement or reward for showing favourable treatment to contractors. It is also alleged that Mr Goodman and other Council employees dishonestly exercised official functions to obtain financial benefits for themselves and others by using Council resources.

PAGE 63


2014

NSW public officials and members of Parliament – allegations concerning corrupt conduct involving Australian Water Holdings Pty Ltd (Operation Credo)

The ICAC is investigating allegations that persons with an interest in Australian Water Holdings Pty Ltd (AWH) obtained a financial benefit through adversely affecting the official functions of Sydney Water Corporation (SWC) by: including expenses incurred in other business pursuits in claims made on SWC for work on the North West Growth Centre; drawing from funds allocated for other purposes; and preventing SWC from ascertaining the true financial position, including the level of the executives’ remuneration.

The Commission is also investigating whether public officials and others were involved in the falsification of a cabinet minute relating to a public private partnership proposal made by AWH intended to mislead the NSW Government Budget Cabinet Committee and obtain a benefit for AWH, and other related matters.

The Commission has been unable to progress the publication of the Operation Credo report owing to the criminal proceedings being conducted by the Director of Public Prosecutions against Mr Edward Obeid and Mr Moses Obeid. While those proceedings arise out of the Operation Jasper investigation, the Commission is of the view, in accordance with section 18 of the Independent Commission Against Corruption Act 1988, that the publication of the Operation Credo report during the currency of criminal proceedings may prejudice the right of the accused to a fair trial.

As there are common elements to this investigation and Operation Spicer, the evidence taken in each operation is taken as evidence in both operations.

For information about the Operation Spicer report, published on 30 August 2016, visit this page.

In both operations Credo and Spicer, the Commission also investigated the circumstances in which false allegations of corruption were made against senior SWC executives.

b) Investigation Reports issued:

The following is a link to the ICAC reports publically listed:

Link: http://www.icac.nsw.gov.au/investigations/past-investigations

In the period no new investigation reports were issued by the ICAC:

c) ICAC: Other relevant corruption prevention publications released

In March 2017 the ICAC released: Keeping it together systems and structures in organisational change.

The aim of this report is to alert public sector managers to the corruption pitfalls during and following organisational change and provide advice on minimising the corruption risks. It explores why and how large-scale organisational change initiatives create opportunities for corruption, with a specific focus on mergers and restructures and the operational factors that agencies should consider when undergoing large-scale change. The report presents case studies from relevant investigations conducted by the NSW Independent Commission Against Corruption. http://www.icac.nsw.gov.au/docman/preventing-corruption/cp-publications-guidelines/4965-keeping-it-together-systems-and-structures-in-organisational-change-14march17/file

PAGE 64


Action taken: The report has been distributed to all relevant Managers for their information. Council’s practices are to be reviewed in line with the best practice outlined. d) Office of Local Government (OLG) Public Enquiries

The public enquiries that are being undertaken by the OLG are detailed at the following link: http://www.olg.nsw.gov.au/public-inquiries No public enquiries were undertaken by the OLG in the period. C 1.2 Risk Management

Audit Number

2

Background

The Council has had in place an enterprise risk management system for a number of years.

This system establishes a process for the management of risks faced by the Council. The aim of risk management is to maximise opportunities in all council objectives and activities and minimise adversity.

Legislative requirements and applicable standards include the Australian/New Zealand Standard (AS/NZS ISO 31000:2009) and the Local Government Act 1993.

Audit Objective

Assess Council’s risk management framework against the international risk management standard AS/NZS ISO 31000:2009 and against the risk management frameworks and approaches of other organisations of a similar size and nature to Council to ensure legislative compliance and best practice is in place.

Scope The review was conducted at February/March 2017.

Method An independent review was undertaken to comprehensively review the risk management framework in place. This included the:

a. Review of key documentation. b. Interviews with key staff c. Conduct of an on-line survey of Managers to gauge knowledge of, and

attitude towards, Council’s risk management framework d. Evaluation of the risk management framework against the following: AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines

(internationally accepted standard on risk management); Other risk management frameworks of organisations that are of a

similar size and nature to Council Findings A number of opportunities were identified to further evolve and improve the

risk management framework. The most significant of these include:

Ensuring there is a clear mandate and commitment from the elected Council and senior management for an enterprise wide approach to managing risk;

Ensuring consistency in the way the risk management process is documented;

Agreeing on the risk appetite of the organisation and aligning this to the risk assessment criteria;

Implementing regular performance measures and structured risk reporting to enable monitoring of the effectiveness of the risk management framework;

Ensuring clear accountability for managing risk; Continuing to ensure that risk owners receive appropriate training and

support to enable them to effectively manage their risks. An action plan has been developed to address the opportunities highlighted by

the review including: the development of a Risk Management Policy and

PAGE 65



Comprehensive Strategy; Training program; consistency in documentation; modification of reporting; reassessing the Councils Risk Appetite; and KPI’s. This plan will be implemented in the period to 31 December 2017.

Conclusion

For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified opportunities will ensure that the Councils processes reflect best practice:

Satisfactory Effective system is in place.

C 1.3 Fraud and Corruption Mitigation Strategy/associated processes

Audit Number

3

Background

Recent studies indicate that the incidence of fraud and corruption within Australia is increasing as is the average financial loss associated with this conduct. The impact on the Council (or any organisation) can be devastating and can affect not only those involved in the behaviour, but all staff working for that Council.

The eradication of fraud and corrupt behaviour would be the ideal, but experience shows that this is unrealistic as fraud and corruption can be perpetrated through every source imaginable: customers, suppliers, contractors, employees, managers, executives, councilors and boards. Therefore a minimisation approach has been adopted within Council.

To minimise the potential impact of Fraud and Corruption on the achievement of Councils objectives, an effective strategy should ensure that staff and other relevant parties are:

1) aware of what fraud and corruption is

2) aware of what the Councils values and requirements are, and their obligations as public sector employees;

3) can identify and report suspect activity appropriately and on a timely basis.

Where reported, the Council should have in place a process which allows the timely and appropriate investigation and action of an allegation.

It is also essential that the Council actively discourages fraudulent and corrupt behavior and has systems and processes in place that detect and mitigates potential risks on a timely basis.

Over previous periods, a number of activities have been undertaken to assess the Councils fraud and Corruption Mitigation strategies to ensure that they are effective. These Include:

Undertaking the Fraud Control health check – 2006 Development of Councils Fraud and corruption policy and plan – 2007 Fraud and Corruption Strategy Survey – 2009 Councils Fraud and Corruption Mitigation Strategy Survey – 2012 Review of Councils Fraud and Corruption Strategy in comparison to

best practice – 2015

PAGE 66


In 2015 the Audit Office released its guidance: Fraud Control Improvement Kit (Managing your fraud control obligations). This document provides guidance and practical advice to help organisations implement and effective fraud control framework. It highlights what should be present within an organisation to make fraud control work and aligns with the Standards Australia Fraud and Corruption Control Standard AS8001-2008. Audit used this guidance to assess the effectiveness of Councils current mitigation practices.

Link: http://www.audit.nsw.gov.au/ArticleDocuments/197/D1506583%20%20FINAL%20Fraud_Control_Improvement_Kit_February_2015%20whole%20kit.pdf-updated%20August2015.pdf.aspx?Embed=Y

Objective

The primary objectives of this review were:

a) to ensure that the Council has an effective fraud control framework and that the framework reflects best practices (Audit Office guidelines and Standards Australia Fraud and Corruption Control standard AS8001-2008).

b) to provide Management with recommendations to strengthen the internal control environment and the efficiency and effectiveness of associated operational practices; and

c) to provide an independent opinion to Council’s General Manager, the Executive and the Audit and Risk Committee on the level of reliance that can be placed on existing internal controls with notification of further actions for improvement, as agreed by Management.

Method Using the Audit Office Fraud Control Improvement kit:

- Assess the Councils fraud control framework by completing the Fraud Control Checklist

- Undertake a high level risk assessment - Undertake the Fraud Health Check - Where identified undertake fraud Improvement workshops.

Scope Undertake the review at March 2017.

Findings Assessment of the Councils fraud control framework by completion of the Fraud Control Checklist:

The fraud control checklist consists of 38 questions covering the topic areas of Leadership; Ethical framework; responsibility structures; fraud control policy; prevention systems; fraud awareness; third party management systems; notification systems; detection systems; and investigations systems. Although current practices are satisfactory, it was identified that improvements in 16 areas would result in the Council reflecting best practice. Action items have been identified and included in an action plan to be implemented over the next 6 months.

High Level Risk Assessment:

Currently Councils high level fraud and corruption risks have been identified and are managed through the Councils Risk Management Module. 27 corruption and fraud risks are currently managed through this system. The guidance identifies further potential risks that could be managed through the Risk Management Module. To accommodate these potential risks (and ensure completeness of the system) the Risk management module is currently being modified.

Fraud Control Health check:

As identified in the Audit Office guidance a survey was undertaken in the period 20/3/2017 to 28/3/2017 to determine if staff have the essential skills to ensure that the Councils strategy is effective and to obtain their perception concerning the processes and systems currently in place within Council. The parameters of the survey were:

PAGE 67


Participants: All Council staff that had an email account was invited to participate. It is estimated that the applicable population was 500. It is noted that all outdoor staff may not have access to an email account.

Structure: The survey consisted of 10 questions as recommended by the Audit Office in their February 2015 report: Fraud Control Improvement Kit – Managing your fraud control obligations

Demographics: All Council staff (both indoor and outdoor that have access to an email account).

Response Rate: 150 (2012: 147) surveys were completed. This represents a response rate of 30% (2012:27%). This represents a significant response rate; the responses therefore represent a valid sample.

Survey monkey was used allowing an audit trail to exist. The results of the survey were placed into the Fraud control Health Check Worksheet (provided as part of the Fraud Control Improvement Kit). The results achieved were as follows:

Fraud Control Attribute OVERALL RESULTS FOR THE ORGANISATION

1. Leadership

2. Ethical framework

3. Responsibility structures

4. Fraud control policy

5. Prevention systems

6. Fraud awareness

7. Third party management systems

8. Notification systems

9. Detection systems

10. Investigation systems

Overall Business Unit Results

Where the Kit identifies that (legend):

Good Performance

Although assessed as ‘good performance’, one area of improvement was identified:

‘The functions of my work area are regularly assessed to identify and address fraud risks we face’.


An action plan has been developed to address the opportunities identified to ensure that the Councils practices remain effective. Overall 23 action items were identified to be implemented in 2017. To date 5 have been addressed. The balance is to be implemented over the next 6 months.

PAGE 68


Conclusion

For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified opportunities will ensure that the Councils processes reflect best practice:

Satisfactory Effective system is in place.

C1.4 Information Technology/Systems

Audit Number

9

Background

In 2016 a 4 year IT audit program was developed to address the high risk IT activities. Time to undertake the IT audit program is included in the adopted Internal Audit Strategic Plan.

Audit Objective

To review the effectiveness of key existing controls with respect to fraud risks associated with Information systems.

Scope The review was conducted at February/March 2017.

Method With respect to the 5 identified fraud risks associated with IT (identified in best practice documentation from the Audit Office and the ICAC), review the controls currently in place with Council and determine if they are effective.

Type of Fraud Risk Expected Existing Controls

8. Information Systems

Fraud resulting from a loss of data following disaster or accident, for example, theft of assets not recorded

Business continuity plan that is regularly reviewed

Saving working papers/documents in document management system or network drives that are regularly backed up Regular back up and offsite storage of data

Staff made aware of information security policy and available on intranet

Unauthorised staff accessing systems

Appropriate level of computer access provided to staff Staff reminded of responsibilities, for example, not to share passwords

Automatic log out of computers when extended period away from computer

System controls and checks

Unauthorised release of user name and/or password

Appropriate level of computer access provided to staff Staff reminded of responsibilities, for example, not to share passwords

Misrepresentation of the office by expressing personal views

Policy on communication devices is signed by all employees

PAGE 69


on office email, intranet or internet

Code of conduct signed by all employees and available on the intranet

Disclaimers on all office emails

Installation of illegal software on office computers and laptops

Policy on communication devices is signed by all employees

Appropriate level of computer access provided to staff

Findings 6 areas were identified where improvements could be made to decrease the potential for IT fraud risks. These include: password control; corporate documents in Councils corporate system; appropriate Level of staff access in Councils corporate systems; automatic logout of Councils systems; and staff awareness of IT security policy. With respect to the appropriate level of staff access, a comprehensive review of Councils 2 major corporate systems has been undertaken and appropriate adjustments to access made. The final system will be reviewed by 6/6/2017.


The results of the review were discussed with the relevant manager. 2 areas for improvement have been addressed. Agreed timelines for implementation are in place for the remaining 4.

Conclusion

For the information of the Audit Committee, the results of the audit activity were considered as satisfactory however the implementation of the identified improvements will mitigate the identified IT fraud risk:

Satisfactory Control system is in place.

C1.5 Recruitment and Terminations

Audit Number

26

Background

Recruitment has been identified as a high risk in both the Councils Risk Management System (R000133) and by the ICAC. As identified by the ICAC: ‘if recruitment selection processes are questionable or corrupt, then agencies are unlikely to be able to recruit or keep people who will improve the ethical climate of the agency’. It is essential that favouritism, nepotism, and other conflicts of interest do not influence recruitment and selection processes. Improperly conducting recruitment and selection can constitute corrupt conduct as defined by the Independent Commission Against Corruption Act 1988. Corruption-free recruitment and selection helps to "set the tone" for the whole agency (https://icac.nsw.gov.au/preventing-corruption/knowing-your-risks/recruitment-and-selection/4303 ) The Local Government Act (S348-354A) outlines the provisions concerning staff. With respect to recruitment the Act requires (in particular):

PAGE 70


348 Advertising of staff positions (1) When it is proposed to make an appointment to a position within the

organisation structure of the council, the position must be advertised in a manner sufficient to enable suitably qualified persons to apply for the position….

(3) This section does not apply to: (a) the re-appointment, under a new contract, of a senior staff member, or (b) the appointment of an employee if the term of employment is for:

(i) not more than 12 months, or (ii) two or more periods that together are not more than 12 months in any period of 2 years.

349 Appointments to be on merit (1) When the decision is being made to appoint a person to a position:

(a) only a person who has applied for appointment to the position may be selected, and

(b) from among the applicants eligible for appointment, the applicant who has the greatest merit is to be selected.

(2) The merit of the persons eligible for appointment to a position is to be determined according to:

(a) the nature of the duties of the position, and (b) the abilities, qualifications, experience and standard of work performance

of those persons relevant to those duties. These principles are consistent with the NSW Public Sector Workforce Office that advises ‘that merit selection is designed to ensure that positions are filled on the basis of merit is fundamental to the recruitment and selection of employees in the public sector. To ensure that the best person is selected, public sector agencies need accurate information about the skills, training and qualifications of applicants’.

Objective

Ensure that Councils recruitment and termination practices are efficient, mitigate Councils fraud and corruption risk, satisfy Councils legislative requirements and reflect best practice.

Scope Audit reviewed Councils recruitment and termination practices for the period from 7 October 2016 to 30 March 2017.

During the period reviewed, HR managed: - 55 recruitment and 63 termination activities.

Audit undertakes the review of these activities on a biannual basis

Method Using random and selective sampling, Audit reviewed: Relevant recruitment/termination policies and procedures Advertising Selection and shortlisting of candidates Conflict of interest processes Supporting documentation including qualifications/checks Delegations Temporary appointments Rates of pay Induction and probationary processes

Findings Overall Council’s procedures reflected the requirements of the Local Government Act 1993. Only minor exceptions were noted with respect to the implementation of these procedures. Exceptions to Councils adopted recruitment procedure included:

PAGE 71


- Procedures concerning advertising for ‘Internal Applicants only’ were not always followed.

- The General Manager was not always informed when only 1 internal staff member applied for a position advertised for ‘internal applicants only’

- Instances were noted where the Councils HR files did not have all the required recruitment information attached to it at the time of Audit. In these cases, once notified, the HR files were updated.

- Recruitment panels concerning HR positions did not include an independent member.

Conclusion: Although the above exceptions were noted to the Councils adopted procedures, Overall council’s recruitment processes appear effective, addressing the Councils legislative, fraud and corruption mitigation risk.

Conclusion For the information of the Audit Committee, the results of the audit activity were considered as satisfactory:


PAGE 72


Part D: Details of recommendations outstanding at the date of this report and the action taken by Management to implement these recommendations

Internal Audit monitors all the recommendations raised and agreed with management to ensure that they are implemented within agreed timeframes.

The Audit recommendations outstanding (including Management Comments) at 15 May 2017 are listed at Attachment 3.

D.1 Status of Recommendations

The following is a summary of the status of Internal Audit Reports issued.

It should be noted that although the following audit reports may be listed as ‘finalised’ the area/audit item will still be the subject of future audits.

D1.1 Reports issued to 15 May 2017, where recommendations are still to be implemented:

Reports Year Report Issued Expected Closure Timeframe

Risk Management 2017 30/12/2017

Governance Health Check 2017 30/12/2017

Fraud and Corruption Mitigation Strategy

2017 30/12/2017

Information Technology/Systems

2017 30/6/2017

Policies and Procedures 2016 31/11/2017

Property Management 2016 30/6/2017

Revenue (review of Key Controls)

2016 30/6/2017

Fines/penalties with respect to Councils Fleet

2017 30/6/2017

D1.2 Reports issued where recommendations have been implemented in the period to 15 May 2017

The following lists the audits where all agreed recommendations have been addressed in the time period.

Reports Year Report Issued Closure Timeframe

Cash and Cash Related activities

2016 30/3/2017

Payroll 2016 30/3/2017


2016 30/3/2017

PAGE 73


Part E Internal Audit Key Performance Measures

The following indicators have been developed to measure the performance of Internal Audit and the Audit Committee:

E.1 Service Delivery Benchmarks.

6 or 33% of the audits listed in the Strategic Internal Audit Plan for the period

from 1 January 2017 to 31 December 2017 have been ‘completed’ to date (refer

Part B, Table 1 and Chart 1).

Number of findings implemented to date as a % of items raised in the Audit reports. As discussed at Part D and Attachment 3. Of the 1044 Audit recommendations agreed with Management, 98% (or 1028) have been implemented. Timeframes for the remaining outstanding recommendations are currently being followed up. These outstanding recommendations are detailed at Attachment 3.

On average the number of days between the end of fieldwork to the issue of the final audit reports is approximately 10 working days (Prior report: 10 days). This time includes the drafting of the audit report/finalisation of report; discussion of audit findings; and agreement of management action.

E.2 Cost Control benchmarks

The actual costs of the Internal Audit function to date have been made up of the salary and on costs of the Internal Auditor and the Risk Coordinator. In the period to 15 May 2017, the budget of the Internal Audit function was not exceeded.

The number of direct days spent on internal auditing (excluding hours spent on professional development and training) is 96% of the total days available. 260 days per year have been budgeted in the Internal Audit Strategic Plan.

E.3 Key Information to be reported in the Annual Community Report Concerning the Audit Committee

In the period from 1/7/2016 (Financial Year) to date the Audit Committee has met twice. The meeting times were:

16 August 2016;

12 December 2016

16 March 2017 (Cancelled)

The Audit Committee membership and the number of meetings attended in in the period was as follows (in alphabetical order):

Mr M. Blair: 2

Mr T Bland: 2

Mayor: 2

Clr A. J. Hay OAM: 0

Clr Dr J. N. Lowe: 0

Adjunct Professor Jim Taggart OAM: 2

Clr M. G. Thomas: 2

PAGE 74


Attachment 1

Background to the: Internal Audit Function; the Audit Committee; and the audit reporting practices at The Hills Shire Council.

Background

1. Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.

Internal audit’s role is primarily one of providing independent assurance over the internal controls and risk management framework of the council. It should be noted that Management has primary day-to-day responsibility for the design, implementation, and operation of internal controls.

Within THSC the functions, powers, and accountabilities of Internal Audit are set out in the Internal Audit Charter which has been adopted by Council. Internal audit’s core competencies are in the area of internal control, risk and governance. Internal audit’s scope includes the following areas:

Reliability and integrity of financial and operational information Effectiveness and efficiency of operations and resource usage Safeguarding of assets Compliance with laws, regulations, policies, procedures and contracts Adequacy and effectiveness of the risk management framework. The Internal Audit function was created in June 2005. Within Local Government, where in place, the Internal Audit unit is typically made up of 1 or 2 staff members. Within THSC the Internal Audit Unit consists of the Internal Auditor. Projects can be undertaken with the assistance of the Risk Management Coordinator or specialists where required.

2. The Audit Committee plays a pivotal role in the Councils governance framework. It provides council with independent oversight and monitoring of the council’s audit processes, including the council’s internal controls activities. This oversight includes internal and external reporting, internal and external audit, and compliance. Given the key role of the Audit Committee, for it to be most effective it is important that it is properly constituted of appropriately qualified independent members.

The Audit Committee within THSC has been in operation since 2004. Councils Audit Committee is unique in Local Government in that the Committee meets in the public forum (times and dates of meetings are advertised on the Councils webpage) and currently has 3 independent community representatives on the Committee to ensure that there is transparency in Councils processes and the Council remains accountable to the community.

The current members of the Audit Committee are: The Mayor, Clr AJ Hay (OAM), Clr Dr JN Lowe, Clr MG Thomas, Mr Michael Blair, Mr Trevor Bland and Adjunct Professor Jim Taggart (OAM). At the beginning of each Council term the Council undertakes an EOI to obtain interests from suitably qualified community members to be part of the Audit

PAGE 75


Committee. The functions, powers and accountabilities of the Audit Committee are outlined in the Audit Committee Charter that has been adopted by Council.

3. Legislative Change

In June 2016 the Local Government Amendment (Governance and Planning) Bill 2016 was drafted to amend the Local Government Act 1993 (the Principal Act). In August 2016 the Bill passed through both Houses of the NSW Parliament. S428A of the Bill mandates that Councils put in place an Audit, Risk and Improvement Committee and outlines (in broad terms) what the role of the Committee will be. It is intended that s428A will be supported by a regulatory framework that is likely to comprise of prescription by regulation and operational guidance through guidelines. These guidelines will replace the Internal Audit Guidelines released by the OLG in 2010. Legislatively Councils have until 6 months after the next Council election and after the legislation has ‘commenced’ to implement S428A of the Bill. To date this has not occurred. This provides time for the OLG to consult and draft the necessary guidance and regulations, and Council to implement the required changes.

4. Best Practice

In 2010 the DLG released the Internal Audit Guidelines (http://www.dlg.nsw.gov.au/dlg/dlghome/documents/Information/Internal%20Audit%20Guidelines%20-%20September%202010.pdf. This guideline (the guideline) identifies best practice in local government with respect to Internal Audit and the Audit Committee. As outlined in the introduction, the guidelines were developed to encourage the creation of Internal Audit and Audit Committees in those Councils that did not have the function and to outline how the function should be developed (note: that at the time of the guideline release only approximately 20% of Councils had an Internal Audit function). At 2016 approximately 60% of Councils had in place an Audit Committee. As identified at 3. This guideline is currently being reviewed. It is expected that this will be updated in the next 6 months.

5. The Strategic Audit Plan

As identified at 3.5 of the DLG Internal Audit Guideline, the Internal Audit function within THSC has a strategic plan in place which is supported by annual plans.

The Strategic plan is based on a risk assessment of the council’s key strategic and operational areas to determine the appropriate timing and frequency of coverage of each of these areas. The plan includes audit judgment of areas that will also be reviewed despite not appearing as a high priority in the council’s risk profile. The plan is developed on a rolling cycle to reflect the terms of Council. The plan is also reviewed annually to ensure that it still aligns with the council’s risk profile. The 4 year Strategic Plan (2017 – 2020) was adopted by the Audit Committee on 12 December 2016. The audit plan covers the period from 1 January 2017 to 31 December 2020 to allow the plan to align with the term of Council.

PAGE 76


6. Reporting

Internal audit regularly communicates its findings and recommendations to the Audit Committee, General Manager and management of the areas audited through the Internal Audit Report.

The Internal Audit report normally includes background information, the audit objectives and scope, observations/findings/conclusions, key recommendations/ agreed management actions. The format of the report has been modified to satisfy the requirements of the Audit Committee and to reflect the guidelines.

Detailed audit working papers are not distributed to the Audit Committee as they are intended for internal use only. Where audit working papers have findings that are useful to other areas of council, internal audit will share this information on a limited basis. Internal audit working papers are shared with the council's external auditor, where requested, to assist them in the course of their work. Councillors and the community have access to the minutes of the Audit Committee (and the Internal Audit Report) as these are published on the Councils web page. The Internal Audit Report (and Audit Committee papers) is also referred to the Council for adoption to provide greater transparency and accountability.

PAGE 77


Attachment 2

THSC Risk Matrix

The Councils Risk Matrix (below) reflects the requirements of ASNZS ISO 31000 and has been developed in accordance with this standard.

Risk Matrix Table

Consequence Rating

A B C D E

Lik

eli

ho

od

Ra

tin

g

5 M H H E E

4 L M H H E

3 L M M H H

2 L L M M H

1 L L L M H

L = Low Risk M = Moderate Risk H = High Risk E = Extreme Risk

(Severe/Very High)

Consequence Definition Risk Factors Likelihood

Definition Financial

Reputation Business

Operations Work Health Safety Environment

Project Management

A Insignificant The event is of low consequence

1 Financial loss – Small increase in costs not in line with budget $500 or less

1 Unsubstantiated, low profile media exposure OR no media attention

1 No disruption to services or operations

1 Single minor injury to one person – no lost time OR Insignificant environment issues

1 Project close to time, budget and quality

1 Rare The event is only expected to occur in exceptional circumstances

B Minor The event may threaten a part of the organisation

2 Financial loss – Minor financial impact $501 to $10k

2 Substantiated, low impact, low media profile (not front page news)

2 Minor disruption to services or operations up to one day

2 Medically treated injury to one person, less than 5 days lost time OR Minor environment issues

2 Project has minor issue with time, budget or quality

2 Unlikely The event is not likely to occur

C Moderate The event may threaten many parts of the organisation

3 Financial loss – > $10k to $50k

3 Substantiated, public embarrassment, moderate media profile (front page, one day)

3 Some cessation to services and operations up to several days

3 Minor or medically treated Injury to several people, less than 10 days lost time OR Some environment issues

3 Project has issues with time, budget or quality

3 Possible The event may occur

D Significant The event may threaten achievement of business objectives

4 Financial loss – $50k to $200k

4 Substantiated, public embarrassment, high impact, major media attention (national for 1 week or more)

4 Total cessation to services and operations up to one week

4 Single death, or long term disabling injuries to one or more people OR Substantial environment issues

4 Project has substantial issues with time, budget or quality

4 Likely The event is likely to occur

E Severe The event may stop achievement of business objectives

5 Financial loss – > $200k

5 Substantiated, public embarrassment, multiple impacts, long lasting widespread media coverage, prosecution of Council or Officers

5 Total cessation to services and operations greater than one week

5 Multiple losses of life or permanent disability, plus extensive injuries to several people OR Severe environment issues

5 Large project has severe issues with time, budget or quality

5 Almost certain The event is already occurring or is expected to occur

PAGE 78


Att

ach

men

t 3

List

an

d S

tatu

s of

Ou

tsta

nd

ing

Au

dit

Rec

omm

end

atio

ns

agre

ed w

ith

Man

agem

ent

at 1

5 M

ay 2

01

7:

Rat

ing

s fo

r A

ud

it R

eco

mm

end

atio

ns

Ver

y H

igh

Ris

k (E

xtre

me)

Com

plet

e re

med

ial a

ctio

n w

ithin

2 w

eeks

or

earlie

r as

req

uire

d.

Hig

h Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

1 c

alen

dar

mon

ths

or a

s ag

reed

Mod

erat

e Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

3 c

alen

dar

mon

ths

or a

s ag

reed

Low

Ris

k

Com

plet

e re

med

ial a

ctio

n w

ithin

4 c

alen

dar

mon

ths

or a

s ag

reed

Rec

onci

liati

on o

f O

uts

tan

din

g A

ud

it R

ecom

men

dat

ion

s at

15

May

20

17

Dat

e o

f In

tern

al

Au

dit

Rep

ort

T

ota

l R

eco

mm

end

atio

ns

rais

ed b

y A

ud

it s

ince

20

05

(B

rou

gh

t Fo

rwar

d)

Rec

om

men

dat

ion

s R

aise

d

in t

he

per

iod

To

tal

To

tal

Rec

om

men

dat

ion

s im

ple

men

ted

b

y M

anag

emen

t s

ince

20

05

(B

rou

gh

t Fo

rwar

d)

Rec

om

men

dat

ion

s Im

ple

men

ted

in

th

e p

erio

d

Tota

l

Bal

ance

O

uts

tan

din

g

-b

ein

g

mo

nit

ore

d

by

Inte

rnal

Au

dit

30 J

une

2014

92

0

90

4 16

30 S

epte

mbe

r 20

14

920

11

931

904

18

922

9

31 M

arch

201

5 93

1 26

95

7 92

2 20

94

2 15

15 M

ay 2

015

957

10

967

942

13

955

12

30 J

une

2015

96

7 11

97

8 95

5 6

961

17

1 N

ovem

ber

2015

97

8 10

98

8 96

1 6

967

21

1 M

arch

201

6 98

8 5

993

967

18

985

8

1 M

ay 2

016

993

13

1006

98

5 1

986

20

30 J

une

2016

10

06

3 10

09

986

8 99

4 15

15 N

ovem

ber

2016

10

09

11

1020

99

4 12

10

06

14

1 M

arch

201

7 10

20

16

1036

10

06

15

1021

15

15 M

ay 2

017

1036

8

1044

10

21

7 10

28

16

PAGE 79


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

C

ash

an

d c

ash

rel

ated

act

ivit

ies

1

Sta

ff w

ho a

re i

ssue

d w

ith t

he

proc

urem

ent

card

be

ad

vise

d of

the

req

uire

men

ts o

f us

e; t

he

proc

edur

e m

ay n

eed

upda

ting

to r

efle

ct t

he u

se o

f th

e ca

rd.

Sta

ffs

are

awar

e of

the

lim

itatio

ns i

n ha

ving

a p

rocu

rem

ent

card

. Cou

ncil’

s go

vern

ance

req

uire

men

ts a

re in

pla

ce.

M

Sta

ff t

o si

gn o

ff o

n th

e co

nditi

ons

of

use

of

proc

urem

ents

ca

rds

whe

n th

e ca

rds

are

issu

ed.

Cre

dit

card

st

atem

ents

ar

e re

view

ed b

y Fi

nanc

e on

ce r

ecei

ved

to e

nsur

e th

at p

urch

asin

g is

in

line

with

th

e Cou

ncils

pu

rcha

sing

gu

idel

ines

. W

here

ex

cept

ions

ar

e no

ted

thes

e st

atem

ents

(a

nd

supp

ortin

g do

cum

ents

) sh

ould

be

re

ferr

ed

to

the

card

ho

lder

s m

anag

er

for

revi

ew a

nd a

ppro

val.

Man

ager

Fi

nanc

e

May

201

7 In

pr

ogre

ss.

All

card

hold

ers

are

still

to

sig

n th

e up

date

d pr

oced

ure.

Fina

nce

to

impl

emen

t pr

oces

s co

ncer

ning

cr

edit

card

sta

tem

ents

P

olic

ies

and

Pro

ced

ure

s

2

Cou

ncil’

s po

licy

docu

men

tatio

n ha

s no

t be

en

upda

ted

and

form

ally

ap

prov

ed

on

a pe

riod

ic b

asis

.

Polic

y do

cum

enta

tion

may

no

t be

cu

rren

t or

app

ropr

iate

ly a

ppro

ved

M

Polic

y do

cum

enta

tion

be

upda

ted

and

form

ally

ap

prov

ed.

Coo

rdin

ator

–

Exec

utiv

e Ser

vice

s

Nov

embe

r 20

17

In p

rogr

ess

3

Cou

ncil

staf

f do

no

t re

ceiv

e fo

rmal

tra

inin

g co

ncer

ning

the

im

plem

enta

tion

of

Cou

ncils

po

licie

s an

d pr

oced

ural

re

quirem

ents

Polic

y an

d pr

oced

ural

re

quirem

ents

m

ay n

ot b

e im

plem

ente

d re

sulti

ng i

n no

n-co

mpl

ianc

e.

M

The

indu

ctio

n pr

oces

s be

m

odifi

ed t

o en

sure

tha

t ne

w

staf

f re

ceiv

e tr

aini

ng

conc

erni

ng

the

polic

ies

and

proc

edur

es

rele

vant

to

th

eir

resp

onsi

bilit

ies.

Man

ager

- H

R

June

201

7

In p

rogr

ess

PAGE 80


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

P

rop

erty

Man

agem

ent

4

The

revi

ew o

f th

e m

anag

emen

t of

th

e co

nditi

ons

of

the

licen

ces/

leas

es

has

iden

tifie

d th

at a

fur

ther

aud

it/fo

llow

up

is

requ

ired

to

ensu

re t

hat

utili

ty

cost

s ar

e be

ing

pass

ed

onto

le

ssee

s w

here

req

uire

d.

Util

ity

cost

s m

ay

not

be

reco

vere

d w

here

app

licab

le

L

Aud

it fo

llow

up

w

ith

Fina

nce

the

proc

ess

in

plac

e to

en

sure

th

at

Util

ity

cost

s ar

e be

ing

reco

vere

d.

Inte

rnal

Aud

it/M

anag

er

Fina

nce

June

201

7

Rev

iew

be

ing

final

ised

.

P

ayro

ll

5

Out

door

st

aff

usin

g m

yflo

so

ftw

are

to

proc

ess

thei

r tim

eshe

ets

do n

ot n

eces

sarily

ha

ve

uniq

ue

sign

on

pa

ssw

ords

.

Tim

eshe

et d

ata

can

be c

hang

ed a

nd

staf

f ca

nnot

ne

cess

arily

be

he

ld

resp

onsi

ble

for

the

info

rmat

ion

ente

red

M

Out

door

sta

ff b

e is

sued

w

ith u

niqu

e pa

ssw

ords

.

Man

ager

IT

Mar

ch 2

017

R

even

ue

(Rev

iew

of

Key

Con

trol

s)

6

The

allo

catio

n of

dut

ies

with

in

the

Fina

nce

Team

is

no

t pr

ovid

ing

the

inde

pend

ent

revi

ew r

equi

red

to e

nsur

e th

at

ther

e is

a

segr

egat

ion

of

dutie

s.

Seg

rega

tion

of d

utie

s no

t in

pla

ce

M

Whe

re

appr

opriat

e,

oper

atio

nal

resp

onsi

bilit

ies

be

allo

cate

d to

the

cor

rect

po

sitio

ns.

Man

ager

Fi

nanc

e

June

201

7

7

Com

plet

e pr

oced

ural

do

cum

enta

tion

is n

ot i

n pl

ace

to

ensu

re

that

pr

oces

ses

are

cons

iste

ntly

ap

plie

d by

th

e Fi

nanc

e Te

am

Proc

esse

s m

ay b

e no

t be

con

sist

ently

im

plem

ente

d ac

ross

th

e Fi

nanc

e Te

am.

Unn

eces

sary

rel

ianc

e pl

aced

on

the

Fina

ncia

l Acc

ount

ant

to d

irec

t st

aff

belo

w h

er.

M

Proc

edur

al

docu

men

tatio

n to

be

cr

eate

d an

d m

ade

avai

labl

e to

sta

ff w

ithin

th

e Fi

nanc

e Te

am

Man

ager

Fi

nanc

e

Mar

ch 2

017

PAGE 81


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

G

over

nan

ce H

ealt

h C

hec

k

8

An

actio

n pl

an

has

been

de

velo

ped

to en

sure

th

at th

e Cou

ncils

Gov

erna

nce

Proc

esse

s re

flect

bes

t pr

actic

e.

A k

ey a

ctio

n to

be

unde

rtak

en

is t

o en

sure

the

coo

rdin

atio

n of

co

mm

unic

atio

ns

conc

erni

ng

Cou

ncils

go

vern

ance

re

quirem

ents

be

twee

n st

aff

and

coun

cillo

rs

and

othe

r re

leva

nt p

artie

s.

Cou

ncil’

s go

vern

ance

pr

oces

ses

may

no

t be

con

sist

ently

app

lied.

M

Act

ion

Plan

be

im

plem

ente

d

Rel

evan

t M

anag

er

iden

tifie

d in

th

e Act

ion

Plan

Dec

embe

r 20

17

R

ecru

itm

ent

and

Ter

min

atio

ns

9

Use

of

agen

cy s

taff

Cur

rent

ly

staf

f co

ntra

cted

th

roug

h an

em

ploy

men

t ag

ency

do

no

t ha

ve

a pe

rson

nel

file

with

in

Cou

ncil.

Alth

ough

it

has

been

ind

icat

ed

that

ap

prop

riat

e ch

ecks

(i

nclu

ding

w

orki

ng

with

ch

ildre

n ch

ecks

, ar

e pe

rfor

med

an

d in

duct

ions

et

c.

unde

rtak

en,

evid

ence

cou

ld n

ot

be s

ight

ed.

Cou

ncil’

s re

cord

s ar

e no

t co

mpl

ete

or

effe

ctiv

e.

M

HR inv

estig

ates

met

hods

to

en

sure

th

e ef

fect

ive

man

agem

ent

of r

ecor

ds

with

res

pect

to

‘age

ncy

staf

f’ w

ithin

Cou

ncils

sy

stem

s.

Man

ager

-

WSABI

Mar

ch 2

017

Impl

emen

ted

10

Impl

emen

tatio

n of

2.5

Cas

ual,

Tem

pora

ry

and

agen

cy

staf

f gu

idel

ine

It a

ppea

rs t

hat

Man

ager

s ha

ve

empl

oyed

so

me

agen

cy

staf

f di

rect

ly

bypa

ssin

g H

R

in

cont

rave

ntio

n to

thi

s gu

idel

ine.

Cou

ncils

pro

cedu

ral r

equi

rem

ents

may

no

t be

in p

lace

M

H

R

ensu

res

that

al

l Cou

ncil

staf

f is

aw

are

of

the

requ

irem

ents

of

this

pr

oced

ure

and

that

th

e pr

oced

ure

is

impl

emen

ted.

Man

ager

-

WSABI

Mar

ch 2

017

Proc

edur

e di

stribu

ted

by H

R.

PAGE 82


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

11

Rol

e Sta

tem

ents

Fr

om t

he t

estin

g pe

rfor

med

on

10%

(1

3)

of

new

re

crui

ts,

it w

as

note

d th

at

in

som

e in

stan

ces

role

sta

tem

ents

wer

e no

t in

pla

ce.

Sta

ff

are

empl

oyed

w

ithou

t a

clea

r un

ders

tand

ing

of

thei

r ro

les

and

resp

onsi

bilit

ies.

M

Rol

e st

atem

ents

sh

ould

be

in

pl

ace

for

each

po

sitio

n in

Cou

ncil.

Man

ager

-

WSABI

Aug

ust

2017

Fi

nes

/P

enal

ties

(C

ou

nci

ls F

leet

)

12

Cou

ncil’

s pr

oces

ses

did

not

ensu

re

the

timel

y pr

oces

sing

an

d pa

ymen

t of

SD

RO

fin

es.

Dem

erit

poin

ts n

ot c

orre

ctly

app

lied.

In

flate

d fin

es/p

enal

ties

incu

rred

by

Cou

ncil.

M

Rev

ised

pr

oced

ures

be

im

plem

ente

d

Plac

e M

anag

er

–Wes

t W

ard

M

ay 2

017

13

The

Cou

ncils

fac

ilitie

s po

licy

is

not

clea

r w

ith re

spec

t to

th

e re

spon

sibi

lity

of

Cou

ncill

ors

with

res

pect

to

fines

/pen

altie

s in

curr

ed

whe

n us

ing

Cou

ncils

fle

et (

Cou

ncill

ors

car)

.

Alth

ough

ass

umed

tha

t fin

es/p

enal

ties

are

paid

whe

re i

ncur

red,

thi

s is

not

cl

ear

in t

he f

acili

ties

polic

y.

M

Con

side

ratio

n is

giv

en t

o cl

arify

ing

resp

onsi

bilit

y fo

r fin

es/p

enal

ties

etc.

in

curr

ed

by

the

Cou

ncill

ors/

May

or i

n th

e fa

cilit

ies

polic

y.

Sen

ior

Coo

rdin

ator

- G

over

nanc

e Ser

vice

s

Nov

embe

r 20

17

14

Fine

s in

curr

ed w

ith r

espe

ct t

o th

e M

ayor

s ca

r ar

e no

t pr

oces

sed

in

the

sam

e w

ay

that

fin

es i

ncur

red

by C

ounc

il st

aff

are

proc

esse

d

Dem

erit

poin

ts m

ay n

ot b

e ap

plie

d/

exce

ss f

ines

and

pen

altie

s in

curr

ed b

y Cou

ncil.

M

The

deta

ils o

f th

e M

ayor

ar

e pr

ovid

ed

to

the

Plac

e M

anag

er

–Wes

t W

ard

to

ensu

re

the

timel

y no

tific

atio

n to

the

SD

RO

of

fin

e in

form

atio

n.

It

is

the

resp

onsi

bilit

y of

th

e M

ayor

s/Cou

ncill

ors

PA t

o no

tify

the

Plac

e M

anag

er

– W

est

war

d of

th

ese

deta

ils s

houl

d th

e M

ayor

ch

ange

.

Plac

e M

anag

er

– W

est

War

d;

PA

to

May

or/C

ounc

illo

rs

May

201

7

PAGE 83


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

15

Log

book

s co

ncer

ning

th

e Cou

ncill

ors

Car

are

inco

mpl

ete.

Cou

ncil

may

not

be

able

to

iden

tify

who

ha

s in

curr

ed

a fin

e w

hen

the

Cou

ncill

ors

car

is

used

re

sulti

ng

in

pena

lties

bei

ng in

curr

ed b

y Cou

ncil

M

Log

book

s be

m

aint

aine

d an

d co

mpl

eted

.

Plac

e M

anag

er

– W

est

War

d

May

201

7

R

isk

Man

agem

ent

16

Opp

ortu

nitie

s av

aila

ble

to

ensu

re t

hat

the

Cou

ncils

Ris

k M

anag

emen

t Sys

tem

re

flect

s be

st p

ract

ice

Ris

k M

anag

emen

t sy

stem

may

not

be

effe

ctiv

e.

M

Act

ion

Plan

be

im

plem

ente

d

Ris

k M

anag

emen

t Co-

Ord

inat

or

Dec

embe

r 20

17

Fr

aud

an

d C

orru

pti

on

Mit

igat

ion

Str

ateg

y

17

Opp

ortu

nitie

s av

aila

ble

to

ensu

re t

hat

the

Cou

ncils

Fra

ud

and

Cor

rupt

ion

miti

gatio

n st

rate

gy r

efle

cts

best

pra

ctic

e

Cou

ncils

Fr

aud

and

Cor

rupt

ion

Miti

gatio

n Str

ateg

y m

ay

not

be

effe

ctiv

e.

M

Act

ion

Plan

be

im

plem

ente

d

Inte

rnal

Aud

itor

D

ecem

ber

2017

In

form

atio

n T

ech

no

log

y/S

yste

ms

18

IT G

uide

lines

and

Pro

cedu

res:

Th

e do

cum

ents

on

the

port

al a

t h

ttp:

//se

amle

ss.t

hehi

lls.n

sw.g

ov.a

u/Sta

ff-

Res

ourc

es/G

over

nanc

e/Pr

oced

ures

are

out

of

date

Out

dat

ed g

uida

nce

avai

labl

e to

sta

ff.

M

Upd

ate

guid

elin

es

and

proc

edur

es

Man

ager

–

Info

rmat

ion

Tech

nolo

gy

Jun

e 20

17

19

Pass

wor

ds:

From

w

orks

un

dert

aken

it

appe

ars

that

st

aff

shar

e pa

ssw

ords

an

d w

ould

sh

are

pass

wor

ds

if re

ques

ted

by t

heir M

anag

er o

r G

ener

al

Man

ager

. Th

is

has

been

iden

tifie

d in

Fra

ud C

ontr

ol

guid

ance

as

a H

igh

frau

d risk

.

Cou

ncils

IT

se

curity

m

ay

not

be

effe

ctiv

e H

IT t

ake

actio

n to

rem

ind

staf

f of

th

e Cou

ncils

re

quirem

ents

con

cern

ing

pass

wor

ds

and

IT

secu

rity

.

Man

ager

–

Info

rmat

ion

Tech

nolo

gy

Jun

e 20

17

PAGE 84


Au

dit

Ob

serv

atio

ns

Effe

ct

Ris

k R

atin

g

Rec

omm

end

atio

n

and

ag

reed

Act

ion

Pla

n

Res

pon

sib

le

Man

ager

To

be

imp

lem

ente

d

by

dat

e:

Sta

tus

at

15

M

ay

20

17

20

Cor

pora

te

Doc

umen

ts

in

Cou

ncils

co

rpor

ate

syst

em:

prev

ious

ly it

was

iden

tifie

d th

at

the

Cou

ncil

was

us

ing

a nu

mbe

r of

sys

tem

s ou

tsid

e th

e co

rpor

ate

syst

em

whe

re

Cou

ncil

info

rmat

ion

may

be

st

ored

.

Info

rmat

ion

in

Cou

ncils

co

rpor

ate

syst

ems

may

not

be

com

plet

e.

H

Proc

ess

be

unde

rtak

en

to d

eter

min

e th

e ex

tent

of

info

rmat

ion

not

stor

ed

in t

he C

ounc

il co

rpor

ate

syst

ems.

App

ropr

iate

ac

tion

be

take

n to

en

sure

th

at

the

iden

tifie

d in

form

atio

n is

pl

aced

int

o th

e Cou

ncils

co

rpor

ate

syst

ems

on a

tim

ely

basi

s

Coo

rdin

ator

–

Cus

tom

er

Ser

vice

/ M

anag

er

– In

form

atio

n Te

chno

logy

Jun

e 20

17

21

Evid

ence

was

fou

nd t

hat

som

e st

aff

mem

bers

ha

d an

in

appr

opriat

e le

vel o

f ac

cess

to

Cou

ncils

cor

pora

te s

yste

ms.

Una

utho

rise

d st

aff

acce

ssin

g sy

stem

s an

d Cou

ncil

docu

men

ts/i

nfor

mat

ion.

H

Acc

ess

be r

evie

wed

and

ap

prop

riat

e ch

ange

s be

m

ade.

All

Man

ager

s J

une

2017

22

Aut

omat

ic

logo

ut

of

Cou

ncils

sy

stem

s: T

his

cont

rol

that

was

pr

evio

usly

in

pl

ace

has

been

tu

rned

off

by

IT.

Una

utho

rise

d st

aff

acce

ssin

g sy

stem

s ha

s be

en id

entif

ied

in F

raud

Con

trol

gu

idan

ce a

s a

Hig

h fr

aud

risk

Una

utho

rise

d st

aff

acce

ssin

g sy

stem

s an

d Cou

ncil

docu

men

ts/i

nfor

mat

ion.

M

Aut

omat

ic

Logo

uts

be

revi

ewed

by

IT

an

d im

plem

ente

d w

here

ap

prop

riat

e.

Man

ager

–

Info

rmat

ion

Tech

nolo

gy

Jun

e 20

17

23

Sta

ff a

re n

ot a

war

e of

Cou

ncils

IT

se

curity

po

licy

and

requ

irem

ents

. Cou

ncils

IT

se

curity

m

ay

not

be

effe

ctiv

e w

ith r

espe

ct t

o st

aff.

M

Act

ion

be t

aken

to

rais

e st

affs

aw

aren

ess

of

its

IT s

ecur

ity r

equi

rem

ents

Man

ager

–

Info

rmat

ion

Tech

nolo

gy

Jun

e 20

17

PAGE 85


PAGE 86

ITEM-4 GENERAL MANAGER AND ACTING GENERAL MANAGER'S EXPENSES

DOC INFO







AUTHOR: ACTING GENERAL MANAGER

MICHAEL EDGAR


MICHAEL EDGAR

HISTORY At the Council meeting of 12 October 2004, the Council adopted a Notice of Motion as follows:- 1. The General Manager’s expenses be reviewed and approved by the Mayor prior to

payment. 2. After Approval, the expenses be submitted to the Audit Committee for notation. REPORT A listing of the General Manager’s and Acting General Managers expenses incurred since last reported on 12 December 2016 will be tabled at the Audit Committee Meeting. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. The General Managers expenses are met from Councils adopted budget. The Hills Future - Community Strategic Plan The disclosure of the General Managers expenses ensures that the Council is transparently governed. RECOMMENDATION 1. The report be received.

2. The expenses tabled (which outlines a total of $314.48 for the General Manager and $228.41 for the Acting General Manager) be noted


PAGE 87

ITEM-5 QUESTIONS AND ANSWERS - AUDIT COMMITTEE MEETING - 12 DECEMBER 2016


OUTCOME: 1 Value our customers, engage with and inform our community and advocate on their behalf

STRATEGY:

1.1 Facilitate strong two way relationships and partnerships with the community, involve them in local planning and decision making and actively advocate community issues to other levels of government.





KERRIE WILSON


MICHAEL EDGAR

REPORT Attached to this report are the responses for the questions asked at the Audit Committee Meeting held on 12 December 2016. IMPACTS Financial This matter has no direct financial impact upon Council's adopted budget or forward estimates. The Hills Future - Community Strategic Plan The Audit Committee of Council ensures that Council maintains sound governance based on transparency and accountability. RECOMMENDATION The report be received. ATTACHMENTS 1. Questions & Answers – Audit Committee 12 December 2016 (1 page)


PAGE 88

ATTACHMENT 1

COUNCILLORS QUESTIONS WITHOUT NOTICE

INTERNAL AUDIT MEETING 12 DECEMBER 2016

MINUTE NO.

QUESTION REFERRED TO

62 FINANCIAL IMPACT FROM BOUNDARY ADJUSTMENT WITH THE CITY OF PARRAMATTA COUNCIL

GENERAL MANAGER

Mr Bland requested a brief update from the General Manager on how Council’s loss of land below the M2 to the City of Parramatta Council has impacted financially and what problems are being experienced. The General Manager advised the net loss of revenue is approximately $8.5M which will be addressed in the first couple of years through lower transfers to reserves until the impact of the revenue from the future growth in the northern part of the Shire. The other major impact is in terms of staff numbers, with staff protected for 3 years, however, Parramatta has chosen to take on the staff from the childcare centre in North Rocks and the library in Carlingford. For a couple of years there will be an overlap of “surplus” staff, however in the lead up to the proposed change there were approximately 50 vacancies, including 18 outdoor staff, and this will minimise the impact. There will also be an impact on staff budgets because of the fact that there is staff protection for 3 years. Despite the loss of revenue Council is still Fit for the Future and meets all the Government ratios.

RESPONSE Answered at the meeting. MINUTE NO.

QUESTION REFERRED TO

63 CHRISTMAS WISHES GENERAL MANAGER Mr Blair, Adjunct Professor Jim Taggart OAM and Councillor Thomas

wished all Councillors, staff and colleagues on the Audit Committee a very happy Christmas and prosperous New Year.

RESPONSE No response is required.

Date post:	11-Oct-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times