AUDIT, RISK AND IMPROVEMENT
COMMITTEE AND
INTERNAL AUDIT
Annual Report 2020
ARIC and Internal Audit Annual Report 2
ARIC and Internal Audit Annual Report 3
About the report This annual report documents the operation and
activities of the Audit Risk & Improvement
Committee and the Internal Audit function for
Georges River Council for 2020.
Georges River Council’s Audit, Risk and
Improvement Committee (ARIC) provides Council
with independent assurance and assistance on
its compliance, risk management, financial
management, governance, audit, fraud control
and service delivery responsibilities.
From 1 January to 28 September 2020, there
were 3 independent members and 2 councillors
on the Committee. At the Extraordinary Council
meeting on the 28 September 2020, Council
resolved that councillor representation on ARIC
be discontinued. This decision aligns to the
proposed Office of Local Government changes
relating to Internal Audit expected in 2021.
From 28 September the ARIC comprises 3
independent members.
Purpose of this report The purpose of this report is tabled under
Clause 5.1 of the ARIC Charter which
requires that:
The Committee through the Chairperson
shall submit and present on an annual basis,
a formal report to Council outlining the
Committee’s major achievements, issues
identified and other relevant matters, to a
closed session of a Council meeting.
As the Committee’s achievements are
closely linked to the Internal Audit activities,
it is appropriate that both are recounted in
the same report.
ARIC and Internal Audit Annual Report 4
AUDIT, RISK AND IMPROVEMENT COMMITTEE
How the Committee fits in with the Community Strategic
Plan The Committee has been identified as a key element within Council’s Delivery Program and
Operational Plan under Pillar 6 - Leadership and Transparency. More specifically, the
Committee’s relationship with the Delivery Program has been captured under Goal 6.2 -
Open, informed and transparent decision-making supports the interests of the community with
the following strategies for 2019/20 and 2020/21:
The Committee is on target to achieve all these outcomes.
ARIC and Internal Audit Annual Report 5
Member Profiles Georges River Council’s ARIC has been established as an advisory committee of Council to
provide independent assurance. Members have varied qualifications and experience which
contribute to the effectiveness of the Committee.
Here is a snapshot of the members:
Councillors (on ARIC up to 28 September 2020)
Councillor Christina Wu
T 0400 241 851
Political Party: Liberal Party
First elected as a Councillor in 2012-2016, Cr Wu
runs an accounting firm with her husband and is
of Chinese and Korean background, speaking
both languages fluently. Cr Wu holds a Bachelor
of Law Degree, a Master of Commerce with a
Major in Accounting and Minor in Taxation Law
from Sydney University as well as a Master of
International Business from the University of
Wollongong.
Cr Wu has served on many Committees for the
previous Hurstville City Council and this
experience includes chairing both the
Multicultural and Community Safety Committee
as well as co-chairing the Lunar New Year
Committee. Cr Wu will continue to make the
Hurstville Ward a better place to live and work
and is committed to protecting our suburbs from
inappropriate overdevelopment and in assisting
small businesses by reducing red tape. She
wants to fix parking problems by introducing a
Georges River Council commuter parking master
plan and to upgrade the local hospital by working
closely with the NSW State Government on the
St George Hospital.
Councillor Warren Tegg
T 0427 671 666
Political Party: Australian Labor Party
First elected to Georges River Council in
September 2017, Cr Tegg was born in and is a
current resident of Penshurst and works as the
Director of Policy at the Australian Manufacturing
Workers' Union, where he campaigns to protect
workers' rights. He has previously worked for the
Minister for Communications and the Shadow
Minister for Defence. Cr Tegg holds a Bachelor of
Science and a Bachelor of Arts at Sydney
University, and a Masters of Politics and Public
Policy at Macquarie University.
Cr Tegg is on the Community and Culture, and
Assets and Infrastructure Standing Committees
and the Audit, Risk and Improvement Committee
for Georges River Council. Cr Tegg wants to
ensure that Council looks after the basics
including roads, footpaths, parks and community
spaces. He also wants to make sure that Council
delivers new infrastructure that meets the needs
of all current and future residents. He plans to
address a range of important policy issues
affecting local residents, including rental housing
affordability, increased quality and green space in
new developments and proper governance at
Council.
ARIC and Internal Audit Annual Report 6
Independent Members
Left to Right - Mr Stephen Horne, Ms Elizabeth Gavey, Mr John Gordon (Chair)
John Gordon – Committee Chair
B.Comm.(hons.), FCA, CPA, AGIA, ACG, AIIA (Aust.),
MAICD, JP.
John was appointed to the Committee as Chair since
formation of the Committee in August 2016. He is an
assurance, risk and corporate governance specialist.
John had a career of over 30 years, 22 as an
Audit/Assurance Partner with PwC
(PricewaterhouseCoopers) and predecessor firms.
Clients covered a broad range of organisations
including listed public companies across most industry
sectors. Public Sector clients including Federal, State
and Local Governments comprised approximately 30
% of John’s portfolio. John served in the roles of
Hunter Region Managing Partner; NSW Local
Government Leader; National Staff Partner, and
National Risk Management Partner for the Resources,
Services and Government Division of PwC.
Since 2009, John works in governance and risk. He
has served with Audit & Risk Committees for over 20
ACT, NSW State and NSW Local Government
agencies as well as not-for-profit organisations. He is
a Board Member for South Western Sydney Local
Health District, chairs the Finance and Assets
Committee, is a member of the Audit & Risk
Committee and the Research & Teaching Committee.
John is chair or member of 13 Audit & Risk
Committees including 9 in NSW Local Government.
Stephen Horne-Committee Member
PFIIA-Aus., CIA, CGAP, CRMA, FGIA, GAICD, B Bus, Grad Cert Mgt Comm, Grad Cert Fraud Control, Cert Public Admin, MIPAA,
Stephen had a 38-year career in the NSW public
sector. His executive roles included Assistant
Auditor-General for NSW, looking after Performance
Audits, and Chief Executive of IAB, a Government
Trading Enterprise undertaking internal audits and
misconduct investigations for NSW State
Government and Local Government bodies.
In 2015 Stephen established Checks Balances &
Integrity, offering services as a professional Non-
Executive Director and a specialist adviser,
consultant and trainer in the fields of integrity and
culture, probity, fraud control, risk, governance and
internal audit.
Stephen serves as an independent member on a
number of Audit & Risk Committees for the
Commonwealth, NSW State, and Local Government
bodies in NSW and Victoria, and currently chairs five
(5) of these.
Elizabeth Gavey-Committee Member B Com (Economics) LLB GAICD
Elizabeth joined Georges River Council’s Audit Risk
and Improvement Committee as an independent
member when it was first constituted in August 2016.
She also serves on the Audit Risk and Improvement
Committees for 4 other Local Councils in New South
Wales and on the Audit and Risk Committee for the
NSW Electoral Commission.She has 30 years’ plus
experience gained in commercial law, investment
banking and the health sector and is an experienced
Company Director in the Not for Profit sector.
ARIC and Internal Audit Annual Report 7
How the Committee is
supported by Legislation The Committee has been operating in its
current format for 3 years. This was done to
pre-empt the new Local Government
(Planning and Governance) Amendment
Act 2016 Section 428A which mandates the
requirement for an Audit, Risk and
Improvement Committee and specifies their
responsibilities. The legislation was due to
take effect in March 2021 but has been
extended due to COVID-19, likely to be
March 2022.
Georges River Council took a proactive
position to implement the ARIC and its
operations earlier to support a sound
governance framework and to provide
greater assurance around Council’s
activities.
What the Committee is
tasked to do The Committee operates under the Audit,
Risk and Improvement Committee Charter
which reflects the guidelines provided by
the NSW Office of Local Government and
industry best practice. The Charter was
adopted by Council on 1 May 2017 and
includes the new legislative responsibilities.
The primary role of the Committee is
contained in the Charter:
The primary role of the Audit, Risk and
Improvement Committee of the Georges
River Council is to advise Council on Audit,
Governance, Risk Management and
Business Improvement related matters,
policy and strategies, within the
Committee’s capabilities and working to an
Audit Plan that encourages good
governance, External and Internal Audit,
and attention to Business Improvement,
also providing independent, objective
assurance about the effectiveness of
Council’s risk mitigation controls.
The Charter contains a number of
administrative requirements and also
prescribes the main responsibilities of the
Committee into broad categories:
Compliance
Risk Management
Fraud Control
Financial Management
Governance
Service Reviews
Implementation of the strategic plan,
delivery program and strategies
Collection of performance
measurement data
The Committee annually adopts a forward
responsibility meeting plan that ensures
coverage of these responsibility areas
over a twelve-month period. Committee
meeting agendas are divided into these
categories with specific topics under each.
Key achievements of the
Committee The Committee reviewed all
responsibility categories required by
the Charter over the course of the
year. This was facilitated by the
adoption of a Forward Responsibility
Calendar in 2019, which reflects the
requirements of the Charter and
Legislation, allocating the varying
responsibilities to nominated meetings
across a 12-month period to ensure
complete coverage.
Key achievements include:
On target with the risk-based Audit
Plan 2018-2021
Endorsement of a comprehensive
and risk-based Internal Audit
Program for 2020/21
Monitoring and review of Council’s
response to COVID-19 and the
ARIC and Internal Audit Annual Report 8
Economic & Social Recovery Plan
associated with it
Monitoring and review of the
Mayor and General Manager
delegations and decisions register
during the COVID-19 period
Recommendation to Council on
addressing the Long-Term
Financial Plan and sustainability
concerns
Review and updates on
combustible cladding compliance
and Council’s Fire Safety Protocol
Review and updates on Council’s
Cybersecurity regime and controls
Review of the Top 2 risks per
Division
Review of major projects and
whether the project risks are being
managed
Oversight of implementation of the
External Audit Management Letter
recommendations
Continued oversight of the
development of Risk
Management, Compliance and
Governance Frameworks within
the merged council arrangement
Continuation of pre-meeting
information briefing sessions to
gain greater insights and
understanding of Council
Early review of the Draft Financial
Statements for the year ended 30
June 2020 in September 2020 and
subsequent review of finalised
Financial Statements on 16
October 2020.
ARIC and Internal Audit Annual Report 9
Committee assessment of key responsibility areas for
2020 The Committee has assessed the key responsibility areas as follows:
Measures
Baseline
Compliance
Specific areas of compliance well established including
work health safety, financial reporting. Comprehensive
Council-wide compliance risk framework remains under
development.
Risk Management
ERM is under development and at an emergent level of
maturity, though continual improvement in maturity is
noted by ARIC. Commitment by management to a strong
risk culture is evident.
Fraud Control
This area needs to be re-visited in context of the AONSW
fraud risk assessment checklist.
Governance
Governance processes developing.
Financial Management
Management has largely overcome considerable issues
in merging two legacy council systems. Further
consolidation continues to achieve optimal systems.
Council is aware of its tight fiscal constraints with current
budget projections. The ARIC has commented on the
need for income growth, careful monitoring and prudence
in this area.
Strategic Plan, Delivery Program &
Strategies
Mature reporting of outcomes against plan objectives has
been received and noted by the ARIC.
Service Reviews
As above.
Performance Measurement Data
As above.
Overall
Council has worked diligently to address the challenges
from the amalgamation and in establishing sound
governance practices. The ARIC notes considerable
progress in development of robust governance systems
and expects there will be continued progress in 2020/21.
ARIC and Internal Audit Annual Report 10
Committee Dashboard
1. Participation in meetings during 2020
The Committee has four (4) scheduled normal meetings during the year and one special
meeting for the review and endorsement of the financial statements (19 October 2020).
Attendance to the date of this report is as follows (precludes the 21 December 2020
meeting):
Name
Role
Eligible
Attended
John Gordon Independent Chair 4 3
Elizabeth Gavey Independent 4 4
Stephen Horne Independent 4 4
Christina Wu Councillor 3 0
Warren Tegg Councillor 3 3
Non-Committee Regular Attendees
NSW Audit Office NSW Audit Office 4 2
Deloitte’s External Audit Contractor 4 2
Gail Connolly General Manager 5 3
Juliette Hall Chief Audit Executive 4 3
David Tuxford Director, Business & Corporate Services 4 2
Danielle Parker Chief Financial Officer 4 4
Popy Mourgelas Manager, Governance & Risk 3 3
Roxanne Thornton Executive Manager, Office of the General Manager
3 1
ARIC and Internal Audit Annual Report 11
2. ARIC Business Papers and Reports reviewed
Meeting Date Number of Papers/Reports
reviewed and discussed
Pre-Meeting
Information Sessions
23 March 2020
16 2
13 July 2020 13 1
21 September 2020
14 1
19 October 2020
Special Financial Statements “in-camera” meeting with external auditors
1 0
21 December 2020
13 scheduled 0 scheduled
3. Committee Actions Register
The Committee Actions Register includes items raised by ARIC members for action/re-submission. Number of actions raised - 17 Number of actions completed - 12 Number of actions due to next/future meeting - 5
ARIC and Internal Audit Annual Report 12
4. Internal Audit Reports & Recommendations considered
Audit Name No. of Recommendations ARIC Meeting Date
Enterprise Risk Management
5 23 March 2020
Time Management
24 23 March 2020
Fire Safety Processes & Compliance
49 23 March 2020
Credit Card Transactions
6 23 March 2020
Contract Management
15 13 July 2020
Section 356 (Financial Assistance)
22 13 July 2020
RMS DRIVES Annual Terms of Agreement Compliance Audit
7 21 September 2020
Procurement Services Review
3 21 September 2020
IT External Penetration Testing & Vulnerability
9 21 December 2020 (Proposed)
IT WIFI Penetration Testing & Vulnerability
3 21 December 2020 (Proposed)
Total Recommendations Reviewed
143
Other activities included:
Oversighting the governance, fraud control and risk management framework
Monitoring the status of audit recommendations
Monitoring the status of the 3-year Audit Plan and Annual Audit Program
Oversighting Councillors Expenses in accordance with the Councillors
Expenses Policy and reviewing comparative expenditure with other Councils.
Oversighting External Audit Management Letter and Engagement Plan
Revisiting prior audits for status updates
Reviewing IP&R results and reporting
Reviewing GIPA and Office of Local Government reporting statistics
Review of the Audit Risk & Improvement Committee Charter
In-camera meeting with the external auditors
Completion of annual declarations of interests by all Committee members.
ARIC and Internal Audit Annual Report 13
INTERNAL AUDIT
Internal Auditor
Council has a full-time qualified Chief Audit Executive (CAE), Juliette Hall, reporting
administratively to the General Manager and functionally to the Audit Risk & Improvement
Committee. The CAE is a member of the Institute of Internal Auditors and, by being so, is
required to comply with the International Standards for the Professional Practice of Internal
Auditing.
This position strives to support the Committee as well as performing other internal audit
functions included in an Internal Audit Charter. This includes developing and implementing the
3-year risk-based Audit Plan, carrying out/coordinating internal audits, providing related
consultancy advice and conducting related investigations.
The CAE has the facility to engage experienced contractors to undertake independent
selected reviews and internal audits.
ARIC and Internal Audit Annual Report 14
Internal Audit Plan During 2020, substantial progress was made on the 3-year 2018-2021 Audit Plan,
despite COVID-19 restrictions.
The following table indicates the 2020 Annual Audit Program status.
Audit Status
Credit Card Transactions (unscheduled) ARIC Report: 23 March 2020
Time Management ARIC Report: 23 March 2020
Fire Safety Processes & Compliance ARIC Report: 23 March 2020
Enterprise Risk Management ARIC Report: 23 March 2020
Contract Management ARIC Report: 13 July 2020
Section 356 (Financial Assistance) (originally
scheduled for 2021)
ARIC Report: 13 July 2020
Procurement Service Review (unscheduled) ARIC Report:21 September 2020
RMS DRIVES Terms of Agreement Annual
Compliance audit
ARIC Report:21 September 2020
IT External Penetration & Vulnerability Testing ARIC Report: 21 December 2020
IT WIFI Penetration & Vulnerability Testing ARIC Report: 21 December 2020
Cash Management Deferred to 2021 due to COVID-19
Payroll Controls Deferred to 2021 due to new system
implementation & COVID-19
ICAC Investigation Outcomes (Operation Dasha) ICAC Report not yet released
ARIC and Internal Audit Annual Report 15
Other audit activities
undertaken
The following other audit activities have been performed by the CAE during the period:
Development of a more efficient
and streamlined system for
recording and follow up of audit
recommendations
Review of Certification Service
processes
Provision of corporate advice on
various topics
Facilitation and investigative work
on behalf of the General Manager
Committee secretariat functions
Performance of duties as an
Executive Member of the Local
Government Internal Auditors
Network (LGIAN)
Coordinated responses to and
action required in relation to
recommendations relating to the
NSW Audit Office performance
audits and ICAC investigations
Complaint Coordinator and PID
officer functions
ARIC and Internal Audit Annual Report 16
NEXT YEAR
Proposed requirements affecting the Internal Audit
function and Audit Risk and Improvement
Committee.
The Office of Local Government (OLG)
issued “A new risk management and
internal audit framework for local
councils in NSW” Discussion Paper in
September 2019. Feedback for this
closed on 31 December 2019.
The CAE and Manager, Risk
Management and Governance provided
a briefing to Council on the proposed
changes in November 2019.
The Discussion Paper intended to
reflect the legislative changes made in
Local Government Act in 2016
specifically relating to Section 428A and
to provide more guidance around the
new legislation and greater onus on
councils to have a mandatory internal
audit function and Audit, Risk and
Improvement Committee with specific
conditions and requirements.
Georges River Council has already pre-
empted many of the likely requirements
and is in a good position to adjust to
others as required by the extended
2022 deadline.
In addition, the NSW Audit Office is
becoming more robust and targeted in
the conduct of its financial and
performance audits, since becoming the
external auditor for local government in
NSW in 2016.
In 2019, Georges River Council was
selected by the NSW Audit Office to be
included in their Procurement
performance audit review being
conducted across 6 (six) councils. This
audit is expected to be completed in
December 2020.
Council has worked cooperatively with
the NSW Audit Office with their
representative being a regular invitee to
all Committee meetings. It is anticipated
that this cooperative relationship will
continue in to the future. The NSW
Audit Office has advised Councils of
their areas of focus for both financial
audits and performance audits in 2020.
………………………………………………….
ARIC and Internal Audit Annual Report 17
Conclusion
The Internal Audit function has implemented a number of changes during the period
in preparation for the future requirements of the Office of Local Government and the
Audit Office of NSW. The function has also assisted the Audit Risk and Improvement
Committee in providing a more disciplined and robust approach to coverage of
responsibilities. The second year of the Internal Audit Plan 2018-2021 has been
completed and is on target albeit ambitious with COVID-19 impacts.
The ARIC has fulfilled its responsibilities under the Audit Risk & Improvement
Committee Charter for the period and has a plan to continue to do so, via the
adoption of the rolling forward responsibility calendar. The Committee has operated
cooperatively to provide feedback and assurance to management and Council.
I would like to take this opportunity to thank my fellow Committee members,
management and staff and the external audit team for their forthrightness and
cooperation in the operation and outcomes of the Committee during 2020.
John Gordon
Chair, Georges River Council
Audit, Risk and Improvement Committee
December 2020
ARIC and Internal Audit Annual Report 18