Notice of Meeting
Audit, Risk and Improvement Committee Meeting
An Audit, Risk and Improvement Committee Meeting of Byron Shire Council will be held as follows:
Venue |
Council Chambers, Station Street, Mullumbimby |
Date |
Thursday, 20 August 2020 |
Time |
11.30am |
Vanessa Adams
Director Corporate and Community Services, I2020/1198
Distributed 13/08/20
CONFLICT OF INTERESTS
What is a “Conflict of Interests” - A conflict of interests can be of two types:
Pecuniary - an interest that a person has in a matter because of a reasonable likelihood or expectation of appreciable financial gain or loss to the person or another person with whom the person is associated.
Non-pecuniary – a private or personal interest that a Council official has that does not amount to a pecuniary interest as defined in the Code of Conduct for Councillors (eg. A friendship, membership of an association, society or trade union or involvement or interest in an activity and may include an interest of a financial nature).
Remoteness – a person does not have a pecuniary interest in a matter if the interest is so remote or insignificant that it could not reasonably be regarded as likely to influence any decision the person might make in relation to a matter or if the interest is of a kind specified in the Code of Conduct for Councillors.
Who has a Pecuniary Interest? - a person has a pecuniary interest in a matter if the pecuniary interest is the interest of the person, or another person with whom the person is associated (see below).
Relatives, Partners - a person is taken to have a pecuniary interest in a matter if:
§ The person’s spouse or de facto partner or a relative of the person has a pecuniary interest in the matter, or
§ The person, or a nominee, partners or employer of the person, is a member of a company or other body that has a pecuniary interest in the matter.
N.B. “Relative”, in relation to a person means any of the following:
(a) the parent, grandparent, brother, sister, uncle, aunt, nephew, niece, lineal descends or adopted child of the person or of the person’s spouse;
(b) the spouse or de facto partners of the person or of a person referred to in paragraph (a)
No Interest in the Matter - however, a person is not taken to have a pecuniary interest in a matter:
§ If the person is unaware of the relevant pecuniary interest of the spouse, de facto partner, relative or company or other body, or
§ Just because the person is a member of, or is employed by, the Council.
§ Just because the person is a member of, or a delegate of the Council to, a company or other body that has a pecuniary interest in the matter provided that the person has no beneficial interest in any shares of the company or body.
Disclosure and participation in meetings
§ A Councillor or a member of a Council Committee who has a pecuniary interest in any matter with which the Council is concerned and who is present at a meeting of the Council or Committee at which the matter is being considered must disclose the nature of the interest to the meeting as soon as practicable.
§ The Councillor or member must not be present at, or in sight of, the meeting of the Council or Committee:
(a) at any time during which the matter is being considered or discussed by the Council or Committee, or
(b) at any time during which the Council or Committee is voting on any question in relation to the matter.
No Knowledge - a person does not breach this Clause if the person did not know and could not reasonably be expected to have known that the matter under consideration at the meeting was a matter in which he or she had a pecuniary interest.
Non-pecuniary Interests - Must be disclosed in meetings.
There are a broad range of options available for managing conflicts & the option chosen will depend on an assessment of the circumstances of the matter, the nature of the interest and the significance of the issue being dealt with. Non-pecuniary conflicts of interests must be dealt with in at least one of the following ways:
§ It may be appropriate that no action be taken where the potential for conflict is minimal. However, Councillors should consider providing an explanation of why they consider a conflict does not exist.
§ Limit involvement if practical (eg. Participate in discussion but not in decision making or vice-versa). Care needs to be taken when exercising this option.
§ Remove the source of the conflict (eg. Relinquishing or divesting the personal interest that creates the conflict)
§ Have no involvement by absenting yourself from and not taking part in any debate or voting on the issue as of the provisions in the Code of Conduct (particularly if you have a significant non-pecuniary interest)
RECORDING OF VOTING ON PLANNING MATTERS
Clause 375A of the Local Government Act 1993 – Recording of voting on planning matters
(1) In this section, planning decision means a decision made in the exercise of a function of a council under the Environmental Planning and Assessment Act 1979:
(a) including a decision relating to a development application, an environmental planning instrument, a development control plan or a development contribution plan under that Act, but
(b) not including the making of an order under that Act.
(2) The general manager is required to keep a register containing, for each planning decision made at a meeting of the council or a council committee, the names of the councillors who supported the decision and the names of any councillors who opposed (or are taken to have opposed) the decision.
(3) For the purpose of maintaining the register, a division is required to be called whenever a motion for a planning decision is put at a meeting of the council or a council committee.
(4) Each decision recorded in the register is to be described in the register or identified in a manner that enables the description to be obtained from another publicly available document, and is to include the information required by the regulations.
(5) This section extends to a meeting that is closed to the public.
BYRON SHIRE COUNCIL
Audit, Risk and Improvement Committee Meeting
2. Declarations of Interest – Pecuniary and Non-Pecuniary
3. Adoption of Minutes from Previous Meetings
3.1 Audit, Risk and Improvement Committee Meeting held on 14 May 2020
4. Staff Reports
Corporate and Community Services
4.1 Draft Audit, Risk and Improvment Committee Constitution and 2021 Agenda Schedule 4
4.2 Annual Compliance Report 2019-2020........................................................................... 25
5. Confidential Reports
Corporate and Community Services
5.1 Confidential - Risk Management- Update.............................................................. 42
5.2 Confidential - Audit Progress Report - August 2020............................................... 43
5.3 Confidential - Cyber Security and System Outages Quarterly Update................. 44
5.4 Confidential - Development Application Processes Audit Review......................... 46
5.5 Confidential - 2020 External Audit Interim Audit Management Letter.................... 47
5.6 Confidential - External Audit Actions - Quarter 4 2020 Update.............................. 48
BYRON SHIRE COUNCIL
Staff Reports - Corporate and Community Services 4.1
Staff Reports - Corporate and Community Services
Report No. 4.1 Draft Audit, Risk and Improvment Committee Constitution and 2021 Agenda Schedule
Directorate: Corporate and Community Services
Report Author: Emma Fountain, Strategic Risk & Business Continuity Coordinator
File No: I2020/1022
Summary:
The purpose of this report is to present a draft Constitution and 2021 Agenda Schedule for consideration and endorsement by the Audit, Risk and Improvement Committee.
RECOMMENDATION: That the Audit, Risk and Improvement Committee:
1. Considers the draft Audit, Risk and Improvement Committee Constitution (E2020/46708) and provides feedback to the Chair by 3 September 2020
2. Submits the Audit, Risk and Improvement Committee Constitution, with any amendments based on feedback from the Committee, to Council for adoption
3. Considers and endorses the Agenda Schedule for 2021 (E2020/46705)
|
1 Audit Risk
and Improvement Committee Constitution (current), E2020/46719 , page 6⇩
2 Audit Risk
and Improvement Committee Constitution (draft), E2020/46708 , page 15⇩
3 Audit Risk
and Improvement Committee Annual Agenda Schedule 2021 (draft), E2020/46705 ,
page 24⇩
REPORT
The current Constitution was scheduled for review by Council and ARIC in August 2019 (Attachment 1). The Strategic, Risk & Business Coordinator has undertaken a preliminary review of the Constitution and prepared a draft revised Constitution (Attachment 2) and suggested 2021 Agenda Schedule (Attachment 3) for consideration by ARIC.
The draft Constitution clarifies the roles and responsibilities of ARIC as set out in the Local Government Act 1993 (Act) and with reference to the proposed risk management and internal audit framework developed by the Office of Local Government. The draft Constitution also provides for ARIC to prepare an annual self assessment performance report.
The draft 2021 Agenda Schedule contains items to be considered at each meeting to assist ARIC in fulfilling its obligations under the Constitution and the Act. It should be noted that the meetings in the draft 2021 Agenda Schedule are based on the 2020 meeting schedule as the meeting dates for 2021 are generally finalised in November.
Risk
This review addresses the following risk issues identified in the External Audit 2019 Year End Management Letter (E2020/103):
Risk Issue |
Recommendation |
16: Risk Management Oversight |
The ARIC should undertake a review of its Terms of Reference and identify roles and responsibilities not yet fulfilled. The ARIC Chair should prepare an annual report which assesses the Committee’s performance against its Terms of Reference and provide this to Council. |
Next steps
It is envisaged that the Committee will review and finalise the Constitution for adoption by Council and prepare an Agenda Schedule annually thereafter.
STRATEGIC CONSIDERATIONS
Community Strategic Plan and Operational Plan
CSP Objective |
L2 |
CSP Strategy |
L3 |
DP Action |
L4 |
OP Activity |
Community Objective 5: We have community led decision making which is open and inclusive |
5.6 |
Manage Council’s resources sustainably |
5.6.7 |
Develop and embed a proactive risk management culture |
5.6.7.4 |
Manage Audit, Risk and Improvement program including coordinating committee recommendations |
Consultation
The draft Constitution and 2021 Agenda Schedule were endorsed by the Executive Team at the 1 July 2020 meeting.
BYRON SHIRE COUNCIL
Staff Reports - Corporate and Community Services 4.2
Report No. 4.2 Annual Compliance Report 2019-2020
Directorate: Corporate and Community Services
Report Author: Mila Jones, Governance Coordinator
File No: I2020/1055
Summary:
This report presents an update on Council’s compliance with legislative reporting requirements for the 2019-2020 financial year.
RECOMMENDATION: That the Audit, Risk and Improvement Committee notes Council’s compliance with legislative reporting requirements as at 30 June 2020. |
1 Legislative
Compliance Reporting Status 2019-2020 as at 30/06/20, E2020/55206 , page 28⇩
REPORT
At its meeting on 14 May 2020, the Audit, Risk and Improvement Committee received a report on the new Compliance Monitoring and Reporting Framework. This report outlines Council’s compliance with legislative reporting requirements for 2019-2020 and identifies any instances of non-compliance and the corrective action taken.
As a reminder, Council’s Legislative Compliance Reporting Register provides:
· a system to retrospectively report on compliance.
· a systematic approach to the compliance calendar produced by the OLG but also includes various other reporting obligations including those required of environmental planning licences, Government Information (Public Access) Act, Protection of the Environment Operations Act and others.
The register itself will not ensure compliance but provides a tool to ensure Council takes a systematic and comprehensive approach to reviewing and reporting on compliance.
Information/Background:
As at 30 June 2020, the status report at Attachment 1 identifies that there were no breaches or non-compliance with our registered legislative reporting requirements for the full financial year 2019 to 2020. However, following are two matters that warrant an explanation within this report:
1. Councillor Remuneration
The following item has not been registered as a breach, however an explanation is provided below since the status report shows the completion date has been missed. This was the result of a late determination by the Local Government Remuneration Tribunal, which impacted on the usual due date for staff to prepare a report to Council:
Report |
Legislation |
Due |
Reason for delay |
Each council must determine the level of fees for the remuneration of Councillors each year. This is based on the Annual Report and Determination of the Local Government Remuneration Tribunal. |
s 241 of the Local Government Act 1993 |
30 June |
The Tribunal is required to make its annual determination by no later than 1 May each year. This year the determination was completed on 10 June 2020 and circulated to councils on 22 June 2020 via OLG Circular 20-23. A Council report is scheduled for the first available Ordinary Meeting which is being held on 30 July 2020. |
2. Pollution Incident
The Register indicates that there were three pollution incidents. Information provided by our Environmental Programs Officer notes that there was one other pollution incident in mid-February 2020, the impact of which, by the definition of s147 of the POEO Act, may be considered trivial since:
· Council was within its licence to discharge leachate when rainfall exceeds 300mm.
· Council ethically managed the pollution incident to minimise environmental harm.
· Council had an opportunity to release a greater amount of leachate by direction of the licence.
· Council captured and treated most of the leachate that had escaped the storage tanks in the overflow event.
The NSW EPA was notified of the incident and a report was submitted. The outcome of that incident is still pending; therefore it is still unknown whether the NSW EPA will determine whether there is an outcome of environmental harm. As at 23 July 2020, the EPA could not yet confirm whether there was any environmental harm.
STRATEGIC CONSIDERATIONS
Community Strategic Plan and Operational Plan
|
CSP Objective |
L2 |
CSP Strategy |
L3 |
DP Action |
L4 |
OP Activity |
|
Community Objective 5: We have community led decision making which is open and inclusive |
5.6 |
Manage Council’s resources sustainably |
5.6.10 |
Use business insights and strategic business planning to continuously improve (SP) |
5.6.10.2 |
Develop a corporate compliance framework which prescribes Council’s position and approach to corporate compliance |
|
|
Legal/Statutory/Policy Considerations
This report meets the requirements of the Office of Local Government’s proposed Risk Management and Internal Audit Framework, and Council’s Corporate Compliance Framework.
Financial Considerations
Nil
Consultation and Engagement
This status report was presented to the Executive Team on 29 July 2020 following consultation with relevant managers and staff for the completion of this status update.
Confidential Reports - Corporate and Community Services 5.1
Confidential Reports - Corporate and Community Services
Report No. 5.1 Confidential - Risk Management- Update
Directorate: Corporate and Community Services
Report Author: Emma Fountain, Strategic Risk & Business Continuity Coordinator
File No: I2020/953
Summary:
The purpose of this report is to provide an update on the Enterprise Risk Management framework.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Risk Management- Update.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Risk Management
1 Risk Reports (Quarter 4 2020), E2020/49108
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.2
Report No. 5.2 Confidential - Audit Progress Report - August 2020
Directorate: Corporate and Community Services
Report Author: Emma Fountain, Strategic Risk & Business Continuity Coordinator
File No: I2020/954
Summary:
This report presents the Internal Audit Activity Report – August 2020 prepared by Council and the Internal Auditor, O’Connor Marsden and Associates (OCM).
The activity report contains the remaining recommendations from each audit review conducted by Council’s previous internal audit provider as well as recommendations from recently completed audit reviews conducted by OCM.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Audit Progress Report - August 2020.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
nature and content of audit report is for operational purposes
1 Internal Audit Activity Report - August 2020, E2020/60577
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.3
Report No. 5.3 Confidential - Cyber Security and System Outages Quarterly Update
Directorate: Corporate and Community Services
Report Author: Colin Baker, Business Systems and Technology Coordinator
File No: I2020/1113
Summary:
This report provides a summary for cyber security incidents and IT service outages.
No significant cyber incidents or extended IT service outages have been reported during the period of 1 April 2020 to 30 June 2020.
Two cyber security events occurred during this period:
1. An internal review of administrator level privileges
2. Remediation work in response to an alert issued by Cyber Security NSW. Three actions from this alert were recommended for immediate action as detailed below:
Recommendation |
Council Response |
Scan all endpoints to ensure systems have not been compromised
|
Council does not have a network scanning tool in place. But an Intrusion detection function has been implemented with no internal compromises detected |
Apply available security updates to all internet facing services
|
All internet facing corporate systems were reviewed and patched as required |
Implement Multi Factor Authentication (MFA) for remote users |
MFA was scheduled to be implemented in FY 21/22 as part of Council’s security improvements program. Council have now prioritised this work with the aim of implementing in the current financial year.
|
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Cyber Security and System Outages Quarterly Update.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Exposes security risk and vulnerabilities that could assist unauthorised threats to Council's data and systems
1 Confidential - ARIC qtr security incident report July 2020, E2020/56653
2 Confidential - ARIC qtr system outage report July 2020, E2020/56652
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.4
Report No. 5.4 Confidential - Development Application Processes Audit Review
Directorate: Corporate and Community Services
Report Author: Emma Fountain, Strategic Risk & Business Continuity Coordinator
File No: I2020/1179
Summary:
Council’s Internal Auditors, O’Connor Marsden and Associates (OCM), conducted an internal audit review of Development Application Processes. Their report is at Confidential Attachment 1 (E2020/60181).
This audit received a review rating of 2 - Satisfactory and it identified two medium risks. Agreed recommendations and actions are included in Confidential Attachment 1 (E2020/60181).
RECOMMENDATION:
1. That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Development Application Processes Audit Review.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
nature and content of audit report is for operational purposes
1 Internal Audit Review - Development Application Processes - August 2020, E2020/60181
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.5
Report No. 5.5 Confidential - 2020 External Audit Interim Audit Management Letter
Directorate: Corporate and Community Services
Report Author: James Brickley, Manager Finance
File No: I2020/1185
Summary:
Council has received an Interim Audit Management Letter from the External Auditor, the Audit Office of NSW, relating to the 2020 Audit. The Interim External Audit Management Letter details two items for management to consider and provides recommendations to improve internal controls and systems.
Each of the audit matters raised in the 2020 Interim External Audit Management Letter has been identified in this report for consideration by the Audit, Risk and Improvement Committee.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report 2020 External Audit Interim Audit Management Letter.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Nature and content of audit reports is for operational purposes and report details information about Council's systems, controls and processes.
1 Confidential - 2020 Interim Audit Management Letter from the Audit Office of NSW, E2020/60321
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.6
Report No. 5.6 Confidential - External Audit Actions - Quarter 4 2020 Update
Directorate: Corporate and Community Services
Report Author: James Brickley, Manager Finance
File No: I2020/1187
Summary:
This report provides an update on each of the audit matters raised in the 2019 External Audit Year End Management Letter for the quarter ending 30 June 2020.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report External Audit Actions - Quarter 4 2020 Update.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Nature and content of audit reports is for operational purposes and report details information about Council's systems, controls and processes.
1 Confidential - Activity Report - External Audit Recommendations Year End 2019 Quarter 4 2020, E2020/60417