Notice of Meeting

 

 

 

 

 

bsc_logo_150dpi_rgb

 

 

 

Audit, Risk and Improvement Committee Meeting

 

 

An Audit, Risk and Improvement Committee Meeting of Byron Shire Council will be held as follows:

 

Venue

Council Chambers, Station Street, Mullumbimby

Date

Thursday, 20 August 2020

Time

11.30am

 

 

 

 

 

 

 

Vanessa Adams

Director Corporate and Community Services,                                                                 I2020/1198

                                                                                                                                    Distributed 13/08/20

 

 


CONFLICT OF INTERESTS

 

What is a “Conflict of Interests” - A conflict of interests can be of two types:

Pecuniary - an interest that a person has in a matter because of a reasonable likelihood or expectation of appreciable financial gain or loss to the person or another person with whom the person is associated.

Non-pecuniary – a private or personal interest that a Council official has that does not amount to a pecuniary interest as defined in the Code of Conduct for Councillors (eg. A friendship, membership of an association, society or trade union or involvement or interest in an activity and may include an interest of a financial nature).

Remoteness – a person does not have a pecuniary interest in a matter if the interest is so remote or insignificant that it could not reasonably be regarded as likely to influence any decision the person might make in relation to a matter or if the interest is of a kind specified in the Code of Conduct for Councillors.

Who has a Pecuniary Interest? - a person has a pecuniary interest in a matter if the pecuniary interest is the interest of the person, or another person with whom the person is associated (see below).

Relatives, Partners - a person is taken to have a pecuniary interest in a matter if:

§  The person’s spouse or de facto partner or a relative of the person has a pecuniary interest in the matter, or

§  The person, or a nominee, partners or employer of the person, is a member of a company or other body that has a pecuniary interest in the matter.

N.B. “Relative”, in relation to a person means any of the following:

(a)   the parent, grandparent, brother, sister, uncle, aunt, nephew, niece, lineal descends or adopted child of the person or of the person’s spouse;

(b)   the spouse or de facto partners of the person or of a person referred to in paragraph (a)

No Interest in the Matter - however, a person is not taken to have a pecuniary interest in a matter:

§  If the person is unaware of the relevant pecuniary interest of the spouse, de facto partner, relative or company or other body, or

§  Just because the person is a member of, or is employed by, the Council.

§  Just because the person is a member of, or a delegate of the Council to, a company or other body that has a pecuniary interest in the matter provided that the person has no beneficial interest in any shares of the company or body.

Disclosure and participation in meetings

§  A Councillor or a member of a Council Committee who has a pecuniary interest in any matter with which the Council is concerned and who is present at a meeting of the Council or Committee at which the matter is being considered must disclose the nature of the interest to the meeting as soon as practicable.

§  The Councillor or member must not be present at, or in sight of, the meeting of the Council or Committee:

(a)   at any time during which the matter is being considered or discussed by the Council or Committee, or

(b)   at any time during which the Council or Committee is voting on any question in relation to  the matter.

No Knowledge - a person does not breach this Clause if the person did not know and could not reasonably be expected to have known that the matter under consideration at the meeting was a matter in which he or she had a pecuniary interest.

Non-pecuniary Interests - Must be disclosed in meetings.

There are a broad range of options available for managing conflicts & the option chosen will depend on an assessment of the circumstances of the matter, the nature of the interest and the significance of the issue being dealt with.  Non-pecuniary conflicts of interests must be dealt with in at least one of the following ways:

§  It may be appropriate that no action be taken where the potential for conflict is minimal.  However, Councillors should consider providing an explanation of why they consider a conflict does not exist.

§  Limit involvement if practical (eg. Participate in discussion but not in decision making or vice-versa).  Care needs to be taken when exercising this option.

§  Remove the source of the conflict (eg. Relinquishing or divesting the personal interest that creates the conflict)

§  Have no involvement by absenting yourself from and not taking part in any debate or voting on the issue as of the provisions in the Code of Conduct (particularly if you have a significant non-pecuniary interest)

 

RECORDING OF VOTING ON PLANNING MATTERS

Clause 375A of the Local Government Act 1993 – Recording of voting on planning matters

(1)   In this section, planning decision means a decision made in the exercise of a function of a council under the Environmental Planning and Assessment Act 1979:

(a)   including a decision relating to a development application, an environmental planning instrument, a development control plan or a development contribution plan under that Act, but

(b)   not including the making of an order under that Act.

(2)   The general manager is required to keep a register containing, for each planning decision made at a meeting of the council or a council committee, the names of the councillors who supported the decision and the names of any councillors who opposed (or are taken to have opposed) the decision.

(3)   For the purpose of maintaining the register, a division is required to be called whenever a motion for a planning decision is put at a meeting of the council or a council committee.

(4)   Each decision recorded in the register is to be described in the register or identified in a manner that enables the description to be obtained from another publicly available document, and is to include the information required by the regulations.

(5)   This section extends to a meeting that is closed to the public.

 


BYRON SHIRE COUNCIL

Audit, Risk and Improvement Committee Meeting

 

 

BUSINESS OF MEETING

 

1.    Apologies

2.    Declarations of Interest – Pecuniary and Non-Pecuniary

3.    Adoption of Minutes from Previous Meetings

3.1       Audit, Risk and Improvement Committee Meeting held on 14 May 2020

4.    Staff Reports

Corporate and Community Services

4.1       Draft Audit, Risk and Improvment Committee Constitution and 2021 Agenda Schedule 4

4.2       Annual Compliance Report 2019-2020........................................................................... 25     

5.    Confidential Reports

Corporate and Community Services

5.1       Confidential - Risk Management- Update.............................................................. 42

5.2       Confidential - Audit Progress Report - August 2020............................................... 43

5.3       Confidential - Cyber Security and System Outages Quarterly Update................. 44

5.4       Confidential - Development Application Processes Audit Review......................... 46

5.5       Confidential - 2020 External Audit Interim Audit Management Letter.................... 47

5.6       Confidential - External Audit Actions - Quarter 4 2020 Update.............................. 48

 

 


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                            4.1

 

 

Staff Reports - Corporate and Community Services

 

Report No. 4.1             Draft Audit, Risk and Improvment Committee Constitution and 2021 Agenda Schedule

Directorate:                 Corporate and Community Services

Report Author:           Emma Fountain, Strategic Risk & Business Continuity Coordinator

File No:                        I2020/1022

                                       

 

 

Summary:

 

The purpose of this report is to present a draft Constitution and 2021 Agenda Schedule for consideration and endorsement by the Audit, Risk and Improvement Committee.

 

  

 

RECOMMENDATION:

That the Audit, Risk and Improvement Committee:

 

1.       Considers the draft Audit, Risk and Improvement Committee Constitution (E2020/46708) and provides feedback to the Chair by 3 September 2020

 

2.       Submits the Audit, Risk and Improvement Committee Constitution, with any amendments based on feedback from the Committee, to Council for adoption

 

3.       Considers and endorses the Agenda Schedule for 2021 (E2020/46705)

 

 

 

Attachments:

 

1        Audit Risk and Improvement Committee Constitution (current), E2020/46719 , page 6  

2        Audit Risk and Improvement Committee Constitution (draft), E2020/46708 , page 15  

3        Audit Risk and Improvement Committee Annual Agenda Schedule 2021 (draft), E2020/46705 , page 24  

 

 


 

REPORT

 

The current Constitution was scheduled for review by Council and ARIC in August 2019 (Attachment 1). The Strategic, Risk & Business Coordinator has undertaken a preliminary review of the Constitution and prepared a draft revised Constitution (Attachment 2) and suggested 2021 Agenda Schedule (Attachment 3) for consideration by ARIC.

 

The draft Constitution clarifies the roles and responsibilities of ARIC as set out in the Local Government Act 1993 (Act) and with reference to the proposed risk management and internal audit framework developed by the Office of Local Government. The draft Constitution also provides for ARIC to prepare an annual self assessment performance report.

 

The draft 2021 Agenda Schedule contains items to be considered at each meeting to assist ARIC in fulfilling its obligations under the Constitution and the Act. It should be noted that the meetings in the draft 2021 Agenda Schedule are based on the 2020 meeting schedule as the meeting dates for 2021 are generally finalised in November.

 

Risk

 

This review addresses the following risk issues identified in the External Audit 2019 Year End Management Letter (E2020/103):

 

Risk Issue

Recommendation

16: Risk Management Oversight

The ARIC should undertake a review of its Terms of Reference and identify roles and responsibilities not yet fulfilled. The ARIC Chair should prepare an annual report which assesses the Committee’s performance against its Terms of Reference and provide this to Council.

 

Next steps

 

It is envisaged that the Committee will review and finalise the Constitution for adoption by Council and prepare an Agenda Schedule annually thereafter.

 

STRATEGIC CONSIDERATIONS

 

Community Strategic Plan and Operational Plan

 

CSP Objective

L2

CSP Strategy

L3

DP Action

L4

OP Activity

Community Objective 5:  We have community led decision making which is open and inclusive

5.6

Manage Council’s resources sustainably

5.6.7

Develop and embed a proactive risk management culture 

5.6.7.4

Manage Audit, Risk and Improvement program including coordinating committee recommendations

 

Consultation

 

The draft Constitution and 2021 Agenda Schedule were endorsed by the Executive Team at the 1 July 2020 meeting.

 

 


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                 4.1 - Attachment 1

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                 4.1 - Attachment 2

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                                           4.1 - Attachment 3

PDF Creator


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                            4.2

 

 

Report No. 4.2             Annual Compliance Report 2019-2020

Directorate:                 Corporate and Community Services

Report Author:           Mila Jones, Governance Coordinator

File No:                        I2020/1055

                                       

 

 

Summary:

 

This report presents an update on Council’s compliance with legislative reporting requirements for the 2019-2020 financial year.

 

  

 

RECOMMENDATION:

That the Audit, Risk and Improvement Committee notes Council’s compliance with legislative reporting requirements as at 30 June 2020.

 

Attachments:

 

1        Legislative Compliance Reporting Status 2019-2020 as at 30/06/20, E2020/55206 , page 28  

 

 


 

REPORT

 

At its meeting on 14 May 2020, the Audit, Risk and Improvement Committee received a report on the new Compliance Monitoring and Reporting Framework.  This report outlines Council’s compliance with legislative reporting requirements for 2019-2020 and identifies any instances of non-compliance and the corrective action taken.

 

As a reminder, Council’s Legislative Compliance Reporting Register provides:

 

·        a system to retrospectively report on compliance.

·        a systematic approach to the compliance calendar produced by the OLG but also includes various other reporting obligations including those required of environmental planning licences, Government Information (Public Access) Act, Protection of the Environment Operations Act and others.

 

The register itself will not ensure compliance but provides a tool to ensure Council takes a systematic and comprehensive approach to reviewing and reporting on compliance.

 

Information/Background:

 

As at 30 June 2020, the status report at Attachment 1 identifies that there were no breaches or non-compliance with our registered legislative reporting requirements for the full financial year 2019 to 2020.  However, following are two matters that warrant an explanation within this report:

 

1. Councillor Remuneration

 

The following item has not been registered as a breach, however an explanation is provided below since the status report shows the completion date has been missed.  This was the result of a late determination by the Local Government Remuneration Tribunal, which impacted on the usual due date for staff to prepare a report to Council:

 

Report

Legislation

Due

Reason for delay

Each council must determine the level of fees for the remuneration of Councillors each year. This is based on the Annual Report and Determination of the Local Government Remuneration Tribunal.

s 241 of the Local Government Act 1993

30 June

The Tribunal is required to make its annual determination by no later than 1 May each year.  This year the determination was completed on 10 June 2020 and circulated to councils on 22 June 2020 via OLG Circular 20-23. A Council report is scheduled for the first available Ordinary Meeting which is being held on 30 July 2020.

 

2. Pollution Incident

 

The Register indicates that there were three pollution incidents. Information provided by our Environmental Programs Officer notes that there was one other pollution incident in mid-February 2020, the impact of which, by the definition of s147 of the POEO Act, may be considered trivial since:

 

·        Council was within its licence to discharge leachate when rainfall exceeds 300mm.

·        Council ethically managed the pollution incident to minimise environmental harm.

·        Council had an opportunity to release a greater amount of leachate by direction of the licence.

·        Council captured and treated most of the leachate that had escaped the storage tanks in the overflow event.

 

The NSW EPA was notified of the incident and a report was submitted. The outcome of that incident is still pending; therefore it is still unknown whether the NSW EPA will determine whether there is an outcome of environmental harm.  As at 23 July 2020, the EPA could not yet confirm whether there was any environmental harm.

 

STRATEGIC CONSIDERATIONS

 

Community Strategic Plan and Operational Plan

 

CSP Objective

L2

CSP Strategy

L3

DP Action

L4

OP Activity

Community Objective 5:  We have community led decision making which is open and inclusive

5.6

Manage Council’s resources sustainably

5.6.10

Use business insights and strategic business planning to  continuously improve (SP)

5.6.10.2

Develop a corporate compliance framework which prescribes Council’s position and approach to corporate compliance

 

 

Legal/Statutory/Policy Considerations

 

This report meets the requirements of the Office of Local Government’s proposed Risk Management and Internal Audit Framework, and Council’s Corporate Compliance Framework. 

 

 

Financial Considerations

 

Nil

 

Consultation and Engagement

 

This status report was presented to the Executive Team on 29 July 2020 following consultation with relevant managers and staff for the completion of this status update.


BYRON SHIRE COUNCIL

Staff Reports - Corporate and Community Services                                                           4.2 - Attachment 1

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator

PDF Creator


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.1

 

 

Confidential Reports - Corporate and Community Services

 

Report No. 5.1             Confidential - Risk Management- Update

Directorate:                 Corporate and Community Services

Report Author:           Emma Fountain, Strategic Risk & Business Continuity Coordinator

File No:                        I2020/953

                                       

 

 

Summary:

 

The purpose of this report is to provide an update on the Enterprise Risk Management framework.

 

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Risk Management- Update.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

Risk Management

 

   

Attachments:

 

1        Risk Reports (Quarter 4 2020), E2020/49108  

 

 

 


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.2

 

 

Report No. 5.2             Confidential - Audit Progress Report - August 2020

Directorate:                 Corporate and Community Services

Report Author:           Emma Fountain, Strategic Risk & Business Continuity Coordinator

File No:                        I2020/954

                                       

 

 

Summary:

 

This report presents the Internal Audit Activity Report – August 2020 prepared by Council and the Internal Auditor, O’Connor Marsden and Associates (OCM).

 

The activity report contains the remaining recommendations from each audit review conducted by Council’s previous internal audit provider as well as recommendations from recently completed audit reviews conducted by OCM. 

 

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Audit Progress Report - August 2020.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

nature and content of audit report is for operational purposes

 

   

Attachments:

 

1        Internal Audit Activity Report - August 2020, E2020/60577  

 

 

 


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.3

 

 

Report No. 5.3             Confidential - Cyber Security and System Outages Quarterly Update

Directorate:                 Corporate and Community Services

Report Author:           Colin Baker, Business Systems and Technology Coordinator

File No:                        I2020/1113

                                       

 

 

Summary:

 

This report provides a summary for cyber security incidents and IT service outages.

 

No significant cyber incidents or extended IT service outages have been reported during the period of 1 April 2020 to 30 June 2020.

 

Two cyber security events occurred during this period:

1.   An internal review of administrator level privileges

2.   Remediation work in response to an alert issued by Cyber Security NSW. Three actions from this alert were recommended for immediate action as detailed below:

 

Recommendation

Council Response

Scan all endpoints to ensure systems have not been compromised

 

Council does not have a network scanning tool in place. But an Intrusion detection function has been implemented with no internal compromises detected

Apply available security updates to all internet facing services

 

All internet facing corporate systems were reviewed and patched as required

Implement Multi Factor Authentication (MFA) for remote users

MFA was scheduled to be implemented in FY 21/22 as part of Council’s security improvements program.

Council have now prioritised this work with the aim of implementing in the current financial year.

 

 

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Cyber Security and System Outages Quarterly Update.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

Exposes security risk and vulnerabilities that could assist unauthorised threats to Council's data and systems

 

  

Attachments:

 

1        Confidential - ARIC qtr security incident report July 2020, E2020/56653  

2        Confidential - ARIC qtr system outage report July 2020, E2020/56652  

 

 

 


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.4

 

 

Report No. 5.4             Confidential - Development Application Processes Audit Review

Directorate:                 Corporate and Community Services

Report Author:           Emma Fountain, Strategic Risk & Business Continuity Coordinator

File No:                        I2020/1179

                                       

 

 

Summary:

 

Council’s Internal Auditors, O’Connor Marsden and Associates (OCM), conducted an internal audit review of Development Application Processes. Their report is at Confidential Attachment 1 (E2020/60181).

 

This audit received a review rating of 2 - Satisfactory and it identified two medium risks. Agreed recommendations and actions are included in Confidential Attachment 1 (E2020/60181).

 

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report Development Application Processes Audit Review.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

nature and content of audit report is for operational purposes

 

   

Attachments:

 

1        Internal Audit Review - Development Application Processes - August 2020, E2020/60181  

 

 

 


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.5

 

 

Report No. 5.5             Confidential - 2020 External Audit Interim Audit Management Letter

Directorate:                 Corporate and Community Services

Report Author:           James Brickley, Manager Finance

File No:                        I2020/1185

                                       

 

 

Summary:

 

Council has received an Interim Audit Management Letter from the External Auditor, the Audit Office of NSW, relating to the 2020 Audit. The Interim External Audit Management Letter details two items for management to consider and provides recommendations to improve internal controls and systems.

 

Each of the audit matters raised in the 2020 Interim External Audit Management Letter has been identified in this report for consideration by the Audit, Risk and Improvement Committee.

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report 2020 External Audit Interim Audit Management Letter.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

Nature and content of audit reports is for operational purposes and report details information about Council's systems, controls and processes.

 

  

Attachments:

 

1        Confidential - 2020 Interim Audit Management Letter from the Audit Office of NSW, E2020/60321  

 

 

 


BYRON SHIRE COUNCIL

Confidential Reports - Corporate and Community Services                            5.6

 

 

Report No. 5.6             Confidential - External Audit Actions - Quarter 4 2020 Update

Directorate:                 Corporate and Community Services

Report Author:           James Brickley, Manager Finance

File No:                        I2020/1187

                                       

 

 

Summary:

 

This report provides an update on each of the audit matters raised in the 2019 External Audit Year End Management Letter for the quarter ending 30 June 2020.

 

 

 

RECOMMENDATION:

1.       That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolve to move into Confidential Session to discuss the report External Audit Actions - Quarter 4 2020 Update.

 

2.       That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

 

3.       That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:

 

Nature and content of audit reports is for operational purposes and report details information about Council's systems, controls and processes.

 

  

Attachments:

 

1        Confidential - Activity Report - External Audit Recommendations Year End 2019 Quarter 4 2020, E2020/60417