Notice of Meeting
Audit, Risk and Improvement Committee Meeting
An Audit, Risk and Improvement Committee Meeting of Byron Shire Council will be held as follows:
|
Venue |
Conference Room, Station Street, Mullumbimby |
|
Date |
Thursday, 17 August 2023 |
|
Time |
11.30am |
Esmeralda Davis
Director Corporate and Community Services
I2023/1148
Distributed 03/08/23
CONFLICT OF INTERESTS
What is a “Conflict of Interests” - A conflict of interests can be of two types:
Pecuniary - an interest that a person has in a matter because of a reasonable likelihood or expectation of appreciable financial gain or loss to the person or another person with whom the person is associated.
Non-pecuniary – a private or personal interest that a Council official has that does not amount to a pecuniary interest as defined in the Code of Conduct for Councillors (eg. A friendship, membership of an association, society or trade union or involvement or interest in an activity and may include an interest of a financial nature).
Remoteness – a person does not have a pecuniary interest in a matter if the interest is so remote or insignificant that it could not reasonably be regarded as likely to influence any decision the person might make in relation to a matter or if the interest is of a kind specified in the Code of Conduct for Councillors.
Who has a Pecuniary Interest? - a person has a pecuniary interest in a matter if the pecuniary interest is the interest of the person, or another person with whom the person is associated (see below).
Relatives, Partners - a person is taken to have a pecuniary interest in a matter if:
· The person’s spouse or de facto partner or a relative of the person has a pecuniary interest in the matter, or
· The person, or a nominee, partners or employer of the person, is a member of a company or other body that has a pecuniary interest in the matter.
N.B. “Relative”, in relation to a person means any of the following:
(a) the parent, grandparent, brother, sister, uncle, aunt, nephew, niece, lineal descends or adopted child of the person or of the person’s spouse;
(b) the spouse or de facto partners of the person or of a person referred to in paragraph (a)
No Interest in the Matter - however, a person is not taken to have a pecuniary interest in a matter:
· If the person is unaware of the relevant pecuniary interest of the spouse, de facto partner, relative or company or other body, or
· Just because the person is a member of, or is employed by, the Council.
· Just because the person is a member of, or a delegate of the Council to, a company or other body that has a pecuniary interest in the matter provided that the person has no beneficial interest in any shares of the company or body.
Disclosure and participation in meetings
· A Councillor or a member of a Council Committee who has a pecuniary interest in any matter with which the Council is concerned and who is present at a meeting of the Council or Committee at which the matter is being considered must disclose the nature of the interest to the meeting as soon as practicable.
· The Councillor or member must not be present at, or in sight of, the meeting of the Council or Committee:
(a) at any time during which the matter is being considered or discussed by the Council or Committee, or
(b) at any time during which the Council or Committee is voting on any question in relation to the matter.
No Knowledge - a person does not breach this Clause if the person did not know and could not reasonably be expected to have known that the matter under consideration at the meeting was a matter in which he or she had a pecuniary interest.
Non-pecuniary Interests - Must be disclosed in meetings.
There are a broad range of options available for managing conflicts & the option chosen will depend on an assessment of the circumstances of the matter, the nature of the interest and the significance of the issue being dealt with. Non-pecuniary conflicts of interests must be dealt with in at least one of the following ways:
· It may be appropriate that no action be taken where the potential for conflict is minimal. However, Councillors should consider providing an explanation of why they consider a conflict does not exist.
· Limit involvement if practical (eg. Participate in discussion but not in decision making or vice-versa). Care needs to be taken when exercising this option.
· Remove the source of the conflict (eg. Relinquishing or divesting the personal interest that creates the conflict)
· Have no involvement by absenting yourself from and not taking part in any debate or voting on the issue as of the provisions in the Code of Conduct (particularly if you have a significant non-pecuniary interest)
Committee members are reminded that they should declare and manage all conflicts of interest in respect of any matter on this Agenda, in accordance with the Code of Conduct.
RECORDING OF VOTING ON PLANNING MATTERS
Clause 375A of the Local Government Act 1993 – Recording of voting on planning matters
(1) In this section, planning decision means a decision made in the exercise of a function of a council under the Environmental Planning and Assessment Act 1979:
(a) including a decision relating to a development application, an environmental planning instrument, a development control plan or a development contribution plan under that Act, but
(b) not including the making of an order under that Act.
(2) The general manager is required to keep a register containing, for each planning decision made at a meeting of the council or a council committee, the names of the councillors who supported the decision and the names of any councillors who opposed (or are taken to have opposed) the decision.
(3) For the purpose of maintaining the register, a division is required to be called whenever a motion for a planning decision is put at a meeting of the council or a council committee.
(4) Each decision recorded in the register is to be described in the register or identified in a manner that enables the description to be obtained from another publicly available document and is to include the information required by the regulations.
(5) This section extends to a meeting that is closed to the
public.
OATH AND AFFIRMATION FOR COUNCILLORS
Councillors are reminded of the oath of office or affirmation of office made at or before their first meeting of the council in accordance with Clause 233A of the Local Government Act 1993. This includes undertaking the duties of the office of councillor in the best interests of the people of Byron Shire and the Byron Shire Council and faithfully and impartially carrying out the functions, powers, authorities and discretions vested under the Act or any other Act to the best of one’s ability and judgment.
BYRON SHIRE COUNCIL
2. Declarations of Interest – Pecuniary and Non-Pecuniary
3. Adoption of Minutes from Previous Meetings
3.1 Minutes of the Audit, Risk and Improvement Committee Meeting held 18 May 2023........................................................................................................................................... 6
4. Staff Reports
5. Confidential Reports
Corporate and Community Services
5.1 Confidential - Internal Audit Report - Quarter 4 2022-2023............................ 8
5.2 Confidential - Q4 Risk Report............................................................................ 10
5.3 Confidential - 2023 Interim Audit Management Letter................................... 12
5.4 Confidential - Proposed Internal Audit of Caravan Parks............................. 14
6. Late Reports
7. For Information Only
7.1 Status of Council Policies 2022-2023....................................................................... 16
7.2 Confidential - Cyber Security and IT System Outages Quarterly Update.. 21
BYRON SHIRE COUNCIL
Adoption of Minutes from Previous Meetings 3.1
Adoption of Minutes from Previous Meetings
Report No. 3.1 Minutes of the Audit, Risk and Improvement Committee Meeting held 18 May 2023
Directorate: Corporate and Community Services
Report Author: Mila Jones, Governance and Internal Audit Coordinator
File No: I2023/912
RECOMMENDATION:
That the minutes of the Audit, Risk and Improvement Committee Meeting held on 18 May 2023 be confirmed.
Report
The unconfirmed minutes of the Audit, Risk and Improvement Committee Meeting of 18 May 2023 are available on Council’s website and can be viewed via this link.
Report to Council
The minutes were reported to and adopted by Council on 22 June 2023. Council endorsed the Committee’s recommendations at resolutions 23-259 to 23-264.
Management recommendations (at Resolutions 23-261 and 23-262) were also endorsed by Council, which were necessary to be included in the minutes to allow for public exhibition of the Draft Fraud and Corruption Control Policy and the Draft Risk Management Policy.
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.1
Confidential Reports - Corporate and Community Services
Report No. 5.1 Confidential - Internal Audit Report - Quarter 4 2022-2023
Directorate: Corporate and Community Services
Report Author: Mila Jones, Governance and Internal Audit Coordinator
File No: I2023/919
Summary:
This report presents:
· The Internal Audit Recommendations Summary Report for Quarter 4 2022-2023 prepared by the Internal Auditor, Grant Thornton. The report is at Confidential Attachment 1.
· The full internal audit status report for Quarter 4 which is at Attachment 2.
· Update on the quarter 4 internal audit of Property Services (Community Buildings)
RECOMMENDATION:
1. That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolves to move into Confidential Session to discuss the report Internal Audit Report - Quarter 4 2022-2023.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
the nature and content of internal audit reports is for operational purposes
1 Summary of Internal Audit Recommendations Status for Quarter 4 2022-2023 from Grant Thornton, E2023/75611
2 Internal Audit Recommendations Status for Quarter 4 2022-2023, E2023/71627
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.2
Report No. 5.2 Confidential - Q4 Risk Report
Directorate: Corporate and Community Services
Report Author: Amber Watt, Strategic Risk Coordinator
File No: I2023/1103
Summary:
Council is committed to an integrated, consistent and sustainable approach to risk management to support the achievement of its strategic and operational objectives and to maximise opportunities for improvement.
The contained report provides an outline of recent risk initiatives and an update on the Strategic and Operational Risk Registers.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolves to move into Confidential Session to discuss the report Q4 Risk Report.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) matters affecting the security of the council, councillors, council staff or council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Risk Management
1 ARIC Q4 Risk Report, E2023/75777
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.3
Report No. 5.3 Confidential - 2023 Interim Audit Management Letter
Directorate: Corporate and Community Services
Report Author: James Brickley, Manager Finance
File No: I2023/1130
Summary:
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolves to move into Confidential Session to discuss the report 2023 Interim Audit Management Letter.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) matters affecting the security of the council, councillors, council staff or council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Nature and content of audit reports is for operational purposes and report details information about Council systems, controls and processes.
Attachments:
1 Confidential - 2023 Interim Audit Management Letter, E2023/77884
BYRON SHIRE COUNCIL
Confidential Reports - Corporate and Community Services 5.4
Report No. 5.4 Confidential - Proposed Internal Audit of Caravan Parks
Directorate: Corporate and Community Services
Report Author: Mila Jones, Governance and Internal Audit Coordinator
Malcolm Robertson, Manager Open Space and Facilities
Pattie Ruck, Manager Open Space & Facilities
File No: I2023/925
Summary:
At the Audit, Risk and Improvement Committee held on 18 May 2023, the Committee requested that an internal audit of Council’s caravan parks be undertaken by Grant Thornton.
This report provides the draft scope and management comments for the consideration of the Committee.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, Council resolves to move into Confidential Session to discuss the report Proposed Internal Audit of Caravan Parks.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
has been provided by Council's internal auditors Grant Thornton
BYRON SHIRE COUNCIL
For Information Only 7.1
Report No. 7.1 Status of Council Policies 2022-2023
Directorate: Corporate and Community Services
Report Author: Mila Jones, Governance and Internal Audit Coordinator
File No: I2023/923
Summary:
For the information of the Audit, Risk and Improvement Committee (ARIC), this report is submitted to assist the Committee in fulfilling its obligations under its Constitution and the Local Government Act 1993.
An important component of public sector governance is establishing key policies and ensuring they are available, regularly updated and monitored for compliance.
An annual review of Council’s policies is conducted by the Governance and Internal Audit Coordinator in consultation with the relevant document development officers. This report is submitted to the ARIC annually in accordance with the Annual Agenda Schedule.
1 Policy
Status at 30 June 2023, E2023/59142
Report
This report is submitted to assist the Audit, Risk and Improvement Committee in fulfilling its obligations under its Constitution and the Local Government Act 1993.
In response to a previous internal audit recommendation (2017 Internal Audit of Corporate Compliance and Policy Management), Council has improved its commitment to and resourcing of the coordination, review and maintenance of Council’s policies, to support ongoing improvement.
Policy status as at 30 June 2023
As at 30 June 2023 Council had 95 adopted Council policies which are published on Council’s website.
The status of the 95 policies was:
|
Status as at 30/06/23 |
Number |
Percentage |
|
Current |
73 |
76.8% |
|
Submitted to Council |
4 |
4.2% |
|
Review Initiated |
11 |
11.6% |
|
Overdue for Review |
7 |
7.4% |
It was also determined in 2022/23 that a further three policies (not included in the table above) were redundant and these were endorsed for repeal by Council. One new policy was adopted by Council in this period and is included in the figures above.
These figures show a slight decrease in the currency of Council’s policies compared to 2021/22 as indicated in the following graph. A main factor for this decrease was the resourcing available to undertake a number of policy reviews due to the impacts of natural disaster work.
Next steps – Review 2023/24
The policy review for 2023/24 has commenced. Staff continue to review Council policies, with the Governance team providing the processes and framework to support currency across the organisation.
A rolling four-year policy review timetable has been developed to assist the review process. It has been included in this report at Attachment 1. This timetable is subject to change where updates to legislation may require certain policies to be reviewed sooner than anticipated.
Due to the impact of the floods on the workload of a number of teams, a number of policies that were due for review in 2022/23 were deferred to 2023/24 on agreement by the Executive Team at meetings on 19 October 2022 and 29 March 2023 based on competing priorities.
Strategic Considerations
Community Strategic Plan and Operational Plan
|
CSP Objective |
CSP Strategy |
DP Action |
Code |
OP Activity |
|
1: Effective
Leadership |
1.1: Enhance trust and accountability through open and transparent leadership |
1.1.1: Leadership - Enhance leadership effectiveness, capacity, and ethical behaviour |
1.1.1.1 |
Coordinate Council's annual policy review program, update and publish adopted policies |
Legal/Statutory/Policy Considerations
Councils have a number of statutory policies that it must adopt the others are optional. These optional policies are useful to:
· reflect a Council’s key issues and responsibilities
· guide staff and ensure consistency
· clearly inform the public of a council’s commitments
The Audit Office of NSW states that policies and processes should be regularly reviewed to ensure roles and responsibilities are clear, and that any changes to the risk profile or control environment are adequately reflected. Active review of policies and procedures in line with current business activities supports more effective risk management and the implementation of management controls.
Not keeping abreast of the most recent developments in legislative requirements, and the community’s and Council’s position on certain matters, undermines confidence in Council’s decision making process. This in turn, may have an adverse impact on Council’s reputation.
Additionally, the risk of maintaining outdated policy positions is that persons may form the incorrect view that certain activities are still acceptable or legal.
Alignment with ARIC Responsibilities
5.1. Compliance
a) Review whether management has in place relevant policies and procedures, and these are periodically reviewed and updated.
Financial Considerations
There are no financial implications.
Consultation and Engagement
· Governance and Internal Audit Coordinator
· Managers
· Document Development Officers
· Executive Team
· Audit, Risk and Improvement Committee (of policies under their remit)
· Council
· Public via exhibition periods
Note: All Council Policies are available on Council’s website at Policies - Byron Shire Council (nsw.gov.au)
For Information Only 7.2
Report No. 7.2 Confidential - Cyber Security and IT System Outages Quarterly Update
Directorate: Corporate and Community Services
Report Author: Colin Baker, Manager Business Systems and Technology
File No: I2023/1115
Summary:
This report provides a summary of cyber security activities and IT service outages during the reporting period from 1 April 2023 to 30 June 2023.
One significant cyber incident was recorded which was in relation to a data breach of a Legal services company previously engaged by Council, (HWL Ebsworth).
No major outages were recorded during the reporting period.
Cyber improvements are ongoing. A penetration test of Council’s online public payment portal was completed with one significant vulnerability identified.
RECOMMENDATION:
1. That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, Council resolves to move into Confidential Session to discuss the report Cyber Security and IT System Outages Quarterly Update.
2. That the reasons for closing the meeting to the public to consider this item be that the report contains:
a) matters affecting the security of the council, councillors, council staff or council property
3. That on balance it is considered that receipt and discussion of the matter in open Council would be contrary to the public interest, as:
Exposes information security risks and vulnerabilities that could assist unauthorised threats to Council's information and systems.