Audit, Risk and Improvement Committee Meeting

 

Venue

Conference Room, Station Street, Mullumbimby

Date

Thursday, 19 May 2022

Time

11.15am

 

 

 

Esmeralda Davis

Acting Director Corporate and Community Services

I2022/540

                                                                                                                             Distributed 12/05/22

 

 

 

 


BYRON SHIRE COUNCIL

Audit, Risk and Improvement Committee Meeting Minutes    19 May 2022

Minutes of the Audit, Risk and Improvement Committee Meeting held on Thursday, 19 May 2022

File No: I2022/540

PRESENT: Cr M Swivel (arrived 11.58am), Cr A Hunter

Staff:  Mark Arnold (General Manager)

            Esmeralda Davis (Acting Director Corporate and Community Services)

            James Brickley (Manager Finance)

            Mila Jones (Governance and Internal Audit Coordinator)

            Phil Holloway (Director Infrastructure Services)

            Heather Sills (Corporate Planning and Improvement Coordinator)

            Colin Baker (Manager Business Systems & Technology)

Community Representatives:   Michael Georghiou, Bernard Grinberg, Phoebe Mwanza

External Representatives:        Jarrod Lean (Grant Thornton), Adam Kim (Grant Thornton), Georoid Fitzgerald (NSW Audit Office), Renee Moloney (TNR)

At the commencement of the meeting, a vote was held to determine the new Chairperson.  As a result of the vote, Michael Georghiou was elected as the Chair of the Committee.

Michael Georghiou (Chair) opened the meeting at 11.20am and acknowledged that the meeting was being held on Bundjalung Country.

Apologies:

Cr Swivel advised he would not be present until later in the meeting.

Declarations of Interest – Pecuniary and Non-Pecuniary

There were no declarations of interest.

 

Adoption of Minutes from Previous Meetings

Report No. 3.1           Minutes from Extraordinary Audit, Risk and Improvement Committee of 21 October 2021

File No:                       I2021/1693

 

Committee Recommendation:

That the minutes of the Audit, Risk and Improvement Committee (Extraordinary) Meeting held on 21 October 2021 be confirmed.                                                                      (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

Note: The minutes of the meeting held on 21 October 2021 were noted, and the Committee Recommendations adopted by Council, at the Ordinary Meeting held on 25 November 2021.

Business Arising from Previous Minutes

There was no business arising from previous minutes.

 

 

Staff Reports - General Manager

Report No. 4.1           Election of Chairperson, Committee Overview and the Internal Audit Plan 2021-2024

File No:                       I2022/342

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee:

1.      Appoints Michael Georghiou as the Committee’s Chairperson.

2.      Notes sections 1 and 2 of the Three Year Strategic Internal Audit Program (2021-2024) (Attachment 1 E2022/33306) and that the proposed plan for Q4 2021-2022 and Q1 of 2022-2023 be endorsed for approval by Council (Attachment 2 E2022/33747). A report is to be provided to the Committee at the next meeting on the plan for the remainder of 2022-2023 and 2023-2024.

3.      Endorses for approval by Council that the Audit Plan for 2022-2023 is to include the optional Credit/Corporate Card audit.                                                                  (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

Report No. 4.2           Fraud and Corruption Control update

File No:                       I2022/474

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee note the Fraud and Corruption Control update.                                                                                                                               (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 


 

 

Staff Reports - Corporate and Community Services

Report No. 4.3           Audit, Risk and Improvement Committee Performance Assessment for 2021

File No:                       I2021/1589

 

Committee Recommendation:

That pursuant to Clause 10 of the Constitution of the Audit, Risk and Improvement Committee that the Audit, Risk and Improvement Committee notes the annual report of the Chair to Council.          (Georghiou/Mwanza)

The recommendation was put to the vote and declared carried.

 

 

Report No. 4.4           Update on delegations in place 2020-2021

File No:                       I2021/1665

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee notes this report.    (Georghiou/Mwanza)

Cr Swivel arrived at 11.58am.

The recommendation was put to the vote and declared carried.

 

 

Report No. 4.5           Status of Council Policies 2020-2021

File No:                       I2021/1666

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee notes the status of Council’s policies as provided in this report.                                                                                      (Georghiou/Hunter)

The recommendation was put to the vote and declared carried..

 

The order of business was changed to deal with reports 4.7, 5.3, 5.9, 5.4, 5.6, 5.8 and 5.10 next on the Agenda.


 

 

 

Report No. 4.7           Draft Audit, Risk and Improvement Committee Constitution and 2022 Agenda Schedule

File No:                       I2022/340

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee:

1.      Defers consideration of the constitution to receive feedback from the Committee and that the Constitution be reported back to the Committee with feedback prior to being reported to Council for adoption.

2.      Endorses the Agenda Schedule for 2022 (Attachment 2 E2022/32044) subject to consideration of financial information being received by the Committee members.

(Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

PROCEDURAL MOTION

 

Committee Recommendation:

That the Committee moves into Confidential Session under the Local Government Act as follows:

Report 5.3:  

1.      That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, the Committee move into Confidential Session to discuss Cyber Security and IT System Outages Quartertly Update.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

Exposes security risk and vulnerabilities that could assist unauthorised threats to Council's information and systems

Report 5.9:

1.      That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, the Committee move into Confidential Session to discuss the report Cyber Security and IT System Outages Quarterly Update.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

Exposes security risk and vulnerabilities that could assist unauthorised threats to Council's information and systems. 

Report 5.4:

1.      That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, the Committee move into Confidential Session to discuss the report 2021 Year End Audit Management Letter.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

Nature and content of audit reports is for operational purposes and report details information about Council systems, controls and processes.  

Report 5.6:

1.      That pursuant to Section 10A(2)(d)i of the Local Government Act, 1993, the Committee move into Confidential Session to discuss the report Internal Audit Report - 2021-2022 Quarters 2 and 3.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      commercial information of a confidential nature that would, if disclosed prejudice the commercial position of the person who supplied it

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

nature and content of internal audit report is for operational purposes.

Report 5.8:

1.      That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, the Committee move into Confidential Session to discuss the report 2021-2022 External Audit Engagement Plan.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

The report contains details of systems and/or arrangements that have been implemented to protect Council, Councillors, Staff and Council property.

Report 5.10:

  1.    That pursuant to Section 10A(2)(f) of the Local Government Act, 1993, the Committee move into Confidential Session to discuss the report Recognition of Rural Fire Service Assets.

2.      That the reasons for closing the meeting to the public to consider this item be that the report contains:

a)      details of systems and/or arrangements that have been implemented to protect council, councillors, staff and Council property

3.      That on balance it is considered that receipt and discussion of the matter in open Committee would be contrary to the public interest, as:

Determination of approach for recording assets related to the Rural Fire Service                                                                                                                    (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

Report No. 5.3           Confidential - Cyber Security and IT System Outages Quarterly Update

File No:                       I2021/1761

 

Committee Recommendation:

That the Audit Risk and Improvement Committee:

1.      Notes the report.

2.      Receives ongoing cyber security and system outage status reports.

(Georghiou/Mwanza)

The recommendation was put to the vote and declared carried.

 


 

 

 

Report No. 5.9           Confidential - Cyber Security and IT System Outages Quarterly Update

File No:                       I2022/394

 

Committee Recommendation:

That the Audit Risk and Improvement Committee:

1.      Notes the report

2.      Receives ongoing cyber security and system outage status reports

(Georghiou/Mwanza)

The recommendation was put to the vote and declared carried.

 

Report No. 5.4           Confidential - 2021 Year End Audit Management Letter

File No:                       I2021/1774

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee recommends to Council:

That the comments provided by Management in response to issues raised in the 2021 Year End Audit Management Letter (#E2021/134318) be noted by Council.

                                                                                                                              (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

 

Report No. 5.6           Confidential - Internal Audit Report - 2021-2022 Quarters 2 and 3

File No:                       I2022/147

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee:

1.      Notes the Summary of Internal Audit Recommendations for Quarter 2 2021-2022 (Attachment 1 E2022/15709) and Quarter 3 2021-2022 (Attachment 2 E2022/37933).

2.      Endorses the recommendations from the Executive Team to close off 23 internal audit recommendations from Quarters 2 and 3 2021-2022 as listed in Table 1 of this report (which is a summary from Attachment 3 E2022/8328 and Attachment 4 E2022/33146).

3.      Recommends to Council that management be requested to implement the recommendations made in the Internal Audit of Pay Parking – February 2022 (Attachment 5 E2022/10589) and the Internal Audit of Cyber Security – April 2022 (Attachment 6 E2022/39688).                                                                                          (Georghiou/Swivel)

The recommendation was put to the vote and declared carried.

 

 

Report No. 5.8           Confidential - 2021-2022 External Audit Engagement Plan

File No:                       I2022/377

 

Committee Recommendation:

That Council notes the External Audit Engagement Plan prepared by the Audit Office of New South Wales for the year ended 30 June 2022 as outlined in Confidential Attachment 1 (#E2022/35065).                                                                                                (Georghiou/Swivel)

The recommendation was put to the vote and declared carried.

 

Report No. 5.10         Confidential - Financial Recognition of Rural Fire Service Equipment Assets

File No:                       I2022/416

 

Committee Recommendation:

That the Audit, Risk and Improvement Committee recommends to Council that Byron Shire Council does not record the value of Rural Fire Service equipment assets in its financial records and financial statements that it does not control.                                         (Georghiou/Hunter)

The recommendation was put to the vote and declared carried.

 

Procedural MotionS

Committee Recommendation:

That the meeting move out of confidential session.                                    (Georghiou/Swivel)

 

The recommendation was put to the vote and declared carried.

 

Committee Recommendation:

That the remaining items listed below be deferred to the 18 August 2022 meeting:

 

Report No. 5.1     Confidential - Quarter 1 - 2021-22 Internal Audit Report

Report No. 5.5     Confidential - External Audit Actions Quarter 1 2021-2022 Update

Report No. 5.11   Confidential - Social Engineering Incident - Reporting of Independent Investigation                                                                        (Georghiou/Hunter)

 

The recommendation was put to the vote and declared carried.

 

There being no further business the meeting concluded at 1.44pm.