Agenda of Risk & Assurance Committee Meeting

I give notice that a Risk & Assurance Committee Meeting will be held on:

Date: Tuesday, 13 July 2021 Time: 10.00am Location: Council Chamber 107 Heuheu Street Taupō

AGENDA MEMBERSHIP Chairperson Mr Anthony Byett Deputy Chairperson Cr Anna Park

Members Cr Kathy Guy Mr Danny Loughlin Cr John Mack Cr Christine Rankin Mayor David Trewavas Cr John Williamson

Quorum 4

Gareth Green Chief Executive Officer

Risk & Assurance Committee Meeting Agenda 13 July 2021

Order Of Business

1 Apologies 2 Conflicts of Interest 3 Confirmation of Minutes 3.1 Risk & Assurance Committee Meeting - 16 March 2021 ...... 3 4 Reports 4.1 Receipt of Audit NZ Correspondence - Fees and Draft Audit Plan ...... 4 4.2 Project Quantum Status Report ...... 5 4.3 Audit of Taupo District Council's Building Consent Authority ...... 8 4.4 Review of Risk Management Charter ...... 11 4.5 Review of Fraud Policy ...... 14 4.6 Procurement Policy Review ...... 17 4.7 Risk & Assurance Committee Schedule of Policies for Review ...... 20 5 Confidential Business 5.1 Confirmation of Confidential Portion of Risk & Assurance Committee Minutes - 16 March 2021 ...... 21 5.2 KPMG Internal Fraud Control Environment ...... 21 5.3 Litigation Update ...... 21

Page 2 Risk & Assurance Committee Meeting Agenda 13 July 2021

3.1 RISK & ASSURANCE COMMITTEE MEETING - 16 MARCH 2021

Author: Shainey James, Governance Quality Manager Authorised by: Andrew Peckham, General Manager Corporate

RECOMMENDATION(S) That the minutes of the Risk & Assurance Committee meeting held on Tuesday 16 March 2021 be confirmed as a true and correct record.

ATTACHMENTS 1. Risk & Assurance Committee Meeting Minutes - 16 March 2021

Item 3.1 Page 3 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.1 RECEIPT OF AUDIT NZ CORRESPONDENCE - FEES AND DRAFT AUDIT PLAN

Author: Andrew Peckham, General Manager Corporate Authorised by: Gareth Green, Chief Executive Officer

PURPOSE To receive correspondence from Audit New Zealand, along with a presentation from the Appointed Auditor, Mr Leon Pieterse, Audit New Zealand.

DISCUSSION Attached for formal receipt are two pieces of correspondence from Audit New Zealand: - Letter to the Mayor, David Trewavas from Leon Pieterse (dated 25 May 2021) – Proposed audit fees for the 30 June 2021 and 30 June 2022 financial years. The letter advises that audit fees are on the increase to better reflect the actual costs incurred by Audit New Zealand (due to staff salary cost movements and actual hours taken to complete the audit) which have, in recent years, been absorbed by Audit New Zealand; and - Proposed Audit Plan dated 25 May 2021 for the Taupō District Council for the year ending 30 June 2021 from the Appointed Auditor, Mr Leon Pieterse, containing a summary of the main focus areas for this year’s audit, being performance reporting, revaluation of assets and fair value movements, progress on the capital works programme, introduction of the new Financial Management Information System via TechOne, and the usual focus on the inherent risk of management override of internal controls.

CONCLUSION It is recommended that the Committee receives the information.

RECOMMENDATION(S) That the Risk & Assurance Committee: 1. Receives the proposed audit fees letter to the Mayor, David Trewavas from Leon Pieters dated 25 May 2021; and

2. Receives the Audit Proposal dated 25 May 2021 for the year ending 30 June 2021.

ATTACHMENTS 1. Proposed Audit Fees for the 30 June 2021 and 30 June 2022 2. Audit Proposal - 30 June 2021

Item 4.1 Page 4 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.2 PROJECT QUANTUM STATUS REPORT

Author: Pete Bradshaw, Project Manager Authorised by: John Ridd, General Manager Policy and Strategy

PURPOSE To receive an update on the Enterprise Resource Planning (ERP) replacement project (Project Quantum) and Governance Structure.

DISCUSSION There are no decisions being sought at this stage, the following update is provided for your information. The project continues to move forward during a period of significant organisational change within TDC. The following is a summary of key achievements since the last report: • The deployment of the finance module has been deferred to October in order to mitigate risks to BAU operations. The project team continue to progress with go-live preparation tasks (e.g. promotion of configuration to production, static data migration and validation, business readiness preparation, etc.) which will simplify live cutover in October. • The ECM (document management) stream is close to doing a first trial data migration which is result of 6 months mapping data across to the new structure. • The Revenue stream is about to begin User Acceptance testing of the new District Valuation Roll provider (Valor) integration. • Business System Analysts are working on configuration of reports, analytics and business process automation. • Some changes to the project’s management structure have taken place with Pete Bradshaw joining the team in a part time Programme Management capacity with responsibility for overall programme delivery. Pete has solid experience working on ERP implementations and his involvement will allow Debbie Hodgson (who will remain actively involved in the project in a full-time capacity) to focus purely on delivery of the Business Solutions elements of the project. Debbie’s continued involvement ensures a level of stability and mitigates the risk of transition.

Resourcing continues to be a challenge for the project with recent resignations and the staff re-organisation both impacting the project (see risks below). These challenges are actively being worked through with every effort to minimize impact on project time, cost and quality constraints. Currently, the budget is 72% committed and its estimated we are approximately 70% through the work. Limited project contingency remaining may restrict options to respond to unanticipated scenarios and mitigate associated risks.

Item 4.2 Page 5 Risk & Assurance Committee Meeting Agenda 13 July 2021

Below is a summary of the known risks:

Risk Theme High, Risk Mitigation Med, Low Time High Recruit replacement BA(s) – at an advanced stage. The current P&R timeline is at risk due to Consider re-allocation of experienced BA to (more the recent resignation of the P&R Business complex) P&R workstream, and assign new BA(s) to Analyst. This is a significant loss of IP and other (more straightforward) workstreams whilst recruitment for a replacement is in Look at options to reduce reliance on key individuals progress it is expected that it will take some time to bring the new resource up to speed. Review project delivery timeline and adjust where necessary.

Organisational Change Management High Change planning continues with terms of reference developed to put higher focus on training. This type and scale of Organisational Change Management is new to Taupō Development of internal skills and ownership of District Council and this may impact user change and improvement – leader led approach adoption of the solution and the ability to Training resource secured internally to focus on realise the project benefits creation and delivery of training for Core organisational wide modules. Note: whilst this is now a gap (as highlighted) we are actively looking UPDATE: As a result of the recent re- to recruit a new training resource. organisation and the recall of project resource to BAU, the project currently has Early development and communication of the system no dedicated long term change, comms or familiarisation and training plan as much as practical training resources. This puts pressure on Early involvement of the business in solution design the remaining project team and presents a and configuration to bring them on the journey quality risk. Options to mitigate this risk for the finance module are being explored but a longer-term resource solution will be required for future modules.

Resourcing High Team roles identified in advance to ensure right skills on board to deliver project Key Project team roles are not adequately resourced resulting in delays to data Report on capacity and/or capability issues as soon migration, integration, test execution and as identified to Steering reduction in quality due to inability to Contract out key pieces of work as necessary to support the business through other phases. maintain quality and timelines where possible Recruitment freeze during 2020 impacted recruitment for Data migration Lead and Integration/Test leads – this undoubtedly has led to delays to timeline. Resourcing High Project planning considers and avoids periods of peak activity in affected teams Business representatives required for key parts of the project may not be available Key staff have been identified and are involved. delaying design input, test execution and Significant pressure on staff from BAU activity levels, training and other outside influences such as Covid, Org realignment, CIP projects, policy reviews – all contributing to delays - Project Manager working with 3rd levels to manage the inevitable tension between BAU and Project Technical Risks Med Interface catalogue developed, and detailed

Item 4.2 Page 6 Risk & Assurance Committee Meeting Agenda 13 July 2021

Risk Theme High, Risk Mitigation Med, Low The current solution has been in place for investigation of integrations is underway. several decades. There is the risk of As there is no internal resource with right skillsets this additional costs and extended timeline in work has been contracted to ensure quality of the relation to the data migration complexity and system’s interfaces. discovery of previously unknown interfaces Interim integrations will be required for phased approach – development of these will be contracted out to 3rd party to ensure readiness for Go Live. Service Level Risk Med Business system support analyst appointed to manage support requests Whenever a new system goes live there is risk of significant drop in service level as Support community for break/fix issues processes in staff get used to new ways of doing job and place. system issues are identified and resolved. Application Management Support contract in place to provide remote assistance up to 20 hours per month – to be increased as more modules go live Ensure appropriate level of on-site consultant support post go-live. Change of Timeline High Rotorua Lakes council are now ahead of our timeline – we are in regular contact to take on their learnings. Property and Revenue is a new solution and not gone live in NZ to date. There is risk of Time to get new BA resource up to speed will result in additional costs and extended timeline some delays to the Compliance stream. These will be resulting from Vendor initiated timeline reviewed by Programme manager once recruitment is changes due to development/ testing delays finalised.

Change of Scope Med The budget proposed covers engagement with a highly experienced ECM implementation partner Enterprise Content management was recommended by multiple councils. approved as an addition to scope in July 2019 to be implemented in parallel with Change Terms of Reference being put together to existing phase 2. clearly outline roles and responsibilities. There is a risk the change combined with Engagement sessions with the business have Project Quantum and other activities, is too commenced early to introduce the change early great for the organisation to adopt.

CONCLUSION Project resourcing continues to be the biggest challenge for the project and poses further risk to timeline, quality and budget. Whilst the immediate focus of the project team is to continue preparations for the Finance ‘Go-Live’ in October, work progresses well in the other streams. A review of the project delivery approach and resourcing model will be taking place in parallel. Identified risks are being reviewed and managed.

RECOMMENDATION(S) That the Risk & Assurance Committee receives this report.

ATTACHMENTS Nil

Item 4.2 Page 7 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.3 AUDIT OF TAUPO DISTRICT COUNCIL'S BUILDING CONSENT AUTHORITY

Author: Jessica Sparks, Environmental Services Manager Authorised by: John Ridd, General Manager Policy and Strategy

PURPOSE To update the Risk & Assurance Committee on the outcome of the audit undertaken 23 March 2021 by IANZ of the Building Consent Authority functions, the actions taken since the report was published and to receive the final positive accreditation report. EXECUTIVE SUMMARY Taupō District Council as required by the Building Act is a Building Consent Authority (BCA), which is a requirement to issue building consents and undertake building inspections. This is a critical area for Council as it ensures building work can proceed in a safe and efficient manner and provides confidence to the public that buildings they live in and work in meet a high standard. To maintain our role as a BCA, the Ministry of Business Innovation and Employment (MBIE) contract IANZ to undertake comprehensive audits of all BCA’s every two years, or more often if serious issues are discovered. On 25th June 2021, the Taupo District Council received the positive final accreditation from IANZ – which ensures that our team are doing their job to a very high level and providing surety to the community that their new buildings are safe and up to standard.

RECOMMENDATION(S) That the Risk & Assurance Committee receives the positive IANZ Assessment, dated 25 June 2021.

DISCUSSION On the 23 March 2021, IANZ auditors (Lead Assessor: Lesley Chen, Technical Expert: John Hudson, IANZ observer: Peter Wakefield) undertook an audit of TDC’s BCA functions, the results of the audit are attached to this agenda. In total the results of the audit TDC received eight (8) serious non-compliance (SNC) and 18 general non- compliances. Assessment findings:

This assessment: Last assessment: Total # of “serious” non-compliances: 8 1 Total # of “general” non-compliances: 18 32 Total # of non-compliances outstanding: 23 32 Recommendations: 9 0 Advisory notes: 4 4

Out of the 23 non-compliance, 9 have been resolved by IANZ. Below is a summary of the key non-compliances: Overview of the “Serious” Non-Compliance (SNC): SNC 8 The “Serious” non-compliance (SNC) relates to building regulations (10) competency assessments and (11) training. Competency assessments: (10) competency assessments SNC 1-6 Regulation 10 having 6 sub parts (a)(b)(c)(d)(e)(f) hence the SNC having 6 items in the same regulation.

Item 4.3 Page 8 Risk & Assurance Committee Meeting Agenda 13 July 2021

As part of the IANZ action plan an overhaul of how the BCO provides relevant and suitable evidence to the assessor to enable an appropriate assessment to take place. A professional robust discussion in the relevant competency is to be undertaken between the assessor and the candidate. We contracted Building Networks to assists with an overhaul of the system where training and competencies are implemented by the team and led by team leader and overseen by the Building Manager. Team members own their competency and training records and keep them up to date. We also reached out to Rotorua District Council to peer review the competency assessment. The Skills matrix and the competency assessment outcomes align. The complicated aspect is that finding evidence to support the effectiveness of the training because some of the consents used for evidence are limited to the type of construction and complexity here in Taupo and limited training budget to maintain legislation understanding and changes in construction methods and knowledge in the industry to comply with building regulation 10 is a risk for the next IANZ audit. Training plans: (11) training. SNC 7 Regulation 11(2)(a) The BCA had not implemented annual training needs assessments and prepared training plans that specified the required training outcomes. As part of the action plan we updated the weblink in Promapp to have the correct 502 Annual Training Plan Assessment (A775991) with Section 2. Training plans have been updated to the training register with a new column added to show how monitoring will be achieved

SNC 8 Regulation 11 (2)(d) BCA had not recorded the monitoring and reviewing of training that had been delivered to its employees. As part of the action plan the BCA added a new headings and columns to the 505 BCA training register (A474742) with the following to record the monitoring and reviewing of training that had been delivered to its employees. o Results of 2-month assessment of effectiveness of training. o Date effectiveness of training has been assessed. o Is further training required

All Serious Non-Compliance have been signed off by IANZ and the new competency system is now implemented for evidence gathering with the next round of competency assessments and training identified in-conjunction with the BCA procedure manual.

Overview of the “General” Non Compliance: GNC 1 - 18

The general non-compliance focused on implementation of the procedure manual in the following areas training plans, consents having 10 day requirements, 24 month CCC’s implementation, specified systems, update the procedure manual to align with MBIE guidance on complaints, processing in the differences between the classifications, calibration testing, updating the delegation manual with missing sections. 46(3), 47(3), 53(2)(b), 54, 63, 74, 103, 165, 238 to 240, Updating the procedure manual for recording concerns about building practitioners.

The complicated aspect is the evidence to support the effectiveness of the training which takes time. Some of the BCO’s undergoing the training identified have now been completed and signed off by IANZ. IANZ will review digitally in 12 months to confirm that the previous issues and on-going training have been resolved. The remaining 2 GNC are underway and will be signed off before the 30th June. Overview of the Recommendations: 9

The recommendations are not mandatory but in the interest of been proactive these will be implemented into our system over the next 12 months.

R1 Regulation 6A(1) - The BCA is recommended to revise the BCA’s procedure for notification to IANZ and MBIE to include the IANZ email address as per the MBIE guidance for sending notifications.

R2 Regulation 7(2)(a) – The BCA is recommended to include the following information in its consumer information: Define which applications are referred to FENZ or add a link to the gazette notice

Item 4.3 Page 9 Risk & Assurance Committee Meeting Agenda 13 July 2021

https://gazette.govt.nz/notice/id/2012-go2694 Better define what are consent conditions and what are advice notes; e.g. Section 37 and “actions that are required to achieve/or maintain compliance” should be advice notes, and not conditions. Referencing to the CCC decision timeframe occurring two years after the date of granting rather than date of issuing.

R3 Regulation 7(2)(d)(iv) – The BCA is recommended to record the reasons for decisions when assessing access and facilities for people with disabilities in altered buildings (s112).

R4 Regulation 7(2)(d)(v) – The BCA is recommended to follow its procedure which requires the Form 4 to be attached to a building consent, one example was found where a Form 4 was required but was not a listed attachment.

R5 Regulation 7(2)(e) – The BCA is recommended to ensure that all relevant matters are recorded on its inspection checklists

R6 Regulation 7(2)(f) – The BCA is recommended to ensure that the currently lawfully established use on the code compliance certificate is correct.

R7 Regulation 7(2)(f) – The BCA is recommended to ensure that notices to fix are issued consistent with the requirements of sections 165 & 166 of the Act.

R8 Regulation 7(2)(h) - The BCA is recommended to update the title in ProMapp for the Building Consent Manager to their current title as the Building Manager.

R9 Regulation 13(b) – The BCA is recommended to effectively implement its procedure for granting its technical leaders the powers and/or authorities they need. Key points are: - Competency – general competency of BCA employees’ understanding of the philosophy and principles of building design and construction; and understanding and knowledge of building products and methods. Competency is achieved through training. The training budget of BCA employees is limited - $15k for the next financial year. With 13 BCA staff requiring at least 3 training courses per year to keep up to date with Building Code changes, legislation reform, product development and industry environmental changes. The cost of one training on-line course averages $600. To send a BCO away for a full day course can be up around $1500 plus accommodation. This will need to be reviewed. - 20 working day legislative time requirement. The construction industry has for the past 5 years been increasing and the industry is forecasting further growth. We have contractors in place that are contracted for 5 consents per week but on average take 12. In the last financial year the Consultants Fees-Recoverable External Fees was $294,163.07 paid to the contractors. The BCA is still struggling to meet the legislative requirement, and this could be mitigated through additional staff and restructuring the current team to achieve greater efficiencies – this is currently being worked through.

CONCLUSION The risk to the BCA is losing the accreditation and the building control function to issue building consents and undertake building inspections. This would be catastrophic to the district in a growth phase in residential and commercial construction development. On 25th June 2021, IANZ confirmed that we had passed the audit and the BCA has achieved its re- accreditation.

ATTACHMENTS 1. IANZ Final Assessment 2021

Item 4.3 Page 10 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.4 REVIEW OF RISK MANAGEMENT CHARTER

Author: Jamie Dale, Risk Manager Authorised by: Andrew Peckham, General Manager Corporate

PURPOSE To consider the review of the 2018 – 2021 Risk Management Charter and adopt a new Charter for the 2021 – 2023 period.

RECOMMENDATION(S) That the Risk & Assurance Committee adopts the updated Risk Management Charter 2021-2023.

DISCUSSION The Risk Management Charter sets out the aims and objectives of the Council for the identification and analysis of risks and its response to these risks. The identification and management of risks or events before they occur is important as it assists the Council to save money and secure its future. This is because it will help the Council establish procedures to avoid potential threats, minimise their impact should they occur and cope with the results. This ability to understand and control risk enables the Council to be more confident in its business decisions. Furthermore, strong corporate governance principles that focus specifically on risk management can help a Council achieve its goals. Other important benefits of risk management can include: • The creation of a safe and secure work environment for all staff and customers. • Increasing the stability of Council activities while also decreasing legal liability. • Providing protection from events that are detrimental to both the Council and the community. • Protection of all involved people and assets from potential harm. • Helping establish the Council's insurance needs in order to save on unnecessary premiums.

The existing Risk Management Charter has been reviewed against the international standard, ISO 3100 Risk Management – Guidelines, which provides principles, a framework and a process for managing risk and the current version is consistent with this. Some minor grammatical changes are being proposed and these have been noted in strike through text to identify text to be removed and in red to identify new text. The changes to the definitions include: • Reinforcing the coordination of risk management. • Emphasising a uniform structured approach to risk management • Minor changes in wording to reinforce that processes are to be appropriate for the Council’s needs. Changes to the Risk Management Aims and Objectives include: • Updating the purpose of risk management to language better representative of current risk management practices • Updated wording from using the term policy to intention • Updated the objective of emphasising risk management as a core responsibility to one of ensuring risk management as a core responsibility to strengthen the policy

Item 4.4 Page 11 Risk & Assurance Committee Meeting Agenda 13 July 2021

• Included identification of risks as one of the overarching strategies to reinforce its importance Updates to roles and responsibilities to reflect recent structural changes in the Council.

CONSIDERATIONS

Alignment with Council’s Vision Council’s vision is ‘to be the most prosperous and liveable district in the North Island by 2022’. This is accompanied by a core set of values to underpin decision-making, the following of which are relevant to this particular proposal: World Class Quality; Resilient and Value.

Financial Considerations The financial impact of the proposal is estimated to be $Nil

Legal Considerations Local Government Act 2002 The matter comes within scope of the Council’s lawful powers, including satisfying the purpose statement of Section 10 of the Local Government Act 2002. That section of the Act states that the purpose of local government is (a) to enable democratic local decision-making and action by, and on behalf of, communities; and (b) to promote the social, economic, environmental, and cultural well-being of communities in the present and for the future. It is considered that social / economic / environmental well-beings are of relevance to this particular matter. Authorisations are not required from external parties.

Policy Implications The proposal has been evaluated against the following plans:  Long Term Plan 2018-2028 Annual Plan ☐ Waikato Regional Plan ☐ Taupo District Plan ☐ Bylaws ☐ Relevant Management Plan(s) The key aspects for consideration with regards to this proposal are as follows: There are no known policy implications. Māori Engagement Council is bound by various Acts to consult and/or engage with Māori, including a duty to act reasonably and in good faith as a Te Tiriti ō Waitangi partner. Equally, Council has a responsibility to develop and proactively foster positive relationships with Māori as key stakeholders in our district, and to give effect to the principles of Te Tiriti ō Waitangi including (but not limited to) the protection of Māori rights and their rangatiratanga over tāonga. While we recognise Māori in general, we also need to work side by side with the three ahi kaa / resident iwi of our district. Although good faith does not necessarily require consultation, it is a mechanism for Council to demonstrate its existence and commitment to working together as district partners. Appropriately, the report author acknowledges that they have considered the above obligations including the need to seek advice, guidance, feedback and/or involvement of Māori on the proposed recommendation/s, objective/s, project/s or service/s outlined within this report.

Risks There are no known risks.

Item 4.4 Page 12 Risk & Assurance Committee Meeting Agenda 13 July 2021

c. The likely impact on present and future interests of the community, recognising Maori cultural values and their relationship to land and water; d. Whether the proposal affects the level of service of an activity identified in the Long Term Plan; e. Whether community interest is high; and f. The capacity of Council to perform its role and the financial and other costs of doing so. Officers have undertaken a rounded assessment of the matters in clause 11 of the Significance and Engagement Policy (2016), and are of the opinion that the proposal under consideration is of low importance.

ENGAGEMENT Taking into consideration the above assessment, that the decision is of a low degree of significance, officers are of the opinion that no further engagement is required prior to Council making a decision.

COMMUNICATION/MEDIA No communication/media required.

CONCLUSION The Risk Management Charter is an important policy for the Council and details how the Council intends to manage risks. It sets out the methodology to be used and identifies by whom, and how it should be implemented across the organisation. The objectives and methodologies identified in the charter are still consistent with current risk management best practice guidelines and if implemented across the Council should ensure risks are identified and managed effectively.

ATTACHMENTS 1. Proposed Risk Management Charter 2021 - 2023

Item 4.4 Page 13 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.5 REVIEW OF FRAUD POLICY

Author: Jamie Dale, Risk Manager Authorised by: Andrew Peckham, General Manager Corporate

PURPOSE To consider the proposed updates to the current Fraud Policy and approval and adoption a new Fraud Policy for a 3 year period starting July 2021.

RECOMMENDATION(S) That the Risk & Assurance Committee adopts the updated Fraud Policy 2021-2024.

BACKGROUND The proposal has not been presented previously.

DISCUSSION The current Fraud Policy which was adopted in 2018, was scheduled to be reviewed in May 2021. This review coincided with the Council’s internal fraud controls completed by KPMG which focussed on the areas of payroll, staff expenses, accounts receivable, accounts payable and asset disposals and the user access to the systems used to manage these. The findings of this review have been considered in the review of the Fraud Policy. The current policy provides high level guidance for the prevention, detection and response to ensure that any cases of suspected unauthorised Fraud or Corruption are dealt with appropriately, in order to protect the assets, reputation and staff of the Taupō District Council. It is one of a number of policies the Council has in place to manage potential internal fraud risks. In this review, available guidance information from the Office of the Auditor General (OAG) has been considered as well as how this policy has been used over the past 3 years. On the second point, no incidents of fraud covered by this policy have been investigated over the past 3 years. The OAG identifies the types of fraud reported in local government organisations for the period 2012/13 to 2019/20 as:

Item 4.5 Page 14 Risk & Assurance Committee Meeting Agenda 13 July 2021

More specifically in the past 3 years local authority reported frauds are recorded as:

In consideration of the information provided by the OAG on fraud it is considered that the current Fraud Policy could benefit from some updates that include: • Updating the definitions to better reflect the current accepted terminology and include former employees • Extending the cover of the policy to include all contractors acting as agents of the Council • Include fraud committed by employees that affects any third party and not just the Council • Reinforce that compliance with this policy is mandatory (shall) not optional (should). • Introduction of a section on process and prevention as prevention measures for fraud are not identified in the current policy. • Updating of related policies and descriptions of these for clarity purposes The proposed updated Fraud Policy is attached and the proposed updates have been identified by striking through text to be removed and using red text to identify new text to be included.

CONSIDERATIONS

Financial Considerations The financial impact of the proposal is estimated to be $ Nil

Legal Considerations Local Government Act 2002 The matter comes within scope of the Council’s lawful powers, including satisfying the purpose statement of Section 10 of the Local Government Act 2002. That section of the Act states that the purpose of local government is (a) to enable democratic local decision-making and action by, and on behalf of, communities; and (b) to promote the social, economic, environmental, and cultural well-being of communities in the present and for the future. It is considered that [social / economic / environmental and / or cultural are of relevance to this particular matter. The proposal has been evaluated with regards to a range of legislation. The key legislation applicable to the proposal has been reviewed and the relevant matters for consideration are as follows: Authorisations are not required from external parties.

Item 4.5 Page 15 Risk & Assurance Committee Meeting Agenda 13 July 2021

Council is bound by various Acts to consult and/or engage with Māori, including a duty to act reasonably and in good faith as a Te Tiriti ō Waitangi partner. Equally, Council has a responsibility to develop and proactively foster positive relationships with Māori as key stakeholders in our district, and to give effect to the principles of Te Tiriti ō Waitangi including (but not limited to) the protection of Māori rights and their rangatiratanga over tāonga. While we recognise Māori in general, we also need to work side by side with the three ahi kaa / resident iwi of our district. Although good faith does not necessarily require consultation, it is a mechanism for Council to demonstrate its existence and commitment to working together as district partners. Appropriately, the report author acknowledges that they have considered the above obligations including the need to seek advice, guidance, feedback and/or involvement of Māori on the proposed recommendation/s, objective/s, project/s or service/s outlined within this report.

Risks There are no known risks. This policy is a control to manage potential risks.

SIGNIFICANCE OF THE DECISION OR PROPOSAL Council’s Significance and Engagement policy identifies the following matters that are to be taken into account when assessing the degree of significance of proposals and decisions: a. The level of financial consequences of the proposal or decision; b. Whether the proposal or decision will affect a large portion of the community or community of interest; c. The likely impact on present and future interests of the community, recognising Maori cultural values and their relationship to land and water; d. Whether the proposal affects the level of service of an activity identified in the Long Term Plan; e. Whether community interest is high; and f. The capacity of Council to perform its role and the financial and other costs of doing so. Officers have undertaken a rounded assessment of the matters in clause 11 of the Significance and Engagement Policy (2016), and are of the opinion that the proposal under consideration is of low importance.

COMMUNICATION/MEDIA No communication/media required.

CONCLUSION The Fraud Policy ensures that any cases of suspected unauthorised Fraud or Corruption are dealt with appropriately, in order to protect the assets, reputation and staff of the Taupō District Council. The existing policy has been reviewed and some updates are proposed to ensure it remains relevant and can deliver its objectives for the next 3 years. ATTACHMENTS 1. Proposed Fraud Policy 2021 - 2023

Item 4.5 Page 16 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.6 PROCUREMENT POLICY REVIEW

Author: Daniel McKay, Contracts and Procurement Specialist Authorised by: Kevin Strongman, General Manager Operations and Delivery

PURPOSE To consider and approve the review of the current Procurement Policy.

EXECUTIVE SUMMARY The existing Procurement Policy is due for its 3-yearly review. MBIE have released an updated guideline for including “Broader Outcomes” in central government procurement processes. The policy has been reviewed against these guidelines and recommended changes to the policy have been incorporated into the draft policy for the Committees consideration. Furthermore, there has been some clarity added to the policy around the use of preferred suppliers and panels as well as an acknowledgement that there is a requirement to train elected members in our rules of procurement.

RECOMMENDATION(S) That the Risk & Assurance Committee adopts the proposed amended Procurement Policy.

BACKGROUND The proposal has not been presented previously. Since the last report, MBIE have released guidance on including Broader Outcomes in Procurement. These are the secondary benefits which are generated due to the way goods, services or works are produced or delivered. They include economic, environmental, social and cultural outcomes.

In March 2020, due to Covid19, Council initiated a 15% local economic impact weighted attribute.

DISCUSSION While we are not bound by central government rules. The Broader Outcomes piece of work aligns with our vision and helps our procurement processes to consider the greater wellbeing of our district by considering how our procurement affects the economic, environmental, social and cultural outcomes. It is proposed that our understanding of the 15% local economic impact weighted attribute is expanded to include environmental, social and cultural considerations; and becomes a permanent weighting in our procurement and this weighting will be reviewed in the next Procurement Policy review. Due to the marketplace being in flux, we are needing to use different market engagement methods to help ensure deliver of our Long Term Plan. To this end, we have expanded on the practice of engaging preferred suppliers and panels, so that there is some clarity in how these different procurement methods are applied. There were some other minor housekeeping changes made to the existing policy including the requirement to train elected members in our rules of procurement; and removing the “Other Relevant Policies” section. This section was out of date, and is more appropriate to be kept within the guidelines.

CONSIDERATIONS

Financial Considerations The financial impact of the proposal is estimated to be $0 for the implementation of this policy.

Item 4.6 Page 17 Risk & Assurance Committee Meeting Agenda 13 July 2021

Legal Considerations Local Government Act 2002 The matter comes within scope of the Council’s lawful powers, including satisfying the purpose statement of Section 10 of the Local Government Act 2002. That section of the Act states that the purpose of local government is (a) to enable democratic local decision-making and action by, and on behalf of, communities; and (b) to promote the social, economic, environmental, and cultural well-being of communities in the present and for the future. It is considered that social / economic / environmental and / cultural are of relevance to this particular matter.

Policy Implications There are no known policy implications. Māori Engagement Council is bound by various Acts to consult and/or engage with Māori, including a duty to act reasonably and in good faith as a Te Tiriti ō Waitangi partner. Equally, Council has a responsibility to develop and proactively foster positive relationships with Māori as key stakeholders in our district, and to give effect to the principles of Te Tiriti ō Waitangi including (but not limited to) the protection of Māori rights and their rangatiratanga over tāonga. While we recognise Māori in general, we also need to work side by side with the three ahi kaa / resident iwi of our district. Although good faith does not necessarily require consultation, it is a mechanism for Council to demonstrate its existence and commitment to working together as district partners. Appropriately, the report author acknowledges that they have considered the above obligations including the need to seek advice, guidance, feedback and/or involvement of Māori on the proposed recommendation/s, objective/s, project/s or service/s outlined within this report.

Risks There are no known risks. This policy aims to manage the risks associated with procurement.

COMMUNICATION/MEDIA No communication/media required.

CONCLUSION The updated Procurement Policy has been reviewed against MBIE’s guidance and some changes have been proposed to ensure that the policy is consistent with these guidelines. In addition some minor housekeeping changes were made to the previous policy.

Item 4.6 Page 18 Risk & Assurance Committee Meeting Agenda 13 July 2021

ATTACHMENTS 1. Procurement Policy Draft

Item 4.6 Page 19 Risk & Assurance Committee Meeting Agenda 13 July 2021

4.7 RISK & ASSURANCE COMMITTEE SCHEDULE OF POLICIES FOR REVIEW

Author: Andrew Peckham, General Manager Corporate Authorised by: Gareth Green, Chief Executive Officer

PURPOSE To receive a Schedule of Policies regularly reviewed by the Risk & Assurance Committee of Taupō District Council in accordance with the Committee’s Terms of Reference. A Schedule of Policies is attached. This contains details of Council policies falling within the Terms of Reference of the Risk & Assurance Committee, including dates of last review and when the policies will next appear before the Committee. The Committee’s Terms of Reference are also attached.

RECOMMENDATION(S) That the Risk & Assurance Committee receives the Schedule of Policies for review.

ATTACHMENTS 1. Risk & Assurance Committee Schedule of Policies for Review July 2021 2. Risk and Assurance Committee Terms of Reference 2019-22

Item 4.7 Page 20 Risk & Assurance Committee Meeting Agenda 13 July 2021

5 CONFIDENTIAL BUSINESS

RESOLUTION TO EXCLUDE THE PUBLIC

I move that the public be excluded from the following parts of the proceedings of this meeting. The general subject matter of each matter to be considered while the public is excluded, the reason for passing this resolution in relation to each matter, and the specific grounds under section 48(1) of the local government official information and meetings act 1987 for the passing of this resolution are as follows:

General subject of each matter Reason for passing this Ground(s) under Section 48(1) to be considered resolution in relation to each for the passing of this matter resolution

Agenda Item No: 5.1 Confirmation of Confidential Section 7(2)(a) - the withholding Section 48(1)(a)(i)- the public Portion of Risk & Assurance of the information is necessary to conduct of the relevant part of the Committee Minutes - 16 March protect the privacy of natural proceedings of the meeting would 2021 persons, including that of be likely to result in the disclosure deceased natural persons of information for which good reason for withholding would Section 7(2)(g) - the withholding exist under section 7 of the information is necessary to maintain legal professional privilege

Agenda Item No: 5.2 KPMG Internal Fraud Control Section 7(2)(e) - the withholding Section 48(1)(a)(i)- the public Environment of the information is necessary to conduct of the relevant part of the avoid prejudice to measures that proceedings of the meeting would prevent or mitigate material loss be likely to result in the disclosure to members of the public of information for which good reason for withholding would exist under section 7 Agenda Item No: 5.3 Litigation Update Section 7(2)(g) - the withholding Section 48(1)(a)(i)- the public of the information is necessary to conduct of the relevant part of the maintain legal professional proceedings of the meeting would privilege be likely to result in the disclosure of information for which good reason for withholding would exist under section 7

I also move that [name of person or persons] be permitted to remain at this meeting, after the public has been excluded, because of their knowledge of [specify]. This knowledge, which will be of assistance in relation to the matter to be discussed, is relevant to that matter because [specify].

Item 4.7 Page 21