Audit and Risk Committee Agenda

 

 

 

18 November 2021

 

 

 

 

 


ALL INFORMATION AVAILABLE IN VARIOUS FORMATS ON REQUEST

city@busselton.wa.gov.au

 

 


CITY OF BUSSELTON

MEETING NOTICE AND AGENDA – 18 November 2021

 

 

 

TO:                  THE MAYOR AND COUNCILLORS

 

NOTICE is given that a meeting of the Audit Committee will be held in the Committee Room, Administration Building, Southern Drive, Busselton on Thursday, 18 November 2021, commencing at 9.30am.

 

The attendance of Committee Members is respectfully requested.

 

 

DISCLAIMER

Statements or decisions made at Committee meetings should not be relied on (or acted upon) by an applicant or any other person or entity until subsequent written notification has been given by or received from the City of Busselton. Without derogating from the generality of the above, approval of planning applications and building permits and acceptance of tenders and quotations will only become effective once written notice to that effect has been given to relevant parties. The City of Busselton expressly disclaims any liability for any loss arising from any person or body relying on any statement or decision made during a Committee meeting.

 

 

 

Mike Archer

 

CHIEF EXECUTIVE OFFICER

 

15 November 2021


CITY OF BUSSELTON

Agenda FOR THE Audit Committee MEETING TO BE HELD ON 18 November 2021

TABLE OF CONTENTS

 

ITEM NO.                                        SUBJECT                                                                                                                              PAGE NO.

1....... Declaration of Opening, ACKNOWLEDGEMENT OF COUNTRY and Announcement of Visitors. 4

2....... Attendance. 4

3....... ELECTION OF PRESIDING MEMBER AND DEPUTY PRESIDING MEMBER. 4

4....... Public Question Time. 4

5....... Disclosure Of Interests. 4

6....... Confirmation Of Minutes. 4

6.1          Minutes of the Audit Committee Meeting held 28 April 2021. 4

7....... Reports. 5

7.1          CITY OF BUSSELTON 2020/2021 ANNUAL FINANCIAL REPORT, AUDITORS' REPORT AND MANAGEMENT LETTER. 5

7.2          2021 OFFICE OF AUDITOR GENERAL CYBER SECURITY AND GENERAL COMPUTER CONTROLS AUDIT. 87

8....... General Discussion Items. 108

9....... Next Meeting Date. 108

10..... Closure. 108

 


Audit Committee                                                                  4                                                            18 November 2021

1.               Declaration of Opening, ACKNOWLEDGEMENT OF COUNTRY and Announcement of Visitors

 

2.               Attendance 

Apologies

 

3.               ELECTION OF PRESIDING MEMBER AND DEPUTY PRESIDING MEMBER

3.1             Ms Sarah Pierson, Acting Director Finance and Corporate Services, will conduct the nomination and voting to elect a Presiding Member of the Audit and Risk Committee in accordance with section 5.12 of the Local Government Act 1995.

 

3.2             The elected Presiding Member will conduct the nomination and voting to elect a Deputy Presiding Member of the Audit and Risk Committee in accordance with section 5.12 of the Local Government Act 1995.

 

4.               Public Question Time

 

5.               Disclosure Of Interests

 

6.               Confirmation Of Minutes

6.1             Minutes of the Audit Committee Meeting held 28 April 2021

Recommendation

That the Minutes of the Audit Committee Meeting held 28 April 2021 be confirmed as a true and correct record.

 


Audit Committee                                                                  6                                                            18 November 2021

7.               Reports

7.1             CITY OF BUSSELTON 2020/2021 ANNUAL FINANCIAL REPORT, AUDITORS' REPORT AND MANAGEMENT LETTER

STRATEGIC THEME

LEADERSHIP - A Council that connects with the community and is accountable in its decision making.

STRATEGIC PRIORITY

4.2 Deliver governance systems that facilitate open, ethical and transparent decision making.

SUBJECT INDEX

Financial Operations

BUSINESS UNIT

Financial Services

REPORTING OFFICER

Manager Financial Services - Paul Sheridan

AUTHORISING OFFICER

Acting Director Finance and Corporate Services - Sarah Pierson

NATURE OF DECISION

Executive: Substantial direction setting, including adopting budgets, strategies, plans and policies (excluding local planning policies); funding, donations and sponsorships; reviewing committee recommendations

VOTING REQUIREMENT

Simple Majority

ATTACHMENTS

Attachment a   Audit Opinion

Attachment b    Financial Statements for the Year Ending 30 June 2021

Attachment c    Management Letter Year Ending 30 June 2021  

 

OFFICER RECOMMENDATION

That the Council:

1.         Accepts the 2020/21 Annual Financial Report including Auditors Report and Audit Management Report as per the attached documentation; and

2.         Notes that it has met the requirements of section 7.12A(2) of the Local Government Act 1995 with the Audit Committee, on behalf of Council, having met with a representative of the Office of the Auditor General on the 18th November 2021.

 

EXECUTIVE SUMMARY

The signed Independent Auditors Report and Management Letter, in relation to the 2020/21 Annual Financial Statements, were received from the Office of the Auditor General on 15 November 2021, and are provided to Committee Members as attachments to this report, along with the final draft of the 2020/21 Annual Financial Statements.

 

Pursuant to its Instrument of Appointment, it is relevant that the Audit and Risk Committee considers the 2020/21 Annual Financial Statements, Auditors Report and Management Letter and, where appropriate, makes recommendation/s in respect of these reports.

 

In addition, the local government is required to meet with its auditor at least once every year in accordance with section 7.12A(2) of the Local Government Act 1995 (the Act).

 


 

BACKGROUND

Pursuant to Section 7.9 of the Act, an Auditor is required to examine the accounts and annual financial report submitted by a local government for audit. The Auditor is also required, by 31 December following the financial year to which the accounts and report relate, to prepare a report thereon and forward a copy of that report to:

(a)       The Mayor or President

(b)      The Chief Executive Officer; and

(c)       The Minister

 

Furthermore, in accordance with Regulation 10 (4) of the Local Government (Audit) Regulations 1996, (the Regulations) where it is considered appropriate to do so, the Auditor may prepare a Management Letter to accompany the Independent Auditor’s Report, which is also to be forwarded to the persons specified in Section 7.9 of the Act.

 

The Management Letter provides an overview of the audit process and outcomes, and also identifies any matters that, while generally not material in relation to the overall audit of the financial report, are nonetheless considered relevant to the day to day operations of the City.

 

Representatives of the Audit and Risk Committee and City officers met with the OAG at an entrance meeting held on the 22 April 2021. At this meeting, the OAG outlined the process for the annual audit (including interim and final).

The final audit took place from the 4 to 15 October 2021.  An exit meeting was held with the Mayor and Deputy Mayor, CEO and relevant officers on the 10 October 2021. The OAG has since provided their signed audit report, including the opinion and management letter, attached to this report.

OFFICER COMMENT

The OAG have confirmed that once again the City has been provided with an unqualified audit opinion (clear audit).

 

As part of the 2020/21 Financial Audit, the Auditor made one finding, deemed as moderate.

“1.  Recording of Inventory Stocktake

Finding

When performing our testing over inventory, we noted that the stocktake quantity is not recorded in the stock count sheet by it’s physical count but in invoiced order batch.

For example, there was physically 14 light poles but was recorded on the stock sheet as 1 due to all 14 being on the same invoice batch.”

 

Full details and City of Busselton Management comments can be seen in the 2020-21 Management Letter attachment.

 

The Audit and Risk Committee Terms of Reference determines that the Audit and Risk Committee is responsible and has the duty to formally meet with the auditor in accordance with the Act on behalf of the local government. Ms. Carly Meagher, Director Financial Audit, from the OAG, representing the Auditor General is attending the Audit and Risk Committee meeting. Ms. Meagher will present the audit report and respond to any queries arising.

The presence of Ms. Meagher meets the requirements of 7.12A (2) of the Act.

 


 

Statutory Environment

Matters pertaining to the financial audit of a local government authority are detailed within:

§  Local Government Act 1995 - Section 7.9 and Section 7.12A.

§  Local Government (Financial Management) Regulations 1996.

§  Local Government (Audit) Regulations 1996 – Regulation 16

 

Relevant Plans and Policies

There are no relevant plans or policies to consider in relation to this matter.

 

Financial Implications

There are no financial implications associated with the officer recommendation.

Stakeholder Consultation

No external stakeholder consultation was required or undertaken in relation to this matter.

 

There is a requirement to include the audited financial statements within the City of Busselton Annual Report, which will be advertised to the public following its consideration by Council.

 

Risk Assessment

An assessment of the potential implications of implementing the officer recommendation has been undertaken using the City’s risk management framework, with risks assessed taking into account any controls already in place. No risks of a medium or greater level have been identified.

 

Options

The Audit and Risk Committee may determine to make specific recommendations in relation to the audit findings and the actions identified by management in addressing these.  Given the operational nature of the one issue that arose and that this is planned to be addressed, officers do not think specific resolutions are necessary.

 

CONCLUSION

The City achieved a clear audit for the financial year ending 30 June 2021 with only one moderate finding reported in the Management Letter.

 

TIMELINE FOR IMPLEMENTATION OF OFFICER RECOMMENDATION

Not applicable.

 


Audit Committee

8

18 November 2021

7.1

Attachment a

Audit Opinion

 




Audit Committee

11

18 November 2021

7.1

Attachment b

Financial Statements for the Year Ending 30 June 2021

 











































































Audit Committee

86

18 November 2021

7.1

Attachment c

Management Letter Year Ending 30 June 2021

 



Audit Committee                                                                  87                                                          18 November 2021

7.2             2021 OFFICE OF AUDITOR GENERAL CYBER SECURITY AND GENERAL COMPUTER CONTROLS AUDIT

STRATEGIC THEME

LEADERSHIP - A Council that connects with the community and is accountable in its decision making.

STRATEGIC PRIORITY

4.2 Deliver governance systems that facilitate open, ethical and transparent decision making.

SUBJECT INDEX

Audit Reporting

BUSINESS UNIT

Information Services

REPORTING OFFICER

Manager Information Services - Kris Davis

AUTHORISING OFFICER

Acting Director Finance and Corporate Services - Sarah Pierson

NATURE OF DECISION

Noting: The item is simply for information purposes and noting

VOTING REQUIREMENT

Simple Majority

ATTACHMENTS

Attachment a   Office of Auditor General - Information Services Audit Findings and Response  

 

OFFICER RECOMMENDATION

That the Council notes the 2021 Office of Auditor General Information System Audit findings for the Information Systems and Cyber Security audits as per the attached documentation.

 

EXECUTIVE SUMMARY

The draft audit findings were received from the Office of the Auditor General (OAG) on 27 October 2021, and are provided to the Audit and Risk Committee as attachments to this report.  Pursuant to its Instrument of Appointment, it is relevant that the Audit Committee considers the findings and associated responses, and where appropriate, makes recommendation/s in respect of these reports.

 

BACKGROUND

The City of Busselton were selected to be involved in the Cyber Security audit by the OAG as part of the larger ‘State of cyber security in Local Government(LG) entities (Local)’ audit to be tabled in the fourth quarter of 2021. This audit took place on premise in June 2021.

The City of Busselton were additionally selected to be involved in the General Computer Controls audit by the OAG as part of the ‘Local Government General Computer Controls’ report for 2021. This audit took place on premise in July 2021.

The audits are designed to identify areas for improvement when assessed against the OAG benchmarks set for Information Systems within local government.

OFFICER COMMENT

The majority of findings presented by the OAG are accepted by management with the audits helping to identify gaps in its security systems and processes. When reviewing the findings and responses it’s worth noting that many of the processes are already in place but not documented, hence a recommendation for the item exists even though we are actively carrying out the task.

 

These audits, whilst resource intensive, are an excellent way of ensuring we are continually improving in our Cyber and Information security controls.  In saying that, some of the recommendations require significant resources to implement them and / or are not considered suitable to our environment when balanced against the costs in terms of staff efficiency and increased budget requirements. It should be noted that larger councils still do not adhere to the benchmarks set out by the OAG, of the 11 councils audited in 2020 none met the benchmarks in all areas.

 

The specific actions resulting from the audits are outlined in the attachment.

Statutory Environment

The officer recommendation supports the general function of a local government under the Local Government Act 1995 to provide for the good government of persons in its district.

 

Relevant Plans and Policies

There are no relevant plans or policies to consider in relation to this matter.

 

Financial Implications

There are no immediate financial implications associated with the officer recommendation but it should be noted that increased ICT costs will be introduced in future years as the need to address Cyber and Information Security grows according to the increasing risk.

 

Stakeholder Consultation

No external stakeholder consultation was required or undertaken in relation to this matter.

 

Risk Assessment

An assessment of the potential implications of implementing the officer recommendation has been undertaken using the City’s risk management framework, with risks assessed taking into account any controls already in place. No risks of a medium or greater level have been identified.

Options

The Audit Committee may determine to make specific recommendations in relation to the audit findings and the actions identified by management in addressing these.  Given the nature of the findings and the fact that this will need to be managed operationally by the City’s Information Services team, with actions already proposed or underway, officers do not think specific resolutions are necessary.

CONCLUSION

The City has agreed with the majority of recommendations provided by the OAG and those not considered currently acceptable will be reassessed in future years. The City is continually evolving to protect the information and service its ICT infrastructure provides, Cyber related threat within our modern computing world is increasing every day and we must remain focused to ensure we do not become a victim.

 

TIMELINE FOR IMPLEMENTATION OF OFFICER RECOMMENDATION

A timeline of each recommendation is provided within the attachment.


Audit Committee

107

18 November 2021

7.2

Attachment a

Office of Auditor General - Information Services Audit Findings and Response

 



















 


Audit Committee                                                                  108                                                       18 November 2021

8.               General Discussion Items

 

9.               Next Meeting Date

 

10.             Closure