Home › Meetings › Audit and Risk Management Committee — 2020-08-19
Audit and Risk Management Committee — 2020-08-19
1. Report - Audit and Risk Management Committee No. 2020(02) of 20 May 2020
Doc ID No: A6411640
ITEM: 1
SUBJECT: Report - Audit and Risk Management Committee No. 2020(02) of 20 May 2020
AUTHOR: Administration Officer
DATE: 10 August 2020
INTRODUCTION
This is the report of the Audit and Risk Management Committee No. 2020(02) of 20 May 2020 which was presented to the Council Ordinary Meeting of 26 May 2020.
RECOMMENDATION
That the report be received and the contents noted.
Attachments and Confidential Background Papers
1.
Audit and Risk Management Committee Report No. 2020(02) of 20 May 2020 ⇩
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 1 / Attachment 1.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
2. Outstanding actions
Doc ID No: A6412215
ITEM: 2
SUBJECT: Outstanding actions
AUTHOR: Committee Manager
DATE: 10 August 2020
Executive Summary
This is a report concerning the outstanding actions associated with the following committees:
Audit and Risk Management Committee
Risk ELT Committee
Risk – Infrastructure and Environment Committee
Risk – Corporate Services Committee
Risk – Co-ordination and Performance Committee
Risk – Planning and Regulatory Services Committee
Risk – Community, Cultural and Economic Development Committee
Recommendation/s
That the report be received and the contents noted.
RELATED PARTIES
Not applicable
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
This report provides an update as to current outstanding actions associated with the various risk committees operating within council.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Not Applicable
RISK MANAGEMENT IMPLICATIONS
Actions exist so that there is a record of matters that council has resolved. The actions exist as a way to ensure these tasks are undertaken.
Financial/RESOURCE IMPLICATIONS
Not applicable.
COMMUNITY and OTHER CONSULTATION
Not applicable.
Conclusion
The outstanding actions listing has been compiled as a record of actions still outstanding.
Attachments and Confidential Background Papers
CONFIDENTIAL
1.
Outstanding actions report
Vicki Lukritz
Committee Manager
I concur with the recommendations contained in this report.
Wade Wilson
Manager Executive Services
I concur with the recommendations contained in this report.
Sean Madigan
General Manager - Coordination and Performance
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
3. Queensland Audit Office Briefing Paper
Doc ID No: A6412399
ITEM: 3
SUBJECT: Queensland Audit Office Briefing Paper
AUTHOR: Committee Manager
DATE: 10 August 2020
Executive Summary
This is a report concerning a briefing paper presented by the Queensland Audit Office.
Recommendation/s
That the report be received and the contents noted.
RELATED PARTIES
Ipswich City Council
Queensland Audit Office
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
The Queensland Audit Office have presented this paper for the information of the Audit and Risk Management Committee.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Not applicable
RISK MANAGEMENT IMPLICATIONS
Not applicable
Financial/RESOURCE IMPLICATIONS
There are no financial or resource implications.
COMMUNITY and OTHER CONSULTATION
No consultation has been undertaken in relation to this report.
Conclusion
The Queensland Audit Office have presented a briefing paper for the information of the Audit and Risk Management Committee.
Attachments and Confidential Background Papers
CONFIDENTIAL
1.
Queensland Audit Office Briefing Paper
Vicki Lukritz
Committee Manager
I concur with the recommendations contained in this report.
Wade Wilson
Manager Executive Services
I concur with the recommendations contained in this report.
Sean Madigan
General Manager - Coordination and Performance
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
4. Internal Audit Branch Activities Report for the period 11 May 2020 to 5 August 2020
Doc ID No: A6333324
ITEM: 4
SUBJECT: Internal Audit Branch Activities Report for the period 11 May 2020 to 5 August 2020
AUTHOR: Chief Audit Executive
DATE: 5 August 2020
Executive Summary
This is a report concerning the activities of Internal Audit undertaken during the above mentioned period and the current status of these activities.
Recommendation/s
That the report be received, considered and the recommendations in Attachments 3, 4 and 5, be considered finalised and archived.
RELATED PARTIES
Not applicable
Ipswich City Council Strategic Objectives
• We want to be recognised as leaders in good governance and accountability.
• We want our natural environment to be preserved and protected.
• We aim to create a community which has access to jobs and economic opportunities now and in the future.
• We desire a community which is cohesive, vibrant and resilient.
• We wish to achieve a thriving city centre which benefits communities across the city.
Individual internal audits and corrupt conduct investigations will, to a varying degree, support these themes, but the main objective for Internal Audit is to support the organisation in achieving its objectives.
Purpose of Report/Background
The purpose of this report is to keep the Audit and Risk Management Committee (ARMC) informed on a quarterly basis and to report on performance of the Internal Audit Branch:
Title of section, feedback or report provided in the section below
Included in quarter
Report the status of the audits currently under way
Yes
Summary of the general activities of the Internal Audit Branch
Yes
Finalised recommendations for Audit and Risk Management Committee closure
Yes
Report the status of open and overdue audit recommendations from completed audits
Yes
Summary of recent internal audits completed and reports issued
Yes
Progress of the Annual Internal Audit Plan (every May)
No
New Annual Internal Audit Plan including the Strategic Three Year Plan (every May)
No
Annual Performance Report and Assertion on Internal Audit Standards (every August)
Yes
The supply of the information to the Audit and Risk Management Committee, is a requirement of the Internal Audit Charter.
Status of audits underway and finalised - Internal Audit Report Register (Attachment 1)
This is a historic register recording the reference number of formal reports produced, audits commenced, report status and date completed for the last number of years.
Internal Audits, Reviews, Projects, Investigations and Activities Update (Attachment 2)
This is a report on audits, reviews, projects and internal audit activities that were conducted during the period or in progress during the above mentioned period of the report.
Audit Recommendations finalised by ARMC (Attachments 3, 4 and 5)
Extracted from the Audit Recommendations System, these reports list all Internal and External Audit recommendations as well as de-identified Investigation/Ad-hoc reports (with management comments and responses) that managers advise have been implemented since the report made to the last Audit and Risk Management Committee meeting. These reports are presented to the Audit and Risk Management Committee prior to the recommendations being finalised and/or archived.
Recommendations Origin
Risk Ratings
Total
ICC
Catastrophic
Major
Moderate
Low
Minimal
Internal Audit
2
7
7
16
Ad hoc/Investigation
1
1
QAO
Significant Deficiency
Deficiency
Other Matter
Financial reporting
High
Medium
Low
External Audit
5
2
1
1
9
Status of open and overdue recommendations (Attachments 6, 7, 8 and 9)
Every month each Department Head is requested to update the status of both the internal, external audit and Investigation/Ad hoc recommendations due for implementation within their area of responsibility. The recommendation statistics and overdue summary (with suggested follow-up actions) as well as the Internal Audit, Investigations/Ad hoc report and External Audit overdue recommendations are attached. The following traffic lights are used with their descriptor:
Green
Orange
Red
G
Under control
Reasonable number
Low overall risk
O
Need to monitor
Number increasing
Moderate overall risk
R
Need to be addressed
Number problematic
High overall risk
The following Departments’ progress towards the implementation of Overdue Internal Audit recommendations is summarised below (All other departments had no recommendations overdue for more than 3 months) :
Community, Cultural & Economic Development
G
Date of Report
Total overdue
Catastrophic
Major
Moderate
7 August 2020
1
0
0
0
In relation to: Operation of Fleet and Plant (A1819-12), Grants, Sponsorships and Donations (A1920-08), Receipting, Cash Handling & Floats (A1920-16)
Infrastructure and Environment
O
Date of Report
Total overdue
Catastrophic
Major
Moderate
7 August 2020
6
0
0
3
In relation to: Credit Cards Framework‐ Allocation and Use (A1819-05)
Planning and Regulatory Services
O
Date of Report
Total overdue
Catastrophic
Major
Moderate
6 August 2020
3
0
0
2
In relation to: Residential Swimming Pools (A1718-16), Penalty Infringement Process (A1819-13), Animal Management Branch – Pound Operations (A1819-15)
Total Internal Audit recommendations overdue for more than 3 months and level of risk :
Minimal and Low not indicated.
Date of Report
Total overdue
Catastrophic
Major
Moderate
O
6 August 2020
10
0
0
7
11 May 2020
5
0
0
3
Total Internal Audit recommendations open and level of risk:
Date of Report
Total open
Catastrophic
Major
Moderate
O
6 August 2020
67
0
9
47
11 May 2020
60
0
6
40
Total Investigation/Ad Hoc Report recommendations overdue and level of risk:
Minimal and Low not indicated.
Date of Report
Total overdue
Catastrophic
Major
Moderate
G
6 August 2020
1
0
0
1
11 May 2020
3
0
0
2
Total Investigation/Ad Hoc Report recommendations open and level of risk:
Date of Report
Total open
Catastrophic
Major
Moderate
G
6 August 2020
3
0
0
3
11 May 2020
3
0
0
2
Total External Audit recommendations overdue and level of risk:
Ratings as used by QAO.
Date of Report
Total overdue
Significant Deficiency
Deficiency
Other Matter
Financial reporting
G
High
Medium
Low
6 August 2020
0
0
0
0
0
0
0
11 May 2020
1
1
0
0
0
0
0
Total External Audit recommendations open and level of risk:
Date of Report
Total open
Significant Deficiency
Deficiency
Other Matter
Financial Reporting
G
High
Medium
Low
6 August 2020
6
1
2
3
0
0
0
11 May 2020
7
3
2
1
0
0
1
Overall Status
G
The total number of overdue recommendations have gone up and the overall number of open recommendations have gone up. This is still a positive result, but managers will need to monitor the open recommendations.
Summary of recent internal audits completed and reports issued in period of the report (Attachment 10, 11, 12, 13, 14 and 15)
Since the previous report to the ARMC, Internal Audit has issued/finalised the following Internal Audit reports/Consulting Tasks and the extracts of the reports containing the audit recommendations, management response and agreed action by date, are attached to enable any further discussion that may be required by the Audit and Risk Management Committee.
Control Environment Opinion Summary over Areas in Scope of Audits
5
4
3
2
1
Conflicts of Interests (A1920-03)
P
Enterprise Resource Planning (ERP) Observation/Advice (A1920-06)
P
Lakes and Retention Basins (A1920-11)
P
Private Works (A1920-14)
P
Recruitment and Selection (A1920-17)
P
Sports Operations (A1920-19)
P
Rating Definitions
5
Indicates unacceptable control environment or critical operating or control problems or extreme exposure.
4
Indicates unsatisfactory control environment or significant operational, procedural or control deficiencies or high exposure.
3
Indicates limited control environment or some operational, procedural or control deficiencies, issues or moderate exposure
2
Indicates acceptable control environment or minor operational, procedural or control deficiencies, issues or exposure.
1
Indicates well controlled environment or no or limited unfavourable audit findings, observations or ex
Mentions: Ipswich
5. Report - Risk ELT Meeting No. 2020(03) of 17 June 2020
Doc ID No: A6412474
ITEM: 5
SUBJECT: Report - Risk ELT Meeting No. 2020(03) of 17 June 2020
AUTHOR: Committee Manager
DATE: 10 August 2020
INTRODUCTION
This is the report of the Risk ELT Meeting No. 2020(03) of 17 June 2020.
RECOMMENDATION
That the report be received and the contents noted.
1.
Risk ELT Meeting Report No. 2020(03) of 17 June 2020 ⇩
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 5 / Attachment 1.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
6. Insurance and Risk Management Update
Doc ID No: A6400500
ITEM: 6
SUBJECT: Insurance and Risk Management Update
AUTHOR: Principal Risk and Compliance Specialist
DATE: 4 August 2020
Executive Summary
This is a report concerning Council’s insurance statistics for the period 1 April 2020 to 30 June 2020 and an update on risk management.
Recommendation/s
That the report on Council’s insurance statistics for the period 1 April 2020 to 30 June 2020 and the update on risk management be received and the contents noted.
RELATED PARTIES
All members of ELT, Council’s third and fourth level Managers, Principal Risk and Compliance Specialist, Senior Insurance and Risk Officer and the Corporate Governance Manager.
There are no perceived or actual conflict of interest issues regarding this report.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
To inform the Committee of:
· Corporate Insurance Statistics for the Quarter
· Status of Risk Management
1. Corporate insurance Statistics for the period 1 April 2020 to 30 June 2020
The following tables and graphs provide a high-level summary of insurance claims for the period 1 April 2020 to 30 June 2020 ( for more information see attachment 1 and 2 ):
2. Status of Risk Management
Enterprise Risk Management Program
1. The third ELT Risk Committee was held on 17 June 2020 and the fourth ELT Risk Committee was held on 10 August 2020.
On 17 June 2020 the Committee discussed the new and emerging risks which had previously been identified by PricewaterhouseCoopers (PwC) during their consultation work with Ipswich City Council. The Committee agreed that all identified new and emerging risks were adequately addressed through existing initiatives and being managed through Department Risk Registers.
The risks discussed were:
A. State/Federally funded infrastructure meeting growth demands and social equity;
B. Commercial disputes;
C. Climate Change;
D. Departmental outcomes align with Council strategy;
E. Internal Audit/Ethical Standards; and
F. Policy/Procedure approval.
2. The second Department Risk Advisory Committees for each of the five Departments was held in the second week of June 2020 with the Committee being chaired by the General Manager. The next Department Risk Advisory Committees are scheduled for the second week of September 2020.
3. Peter Tabulo, General Manager of Planning and Regulatory Services will be presenting at today’s committee meeting on how he is managing his departmental risks.
Corporate Risk Register
A review of the Corporate Risk Register was undertaken to review the contents of the register, including the descriptions, causes, impacts, ratings and the development of action plans.
This was the primary area of focus of the ELT Risk Committee meeting for June 2020 (see attachment 3) .
Departmental Risk Registers
A review of each Departmental Risk Register is undertaken at the quarterly Department Risk Meetings to review the contents of the register, including the descriptions, causes, impacts, ratings and the development of action plans.
Risk Profile
Due to the COVID-19 Pandemic the CEO at the ELT Risk Committee held on 3 April 2020 suggested that all corporate risks be retained and further discussed once the threat of COVID-19 has stabilised. The CEO requested that a COVID-19 Risk Register be developed with action plans for the risks identified. In consultation with key stakeholders during the COVID-19 Working Groups, a COVID-19 Risk Register was created addressing four (4) key risks. In addition to the register, a further risk was incorporated into the Coordination and Performance Risk Register for Sean Madigan – the Chairperson of the COVID-19 Working Group – to manage.
The COVID-19 Risk Register was presented to the ELT Risk Committee on 10 August 2020 with the recommendation that ELT review the COVID-19 risk register and note the contents of the outstanding actions to be delivered.
Risk Appetite
It is proposed by the Principal Risk and Compliance Specialist to complete a review of Ipswich City Council’s current Risk Appetite Statement in 2020-2021 to develop an in-depth analysis for the nine (9) risk areas currently outlined.
At the next ELT Risk Committee Meeting there will be an agenda item to promote discussion around how Council can look at compiling a Risk Appetite Statement covering these nine (9) risk areas.
Reporting
Work is still progressing with the reporting timeframes and reporting templates.
Implementation of the Risk Management Framework and Training
The risk management training is in the process of being developed by the Learning and Development Team within the People and Culture Branch based on the Framework, Procedure and Administrative Directive and will be rolled out commencing in the third quarter of 2020.
A segment on risk management has been added to the ICC Induction Program for new employees.
Fraud and Corruption Control
Further Fraud and Corruption Training for all Ipswich City Council Staff will be rolled out commencing in the fourth quarter of 2020.
A segment on Fraud and Corruption Awareness has been added to the ICC Induction Program for new employees.
Reporting
Work is still progressing with the reporting timeframes and reporting templates.
Business Continuity Planning
On 23 March 2020 the ELT Risk Committee endorsed the recommendation that due to the current environment surrounding the COVID-19 Pandemic, the planned development of a business continuity test exercise, which was to be carried out in the first half of 2020 be postponed.
Legal/Policy Basis
In managing risk and insurance for the organisation Council officers perform their duties in keeping with the Local Government Principles of:
· Transparent and effective processes, and decision-making in the public interest;
· Good governance of, and by, local government; and
· Ethical and legal behaviour of Councillors and local government employees.
The following table outlines the relevant legislation and the administrative functions and services provided by the Section:
Relevant Legislation
Corporate Services Section
Functions and Services Provided
Local Government Act 2009
Local Government Regulation 2012
AS/NZS ISO 31000:2018 Risk Management – Principles and Guidelines
Manage and coordinate:
· the implementation of Council’s Risk Management Framework
· public liability claims from external customers
· public liability claims for Councillors and staff
· negotiate (within Delegated Authority), on behalf of Council any insurance resolutions
· the insurance of Council assets including but not limited to Council buildings, machinery and equipment, park infrastructure, swimming pools, sports centres, club houses, fleet vehicles, etc.
· the renewal of Council insurance policies (excluding Workers Compensation)
· the provision of expert insurance and risk advice to both external and internal stakeholders
· recover costs from damaged made by third parties to Council assets
RISK MANAGEMENT IMPLICATIONS
It is essential that Risk Management is successfully implemented and embedded in the organisation. The management of corporate risks lies with the CEO and all General Managers whilst the management of departmental risks are the responsibility of the respective General Manager.
The Corporate Governance Section and the Principal Risk and Compliance Specialist can provide the necessary framework, policy, procedures and advice but successful risk management will only be achieved if senior management takes responsibility for managing the risk and fraud registers, implement appropriate controls and lead the organisation in developing a strong risk management culture.
Conclusion
With the implementation of an Enterprise Risk Management Framework and an increase in the capability of the organisation to manage risk efficiently and effectively, Council has positioned itself to build to be an exemplar Council in the management of Risk and Insurance.
Attachments and Confidential Background Papers
1.
Corporate Risk Register ⇩
CONF
Mentions: Ipswich
7. Maturing and strengthening of Council's governance, internal controls and compliance
Doc ID No: A6415079
ITEM: 7
SUBJECT: Maturing and strengthening of Council's governance, internal controls and compliance
AUTHOR: General Manager Corporate Services
DATE: 11 August 2020
Executive Summary
This is a report concerning the maturing and strengthening of Council’s governance, internal controls and compliance. Council is progressively maturing and strengthening its governance, internal controls and compliance with the broad range of legislative, policy and procedural obligations upon it. Council’s investment and focus in these critical areas has been strengthened significantly in recent years.
This report offers an update on current initiatives and actions to mature governance and document and strengthen internal controls.
Recommendation/s
That the Audit and Risk Management Committee (ARMC) note the actions and initiatives being scoped and implemented to mature and strengthen Council’s governance, internal controls and compliance.
RELATED PARTIES
There are conflicts of interest to declare concerning the matters addressed in this report.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
Purpose
The purpose of this report is to update the ARMC on actions and initiatives that are underway to mature and strengthen Council’s governance, internal controls and compliance following the Business Transformation Program (BTP) that was finalised in May 2020.
Background
Business Transformation Program
The primary objective of the Interim Administrator’s ‘Vision2020’ was transforming the organisation to be an exemplar of good governance from which other Councils aim to emulate.
In order to achieve this, the Interim Administrator and Interim Management Committee defined 18 transformational projects looking to improve our processes and governance arrangements. These 18 were then defined under three separate themes: whole of council, finance and reporting and risk and governance as set out in the table that follows.
Regular updates on the BTP were provided to the ARMC.
Council has now transitioned from the BTP to embed new strategies, policies, procedures and processes into business as usual operations. However, in some areas, where the further work is required beyond the closure of the BTP, new strategic projects have been scoped and are now being advanced.
Strategic Projects relevant to governance, internal controls and compliance
In particular, four strategic projects were endorsed to be scoped, prioritised and resourced as necessary including:
1. Strategic maturity of governance
2. Asset management
3. Procurement model implementation
4. People and Culture Strategic Plan implementation
These four projects are key to the strengthening of governance, control and compliance functions of Council. Scoping of these projects is well advanced and the Project Management Plans will soon be considered by the Program Management Steering Committee.
Good Governance Policy and Guide
Going forward, it is vital that Council continues to invest in the maturing and strengthening of its governance, internal controls and compliance if it is to achieve the vision of being an exemplar of good governance.
Council has a Good Governance Policy and Good Governance Guide that was adopted by Council on 25 February 2020 which has the elements of:
a) Roles, responsibilities and relationships
b) Organisational planning, monitoring and reporting performance
c) Decision-making
d) Legal and ethical compliance, and
e) Culture and ethics.
Documenting and strengthening of internal controls for each Department’s risks
As part of the maturing of Council’s Enterprise Risk Management Program, risk owners will soon be asked to identify each control implemented as part of the first line of defence (including frameworks, policies, procedures, systems, structures and processes) to mitigate the risk and therefore self-evaluate the effectiveness of each control. Risk Control Reports will be reviewed by Council’s Risk Team to identify areas for strengthening and improvement.
Internal controls framework
An internal controls framework is also being documented using the three lines of defence model and setting out Council’s existing and proposed enablers in the following areas [11] :
1. Vision, plans, strategies and frameworks
2. Policies, procedures and processes
3. Culture, ethics, integrity and behaviour
4. People, capabilities and competencies
5. Organisational design
6. Information management and communication, and
7. Systems, security and data analytics.
An update on the internal controls framework will be provided to the next meeting of ARMC on 7 October 2020.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
RISK MANAGEMENT IMPLICATIONS
The maturing and strengthening of Council’s governance, internal controls and compliance will better position council to manage risks in the delivery of its functions and services to the Ipswich community.
Financial/RESOURCE IMPLICATIONS
Work on strengthened governance, internal controls and compliance is being undertaken within existing resources allocated in the 2020-2021 Council budget.
COMMUNITY and OTHER CONSULTATION
Community and other consultation has not been undertaken as part of the preparation of this report.
Conclusion
Council is committed to building on the good work completed through the Business Transformation Program to implement improved governance, internal controls and compliance. Specifically, Council is:
a) Scoping, prioritising and resourcing strategic projects to complete further work on:
a. Governance
b. Asset management
c. Implementation of the procurement model
d. Implementation of the People and Culture Strategic Plan 2019-2021
b) Implementing the Good Governance Policy and Guide approved by Council on 25 February 2020
c) Maturing its Enterprise Risk Management Program working with risk owners to develop and review Risk Control Reports, and
d) Documenting an Internal Controls Framework.
Sonia Cooper
General Manager Corporate Services
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
8. Draft Unaudited 2019-2020 Annual Financial Statements
Doc ID No: A6413051
ITEM: 8
SUBJECT: Draft Unaudited 2019-2020 Annual Financial Statements
AUTHOR: Principal Financial Accountant
DATE: 10 August 2020
Executive Summary
This is a report concerning the draft unaudited 2019-2020 Annual Financial Statements.
Recommendation/s
That the draft unaudited 2019-2020 Annual Financial Statements as detailed in Attachment 1 to the report be received and noted .
RELATED PARTIES
There are no conflicts of interest declared by Council Officers in relation to the matters addressed in this report.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
Section 212 of the Local Government Regulation 2012 states “Auditing of financial statements by auditor-general:
(1) A local government’s general purpose financial statement and current-year financial sustainability statement for a financial year must be given to the auditor-general for auditing.
(2) Also, a local government’s long-term financial sustainability statement for the financial year must be given to the auditor-general for information.
(3) The financial statements mentioned in subsections (1) and (2) must be given to the auditor-general by a date agreed between the chief executive officer and the auditor-general.
(4) The date agreed under subsection (3) must allow the audit of the financial statements, and the auditor-general’s audit report about the statements, to be completed no later than 4 months after the end of the financial year to which the statements relate”.
Section 211 (1) of the Local Government Regulation 2012 states that “The audit committee of a local government must-
(a) meet at least twice each financial year; and
(b) review each of the following matters-
(iii) a draft of the local government’s financial statements for the preceding financial year before the statements are certified and given to the auditor-general under section 212”
The draft unaudited 2019-2020 Annual Financial Statements are detailed in Attachment 1.
SIGNIFICANT ITEMS:
Asset Revaluation
Revaluations were conducted on land, buildings, other structures and detention basins assets during 2019-2020 by Cardno (QLD) Pty Ltd. The impact of the comprehensive revaluation resulted in an increase of $84.8 million to the property, plant and equipment and asset revaluation surplus. Refer to note 13.
Revaluation results summarised in the table below.
Asset Class
Increase/(Decrease)
% Movement
Fair Value Measureable
Land
$23.7m
12.6%
Level 2 – Observable Inputs
Buildings
$15.4m
11.9%
Level 3 – Unobservable Inputs
Other Structures
$44.3m
30.1%
Level 3 – Unobservable Inputs
Detention Basins
$16.7m
100%
Level 3 – Unobservable Inputs
Total
$84.8m
A desktop valuation of Council’s roads, bridges and footpath, and flooding and drainage assets class was performed by Cardno (QLD) Pty Ltd which resulted in a 1.29% and 0.64% increase respectively. Council assessed the increase as immaterial and did not apply the index. A desktop valuation for artworks was performed by Ross Searle and Associates which resulted in a 1.2% increase of Council’s artworks, Council assessed this as immaterial and did not apply the index.
Changes in Accounting Policies
Council adopted AASB 15 Revenue from Contracts with Customers, AASB 1058 Income of Not For Profit Entities and AASB 16 Leases using the modified retrospective (cumulative catch-up) method and therefore the comparative information for the year ended 30 June 2019 has not been restated. The impact of adopting AASB 15, AASB 1058 and AASB 16 resulted in a $4.7 million adjustment to the retained earnings at 1 July 2019. AASB 15 and AASB 1058 requires recognition of revenue based on when a performance obligations is satisfied. As at 30 June 2020, contract assets of $263,000 (refer to note 14) were recognised for revenue where the performance obligation had already been satisfied. While contract liabilities of $571,000 (refer to note 14) and unearned revenue for rates paid in advance of $4.2 million (refer to note 19) were recognised as liabilities until the performance obligation is satisfied. AASB 16 requires former operating leases to be brought onto the balance sheet. As at the 30 June 2020 right of use assets of $5.2 million and lease liabilities of $4.6 million (refer to note 15) were recognised.
Investment Property
In accordance with AASB 140 Investment Property, Council engaged Cardno (QLD) Pty Ltd to value investment properties located in the Ipswich central business district resulting in a decrease of $2.3 million which was recognised in the Statement of Comprehensive Income. Refer to note 12. Cardno valued the land component of investment properties based on site values per sqm while the 2 Bell Street Ipswich tower building value was based on the sales range of the site area and current licence fee for tenancies in the tower. Other buildings and structures located on the retail sites have been assessed as commercial obsolete.
Impairment of Capital Works in Progress
Council assessed assets including capital works in progress (CAPEX) for impairment. Council identified CAPEX relating to the reconstruction of the Commercial Hotel (5 Union Place Mall, Ipswich) was impaired by $1.5 million. Refer to note 13.
Financial Impacts from COVID-19 Pandemic
Disclosure note 33 details the significant financial impacts from the COVID-19 Pandemic. Included in the note are details about waived revenue, rates relief and the impact on asset valuations.
Consolidated Statements
2019-2020 financials for the controlled entities of Ipswich City Properties Pty Ltd, Ipswich City Enterprises Pty Ltd and Ipswich City Enterprises Investments Pty Ltd were consolidated with Council financials. Although the financial results were immaterial with only a collective net loss of $344 and equity of $456,000, the comparative reporting period reported material financial results. It is expected that 2019-2020 will be the last year of consolidation because controlled entities are expected to be immaterial in 2020-2021 due to the controlled entities being wound up and deregistered.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
Australian Accounting Standards
RISK MANAGEMENT IMPLICATIONS
There are no significant risks associated with this report. The presentation of the draft unaudited financial statements to the Audit and Risk Management Committee is a required and important step in the annual audit process and in compliance with the Local Government Act 2009 , Local Government Regulation 2012 and Australian Accounting Standards.
Financial/RESOURCE IMPLICATIONS
There are no direct financial or resource implications associated with this report.
COMMUNITY and OTHER CONSULTATION
No community consultation has been undertaken in relation to this report. Information has been gathered from across a wide cross section of the organisation to assist in the compilation of the draft unaudited 2019-2020 Annual Financial Statements.
Conclusion
That the draft unaudited 2019-2020 Annual Financial Statements as detailed in Attachment 1 to the report be received and noted.
Attachments and Confidential Background Papers
CONFIDENTIAL
1.
Draft Unaudited 2019-2020 Annual Financial Statements
Barbara Watson
Principal Financial Accountant
I concur with the recommendations contained in this report.
Jeffrey Keech
Manager, Finance
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Bell Street · Union Place · Ipswich
9. 2019-2020 Lost and Stolen Items Report
Doc ID No: A6369724
ITEM: 9
SUBJECT: 2019-2020 Lost and Stolen Items Report
AUTHOR: Financial Accountant
DATE: 20 July 2020
Executive Summary
This is a report concerning assets/items reported to the Finance Branch as suspected of being stolen during the financial year end 30 June 2020.
Recommendation/s
That the report be received and the contents noted.
RELATED PARTIES
There are no related parties
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
Section 307A of the Local Government Regulation 2012 ( the Regulation ) and Council Procedure FCS-41 require that, where assets and other items are reported to the Finance Branch as being stolen, the following process is to occur. This section also requires that if Council becomes aware that the property is missing and not suspected to have been stolen, then the CEO is required to keep records of the loss where the loss is at least $1,000.
Further, where a loss is considered to be a reportable loss, the Regulation requires that written confirmation of any incident is to be provided to the Minister, Auditor-General and the Officer-in-Charge of the nearest Police Station and where appropriate the Crime and Corruption Commission. A report is also to be furnished to Council’s Audit Committee.
The following report covers the period 1 July 2019 to 30 June 2020. The report is provided for the information of the Audit and Risk Management Committee.
Asset Description
Oracle Asset ID
Date of Incident / Discovery
Date Reported to Police
Police Crime Report No
COST
Written Down Value
Stihl Brushcutter
P1095982
9/01/2020
10/01/2020
QP3082138
$672
-
Laptop, Laptop Bag and Access
Networked Asset
15/05/2019
10/03/2020
QP2000495327
$1,571
-
Corporate Laptop - Rohan Dowdy
Networked Asset
29/04/2020
1/05/2020
QP2000896509
$1,500
approx
$1,000
approx
Corporate Laptop - Nick Burke
Networked Asset
29/04/2020
1/05/2020
QP2000896509
$1,500
approx
$1,000
approx
Circumstances of the Loss:
Crime Report Number QP3082138
When Council crew arrived at work location, they noticed that someone had used a grinder to cut through the brushcutter holding box and took the brushcutter. The incident was then reported to the Queensland Police Service (Police).
Crime Report Number QP2000495327
It was found while processing a termination of employment for an employee who had been absent from work for a long period, that they had not returned their laptop. Numerous requests had been made for the return of the asset however they were not actioned by the employee. The employee subsequently claimed that the laptop had been stolen from their possession and reported to the Police. Council has also reported the incident to the Police. Refer to attachment 2.
Crime Report Number QP2000896509
Two laptops assigned to two employees were stolen from the Civic Centre. One was set up to support a meeting and the laptop was missing when the meeting commenced. Another employee noticed that his laptop was missing when he went to take it home. Safe City found supporting footage to imply the laptops were stolen. A Police report was lodged. Refer to attachment 1.
It is noted that one of these laptops has been subsequently recovered by the Police and returned to Council.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
Local Government Regulation 2012
Australian Accounting Standards
Council Procedure FCS-41
RISK MANAGEMENT IMPLICATIONS
The risk of portable and attractive items being stolen is always reasonably high therefore all Council officers need to ensure reasonable security of these items at all times. Finance also coordinates an annual stocktake of items to ensure the possession and existence of smaller plant and equipment.
Financial/RESOURCE IMPLICATIONS
The financial implications and loss to Council is the equivalent of the value of the items stolen. Council is also in most cases required to replace these items.
COMMUNITY and OTHER CONSULTATION
No community consultation has occurred in relation to this report. The finance team have liaised with the relevant sections who have reported the stolen items.
Conclusion
In accordance with the relevant procedure, the Police were informed of the above instances.
Attachments and Confidential Background Papers
CONFIDENTIAL
1.
Stolen Laptops - Civic Centre
2.
Stolen Laptop - PRS
Dhurga Balasingam
Financial Accountant
I concur with the recommendations contained in this report.
Jeffrey Keech
Manager, Finance
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
10. Report on Complaints Management, Information Privacy and Right to Information Compliance
Doc ID No: A6410463
ITEM: 10
SUBJECT: Report on Complaints Management, Information Privacy and Right to Information Compliance
AUTHOR: Integrity and Complaints Manager
DATE: 7 August 2020
Executive Summary
This is a report concerning performance in relation to Council’s legislative compliance in the management of complaints, Right to Information and Information Privacy for the period
1 April 2020 to 30 June 2020 (the Quarter).
Recommendation/s
That the report on complaints management and Information Privacy and Right to Information compliance for the period 1 April 2020 to 30 June 2020 be received and the contents noted.
RELATED PARTIES
There are no conflicts of interest identified and declared in relation to the contents of this report.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
To inform the Audit and Risk Management Committee on the performance of the complaints management, infringement review management, Right to Information and Information Privacy compliance functions for the April to June 2020 quarter.
Complaints management
This quarter saw a notable decrease in complaints received compared to the previous quarter from 211 to 128 overall. A table setting out the number of complaints of each type is set out in the Addendum to this Report.
The drop in complaint numbers is likely indicative of the COVID-19 Pandemic restrictions that were in place at that time, creating a reduction in the delivery of some Council services.
Complaint numbers will continue to be monitored as the objective of an effective complaints management system (CMS) is to drive a reduction in complaints numbers. This reduction occurs when an organisation is made aware of “failings” through captured complaints data and that data is utilised as a driver to implement changes to improve service delivery.
Reporting in the complaints space will evolve with the introduction of the use of the Insights Function of Council’s CRM database used for complaints management, Objective. Work is currently underway with a business analyst in the Coordination and Performance Department to create new reports to the business. Council will move towards including handling times in reports as a measure to improve processes in the complaints management section.
Average handling time of complaint matters for this quarter sits at 6.8 business days which is well below the agreed timeframes of 20 business days. It will be expected that this number will fluctuate based on a variance in the complexity of matters received. Achieving handling times below agreed timeframes can lend itself to a “quantity versus quality” culture with complaint handlers. Quality assurance checks are undertaken on a percentage of matters handled (5 matters per week) to ensure that the error rate in matters remains low.
The continued low numbers of requested reviews (2.34 % of all matters handled) are indicative of the efficacy of the responses being provided by the CMU to customers, with this quarter demonstrating a customer satisfaction rate of 97.66% rate on matters handled in that quarter. Further supported by no matters escalated to a stage 3 internal in Quarter 4.
Quality assurance monitoring of different processing stages will be continue to be undertaken to ensure the efficacy of the CMU remains and that robust processes continue to be used effectively in complaints management.
Management of Infringement Reviews
According to the data extracted from Council’s Crystal report, Planning and Regulatory Services (PRS) issued the least number of infringements in April 2020 (173) and issued the highest in June 2020 (633).
The decrease in numbers during the April/May period was due to the COVID-19 Pandemic and restrictions imposed by the Commonwealth and State Government seeing a reduction in activity by Council compliance officers. This also resulted in a decrease of review requests that were received.
The significant increase in infringements issued in June was a direct result of ANPR vehicles and compliance officers resuming ordinary activity.
Further detail on the types of infringements is set out in the addendum below
Management of Right to Information and Information Privacy Applications
All RTI/IP Applications were processed in accordance with legislative requirements, Council Policy and Procedures. The below tables provide details of the management of all RTI/IP Applications for the reporting period.
Three of the RTI Applications received within this reporting period were pending, awaiting for application fees to be paid to make them a compliant Application.
One external third party consultation was received and one administrative release enquiry was actioned accordingly.
Moving forward work will be undertaken with the Performance Management team to develop more robust reporting on applications and data will be utilised to inform Council on improvements to its Publication Scheme.
The efficacy of Application handling is evidenced by no internal or external reviews being undertaken on Applications received in this quarter.
Update on Business Transformation Project TP#6 Complaints Management Framework
The Project was formally closed in May 2020 by the Business Transformation Program Steering Committee. Any remaining deliverables have been transitioned to either business as usual activities or further strategic projects. All but two key deliverables are 100% delivered (Key Deliverables 1 and 2 are 90% implemented)
Follow-up by the Information Commissioner to their 2017-18 Audit Report on Ipswich City Council’s management of Right to Information and Information Privacy
On 16 June 2020 the Office of the Information Commissioner (OIC) advised Council that the follow-up report on Council’s implementation of recommendations made in their 2017-18 audit of Council’s management of Right to Information and Information Privacy was completed.
The report was tabled in the Queensland Parliament on 17 June 2020 and the Council response to the follow up Audit is included as an appendix.
Of the Audit's twelve (12) recommendations the OIC assessed that:
· six (6) of the recommendations have been fully implemented
· two (2) of the recommendations have been partially implemented (Recommendations 2 and 6)
· three (3) recommendations as in progress (Recommendations 1,3 and 11)
· one (1) of the recommendations as having limited progress . (Recommendation 8)
Council’s response set out additional action that has been taken both within the audit period, since the audit period and future planned work. A copy of Council’s response is included as an Attachment to this report. The full report is attached as Attachment 3.
Legal/Policy Basis
The following table outlines the relevant legislation and the administrative functions and services provided by the Branch:
RISK MANAGEMENT IMPLICATIONS
The greatest risk to the organisation is the lack of awareness by staff of their responsibilities under Council’s Complaint Management Framework, the Public Records Act 2002 , and RTI and IP Acts. All outside staff have attended Public Records Act, RTI Act and IP Act Training delivered by the TP#6 Project Lead. Internal staff have undertaken Office of the Information Commissioner RTI and IP Training and Queensland State Archives Records Challenge Training online via E-Hub. Training in Records, RTI and IP Act obligations and responsibilities is now a component of induction training and will be incorporated into annual refresher training for all staff.
Financial/RESOURCE IMPLICATIONS
There are no financial/resource implications.
COMMUNITY and OTHER CONSULTATION
This report did not require community engagement.
Conclusion
The Governance Section has performed its responsibilities and obligations in relation to maintaining Council’s compliance with the Local Government Act 2009, Local Government Regulation 2012, Right to Information Act 2009 and Information Privacy Act 2009 for the previous Quarter.
Attachments and Confidenti
Mentions: Ipswich
11. Minutes from the ICT Steering Committees from April to June 2020
Doc ID No: A6306396
ITEM: 11
SUBJECT: Minutes from the ICT Steering Committees from April to June 2020
AUTHOR: Executive Support and Research Officer
DATE: 18 June 2020
Executive Summary
This is a report concerning the minutes from the ICT Steering Committee (ICTSC) meetings held between April and June 2020.
Recommendation/s
That the Audit and Risk Management Committee (ARMC) note the minutes from the Information and Communication Technologies Steering Committee (ICTSC) meetings held between April and June 2020.
RELATED PARTIES
There were no declarations of conflict of interests from members of the ICTSC in relation to the minutes of the ICTSC meetings.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
It was agreed that the minutes of the ICTSC meetings would be presented to ELT to be approved to be presented to the next available ARMC.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
RISK MANAGEMENT IMPLICATIONS
There are no risk implications in relation to this report.
Financial/RESOURCE IMPLICATIONS
There are no financial/resource implications in relation to this report.
COMMUNITY and OTHER CONSULTATION
The members of the ICTSC were provided the minutes of each meeting for their review at the subsequent meeting.
Conclusion
It is requested that the ARMC note the minutes and actions from the ICTSC meetings as listed in attachments 1-3.
Attachments and Confidential Background Papers
1.
ICTSC Minutes from 29 April 2020 ⇩
2.
ICTSC Minutes from 27 May 2020 ⇩
3.
ICTSC Minutes from 24 June 2020 ⇩
Erin Smith
Executive Support and Research Officer
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 11 / Attachment 1.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 11 / Attachment 2.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 11 / Attachment 3.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
12. Update on Ipswich CBD Redevelopment Project
Doc ID No: A6413427
ITEM: 12
SUBJECT: Update on Ipswich CBD Redevelopment Project
AUTHOR: General Manager - Coordination and Performance
DATE: 10 August 2020
Executive Summary
This is a report concerning the risk management for the Ipswich Central Redevelopment project. At a high level, the construction is progressing well with practical completion achieved for the new library and civic space. The administration building is progressing ahead of schedule and on budget.
The retail components of the project continue to pose a significant risk for Council which is compounded by the current economic impacts of COVID-19.
Recommendation
That the report be received and the contents noted.
RELATED PARTIES
Ranbury Management Services
Ranbury Property Services
Advance Ipswich Theme
Managing growth and delivering key infrastructure
Purpose of Report/Background
The purpose of this report is to provide the Audit and Risk Management Committee with an update on the progress of the Ipswich Central Redevelopment project.
The construction aspect of the project is progressing well. The Library and Civic Space reached practical completion in August 2020. The fit out of the Library will now commence with an anticipated opening in late October or early November. The civic space has also reached practical completion with an opening date to coincide with the opening of the new library.
A topping out ceremony was held for the administration building which is progressing ahead of schedule. Anticipated practical completion for the administration building is June / July 2021.
From a financial perspective the project continues to track on budget. At this time, it is anticipated that the contingency fund will be approximately $4 million underspent, however this may change as the project progresses through final construction and into the furniture, fixings and equipment stage.
Negotiations are continuing with a cinema operator as the key anchor tenant for the entertainment venue. Securing a lease with this tenant is a condition precedent to the awarding of the contract variation for Hutchinson Builders to commence construction on the retail assets. The negotiations are progressing well and are expected to be finalised in August 2020.
The economic climate in the retail sector created as a result of the Covid-19 pandemic continues to pose a significant risk to the commercial aspects of the development. From a leasing perspective, tenants are now seeking additional incentives in negotiation and this has the potential to impact the leasing budget as we secure more tenants. The project team will continue to monitor this and report through to the Ipswich Central Redevelopment Committee.
Significant work is also being conducted to develop the operating model and budget for the retail precinct. Mr James Hepburn, Chair of the Retail-Sub Project Steering Committee is leading this aspect of the project. This is a critical component for the post-construction phase of the Ipswich Central Redevelopment and is critical to understanding the true value of the retail components of the project. Gaining this understanding will enable to Council to be fully informed in terms of its decisions regarding the management and potential divestment of these assets.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
RISK MANAGEMENT IMPLICATIONS
The budget and timeframes for the construction aspect of the project are progressing in accordance with the adopted budget and published schedule. The risks associated with the construction aspect are being managed effectively as evidenced by the construction being on time and on budget.
The risks created by the COVID-19 in the retail sector continue to be significant. There is uncertainty in the market as to what the future will hold, however the project team remain confident that we will secure tenants for the precinct. We are currently aiming for a September 2021 opening for the retail assets which we hope will provide time for the pandemic restrictions and concerns to ease. The project team is cognisant of the risks created by the pandemic and will continue to monitor, review and mitigate to the extent possible.
Financial/RESOURCE IMPLICATIONS
The project is currently meeting the budget approved by Council.
COMMUNITY and OTHER CONSULTATION
There has not been any consultation conducted in relation to this report.
Conclusion
The construction of the civic projects for the Ipswich Central Redevelopment are progressing well.
The most significant risk associated with the project continues to be the leasing of the retail assets which is further complicated by the economic conditions created by the pandemic.
Sean Madigan
General Manager - Coordination and Performance
I concur with the recommendations contained in this report.
Sean Madigan
General Manager - Coordination and Performance
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
13. ICT Platform Project - Update
Doc ID No: A6408427
ITEM: 13
SUBJECT: ICT Platform Project - Update
AUTHOR: Program Manager (Business Improvement)
DATE: 6 August 2020
Executive Summary
This is a report concerning the status of the Information and Communication Technologies (ICT) Platform Project to implement a significantly improved technology platform for Ipswich City Council.
Recommendation/s
That the report concerning the status of the Information and Communication Technologies (ICT) Platform Project to implement a significantly improved technology platform for Ipswich City Council be received and the contents noted.
RELATED PARTIES
There was no declaration of conflicts of interest.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
The purpose of this report is to provide an update on the progress of the ICT Platform Project as well as a copy of the project risk register for the information of the Committee.
In the time since the last update to this Committee (20 May 2020), significant progress has been made by the Project Team on the delivery of Stage 1 (Discovery) of the project. These include:
· Preliminary Findings
A detailed preliminary findings report and accompanying summary presentation (attached) was presented to and accepted by the ICT Steering Committee on 27 May 2020. A number of due diligence and research activities were conducted by the project team which resulted in the identification of 3 potential solution options to be considered in more detail in the project business case, along with the key considerations that must be taken into account when assessing and evaluating the various solution options. These activities included:
· Examining reports on outcomes and learning from similar projects undertaken by other local government authorities across Australia
· Interviews and meetings with representatives from other councils who have undertaken or are undertaking similar projects
· Reviewing outcomes and learnings from other projects undertaken by ICC
· Researching examples of good governance structures utilised for significant business change projects
· Leveraging and enhancing the good governance and business change approach introduced by the Business Transformation Program
· Consideration of the application of the Best Practice Guide from recent QAO report to Parliament (Effectiveness of the State Penalties Enforcement Registry ICT Reform) to this project
The most important learning from both past ICC projects and projects being undertaken by other councils, is the fact that this is not an ICT project, but is a significant organisational transformation and therefore the effort required for change management is substantial. The following points will be critical to the success of the project:
· Dedicated and expert change management resources must be allocated to the project for its duration
Mitigation: This has been partially mitigated through the current allocation of an internal change resource, supported by the People and Culture Branch.
· Senior leaders must not only participate in the change but must also lead it, in order to increase its effectiveness and drive results within the organisation
Mitigation: A change strategy has been developed and approved for the project, which incorporates the adoption of PROSCI methodology.
· Change management is a continuous activity – it is a significant component of the actual project implementation but must also be continuous post implementation if Council is to realise true value from the solution implemented
Mitigation: Ensure the change strategy for the project clearly reflects the requirement for ongoing change management.
· Establishment of a Project Advisory Group
Taking into consideration the fact that this is an organisational transformation project, it is important that early business ownership is established. The project team has established a Project Advisory Group consisting of 2-3 representatives from each department across Council. The group will act as an Advisory Group for an initial 6 months after which it will move into a Working Group. A robust Terms of Reference has been established to support this group.
The group has commenced meeting fortnightly with one of the first tasks assigned to member being to come up with a new project name that better reflects the intent of what we are trying to achieve (i.e. organisational transformation, not an IT project).
· Understanding Required Project Outcomes & Development of Business Case
During the course of delivering Stage 1 of the project, the project team has presented a number of reports to the ICT Steering Committee outlining various options and approaches available for proceeding with the development of the project business case.
A challenge for the team has been ensuring that there is clear consensus and understanding amongst members of the ICT Steering Committee as to why Council is undertaking the Platform Project and what we see as the key organisational outcomes we want to achieve.
As a consequence of discussions arising from the submission of these reports, and in an attempt to address the ‘why’ of undertaking the project, it was agreed that a workshop be held with the members of the ICT Steering Committee. The purpose of the workshop was to clarify the implications of, and add a level of confidence to, any decisions required in order for the project to progress with the development of the business case.
The workshop was held on 30 July 2020 with the following key outcomes being achieved:
· Clear agreement on the reasons for ‘why’ we are embarking on this project
· Project business case
o Agreement on the solution options to be explored in the business case
o Decision to proceed with a two-step approach to the delivery of the project business case:
1. Preliminary Business Case
2. Detailed Business Case
o Agreement on the utilisation of the services of a Business Partner to assist with the development of the project business case. One of the advantages of engaging a business partner, will be the mitigation of some of the extreme project risks around:
§ Understanding current state & pain points
§ Defining target state
§ Identifying business benefits
§ Capturing project implementation issues & costs
§ Providing access to necessary skills & experience to mitigate gaps in internal knowledge & capability, and to identify likely issues needing to be addressed
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Local Government Act 2009
RISK MANAGEMENT IMPLICATIONS
As this report is for information only, there are no risks associated with the recommendation. However, high level initial risks have been identified in accordance with the ICC Project Risk Management Manual and are attached to this report.
Financial/RESOURCE IMPLICATIONS
As this report is for information only, there are no financial/resource implications of the recommendation.
COMMUNITY and OTHER CONSULTATION
For Stage 1, consultation has been undertaken with:
· CEO
· General Manager, Corporate Services (Project Sponsor)
· ICT Steering Committee members
· Members of the ICT Management Team
· Chief Audit Executive
· Members of the Project Advisory Group
It is intended that a full stakeholder impact assessment will be undertaken as part of the change management activities for the project.
Conclusion
The next step for the Platform Project is to develop the preliminary business case. In keeping in line with the decision made by the ICT Steering Committee to engage a business partner to assist with this, the project team is working to develop a detailed specification for the engagement along with a supporting strategy for the related procurement activity. Both will be presented to the ICT Steering Committee for approval to proceed.
Attachments and Confidential Background Papers
1.
Stage 1 - Summary of Preliminary Findings ⇩
2.
Project Risk Register - July 2020 ⇩
Anna Payne
Program Manager (Busin
Mentions: Ipswich
14. People and Culture update - progress of the implementation of the People and Culture Strategic Plan 2019 - 2021
Doc ID No: A6410470
ITEM: 14
SUBJECT: People and Culture update - progress of the implementation of the People and Culture Strategic Plan 2019 - 2021
AUTHOR: Business Operations and Employee Relations Manager
DATE: 7 August 2020
Executive Summary
This is a report concerning progress in the implementation of the People and Culture Strategic Plan 2019-2021.
Recommendation/s
That the progress in the implementation of the People and Culture Strategic Plan 2019-2021 be noted by the Audit and Risk Management Committee.
RELATED PARTIES
People and Culture Branch
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
- The People and Culture Branch is committed to the implementation of the People and Culture Strategic Plan 2019-2021 in addition to business as usual activities across all teams.
- Progress updates are now in place for all activities with some items moved in priority based on Executive Leadership Team feedback and resource availability. The majority of actions are on track for delivery
- The attached presentation, is the six (6) month review of the implementation activities against the P&C Strategic Plan.
- In addition, the People and Culture Branch is delivering through the development of new Administrative Directives and Procedures for key employee matters.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Not Applicable
RISK MANAGEMENT IMPLICATIONS
The People and Culture Branch leadership and key team members are committed to the implementation of this Strategic Plan. However, the volume of workplace relations matters, the management of requests for organisational change and the need for training and general service reviews impacts on the resource availability to meet the requirements.
Financial/RESOURCE IMPLICATIONS
All projects are able to be funded through the 2020-2021 People and Culture Branch budget
COMMUNITY and OTHER CONSULTATION
The strategic plan and implementation actions have been shared with the Executive Leadership Team with regular monthly updates in relation to the progress of initiatives.
Conclusion
The implementation of the plan is an excellent performance target for the Branch. Key milestones have been achieved by the Organisational Development Section and the Workplace Safety and Wellbeing Section in regard to development of training programs and development of new procedures for the workplace. The feedback from the leadership team in regard to the support of People and Culture Business Partners across a range of HR matters remains highly positive and the team is enjoying the welcome approach from all levels of the organisation.
Attachments and Confidential Background Papers
1.
People and Culture ARMC update ⇩
Nick Sheehan
Business Operations and Employee Relations Manager
I concur with the recommendations contained in this report.
Paula Perry
Manager, People and Culture
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 14 / Attachment 1.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
15. Protecting the personal information of our customers and employees
Doc ID No: A6399234
ITEM: 15
SUBJECT: Protecting the personal information of our customers and employees
AUTHOR: Governance Manager
DATE: 3 August 2020
Executive Summary
This is a report to the Audit and Risk Management Committee providing information on how Ipswich City Council protects the personal information of customers and employees in accordance with the Information Privacy Act 2009 .
Recommendation/s
That the report to the Audit and Risk Management Committee providing information on how Ipswich City Council protects the personal information of customers and employees in accordance with the Information Privacy Act 2009 be noted.
RELATED PARTIES
Not applicable.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
The purpose of this report is to inform the Audit and Risk Management Committee on how Council protects the personal information of customers and employees. It is noted here that information in relation to the security of data contained on Council’s network is not included in this report.
The report will discuss Council’s obligations, under the Information Privacy Act 2009 (IP Act), in relation to personal information and proposed initiatives to increase Council’s personal information culture, capabilities and practices in accordance with the areas outlined below:
1. Information Privacy Act 2009
1.1 What is Personal Information?
1.2 The Rights of Individuals under the IP Act
1.3 Council’s Privacy Protection Obligations under the IP Act
2. How does Council protect personal information?
2.1 Information Privacy Policy and Procedure
2.2 Staff Training and Awareness Campaign
2.3 Privacy Breach Management and Notification
3. Proposed initiatives to improve Council’s personal information culture, capabilities and practices
3.1 Develop a Privacy Strategy
3.2 Inclusion of appropriately skilled privacy representation on Council’s Data Governance and advisory Group and ICT Steering Committee
3.3 Develop a Council-centric Information Privacy training program, “Manager Tool Kit” and communication plan
3.4 Inclusion of Privacy Impact Assessments (PIA) in council’s project management methodology
3.5 Gap analysis of Policies, Procedures and Work Instructions
1. Information Privacy Act 2009
The IP Act provides for the protection of personal information collected and held by Queensland Government agencies (which includes local governments) and provides rules for what these agencies must and may do with personal information.
1.1 What is personal information?
The IP Act defines personal information as:
“ information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
1.2 The Rights of Individuals under the IP Act
The IP Act provides individuals with the following rights:
· the right to expect agencies to meet their privacy obligations and protect the personal information of individuals, and to make a complaint to the agency if they do not;
· the right to make a privacy complaint to the Information Commissioner where the individual believes an agency has failed to comply with their privacy obligations and the individual believes the agency has not addressed their initial complaint;
· if mediation is unsuccessful or the Information Commissioner does not believe that resolution of the complaint can be achieved through mediation then the complainant must be given written notice reflecting this decision. The complainant then has the right to ask the Information Commissioner to refer the privacy complaint to be heard by the Queensland Civil and Administrative Tribunal (QCAT);
· the right, for a complainant or respondent to a privacy complaint, to request a written and certified record of a mediated agreement resolving a privacy complaint;
· the right, for a complainant or respondent to a privacy complaint, to file a copy of a certified agreement with QCAT.
1.3 Council’s privacy protection obligations under the IP Act
The IP Act imposes the following privacy protection obligations on Council:
· complying with Information Privacy Principles;
· only transferring personal information outside of Australia in compliance with section 33 (refer Attachment 1) of the IP Act;
· taking the necessary steps to have contracted service providers adhere to the privacy principles where required by section 35 of the IP Act (refer Attachment 1);
· dealing with privacy complaints by individuals in a timely and responsive manner;
· complying with any compliance notice issued by the Information Commissioner;
· complying with the conditions of any public interest approval issued by the Information Commissioner under section 157 of the IP Act (refer Attachment 1).
2. How does Council protect personal information?
Council has adopted policies to ensure compliance with the IP Act. Procedures and work Instructions are also available to staff, along with training in the obligations under the IP Act. Staff are able to access these resources on Council’s intranet for employees, The WIRE.
Council’s external website has been designed in accordance with the Office of Information Commissioner Guidelines to ensure external parties can easily access information such as:
· Council Policies
· Local Laws
· Works and Projects
· Online Services
· Privacy Statement
· Right to Information
· Lodging a Right to Information (RTI) and IP Application
· Amending Personal Information
· Publication Scheme
Council’s Privacy Statement and Information Digest are accessible on Council’s home page. The Privacy Statement (refer Attachment 2) explains:
· Council’s commitment to respect the privacy and personal information held by Council;
· defines Personal Information
· how Council will collect and use personal information
· the conditions (as per the IP Act) under which Council is allowed to disclose personal information
· how Council stores personal information
· accessing your personal information
· how to lodge a complaint about how Council has handled an individual’s personal information.
Council’s Personal Information Digest (refer Attachment 3) summarises in general terms, the kind of information held by Council, and how this information is managed. It assists individuals in finding out what kinds of information Council holds about them, why this information is held, how this information is held and how this information is managed by the agency.
2.1 Information Privacy Policy and Procedure
Council’s Information Privacy Policy (refer Attachment 4) applies to all personal information collected, used and stored by Council in every aspect of its operations and performance. The Policy states all elected representatives and Council officers, regardless of their employment status, (full time, part time, casual, contract or volunteer) are bound by the Principles of the IP Act.
In accordance with the Policy, Councillors and staff must no t:
· divulge the personal information of a customer or staff member to third parties outside of Council, for their independent use unless the person to which the information relates has authorised, in writing, for Council to do so, or the disclosure is required or allowed by law.
· make available in the public forum the personal information without the express written permission of the customer and other individuals detailed in any correspondence or collected in any way.
Council’s Information Privacy Procedure (refer Attachment 5) outlines how Council will improve processes relating to public access to personal information, whilst protecting individual privacy and other public interest issues. The Procedure assists councillors and staff to protect the privacy of individuals by taking reasonable steps to ensure that the collection, use, handling, disclosure and disposal of an individual’s personal information complies with relevant legi
Mentions: Ipswich
16. Conflicts of Interest for Employees
Doc ID No: A6411030
ITEM: 16
SUBJECT: Conflicts of Interest for Employees
AUTHOR: Governance Manager
DATE: 7 August 2020
Executive Summary
This is a report concerning Council’s Conflicts of Interest for Employees framework.
Recommendation/s
That the report be received and the contents noted.
RELATED PARTIES
There are no conflicts of interest related to this report.
Advance Ipswich Theme
Listening, leading and financial management
Purpose of Report/Background
Both the Business Transformation Program and an internal audit of Council’s approach to managing conflicts of interest identified a need for the development of an overarching framework relating to employee conflicts of interest, including a policy and procedure.
Under the Public Sector Ethics Act 1994, conflicts of interest are required to be resolved in the public interest. This requirement has been embedded into Council’s Employee Code of Conduct, and within 16 Council policies and procedures. However, there was no overarching policy that provided a clear statement about managing employee conflicts of interest or the impact on their roles and responsibilities.
The need to address conflicts of interest was recognised as part of the Business Transformation Program (BTP), and incorporated into the Risk Management Project but was not finalised prior to the closure of the BTP. A significant amount of work was undertaken to draft a conflicts of interest policy, however the policy was not finalised prior to the closure of the Business Transformation Program.
Leveraging from the research and work of the BTP Project, a framework, policy and associated components that make up an overall framework for conflicts of interest for employees has now been completed.
The principles that underpin the conflicts of interest for employees framework are included in the Public Sector Ethics Act 1994 and the Local Government Act 2009 including:
· Ensuring decision-making is carried out in the public interest;
· Good governance of and by the local government; and
· Integrity and impartiality.
Council’s framework for managing conflicts of interest for employees includes:
· A ‘Conflicts of Interest for Employees’ policy, which outlines:
- a clear direction for employees with regard to conflicts of interest
- a clear direction on how the organisation will manage conflicts of interest for employees
- roles and responsibilities
· A supporting procedure
· An online form for staff to disclose and update conflicts of interest
· A centralised register of conflicts of interest for employees maintained by Governance Section
· A communication plan to ensure effective messaging for employees.
The components of the framework are compatible with Human Rights Act 2019 requirements and obligations.
The Conflicts of Interest for Employees Policy (refer Attachment 1) was adopted by Council on 28 July 2020.
Next Steps
In accordance with Council’s Policy and Procedure Guide that all policies should have a supporting procedure; a draft Conflicts of Interest for Employees – Identifying, Disclosing, Managing and Monitoring Procedure (refer Attachment 2) has been prepared and is in the final stage of approval by the General Manager, Corporate Services.
An organisation-wide communications and training plan has been prepared to ensure staff are aware of their responsibilities, new policy, procedure and online form – with a view to have communications ‘go live’ by end of August 2020.
Governance Section is currently liaising with the various departments responsible for the identified 16 policies and procedures that need to be reviewed and amended to align with the new policy and procedure. It is anticipated this work will be completed prior to the ‘go live’ date of the communication plan.
Opportunities to continue to increase maturity within the organisation with regard to conflicts of interest are being supported, with conflicts of interest included in the scope of the Strategic Maturity of Governance Project. This new project addresses a number of outstanding, however important, governance related outcomes still to be finalised following the closure of the Business Transformation Program.
Legal/Policy Basis
This report and its recommendations are consistent with the following legislative provisions:
Public Sector Ethics Act 1994
Local Government Act 2009
RISK MANAGEMENT IMPLICATIONS
Conflicts of interest pose a potential reputational and corruption risk to Council. Council’s ‘Conflict of Interest’ framework with supporting policy and procedure places Council and its employees in a strong position to be being able to identify, manage and monitor actual, potential and perceived conflicts of interest.
Financial/RESOURCE IMPLICATIONS
There are minimal financial implications associated with embedding the framework into the organisation, any costs will be absorbed internally through existing resourcing.
COMMUNITY and OTHER CONSULTATION
The Conflicts of Interest for Employees Policy and supporting draft Procedure have been reviewed internally by key stakeholders from the following areas within Council:
· Corporate Services: Procurement, Risk Management, Corporate Governance, People and Culture, Finance, Legal Services;
· Coordination and Performance: Internal Audit, Performance, Business Transformation Program Risk Management Team members;
· Planning and Regulatory Services;
· Infrastructure and Environment; and
· Community, Cultural and Economic Development.
Feedback received internally has been incorporated into the policy and associated components of the overall framework for conflicts of interest for employees.
Conclusion
Conflicts of interest are required to be resolved in the public interest. Council now has in place an overarching framework, supported by a policy and procedure for the management of conflicts of interest for employees, which ensures Council has the appropriate level of rigour around the management of conflicts of interest for employees.
Attachments and Confidential Background Papers
1.
Conflicts of Interest for Employees Policy ⇩
2.
Draft Conflicts of Interest Employees - Identifying, Disclosing, Managing and Maintaining ⇩
Angela Harms
Governance Manager
I concur with the recommendations contained in this report.
Tony Dunleavy
Manager Legal and Governance (General Counsel)
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 16 / Attachment 1.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 16 / Attachment 2.
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
17. ICT Branch Governance and Controls Framework
Doc ID No: A6373841
ITEM: 17
SUBJECT: ICT Branch Governance and Controls Framework
AUTHOR: ICT Strategy, Enterprise Architecture and Governance Manager
DATE: 21 July 2020
Executive Summary
This is a report concerning the status and focus areas for development in the Information and Communication Technologies (ICT) governance controls framework.
Recommendation/s
That the Audit and Risk Management Committee note the key elements of the Information and Communication Technologies governance controls framework and the ongoing focus areas for improvement.
PURPOSE OF REPORT/BACKGROUND
ARMC has requested an update on ICT governance, focussing on:
· IT infrastructure and operations (including personal computing, cloud applications and any outsourced IT)
· Security of Data and Software (including access and cyber security)
· System development
· IT Governance
Overview of ICT Asset Portfolio
Figure 1 (larger version at Attachment 1) provides an overview of Council’s business applications and technology portfolio. Key aspects of the portfolio to note are:
· 284 different technologies/applications/modules have been identified:
o 93 enterprise applications/modules
o 106 line-of-business applications/modules
o 62 technology and infrastructure components (eg network, servers or storage related)
o 23 different applications in the standard desktop/laptop build (eg Microsoft Word or Adobe PDF reader)
· Of these 284 items, 102 have been identified as critical (Tier 1) to ongoing Council operations.
· There are approximately 220 individual servers, and ~250 terabytes of data storage in the major datacentre (Polaris). The majority of these servers, and all data/databases are backed-up to an off-site facility.
· Council network and infrastructure are protected via a mature suite of technologies (firewalls, proxies, anti-virus, intrusion detection etc). ARMC are advised that while market leading security solutions are in place there have been ongoing issues with the quality of security services and outcomes by the outsourced service provider (DXC Technology). ICT Branch is managing a project to migrate services to a new outsourced provider (Telstra) and expect to complete this migration before 30 November 2020.
· There are +50 systems (subject to further classification and analysis) that may be classified as a ‘ Recordkeeping Systems ’ as per current policy definitions.
· 49 systems have been identified that contain (subject to further classification and analysis) Personally Identifiable Information (PII) . For clarity, most legislative obligations for managing ICT systems and data are directly related to systems that manage PII.
· 105 applications or services are hosted, either partially or fully, ‘in the cloud’.
· The corporate network currently spans to 37 discrete sites (buildings, depots, libraries etc) across the greater Ipswich Council region.
· There are currently 1100 laptops/PCs across the network with full remote access available to all laptops.
Figure 1 : Council ICT Infrastructure and Systems Overview
Overview of ICT Governance and Controls Framework
The ICT Strategy 2019-2024 developed as a key outcome of Business Transformation Project #x identified a number of critical gaps in ICT governance and related controls and two initiatives were framed in the roadmap to address these gaps:
· ICT Steering Committee (ITGOV01)
· Rebuild ICT Governance & Controls Function (ITGOV02)
Figure 2 (larger version at Attachment 2) provides an overview of the governance and controls framework ICT Branch is developing in response to the needs outlined in the ICT Strategy. This framework addresses the full spectrum of ICT Branch functions and considers strategic, tactical and operational perspectives.
Figure 2 : ICT Governance and Controls Framework Overview
Figure 3 (larger version at Attachment 3) summarises the main features, current state observations and improvement opportunities for each of the 8 elements of the ICT Governance and Controls Framework.
Figure 3 : ICT Governance Framework – Key Observations and Opportunities
In considering and developing the larger suite of ICT controls, ICT Branch is leveraging an open/industry standard framework (CObIT). This framework provides a robust and established suite of 210 ‘practices’ against which ICT functions can frame, evaluate and develop internal controls. Figure 4 (larger version at Attachment 4) provides an overview of this framework and identifies 5 Critical , 7 High and 4 Medium ‘process families’ that are the focus of ongoing improvements within ICT Branch.
Figure 4 : ICT Controls Framework – Structure and Priority for Development
Attachment 5 provides a current-state report on the ongoing effort to review/update ICT Branch Directives and Procedures.
Overview of InfoSec Controls Framework
Attachment 6 provides an overview of the InfoSec Framework used by ICT Branch to plan for and coordinate end-to-end InfoSec capability alignment and development. The framework considers 75 individual capabilities across 5 categories. Current state assessment identifies and prioritises capabilities for development and currently reports 8 Critical and 25 High capabilities requiring uplift. All Critical and most High have active and funded remediation planned or effort underway. An extended view of the attached InfoSec Framework addresses full responsibility and accountability, including across key outsourced service providers, for InfoSec capability and outcomes.
Internal Audit has recently conducted an audit of Council’s “Cyber and Digital Security” capability. The final report has not been presented however a review of the draft findings reflects a strong correlation of capability and gaps as identified in the attached InfoSec Framework.
Attachments and Confidential Background Papers
1
Council ICT Infrastructure and Systems - Overview ⇩
2
ICT Governance and Controls Framework - Overview ⇩
3
ICT Governance Framework – Key Observations ⇩
4
ICT Controls Framework – Structure and Priority for Development ⇩
5
ICT Branch Directives and Procedures ⇩
6
Council InfoSec Controls Framework ⇩
7
Presentation to 19 Aug 2020 ARMC - IT General Control Framework ⇩
Rob Stower
ICT Strategy, Enterprise Architecture and Governance Manager
I concur with the recommendations contained in this report.
Sylvia Swalling
Chief Information Officer
I concur with the recommendations contained in this report.
Sonia Cooper
General Manager Corporate Services
“Together, we proudly enhance the quality of life for our community”
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 1
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 2
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 3
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 4
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 5
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 6
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Item 17 / Attachment 7
Audit and Risk Management Committee
Meeting Agenda
19 August
2020
Mentions: Ipswich
18. Transparency and Integrity Hub Implementation Report
Doc ID No: A6412242
ITEM: 18
SUBJECT: Transparency and Integrity Hub Implementation Report
AUTHOR: Chief Information Officer
DATE: 10 August 2020
Executive Summary
This is a report providing an update on the implementation of the Transparency and Integrity Hub (Hub) in line with Council’s resolution on 27 April 2020. The Hub was successfully implemented by Council on 1 July 2020. The direct cost of the implementation of the Hub with the contracted service delivery partner, Redman Solutions, was $189,687. An additional $57,800 was expended in order to undertake necessary due diligence in the implementation of the Hub, including the gathering of advice and the costs of an independent Privacy Impact Assessment (PIA).
Recommendation/s
That the Audit and Risk Management Committee receive and note the report on the implementation of the Transparency and Integrity Hub in line with Council’s resolution of 27 April 2020 and note that the Hub was successfully implemented on 1 July 2020.
RELATED PARTIES
There were no declarations of conflicts of interest by decision-makers in the course of implementation of the Transparency and Integrity Hub.
Advance Ipswich Theme
Listening, leading and financial management.
Purpose of Report/Background
Council resolved at its meeting on 27 April 2020 to enter a new era of transparency and integrity for Ipswich City Council through the implementation of a Transparency and Integrity Hub. Mayor Harding moved a Mayoral Minute detailing the following actions, that Council:
A. Establish and implement the Ipswich City Council Transparency and Integrity Hub, a digital portal that enables the publication of the financial data displayed as contemporary open data (intuitive, interactive, auditable and downloadable by selection) suitable for public consumption. The Transparency and Integrity Hub will enable the underpinning principles and Hub deliverables and will be launched by 1 July 2020.
a. Underpinning Principles
i. Adopt global best practice approach to open and transparent public sector financial management
ii. Demonstrate responsible and transparent governance and decision-making
iii. Enable data-driven decision making and rebuild public and stakeholder trust
b. Hub Deliverables
i. Publish as near to real-time financial data for Ipswich City Council in an open, transparent, interactive portal including, at minimum:
1. Previous five financial years financial data including detailed project income and expenditure financial data for major projects i.e. The Smart City Program
2. Council’s 2020-2021 Budget, once adopted
3. Quarterly financial reporting against the budget
c. Publish detailed income and expenditure financial data for all current and past Council beneficial (controlled) entities enabling comparison over the previous five financial years, including:
i. Ipswich City Developments Pty Ltd (deregistered) ABN 155 142 288
ii. Ipswich City Developments Pty Ltd (deregistered) (former name Ipswich City Developments Enterprises Pty Ltd) ABN 167 100 441
iii. Ipswich City Enterprises Pty Ltd ABN 095 487 086
iv. Ipswich City Enterprises Investments Pty Ltd ABN 127 862 515
v. Ipswich City Properties Pty Ltd (in Members Voluntary Liquidation) ABN 135 760 637
vi. Ipswich Motorsport Park Pty Ltd (deregistered) (former name Ipswich Motorsport Precinct Pty Ltd) ABN 611 160 902
d. Publish all contracts valued $200,000 or more (excluding GST) for a rolling period of five consecutive years. New data will continue to be published monthly (in accordance with the Local Government Regulation 2012) and the information published will be improved in alignment with best practice across Queensland and Australia. The new register will included:
i. Suppliers who tendered a response
ii. Person/company with whom Council has entered into the contract
iii. Contract number
iv. Commencement and end dates
v. Value of the contract (estimated/maximum value)
vi. Purpose of the contract / description of goods and service procured
vii. Approver / Council decision reference (i.e. link to published minutes)
e. Publish all Councillor related expenses, allowances and reimbursements for each month including contextual details of expenses incurred and purpose to enable benchmarking and comparison. Data will be published for the previous five financial years. Where travel costs have been absorbed by specific project costs, these should also be included.
B. Procure, through open tender, a suitable digital platform to enable the delivery of the Transparency and Integrity Hub, ensuring that the platform:
a. Is intuitive and user friendly, easy to maintain, secure and auditable;
b. Enables contemporary open data (intuitive, interactive, auditable and downloadable by selection);
c. Is best of breed software for the task for public sector transparency;
d. Creates efficiencies in financial data reporting;
e. Enables visualisation and context suitable for public consumption;
f. Allows data to be downloaded as CKAN Open Data;
g. Produces data in machine readable format; and
h. Directly integrates with Council systems and solutions for ease of use rapid adoption.
C. Bring forward a review of Council’s Open Data Policy to ensure alignment with best-practice approaches to publishing financial data.
D. Prepare a report to Council (and for public viewing) on the Smart City Program including detailed project financial data for the past five financial years and the community outcomes delivered.
This motion was carried and the implementation was achieved by a multi-disciplinary Council officer project team led by the Chief Information Officer, Chief Financial Officer and Manager, Procurement with oversight by a newly formed Data Governance Advisory Group and the General Manager, Corporate Services.
The Hub was implemented from 1 July 2020 in line with the resolution of the Council, with information published to the extent considered lawful at that time. The following tactical actions were undertaken to expedite the initiative:
A. Council officers moved to finalise the scope and specifications for an invitation to tender which was open to the market for three weeks from Monday 4 May to Monday 25 May 2020.
a. After an evaluation process, including presentations by shortlisted tenderers, a supplier was approved and awarded a service contract on 4 June 2020.
b. Redman Solutions, a Brisbane based company, in partnership with OpenGov, was the successful supplier awarded the service contract.
B. On and from 4 June 2020 implementation was advanced on an urgent basis using existing available resources and those of Redman Solutions in line with the committed budgetary allocation.
C. Concurrently, Council began further reviewing its policy and procedures to enable all data and information on the Hub to be published in accordance with best-practice privacy, procurement and open data principles.
a. Council’s Open Data Policy was urgently reviewed and submitted to Council for adoption at its ordinary meeting on 30 June 2020.
b. A Data Classification Standard was created and used to document the classification and treatment of datasets published to the Hub.
c. A Data Asset Register was created to document the data assets identified for publication.
d. A Decision Register was created to document actions taken and decisions made by accountable officers and consulted stakeholders.
e. A System Administrator is in place, audit trail functionality is operational and briefing and training of employees in the operation of the Hub has been completed.
f. Council’s process mapping application Promapp, is being used to create detailed process maps, workflow design and supporting work practices to ensure accountable, effective and efficient Hub administration.
D. Advice was sought, including the commissioning of an independent expert Privacy Impact Assessment. This Privacy Impact Assessment (PIA) from Ms Nicole Stephensen of Ground Up Consulting was received on 30 June 2020 and has in turn been published on the Hub
Mentions: Ipswich
Source: Ipswich City Council meeting agenda (CC BY 4.0).