AUDIT, RISK AND IMPROVEMENT

COMMITTEE AND

INTERNAL AUDIT

Annual Report 2020

ARIC and Internal Audit Annual Report 2

ARIC and Internal Audit Annual Report 3

About the report This annual report documents the operation and

activities of the Audit Risk & Improvement

Committee and the Internal Audit function for

Georges River Council for 2020.

Georges River Council’s Audit, Risk and

Improvement Committee (ARIC) provides Council

with independent assurance and assistance on

its compliance, risk management, financial

management, governance, audit, fraud control

and service delivery responsibilities.

From 1 January to 28 September 2020, there

were 3 independent members and 2 councillors

on the Committee. At the Extraordinary Council

meeting on the 28 September 2020, Council

resolved that councillor representation on ARIC

be discontinued. This decision aligns to the

proposed Office of Local Government changes

relating to Internal Audit expected in 2021.

From 28 September the ARIC comprises 3

independent members.

Purpose of this report The purpose of this report is tabled under

Clause 5.1 of the ARIC Charter which

requires that:

The Committee through the Chairperson

shall submit and present on an annual basis,

a formal report to Council outlining the

Committee’s major achievements, issues

identified and other relevant matters, to a

closed session of a Council meeting.

As the Committee’s achievements are

closely linked to the Internal Audit activities,

it is appropriate that both are recounted in

the same report.

ARIC and Internal Audit Annual Report 4

AUDIT, RISK AND IMPROVEMENT COMMITTEE

How the Committee fits in with the Community Strategic

Plan The Committee has been identified as a key element within Council’s Delivery Program and

Operational Plan under Pillar 6 - Leadership and Transparency. More specifically, the

Committee’s relationship with the Delivery Program has been captured under Goal 6.2 -

Open, informed and transparent decision-making supports the interests of the community with

the following strategies for 2019/20 and 2020/21:

The Committee is on target to achieve all these outcomes.

ARIC and Internal Audit Annual Report 5

Member Profiles Georges River Council’s ARIC has been established as an advisory committee of Council to

provide independent assurance. Members have varied qualifications and experience which

contribute to the effectiveness of the Committee.

Here is a snapshot of the members:

Councillors (on ARIC up to 28 September 2020)

Councillor Christina Wu

T 0400 241 851

E cwu@georgesriver.nsw.gov.au

Political Party: Liberal Party

First elected as a Councillor in 2012-2016, Cr Wu

runs an accounting firm with her husband and is

of Chinese and Korean background, speaking

both languages fluently. Cr Wu holds a Bachelor

of Law Degree, a Master of Commerce with a

Major in Accounting and Minor in Taxation Law

from Sydney University as well as a Master of

International Business from the University of

Wollongong.

Cr Wu has served on many Committees for the

previous Hurstville City Council and this

experience includes chairing both the

Multicultural and Community Safety Committee

as well as co-chairing the Lunar New Year

Committee. Cr Wu will continue to make the

Hurstville Ward a better place to live and work

and is committed to protecting our suburbs from

inappropriate overdevelopment and in assisting

small businesses by reducing red tape. She

wants to fix parking problems by introducing a

Georges River Council commuter parking master

plan and to upgrade the local hospital by working

closely with the NSW State Government on the

St George Hospital.

Councillor Warren Tegg

T 0427 671 666

E wtegg@georgesriver.nsw.gov.au

Political Party: Australian Labor Party

First elected to Georges River Council in

September 2017, Cr Tegg was born in and is a

current resident of Penshurst and works as the

Director of Policy at the Australian Manufacturing

Workers' Union, where he campaigns to protect

workers' rights. He has previously worked for the

Minister for Communications and the Shadow

Minister for Defence. Cr Tegg holds a Bachelor of

Science and a Bachelor of Arts at Sydney

University, and a Masters of Politics and Public

Policy at Macquarie University.

Cr Tegg is on the Community and Culture, and

Assets and Infrastructure Standing Committees

and the Audit, Risk and Improvement Committee

for Georges River Council. Cr Tegg wants to

ensure that Council looks after the basics

including roads, footpaths, parks and community

spaces. He also wants to make sure that Council

delivers new infrastructure that meets the needs

of all current and future residents. He plans to

address a range of important policy issues

affecting local residents, including rental housing

affordability, increased quality and green space in

new developments and proper governance at

Council.

ARIC and Internal Audit Annual Report 6

Independent Members

Left to Right - Mr Stephen Horne, Ms Elizabeth Gavey, Mr John Gordon (Chair)

John Gordon – Committee Chair

B.Comm.(hons.), FCA, CPA, AGIA, ACG, AIIA (Aust.),

MAICD, JP.

John was appointed to the Committee as Chair since

formation of the Committee in August 2016. He is an

assurance, risk and corporate governance specialist.

John had a career of over 30 years, 22 as an

Audit/Assurance Partner with PwC

(PricewaterhouseCoopers) and predecessor firms.

Clients covered a broad range of organisations

including listed public companies across most industry

sectors. Public Sector clients including Federal, State

and Local Governments comprised approximately 30

% of John’s portfolio. John served in the roles of

Hunter Region Managing Partner; NSW Local

Government Leader; National Staff Partner, and

National Risk Management Partner for the Resources,

Services and Government Division of PwC.

Since 2009, John works in governance and risk. He

has served with Audit & Risk Committees for over 20

ACT, NSW State and NSW Local Government

agencies as well as not-for-profit organisations. He is

a Board Member for South Western Sydney Local

Health District, chairs the Finance and Assets

Committee, is a member of the Audit & Risk

Committee and the Research & Teaching Committee.

John is chair or member of 13 Audit & Risk

Committees including 9 in NSW Local Government.

Stephen Horne-Committee Member

PFIIA-Aus., CIA, CGAP, CRMA, FGIA, GAICD, B Bus, Grad Cert Mgt Comm, Grad Cert Fraud Control, Cert Public Admin, MIPAA,

Stephen had a 38-year career in the NSW public

sector. His executive roles included Assistant

Auditor-General for NSW, looking after Performance

Audits, and Chief Executive of IAB, a Government

Trading Enterprise undertaking internal audits and

misconduct investigations for NSW State

Government and Local Government bodies.

In 2015 Stephen established Checks Balances &

Integrity, offering services as a professional Non-

Executive Director and a specialist adviser,

consultant and trainer in the fields of integrity and

culture, probity, fraud control, risk, governance and

internal audit.

Stephen serves as an independent member on a

number of Audit & Risk Committees for the

Commonwealth, NSW State, and Local Government

bodies in NSW and Victoria, and currently chairs five

(5) of these.

Elizabeth Gavey-Committee Member B Com (Economics) LLB GAICD

Elizabeth joined Georges River Council’s Audit Risk

and Improvement Committee as an independent

member when it was first constituted in August 2016.

She also serves on the Audit Risk and Improvement

Committees for 4 other Local Councils in New South

Wales and on the Audit and Risk Committee for the

NSW Electoral Commission.She has 30 years’ plus

experience gained in commercial law, investment

banking and the health sector and is an experienced

Company Director in the Not for Profit sector.

ARIC and Internal Audit Annual Report 7

How the Committee is

supported by Legislation The Committee has been operating in its

current format for 3 years. This was done to

pre-empt the new Local Government

(Planning and Governance) Amendment

Act 2016 Section 428A which mandates the

requirement for an Audit, Risk and

Improvement Committee and specifies their

responsibilities. The legislation was due to

take effect in March 2021 but has been

extended due to COVID-19, likely to be

March 2022.

Georges River Council took a proactive

position to implement the ARIC and its

operations earlier to support a sound

governance framework and to provide

greater assurance around Council’s

activities.

What the Committee is

tasked to do The Committee operates under the Audit,

Risk and Improvement Committee Charter

which reflects the guidelines provided by

the NSW Office of Local Government and

industry best practice. The Charter was

adopted by Council on 1 May 2017 and

includes the new legislative responsibilities.

The primary role of the Committee is

contained in the Charter:

The primary role of the Audit, Risk and

Improvement Committee of the Georges

River Council is to advise Council on Audit,

Governance, Risk Management and

Business Improvement related matters,

policy and strategies, within the

Committee’s capabilities and working to an

Audit Plan that encourages good

governance, External and Internal Audit,

and attention to Business Improvement,

also providing independent, objective

assurance about the effectiveness of

Council’s risk mitigation controls.

The Charter contains a number of

administrative requirements and also

prescribes the main responsibilities of the

Committee into broad categories:

Compliance

Risk Management

Fraud Control

Financial Management

Governance

Service Reviews

Implementation of the strategic plan,

delivery program and strategies

Collection of performance

measurement data

The Committee annually adopts a forward

responsibility meeting plan that ensures

coverage of these responsibility areas

over a twelve-month period. Committee

meeting agendas are divided into these

categories with specific topics under each.

Key achievements of the

Committee The Committee reviewed all

responsibility categories required by

the Charter over the course of the

year. This was facilitated by the

adoption of a Forward Responsibility

Calendar in 2019, which reflects the

requirements of the Charter and

Legislation, allocating the varying

responsibilities to nominated meetings

across a 12-month period to ensure

complete coverage.

Key achievements include:

On target with the risk-based Audit

Plan 2018-2021

Endorsement of a comprehensive

and risk-based Internal Audit

Program for 2020/21

Monitoring and review of Council’s

response to COVID-19 and the

ARIC and Internal Audit Annual Report 8

Economic & Social Recovery Plan

associated with it

Monitoring and review of the

Mayor and General Manager

delegations and decisions register

during the COVID-19 period

Recommendation to Council on

addressing the Long-Term

Financial Plan and sustainability

concerns

Review and updates on

combustible cladding compliance

and Council’s Fire Safety Protocol

Review and updates on Council’s

Cybersecurity regime and controls

Review of the Top 2 risks per

Division

Review of major projects and

whether the project risks are being

managed

Oversight of implementation of the

External Audit Management Letter

recommendations

Continued oversight of the

development of Risk

Management, Compliance and

Governance Frameworks within

the merged council arrangement

Continuation of pre-meeting

information briefing sessions to

gain greater insights and

understanding of Council

Early review of the Draft Financial

Statements for the year ended 30

June 2020 in September 2020 and

subsequent review of finalised

Financial Statements on 16

October 2020.

ARIC and Internal Audit Annual Report 9

Committee assessment of key responsibility areas for

2020 The Committee has assessed the key responsibility areas as follows:

Measures

Baseline

Compliance

Specific areas of compliance well established including

work health safety, financial reporting. Comprehensive

Council-wide compliance risk framework remains under

development.

Risk Management

ERM is under development and at an emergent level of

maturity, though continual improvement in maturity is

noted by ARIC. Commitment by management to a strong

risk culture is evident.

Fraud Control

This area needs to be re-visited in context of the AONSW

fraud risk assessment checklist.

Governance

Governance processes developing.

Financial Management

Management has largely overcome considerable issues

in merging two legacy council systems. Further

consolidation continues to achieve optimal systems.

Council is aware of its tight fiscal constraints with current

budget projections. The ARIC has commented on the

need for income growth, careful monitoring and prudence

in this area.

Strategic Plan, Delivery Program &

Strategies

Mature reporting of outcomes against plan objectives has

been received and noted by the ARIC.

Service Reviews

As above.

Performance Measurement Data

As above.

Overall

Council has worked diligently to address the challenges

from the amalgamation and in establishing sound

governance practices. The ARIC notes considerable

progress in development of robust governance systems

and expects there will be continued progress in 2020/21.

ARIC and Internal Audit Annual Report 10

Committee Dashboard

1. Participation in meetings during 2020

The Committee has four (4) scheduled normal meetings during the year and one special

meeting for the review and endorsement of the financial statements (19 October 2020).

Attendance to the date of this report is as follows (precludes the 21 December 2020

meeting):

Name

Role

Eligible

Attended

John Gordon Independent Chair 4 3

Elizabeth Gavey Independent 4 4

Stephen Horne Independent 4 4

Christina Wu Councillor 3 0

Warren Tegg Councillor 3 3

Non-Committee Regular Attendees

NSW Audit Office NSW Audit Office 4 2

Deloitte’s External Audit Contractor 4 2

Gail Connolly General Manager 5 3

Juliette Hall Chief Audit Executive 4 3

David Tuxford Director, Business & Corporate Services 4 2

Danielle Parker Chief Financial Officer 4 4

Popy Mourgelas Manager, Governance & Risk 3 3

Roxanne Thornton Executive Manager, Office of the General Manager

3 1

ARIC and Internal Audit Annual Report 11

2. ARIC Business Papers and Reports reviewed

Meeting Date Number of Papers/Reports

reviewed and discussed

Pre-Meeting

Information Sessions

23 March 2020

16 2

13 July 2020 13 1

21 September 2020

14 1

19 October 2020

Special Financial Statements “in-camera” meeting with external auditors

1 0

21 December 2020

13 scheduled 0 scheduled

3. Committee Actions Register

The Committee Actions Register includes items raised by ARIC members for action/re-submission. Number of actions raised - 17 Number of actions completed - 12 Number of actions due to next/future meeting - 5

ARIC and Internal Audit Annual Report 12

4. Internal Audit Reports & Recommendations considered

Audit Name No. of Recommendations ARIC Meeting Date

Enterprise Risk Management

5 23 March 2020

Time Management

24 23 March 2020

Fire Safety Processes & Compliance

49 23 March 2020

Credit Card Transactions

6 23 March 2020

Contract Management

15 13 July 2020

Section 356 (Financial Assistance)

22 13 July 2020

RMS DRIVES Annual Terms of Agreement Compliance Audit

7 21 September 2020

Procurement Services Review

3 21 September 2020

IT External Penetration Testing & Vulnerability

9 21 December 2020 (Proposed)

IT WIFI Penetration Testing & Vulnerability

3 21 December 2020 (Proposed)

Total Recommendations Reviewed

143

Other activities included:

Oversighting the governance, fraud control and risk management framework

Monitoring the status of audit recommendations

Monitoring the status of the 3-year Audit Plan and Annual Audit Program

Oversighting Councillors Expenses in accordance with the Councillors

Expenses Policy and reviewing comparative expenditure with other Councils.

Oversighting External Audit Management Letter and Engagement Plan

Revisiting prior audits for status updates

Reviewing IP&R results and reporting

Reviewing GIPA and Office of Local Government reporting statistics

Review of the Audit Risk & Improvement Committee Charter

In-camera meeting with the external auditors

Completion of annual declarations of interests by all Committee members.

ARIC and Internal Audit Annual Report 13

INTERNAL AUDIT

Internal Auditor

Council has a full-time qualified Chief Audit Executive (CAE), Juliette Hall, reporting

administratively to the General Manager and functionally to the Audit Risk & Improvement

Committee. The CAE is a member of the Institute of Internal Auditors and, by being so, is

required to comply with the International Standards for the Professional Practice of Internal

Auditing.

This position strives to support the Committee as well as performing other internal audit

functions included in an Internal Audit Charter. This includes developing and implementing the

3-year risk-based Audit Plan, carrying out/coordinating internal audits, providing related

consultancy advice and conducting related investigations.

The CAE has the facility to engage experienced contractors to undertake independent

selected reviews and internal audits.

ARIC and Internal Audit Annual Report 14

Internal Audit Plan During 2020, substantial progress was made on the 3-year 2018-2021 Audit Plan,

despite COVID-19 restrictions.

The following table indicates the 2020 Annual Audit Program status.

Audit Status

Credit Card Transactions (unscheduled) ARIC Report: 23 March 2020

Time Management ARIC Report: 23 March 2020

Fire Safety Processes & Compliance ARIC Report: 23 March 2020

Enterprise Risk Management ARIC Report: 23 March 2020

Contract Management ARIC Report: 13 July 2020

Section 356 (Financial Assistance) (originally

scheduled for 2021)

ARIC Report: 13 July 2020

Procurement Service Review (unscheduled) ARIC Report:21 September 2020

RMS DRIVES Terms of Agreement Annual

Compliance audit

ARIC Report:21 September 2020

IT External Penetration & Vulnerability Testing ARIC Report: 21 December 2020

IT WIFI Penetration & Vulnerability Testing ARIC Report: 21 December 2020

Cash Management Deferred to 2021 due to COVID-19

Payroll Controls Deferred to 2021 due to new system

implementation & COVID-19

ICAC Investigation Outcomes (Operation Dasha) ICAC Report not yet released

ARIC and Internal Audit Annual Report 15

Other audit activities

undertaken

The following other audit activities have been performed by the CAE during the period:

Development of a more efficient

and streamlined system for

recording and follow up of audit

recommendations

Review of Certification Service

processes

Provision of corporate advice on

various topics

Facilitation and investigative work

on behalf of the General Manager

Committee secretariat functions

Performance of duties as an

Executive Member of the Local

Government Internal Auditors

Network (LGIAN)

Coordinated responses to and

action required in relation to

recommendations relating to the

NSW Audit Office performance

audits and ICAC investigations

Complaint Coordinator and PID

officer functions

ARIC and Internal Audit Annual Report 16

NEXT YEAR

Proposed requirements affecting the Internal Audit

function and Audit Risk and Improvement

Committee.

The Office of Local Government (OLG)

issued “A new risk management and

internal audit framework for local

councils in NSW” Discussion Paper in

September 2019. Feedback for this

closed on 31 December 2019.

The CAE and Manager, Risk

Management and Governance provided

a briefing to Council on the proposed

changes in November 2019.

The Discussion Paper intended to

reflect the legislative changes made in

Local Government Act in 2016

specifically relating to Section 428A and

to provide more guidance around the

new legislation and greater onus on

councils to have a mandatory internal

audit function and Audit, Risk and

Improvement Committee with specific

conditions and requirements.

Georges River Council has already pre-

empted many of the likely requirements

and is in a good position to adjust to

others as required by the extended

2022 deadline.

In addition, the NSW Audit Office is

becoming more robust and targeted in

the conduct of its financial and

performance audits, since becoming the

external auditor for local government in

NSW in 2016.

In 2019, Georges River Council was

selected by the NSW Audit Office to be

included in their Procurement

performance audit review being

conducted across 6 (six) councils. This

audit is expected to be completed in

December 2020.

Council has worked cooperatively with

the NSW Audit Office with their

representative being a regular invitee to

all Committee meetings. It is anticipated

that this cooperative relationship will

continue in to the future. The NSW

Audit Office has advised Councils of

their areas of focus for both financial

audits and performance audits in 2020.

………………………………………………….

ARIC and Internal Audit Annual Report 17

Conclusion

The Internal Audit function has implemented a number of changes during the period

in preparation for the future requirements of the Office of Local Government and the

Audit Office of NSW. The function has also assisted the Audit Risk and Improvement

Committee in providing a more disciplined and robust approach to coverage of

responsibilities. The second year of the Internal Audit Plan 2018-2021 has been

completed and is on target albeit ambitious with COVID-19 impacts.

The ARIC has fulfilled its responsibilities under the Audit Risk & Improvement

Committee Charter for the period and has a plan to continue to do so, via the

adoption of the rolling forward responsibility calendar. The Committee has operated

cooperatively to provide feedback and assurance to management and Council.

I would like to take this opportunity to thank my fellow Committee members,

management and staff and the external audit team for their forthrightness and

cooperation in the operation and outcomes of the Committee during 2020.

John Gordon

Chair, Georges River Council

Audit, Risk and Improvement Committee

December 2020

ARIC and Internal Audit Annual Report 18