INSIDE THIS ISSUE
COUNCIL PROBITY ADVISORS & AUDITORS
It’s easy to engage us! Centium is listed on LGP218 (Management Consulting & Internal Audit). This allows you to directly engage us based on a quote.
CYBER SECURITY
WILL YOU MAKE THE 31 AUGUST DEADLINE?
Councils process, store and transact a significant amount of “sensitive” data including personally identifiable information, commercially sensitive information and even identifiable health records. These records can be in all formats including electronic, hardcopy and in other forms, such as video. These records may be stored onsite on Council systems or hosted in the cloud. Irrespective of the format of the record, or where it’s stored, it could be susceptible to cyber risk.
Council cyber risk can increase when using innovative solutions such as “Internet of Things” (e.g. Internet connected devices such as sensors), SCADA/IACS systems (e.g. managing water or sewer facilities), community safety facilities (e.g. CCTV cameras), and Building Management Systems (e.g. access control systems, and fire systems).
Centium has had the pleasure of working with Councils for over three decades. Over that time, we’ve helped Councils to understand their current exposure and to apply practical, risk-considered mitigations.
Here are some of the ways we can help you:
Contact us to find out how Centium can help your Council to assess its cyber security exposure and improve its defences.
COUNCIL RECORDKEEPING
EFFICIENCY GAINS THROUGH GOOD RECORDKEEPING
Councils are obliged to comply with the State Records Act 1998 and the State Records Regulation 1999 including parts 2, 4 and 6 (records management, transfer of control and public access provisions) and parts 3 and 5 (disposal and estray provisions). Councils are also required to comply with General Authority GA39. These apply not just to Council staff, but to Councillors as well.
But apart from just the compliance aspect, good records management and associated workflows can help Councils gain efficiencies in their day to day operations.
Many Councils use distributed recordkeeping systems. They may have an official EDRMS (such as HP-RM/TRIM or Objective), but they also use other business systems to store records. These include things like email systems, property and rating systems, HR and finance systems, DA lodgment and tracking systems, asset management systems, payment systems, cadastral/GIS systems and more. If they are to be used as recordkeeping systems, they should include certain capabilities to ensure that records can be easily identified, secured, retrieved and sentenced, and that their integrity remains intact throughout their retention periods. They also need to offer various metadata capabilities, hence the reason why file servers can’t necessarily be considered official recordkeeping systems.
Don’t forget that social media records too can sometimes be considered official records. There are particular standards concerning the storage, retention and sentencing of social media records.
Centium has worked with many Councils over the decades and has helped in the following ways:
To find out more about how Centium can assist you meet your records management obligations and gain efficiencies, please contact a Centium Practice Lead for an informal chat.
COUNCIL PROBITY ADVISORS & AUDITORS
LEARNINGS FROM THE NSWAO ON THE MANGAGEMENT OF PROBITY ADVISORS
The NSW Audit Office assessed whether the state’s 40 largest procurers of probity services complied with the requirements of PBD 2013-05 “Engagement of Probity Advisers and Probity Auditors” and whether they ensured value for money from the use of probity practitioners.
The audit found that agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners. The audit also found that agencies do not have effective processes to ensure value for money.
Although this audit focused primarily on state government agencies, the report includes many learnings that can be applied by Councils too.
'PBD-2013-05 Engagement of probity advisers and probity auditors' sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets. One of the key messages it conveys is that agencies should not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent.
Within this context, the NSWAO assessed whether sampled agencies:
Audit Findings
In summary, the NSWAO found instances where each of the participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. They also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.
In the sample of engagements selected, they found instances where the participating agencies did not always:
They also found that agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners.
Like the NSW Audit Office, we encourage agencies and Councils to regularly cycle their probity advisors and auditors so as to avoid an actual or perceived independence issue. Centium has a very highly regarded team of probity advisors and auditors and we’d be very happy to chat with you about how we can assist with your probity needs. Our team members have held senior positions within some of NSW’s largest Councils and have decades of knowledge to share. To find out more, please contact our Director Ethical Conduct & Investigations, Roy Cottam.
FRAUD & CORRUPTION
ICAC REPORT ON CORRUPTION TRENDS ACROSS NSW
The ICAC released a report earlier this year covering modern factors that contribute to corruption and other serious forms of misconduct. It also highlights emerging trends, hotspots, case studies and notable practices that have been brought to the Commission’s attention.
The report provides a wealth of case studies, lessons learnt and better practice tips. It focusses on whole of government trends; incentives, cues and motivations; speaking up; conflicts of interest; undue influence on decision makers; HR matters; procurement and contract management; regulation and accreditation; as well as a section relating to non-government organisations. Whilst the report is state government focused, Councils can benefit from the learnings.
The full ICAC report can be found here:
Appendix 2 in particular is particularly useful as it sets out various systemic issue categories applying to:
The Victorian Auditor-General’s recently published audit report of VIC Councils’ fraud and corruption controls also provides some valuable learnings for NSW Councils. This audit primarily focused on expenditure and processes involving senior council staff and councillors and reviewed fraud and corruption controls and measures relating to: credit card and fuel card use; reimbursements; identifying and managing conflicts of interest; and responding to suspected incidents of fraud and corruption.
Centium has over three decades worth of practical experience helping Councils enhance their fraud and corruption prevention and detection controls. Our specialist Ethical Conduct & Investigations team members have held high profile operational positions including Heads of Governance & Risk, Certified Fraud Examiners, Certified Anti-Money Laundering Specialists, Principal Auditors and Chief Investigators at some of NSW’s largest Councils.
Some of the ways in which we have helped our Council clients improve fraud and corruption controls include:
To find out more, please contact our Director Ethical Conduct & Investigations, Roy Cottam
BUSINESS CONTINUITY
CAN YOU SLEEP AT NIGHT KNOWING THAT ALL WILL BE FINE?
Many NSW Councils already have elements of business continuity plans and associated IT recovery plans. These form part of overall organisational resilience and good risk management.
But how confident are you that your plans are up to date and that the right people know what to do? When was the last time your plan was updated and tested?
Centium has been assisting NSW Councils to enhance and test their business continuity plans, IT recovery plans and overall emergency response plans for decades. We apply practical learnings and better practices from having worked with nearly all Councils over time.
Here are some ways in which we’ve worked with our local government clients in the recent past:
Contact us to find out more about how we can help your Council with its business continuity and resilience efforts.
SAFETY CULTURE
YOU HAVE A WHS MANAGEMENT SYSTEM, BUT HOW MATURE IS YOUR SAFETY CULTURE?
Most NSW Councils have mature Work Health & Safety (WHS) Management Systems consisting of policies, procedures, Safe Work Method Statements and other elements.
While these are very important, WHS really takes a life of its own when accountability is given to staff and a safety culture is fostered. This approach not only reduces injuries but changes the attitude of staff to workplace safety.
Centium has developed a Safety Culture Methodology and Maturity Model to measure and enhancing safety culture across an agency. It includes nine broad behaviours, or culture actions, that we consider essential to the development of a positive safety culture: Leadership; Communication; Organisational goals and values; Supportive environment; Responsibility; Learning; Trust in people and systems; Resilience; and Engagement.
Click here to find out more about safety culture and how Centium can help measure and improve safety culture across your Council.
Centium has already helped various Councils to baseline their safety culture and to help implement practices to improve capability.
Here are some of the ways in which we can help you:
Contact us to find out more about how we can help your Council to measure and enhance its safety culture and WHS practices.
Our Clients
