Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings
Report to Wynn Williams
16 January 2024
Confidential and Legally Privileged
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
31 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Contents
Contents
1. Background and Introduction
2
2. Improvement Opportunities and Recommendations
4
3. Appendix A - Limitations
4. Appendix B – Priority and Ease of Fix Rating Scale
5. Appendix C – ECan Initiatives
Confidential and Legally Privileged
1
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
32 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Background and Introduction
1. Background and Introduction
Background and Introduction
Wynn Williams is the law firm acting for the Canterbury Regional Council (“ECan”) in respect of Project Allisson. Wynn
Williams instructed Deloitte to prepare two reports in relation to Project Allisson:
a.
A draft investigation report, “NZFOR01781 Project Allisson – Draft report to Wynn Williams”, provided to Wynn
Williams on 1 August 2023 summarised Deloitte’s factual findings with respect to the scope of our engagement
letter dated 27 March 2023 (“Draft Investigation Report”). That report is subject to its own limitations.
b.
This second report (“Report”) outlines the improvement opportunities identified during our investigation and the
associated recommendations. This Report is subject to its own limitations, and these have been included at
Appendix A.
Scope and Purpose of Report
The scope and purpose of this Report is to outline the improvement opportunities identified during our investigation and
to provide associated recommendations. Specifically, this Reportwill:
a.
Provide ECan with recommendations that are specific, actionable, align with good practice and benefit from
Deloitte’s experience;
b.
Maintain a focus on the recommendations that are considered to be a priority by Deloitte, while keeping in mind
the need for these to be practical for ECan to implement and/or progress. It is acknowledged that ECan is subject
to certain operational and resourcing limitations and needs, and that these, and potentially other external,
factors may impact the organisation’s ability to implement the recommendations set out in this Report or
require it to do so in a modified way;
c.
Highlight those recommendations that ECan can look to undertake efficiently in the short term and achieve the
largest impact, while recognising that some recommendations will be more complex and/or time consuming to
implement and/or progress. As such, a phased approach and/or road map for advancing/progressing these may be
deemed appropriate. Accordingly, improvement opportunities and recommendations have been given a priority
rating and an ‘ease of fix’ rating (i.e., simple, medium or complex). Refer to Appendix B for the Ease of Fix Rating
Scale.
d.
Reflect both a ‘top-down’ perspective with a focus on the organisation as a whole and consideration of a ‘bottom-
up’ approach, which will consider how detailed operational controls and processes function (noting that our
investigation was limited in scope and did not extend to, or make findings in relation to, ECan’s general practices,
processes, systems or the like); and
e.
Appreciate and recognise that there are several initiatives and improvements already completed and/or are in
progress at ECan, which are focused on the enhancement and streamlining of processes and procedures with a
view to promoting efficiency, transparency, and accountability. Such initiatives include:
• Fraud awareness e-learning training;
• Procurement e-learning training;
• Procurement roadshows;
• Simplifying financial delegations;
• Implementing a ‘Corporate Policy Framework’ (as part of the review of existing polices that is
currently taking place, and which is ongoing, as at the date of the Report); and
• Implementation of an independent reporting hotline, ‘Report ItNow’.
These initiatives are detailed at Appendix C and have been considered for the purposes of the improvement opportunities
and associated recommendations we have outlined in Section 2.
Limitations
The limitations in respect of this Report are set out in Appendix A. The limitations in Appendix A should be carefully
reviewed and understood by the readers of this report.
Confidential and Legally Privileged
2
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
33 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Background and Introduction
Summary of Improvement Opportunities and Recommendations
The improvement opportunities and recommendations for ECan to consider have been detailed at Section 2.
Below is a high-level summary of the improvement opportunities identified (categorised by the level of priority and the
corresponding ease of fix).
#
Potential Improvement Opportunity
Priority
Ease of Fix
1
Promoting a “Speak Up” culture
High
Medium
2
Understanding and enhancement of contract management
High
Medium
3
Education and communication of ECan’s operational frameworks
High
Medium
4
Review of employee and supplier/contractor data
Moderate
Simple
5
Appropriate due diligence of suppliers/contractors
Moderate
Simple
6
Other assurance activities – procurement of suppliers/contractors
Moderate
Simple
7
Enhance programme cost management and approval process
Low
Simple
Given the scope of the work we completed with respect to Project Allisson was limited to only one specific programme of
work, ECan could consider whether the potential improvement opportunities and recommendations provided may be
applicable in a broader organisational context.
We acknowledge that improving any aspect of the culture of an organisation is complex, requires significant effort and
takes time. While we have not made any specific recommendations relating to organisational culture as a whole, we
believe that consideration of the recommendations set out in Section 2 will assist ECan’s efforts to shift the cultural norms
in a material way.
Overall Management Comment
Overall, the recommendations made in this learnings report are consistent with the work that Environment Canterbury already
has underway/planned.
Confidential and Legally Privileged
3
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
34 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
2. Improvement Opportunities and
Recommendations
In this section we outline potential improvement opportunities and recommendations for ECan’s consideration based on
the work that was completed during our Investigation.
The potential improvement opportunities and recommendations are outlined in accordance with good practice and
Deloitte’s experience.
We suggest the recommendations are considered by ECan management based on their potential impact and
practicality, to determine if and when they are to be implemented.
Improvement Opportunities and Recommendations
1.
Promoting a “Speak Up” Culture
Priority
High
Ease of Fix
Medium
Improvement
We emphasise the importance of promoting and increasing the awareness and development of a “Speak
Opportunity
Up” culture. This plays a critical factor in all integrity and ethical matters, with employees raising
concerns being the most effective method of fraud detection. In our experience we see this ongoing
promotion as being most effective when it becomes a natural and expected element of the
organisation’s culture.
Embracing and reinforcing (on a regular basis) a culture where speaking up when something ‘doesn’t feel
quite right’ should be communicated from the top down and will provide employees with a clear
understanding of what behaviour is expected and tolerated, and that they work for an organisation
where any issues and/or concerns can be raised in a safe way. This should extend to providing
employees with encouragement to share concerns, even when they don’t have the ‘full story’.
The focus should be on promoting and embracing awareness, education, training, and guidance so all
ECan staff know how to confidently identify and escalate concerns straight away.
Recommendation(s)
ECan could consider the following to support in the promotion of a Speak Up Culture:
a.
Providing employees with regular fraud and corruption awareness training: The
purpose of this training would be to educate employees on:
• The fraud and corruption risks specific to ECan;
• The escalation and reporting options available to speak up andconfidentially escalate
any integrity related issues;
• What to expect from the organisation regarding protecting those that come forward from
negative impacts including retaliation; and
• What will happen after they share the information.
Confidential and Legally Privileged
4
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
35 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
b. Development of an ongoing fraud and corruption communication campaign:
The purpose of this campaign would be to set out the steps employees can take to prevent
and detect fraud and corruption incidents, as well as communicating ECan’s zero-tolerance
stance. This would stress the importance placed on anonymity and independence being
available with reporting options. It is important that this messaging comes from senior
leaders (consider having the CE lead this) to reinforce a culture of accountability and an
ethical tone at the top.
To understand how effective such a fraud and corruption communication campaign is, we
suggest measuring its impact via shifts in employees’ awareness levels, comfort around
reporting concerns and tracking the number of disclosures made over time.
Management Response
As part of the work on our overall policy framework an updated Fraud Policy has been
developed, approved, and shared with staff. This included the requirement for online
training to be completed. Opportunities to provide ongoing awareness of Fraud are
identified, such as the Fraud Awareness week.
The CFO, as the policy monitor, is responsible for ensuring that there is regular training and
communication in relation to our Fraud Policy. Other related activities, such as Cyber
Security awareness, whilst not directly the responsibility of the CFO, are also used to
promote fraud awareness.
We have also recently updated our Protected Disclosure policy (Policy Monitor is General
Counsel) and introduced an integrity hotline ‘ReportItNow’, providing the opportunity to
remind staff of the importance of raising any concerns and the various mechanisms by which
this can be done.
No specific further action is proposed at this time.
Action Owner(s)
CFO
Timeframe
N/A
Confidential and Legally Privileged
5
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
36 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
2.
Understanding and enhancement of contract management
Priority
High
Ease of Fix
Medium
Improvement Opportunity
We note the importance of increasing education and understanding the fundamentals of
contract management while also enhancing the processes of the contract management
function. This would support compliance, reduce risk and ultimately strengthen the
operating effectiveness of ECan’s contract management process.
Recommendation(s)
ECan could consider:
a. Providing training to those employees who are involved in the contract management
process.
This training might include:
• An overview of the contract management lifecycle;
• What employees’ roles and responsibilities specifically are with respect to the
process;
• Understanding the cross-functionality aspects of the process; and
• Expectations of how to adequately monitor performance of suppliers/contractors
with consideration being given to metrics/deliverables/communication of
progress/documentation.
b. Enhancement of the contract management function through:
• Confirmation of current population of contracts to increase visibility;
• Identifying contract owners/accountabilities;
• Removal of open-ended contracts (where appropriate);
• Taking a risk-based approach to identify significant contracts in place (such as dollar
value, level of public interest, use of external funding);
• Standardisation of templates and processes;
• Where appropriate, involve legal and/or procurement;
• Given the large volume of contracts (noting there are approximately 2,000) and the
significant combined value, consideration should be given (notably in the longer
term) implementing a centralised contract management system to support
effective contract management; and
• Recognising there may be some uncertainty in the levels of funding for programmes
of work, ECan could consider having a panel of pre-approved contractors in place.
This could be completed on a regular basis or as deemed appropriate to ensure
panels remain open, transparent and ultimately effective.
Confidential and Legally Privileged
6
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
37 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
Management Response
A new procurement policy has been developed, approved, and shared with staff. A
programme of procurement roadshows has been delivered. A number of improvements to
our procure to pay processes have been identified and work continues to implement these.
Improvements have also been made to our contracts register. The importance of improving
the management of high value / risk contracts and vendors has been recognised and work has
been started to develop and implement an appropriate framework and approach; this work
includes consideration of the specific recommendations made above. Work is also underway
to identify system needs to support this function; given the learnings from this report, and a
previously identified programme of continuous improvement.
No specific further action is proposed at this time.
Action Owner(s)
CFO
Timeframe
N/A
Confidential and Legally Privileged
7
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
38 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
3.
Education and communication of ECan’s operational frameworks
Priority
High
Ease of Fix
Medium
Improvement Opportunity
Increasing the awareness, understanding and communication of ECan’s corporate
framework will reduce the risk of key policies/procedures and processes not being
understood and/or followed.
Recommendation(s)
In line with good practice, we suggest ECan considers:
a. Ensuring corporate policies and operating procedures are in place and that these are
understandable/user friendly, regularly reviewed, updated, and communicated to all
staff to enhance levels of awareness, understanding and appreciation of these, and
how these work in practical terms, specifically in application to roles and functions.
Ongoing, practical scenario based education and communication of policies where
these are embedded into ‘business as usual’ practices will enhance employees’
appreciation and understanding around their obligations and responsibilities.
Management Response
A policy framework has been developed that clearly differentiates between policies
and procedural documentation. It identifies the roles and responsibilities of both
policy owner (Director), and policy monitor (Senior Manager) . It sets out a clear
policy lifecycle that includes the importance of communication and assurance.
No specific further action is proposed at this time.
Action Owner(s)
Manager Risk, Assurance, and Security
Timeframe
N/A
Confidential and Legally Privileged
8
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
39 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
4.
Review of employee and supplier/contractor data
Priority
Moderate
Ease of Fix
Simple
Improvement Opportunity
Reviewing employee and supplier/contractor data can assist in identifying exceptions,
undeclared conflicts of interest, unusual trends and red flags which may be indicative of non-
compliant and/or potential fraudulent behaviour.
Recommendation(s)
ECan could consider performing periodic reviews of its employee and supplier/contractor
data, via:
a. Review and compare Employee1 and Supplier/Contractor data
Reviewing and comparing specific employee and supplier/contractor data can assist in
detecting and identifying associations, connections and/or relationships that may exist
between employees and suppliers/contractors which may not have been known about
previously.
For example, where an ECan supplier/contractor may have the same home address
registered for their business as an existing employee, or share a common mobile number,
but these connections have not been declared (and therefore are unknown by ECan) by
either the employee or the supplier/contractor.
It is noted that Ecan should be mindful of, and will need to balance, any obligations that the
organisation may have, including under the Privacy Act 2020, in relation to the privacy of its
employees and any other persons to whom it owes obligations.
b. Review Supplier/Contractor Transactional data
Undertake periodic spot checks of supplier/contractor data. This may assist in the detection
of non-compliant or fraudulent behaviour and allow for the possible identification of
exceptions, unusual trends, and red flags.
ECan could consider completing reviews of supplier/contractor invoices which could include
the application of risk criteria to help target this effort. The following provide some
attributes which could be considered, and this review could be incorporated into ECan’s
current Business Assurance Programme:
• Review for low and/or consecutive invoice numbering;
• Review for large, rounded, or unusual invoice values; and
• Review vendor validity (address/email/phone number/IRD number).
Management Response
Work is underway to assess the feasibility of developing and implementing a programme of
‘continuous auditing’, and employer/ supplier data will form a key component of this.
Action Owner(s)
Manager Risk, Assurance, and Security
Timeframe
Subject to the availability of suitable tools and resources and the results of the feasibility
work the continuous auditing programme will be established at the start of the 2024/25
Financial year
1 Consideration given to other employee data sources that ECan holds, beyond employee master file data
Confidential and Legally Privileged
9
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
40 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
5.
Appropriate due diligence of suppliers/contractors
Priority
Moderate
Ease of Fix
Simple
Improvement Opportunity
Robust and rigorous due diligence processes helps mitigate the risk of fictitious and/or
inappropriate suppliers being onboarded.
Recommendation(s)
ECan should consider whether there are appropriate due diligence processes around the
onboarding of suppliers/contractors.
Using a risk based approach, due diligence activities that may be completed could comprise
the following (noting that some may already be completed by ECan):
• Completing companies office checks;
• Contacting referees;
• Media/internet searches;
• Performing credit checks;
• Identifying potential conflicts of interest
• Performing police checks; and
• Obtaining relevant insurance certificates.
Management Response
As part of the work underway to improve our overall approach to procurement and contract
management we are reviewing the supplier onboarding procedures to ensure they are fit for
purpose.
Action Owner(s)
CFO
Timeframe
End of June 2024
Confidential and Legally Privileged
10
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
41 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
6.
Other assurance activities – procurement of suppliers/contractors
Priority
Moderate
Ease of Fix
Simple
Improvement Opportunity
Completion of assurance activities relating to the engagement and procurement of new
suppliers/contractors may assist in providing insights to the extent that ECan employees are
adhering to procurement policies and processes.
Recommendation(s)
Assurance activities could incorporate a sample of new suppliers/contractors onboarded for
review to gain assurance around the appropriateness of the procurement process.
A risk-based approach in terms of the sample and/or frequency could be considered and
having regard to:
• Have the required procurement processes been followed in the context of the
Procurement Policy and Guide?
• Has best value of money been achieved by awarding contracts on a whole of life
basis?
• Does the procurement conform to ECan policies as well as its statutory obligations?
• Was the procurement decision justified, transparent, free from bias and
accountable?
• Has the appropriate approval to commit to expenditure been obtained?
• Have contracts been subject to the appropriate approval process in accordance with
ECan’s Financial Delegations?
• If ECan decides it will not go to market for goods or services then is this decision to
deviate from the standard process justified, documented, and approved?
For efficiency purposes, this could be completed/included by way of any Business Assurance
Programme currently already in place at ECan.
Management Response
The review of new suppliers will be considered and incorporated into the proposed
continuous auditing programme.
Action Owner(s)
Manager Risk, Assurance, and Security
Timeframe
Time Frame Subject to the availability of suitable tools and resources and the results of the
feasibility work the continuous auditing programme will be established during the 2024/25
Financial year.
Confidential and Legally Privileged
11
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
42 of 54
Attachment 9.2.2.3
Canterbury Regional Council
Project Allisson – Key Learnings | Improvement Opportunities and Recommendation
7.
Enhance programme cost management & approval process
Priority
Low
Ease of Fix
Simple
Improvement Opportunity
In alignment with good practice, enhancement of programme cost management and the
financial approval process will support and strengthen programme visibility.
Recommendation(s)
To support greater programme cost management and visibility, we suggest that ECan
consider:
a. Educate/communicate to suppliers/contractors a requirement to invoice for actual
work:
ECan could reiterate to its contractors/suppliers that they only invoice for actual work
completed in accordance with the terms of contracts. If invoiced amounts do vary to
purchase orders, then ECan and the contractors/suppliers can work together to
confirm/finalise any discrepancies.
b. Review existing financial approval process
As ‘Approval Plus’ only provides for up to 50 characters in the description of the work to be
included, an ECan approver signing off on the purchase order needs to be provided with
more context and background over what they are approving given they may have a lack of
visibility over projects.
We would also suggest that the 50 characters available in the description are entered based
a consistent guideline/standard. For example: PO Number / Contract Number / Programme /
Activity / Date
Consideration could also be given to ensuring approvers have the required understanding of
their role in the approval process which can be achieved through appropriate education and
training.
Management Response
Consideration will be given to reminding contractors and suppliers to only invoice for work
actually completed in accordance with the terms of the contract and provide regular
reminders of this to internal approvers at each stage of the approval process.
Work has been undertaken to improve the financial approval process, including the use of
templates to support high value approvals.
We are continuing to identify ways to improve the overall approval process, noting the
limitations of the current technology solution.
No Specific further action is proposed at this time.
Action Owner(s)
CFO
Timeframe
N/A
Confidential and Legally Privileged
12
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
43 of 54
Attachment 9.2.2.3
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global
network of member firms, and their related entities (collectively, the “Deloitte
organisation”). DTTL (also referred to as “Deloitte Global”) and each of its member firms
and related entities are legally separate and independent entities, which cannot obligate or
bind each other in respect of third parties. DTTL and each DTTL member firm and related
entity is liable only for its own acts and omissions, and not those of each other. DTTL does
not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL.
Members of Deloitte Asia Pacific Limited and their related entities, each of which is a
separate and independent legal entity, provide services from more than 100 cities across
the region, including Auckland, Bangkok, Beijing, Bengaluru, Hanoi, Hong Kong, Jakarta,
Kuala Lumpur, Manila, Melbourne, Mumbai, New Delhi, Osaka, Seoul, Shanghai, Singapore,
Sydney, Taipei and Tokyo.
Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial
advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands
of private companies. Our professionals deliver measurable and lasting results that help
reinforce public trust in capital markets, enable clients to transform and thrive, and lead the
way toward a stronger economy, a more equitable society and a sustainable world. Building
on its 175-plus year history, Deloitte spans more than 150 countries and territories. Learn
how Deloitte’s more than 345,000 people worldwide make an impact that matters at
www.deloitte.com.
Deloitte New Zealand brings together more than 1600 specialist professionals providing
audit, tax, technology and systems, strategy and performance improvement, risk
management, corporate finance, business recovery, forensic and accounting services. Our
people are based in Auckland, Hamilton, Rotorua, Wellington, Christchurch, Queenstown
and Dunedin, serving clients that range from New Zealand’s largest companies and public
sector organisations to smaller businesses with ambition to grow. For more information
about Deloitte in New Zealand, look to our website www.deloitte.co.nz.
This communication contains general information only, and none of Deloitte Touche
Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities
(collectively, the “Deloitte organisation”) is, by means of this communication, rendering
professional advice or services. Before making any decision or taking any action that may
affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the
accuracy or completeness of the information in this communication, and none of DTTL, its
member firms, related entities, employees or agents shall be liable or responsible for any
loss or damage whatsoever arising directly or indirectly in connection with any person
relying on this communication. DTTL and each of its member firms, and their related
entities, are legally separate and independent entities.
© 2023. Deloitte Limited (as trustee for the Deloitte Trading Trust)
Confidential and Legally Privileged
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
44 of 54
Attachment 9.2.2.3
Appendix A – Limitations
We note the following limitations in respect of this report:
This report was prepared to assist ECan, via its legal advisers, Wynn Williams, with recommendations and improvement
opportunities arising from during Deloitte’s investigation;
Deloitte accepts no liability whatsoever to any party who relies on our report and/or our work except to the extent set
out in our engagement letter and Master Terms of Business;
We are not qualified to provide legal advice. Legal advice should be sought on legal matters;
This report has been prepared based on the work completed as at the date of our Draft Report, being, 1 August 2023. We
assume no responsibility for updating this report for events and circumstances occurring after that date;
We reserve the right, but are under no obligation, to alter the findings reached in this report should information that is
relevant to our findings subsequently be identified;
Our recommendations and improvement opportunities are based only on the work completed during the course of the
investigation for the purpose of preparing the Draft Report;
For the purposes of preparing this report, reliance has been placed upon the material, representations, information and
instructions provided to us. Original documentation has not been seen (unless otherwise stated) and no audit or
examination of the validity of the documentation, representations, information and instructions provided has been
undertaken, except where it is expressly stated to have been;
Our work does not constitute an assurance engagement in accordance with New Zealand standards for assurance
engagements, nor does it represent any form of audit under New Zealand standards on auditing (International Standards
on Auditing (New Zealand)). Consequently, no assurance conclusion nor audit opinion is provided. We do not warrant
that our enquiries will identify or reveal any matter which an assurance engagement or audit might disclose; and
Deloitte is not responsible for ensuring any party’s compliance with the requirements of the Privacy Act 2020 or similar
requirements in other jurisdictions.
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
45 of 54
Attachment 9.2.2.3
Appendix B – Priority and Ease of
Fix Rating Scale
Priority Rating Scale
Each finding included in the report has been ranked on the basis of the risk we perceive the organisation to be exposed to.
Rating
Description
Issue represents a severe control weakness.
Very High
This could cause or is causing severe disruption to process/service, or severe adverse
effect on the ability to achieve objectives.
Issue represents a significant control weakness.
High
This could cause or is causing significant disruption to process/service, or significant
adverse effect on the ability to achieve objectives.
Issue represents a moderate control weakness.
This could cause or is causing some disruption to process/service.
Moderate
There may be a level of short-term tolerance due to compensating controls or
remedial plans underway.
Issue represents a minor control weakness.
Low
This could cause or is causing inefficiencies in process or is a lack of formality in
documentation or process.
Observation represents an identified opportunity to improve process/service
Process Improvement
efficiency.
Ease of Fix Rating Scale
Deloitte’s estimation of the effort required to fix the finding raised is based on our previous experiences with resolving similar
findings at similar organisations. This is intended as a guide only. You should undertake your own assessment to determine the
actual level of effort required.
Rating
Description
There is a simple fix for this finding, which may involve minor system changes that
require limited effort to implement or test, minor costs to resolve, or minor changes to
Simple
system design or business processes. Estimated timeframe for fix to be implemented is
within one to three months.
There is a moderately complex fix for this finding, which may involve some time to
develop, implement and test, some cost to resolve, or some changes to system design
Medium
or business processes. Estimated timeframe for fix to be implemented is within three
to 12 months.
Complex
The solution is complex and may involve substantial time to develop, implement and
test, substantial monetary cost to resolve, or substantial changes to system design or
business processes. Estimated timeframe for fix to be implemented is more than 12
months.
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
46 of 54
Attachment 9.2.2.3
Appendix C – ECan Initatives
The following ECan initiatives have been identified as being either completed and/or in flight at the time pf preparing this Report.
These are focused on the enhancement and streamlining of processes and procedures with a view to promoting efficiency,
transparency and ultimately accountability.
1. Fraud Awareness Training Overview: The is a compulsory Fraud awareness e-training programme which all staff must
complete. The training must be completed every 12 months.
2. Procurement 101 Training Overview: This is an optional e-training programme to provide an introduction to
procurement and how its managed at Environment Canterbury.
3. Procurement Road Show: The Procurement Team are engaging with many groups across the organisation to uplift the
awareness and importance of proper procurement processes. The team have met and presented with approximately 15
different areas of the organisation. Sessions are continuing.
4. Procurement Policy: The Procurement Policy was recently re-written and approved by the Chief Executive.
5. Delegated Authorities ELT Update: Financial Delegations were recently revised and simplified. The rationale and new
delegation information is included in the paper to the Executive Leadership Team.
6. Chief Executive Approval Template: This was recently established to ensure the correct checks, awareness and
approvals had been sought prior to a document being presented to the Chief Executive for signature.
7. Policy Schedule: ECan currently have 28 Corporate Policies and a number of Council Policies. Most are out of date.. The
Corporate Policy Framework has recently been implemented and following that, a review of ECan’s policies is taking
place. Some of ECan’s current policies have been identified as guidelines or procedures rather than policies and as such,
consolidation of some policies is also being considered.
8. DRAFT Corporate Policy Consolidation: This document is a raw draft (initial thinking) which is yet to have much internal
discussion. It highlights the areas where consolidation of policies could be possible, and the connections across a
number of them.
9. The “Report It Now” independent reporting hotline has recently been implemented, to encourage employees to make
disclosures in a confidential way.
Audit, Finance and Risk Committee 2024-02-21 Public Excluded
47 of 54
