Audit & Risk Committee - June 2023

This document contains the draft minutes from a Cairngorms National Park Authority Audit and Risk Committee meeting on 24 March 2023. The meeting covered the approval of previous meeting minutes, action point updates, an internal audit review of data management (highlighting improvements needed in SharePoint implementation and policy updates), an internal audit progress report, the 2023/24 internal audit plan, an update on external audit plans, and a strategic risk management review. Discussions included staff turnover impacts, the transition to SharePoint, hybrid working arrangements, and the upcoming Heritage Horizon Programme. The committee made recommendations on each item, and scheduled the next meeting for 23 June 2023.

This document contains an internal audit report for the Cairngorms National Park Authority, covering payroll and expenses for 2022/23. The report, prepared by Azets, reviews the Park Authority's payroll and expenses procedures. Senior managers have reviewed the findings and accepted all recommendations for improvement. The Audit and Risk Committee is asked to consider the report and findings, and endorse the management's response and plans for future action. The full report and management responses are in an annex.

This document contains the Cairngorms National Park Authority's 2022/23 internal audit report on payroll and expenses. The audit found that while the Park Authority has good controls for accurate and timely payroll processing, there's a lack of separation of duties and unclear roles and responsibilities, increasing the risk of errors or fraud. The report makes several recommendations to improve clarity in policies and procedures, enhance data security, and strengthen controls around data changes and backups. Improvements are also needed in documentation and record-keeping for payroll and expenses. Overall, the report suggests that management should address these areas to better safeguard funds and maintain efficient operations.

This document contains an internal audit report follow-up for the Cairngorms National Park Authority (CNPA) for the year 2022/23. The report, prepared by Azets (the Park Authority's internal auditors), reviews management actions taken on previous audit recommendations. Azets found that progress has been made, with 18 of 46 actions resolved, although some still require evidence. Many actions remain, but recent staffing increases and the completion of other high-priority tasks should allow for progress in the next six months.

This document contains a Cairngorms National Park Authority internal audit report, covering the period from November 2022 to May 2023. It summarizes the progress made by management on implementing agreed actions from previous audit reports. The report shows that five actions were completed, seven are complete pending evidence, and twenty-eight remain open. Many of the open actions have passed their due dates, and the report recommends management prioritize completing these older, higher-risk items. Appendices provide details of action status by report, outstanding actions, and audit risk categorisations.

This document contains the Cairngorms National Park Authority's internal audit annual report for 2022/23. The report summarizes the findings of the internal audit work done by Azets, concluding that the Park Authority has a good system of governance, risk management, and controls. However, a significant number of older audit actions remain outstanding. The Audit and Risk Committee is asked to review the report and endorse the inclusion of the auditors' opinion in the Governance Statement. A separate report addresses the outstanding audit actions.

This document contains the Cairngorms National Park Authority's internal audit annual report for 2022/23. The report, completed by Azets in May 2023, gives a positive overall opinion on the Park Authority's internal controls, noting that they provide reasonable assurance regarding the efficient achievement of objectives. However, some older audit actions remain outstanding. The report details the audit work performed, highlighting key themes including payroll and expense controls, organisational planning and reporting, and data management. A quality assurance assessment showed that Azets' work generally conforms to professional standards.

This document contains a summary of a risk appetite workshop held on 26 May 2023 by the Cairngorms National Park Authority. Fourteen attendees, including the board and senior management, independently assessed risk appetite for different categories. The results, detailed in an annex, will help the Park Authority plan how to better manage risk. The Audit and Risk Committee is asked to review these findings and determine next steps.

This document contains the results of a risk appetite workshop held in June 2023 by the Cairngorms National Park Authority. Fourteen members of the board and senior management participated, independently assessing risk appetite across seven categories. The categories included environmental protection, economic development, and visitor management. Results showed a range of risk appetites, from "eager" to "cautious," depending on the specific area. The next steps include formal board approval of the proposed risk appetites, communication to staff, and integration into the organization's risk registers. Health and safety risks will be treated with an "averse" risk appetite.

This document contains an external audit strategy memorandum for the Cairngorms National Park Authority. It summarizes the external audit work done for the year ending 31 March 2023. The Audit and Risk Committee needs to approve the final audit plan and the audit fee, which is higher than last year due to increased rates across the sector. The plan, detailing the audit approach and key risk areas, is included as an annex.

This document contains an audit strategy memorandum for the Cairngorms National Park Authority for the year ending 31 March 2023. It details Mazars LLP's audit approach, highlighting key risks and the audit team. The memorandum covers the audit's scope, timeline, and planned testing strategies for significant risks like management override of controls and fraud. It also discusses Mazars' commitment to independence and explains the concepts of materiality and misstatements. Finally, it outlines key communication points with the Audit and Risk Committee throughout the audit process.

This document contains a draft Governance Statement for the Cairngorms National Park Authority's 2022/23 Annual Report and Accounts. The statement covers the Park Authority's responsibilities, including financial management and internal controls. It details the roles of the Board and its committees, the internal and external audit processes, risk management, and data security. The document is presented to the Audit and Risk Committee for review and approval before submission for external audit.

This document contains a strategic risk management review for the Cairngorms National Park Authority (CNPA). The CNPA's current strategic risk register is included as an annex. A new corporate plan (2023/24 to 2026/27) has been approved, and a risk appetite workshop was held. Because the format and content of the risk register will likely change, the current register's validity is limited. The Audit and Risk Committee is asked to review the register's coverage and suggest any needed changes.

This document contains the Cairngorms National Park Authority's Strategic Risk Register, dated 21 June 2023. It lists several risks, including financial constraints impacting resource allocation, challenges in securing future funding for community projects, and staff workload pressures from externally funded projects. The register also highlights risks related to IT systems, cyber security, and the Authority's reputation. For each risk, the document outlines mitigation strategies, comments on the current status, and shows a trend analysis from May and November 2022 and May 2023. The register aims to keep the number of strategic risks to around 15, and it notes that some risks are being managed effectively and may be removed from the register.

This document contains the minutes from the Cairngorms National Park Authority's Audit and Risk Committee meeting held online on 21 June 2024. The meeting covered several topics including the approval of previous meeting minutes, declarations of interest, the internal and external audit reports for 2023/24, a procurement action plan, a code of conduct update, and a review of risk registers. The committee discussed each report, made observations, and noted actions for follow-up, primarily relating to refining reports and improving procurement processes. The next meeting is scheduled for 27 September 2024.