Audit & Risk Committee - March 2019

This document contains a notice for a Cairngorms National Park Authority meeting. The Audit and Risk Committee will meet at 8.45 am on 8 March 2019, in the Dee and Spey Meeting Room at the Park Authority’s headquarters in Grantown on Spey. The meeting's agenda and papers will be available online a week beforehand. Anyone needing special arrangements should contact the Park Authority office in advance.

This document contains the agenda for the Cairngorms National Park Authority's Audit and Risk Committee meeting on 8 March 2019. The meeting, held in Grantown-on-Spey, included items such as welcoming attendees, reviewing previous meeting minutes, electing a vice-chair, and reviewing internal and external audits of strategic and financial planning. Discussions were also planned on the draft governance statement, workforce management risk, IT risk, and a complaints log. The next meeting's date and location were also to be confirmed.

This document contains an internal audit review of the Cairngorms National Park Authority's strategic planning. The review, conducted by BDO, assessed the design and implementation of the Authority's processes and controls. The report found these to be substantial and no improvements were recommended. The Audit and Risk Committee is asked to consider the findings and endorse the management's responses. The full audit report is attached.

This document contains the Cairngorms National Park Authority's November 2018 internal audit report on strategic planning. The audit found the strategic planning process and its controls to be well-designed and consistently applied, providing substantial assurance. The report reviewed the alignment of the Corporate Plan with the Partnership Plan, highlighting the need for clearer communication of progress towards targets. A key risk identified was potential conflicts between conservation goals and other aims, requiring careful consideration and monitoring by the Park Authority. The audit also noted the involvement of all staff in developing the plans and the clear communication of strategies, objectives and metrics.

This document contains an internal audit review of the Cairngorms National Park Authority's resource management and control systems, conducted by BDO. The audit found that the design and implementation of the Authority's resource planning arrangements were substantial, with no recommendations for improvements raised. The Audit and Risk Committee is asked to consider the findings and endorse the management's responses. A full report is attached.

This document contains an internal audit report on the Cairngorms National Park Authority's financial planning from December 2018. The audit found the Park Authority's financial planning process to be sound, using accurate information and a timely, well-consulted process. The budget is reviewed regularly, and scenario planning helps the Authority predict and prepare for various situations. While several risks were identified, none resulted in high or medium significance findings. The audit concludes that the controls in place are effective.

This document contains the 2018/19 Audit Plan for the Cairngorms National Park Authority. It outlines the key challenges and risks for the year's audit and details the work Grant Thornton, the external auditor, will undertake. The Audit and Risk Committee is asked to review the plan, consider Audit Scotland's plan, and approve the audit fee. Grant Thornton was appointed as the external auditor for five years in 2017 and their audit plan is included as an annex.

This document contains the Cairngorms National Park Authority's external audit plan for the financial year ending 31 March 2019. The plan outlines the audit's approach, which is risk-based and follows International Standards on Auditing and the Audit Scotland Code of Audit Practice. Key areas of focus include financial sustainability and governance, with attention paid to revenue and expenditure risks, including fraud. The audit will also consider the Authority's roles in various partnerships and projects, ensuring the recoverability of advance payments. The document details the audit timeline, deliverables, fees, and the responsibilities of both the Authority and the auditors. New accounting standards (IFRS 9 and IFRS 15) are also discussed, along with their potential impact on the Authority's financial reporting.

This document contains a draft governance statement for the Cairngorms National Park Authority's 2018/19 annual accounts. The Audit and Risk Committee is asked to approve this statement. The statement includes information on the park authority's governance structure, operations, risk management, and data security. The committee's role is to review the statement's accuracy based on their experience throughout the year before it is included in the final accounts.

This document contains a governance statement from the Cairngorms National Park Authority. It details the Accountable Officer's responsibilities for maintaining sound internal controls and safeguarding public funds, in accordance with the Scottish Public Finance Manual (SPFM). The Park Authority's Board and its sub-committees (Finance and Delivery, Staffing and Recruitment, Audit and Risk, and Planning) are responsible for governance and oversight. Regular meetings, internal and external audits, and risk management strategies are used to maintain effective operations and compliance. The Park Authority also works with other organizations on shared services, supporting local communities and organizations. Finally, the document concludes with a review of the internal control system's effectiveness and a summary of ongoing initiatives to enhance systems, including those relating to data security and risk management.

This document contains a review of the Cairngorms National Park Authority’s workforce management strategy. An internal audit highlighted some risks, including strained staff workload from extra projects, potentially affecting morale and productivity. The Audit and Risk Committee is asked to approve an updated workforce management strategy and add a new strategic risk to their register: the failure to effectively manage staffing numbers long-term could reduce the capacity to fund important projects. The updated strategy includes improved staff deployment, long-term contract planning, and succession planning. The committee will also review staff morale and skill development.

This document contains an overview of IT risks for the Cairngorms National Park Authority, as identified in their Risk Register. Four main risks were highlighted: insufficient ICT support for increasing IT dependency, inadequate cybersecurity, insufficiently robust IT services, and insufficient funding and IT systems to support large projects. The Authority is working to mitigate these risks through a new IT strategy (SASI) focusing on a stable, accessible, secure, and innovative ICT platform. This includes improved collaboration with Loch Lomond and Trossachs National Park Authority's IT department, investment in new systems, and adopting best practices for cybersecurity, including achieving Cyber Essentials Security PLUS certification. The document also discusses the increasing challenges and risks associated with cloud-based software and the need for careful management of IT budgets in this evolving environment.

This document contains a complaints log for the Cairngorms National Park Authority. It presents information on the number and type of complaints received since October 2018. The Audit and Risk Committee is asked to review this information. One example complaint involved the Cairngorm Mountain funicular, alleging the Authority wasn't meeting its legal duties. This complaint was formally responded to and closed within 20 days.