Audit & Risk Committee - March 2019

This document contains a notice for a Cairngorms National Park Authority meeting. The Audit and Risk Committee will meet at 8.45am on 8 March 2019, in the Dee and Spey Meeting Room at the Park Authority headquarters in Grantown on Spey. The meeting's agenda and papers will be available online a week beforehand. Anyone needing access arrangements should contact the Park Authority office in advance.

This document contains the agenda for the Cairngorms National Park Authority Audit and Risk Committee meeting on 8 March 2019. The meeting, held in Grantown-on-Spey, included items for decision such as the election of a vice-chair, internal and external audit reviews, and approval of the 2018/19 external audit plan and draft governance statement. Discussion topics included workforce management risk review, IT risk, and a complaints log. The next meeting was scheduled for 3 May 2019 in Newtonmore.

This document contains an internal audit review of the Cairngorms National Park Authority's strategic planning. The review, conducted by BDO, assessed the design and implementation of the Authority's processes and controls. The report found these to be substantial, and no recommendations for improvement were made. The Audit and Risk Committee is asked to consider the findings and endorse the management's responses. The full audit report is included as an annex.

This document contains the Cairngorms National Park Authority's November 2018 internal audit report on strategic planning. The audit found the strategic planning process to be well-designed and effectively implemented, providing substantial assurance to the Audit Committee and management. The report reviewed the alignment of the Corporate Plan with the Partnership Plan, noting the importance of clear communication and measurable objectives, and highlighted the need for better visual representations of progress towards goals. A court case from 2012 emphasizing the prioritization of conservation in case of conflicts was also discussed. The audit involved interviews and a review of documents, and the report's conclusion is that the processes and controls in place are sound and effective.

This document contains an internal audit review of the Cairngorms National Park Authority's resource management. The audit, conducted by BDO, found the Authority's resource planning to be substantial, with no recommendations for improvements. The Audit and Risk Committee is asked to review the findings and endorse the management's responses. A full report is included as an annex.

This document contains an internal audit report on the Cairngorms National Park Authority's financial planning from December 2018. The audit found the Park Authority's financial planning process to be sound, using accurate information and following a timely schedule with good consultation and review. The process includes scenario planning and regular budget reforecasts to handle changes and potential issues. The audit gave a substantial level of assurance to the design and effectiveness of the controls in place. No high or medium significance risks were identified.

This document contains the 2018/19 Audit Plan for the Cairngorms National Park Authority. It outlines the key challenges and risks for the year's audit, and the work Grant Thornton will undertake. The Audit and Risk Committee needs to review the plan, consider comments from Audit Scotland, and agree to the external audit fee. Grant Thornton is the external auditor, appointed for five years, and their plan is included in an annex. The committee will review the plan and agree to it, including the proposed audit fee.

This document contains a draft external audit plan for the Cairngorms National Park Authority for the financial year ending 31 March 2019. The plan details the audit's approach, including materiality levels (performance materiality at 75%, planning materiality at 2% of operating expenditure), significant risks (fraud in revenue and expenditure, management override of controls), and the audit's scope, which considers the Authority a smaller body. The plan also outlines the key deliverables, timeline, and responsibilities of both the Authority and the auditors, Grant Thornton UK LLP, in accordance with Audit Scotland’s guidance. Specific attention will be paid to the recoverability of advance balances and the implementation of new accounting standards (IFRS 9 and IFRS 15).

This document contains a draft governance statement prepared by Danie Ralph, Finance Manager, for the Cairngorms National Park Authority's 2018/19 annual accounts. The Audit and Risk Committee is asked to approve this statement. The statement covers the organisation's governance framework, board operations, risk management, and data security, all in line with Scottish Public Finance Manual guidelines. The committee's role is to review the statement's accuracy based on their experience throughout the year before it's added to the draft accounts.

This document contains a governance statement for the Cairngorms National Park Authority (CNPA). The Accountable Officer is responsible for maintaining sound internal controls, safeguarding public funds, and meeting Scottish Public Finance Manual (SPFM) requirements. The CNPA Board and its sub-committees (Finance and Delivery, Staffing and Recruitment, Audit and Risk, and Planning) ensure effective governance. Regular meetings and internal and external audits, led by the Audit and Risk Committee, monitor the organisation’s performance and risk management. The CNPA also shares services with other organisations, and has implemented measures to improve data security and comply with GDPR. The Accountable Officer reviews the effectiveness of the internal control system through various channels including reports from executive directors, internal monitoring, and the work of internal and external auditors.

This document contains a review of the Cairngorms National Park Authority's workforce management strategy and associated risks. The review, presented to the Audit and Risk Committee, highlights existing risks related to staff workload and morale due to increased project demands. It recommends adding another strategic risk to the register: failure to manage staffing numbers effectively will reduce the capacity to invest in key National Park projects. The document also details current workforce management actions, including a revised strategy focusing on flexibility, contract management, and succession planning, to mitigate these risks. A staff survey is planned to further assess staff morale and motivation.

This document contains an overview of IT risks for the Cairngorms National Park Authority. Four main risks were identified: insufficient ICT support for increasing reliance on technology, inadequate cybersecurity, insufficiently robust IT services, and insufficient resources to manage large projects. The Authority is addressing these through a new IT strategy (SASI), focusing on stable, accessible, secure, and innovative IT systems. This includes improving internal IT support, strengthening cybersecurity measures, and transitioning to cloud-based solutions while carefully managing associated costs and risks. The Authority is also actively pursuing certifications like Cyber Essentials Security PLUS to enhance security.

This document contains a complaints log for the Cairngorms National Park Authority. It presents information on the number and type of complaints received since October 2018. The Audit and Risk Committee is asked to review this information. One example given is a complaint about the Cairngorm Mountain funicular, which was resolved within twenty days.