Audit & Risk Committee - March 2021

This document contains the agenda for the Cairngorms National Park Authority’s Audit and Risk Committee meeting on 12 March 2021. The meeting, held via video link, included items for decision on data management, follow-up reviews, and internal audit reports, along with discussions on risk registers and complaints handling. Information was also given on the FOISA scorecard and governance responsibility framework. The date of the next meeting was to be confirmed.

This document contains the minutes from a Cairngorms National Park Authority Audit and Risk Committee meeting on 3 February 2021. The meeting covered various topics including the approval of previous meeting minutes, updates on outstanding actions from the previous meeting, an internal audit review of the Authority's governance, a review of COVID-19 recovery and business continuity planning, and an internal audit progress report. The committee also reviewed and discussed the draft external audit plan and a framework agreement proposal, noting and endorsing various recommendations and observations from internal and external auditors. Finally, the meeting included an update on the Information Commissioner's handling of a recent review.

This document contains an internal audit review of the Cairngorms National Park Authority's data management systems and controls, conducted by AZETS. The audit assessed four areas, finding one area with room for improvement and two areas with inadequate controls. Five recommendations for improvement were made, two of moderate risk and three of high risk. Management accepted all recommendations, with plans for implementation, though delays due to COVID-19 are acknowledged.

This document contains the Cairngorms National Park Authority's internal audit report for 2020/21 on data management. The report, completed in February 2021, found that while some data management procedures were good, there were areas needing improvement. Key recommendations included updating existing policies to ensure they are current and consistent with regulations like GDPR, implementing compliance activities, limiting file structure modification rights, and creating a subject access request response procedure. The report also advises on transitioning to cloud services and considers the impact of Brexit on data storage and management. A management action plan is included with deadlines for addressing the recommendations.

This document contains a follow-up review by Azets of actions taken on internal audit recommendations for the Cairngorms National Park Authority. The review, covering 2020-2021, notes that progress on several recommendations was delayed due to COVID-19 restrictions and the implementation of remote working. The Park Authority prioritized implementing a Business Continuity Plan and new strategies like the Green Recovery Plan. As a result, many older recommendations remain outstanding, but the Park Authority plans to address these as it transitions away from remote working and implements its 2021-2022 budget and operational plan.

This document contains a Cairngorms National Park Authority internal audit report, specifically a follow-up on management actions from 2020/21. The report summarizes the progress made by management in implementing agreed actions from previous audit reports. It details the status of actions, categorized as complete, partially complete, incomplete, not yet due, or no longer applicable. The report highlights that many actions were delayed by the impact of COVID-19, and it requests the Audit and Risk Committee to review the progress and approve actions with revised timescales. The report also includes appendices detailing action status by report, a summary of outstanding actions past their due dates, and descriptions of audit risk categorizations.

This document contains the Cairngorms National Park Authority's internal audit annual report for 2020/21. The report, completed by Azets in March 2021, states that the Park Authority has a framework of controls providing reasonable assurance regarding its governance, internal controls, and objective achievement. The audit covered various areas like corporate governance, data management, and COVID recovery, identifying some areas for improvement. The report also confirms the independence of the audit team and their compliance with Public Sector Internal Audit Standards. Finally, appendices detail planned versus actual audit days and a summary of the internal quality assurance assessment.

This document contains the Cairngorms National Park Authority's proposed internal audit plan for 2021/22, prepared by Azets. The Audit and Risk Committee needs to review Azets' strategic internal audit plan, consider the plan's suitability for the Authority's needs, and approve the plan for 2021/22. The plan itself is a detailed document, already consulted on with senior park staff, and available as an annex to this paper.

This document contains the Cairngorms National Park Authority’s Strategic Internal Audit Plan for 2021/22–2023/24. The plan outlines the approach to internal auditing, which is independent and objective, aiming to improve the Park Authority's operations. It's risk-based, focusing on key areas identified in the corporate risk register to ensure effective risk management and best value for money. The plan details scheduled audits across various areas, including financial systems, governance, and IT, with specific objectives for each. The plan also addresses how the internal audit team will work, including their roles and responsibilities, and how they will liaise with external auditors. Finally, it includes details on reporting and monitoring procedures.

This document contains a paper supporting the Cairngorms National Park Authority's Audit and Risk Committee's review of the strategic risk management position. The paper reviews the Authority's strategic risk register and considers the implications of the Heritage Horizons programme. The Committee is asked to review the register, agree on any needed changes, and consider the programme's potential risks and how to lessen them. The document includes the current risk register and an initial look at the risk management aspects of the Heritage Horizons programme.

This document contains the Cairngorms National Park Authority’s strategic risk register from November 2020. It lists several risks, including financial constraints impacting resource allocation, the effects of COVID-19 on operations and staffing, the loss of EU funding, and challenges in securing future community funding. The document also highlights risks related to staffing workload, IT systems, and the authority’s reputation. For each risk, mitigation strategies, comments, and trends (August 2020, November 2020, and March 2021) are provided. The document aims to keep the number of high-level strategic risks between 12 and 15.

This document contains a risk management and risk register for the Heritage Horizons programme. It identifies several potential problems, such as unclear governance responsibilities, difficulties engaging communities, and challenges with managing finances and partnerships. For each risk, the document outlines its potential impact, prevention strategies, and methods for addressing issues if they arise. The assessment also includes a section for risks requiring ongoing monitoring, but not immediate action.

This document contains a review of how the Cairngorms National Park Authority handled complaints against board members in July and August 2020. The review recommends that the Authority's complaints procedure continues to cover complaints against board members, and that its Code of Conduct should be updated to include a “perception test,” similar to the Councillors’ Code of Conduct. The review also suggests improvements to the complaints handling policy and procedure, clarifying how complaints are handled and outlining potential outcomes, from dismissal to referral to the Ethical Standards Commission. Finally, the review highlights the need to address several gaps in the Authority's current Code of Conduct.

This document contains an information requests quarter three performance scorecard for the Cairngorms National Park Authority. It updates the Audit and Risk Committee on the performance of information requests received under FOISA and GDPR for Quarter 3 and year-to-date. The report includes a scorecard and asks the committee to review the performance and presentation, and suggest additional metrics for Quarter 4 reporting.

This document contains a report on information requests handled by the Cairngorms National Park Authority (CNPA) during 2020-21. A total of 29 requests were received, with 28 responded to within the statutory timeframe. Most requests (14) were Freedom of Information (FOI) requests, followed by 13 Environmental Information Regulations (EIR) requests. The report details response times and outcomes, including appeals and reviews. Nine requests were delayed, averaging nine days. The data is presented in charts and tables, breaking down responses by request type and service area.