Audit & Risk Committee - September 2024

This document contains the agenda for the Cairngorms National Park Authority's Audit and Risk Committee meeting on 27 September 2024 at 12.30 pm. The online meeting will cover several topics, including approval of previous meeting minutes, financial reports (2023/24 final accounts and external audit updates), internal audit reports, strategic risk registers, and procurement plans. Several key individuals from the Park Authority and external auditing firms will present information and decisions will be made on several items. The meeting will conclude with the approval of minutes from a previous meeting and setting the date for the next meeting on 8 November 2024.

This document contains the minutes from the Cairngorms National Park Authority's Audit and Risk Committee meeting held online on 21 June 2024. The meeting covered several topics, including the approval of previous meeting minutes, declarations of interest, and reviews of the internal and external audit reports for 2023/24. A procurement action plan was presented, along with updates on the Park Authority's code of conduct and risk registers. The committee discussed and made observations on each report, noting actions to be taken, including adding procurement as a strategic risk and reviewing the wording on the Cairngorms 2030 risk register. The next meeting was scheduled for 27 September 2024.

This document contains the Cairngorms National Park Authority's 2023/24 final accounts. The Audit and Risk Committee needs to approve these accounts before they're sent to Mazars (the external auditors) and Audit Scotland. The accounts show the Park Authority's financial performance and position, including a slight overspend within acceptable limits and some unused funding for peatland restoration. The committee also reviewed the Authority’s financial processes and risk management. The Chief Executive will sign the accounts once they are approved by the committee and the auditors.

This document contains the Cairngorms National Park Authority's annual report and accounts for the year ending 31 March 2024. It details the Park Authority's performance, focusing on key achievements in nature and climate restoration (including woodland expansion and peatland restoration), community engagement, and improvements to visitor infrastructure. The report also includes details on governance, finances, staff, and risk management, highlighting achievements in securing funding and implementing strategic initiatives like the Cairngorms 2030 programme. Finally, it provides financial statements and supporting notes in accordance with statutory requirements.

This document contains an external audit update for the Cairngorms National Park Authority's 2023/24 annual report and accounts. Prepared by Mazars and presented by Tom Reid, the report summarizes the audit process, including the approach, findings (both significant and minor), and internal control recommendations. The Audit and Risk Committee is asked to review the report and approve the management representation letter before it is signed by the Accountable Officer. The report itself is described as clear and helpful.

This document contains the Cairngorms National Park Authority's annual audit report for the year ending 31 March 2024. Forvis Mazars LLP conducted the audit, examining financial management, sustainability, leadership, and resource use. The audit found no significant issues, though some minor misstatements were corrected. The auditors expect to issue an unqualified opinion on the financial statements. A review of internal controls identified some areas for improvement, primarily related to updating their accounting system and cybersecurity measures. The audit also considered the Park Authority's arrangements for achieving Best Value, concluding they were reasonable.

This document contains information about external audit assurances for the Cairngorms National Park Authority. The Audit and Risk Committee needs to review an auditor's request for information and the park authority's response. The committee will then decide if the authority's governance covers everything the auditor asked about. Management has already reviewed the request and is happy to provide the necessary assurance. Committee members are asked to consider each question before giving their final decision.

This document contains a request for information from the management and those charged with governance at the Cairngorms National Park Authority. It covers several areas, including how the Audit and Risk Committee (ARC) oversees management's processes relating to fraud risk assessment and response. The ARC reviews financial statements, considers risk registers, and receives reports from internal and external auditors. The document also details internal controls, including segregation of duties and staff training, and addresses concerns about potential fraud risks, related party transactions, and compliance with laws and regulations. No specific instances of fraud or significant compliance issues were reported.

This document contains an internal audit report on the Cairngorms National Park Authority's 2024/25 operational and financial planning. Azets conducted the audit, finding the Park Authority has good planning processes but suggesting improvements. Five recommendations were made, four of which management accepted. One recommendation, focusing on scenario planning review, was rejected as management felt it added no value and posed a higher risk than benefit. The overall assessment is that the Park Authority's planning is strong, with recommendations focusing on strengthening existing processes, particularly scenario preparation and long-term planning.

This document contains the Cairngorms National Park Authority's (CNPA) 2024/25 Internal Audit Report on operational and financial planning. The audit found CNPA has clear processes for financial and operational planning, ensuring approved plans are in place before the financial year starts. The plans align with the Corporate Plan objectives, and annual scenario planning is conducted. However, the report also identifies areas for improvement, such as updating the Budget Management and Monitoring document, developing scenario plans for future years, reporting scenario plans to committees annually, and creating an action log to track progress. These improvements will help CNPA better manage resources and risks, especially given public sector financial constraints.

This document contains an internal audit progress report for the Cairngorms National Park Authority for 2024/25. Prepared by Azets and presented by Elizabeth Young, also of Azets, the report shows progress on the agreed internal audit program. One report, on Operational and Financial Planning, is complete. The Audit and Risk Committee is asked to review the report and the progress made. The report itself gives a clear summary of the audit's progress so far.

This document contains the Cairngorms National Park Authority's September 2024 internal audit progress report. It summarizes internal audit activities since the last meeting, noting the completion of the Operational and Financial Planning audit. The report also details the planned audits for the next quarter, including a follow-up report, and asks the Audit and Risk Committee to review the report's content and approve the next quarter's plan. The document includes a table showing the status of the 2024/25 audit plan.

This document contains a report by Louise Allen, Head of Finance and Corporate Operations, for the Cairngorms National Park Authority's Audit and Risk Committee. It's about reviewing the Park Authority's risk management. The report asks the committee to check the completeness of two risk registers: the main strategic risk register (last reviewed 23 September 2024) and the Cairngorms 2030 programme risk register. The committee is then asked to suggest any improvements needed.

This document contains a risk register for the Cairngorms National Park Authority (CNPA), dated 27 September 2024. It outlines twelve key risks, categorized by theme (resources, nature and conservation, technical, and reputation), with descriptions, existing mitigation strategies, current and target impact/likelihood scores, planned actions, and assigned risk owners. The risks encompass financial constraints, securing match funding, staffing shortages and skills gaps, inadequate IT systems and business continuity plans, wildlife crime prevention, and reputational challenges. Many risks involve resource allocation, staff recruitment and retention, and the effective delivery of major programmes alongside core objectives. Mitigation strategies frequently include improved communication with the Scottish Government, enhanced partnerships, internal training, and improved systems and processes. Due dates for planned actions vary, many spanning to the end of March 2025.

This document contains a risk assessment for the Cairngorms 2030 Programme. Several risks were identified, including potential programme delays due to insufficient funding, challenges in securing match funding for projects, and staffing shortages. The assessment assigns each risk a priority level based on impact and probability, and outlines mitigation strategies. Some risks are marked as "closed," indicating successful mitigation, while others remain "open," requiring ongoing attention. The assessment was completed on 27 September 2024.

This document contains the Cairngorms National Park Authority's draft Audit and Risk Committee Annual Report for the period September 2023 to September 2024. The report covers the review of the 2023/24 and 2022/23 accounts, which received unqualified external audits. The Committee also reviewed internal audit reports, focusing on risk management, governance, and procurement. Significant findings included some weaknesses in procurement controls, addressed through an action plan. The report concludes that the Committee successfully progressed the Board’s priorities and highlights the good work of the finance and corporate services teams. The report also looks at management responses to recommendations made by internal and external auditors.

This document contains an action plan to improve the Cairngorms National Park Authority's procurement processes. The plan, created in response to an internal audit, aims to improve processes, procedures, and internal controls. Recommendations include reviewing progress against planned activities. Key steps include appointing a Procurement Officer (Mikko Saari), updating policies and procedures, and formalizing controls. A considerable amount of work remains, but the new officer is making good progress. Progress updates will be given monthly to the committee chair and vice-chair.

This document contains a draft procurement strategy for the Cairngorms National Park Authority. The strategy was created following an internal audit's recommendation and uses examples from Dundee City Council and Loch Lomond and the Trossachs National Park. The aim is to create improved processes and controls for awarding contracts fairly and transparently. The Audit and Risk Committee needs to review the strategy and advise on its use for developing future procedures.

This document contains the Cairngorms National Park Authority's procurement strategy. It outlines how the Park Authority will source goods and services to meet its objectives, using a blend of employed staff, grants, and contracts. The strategy follows Scottish regulations and aims for value for money, ethical sourcing, and environmental responsibility. It prioritizes fair work practices, community benefits, and sustainability. The strategy also details risk management, including commercial, technical, performance, contractual and legal risks. The document describes the Procurement Officer's role and the process for obtaining goods and services, with different routes depending on contract value and complexity. It emphasises transparency and learning from previous contracts. Finally, it highlights a commitment to community wealth building and achieving Net Zero goals.