CAIRNGORMS NATIONAL PARK AUTHORITY

Approved MINUTES AUDIT & RISK COMMITTEE 08/03/19

Approved MINUTES of MEETING of the AUDIT & RISK COMMITTEE of THE CAIRNGORMS NATIONAL PARK AUTHORITY

held in Dee & Spey Meeting rooms, Cairngorms NPA, Grantown on Spey on 8 March 2019

Present:

Dave Fallows (Chair)
Peter Argyle
Janet Hunter
John Latham
Gaener Rodger
Judith Webb

In Attendance:

Claire Robertson, BDO
Scott Peterson, BDO
John Boyd, Grant Thornton via Video Conferencing Link
Grant Moir, Chief Executive
David Cameron, Director of Corporate Services
Danie Ralph, Finance Manager
Alix Harkness, Clerk to the Board

Apologies: None.

1. Welcome and Apologies

The Convener welcomed everyone to the meeting and the apologies were noted.

2. Minutes of Previous Meeting

The draft confidential minutes of the 23 November 2018 meeting were approved subject to the following amendment:

At In Attendance: The other Board Members who attended the meeting to be listed: Dr Gaener Rodger, William Munro and Derek Ross.

3. Minutes of Previous Meeting

The draft minutes of the 23 November 2018 meeting were approved subject to the following amendment:

At In Attendance: The other Board Members who attended the meeting to be listed: Dr Gaener Rodger, William Munro and Derek Ross.
At Para 4a: Autumn 2016 should be Autumn 2018, to be amended.

4. Matters Arising

David Cameron reported that movement on the outstanding actions throughout and listed at the bottom of the 23 November 2018 Audit & Risk Committee Minutes are:

a) Internal Auditor’s Follow Up Review Report – Open – Had hoped to bring it to this meeting however David Cameron reported that he had not had time to pull together an internal follow up note on what management were going to do to address the points raised. Would be brought to the next meeting in May 2019.

b) Audit & Risk Committee member training – Open – David Cameron reminded the Committee that full Board On Board Training had been organised for 5^th April 2019. He added that he hoped Audit & Risk Committee induction training would be set up for early summer 2019. He explained that once the dates were set Loch Lomond & Trossachs National Park Audit & Risk Committee would be invited to attend.

c) Audit & Risk Committee member induction pack – Open – David Cameron reported that he had just received an updated copy of the Scottish Government Audit & Risk Committee handbook and once through it he would distribute it to Committee members in the next couple of weeks.

d) Risk Mitigation action for LEADER Accountable Body role – letter to Scottish Government as outlined in paper to Committee 31 August 2018 – Open – Would be actioned in due course at appropriate time.

5. Election of Committee Vice-Chair

David Cameron highlighted that according to Standing Orders following the revision of Board membership on Committees and Groups at the December 2018 Board meeting, the Election of Committee Vice-Chair was due to take place. He therefore asked for nominations for the Vice-Chair of the Committee.

6. Nominations

Nominations were made. Dave Fallows nominated Judith Webb and this was seconded by Janet Hunter. Judith Webb accepted this nomination. Members present confirmed that Judith Webb take on the role of Committee Vice-Chair. There being only one nomination, it was declared that Judith Webb be appointed as Vice-Chair.

7. Action:

i. Judith Webb to take the position of Vice-Chair of the Audit & Risk Committee to last 3 years.

8. Internal Audit Review: Strategic Planning (Paper 1)

Claire Robertson presented a Paper which presents the internal auditor’s report on the Authority’s strategic planning processes and controls.

9. The Audit & Risk Committee made the following comments and observations:

a) The Convener congratulated all for the achievements highlighted in the report.

b) Was the Organisational Development Strategy a public document? David Cameron advised that it was not. Grant Moir added that it was a document setting out how internally the Authority develops it staff base to deliver the National Park Partnership Plan. Resounding agreement that the Staffing & Recruitment Committee were better placed to oversee the strategy.

c) With reference to page 4 of the Annex where it states ‘bringing people together towards a common purpose’, what did this mean? Grant Moir reminded the Committee that this phrase was taken directly from the National Park Partnership Plan which had been developed the Board and staff.

d) The Convener drew the Committee’s attention to the Observation section of the Annex (page 8), and reported that it was well explained there. David Cameron agreed and said he would have a discussion with management team to decide whether it would be wise creating a new risk around that subject on the Strategic Risk Register. The strategic risk register would be brought back to the Committee at their next meeting.

e) Was there any financial benefit of having received such a positive report? David Cameron advised that there was a resource benefit in that as a team there is no need to adjust strategic planning processes therefore resources can be focused in delivery.

f) Was there a public relations opportunity in this achievement? Grant Moir reported the communications plan for March which would help show senior civil servants in the government how successful the Authority are at leveraging in funding.

g) Discussion around communicating the Committee’s praise back to staff. Agreement that the Chair and Vice-Chair write a post for the intranet praising them for the good work in this report.

10. The Audit & Risk Committee:

a) Considered the internal auditor’s findings on the Authority’s arrangements for strategic planning;

b) Endorse the management responses to recommendations for action raised by the internal auditor.

11. Actions:

i. Audit & Risk Committee Chair and Vice-Chair write a post for the intranet praising staff for the good work in this report.

12. Internal Audit Review: Financial Planning Review (Paper 2)

Claire Robertson presented a Paper which presents the financial planning review.

13. In discussion the Audit & Risk Committee made the following comments and observations:

a) Observation that it was a very good report which highlighted good practice. Comment made that the positivity of the report should not be underestimated. Agreement that the Chair and Vice Chair write a post for the intranet praising staff for the positive report.

b) Was a financial model followed in order to determine core costs? David Cameron explained that core costs tend to be fixed costs such as staff, IT and professional support whereas the Operational Plan investment tends to be more flexible however less flexible at present due to three and four year commitments made to projects. He explained that the ambition was to keep £1m for the Operational Plan. Grant Moir added that over the past five years the Authority had been extremely successful at increasing staff whilst keeping the cost of these down and still managing to budget over £1m for the Operational Plan as a result of the leveraging of monies which helps to deliver the projects.

14. The Audit and Risk Committee considered the internal auditor’s findings on the Authority’s arrangements for financial planning.

15. Actions:

i. Audit & Risk Committee Chair and Vice-Chair write a post for the intranet praising them for the good work in this report

16. ²⁰¹⁸⁄₁₉ Audit Plan (Paper 3)

John Boyd presented Paper 3 which presents the external auditor’s Annual Audit Plan for the audit of the ²⁰¹⁸⁄₁₉ accounts. The plan sets out the key challenges and risks faced by the Authority associated with this year-end audit review and the associated audit work that Grant Thornton proposes to undertake. He highlighted that there was a typo on page 9 of the Annex, in the Key audit deliverables, the second July 2019 should be September 2019.

17. David Cameron advised that he was content with the fee being proposed. He reminded the Committee that at the end of last financial year the Authority were in a difficult position with regards to the Scottish Government owing the Authority LEADER monies. He reported that this had now all been resolved and the backlog had been caught up with and it was now a clear year end.

18. In discussion the Audit & Risk Committee made the following comments and observations:

a) With reference to page 5 of the Annex, why had 0.120million be written out like that and not in thousands? John Boyd advised that he did not know why this was the case but agreed to find out.

b) A query around thresholds which were set at £6k, was this the sum of all mistakes as long as they were under £6k? John Boyd advised that anything above £6k would be reported and that they are also required to report on the cumulative threshold. He added that £6k is the threshold for reporting to the Committee.

19. The Audit & Risk Committee:

a) Considered the external auditor’s Annual Audit Plan for the audit of the Authority’s ²⁰¹⁸⁄₁₉ accounts and wider reviews of operations.

b) Agreed, subject to any comments, Audit Scotland’s Annual Audit Plan for ²⁰¹⁸⁄₁₉

c) Agreed the external audit fee on behalf of the Board, as set out in the Plan, page 11, Fees and independence.

20. Actions: None.

21. Draft Governance Statement (Paper 4)

Danie Ralph, Finance Manager presented the draft Governance Statement for incorporation in the Authority’s Annual Accounts for ²⁰¹⁸⁄₁₉.

22. In discussion the Committee agreed to the suggestion to include the word assurance into paragraph X of the Annex.

23. The Audit & Risk Committee agreed to endorse the draft Governance Statement for inclusion in the Authority’s ²⁰¹⁸⁄₁₉ Annual Accounts with the addition on the word assurance into paragraph X of the governance statement.

24. Action:

i. Additional work ‘assurance’ to be added to the governance statement to be included in the Authority’s 2018 – 19 Annual Accounts.

25. Strategic Risk Review: Workforce Management (Paper 5)

David Cameron presented the Paper which presents an in depth review of the strategic risk included in the Authority’s Strategic Risk Register associated with the Authority’s workforce management strategy and associated activities.

26. The Audit & Risk Committee discussed the following point:

a) It was typical of rural employers to employ multiple members of the same family and reassurance sought that on confidentiality grounds that there was background awareness. David Cameron commented that currently the Authority had two married couples employed by them and it was company policy to never allow someone who is related or marries to line manage the other.

b) Recognition of the benefits of the staff survey, suggestion made to improve Board/staff relationship and in the interest of good governance to conduct a Board self-evaluation and a staff evaluation of the board to ensure the results are not too far from each other. Grant Moir agreed and advised he would ask the Head of Organisational Development to run the survey again this year as there had been a significant change in members of the Board. Action.

26. The Audit and Risk Committee:

a) considered the in depth review of the strategic risk associated with the Authority’s workforce management strategy activities;

b) endorsed the inclusion of an additional strategic risk in the risk register as set out at paragraph Error! Reference source not found.;

27. Action:

i. Head of Organisational Development to be asked to conduct the Board self-evaluation and a staff evaluation of the Board this coming year.

28. IT Risk (Paper 6)

Danie Ralph presented an overview of the IT risks noted in the Risk Register and what is currently being done, is being planned to be done to mitigate ICT risk to the Authority and provide a road map for future IT development.

29. The Audit & Risk Committee made the following comments and observations:

a) The Convener praised the paper for its comprehensive format including its layout.

b) What were the risk associated with moving to the cloud? How could these be best managed? Could the Authority continue to function should a breech occur? Would it be hosted in UK or China? Danie Ralph advised that currently the cloud for the Authority was a physical thing that was managed by the Loch Lomond & Trossachs National Park. Scottish Government practice also meant that Cloud providers were located in Scotland or at least the UK. He advised that this could bring the costs down. Grant Moir explained that our risk was considerably small compared to other organisations as by the nature of our organisation we do not hold confidential data.

30. The Audit and Risk Committee noted the information contained in the paper.

31. Action: None.

32. Complaints Log (Paper 7)

David Cameron presented a Paper which presents information on the number and nature of complaints received by the Authority since the last update on this subject to the Committee in November 2018.

33. The Audit & Risk Committee accepted the information on complaints made to the Authority.

34. Actions: None.

35. Any Other Competent Business

David Cameron advised that the final proposed Internal Audit Plan for 2019/2020 had been received this week and had been circulated to members of the Committee.

36. Having considered the final proposed Internal Audit Plan for 2019/2020 The Audit and Risk Committee agreed it so that the two audits detailed within it could begin.

37. Date of Next Meeting

8 March 2019, Am Fasgadh, Highland Folk Museum, Newtonmore.

38. Meeting closed 10.20 hours

Audit & Risk Committee: Outstanding Actions

Action	Status
Audit and Risk Committee member training	Open
Audit and Risk Committee induction pack	Open
Risk mitigation action for LEADER Accountable Body role — letter to Scottish Government as outlined in paper to Committee 31 August 2018	Open
Planning Consent Complaint dating from 2017 which had been escalated to the SPSO, DC to report back to Committee when resolved (23 November 2018)	Open
Internal Auditor’s Follow Up Review Report – Open –	FIND
Original request (DATE)	Open

190308A&RApprovedMinute

CAIRNGORMS NATION­AL PARK AUTHORITY

Approved MINUTES AUDIT & RISK COM­MIT­TEE 08/03/19

We want your feedback

CAIRNGORMS NATIONAL PARK AUTHORITY

Approved MINUTES AUDIT & RISK COMMITTEE 08/03/19