190308AuCtteePaper3Annex1GTExternalAnnualPlan2018-19
CAIRNGORMS NATIONAL PARK AUTHORITY
Audit & Risk Committee Paper 3 Annex I 08/03/2019
Grant Thornton
Cairngorms National Park Authority
External Audit Plan for the financial year ending 31 March 2019
Audit and Risk Committee 8 March 2019
DRAFT
Joanne Brown Engagement Leader
John Boyd Senior Manager
©2019 Grant Thornton UK LLP | Cairngorms National Park Authority | March 2019
Our audit at a glance
Performance materiality is set at 75% and trivial is 5% of materiality. This is consistent with prior year and reflects minimal audit adjustments in prior year and our understanding Cairngorms National Park Authority (‘the Authority’) in a year three of our audit cycle.
Planning materiality is set at 2% of operating expenditure (£120,000) based on 2017⁄18 audited information. This is based on our assessment of what misstatement either individually or in aggregate could be significant as to be misleading to the users of financial statements.
Significant audit risks are: management override of controls; the risk of fraud in revenue as set out in International Standards on Auditing (ISAs UK); and risk of fraud in expenditure as set out in practice Note 10.
An audit underpinned by quality and adding value to you
The Authority is the lead body for the Tomintoul & Glenlivet Landscape Partnership and Accountable Body for Cairngorms ‘LEADER’, Capercaillie Framework and the Great Place Badenoch Project. As project lead, the Authority makes advances to project applicants which are in turn reclaimed from funders there is a risk that such funds may not be allowable under the terms of the project and . in such instances the authority would fall liable for the costs incurred. As part of our audit we will focus on the recoverability of advance balances at the year end.
Our audit is undertaken in accordance with the Audit Scotland Code of Audit Practice and reflects the wider scope nature of public audit. In accordance with Audit Scotland guidance, we consider the Authority to be a smaller body for the proposes of wider scope responsibilities. Therefore the focus of our work will be on financial sustainability and governance statement disclosures.
Contents
| Section | Page |
|---|---|
| 1. Overarching principles of our audit | 4 |
| 2. Audit approach and materiality | 5 |
| 3. A risk based audit methodology | 6 |
| 4. Wider scope audit – smaller body approach | 7 |
Appendices:
| Appendix | Page |
|---|---|
| 1. Key audit deliverables and our team | 9 |
| 2. Audit process | 10 |
| 3. Fees and independence | 11 |
| 4. Fraud | 12 |
| 5. Respective responsibilities | 13 |
| 6. Technical updates | 14 |
| 7. Communication of audit matters to those charged with governance | 16 |
Overarching principles of our audit
Our audit is risk based and undertaken in accordance with the International Standards on Auditing (ISAs) (UK) and the Audit Scotland Code of Audit Practice 2016 (‘the Code’).
Our overall objective is a effective, quality-focused external audit which adds value through wider insights and challenge. Our audit foundations are:
✓ professional scepticism ✓ a focus on audit risks and key areas of management judgement ✓ Delivering a quality audit through our experienced public sector audit team, use of data analytics to focus our audit and understanding of the organisation ✓ clear and upfront communications, with regular communication during the year ✓ reporting with focused actions which will support you in improving your controls/operations
Adding value
Our aim is to add value to the Authority through our external audit work. This will be delivered through delivering a high quality audit. Specifically for the Authority we will also undertake the following arrangements:
• Robust and effective audit methodology: Our ISA compliant audit methodology is tailored to focus audit resource on significant risk areas and key estimates and judgements. • Investing in our people: Our resourcing model is designed to ensure you have a skilled, experienced and knowledgeable audit team. • Investing in technology: We continue to invest in data analysis and audit software to deliver more efficient ISA compliant audit processes.
We will share relevant Audit Scotland and Grant Thornton publications with Senior Management and the Audit and Risk Committee, identifying particular areas for consideration. We will pro-actively work with management during the year to discuss any new or emerging matters, such as the new revenue standards which come into effect from 1 April 2019.
Key audit deliverables
2018⁄19 Deliverables as set out in the Audit Scotland planning guidance (October 2018)
• Confirmation of agreed fee by end of February 2019 • Annual quality report to the Auditor General and Accounts Commission (January 2019) • Current issues return for Central Government to Audit Scotland (21 January 2019 and 19 July 2019) • Submission of fraud cases to Audit Scotland on a quarterly basis • Submission of annual audit report and audited accounts (deadline 31 October 2019)
Planned Audit Scotland publications which may be relevant to the Authority
• Digital progress in central government and health (reporting early 2019⁄20) • Modern Apprenticeships • External Audit Plan (this document) • Annual Report to those Charged with Governance and the Auditor General for Scotland (August 2019) • Audit opinion (August 2019) • Management letter of representation (August 2019)
Audit approach and materiality
We undertake your audit in accordance with International Standards on Auditing (UK) (ISAs) and the Audit Scotland Code of Audit Practice (May 2016). On an annual basis we are required to give an opinion as to whether the Financial Statements:
• give a true and fair view • have been properly prepared in accordance with relevant legislation and standards • audited parts of the remuneration and staff report have been prepared in accordance with the guidance • regularity of expenditure • the wider information contained in the financial statements e.g. Accountability Report; Directors Report and Governance Statement
Basis for materiality
We determine financial statement materiality based on a proportion of the total operating expenditure. This approach is consistent with our prior year materiality determination. We have determined materiality to be £0.120 million, which equates to approximately 2% of your prior year total operating expenditure for the year. This is based on our judgement of our consideration of material to the user of the account based on understanding of the Authority.
We reconsider planning materiality if, during the course of our audit engagement, we become aware of facts and circumstances that would have caused us to make a different determination of planning materiality.
Performance materiality
Performance materiality represents the amount set for the financial statements as a whole to reduce the probability that the aggregate of uncorrected and undetected misstatements exceed materiality. Based on our audit experience in 2017⁄18 we have retained this for 2018⁄19 at 75% (£90,000). Performance materiality determines those accounts which testing will be undertaken on and the level of sample testing performed where applicable.
Reporting to those charged with governance
Whilst our audit procedures are designed to identify misstatements which are material to our opinion on the financial statements as a whole, we nevertheless report to the Audit and Risk Committee any unadjusted misstatements of lesser amounts to the extent that these are identified by our audit work. Under ISA 260 (UK) ‘Communication with those charged with governance’, we are obliged to report uncorrected omissions or misstatements other than those which are ‘clearly trivial’ to those charged with governance. We have determined this threshold to be £6,000 thousand.
Going concern considerations
As auditors, we are required to “obtain sufficient appropriate audit evidence about the appropriateness of management’s use of the going concern assumption in the preparation and presentation of the financial statements and to conclude whether there is a material uncertainty about the entity’s ability to continue as a going concern” (ISA (UK) 570). We will review management’s assessment of the going concern assumption and evaluate the disclosures in the financial statements.
Working with Internal Audit
We will aim to not duplicate the work of your internal auditors. We will consider the internal audit plan for 2018⁄19 and identify any particular areas of risks that we either need to reflect in our approach or are relevant to our wider scope audit work. We will continue to review internal audit work throughout the year and maintain and ongoing, open, dialogue with internal audit.
A risk based audit methodology
Understanding the Authority and its environment
This is our third year as the external auditors of the Authority appointed under the Audit Scotland framework. In 2017⁄18, the Authority received funding of £4.75 million of expenditure limit allocation from the Scottish Government to support operating activity and generated income from planning fees, projects and other operating income of £1.64 million.
The Cairngorms National Park Partnership Plan (2017−22) is prepared collaboratively with partners including local authorities, Scottish Government, and the wider public through consultation outlines the priorities for Cairngorms National Park. The Authority develops its own three year Corporate Plan (The Cairngorms National Park Plan (2018−2022)) which outlines how the Partnership Plan objectives will be delivered.
The Corporate Plan recognises the financial constraints in which the Authority works in, with forecast grant –in-aid revenue assumed to have no uplift over the three year period. Through rising cost pressures through inflationary pressures on non-pay increases as well as assumed uplifts in payroll costs, the Authority recognises that it will need to deliver strategy using efficient and effective ways of working while looking at opportunities to generate operating revenue to support increasing costs.
Significant risks
Significant risks are defined by ISAs (UK) as risks that, in the judgement of the auditor, require special audit consideration. In identifying risks, audit teams consider the nature of the risk, the potential magnitude of misstatement, and its likelihood. Significant risks are those risks that have a higher risk of material misstatement.
Overview of our significant audit risks identified at planning and our proposed approach
| Risk area | Description of risk | Planned response |
|---|---|---|
| Risk of fraud in revenue recognition | As set out in ISA 240, there is a presumed risk that revenue may by misstated due to improper recognition of revenue. Given grant-in-aid income is well forecast and agreed to grant-in-aid confirmation we do not consider this to be of higher risk. Our presumed risk therefore focuses on operational plan and other income. We consider the risk to be prevalent around the year end and therefore focus our audit work on transactions around the year end. | • Walkthroughs of the controls and procedures around material income streams and validation of key controls where appropriate. • Agree income in year to supporting receipts/invoices/cash • Consider income cut off procedures and substantive testing over pre and post year end balances. • A focus on recoverability of balances at the year end. |
| Fraud in expenditure recognition as set out in Practice Note 10. | Operating expenditure is understated or not treated in the correct period (risk of fraud in expenditure). As set out in Practice note 10 (revised) which applies to public sector entities. As payroll expenditure is well forecast and agreeable to underlying payroll systems there is less opportunity for the risk of misstatement in this expenditure stream. We therefore focus on non pay expenditure. We consider the risk to be particularly prevalent around the year end and therefore focus our testing on cut-off of non-pay expenditure. | • Perform cut off at year end on pre and post year end transactions and recording. • Reviewing the completeness of creditors (and expenditure) recognised. • Walkthrough of the key expenditure controls in place. • Regularity – Expenditure incurred in accordance with the type/nature of the Authority as an organisation. |
| Management override of controls | As set out in ISA 240, across all entities there is a presumed risk of fraud being perpetrated by management through its ability to manipulate accounting records directly or indirectly and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively. override of controls is present in all entities. | • A focus on understanding how/where management override of controls may occur. • Review of the controls over journal entries using our data analyser tool to focus on higher risk journals. • Understanding key areas of judgement and accounting estimates within the financial statements and the basis for these judgements and the application of accounting policies. This include assumptions around LEADER programme receivables. • Reviewing unusual and/or significant transactions that are out with the normal course of business for the entity to understand the rationale for these transactions. |
Wider scope audit – Smaller body approach
Our responsibilities under Audit Scotland’s Code of Audit Practice extend beyond the audit of the financial statements.
The Code sets out four dimensions that frame wider scope audit work into identifiable areas. Alongside Best Value, the audit dimensions set a common framework for our audit work and we review and conclude on the four dimensions and that there are organisational arrangements in place to secure Best Value. Audit Scotland Audit Planning guidance outlines key areas for consideration. Relevant to the organisation we will consider the following:
• EU Withdrawal, • changing landscape for public financial management, • dependency on key suppliers and • openness and transparency.
We consider these areas through our audit planning processes and throughout the audit cycle. At our planning there are no significant audit risks identified in relation to these areas.
Wider scope approach — Smaller Body
For smaller bodies the Audit Scotland Code of Practice permits auditors to not apply the full wider scope audit. In our judgement, taking into account the nature of the Authority operating activity and income and expenditure streams, we feel it is appropriate to treat you as a smaller body under the Code. However, in accordance with Audit Scotland planning guidance, we will update our understanding of your arrangements for ensuring financial sustainability as well as your governance arrangements in place to support disclosures contained within the annual governance statement included within your financial statements.
Appendices
Key audit deliverables and our team
(Diagram/chart of key audit deliverables and timeline)
Audit process
(Diagram/chart of audit process)
Fees and independence
| Service | Fees £ | Service | Fees £ |
|---|---|---|---|
| External Audit Fee | 8,590 | At planning stage we confirm there are no non-audit fees | Nil |
| Pooled Costs | 2,070 | ||
| Contribution to Audit Scotland costs | 510 | ||
| Contribution to Performance Audit and Best Value | 0 | ||
| 2018 – 19 Fee | 11,170 |
The audit fee is calculated in accordance with guidance issued by Audit Scotland. In accordance with the Audit Scotland guidance we can increase the fee by up to 20% from the base fee set by Audit Scotland, depending on risk factors identified by us as your external auditors. We cannot reduce the fee from the baseline set out by Audit Scotland. The above proposed fee, set at the base fee, has been agreed with management. The fee is based on the following assumptions:
• supporting schedules to all figures in the accounts are supplied by the agreed dates and in accordance with the agreed upon information request list • the scope of the audit, and the Authority activities will not change significantly from planned • the Authority will make available management and accounting staff to help us locate information and to provide explanations. We reserve the right to charge an additional fee for any additional work. • We will only receive (and audit) 3 sets of accounts (1st draft; amended draft and final)
Independence and ethics
We confirm that there are no significant facts or matters that impact on our independence as auditors that we are required or wish to draw to your attention.
We have complied with the Auditing Practices Board’s Ethical Standards and therefore we confirm that we are independent and are able to express an objective opinion on the financial statements.
Full details of all fees charged for audit and non-audit services will be included in our Annual Report to those charged with governance at the conclusion of the audit.
We confirm that we have implemented policies and procedures to meet the requirements of the Auditing Practices Board’s Ethical Standards.
We are required by auditing and ethical standards to communicate any relationships that may affect the independence and objectivity of the audit team.
We can confirm no independence concerns have been identified.
Client Service
We take our client service seriously and continuously seek your feedback on our external audit service. Should you feel our service falls short of expected standards please contact Joanne Brown, Head of Public Sector Assurance Scotland in the first instance who oversees our portfolio of Audit Scotland work (joanne.e.brown@uk.gt.com). Alternatively, should you wish to raise your concerns further please contact Jon Roberts, Partner and Head of Assurance, 30 Finsbury Square, London, EC2A 1AG. If your feedback relates to audit quality and we have not successfully resolved your concerns, your concerns should be reported to Elaine Boyd, Assistant Director, Audit Scotland Quality and Appointments in accordance with the Audit Scotland audit quality complaints process.
Fraud arrangements
The term fraud refers to intentional acts of one or more individuals amongst management, those charged with governance, employees or third parties involving the use of deception that result in a material misstatement of the financial statements. In assessing risks, the audit team is alert to the possibility of fraud at the Authority.
As part of our audit work we are responsible for:
• identifying and assessing the risks of material misstatement of the financial statements due to fraud in particular in relations to management override of controls. • Leading a discussion with those charged of governance (for the Authority this is assumed to be the Audit and Risk Committee) on their view of fraud. Typically we do this when presenting our audit plan and in the form of management and those charged with governance questionnaires. • designing and implementing appropriate audit testing to gain assurance over our assessed risks of fraud • responding appropriately to any fraud or suspected fraud identified during the audit.
As auditors we obtain reasonable but not absolute assurance the financial statements as a whole are free from material misstatement, whether due to fraud or error.
We will obtain annual representation from management regarding managements assessment of fraud risk, including internal controls, and any known or suspected fraud or misstatement.
The primary responsibility for the prevention and detection of fraud rests with management and those charged with governance including establishing and maintaining internal controls over the reliability of financial reporting effectiveness and efficiency of operations and compliance with applicable laws and regulations.
It is the Authority responsibility to establish arrangements to prevent and detect fraud and other irregularity. This includes:
• developing, promoting and monitoring compliance with standing orders and financial instructions • developing and implementing strategies to prevent and detect fraud and other irregularity • receiving and investigating alleged breaches of proper standards of financial conduct or fraud and irregularity.
Throughout the audit we work with the Authority to review specific areas of fraud risk, including the operation of key financial controls. We also examine the policies in place, strategies, standing orders and financial instructions to ensure that they provide a strong framework of internal control.
All suspected frauds and/or irregularities over £5,000 are reported to Audit Scotland by us as your auditors on a quarterly basis.
Respective responsibilities
As set out in the Code of Audit Practice (pages 10 to 16) there are a number of key responsibilities you as an organisation are responsible for, and others, as appointed auditors we are responsible for. These are summarised below:
| Area | Cairngorms National Park Authority’s Responsibilities |
|---|---|
| Corporate governance | • Establishing arrangements for proper conduct of its affairs • Legality of activities and transactions • Monitoring adequacy and effectiveness of arrangements (inc role of those charged with governance) |
| Financial statements | • Preparing financial statements which give a true and fair view of their financial position • Maintaining accounting records and working papers • Putting in place systems of Internal Control • Maintaining proper accounting records • Preparing and publishing an annual governance statement, management commentary and remuneration report |
| Financial position | • Proper arrangements to ensure financial position is soundly based and responsibility to ensure arrangements achieve objectives as well as financial, operational and compliance controls – supporting achievement of objectives and secure value for money |
| Fraud and error | • Establishing appropriate arrangements for prevention and detection of fraud, error, irregularities, bribery and corruption and affairs are properly managed |
| Our responsibilities | How do we do this in practice |
|---|---|
| • Undertake statutory duties and comply with professional engagement and ethical standards | • Review of the Annual Governance statement |
| • Provide an opinion on financial statements and where appropriate regularity of transactions | • Financial position and arrangements for ensuring financial sustainability in the medium to longer term |
| • Review and report on, as appropriate, other information eg annual governance statements, management commentary, remuneration reports | • Review of other information in line with our knowledge and understanding of the Authority |
| • Notify the Auditor General when circumstances indicate a statutory report may be required | • Ongoing dialogue and engagement with Audit Scotland during the year |
| • Demonstrate compliance with wider public audit scope as applicable to a smaller body |
Weaknesses and risks identified by us as your auditors are only those which have come to our attention during our normal audit work in accordance with the Code, and may not be all that exist. Communication by us of matters arising from the audit of the financial statements or of risks or weaknesses does not absolve management from its responsibility to address the issues raised and to maintain an adequate system of control.
Technical updates
For 2018⁄19, new accounting standards (International Financial Reporting Standards (IFRS)), will apply covering revenue (IFRS 15) and financial instruments (IFRS 9).
IFRS 9: Financial Instruments
The introduction of IFRS 9 produces a more principles based approach to the accounting of financial instruments, including their classification and measurement. The main features of the new standard are summarised in the table.
(Table of IFRS 9 impact)
IFRS 15: Revenue from Contracts with Customers
The core principle of IFRS 15 is that a body should recognise revenue for the transfer of goods or services to customers at an amount that reflects the expected price. A body recognises revenue in accordance with that core principle by applying the following five steps:
- Identify the contract(s) with a customer. The FReM has extended the definition of a contract to include legislation which enables a body to obtain revenue that is not classified as taxation.
- Identify the performance obligations in the contract
- Determine the transaction price
- Allocate the transaction price to the performance obligations in the contract
- Recognise revenue when (or as) the entity satisfies a performance obligation.
The impact of the introduction of IFRS 15 will vary across organisations.
The FReM interpretation removes the policy choice to retrospectively restate in accordance with IAS 8. On transition, entities will recognise the difference between the previous carrying amount and the carrying amount at the beginning of the annual reporting period that includes the date of initial application in the opining general fund within taxpayers’ equity.
Audit action
We will continue to work with management to understand the impact of the introduction of IFRS 9 and IFRS 15 on the entity’s financial statements and any potential changes in accounting policy that arise from these. We do not anticipate that IFRS 9 will have a material impact on the entity’s financial statements. However, further assessment is required around the impact of IFRS 15, particularly over contact arrangements. We will provide an early review of the proposed year end accounting treatment, providing relevant technical insight and challenge to provide assurance that the year end financial statements have been prepared in accordance with the FReM and applicable accounting standards.
Communication of audit matters with those charged with governance
(Table of communication plan)
International Standards on Auditing (UK) (ISA) 260, as well as other ISAs, prescribe matters which we are required to communicate with those charged with governance, and which we set out in the table opposite.
This document, The Audit Plan, outlines our audit strategy and plan to deliver the audit, while our Annual Report to those Charged with Governance will be issued prior to approval of the financial statements and will present key issues and other matters arising from the audit, together with an explanation as to how these have been resolved.
We will communicate any adverse or unexpected findings affecting the audit on a timely basis, either informally or via a report to Management and the Audit and Risk Committee.
(Grant Thornton logo and contact information)