191206AuCtteePaper5Annex1ExtAuditPlan201920
Cairngorms National Park Authority (CNPA)
External Audit Plan for the financial year ending 31 March 2020
Audit and Risk Committee 6 December 2019
DRAFT PLAN ONLY FOR ACCOUNTABLE OFFICER & AUDIT AND RISK COMMITTEE (Pending Fee Confirmation)
Joanne Brown Engagement Leader
John Boyd Senior Manager
Our audit at a glance
Our audit planning materiality for Cairngorms National Park Authority (CNPA) is set at £140,000, being approximately 2% of gross expenditure based on 2019⁄20 budget. This is based on our assessment of what misstatement either individually or in aggregate could be significant as to be misleading to the users of financial statements. Our materiality benchmark is operating expenditure, that we consider a suitable benchmark for public entities. We will revisit our materiality throughout our audit including updating to reflect the unaudited financial statements.
Performance materiality is set at 75% of overall materiality. This is consistent with the prior year reflecting our audit knowledge and understanding with no material adjustments in the prior year.
Significant audit risks are: management override of controls; the risk of fraud in revenue recognition; and, the risk of fraud in expenditure recognition as set out in Financial Reporting Council’s (FRC) Practice Note 10.
Our audit is undertaken in accordance with the Audit Scotland Code of Audit Practice and reflects the wider scope nature of public audit. In accordance with Audit Scotland guidance, we consider CNPA to be a smaller body for the purposes of wider scope responsibilities. Therefore the focus of our audit work will be on financial sustainability and governance statement disclosures.
At the planning stage we have identified no other areas of particular audit risk. We will continue to review audit risk throughout the year in order to be able to detect and respond to any particular areas of other audit risk which may arise.
Contents
| Section | Page |
|---|---|
| 1. Overarching principles of our audit and audit timeline | 4 |
| 2. Respective responsibilities | 5 |
| 3. Audit process and timetable | 6 |
| 4. Materiality | 7 |
| 5. A risk based audit methodology | 8 |
| 6. Significant financial statement risks | 9 |
| 7. Other audit areas | 12 |
| 8. Audit deliverables | 13 |
Appendices:
- Fees and independence
- Fraud arrangements
- Communication with those charged with governance
Overarching principles of our audit
Our audit is risk based and undertaken in accordance with the International Standards on Auditing (ISAs) (UK) and the Audit Scotland Code of Audit Practice 2016 (‘the Code’). Our overall objective is a effective, quality-focused external audit which adds value through wider insights and challenge. Our audit foundations are:
- Professional scepticism
- A focus on audit risks and key areas of management judgement
- Delivering a quality audit through our experienced public sector audit team, use of data analytics to focus our audit and understanding of the organisation
- Clear and upfront communications, with regular communication during the year
- Reporting with focused actions which will support you in improving your controls/operations
External Audit Plan
The External Audit Plan summarises our responsibilities in accordance with ISAs and the Code:
- Respective responsibilities
- Our audit process and timeline
- Materiality
- Our risk based audit approach to the audit of the financial statement
- Our wider scope responsibilities as applicable to smaller bodies covering financial sustainability and the annual governance statement
Continuous improvement and adding value
Our aim is to add value to CNPA through our external audit work. This will be delivered through delivering a high-quality audit. Specifically for CNPA we will also undertake the following arrangements:
- Continuous learning and development
- Robust and effective audit methodology
Respective Responsibilities
As set out in the Code of Audit Practice there are a number of key responsibilities you as an organisation are responsible for, and others, as appointed auditors we are responsible for. These are summarised below:
| Area | Accountable Officer and CNPA’s Responsibilities | Our Responsibilities | How do we do this in practice |
|---|---|---|---|
| Corporate governance | Establishing arrangements for proper conduct of its affairs, Legality of activities and transactions, Monitoring adequacy and effectiveness of arrangements (inc role of those charged with governance) | Undertake statutory duties and comply with professional engagement and ethical standards, Provide an ISA compliant opinion on financial statements and where appropriate regularity of transactions, Review and report on, as appropriate, other information eg annual governance statements, management commentary, remuneration reports | By reviewing and providing judgements and conclusions on CNPA’s arrangements including those in relation to financial sustainability and governance statement as applicable to smaller bodies |
| Financial statements | Preparing financial statements which give a true and fair view of their financial position, Maintaining accounting records and working papers, Putting in place systems of Internal Control and maintaining proper accounting records | Notify the Auditor General when circumstances indicate a statutory report may be required, Demonstrate compliance with wider public audit scope in accordance with Audit Scotland’s Code of Audit Practice and applicable guidance as applicable to smaller bodies covering financial sustainability and governance statement disclosures | Financial position and arrangements for ensuring financial sustainability in the medium to longer term |
| Financial position | Proper arrangements to ensure financial position is soundly based and responsibility to ensure arrangements secure Value for Money | Contributing to Audit Scotland Performance Reports, Providing regular updates to Audit Scotland to share awareness of current issues across our audit clients | Review of other information in line with our knowledge and understanding of CNPA, Ongoing dialogue and engagement with Audit Scotland during the year |
| Fraud and error | Establishing appropriate arrangements for prevention and detection of fraud, error, irregularities, bribery and corruption and affairs are properly managed | Notify Audit Scotland of any cases of money laundering or fraud, Contribute to Audit Scotland technical guidance | Providing quarterly fraud updates to Audit Scotland and information on any money laundering, Support Audit Scotland through engaging in technical guidance publications |
Audit process and timeline
Our planned audit timeline is detailed below. In accordance with the Code of Audit Practice and Audit Scotland Planning Guidance, we are required to undertake and report on a range of areas. The diagram below summarises our planned audit timetable for 2019⁄20, and output both to CNPA and Audit Scotland.
Materiality
We undertake your audit in accordance with International Standards on Auditing (UK) (ISAs) and the Audit Scotland Code of Audit Practice (May 2016). On an annual basis we are required to give an opinion as to whether the Financial Statements:
- Give a true and fair view
- Have been properly prepared in accordance with relevant legislation and standards
- Audited parts of the remuneration and staff report have been prepared in accordance with the guidance
- Regularity of expenditure and income
- The wider information contained in the financial statements e.g. Accountability Report; Directors Report and Governance Statement is consistent with our audit knowledge and the financial statements
Basis for materiality
We determine financial statement materiality based on a proportion of the total operating expenditure. This approach is consistent with our prior year materiality determination. We have determined CNPA’s materiality to be £140,000, which equates to approximately 2% of your budgeted total operating expenditure for the year.
Performance materiality
Performance materiality represents the amount set for the financial statements as a whole to reduce the probability that the aggregate of uncorrected and undetected misstatements exceed materiality. Based on our audit experience we have retained this for 2019⁄20 at 75%, being £105,000. Performance materiality determines those accounts which testing will be undertaken on and the level of sample testing performed where applicable. Performance materiality is set at 75% of overall materiality. This is consistent with the prior year reflecting our audit knowledge and understanding with no material adjustments in the prior year.
Our materiality reflects our professional judgement of the magnitude of an omission or misstatement that, individually or in the aggregate, could reasonably be expected to influence the economic decisions of the users of the financial statements. We will apply a lower materiality threshold on review of the Remuneration and Staff report to ensure that remuneration has been disclosure within appropriate bandings.
We will update our materiality based on the unaudited 2019⁄20 financial statements. During the course of our audit engagement, we will continue to assess the appropriateness of our materiality.
Reporting to those charged with governance
Whilst our audit procedures are designed to identify misstatements which are material to our opinion on the financial statements as a whole, we nevertheless report to the Audit Committee any unadjusted misstatements of lesser amounts to the extent that these are identified by our audit work. Under ISA 260 (UK) ‘Communication with those charged with governance’, we are required by auditing standards to report uncorrected omissions or misstatements other than those which are ‘clearly trivial’ to those charged with governance. We have determined this threshold to be £7,000, being 5% of materiality.
A risk based audit methodology
A core part of audit planning is understanding CNPA and the wider environment in which it operates. This is our fourth year as the external auditors of the Board appointed under the Audit Scotland framework. Through our audit planning procedures we consider a range of factors to assess the risk of material misstatement to the financial statements. Significant risks are defined by ISAs (UK) as risks that, in the judgement of the auditor, require special audit consideration. In identifying risks, audit teams consider the nature of the risk, the potential magnitude of misstatement, and its likelihood. Significant risks are those risks that have a higher risk of material misstatement. Our risk assessment includes the following;
- Consideration of critical accounting estimates including accruals and accounting for Investment in the National Parks Partnership LLP (fully impaired) and recognition of LEADER project income.
- Assessment of inherent risk factors including changes in the organisation’s activities and environment
- Understanding of entity level controls and the control environment, including IT controls
- Financial and operational performance during the year, including pressures in delivering outcomes while operating within financial resources limits
Identified Significant risks
- Risk of fraud in expenditure recognition
- Management override of controls
- Risk of fraud in revenue recognition
We continue to assess the risk of material misstatement and our response to these risks throughout our audit. Within our Annual Audit Report we will report to you the conclusions from our audit procedures over these risks, including any further risks identified or changes to our planned audit response.
Significant financial statement risks
Understanding and its environment
CNPA’s primary source of revenue is core revenue funding. For 2019⁄20, the Authority has budgeted for Scottish Government funding of £4.565 million and small uplift in capital funding to take total funding to £240,000 (2018÷19: £200,000). However, the authority faces challenges in meeting its financial targets. The lifting of the Scottish Public sector pay cap will create additional financial pressures in 2019⁄20, as staff costs represent the most significant cost for the organisation. In addition, the potential impact of EU Withdrawal creates additional uncertainty and opportunity to the Authority.
Over the medium to longer term the Authority recognises the changing strategic context for the National Park Authority and in particular the transition to delivering the priorities set out in the new National Park Partnership Plan as well as relevant Scottish Government priorities. The Corporate Plan includes financial forecasts over the next three financial years. This includes a projected flat cash grant in aid settlement over the period of the plan and moderate other sources of revenue. The financial plan includes forecast uplifts in operating costs however sufficient resources to continue to sustain operational performance and the delivery of the Authority’s strategic objectives.
| Risk area | Areas of focus | Description of risk |
|---|---|---|
| Risk of fraud in expenditure recognition | Other Expenditure (at the year end) (Completeness), Payables (Completeness, Valuation) | Operating expenditure is understated or not treated in the correct period (risk of fraud in expenditure). As payroll expenditure is well forecast and agreeable to underlying payroll systems, there is less opportunity for the risk of misstatement in this expenditure stream. We therefore focus on non-pay expenditure including operational plan expenditure and other operating costs. We consider the risk to be particularly prevalent around the year end and therefore focus our testing on cut-off of non-pay expenditure. |
Audit Response
- Walkthroughs of the controls and procedures over operational plan expenditure and other operating costs.
- Perform substantive testing (at an elevated risk level) expenditure recognised post year end to identify if there is any potential understatement
- Testing post year end bank statements and review of minutes to identify any potential unrecorded liabilities
- Reviewing accruals and deferred income around the year end to consider if there is any indication of understatement of balances held through consideration of accounting estimate
Significant financial statement risks
| Risk area | Areas of focus | Description of risk |
|---|---|---|
| Risk of fraud in revenue recognition | Income from Contracts (at the year end) (Occurrence, Completeness), Receivables (Existence, Completeness) | As set out in ISA 240 there is a presumed risk that revenue may by misstated due to improper recognition of revenue. In 2018⁄19, CNPA received £4 million in revenue funding from the Scottish Government. While material, we consider this funding to be well forecast and directly agreed to Scottish Government funding letter and draw down. We therefore consider the opportunity and incentive to manipulate this revenue stream as low and rebut the presumed risk around revenue recognition over revenue resource allocation. We therefore consider the risk of fraud in revenue recognition to be present in material revenue streams recognised within contract income, being project funding income (2018÷19: £1.6 million) and other income (2018÷19: £700,000).. |
Audit Response
- Walkthroughs of the controls and procedures over project funding recoveries and other income.
- Perform substantive testing (at an elevated risk level) over project funding and other income recognised in the final two months of the year and post year end transactions where there is an increased risk of fraudulent recognition of revenue. We will ensure that these are correctly accounted for in the financial statements.
- Evaluation of the existence of receivables balances held at 31 March 2020 through agreeing balances held to invoices and/or other supporting records.
- Perform income cut-off procedures and substantive testing over pre and post year end balances, over project funding and other income streams.
- A focus on recoverability of balances through agreeing a sample of debtor balances (at an elevated risk level) and agreeing to post year end cash receipt.
Significant financial statement risks
| Risk area | Areas of focus | Description of risk |
|---|---|---|
| Management override of controls | Journals, Accounting Estimates | As set out in ISA 240 there is a presumed risk that management override of controls is present in all entities. This risk area includes the potential for management to use their judgement to influence the financial statements as well as the potential to override CNPA’s controls for specific transactions. We consider those key judgements that are most susceptible to significant audit risk of management override are those over expenditure recognition. These are areas where management has the potential to influence the financial statement through estimate and judgement. |
Audit Response
Accounting estimates:
In assessing the risk of management override, consider those key accounting estimates and judgements that could impact on the organisations financial results and where there is an inherently increased risk of fraudulent misstatement or where management bias could result in a material misstatement. In response to the significant audit risk we will:
- Consider the design of controls in place over key accounting estimates and judgements
- Review accounting estimates for management bias / indication of fraud that could result in material misstatement. This will include review of estimates as at 31 March 2020 and retrospective review of those estimates as at 31 March 2019 including those with regards the LEADER project.
Journals testing:
We will use our data analytics tool to support our evaluation of journal transactions during the year. In response to the significant risk we will:
- Assess the design of controls in place over journal entries, including how these are prepared, authorised and processed onto the financial ledger;
- Will risk assess the journals population to identify large or unusual journal entries, such as those that are not incurred in the normal course of business, or those entries that may be indicative of fraud or error that could result in material misstatement. We will test these journals to ensure they are appropriate and suitably recorded in the financial ledger and correctly recorded in the financial statements;
- We will perform targeted testing of transactions around the financial year end reviewing those journals are large or otherwise appear unusual to understand the rationale for the transaction.
Other audit areas
Going concern considerations
As auditors, we are required to “obtain sufficient appropriate audit evidence about the appropriateness of management’s use of the going concern assumption in the preparation and presentation of the financial statements and to conclude whether there is a material uncertainty about the entity’s ability to continue as a going concern” (ISA (UK) 570).
We will review management’s assessment of the going concern assumption and evaluate the disclosures in the financial statements, alongside our assessment based on substantive testing and audit procedures.
Working with internal audit
We will aim to not duplicate the work of your internal auditors. We will consider the internal plan for 2019⁄20 and identify any particular areas relevant to our audit responsibilities and any area of risk which may impact on our planned testing approach. We will continue to consider internal audit work throughout the year and maintain and ongoing, open, dialogue with internal audit.
Internal control environment
Throughout our audit planning and fieldwork we will continue to develop our understanding of the overall control environment (design) as related to the financial statements. In particular we will:
- Consider procedures and controls around related parties, journal entries and other key entity level controls.
- Perform walkthrough procedures on key controls around identified risk areas including income, payroll expenditure, other expenditure, journal entries and material areas of management estimate and judgement including the LEADER project recoveries.
Wider scope approach – Smaller body arrangements
For smaller bodies the Audit Scotland Code of Practice permits auditors to not apply the full wider scope audit. In our judgement, taking into account the nature of CNPA operating activity and income and expenditure streams, we feel it is appropriate to continue to treat you as a smaller body under the Code. However, in accordance with Audit Scotland planning guidance, we will update our understanding of your arrangements for ensuring financial sustainability as well as your governance arrangements in place to support disclosures contained within the annual governance statement included within your financial statements.
Audit deliverables
As set out in the Code of Audit Practice, as appointed auditors we have a number of wider reporting responsibilities beyond the audit of the financial statements. Below we summarise the key areas of work during our 2019⁄20 audit, including expected reporting under Audit Scotland’s Code of Audit Practice and audit planning guidance (2018÷19 Guidance on Planning the Audit)
| Requirement | How we will report our findings |
|---|---|
| Annual accounts | External audit plan, External auditor’s opinion on the financial statements, Annual external audit report findings from our audit work of the financial statements |
| Wider scope audit dimensions | Annual external audit report (audit findings report) as applicable to smaller bodies (financial sustainability and governance statement) |
| Emerging issues | Communicating throughout our audit emerging issues throughout the year |
| Correspondence queries | Providing responses to any correspondence received based on our audit knowledge and understanding and the results of any review as agreed with Audit Scotland |
| Money laundering and fraud | Reporting cases to the National Crime Agency of an instances of money laundering at the Board and identified frauds to Audit Scotland |
| Technical guidance | Providing responses to Audit Scotland consultations on draft Technical Guidance notes for Auditors. |
Appendices
Appendix 1: Fees and independence
Appendix 2: Fraud arrangements
Appendix 3: Communication with the Accountable Officer