200327 Paper 4 Annex1 CNPA - Follow Up 2019-20 Report - FINAL
CAIRNGORMS NATIONAL PARK AUTHORITY
INTERNAL AUDIT REPORT Follow up review March 2020
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
CONTENTS
Executive Summary 3 Recommendation Status 6
Appendices: I Staff Interviewed 37 II Definitions 38 III Terms of Reference 39
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
REPORT STATUS Auditor: Abigail McGurn Dates work performed: 17 Feb 2020 — 17 Mar 2020 Draft report issued: 23 March 2020 Final report issued: 23 March 2020
DISTRIBUTION LIST David Cameron Director of Corporate Services Daniel Ralph Finance Manager Audit & Risk Committee Members
Restrictions of use The matters raised in this report are only those which came to our attention during the course of our audit and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. The report has been prepared solely for the management of the organisation and should not be quoted in whole or in part without our prior written consent. BDO LLP neither owes nor accepts any duty to any third party whether in contract or in tort and shall not be liable, in respect of any loss, damage or expense which is caused by their reliance on this report.
2
EXECUTIVE SUMMARY
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
Scope and Work Undertaken Background As part of the provision of continual assurance with regard to internal control arrangements, a review of the degree of implementation of previously agreed Internal Audit recommendations was conducted in March 2020. In accordance with the Internal Audit Annual Plan 2019 – 20, we have considered the implementation status of all recommendations raised from previous Internal Audit work which were due to be implemented at the time of this review.
In total there are 44 recommendations that we considered during the follow up. A total of 13 recommendations were followed up from the work undertaken by BDO during 2019⁄20 with one changing its date of implementation to December 2020 so this was considered as not yet scheduled for completion, a further 7 recommendations made in 2019⁄20 are not yet scheduled for completion and have not been followed up. We also followed up on 24 recommendations carried forward from work undertaken in previous years. The recommendations relate to 16 audit areas, as listed below:
- Risk Management 2016⁄17 (2 recommendations)
- Financial Processes 2016⁄17 (1 recommendation)
- Grant Funding & Management 2016⁄17 (2 recommendations)
- Tomintoul & Glenlivet Partnership Management 2016⁄17 (2 recommendations)
- IT General Controls 2016⁄17 (3 recommendations)
- Project Management 2017⁄18 (2 recommendations)
- Communications & Social Media Strategy 2017⁄18 (1 recommendation)
- Partnership Management 2018⁄19 (2 recommendations)
- Resource Planning 2018⁄19 (2 recommendations)
- Business Continuity Planning 2018⁄19 (7 recommendations)
- Payroll Administration 2019⁄20 (4 recommendations)
- Risk Management 2019⁄20 (1 recommendation)
- Expense Claims Process 2019⁄20 (4 Recommendations)
- Staff Objective Setting and Appraisal 2019⁄20 (4 Recommendations)
Methodology Cairngorms National Park Authority’s Internal Audit recommendation progress report was reviewed to determine the degree of implementation achieved. Where the responsible person stated that recommendations had been implemented, evidence was sought, and testing undertaken where relevant, to verify continued compliance.
Acknowledgement We appreciate the assistance provided by the staff involved in the review and would like to thank them for their help and on-going co-operation.
3
EXECUTIVE SUMMARY
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
Scope and Work Undertaken Status of recommendations as at March 2020
The summary below and overleaf provides a simple overview of the status of each recommendation. Of the 36 recommendations due to be implemented, 8 recommendations (22%) have been categorised as fully implemented, 19 (51%) have been categorised as partially implemented and 9 (24%) as not implemented. Details of the not implemented and partially implemented recommendations are included from page 6 onwards.
On this basis, we conclude that Cairngorms National Park Authority has made some progress in implementing the recommendations made, however, the implementation rate is low and continued focus is necessary to ensure the remaining outstanding recommendations are implemented within a reasonable timeframe.
| Audit | Fully implemented | Partially Implemented | Not Implemented | Superseded | Not due for implementation | Total |
|---|---|---|---|---|---|---|
| Risk Management 2016⁄17 | - | 2 | - | - | - | 2 |
| Financial Processes 201⁄17 | - | 1 | - | - | - | 1 |
| Grant Funding & Management 2016⁄17 | - | 1 | 1 | - | - | 2 |
| Tomintoul & Glenlivet Partnership Management 2016⁄17 | - | 2 | - | - | - | 2 |
| IT General Controls 2016⁄17 | - | 1 | 2 | - | - | 3 |
| Project Management 2017⁄18 | - | 2 | - | - | - | 2 |
| Communications & Social Media Strategy 2017⁄18 | 1 | - | - | - | - | 1 |
| Partnership Management 2018⁄19 | - | 2 | - | - | - | 2 |
| Resource Planning 2018⁄19 | - | - | 2 | - | - | 2 |
(continued overleaf) 4
EXECUTIVE SUMMARY
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
| Audit | Fully implemented | Partially implemented | Not Implemented | Superseded | Not due for implementation | Total |
|---|---|---|---|---|---|---|
| Business Continuity Planning 2018⁄19 | - | 6 | - | - | 1 | 7 |
| Payroll Administration 2019/20* | 2 | 1 | 2 | - | 1 | 6 |
| Risk Management 2019⁄20 | 1 | - | - | - | 2 | 3 |
| Expense Claims Process 2019⁄20 | 3 | 1 | - | - | 3 | 7 |
| Staff Objective Setting & Appraisal 2019⁄20 | 1 | 1 | 1 | - | 1 | 4 |
| TOTAL | 8 | 19 | 9 | 0 | 8 | 44 |
- For the 2 recommendations noted as Not Implemented in the Payroll Administration Review, CNPA have informed us that there is are monthly reports completed, reviewed and signed as agreed in the original recommendation. However, due to the sensitive nature of the evidence we have not been provided with the evidence electronically. Following the outbreak of COVID-19 BDO were unable to travel to the client to confirm this. CNPA consider this as Fully Implemented but we have been unable to confirm this is the case.
5
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — RISK MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 2 | We recommend that, on development of a risk management policy, staff with risk management responsibilities are required to sign a checklist to confirm whether they are aware of the organisation’s risk management approach or require further training in this area. | Original Agreed. I think the recommendation for staff to sign a checklist and self-certify awareness of risk management approaches or need for further training is a very practical recommendation that can help avoid staff undergoing unnecessary “mandatory” training. April 2019 The Director of Corporate Services emailed all Heads of Service on 31 May 2017 highlighting the approach to risk management and seeking staff training requirements. We accept that we have not developed a checklist for staff to sign however, the email approach was intended to act as a surrogate for a separate checklist. | Governance & Information Officer |
Status at March 2020 & Revised Recommendation Partially Implemented
Management Response at March 2020 Status remains same as 2019.
6
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — RISK MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 3 | We recommend that all project risk registers should be developed using a consistent approach aligned to the Strategic Risk Register. We recognise that management have identified that in practice projects evolve their own approach to developing risk registers and have accepted this, providing the project teams are recognising and managing risk. However, implementing a consistent approach for developing risk registers will ensure risks are being assessed and understood consistently throughout the organisation, ensure consistent high quality and will improve the process for escalating and de-escalating risks to the Strategic Risk Register. | Original Agreed. While the key point remains to ensure that risks and recognised, documented and managed, we accept that risk registers should ideally be in a consistent format to aid review and escalation processes. We will reinforce the need for use of the template to support consistency of practice in our project management communications and internal reviews. August 2018 The entirety of the project management support system is currently under review, and this low level risk will be captured within that review. We will aim to complete this work by January 2019. April 2019 As noted in the above status update, this recommendation is substantially complete within revised timetable. The risk template is included within updated project management toolkit and we simply have not had an opportunity yet to trial on projects. The first trial is currently underway for the Customer Records Management System implementation project. | Governance & Information Manager |
7
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex 1 27/03/2020
RECOMMENDATION STATUS — RISK MANAGEMENT 2016⁄17
Status at March 2020 & Revised Recommendation Partially Implemented A template has been developed to standardise the approach to risk management, once projects begin to adopt the template we will be able to verify the implementation of the recommendation.
Management Response at March 2020 Status remains same as 2019 no signed checklist in place as yet.
8
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — FINANCIAL PROCESSES 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 2 | We recommend that the Finance Management schedule is updated to provide detailed policies and guidance on all financial processes. These should be reviewed on an annual basis. We also recommend that clear roles and responsibilities demonstrating segregation of duties are documented within the guidance notes for all financial processes. We recognise that management have made progress in developing the schedule and that completion of this was delayed due to the implementation of the new Sage system. | Original Accepted. We are currently reviewing and updating all procedures. August 2018 High level tasks relating to month end and year end routines and procedures are in place. Documentation of lower level tasks to implemented by 31 December as part of general review of policies, procedures and responsibilities. It should be noted that when a specific spreadsheet is developed for either reporting or financial management notes are imbedded stating the reason for the spreadsheet and how it is to be prepared. These are usually high level and currently maintained by the finance manager, specifically for recording and tracking LEADER claims. April 2019 Review and updating of documentation will be carried out before the 18⁄19 audit in June, ie by 16th June. | Finance Manager |
Status at March 2020 & Revised Recommendation Not Implemented This has not yet been implemented. Management have informed us that the routines and processes will be reviewed and updated by mid-June.
9
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — FINANCIAL PROCESSES 2016⁄17
Management Response at March 2020 Delayed: while changes to practices are updated in advance of the annual external audit, for the benefit of the external auditors and walk through tests, a comprehensive rework has not taken place due, most recently, staffing issues. It is still the intention to have a comprehensive refresh and realistically this will not be until after the 19⁄20 audit which is due to complete mid-June. We will target this work in quarters 2 and 3 of 2020⁄21.
10
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex 1 27/03/2020
RECOMMENDATION STATUS — GRANT FUNDING & MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 1 | We recommend that the Grant Toolkit is completed, encompassing all processes in place for the awarding, recording and monitoring of grant funding. The toolkit should also clearly define the following: Actions to be taken when grant conditions are not being met or terms and conditions are breached; — The process for consideration of the risk and value of grant funding applications to determine the proportion of resource required to evaluate these; and Review and scrutiny arrangements for progress reports provided by grantees. | Original Accepted. Finalisation of the toolkit has been delayed by other priority activities and will now be accelerated. August 2018 Work to recommence in October and linked to project management: To be implemented by January 2019. The intention is to complete this in parallel with work on projects to ensure a commonality in a risk based approach to project and grant management. April 2019 Revised date for completion 30 September 2019 | Responsible Officer: Director of Corporate Services Implementation Due Date: 30 September 2017 |
Status at March 2020 & Revised Recommendation Not Implemented This recommendation has not yet been implemented, management have advised that it will not be implemented until 20⁄21.
Management Response at March 2020 We will give resource priority to developing and rolling out the use of a grant toolkit over the course of 2020⁄21.
11
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — GRANT FUNDING & MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 2 | We recommend that management develops and maintains a grant register which records all grant funding provided. The performance requirements detailed within each grant award terms and conditions should be recorded and monitored within the tracker. The register should be reviewed on a regular basis to ensure funds are used effectively and agreed objectives are achieved. | Original Agreed. This is a sensible recommendation and one which mirrors recent thinking within the Finance Team that we should establish and maintain a central register of live grant funding initiatives. April 2019 Priority will be given to populating the 19⁄20 register and then back filling previous 2 years by 30 September with all relevant terms and conditions. | Responsible Officer: Finance Manager Implementation Due Date: November 2017 |
Status at March 2020 & Revised Recommendation Partially Implemented This recommendation has not yet been implemented, management have advised that it will not be implemented until after the year end.
Management Response at March 2020 Delayed: This remains partially implemented having falling into arrears due to recent staffing issues. This will be addressed post completion of the annual audit when the finance department will be back to full capacity.
12
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — TOMINTOUL & GLENLIVET PARTNERSHIP MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 1 | We recommend that all project management templates are completed for the delivery phase of the TGLP project. We also recommend that more detailed project management protocols are defined within the Project Management Guidance and Process documents. The protocols should clearly define the process to be followed for the following stages of a project: — Option selection and prioritisation; — Collaboration with partners; — Solution development; — Delivery (including monitoring and reporting); and — Changes (including time, cost, quality and risk changes). The change management process for the delivery phase of the project should be clearly documented, including the identification of defined limits outlining at which point HLF approval is required. | Original Agreed. The Programme Manager has now been recruited for this programme and will be charged with completing all project management templates to enhance robustness of management controls. As the documentation will be completed and owned by the Programme Manager this will also enhance lines of management responsibility. August 2018 To be fully implemented by 30 November 2018. | Responsible Officer: Tomintoul & Glenlivet Programme Manager with Head of Land Management and Conservation Implementation Due Date: 31 July 2017 |
Status at March 2020 & Revised Recommendation Partially Implemented This recommendation has not yet been implemented and the project is reaching completion. Spreadsheets were developed to monitor changes however not all points of the recommendation have yet been addressed.
13
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — TOMINTOUL & GLENLIVET PARTNERSHIP MANAGEMENT 2016⁄17
Management Response at March 2020 The project is now 7 months from closure and more work is being undertaken on monitoring the finance position and project outturns. A number of spreadsheets are now used as a basis of making reports to the Project Board (TGLP Budget monitoring live v4 and onwards). We have provided a copy of the key spreadsheet which was reviewed and which reinforces significant financial management oversight and controls implemented since audit. The wider finding on project management has been superseded as we are now in the final half year of delivery. Accordingly, the resource focus is now on programme closure and development of legacy arrangements.
14
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — TOMINTOUL & GLENLIVET PARTNERSHIP MANAGEMENT 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 2 | We recommend that changes in spend profile exceeding an agreed threshold are reported to the TGLP Board on a monthly basis. | Original Agreed. August 2018 Finance risk is now being considered in more detail by the board as more major projects are either due to start or project plans are revised. To date, as only 1 major project has been undertaken, and is currently showing a £6k underspend, there has been no need to set a variance against project budgets, especially as the Museum Refurbishment was closely monitored by the Project manager. What has been agreed is that in September a comprehensive review of all project costs will be undertaken and the recast project costs and profiled spend will then be used as the bench mark for cash management, cost monitoring on a monthly basis. This will then be included in the monthly finance paper and supplemented by any specific concerns by the Project manager. As a first step a Contingency Request form has been introduced. This is a request to the Board for contingency funding where cost overruns have been identified on review. Secondly post September review variances against plan will be reported to the Board monthly. No reporting level has been set but greater emphasis will be placed on the high value construction projects. | Responsible Officer: CNPA Finance Manager Implementation Due Date: 30 September 2017 |
15
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex 1 27/03/2020
RECOMMENDATION STATUS — TOMINTOUL & GLENLIVET PARTNERSHIP MANAGEMENT 2016⁄17
Status at March 2020 & Revised Recommendation Partially Implemented Client have provided documentation on spend and what is discussed at meetings — not exact implementation of recommendation but appropriate monitoring is conducted. Partially Implemented as evidence of agreed threshold not provided.
Management Response at March 2020 The project is now 7 months from closure and more work is being undertaken on monitoring the finance position and project outturns. A number of spreadsheets are now used as a basis of making reports to the Project Board (TGLP Budget monitoring live v4 and onwards). We have provided a copy of the key spreadsheet which was reviewed by CNPA finance to ensure reported costs are in line with the financial system. Also provided is a list of discrepancies identified and coded on a RAG system (differences identified). Another spreadsheet, monthly build-up of costs (T&G monthly), has also been developed which is autocompleted completed and compared with the agreed budgets so and independent monitoring can be carried out by CNPA Finance. (This is the first iteration of this spreadsheet and it is imbedded in the main tracker used to record and consolidate all CNPA finances from TB to final accounts.) It should be noted that the 4 largest projects are either complete or in the final stages of completion (Museum, Blairfindy, Scalan and Access.). Other than increased financial oversight from CNPA it is not proposed to introduce any further monitoring and controls.
16
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — IT GENERAL CONTROLS 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 6 | We recommend that, as per the requirements of the Security Policy, there is regular full-restore testing of backups i.e. the full recovery of systems on a bare-metal server using backup media. We also recommend that a formal backup plan/policy is developed to ensure a consistent approach is taken to managing backups including implementation, monitoring over their success/failure, rerunning failed backups and regular testing. | Original Agreed. April 2019 There are no current plans to attempt a full- restore of backups. | Responsible Officer: Governance and Corporate Performance Manager with IT Manager Implementation Due Date: 31 January 2018 |
Status at March 2020 & Revised Recommendation Partially Implemented.
Management Response at March 2020 There has been ‘testing’ of back up arrangements necessitated by server failure in Autumn 2019 — therefore a formal run of procedure rather than desk or artificial testing exercise. More comprehensive test plans are being incorporated within the Business Continuity Plan in development and covered by responses to other audit findings.
17
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — IT GENERAL CONTROLS 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 10 | We recommend that all network devices are configured with reference to recognised security baselines to ensure that all active network components have met a minimum security standard. | Original Agreed. August 2018 To be completed by 31 December 2018. April 2019 April 2019 Revised date for implementation 31 December 2019. | Responsible Officer: IT Manager Implementation Due Date: 31 March 2018 |
Status at March 2020 & Revised Recommendation Not Implemented
Management Response at March 2020 Consider dropping: This isn’t considered cost effective given the software landscape: our operations are geared to MS office, Sage products, GIS and iDox. We consider that existing practices are sufficient.
Since completion of the internal audit, the Authority has focused on delivering infrastructure developments in line with Scottish Government’s Cyber Security Plus criteria. To streamline processes and action plans, we will focus on this line of development and monitoring / review for IT infrastructure design.
18
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — IT GENERAL CONTROLS 2016⁄17
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 11 | We recommend that the Authority consider developing and implementing a network security monitoring and logging strategy to ensure that areas of the network that are used to store or process sensitive data are subject to proactive monitoring controls. Also, we recommend that management consider introducing a syslog for securely capturing and retaining log information to ensure the availability and integrity of log data is maintained. | Original Agreed. August 2018 The first phase of the Cyber Essentials certification is in progress and the initial report is awaited. April 2019 Cyber Essentials+ certification has been gained — completion was in December 2018. | Responsible Officer: IT Manager Implementation Due Date: 31 March 2018 |
Status at March 2020 & Revised Recommendation Not Implemented
Management Response at March 2020 Considering dropping: in projections for spend to 31/03/20 is one piece of software — AD audit + — which would allow tracking of deleted, moved folders etc. which would additionally help us to comply with GDPR requirements. While this is in projections no requisition has yet been raised.
We have implemented Cyber Security Essentials Plus with completion in December 2018 and reaccreditation now being pursued. We propose to retain this audit risk as partially implemented rather than superseded in order to ensure a cross-check is in place between controls implemented to meet cyber security requirements with controls being put in place for data access and wider security of data management systems.
19
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — PROJECT MANAGEMENT 2017⁄18
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 1 | We recommend that all project management templates are completed for future projects in line with the project management guidelines. We also recommend that a process for requesting and approving changes to defined limits relating to cost, time, quality and risk is documented and applied. We also recommend that all changes are recorded within a project change log. | Original Recommendation accepted. The Operational Management Group, comprising all Heads of Service, have additionally commenced an internal review of the adequacy of the project management templates and whether the approach to project management approval and governance can be streamlined without compromising internal control standards. The results of this review will be applied while also ensuring the current recommendation is implemented: ensuring that the revised project toolkit is used fully and appropriately. August 2018 The entirety of the project management support system is currently under review, and this action will be captured within that review. We will aim to complete this work by January 2019. April 2019 As noted above, the updated project toolkit is complete and being rolled out. We are still to complete processes around change requests, being mindful of one of the Authority’s key attributes of being flexible and adaptable. We will consider these final elements as we review the roll out of project management over 2019. | Responsible Officer: Director of Corporate Services with Head of Organisational Development Implementation Due Date: 30 June 2018 |
20
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex 1 27/03/2020
RECOMMENDATION STATUS — PROJECT MANAGEMENT 2017⁄18
Status at March 2020 & Revised Recommendation Partially Implemented Once projects are undertaken with the new project management toolkit it will be possible for this to be sample tested.
Management Response at March 2020 We have established a list of priority projects for oversight and “gateway review” prior to start by the Operational Management Group. However, we accept that this process has not been looked at closely over the course of 2019⁄20 and there is still some work to do on ensuring an appropriate level of engagement with standardised project management processes by project managers and project sponsors.
21
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — PROJECT MANAGEMENT 2017⁄18
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 3 | We recommend that roles and responsibilities are fully documented for all key people and groups with responsibilities for each project. | Original Agreed. August 2018 Management will revisit the register of projects and detail those significant and large scale projects for which the roles and responsibilities of all key people and groups should be documented. April 2019 As noted above in status update. How we best capture roles and responsibilities within the revised toolkit is under review. | Responsible Officer: Director of Corporate Services Implementation Due Date: 31 July 2018 |
Status at March 2020 & Revised Recommendation Partially Implemented Once projects are undertaken with the new project management toolkit it will be possible for this to be sample tested.
Management Response at March 2020 The project toolkit is in place as previously reported. However, this toolkit still requires to be tested to determine whether the identified control issue of establishing clarity in project roles and responsibilities has been adequately dealt with.
22
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27/03/2020
RECOMMENDATION STATUS — PARTNERSHIP MANAGEMENT 2018⁄19
| Ref. | Original Recommendation | Sig. | Management Response | Responsibility & Implementation Date |
|---|---|---|---|---|
| 1 | We recommend that the Authority issue a questionnaire or feedback request on an annual basis to all key partners to seek feedback and thoughts on how the partnership, communication methods and ways of working could be further improved. We further recommend that feedback provided is collated and actions recorded. | Original We accept the finding regarding the gap in collation and analysis of partners’ feedback and accept the merits of considering the recommendation. As one option, it is possible that the annual report process could be preceded or followed by a feedback request to partners covering the points flagged up by the recommendation. | Responsible Officer: Chief Executive with Head of Planning and Rural Development Implementation Due Date: 30 June 19 |
Status at March 2020 & Revised Recommendation Partially Implemented Once survey closed and analysis undertaken it will be possible for this to be tested.
Management Response at March 2020 We have written to partners to seek their feedback both on their delivery against National Park Partnership Plan agreed objectives and also to consult with partners on overall partnership working arrangements. This process is continuing into 2020⁄21. We also have some instances of partners attending Board meetings to provide more direct communications to the Authority on partnership working and priorities. The stakeholder survey also feeds into this process. We have yet to compile and analyse the results of this work, hence partially implemented.
23
CAIRNGORMS NATIONAL PARK AUTHORITY Audit and Risk Committee Paper 4 Annex I 27÷03÷202