200327 Paper 4 Follow Up Annual Report
CAIRNGORMS NATIONAL PARK AUTHORITY Audit & Risk Committee Paper 4 27/03/2020
CAIRNGORMS NATIONAL PARK AUTHORITY AUDIT & RISK COMMITTEE
FOR DISCUSSION
Title: INTERNAL AUDIT: FOLLOW UP REVIEW AND ANNUAL INTERNAL AUDIT REPORT
Prepared by: DAVID CAMERON, DIRECTOR OF CORPORATE SERVICES
Purpose
This paper presents a follow up review by BDO, the Authority’s internal auditors, considering the extent to which managers have responded to internal audit recommendations and undertaken agreed improvement actions.
The paper also presents the internal auditor’s annual internal audit report for 2019⁄20, which picks up on the extent of management commitment to act on recommendations made while reviewing the overall operation of internal controls, risk management and governance within the organisation.
Recommendations
The Audit & Risk Committee is asked to: a) Consider the update presented on the Authority’s follow up action on internal audit recommendations. b) Note the internal auditor’s Annual Report for 2019⁄20.
Executive Summary
Follow Up Review
The Authority’s internal auditors, BDO, have undertaken a review of progress made by the Authority’s management in implementing actions recommended to address identified internal control and process improvements in the Authority’s systems. The full report on the review is set out at Annex I to this paper.
Annex I covers a total of 44 recommendations made following 2019⁄20 internal audits reported to date alongside internal audit work dating back to 2016⁄17. Of the total of 44 recommended actions, eight are noted as not yet due for implementation according to timetables for action agreed by management and endorsed by the Audit and Risk Committee. Of the remaining 36 recommendations, 8 are agreed as having been fully implemented with 19 actions partially implemented — a total of 27 (75%) of recommendations with action due being confirmed as completed or in progress.
A further 2 recommendations have been implemented by management. However, as the evidence supporting this work around payroll administration includes a high level of sensitive data which did not merit being transferred electronically, BDO are unable to verify this position and the actions remain recorded as “not implemented” in Annex 1. This position therefore slightly over-states the numbers of actions not implemented and would increase the proportion of actions completed or progressed to around 81%.
While there is a good degree of performance in implementing audit recommendations highlighted in this report, we note that there remain a number of rather dated actions which remain at the “partial implementation” stage. Management will give attention to these recommended actions in the year ahead with a view to either bringing the action to a conclusion or confirming that the actions concerned have now been overtaken by other, more current developments.
2019⁄20 Internal Audit Annual Report
The internal auditors Annual Report for 2019⁄20 is presented at Annex 2 to this paper.
BDO as internal auditors have again fully completed their proposed programme of work for the year. The annual report highlights that, in the view of BDO, on the basis of reviews undertaken during the period and in the context of materiality:
a. The risk management activities and controls in the areas examined were found to be suitably designed to achieve the specific risk management, control and governance arrangements; b. Based on BDO’s verification reviews and sample testing, risk management, control and governance arrangements were operating with sufficient effectiveness to provide reasonable, but not absolute assurance that the related risk management, control and governance objectives were achieved for the period under review.
David Cameron 23 March 2020 davidcameron@cairngorms.co.uk