CAIRNGORMS NATION­AL PARK AUTHORITY

Draft MINUTES AUDIT & RISK COM­MIT­TEE 27/03/2020

Draft MINUTES of MEET­ING of the AUDIT & RISK COM­MIT­TEE of THE CAIRNGORMS NATION­AL PARK AUTHORITY

held via Video/​Tele­phone Con­fer­ence on 27 March 2020

Present:

• Judith Webb (Chair)
• Peter Argyle
• Pippa Had­ley
• Janet Hunter
• John Lath­am
• Gaen­er Rodger (Vice Chair)

In Attend­ance:

• Tony Bar­rie, BDO via Tele­phone Link
• John Boyd, Grant Thornton
• Grant Moir, Chief Executive
• Dav­id Camer­on, Cor­por­ate Ser­vices Director
• Danie Ral­ph, Fin­ance Manager
• Alix Hark­ness, Clerk to Board

Apo­lo­gies: None.

1. Wel­come and Apologies

The Con­vener wel­comed every­one to the meet­ing and apo­lo­gies were noted.

2. Minutes of Pre­vi­ous Meeting

The draft minutes of the 6 Decem­ber 2019 meet­ing were approved with no amendments.

3. Mat­ters Arising

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices repor­ted that move­ment on the out­stand­ing actions lis­ted at the end of the 6 Decem­ber 2019 Audit & Risk Com­mit­tee Minutes were:

a) At Para 10i): — In Hand — Care­ful con­sid­er­a­tion and thought on how to mar­ket the poten­tial invest­ment oppor­tun­it­ies and how to com­mu­nic­ate it on our cor­por­ate website.

b) At Para 10ii) – Closed — Dir­ect­or of Cor­por­ate Ser­vices had set out rationale for each cri­ter­ia and tweak the cri­ter­ia as per the Audit & Risk Committee’s com­ments and cir­cu­lated it elec­tron­ic­ally by the 20^th Decem­ber 2019.

c) Paper on risk appet­ite for dis­cus­sion by Com­mit­tee – Open – Dir­ect­or of Cor­por­ate Ser­vices repor­ted that he had not yet had the chance to, but would do so by cir­cu­la­tion pri­or to next meeting.

4. Intern­al Audit Review: Apprais­al Object­ive Set­ting (Paper 1)

Tony Bar­rie, BDO presen­ted a Paper which presents the intern­al auditor’s report on the Authority’s approaches and pro­ced­ures for staff apprais­al and object­ive setting.

5. Staff made the fol­low­ing points:

a) Grant Moir, CEO explained that it was a new apprais­al sys­tem that had been intro­duced dur­ing the last year. He com­men­ted that it had been a use­ful report.

b) Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices con­tex­tu­al­ised and advised that both he and the Head of Organ­isa­tion­al Devel­op­ment were happy with this report. He added that the report had been help­ful and the find­ings that are of a mod­er­ate level shows it is embed­ded well across the organ­isa­tion and a good fit with the cul­ture of organ­isa­tion which is backed up by the feed­back received by the Staff Con­sultat­ive For­um (SCF).

6. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) The Chair praised the pos­it­ive cul­tur­al shift to accom­mod­ate young­er mem­bers of staff.

b) Com­ment made that it was import­ant to see this pro­cess con­tinu­ing with the same level engage­ment dur­ing these cur­rent dif­fi­cult times.

c) Sug­ges­tion made that auto­mated remind­ers are set up to be sent by Human Resources, to save the team time. Dir­ect­or of Cor­por­ate Ser­vices agreed to look into it.

d) Was there an oppor­tun­ity to link staff well­being with the apprais­al pro­cess? Dir­ect­or of Cor­por­ate Ser­vices provided reas­sur­ance that staff well­being was an integ­ral part of the whole pro­cess, it was about ensur­ing staff were feel­ing well in the deliv­er­ing the role for the organisation.

e) The Chair thanked BDO for the report.

7. The Audit & Risk Committee:

a) Con­sidered the intern­al auditor’s findings.

b) Endorsed man­age­ment responses to recom­men­ded actions.

8. Action Point Arising:

i. Dir­ect­or of Cor­por­ate Ser­vices to invest­ig­ate if auto­mated remind­ers to man­agers to carry­out per­form­ance con­ver­sa­tions would be possible.

9. Intern­al Audit Review: Hand­ling Free­dom of Inform­a­tion Requests (Paper 2)

Tony Bar­rie, BDO presen­ted a Paper which presents the intern­al auditor’s review of the Authority’s pro­cesses and con­trols in place for hand­ling requests of inform­a­tion made until the Free­dom of Inform­a­tion (Scot­land) Act 2002 (FOISA).

10. Dir­ect­or of Cor­por­ate Ser­vices provided the Com­mit­tee with the back­ground, he made the fol­low­ing points:

a) He had asked for it to be car­ried out as a res­ult of the Inform­a­tion (Scot­land) Commissioner’s response to the appeal report that had been brought to this Com­mit­tee at their last meeting.

b) The cus­tom­er man­age­ment sys­tem pro­ject report had been deferred to make room for this one to take place.

c) On the back of the recom­mend­a­tions, he was happy with those and tidy­ing up the process.

d) Get­ting responses done with­in 20 days was chal­len­ging as it depended on the front line staff responding.

e) Is delighted with the recom­mend­a­tion to have min­im­al impact on these and now the Office Man­ager was in post it was pos­sible to have much more of a del­eg­ated respons­ib­il­ity on these to allow him to move away from the day to day of deal­ing with these.

11. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) Com­ment made that there may be a surge in Free­dom of Inform­a­tion requests forth­com­ing as the Author­ity moves on to hold­ing online pub­lic meet­ings. Dir­ect­or of Cor­por­ate Ser­vices noted the point and advised that the num­ber of FOIs are mon­itored as they are received and that they not had any evid­ence on that in the past week. He explained that a risk is the access into cent­ral drive, can only mon­it­or pro­lif­er­a­tion. He added that guid­ance com­ing out from com­mis­sion­er at moment say­ing 20 days should be achiev­able but that may change.

b) The Chair noted the many minor recom­mend­a­tions and high­lighted the pos­it­ives and good prac­tise with­in the report.

12. The Audit & Risk Committee:

a) Con­sidered the intern­al auditor’s findings.

b) Endorsed man­age­ment responses to recom­men­ded actions.

13. Action Point Arising: None.

14. Intern­al Audit Review: Pro­ject Fin­ance (Paper 3)

Tony Bar­rie, BDO presen­ted a Paper which presents the intern­al auditor’s review on Pro­ject Finance.

15. Staff made the fol­low­ing points:

a) Danie Ral­ph, Fin­ance Man­ager advised that he was liais­ing with the Dir­ect­or of Cor­por­ate Ser­vices as to what was appro­pri­ate to be brought before Man­age­ment Team and would ensure it was avail­able to them at least once a month.

b) Fin­ance Man­ager explained that on the LEAD­ER claim­ing front, the money has come in that had been claimed to date. The issue appeared was iden­ti­fied which was that there are con­stric­tions of being only able to upload 10 doc­u­ments to sup­port each claim. The team were now aware of this and were mind­ful of this going forward.

c) CEO explained that the Man­age­ment Team talk about the fin­ance of the organ­isa­tion often across all areas of work how­ever noted that this had not been clearly doc­u­mented. Going for­ward fin­ance would be added as a stand­ing agenda item and expli­citly recorded.

16. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) A query regard­ing the times­cale for spend, had meas­ures been put in place to take COV­ID-19 into con­sid­er­a­tion. CEO advised that COV­ID-19 would have min­im­al impact on this fin­an­cial year end and that it would have an impact on next fin­an­cial year. Dir­ect­or of Cor­por­ate Ser­vices added that he was in close dia­logue with the Her­it­age Lot­tery Fund (HLF) and the poten­tial for times­cales shift­ing. He explained that as part of the Oper­a­tion­al Plan review Man­age­ment Team and Heads of Ser­vice were look­ing at how the cur­rent arrange­ments were likely to impact the first quarter of next fin­an­cial year. He provided reas­sur­ance that this was under the sight of management.

b) The Chair com­men­ted that the Com­mit­tee were look­ing for­ward to see­ing the modi­fic­a­tions being put in to prac­tise going forward.

17. The Audit & Risk Committee:

a) Con­sidered the intern­al auditor’s findings.

b) Endorsed man­age­ment responses to recom­men­ded actions.

18. Action Point Arising: None.

19. Intern­al Audit Review: Fol­low Up Review and Annu­al Intern­al Audit Report (Paper 4)

Tony Bar­rie, BDO presen­ted a Paper which presents the fol­low up review by BDO con­sid­er­ing the extent to which man­agers have respon­ded to intern­al audit recom­mend­a­tions and under­taken agreed improve­ment actions. In addi­tion the paper presents the intern­al aud­it­ors report for 2019 – 20 which picks up in the extent of man­age­ment com­mit­ment to act on recom­mend­a­tions made while review­ing the over­all oper­a­tion of intern­al con­trols, risk man­age­ment and gov­ernance with­in the organisation.

20. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) Com­ment made that there were a num­ber of items only par­tially imple­men­ted and no due date for items that had not yet been imple­men­ted. Were due dates going to be added? Dir­ect­or of Cor­por­ate Ser­vices explained that they do not tend to revise due dates. He added that a num­ber of them were his­tor­ic and there­fore off the sys­tem. He advised that as part of the tidy­ing-up pro­cess the inten­tion was to bring the his­tor­ic items back before the Audit & Risk Com­mit­tee to ensure sat­is­fact­ory pri­or to sign off. The Chair agreed. Dir­ect­or of Cor­por­ate Ser­vices agreed to pre­pare a mid-year report on this back to the Com­mit­tee. Peter Argyle re-joined the meet­ing via telephone.

b) The Chair thanked BDO for the Intern­al Annu­al Audit Report.

c) The Chair raised wheth­er the Com­mit­tee wanted to change the title of the Com­mit­tee to include the word ​‘assur­ance’ as so many oth­er sim­il­ar com­mit­tees were doing. Dir­ect­or of Cor­por­ate Ser­vices reminded the Chair that the Com­mit­tee had dis­cussed that in pre­vi­ous meet­ing last sum­mer and had con­cluded that it was not neces­sary as the term assur­ance was well embed­ded in the Terms of Ref­er­ence of this Committee.

d) Dir­ect­or of Cor­por­ate Ser­vices repor­ted that BDO were com­ing to the end of their con­tract, hav­ing gone through a joint pro­cure­ment pro­cess BDO had not been re-appoin­ted. He thanked Claire Robertson, Tonie Bar­rie and the rest of the BDO team for their work over the time and all the thought they had giv­en to the Authority’s pro­cesses, it had been a pleas­ure to work with them.

21. The Audit & Risk Committee:

c) Con­sidered the update presen­ted on the Authority’s fol­low up action on intern­al audit recommendations.

d) Note the intern­al aud­it­ors Annu­al Report for ²⁰¹⁹⁄₂₀

22. Action Point Arising: None.

23. Gov­ernance State­ment (Paper 5)

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices presen­ted the draft Gov­ernance State­ment for incor­por­a­tion in the Authority’s Annu­al Accounts for ²⁰¹⁹⁄₂₀.

24. In dis­cus­sion the Audit & Risk Com­mit­tee made the fol­low­ing points:

a) The Chair high­lighted that the Chair had been referred to as Con­vener on page 2 of the state­ment. Dir­ect­or of Cor­por­ate Ser­vices noted this and agreed to cor­rect the error.

b) Tony Bar­rie, BDO was invited to make com­ment. He sug­ges­ted that many oth­er organ­isa­tions were put­ting a line in the Draft Fin­an­cial State­ments detail­ing any meth­ods put in place in response to COV­ID-19. Things such as the tem­por­ary sus­pen­sion of Stand­ing Orders, to speed up some of their pro­cure­ment func­tions. Fin­ance Man­ager advised that he still had 75% of the final accounts to write and he had inten­ded to insert a few lines detail­ing the impact of COV­ID-19 had had on the fin­an­cial year end. Dir­ect­or of Cor­por­ate Ser­vices thanked Tony for the advice and stated that he was con­tent to bring into busi­ness con­tinu­ity, aims to con­tin­ue with busi­ness as usu­al with­in realms of the Stand­ing Orders. He reminded the Com­mit­tee that the Draft Gov­ernance State­ment had been writ­ten before time of Covid19. The Com­mit­tee agreed that they were con­tent to leave this with Dir­ect­or of Cor­por­ate Ser­vices to write up and include without the need to see it in advance.

25. The Audit & Risk Com­mit­tee agreed to endorse the draft Gov­ernance State­ment for inclu­sion in the Authority’s ²⁰¹⁹⁄₂₀ Annu­al Accounts sub­ject to the fol­low­ing cor­rec­tion and addition:

a) The word ​‘Con­vener’ to be replace with ​‘Chair’ through­out the statement

b) A couple of lines ref­er­en­cing the any meth­ods put in place as a res­ult of COV­ID-19 to be added to the statement.

26. Action:

i. Cor­rec­tion and Addi­tion to be made to the draft Gov­ernance State­ment as detailed in para­graph 25.

27. Stra­tegic Risk Register Update (Paper 6)

Dav­id Camer­on presen­ted an update of the Authority’s stra­tegic risk man­age­ment and a com­ment­ary on management’s review of action taken and cur­rent risk status. The paper also sup­ports a dis­cus­sion on the risk man­age­ment approach to be taken around the man­age­ment of the cur­rent Coronavir­us pandemic.

28. In dis­cus­sion the Audit & Risk Com­mit­tee made the fol­low­ing com­ments and observations:

a) CEO advised that they were pulling togeth­er a second risk register for COV­ID-19. He repor­ted that the move to work­ing from home had gone smoothly and that video con­fer­en­cing was going rel­at­ively well too. He explained that the next thing is that the Nation­al Health Ser­vice (NHS) and Scot­tish Gov­ern­ment (SG) may ask the Author­ity to help with plug­ging gaps. He added that Man­age­ment were doing some work around mod­el­ling what the next year may look like giv­en so many unknowns includ­ing what the NSH and SG may want the Author­ity to focus on. He warned that there would be re-budget­ing by Scot­tish Gov­ern­ment and the Authority’s grant and aid alloc­a­tion would change as a res­ult of the implic­a­tions of COVID-19.

b) Sug­ges­tion made to include a gen­er­al­ised risk to cov­er any future pan­dem­ics, in draw­ing up for future pan­dem­ics which may or may not be likely. Are we look­ing at safe work­ing prac­tises, pro­tect­ing the busi­ness, linked to things that fea­ture in the Authority’s busi­ness con­tinu­ity plan? CEO advised that Man­age­ment team and Heads of Ser­vice were cur­rently review­ing the lines detailed in the Oper­a­tion­al Plan, look­ing at what could be delivered in blocks of 4 months and what could be pushed back to later in the year. He warned that this did not take into con­sid­er­a­tion any change in grant and aid fund­ing alloc­a­tion. He explained that the Busi­ness Con­tinu­ity Plan seemed to be work­ing well, 80 staff now work­ing from home, VM Ware and hav­ing only 10 licences for the whole organ­isa­tion was prov­ing a bit tricky how­ever this was being looked at and solu­tions would be found.

c) A Mem­ber sym­path­ised with the uncer­tainty of grant and aid alloc­a­tions going for­ward. Janet Hunter left the meet­ing moment­ar­ily and returned.

d) Dir­ect­or of Cor­por­ate Ser­vices com­men­ted that the cur­rent COV­ID-19 crisis was the biggest Busi­ness Con­tinu­ity Plan­ning test the Author­ity had faced.

e) The Chair com­men­ted that a few of the risks in the register had a down­ward trend and sug­ges­ted the Com­mit­tee dis­cuss the remov­al of some of these. Dir­ect­or of Cor­por­ate Ser­vices advised that he would like to see risk A14 remain due to ongo­ing media activ­ity sur­round­ing caper­cail­lie and Car­rbridge. He advised that he’s be con­tent to remove risk A19 as there is evid­ence in the Oper­a­tion­al Plan and Budget paper going before the Board at their meet­ing that staff num­bers have been adequately dealt with.

29. The Audit & Risk Committee:

a) Con­sidered the update presen­ted on the Authority’s Stra­tegic Risk Register

b) Con­sidered wheth­er mem­bers have any fur­ther updates which should be incor­por­ated into the SRR, includ­ing any addi­tion­al risks not cur­rently incorporated.

c) Agreed to remove Risk A19 from the Stra­tegic Risk Register.

d) Agreed that the Dir­ect­or of Cor­por­ate Ser­vices should devel­op a draft risk register around man­age­ment of the cur­rent Coronavir­us and cir­cu­late that to the Com­mit­tee for consideration.

30. Action:

i. Risk A19 to be removed from the Stra­tegic Risk Register.

31. Update on Intern­al Audit Ser­vices and ²⁰²⁰⁄₂₁ Planning

Dav­id Camer­on provided an oral update on the Intern­al Audit Ser­vices and 2020 – 21 Plan­ning. He made the fol­low­ing points:

a) Scott Mon­crieff had been appointed.

b) It was not a reflec­tion on the ser­vice provided by BDO, the Author­ity were tied into a joint pro­cure­ment pro­cess with partners.

c) Will be arran­ging a meet­ing togeth­er with the CEO and the newly appoin­ted auditors.

d) Arrange­ments will be made to invite a rep­res­ent­at­ive of Scott Mon­crieff to attend the next Audit & Risk Com­mit­tee meeting.

e) A draft of the Intern­al Audit Plan would be cir­cu­lated to the Com­mit­tee in advance of the next meet­ing and dis­cussed in full at the next meeting.

32. The Chair thanked BDO for their good natured and pos­it­ive work­ing rela­tion­ship they had experienced.

33. The Chair expressed a will­ing­ness to be involved in ini­tial dis­cus­sions with Scott Mon­crieff. This was noted.

34. Dir­ect­or of Cor­por­ate Ser­vices sug­ges­ted that the Chair meet with Tony of BDO to close off any busi­ness and then report back to Com­mit­tee at the next meet­ing. The Chair agreed to this.

35. John Boyd, Grant Thornton provided an update on the extern­al audit plans for the cur­rent fin­an­cial year. He made the fol­low­ing points:

a) They have the sys­tems and pro­cesses in place to be able to audit remotely as agreed with the Fin­ance Manager.

b) The Audit pro­cess will how­ever be pro­longed due to the restric­tions on when they can carry out a site visit.

c) IRF16 was sup­posed to be imple­men­ted next fin­an­cial year which impacts on the lease and there­fore would have had to be recog­nised this year how­ever the HM Treas­ury had announced that they were post­pon­ing this for anoth­er year.

d) Timelines pro­posed and agreed from the out­set do no look likely to change, just a dif­fer­ent approach to audit­ing (video con­fer­en­cing) would be car­ried out.

36. The Com­mit­tee made the fol­low­ing com­ments and observations:

a) Fin­ance Man­ager advised that the biggest issue for the team would be pulling out samples for the audit.

b) The Chair com­men­ted that the video con­fer­en­cing seemed to be work­ing well and thanked John Boyd for his update.

37. The Com­mit­tee noted the update.

38. Action Points Arising:

i. Chair to meet with BDO to close off any loose ends and then to report back to the Com­mit­tee at their next meeting.

37. AOB

The Chair asked if the next meet­ing would be likely to be held via video con­fer­en­cing giv­en the cur­rent restric­tions imposed as a res­ult of the coronavir­us pan­dem­ic. It was agreed that this would be likely.

38. The Chair reques­ted a paper on the repu­ta­tion­al risk to the Author­ity on the caper­cail­lie pro­ject to be brought to the next meet­ing. Dir­ect­or of Cor­por­ate Ser­vices agreed and asked that the Chair drop him an email detail­ing the points of ref­er­ence so he can ensure all points are covered.

39. Action Points arising:

i. Chair to email Dir­ect­or of Cor­por­ate Ser­vices detail­ing the point of ref­er­ence need­ing answered sur­round­ing the repu­ta­tion­al risk to the Author­ity on the caper­cail­lie pro­ject to enable a paper being drawn up for the next meeting.

40. Date of Next Meet­ing: 12 June 2020, Cairngorms NPA Offices, Grant­own-on-Spey, (Ven­ue TBC).

41. Meet­ing closed 10.33 hours

Audit & Risk Com­mit­tee: Out­stand­ing Actions

Action	Status
Audit and Risk Com­mit­tee induc­tion pack	Open
Risk mit­ig­a­tion for LEAD­ER Account­able Body role	Open
Private Fin­ance Pro­cess and cri­ter­ia for accept­ing proposals	Open