CAIRNGORMS NATION­AL PARK AUTHORITY

Draft Minutes of Meet­ing of the Audit & Risk Committee

12 June 2020 Held via Video Conference

Present:

• Judith Webb (Chair)
• Peter Argyle
• Pippa Had­ley
• Janet Hunter
• John Lath­am
• Gaen­er Rodger (Vice Chair)

In Attend­ance:

• Stephanie Hume, Scott Moncrieff
• Chris Brown, Scott Moncrieff
• John Boyd, Grant Thornton
• Grant Moir, Chief Executive
• Dav­id Camer­on, Cor­por­ate Ser­vices Director
• Dr Pete May­hew, Dir­ect­or of Con­ser­va­tion & Vis­it­or Exper­i­ence (Paper 4)
• Andy Ford, Head of Con­ser­va­tion (Paper 4)
• Danie Ral­ph, Fin­ance Manager
• Alix Hark­ness, Clerk to Board

Apo­lo­gies: None

1. Wel­come and Apologies

• The Con­vener wel­comed every­one to the meeting.
• The Con­vener invited mem­bers to intro­duce them­selves for the bene­fit of the auditors.

2. Minutes of Pre­vi­ous Meeting

• The draft minutes of the 27 March 2020 meet­ing were approved with no amendments.

3. Mat­ters Arising

• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, repor­ted that move­ment on the out­stand­ing actions lis­ted at the end of the 6 Decem­ber 2019 Audit & Risk Com­mit­tee Minutes were:
  • a) At Para 8(i): In Hand — Dir­ect­or of Cor­por­ate Ser­vices to invest­ig­ate if auto­mated remind­ers to man­agers to carry out per­form­ance con­ver­sa­tions would be possible.
  • b) At Para 26(i) – Closed — Cor­rec­tion and Addi­tion made to the draft Gov­ernance State­ment as detailed in para­graph 25.
  • c) At Para 30(i) – Closed — Risk A19 removed from the Stra­tegic Risk Register.
  • d) At Para 38(i) – Open — Chair to meet with BDO to close off any loose ends and then to report back to the Com­mit­tee at their next meet­ing. Chair con­firmed no response had been received as yet from BDO and that the Com­mit­tee will be updated by email when con­tact had been made.
  • e) At Para 39(i) – Closed — Chair to arrange review of repu­ta­tion­al risk to the Author­ity on the caper­cail­lie pro­ject. On today’s Agenda in con­fid­en­tial session.

4. Declar­a­tions of Interest

• There were no interests declared.

5. Draft Intern­al Audit Plan ²⁰²⁰⁄₂₁ (Paper 1)

• Chris Brown, Scott Mon­crieff, intro­duced him­self and his col­league Stephanie Hume to the Audit & Risk Committee.
• Chris Brown / Stephanie Hume, Scott Mon­crieff, presen­ted a Paper which presents the draft intern­al audit plan for ²⁰²⁰⁄₂₁ for con­sid­er­a­tion by the Com­mit­tee pri­or to finalisation.

• The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

  • a) The need for 8 days look­ing at VAT was ques­tioned. Intern­al aud­it­ors agreed that the review prob­ably will not need that many days, while explain­ing the alloc­a­tion of days used some degree of weight­ing around the aver­age cost per day to allow for the mix of the team to be util­ised in the audit. Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices explained that the review would fol­low two phases, with an ini­tial explor­a­tion of the VAT pos­i­tion fol­lowed by a more detailed review if jus­ti­fied. Dav­id explained the rationale for the audit pro­pos­al was based on more shared ser­vices and invoiced income com­ing in and some time since this pos­i­tion was last considered.
  • b) Mem­bers dis­cussed the approach to respond­ing to busi­ness con­tinu­ity plan­ning and COV­ID responses as part of the pro­posed audit plan.
  • c) The intern­al aud­it­ors explained their ref­er­ence to ​“audit uni­verse”: refer­ring to key sys­tems being noted and reviewed for their asso­ci­ated risk, with the inten­tion that a role of the Com­mit­tee is to review the sys­tems ana­lys­is for com­plete­ness and accur­acy of the risk assess­ment. The aud­it­ors high­lighted that an assur­ance map may provide fur­ther clar­ity in this form of review should the author­ity pro­gress with such a map­ping. Mem­bers and officers agreed that hav­ing an assur­ance map developed in due course would be a worth­while activity.
  • d) Mem­bers noted the out­door access infra­struc­ture review would con­sider the Authority’s cur­rent approaches to infra­struc­ture fund­ing and the most appro­pri­ate means of record­ing and man­aging the out­comes of that funding.
  • e) The Chair thanked the intern­al aud­it­ors for their plan doc­u­ment which was well set out and easy to understand.

• The Audit & Risk Committee:

  • a) Reviewed the pro­posed intern­al audit plan for ²⁰²⁰⁄₂₁;
  • b) Approved the intern­al audit plan for ²⁰²⁰⁄₂₁ to form the planned basis of the Authority’s util­isa­tion of intern­al audit in the year as a resource sup­port­ing the intern­al con­trol and assur­ance frameworks.

Action Point Arising: None

6. Risk Man­age­ment: Busi­ness Con­tinu­ity Risk Register and Risk Man­age­ment (Paper 2)

• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices presen­ted a Paper which presents an over­view of the Authority’s risk man­age­ment activ­it­ies dur­ing the busi­ness con­tinu­ity plan (BCP) response to the COVID19 pan­dem­ic, with­in the con­text of the Authority’s approach to stra­tegic risk management.

• The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

  • a) The Chair com­men­ted that it is very help­ful to see this doc­u­ment and thanked the Dir­ect­or of Cor­por­ate Ser­vices for work­ing on it.
  • b) In response to ques­tions on man­aging poten­tial fin­an­cial impacts in pub­lic sec­tor fund­ing arising from COVID19, Dav­id high­lighted that the over­all fin­an­cial pos­i­tion of organ­isa­tion is covered by the sep­ar­ate stra­tegic risk register. Dav­id agreed future fin­ances will likely move to red pos­i­tion in the stra­tegic register, where­as this cur­rent risk register is look­ing at more focussed set of risks over the short­er term hav­ing to man­age BCP pro­cesses dur­ing unusu­al circumstances.

• The Audit & Risk Committee:

  • a) Noted the cur­rent approach being taken to risk man­age­ment as set out in this paper;
  • b) Reviewed the cov­er­age of the risk register estab­lished in sup­port of the Authority’s Busi­ness Con­tinu­ity Plan­ning and Management;
  • c) Agreed the appro­pri­ate­ness of the approach to and focus of risk man­age­ment while in the cur­rent BCP led oper­a­tion­al circumstances.

Action Point Arising: None.

7. Update on Extern­al Audit Pro­cesses (Oral)

• John Boyd, Grant Thornton gave an oral update on Extern­al Audit Pro­cesses. He high­lighted that the team were under­tak­ing audit remotely, and had received all accounts doc­u­ments and work­ing papers with­in the times­cales agreed from the Authority’s Fin­ance Team. John high­lighted the chal­lenge faced in access­ing evid­ence required for audit, includ­ing sup­port­ing doc­u­ments held in the office, while recog­nising the Fin­ance Man­ager and the team had done everything pos­sible to provide inform­a­tion reques­ted, where pos­sible in digit­al format. John repor­ted that the Grant Thornton team had tried to do the audit in phases in order to best man­age under­stand­able time delays between inform­a­tion requests and receipt. How­ever, while recog­nising the chal­lenge of under­tak­ing the audit remotely, John repor­ted that there was good pro­gress with the audit work with the help of the sup­port of the fin­ance team and a strong expect­a­tion that the audit could be com­pleted for accounts approv­al at the next Com­mit­tee meet­ing in September.

• The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

  • a) Mem­bers thanked John for his update and the Grant Thornton team for their work to date. Thanks were also giv­en to the Fin­ance Man­ager and fin­ance team for all their work in pre­par­ing the fin­an­cial state­ments and sup­port­ing doc­u­ment­a­tion to the agreed timetable des­pite the sig­ni­fic­ant inter­rup­tions from COVID19. Mem­bers noted the suc­cess in digit­ising much of the audit process.
  • b) In response to dis­cus­sions on future timetable the Dir­ect­or of Cor­por­ate Ser­vices agreed to get in touch with John in due course, pri­or to the next Com­mit­tee meet­ing to estab­lish the timetable for final­ising accounts sign off.

Action Point Arising: None.

8. Com­plaints Log (Paper 4)

• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices presen­ted paper 4 which provides an update on the com­plaints made to the Author­ity in the last 6 months.
• The Audit & Risk Com­mit­tee noted the inform­a­tion on com­plaints made to the Authority.

Action Point Arising: None.

• There were no oth­er items of business.

• The Chair high­lighted there was an item of busi­ness with regard to the Cairngorms Caper­cail­lie Pro­ject which had been reques­ted to be con­sidered in con­fid­en­tial ses­sion to allow for dis­cus­sion of views on intern­al con­trols and gov­ernance arrange­ments. The Chair sought mem­bers’ agree­ment to move into con­fid­en­tial session.

• Mem­bers agreed to move the meet­ing into con­fid­en­tial session.

• The pub­lic meet­ing ended at this point.

Audit & Risk Com­mit­tee: Out­stand­ing Actions

Action	Status
Audit and Risk Com­mit­tee induc­tion pack	Open
Risk mit­ig­a­tion for LEAD­ER Account­able Body role	Open
Private Fin­ance Pro­cess and cri­ter­ia for accept­ing proposals	Com­plete