CAIRNGORMS NATION­AL PARK AUTHORITY

Audit & Risk Com­mit­tee 11/09/2020

Draft MINUTES of MEET­ING of the AUDIT & RISK COM­MIT­TEE of THE CAIRNGORMS NATION­AL PARK AUTHORITY

held via Lifes­ize Video Con­fer­ence on 11 Septem­ber 2020

Present:

• Judith Webb (Chair)
• Pippa Had­ley
• Janet Hunter
• John Lath­am
• Gaen­er Rodger (Vice Chair)

In Attend­ance:

• Chris Brown, Scott Moncrieff
• John Boyd, Grant Thornton
• Grant Moir, Chief Executive
• Dav­id Camer­on, Cor­por­ate Ser­vices Director
• Danie Ral­ph, Fin­ance Manager
• Alix Hark­ness, Clerk to Board

Apo­lo­gies:

• Peter Argyle

1. Wel­come and Apologies

The Chair wel­comed every­one to the meet­ing and apo­lo­gies were noted.

2. Minutes of Pre­vi­ous Meeting

The draft minutes of the 12 June 2020 meet­ing were approved with no amendments.

3. Motion to move into con­fid­en­tial ses­sion for reas­on of inform­a­tion under con­sid­er­a­tion being mater­i­al deemed to relate to staff­ing and per­son­al mat­ters with a clear expect­a­tion of con­fid­en­ti­al­ity by third parties. Mem­bers agreed this motion.

4. The meet­ing broke briefly into a con­fid­en­tial meet­ing at this point to review the draft minutes of the con­fid­en­tial meet­ings on 12 June 2020 and 30^th July 2020.

5. The draft con­fid­en­tial minutes of the 12 June 2020 meet­ing were approved with no amendments.

6. The draft con­fid­en­tial minutes of the 30 July 2020 meet­ing were approved with no amendments.

7. The pub­lic meet­ing resumed at 9.23am

Mat­ters Arising

8. Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, repor­ted that move­ment on the out­stand­ing actions lis­ted at the end of the 12 June 2020 Audit & Risk Com­mit­tee Minutes were:

a) At Para 8i): — In Hand — Dir­ect­or of Cor­por­ate Ser­vices to invest­ig­ate if auto­mated remind­ers to man­agers to carry out per­form­ance con­ver­sa­tions would be possible.

b) At Para 38i) – Closed — Chair to meet with BDO to close off any loose ends and then to report back to the Com­mit­tee at their next meet­ing. Chair con­firmed no response had been received as yet from BDO and that the Com­mit­tee will be updated by email when con­tact had been made. The Chair advised she had not been able to pro­gress it fur­ther how­ever while noth­ing was of con­cern it would be neat­er to close it off.

c) Audit & Risk Com­mit­tee Induc­tion pack to be cre­ated – Open – this is on hold while we are in the midst of a pandemic.

d) Risk Mit­ig­a­tion for LEAD­ER Account­able Body role – In Hand – Dir­ect­or of Cor­por­ate Ser­vices advised that he had recently been noti­fied that the Head of the LEAD­ER unit in Scot­tish Gov­ern­ment is mov­ing on and being replaced and there­fore the best time to pro­gress this would be the end of this year/​the begin­ning of next year.

9. Declar­a­tions of Interest

There were no interests declared.

10. Intern­al Audit Review: LEAD­ER Admin­is­tra­tion Review (Paper 1)

Chris Brown, Azets presen­ted a paper which presents the intern­al auditor’s review of the Authority’s LEAD­ER Admin­is­tra­tion and Account­able Body con­trols, and through that our com­pli­ance with the Ser­vice Level Agree­ment (SLA) estab­lished with Scot­tish Government.

11. The Chair praised the pos­it­ive report and gave cred­it to the Dir­ect­or of Cor­por­ate Ser­vices and his team for what had been accomplished.

12. Mem­bers and officers gave feed­back on the format of the intern­al audit reports at the request of Chris, as this was the first time of report­ing to the Com­mit­tee under the new intern­al audit con­tract. All found the lay­out of the reports very clear and inform­at­ive. The sep­ar­ate grad­ing ana­lys­is of each con­trol area was thought to be par­tic­u­larly help­ful. All noted that a fuller feed­back is likely to be pos­sible when reports with more recom­mend­a­tions for improve­ments is presented.

13. The Audit & Risk Com­mit­tee con­sidered the intern­al aud­it­ors findings.

14. Action Point Arising: None.

15. Intern­al Audit ²⁰²⁰⁄₂₁ Pro­gress Report (Paper 2)

Chris Brown, Scott Mon­crieff, presen­ted a paper which presents a sum­mary of intern­al audit activ­ity since its last meet­ing, and con­firms the reviews planned for the com­ing quarter, identi­fy­ing any changes to the ori­gin­al Annu­al Plan.

16. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) The Chair asked if there were any slip­pages expec­ted in reports this year. Chris Brown advised that none were anti­cip­ated at present and as it had been an unusu­al year, it could still happen.

b) A mem­ber com­men­ted that there had been many changes recently with hol­i­days relat­ing to VAT and was this rel­ev­ant to Nation­al Park activ­it­ies and does that bring chal­lenges? The Fin­ance Man­ager advised that the Author­ity were cur­rently not VAT registered and that was under review to decide if regis­tra­tion should be pur­sued. He added that this con­sid­er­a­tion would fol­low from the recom­mend­a­tions to be set out in the VAT review.

c) Dir­ect­or of Cor­por­ate Ser­vices com­men­ted on the sub­ject mat­ter of the planned intern­al audit pro­gramme and advised that they were all sub­jects that could be facil­it­ated dur­ing ongo­ing remote work­ing. How­ever it would be down to work­load issues on both the Author­ity and intern­al audit sides which could res­ult in slip­pages. The Chair noted this and whilst recog­nising it was an unusu­al year for every­one involved she encour­aged the early flag­ging of any slip­pages to this Committee.

d) The Chair thanked Chris Brown for the report.

17. The Audit & Risk Com­mit­tee noted the pro­gress report.

18. Action Point Arising: None.

19. ²⁰¹⁹⁄₂₀ Final Accounts (Paper 3)

Danie Ral­ph, Fin­ance Man­ager, presen­ted and sought approv­al to the final accounts for ²⁰¹⁹⁄₂₀, pri­or to their being sub­mit­ted to the extern­al aud­it­or for final cer­ti­fic­a­tion. He reminded the Com­mit­tee of its role with regard to the accounts – to sup­port the Account­able Officer with regard to their per­son­al respons­ib­il­it­ies for risk, fin­an­cial con­trol and gov­ernance through a pro­cess of con­struct­ive challenge.

20. Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, explained that this year the tar­get of break­ing even this year had been achieved, with total income of £8.436 mil­lion and total expendit­ure of £8.444million. Turnover and asso­ci­ated expendit­ure was some £1.5million increased over the pre­vi­ous year, res­ult­ing primar­ily from an increased scale of activ­ity on Tomin­toul and Glen­liv­et Land­scape Part­ner­ship and LEAD­ER pro­grammes. Dav­id drew mem­bers atten­tion again to the pecu­li­ar­ity of required accounts as an NDPB, which do not show Scot­tish Gov­ern­ment grants as income in the State­ment of Com­pre­hens­ive Net Expendit­ure on page 52 of the accounts. This state­ment there­fore shows a sig­ni­fic­ant net expendit­ure pos­i­tion, with grants from Scot­tish Gov­ern­ment added to reserves and then trans­ferred from reserves to off­set net expenditure.

21. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) Com­ment made that they liked the inclu­sion of infographics

b) The Chair com­men­ted that final­ising the accounts and work­ing remotely had been very chal­len­ging and praised the team for get­ting the accounts to this point and acknow­ledged changes were minor with any­thing sig­ni­fic­ant being brought before the Committee.

c) Com­ment made that the infograph­ics were very help­ful at show­ing the fund­ing brought in and encour­aged that this be con­tin­ued by the Author­ity going forward.

d) Cla­ri­fic­a­tion sought as to why the sick­ness absence rate exclud­ing Cov­id had nearly doubled on the pre­vi­ous year? Dir­ect­or of Cor­por­ate Ser­vices advised that over the course of the cal­en­dar year there had been a num­ber of staff mem­bers who had long term sick­ness absence which was not work related. He explained that with a small com­pli­ment of staff, when one or two mem­bers of staff are off sick long term, this sig­ni­fic­antly skews the figures.

e) Com­ment made that the Board mem­ber annu­al reviews had not yet taken place. Dir­ect­or of Cor­por­ate Ser­vices con­firmed that there had been a delay but that it was in hand and would be com­ing in the next few months.

f) A query around the Grant Aid going in as reserves, pre­sum­ably the money comes in for spe­cif­ic pro­jects and how account­able are they if going in there? Fin­ance Man­ager advised that the Grant in Aid is claimed monthly and drawn down from Scot­tish Gov­ern­ment into the Author­it­ies bank account. Money for big pro­jects is ring-fenced and have their own bank accounts where this is a require­ment of fun­ders. Dir­ect­or of Cor­por­ate Ser­vices added that the word ​‘reserves’ used was not talk­ing about hold­ing funds in sig­ni­fic­ant amounts at any one time, it is more to show grants received by SG com­ing into our reserves in account­ing terms, so page 52 on accounts, show a com­pre­hens­ive net expendit­ure on £5.046 million.

g) A mem­ber asked what ​‘out­turn’ means? Fin­ance Man­ager advised that it was term for the year-end fin­an­cial result.

h) Chris Brown added that all the rev­en­ue fund­ing that the CNPA receives as gov­ern­ment grant is not treated in accounts as income, which is con­sist­ent with all non-depart­ment­al pub­lic bod­ies. He explained that once all pub­lic bod­ies con­sol­id­ate their res­ults over the entire pub­lic sec­tor, you would be double count­ing income to Gov­ern­ment and then income to pub­lic bod­ies. The reas­on behind account­ing treat­ment is to help con­sol­id­ate the whole Scot­tish pub­lic sec­tor accounts, with the pur­pose of the pub­lic body accounts to show how each body spent the money allocated.

i) The CEO praised the Dir­ect­or of Cor­por­ate Ser­vices and Fin­ance Man­ager for all their work on this.

j) The Chair reques­ted that praise from this Com­mit­tee be taken to the whole fin­ance team of the recog­ni­tion of the work hav­ing gone into year end and final accounts des­pite the chal­lenges of work­ing remotely has caused.

22. The Audit & Risk Com­mit­tee approved the final accounts pri­or to sub­mis­sion to Grant Thornton and Audit Scot­land for final certification.

23. Action Point Arising:

i. Thanks to be giv­en to the Fin­ance team for their hard work des­pite chal­len­ging times (work­ing remotely) to get the Annu­al Accounts ready for sign off.

24. Final Accounts Let­ter of Rep­res­ent­a­tion (Paper 4)

Dav­id Camer­on presen­ted the pro­posed let­ter of rep­res­ent­a­tion high­light­ing to the Com­mit­tee that this stand­ard ele­ment of the accounts audit pro­cess sought con­firm­a­tion that all the inform­a­tion sub­mit­ted in the accounts presen­ted for audit are accur­ate and that all mater­i­al inform­a­tion has been dis­closed to the auditors.

25. The Audit & Risk Com­mit­tee agreed they were com­fort­able with the terms of the let­ter presented.

26. The Audit & Risk Committee:

a) Con­sidered the Let­ter of Rep­res­ent­a­tion for the ²⁰¹⁹⁄₂₀ audit

b) Reviewed and agreed that the let­ter is signed by the CEO as Account­able Officer.

27. Action Point Arising: None.

28. Extern­al Audit Report (Paper 5)

John Boyd presen­ted the extern­al audit report on the ²⁰¹⁹⁄₂₀ audit, high­light­ing in par­tic­u­lar that Grant Thornton pro­posed to issue an unqual­i­fied audit opin­ion. He made the fol­low­ing points:

a) The ver­sion in front of mem­bers was an earli­er draft, the main dif­fer­ence being that the out­stand­ing items could not be cir­cu­lated to man­age­ment until the out­turn was confirmed.

b) An addi­tion­al audit risk had been added, Cov­id 19 – man­dated across all Grant Thornton’s extern­al audit work this year. The risk encom­passes indi­vidu­al bod­ies work­ing remotely, and asso­ci­ated risk of poten­tial error and changes in intern­al con­trol envir­on­ment as a con­sequence of these remote work­ing arrangements.

c) The audit has iden­ti­fied one adjust­ment, dur­ing course, how dis­closed on final out­turn position.

d) John drew atten­tion around fin­an­cial plan­ning and sus­tain­ably, recog­nising that Cov­id 19 increases level of uncer­tainty in deliv­ery and fin­an­cial plan­ning and noted he was aware that man­age­ment are work­ing closely with the Board and Scot­tish Gov­ern­ment in this regard.

e) The audit had recog­nised the need to phase the tim­ings of some of the big extern­ally fun­ded pro­jects such as Nation­al Lot­tery Her­it­age Fund and LEAD­ER, recog­nising the delay as a res­ult of COVID19. The work in place with fun­ders to secure agree­ment to reph­ras­ing activ­ity and expendit­ure provides them with assur­ance in this regard.

f) John noted that man­age­ment response had been received accep­ted their recom­mend­a­tion for action.

g) John passed on thanks to Dir­ect­or of Cor­por­ate Ser­vices, Fin­ance Man­ager and team, not­ing this has been a highly unusu­al year work­ing remotely. He noted the fin­ance team were work­ing to have things more auto­mated to enable pro­cessing remotely. A remain­ing chal­lenge was around a lot of sup­port­ing inform­a­tion held in paper files. How­ever, all in all this had been a rel­at­ively clean audit.

29. Dir­ect­or of Cor­por­ate Ser­vices and the Fin­ance Man­ager made the fol­low­ing points:

a) Agreed to cir­cu­late the most up to date ver­sion of the Extern­al Audit report to members.

b) Provided some nar­rat­ive around the con­text of the accounts and audit: in the third year of a four year Cor­por­ate Plan with lots of scen­ario plan­ning of budgets for 2021 – 22. Focus­sing on fin­an­cial uncer­tain­ties and how resources might be deployed.

c) Have begun cap­tur­ing the paper­work for the com­ing year which will speed up year end.

30. Mem­bers and officers expressed their thanks to the Grant Thornton team for their pro­fes­sion­al­ism and good work­ing rela­tion­ships in under­tak­ing the audit. The Chair thanked John Boyd for his clear report and present­a­tion to the Committee.

31. The Audit & Risk Com­mit­tee noted Grant Thornton’s report on the ²⁰¹⁹⁄₂₀ audit.

32. Action Point Arising:

1. Dir­ect­or of Cor­por­ate Ser­vices to cir­cu­late the most up to date ver­sion of the Extern­al Audit Report to the Committee.

33. Risk Man­age­ment Update (Paper 6)

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices presen­ted an update on the Authority’s work on stra­tegic risk man­age­ment and more spe­cif­ic oper­a­tion­al risk man­age­ment approach dur­ing the imple­ment­a­tion of our cur­rent busi­ness con­tinu­ity plan.

34. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

a) The Com­mit­tee agreed it was use­ful to have the busi­ness con­tinu­ity risk register sep­ar­ate from the stra­tegic risk register in cur­rent circumstances.

b) Com­ment made that the Stra­tegic Risk Register held too many risks con­sid­er­ing the size of the organ­isa­tion and was there any­thing of there that could be removed. CEO explained that it was a bit tricky as some risks were asso­ci­ated with the Author­ity and oth­ers with the Nation­al Park Area and part­ner­ship work­ing, while the num­ber of risks reflec­ted the breadth of work under­taken by a rel­at­ively small organ­isa­tion. He illus­trated that a big risk to the nation­al park was wild­life crime, and while aspects were in the con­trol of the NPA, most of the con­trol lies with Police Scot­land. He agreed the need to prune the register and remove risk areas which were agreed to have been low and declin­ing for a few cycles of review. he added that pro­jects have their own Risk Assessments.

c) Dir­ect­or of Cor­por­ate Ser­vices advised that there were 18 risks on the Stra­tegic Risk Register cur­rently and that 3 were flagged for remov­al giv­en their con­tinu­al down­turn. He explained that he would feel uncom­fort­able redu­cing it any more than that giv­en the broad accept­ance of the risk areas set out. Chris Brown of Azets added that across their cli­ent base hav­ing a Stra­tegic Risk Register of this sort of scale was com­mon practise.

d) CEO said that the Scot­tish Gov­ern­ment had issued a let­ter say­ing their staff would be work­ing from home until 2021, and that the Author­ity was about to advise all staff to not expect a return to the office until Spring 2021. The Man­age­ment Team were now con­sid­er­ing ensur­ing staff mor­ale and engage­ment remains good and are look­ing to ensure we have the right IT in place to sup­port ongo­ing remote working.

e) Mem­bers asked wheth­er dis­cus­sions with staff been car­ried out around fuel poverty? Dis­cus­sions noted people were sav­ing travel costs, while recog­nising heat­ing might be an issue for people when ask­ing staff to work from home. Dir­ect­or of Cor­por­ate Ser­vices agreed that this was a val­id and sens­it­ive point. He advised the Author­ity was cur­rently explor­ing and advising staff on their abil­ity to claim tax relief from HMRC on the allow­ance of £6 per week for work­ing from home. A mem­ber noted that this would only provide tax relief and not the full £6 per week allow­ance. Officers reas­sured the com­mit­tee they were mind­ful of staff wel­fare and would keep such mat­ters on their radar.

f) Com­ment made that £6 per week was not sig­ni­fic­ant and asked that ways be looked into to cap­ture real data of any fin­an­cial dis­ad­vant­age for staff, even if anonymised. Dir­ect­or of Cor­por­ate Ser­vices advised he was happy to pick up the notion, work­ing with the staff group. He reit­er­ated he and col­leagues are very mind­ful of impacts of staff work­ing from home, par­tic­u­larly mov­ing to the winter months, with dis­cus­sions ongo­ing to sup­port staff as much as possible.

g) Sug­ges­tion made that the above is pro­gressed through the Staff­ing & Recruit­ment Com­mit­tee. Dir­ect­or of Cor­por­ate Ser­vices agreed that the evol­u­tion of the organ­isa­tion­al approach of this pro­ject would be dealt through the Staff­ing & recruit­ment Com­mit­tee while this Com­mit­tee iden­ti­fied it as part of the Risk Man­age­ment review.

h) The Chair recog­nised the chal­lenges of work­ing remotely, with emphas­is on staff brief­ings and over­sight mech­an­isms. The Chair noted at Board level coordin­a­tion and com­mu­nic­a­tion are also much more chal­len­ging at moment. The Chair noted that Board cohe­sion needs to be cap­tured some­where in the risk man­age­ment and response struc­ture. CEO agreed to pick up that point and weave it into the nar­rat­ive, not­ing the use over the COVID19 response peri­od of Gov­ernance Group meet­ings and more fre­quent Board brief­ing sessions.

33. The Audit & Risk Committee:

a) Con­sidered wheth­er the Com­mit­tee wishes to make any com­ment on the cur­rent Stra­tegic Risk Register as presen­ted in Board papers under the item updat­ing on Cor­por­ate Plan and Risk Man­age­ment Delivery;

b) Con­sidered the updated Busi­ness Con­tinu­ity Plan (BCP) Risk Register presen­ted at Annex 1 to this paper;

c) Agreed any amend­ments to the BCP risk man­age­ment approach and / or to the BCP risk register.

34. Action Points Arising:

i. Dir­ect­or of Cor­por­ate Ser­vices to invest­ig­ate the £6 work­ing from home allow­ance from HMRC.

ii. Dir­ect­or of Cor­por­ate Ser­vices poten­tially through the Staff­ing & Recruit­ment Com­mit­tee to mon­it­or the fin­an­cial bur­den of work­ing from home on staff in the winter months.

iii. CEO to weave the need for Board cohe­sion and the chal­lenges that work­ing from home brings to the Board.

35. Com­plaints Log (Paper 7)

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, presen­ted paper 7 which provides an update on the com­plaints made to the Author­ity in the last 6 months.

36. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tion and comment:

a) With regard to the com­plaint referred to the Ombuds­man, wheth­er there was any indic­a­tion or expect­a­tion that the Ombuds­man might uphold the com­plaint? Dir­ect­or of Cor­por­ate Ser­vices advised that it was too early to tell: only pre­lim­in­ary con­tacts had been made.

37. The Audit & Risk Com­mit­tee noted the inform­a­tion on com­plaints made to the Authority.

38. Action Point Arising: None.

39. AOCB

The Com­mit­tee con­sidered wheth­er a mem­ber meet­ing with the aud­it­ors was required. Request made that this is arranged for the next Audit & Risk Com­mit­tee. Dir­ect­or of Cor­por­ate Ser­vices agreed to liaise with the Clerk to the Board to sched­ule 10 – 15mins at begin­ning of agenda of the next meet­ing in November.

40. The Chair thanked every­one for their con­tri­bu­tions today and thanked the staff and Aud­it­ors for work provided today.

41. Action Points Arising:

i. Clerk to the Board to sched­ule 15mins pri­or to the next Audit & Risk Com­mit­tee meet­ing for the Com­mit­tee to have some time with the Auditors.

42. The pub­lic meet­ing ended at this point. – 10.45am

Audit & Risk Com­mit­tee: Out­stand­ing Actions

Action	Status
Audit and Risk Com­mit­tee induc­tion pack	Open
Risk mit­ig­a­tion for LEAD­ER Account­able Body role	Open