DRAFT MINUTES OF THE AUDIT AND RISK COM­MIT­TEE MEET­ING of THE CAIRNGORMS NATION­AL PARK AUTHORITY

held via Lifes­ize Video Con­fer­en­cing on 29 Octo­ber 2021 at 2pm

PRESENT

• Judith Webb (Chair)
• John Kirk
• John Lath­am
• Elean­or Mackintosh
• Fiona McLean (Vice-Chair)
• Gaen­er Rodger

In Attend­ance:

• Eliza­beth Young, Azets
• Stephanie Hume, Azets
• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Services
• Grant Moir, CEO
• Vicky Walk­er, Gov­ernance and Report­ing Manager

Apo­lo­gies:

• John Boyd, Grant Thornton
• Chris Brown, Azets

1. Wel­come and Apologies

The Chair wel­comed every­one to the meet­ing. Eliza­beth Young will replace Chris Brown who is on 6‑month second­ment and will be cov­er­ing Chris’ workload.

2. Minutes of Last Meet­ing – Approval

The draft Minutes of the meet­ing on 10^th Septem­ber 2021 were approved with no amendments.

3. Action points arising from pre­vi­ous meeting:

a) At Para 3) In Hand – ongo­ing dis­cus­sion at Board and Gov­ernance Com­mit­tee on risk appet­ite. Dis­cus­sion to be had with intern­al audit on sup­port­ing this work.

b) At Para 12i) Closed – Cla­ri­fy that former Plan­ning Con­vener and Deputy Con­vener remain Board mem­bers on page 2 of Final Accounts 2020 – 2021. DC con­firmed this has been done.

c) At Para 24i) In Hand — Future Com­mit­tee to focus on Her­it­age Hori­zons once the pro­gramme has com­menced. Will con­tin­ue as a stand­ing item from the next committee.

d) Caper­cail­lie Update request – Closed for Audit and Risk Com­mit­tee and now sit­ting with Per­form­ance Com­mit­tee; con­sulta­tion is under­way and will be dis­cussed at the Per­form­ance Com­mit­tee this afternoon.

The fol­low­ing action was agreed in record­ing actions:

e) Agreed to present action points into a table with actions, account­ab­il­ity and dead­lines for future minutes.

f) Con­sider bring­ing in extern­al resource to sup­port pieces of work where there is resourcing impact.

4. Declar­a­tion of Interests

There were no interests declared.

5. Intern­al Audit: LEAD­ER Report (Paper 1)

Stephanie Hume, Azets, intro­duced the report which presents the review of the Cairngorms LEAD­ER Pro­gramme admin­is­tra­tion and the Cairngorms NPA’s com­pli­ance with the terms of the Ser­vice Level Agree­ment (SLA) agreed with Scot­tish Gov­ern­ment. She high­lighted the fol­low­ing areas:

a) Largely pos­it­ive report with 4 recom­mend­a­tions which are low grade.

b) Team extremely help­ful when doing work. Audit found evid­ence of clear eli­gib­il­ity cri­ter­ia and adjust­ments to work­ing cri­ter­ia due to Cov­id-19 were still com­pli­ant to SLA.

c) Recom­mend­a­tions focus on records man­age­ment and need to recon­cile reten­tion peri­ods between Scot­tish Gov­ern­ment and CNPA. Elec­tron­ic records were not restric­ted from being edited in Win­dows Explorer. Migra­tion to cloud stor­age may resolve this issue although it is recom­men­ded a risk assess­ment is undertaken.

d) Recom­mend­a­tion that les­sons learned are cap­tured on pro­cesses as these are not routinely doc­u­mented and should be cap­tured in a form­al action plan for future work.

6. The Audit and Risk Com­mit­tee dis­cussed the paper and made the fol­low­ing com­ments and observations:

a) A mem­ber reques­ted clar­ity on how les­sons learned had been imple­men­ted. The Dir­ect­or of Cor­por­ate Ser­vices stated there had been an inde­pend­ent review under­taken which sought views of all stake­hold­ers. This exer­cise had dis­tilled some of the key les­sons learned from the pro­gramme deliv­ery and the Dir­ect­or noted this audit was a help­ful report and sup­por­ted pre­serving the bene­fits of LEAD­ER and future com­munity devel­op­ment pro­gramme with Scot­tish Gov­ern­ment. The Dir­ect­or will look at col­lect­ive les­sons learned intern­ally from pro­gramme man­age­ment and seek to dis­til those into les­sons learned exer­cise with­in the organisation.

b) The Dir­ect­or of Cor­por­ate Ser­vices provided clar­ity on exten­sion of pro­jects dur­ing COV­ID 19 with a focus on deliv­ery now com­plet­ing by early Decem­ber 2021.

7. The Audit and Risk Committee:

a) Con­sidered the intern­al aud­it­ors report and findings;

b) Endorsed the man­age­ment responses to recom­mend­a­tions for future action and sys­tem improvements.

8. Action Points Arising:

i. Bring les­sons learned back as Agenda item to a future Audit and Risk Committee.

9. Intern­al Audit: Fol­low Up Review (Paper 2)

Stephanie Hume, Azets, intro­duced Paper 2 which presents the Intern­al Auditor’s fol­low up Review of action taken against audit recom­mend­a­tions. The fol­low­ing points were highlighted:

10. Over­all 50 actions are covered by the report with the major­ity are grade 1 and grade 2 and there­fore low level. Of this num­ber, 7 had been closed, 10 were par­tially com­plete and 25 were not yet at the dead­line for action to be resolved. Eight were there­fore incom­plete at the dead­line point for action. It was recom­men­ded some old actions were updated and presen­ted to Com­mit­tee to agree it is noted as ​“no longer applic­able”: for example the grant toolkit is no longer appro­pri­ate as reg­u­la­tions have changed.

11. The Dir­ect­or of Cor­por­ate Ser­vices con­firmed that some actions have slipped over the pre­vi­ous year but assured the com­mit­tee there will be a focus to reduce these sub­stan­tially in the final quarter of 2021 – 22.

12. The Audit and Risk Com­mit­tee dis­cussed the paper and made the fol­low­ing com­ments and observations:

a) A mem­ber quer­ied when it would be appro­pri­ate for the Audit and Risk Com­mit­tee to inter­vene. It was sug­ges­ted the report presents an oppor­tun­ity for the com­mit­tee to set pri­or­it­ies and raise con­cerns about any out­stand­ing actions and there­fore these twice yearly reports gave the oppor­tun­ity to mem­bers to make appro­pri­ate gov­ernance and lead­er­ship interventions.

b) A mem­ber quer­ied how real­ist­ic data man­age­ment times­cales were? It was con­firmed that some out­stand­ing actions were depend­ant on some ongo­ing IT infra­struc­ture work being com­pleted which was sched­uled for Janu­ary 2022. It was sug­ges­ted prudent to retain the earli­est pos­sible times­cales to act on these mat­ters and if COV­ID restric­tions to office access pre­ven­ted action the dead­line could be amended.

13. The Audit and Risk Committee:

a) Con­sidered the intern­al auditor’s report fol­low­ing review of action taken on out­stand­ing intern­al audit recommendations;

b) Approved the revised timetables for action provided by man­age­ment as set out in the intern­al auditor’s report.

13. Intern­al Audit: Pro­gress Report (Paper 3)

Eliza­beth Young, Azets, intro­duced Paper 3 which presents the Intern­al Auditor’s Pro­gress Report. She out­lined that the major­ity of plan was on track to be delivered over the next couple of months. Intern­al audit reports were due for com­ple­tion in Novem­ber and Feb­ru­ary and would be presen­ted to the Feb­ru­ary committee.

15. The Audit & Risk Com­mit­tee con­sidered and agreed the intern­al auditor’s pro­gress report.

17. For­ward Sched­ule of Busi­ness (Oral)

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices intro­duced this item. Intern­al audit update will come to the Feb­ru­ary meet­ing. He had also dis­cussed with the intern­al audit sup­port­ing an assur­ance map­ping exer­cise. The clos­ure of ²⁰²¹⁄₂₂ accounts and timeline for clos­ure will come to the Feb­ru­ary meeting.

19. The Audit & Risk Com­mit­tee agreed the for­ward sched­ule of busi­ness for the Committee.

20. Action Points arising:

i. Provide ARC with tem­plate for for­ward plan­ning of meetings.

ii. Mem­bers to con­tin­ue to add items to draft agen­das and request focus on spe­cif­ic areas.

21. Intern­al Audit: High Level VAT Review (Paper 4)

Motion to take this item in Con­fid­en­tial ses­sion giv­en it’s com­mer­cially sens­it­ive nature was approved.

22. AOCB

There were no items raised.

23. Date of Next Meeting

The next sched­uled Audit and Risk Com­mit­tee meet­ing will take place on Fri­day 11^th Feb­ru­ary 2022.

24. The pub­lic meet­ing fin­ished at 15:00 hours.

DRAFT CON­FID­EN­TIAL MINUTES OF THE AUDIT AND RISK COM­MIT­TEE MEET­ING of THE CAIRNGORMS NATION­AL PARK AUTHORITY

held via Lifes­ize Video Con­fer­en­cing on 29 Octo­ber 2021 at 3pm

PRESENT

• Judith Webb (Chair)
• John Kirk
• John Lath­am
• Elean­or Mackintosh
• Fiona McLean (Vice-Chair)
• Gaen­er Rodger

In Attend­ance:

• Veron­ica Don­nelly, Azets
• Eliza­beth Young, Azets
• Stephanie Hume, Azets
• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Services
• Grant Moir, CEO
• Vicky Walk­er, Gov­ernance and Report­ing Manager

Apo­lo­gies: None

1. Intern­al Audit: High Level VAT Review (Paper 4)

Veron­ica Don­nelly, Azets intro­duced the report which presents the high level VAT review under­taken by Azets, the Authority’s intern­al aud­it­ors, as part of the agreed ²⁰²⁰⁄₂₁ Intern­al Audit Plan. The report estab­lished that there appeared mer­it in look­ing in more detail at under­pin­ning arrange­ments in a num­ber of oper­a­tion­al areas to ensure doc­u­ment­a­tion and lan­guage used does not inad­vert­ently give rise to VAT issues. There was also mer­it in look­ing in more detail at a num­ber of the Authority’s more com­plex part­ner­ship arrange­ments to ensure appro­pri­ate arrange­ments were in place to mit­ig­ate any poten­tial VAT implications.

2. The Audit and Risk Com­mit­tee dis­cussed the paper with the fol­low­ing com­ments and obser­va­tions arising:

3. The audit was asked to identi­fy any risk areas in the organ­isa­tions VAT pos­i­tion and hand­ling of VAT. The over­all report has not high­lighted sig­ni­fic­ant con­cerns how­ever there is a recom­mend­a­tion to ensure VAT is man­aged with­in gov­ernance arrange­ments and not expos­ing the organ­isa­tion to any liabilities.

4. The audit con­sidered examples of con­tracts and fin­an­cial reports. As a non-depart­ment­al pub­lic body there was no spe­cial treat­ment for VAT. The threshold for VAT regis­tra­tion is cur­rently 85k of income. This does not include mon­ies to sup­port activ­it­ies and those activ­it­ies being pub­lic realm (e.g. grant fund­ing). Joint work­ing arrange­ments is where HMRC could determ­ine this is a sup­ply of ser­vices for con­sid­er­a­tion. This where the main risk with CNPA’s VAT status is.

5. The audit iden­ti­fied some income with­in the oper­a­tion­al plan which could be inter­preted as VAT eli­gible. If this exceeded the threshold in future there would be a leg­al require­ment to register for VAT.

6. A mem­ber quer­ied wheth­er there were any bene­fits to being VAT registered. Veron­ica Don­nelly, Azets, respon­ded that this depends, as it only relates to busi­ness income but VAT recov­ery is avail­able unless VAT chargeable to oth­er party.

7. It was quer­ied wheth­er CNPA could apply for a Sec­tion 33 – VAT exemp­tion as applies to Nation­al Parks in Eng­land. The Com­mit­tee recog­nised this was a mat­ter for dis­cus­sion with Scot­tish gov­ern­ment at appro­pri­ate time around VAT status. How­ever the focus at the moment for the Author­ity is accept­ing cur­rent pos­i­tion and ensur­ing organ­isa­tion is oper­at­ing appropriately.

8. A mem­ber quer­ied wheth­er VAT amount pay­able could be nego­ti­ated. It was con­firmed that it could not be negotiated.

9. There was con­sensus among mem­bers on the need for a detailed VAT review to under­stand what the risk is in rela­tion to CNPAs man­age­ment of VAT and to ensure key con­trols were in place with­in sig­ni­fic­ant part­ner­ship pro­grammes of work to prop­erly man­age the VAT position.

10. It was quer­ied wheth­er a VAT officer was needed with­in the organ­isa­tion. The Dir­ect­or of Cor­por­ate ser­vices stated a call off arrange­ment maybe explored if review high­lights sig­ni­fic­ant work is required. He con­firmed that cur­rent fin­ance resource was being looked at as part of a wider piece of work.

11. Both the Chief Exec­ut­ive and Dir­ect­or of Cor­por­ate Ser­vices reas­sured the Com­mit­tee they were look­ing at cri­ter­ia on p. 9 and this appeared to con­firm there was very lim­ited over­all likely expos­ure. How­ever, there is a clear need to ensure VAT arrange­ments are in place and are appropriate.

3. The Audit and Risk Committee:

a) Con­sidered the high level VAT report set out in the Annex to this paper;

b) Agreed a detailed VAT review should be added to the ²⁰²¹⁄₂₂ intern­al audit pro­gramme, to cov­er iden­ti­fied areas of the Authority’s income as set out in Annex 1, togeth­er with admin­is­trat­ive arrange­ments sup­port­ing the Cairngorms Caper­cail­lie Pro­ject, LEAD­ER sup­port and Peat­land Action Pro­gramme and draft arrange­ments for coordin­a­tion and man­age­ment of the Her­it­age Hori­zons programme.

4. Action Points Arising:

i. Pri­or­ity should be giv­en to com­pleted a detailed VAT review dur­ing the remainder of 2021 – 22.

5. The meet­ing closed at 14:39 hours.