CAIRNGORMS NATION­AL PARK AUTHORITY

AUDIT & RISK COMMITTEE

FOR DECISION

Title: INTERN­AL AUDIT: ICT STRATEGY REVIEW

Cov­er Paper Pre­pared by: ALIX HARK­NESS, CLERK TO THE BOARD

Report Sub­mit­ted by: ASH­LEY BICK­ER­STAFF, AZETS

Pur­pose

This paper presents the review of the Cairngorms NPA’s approaches and con­trols in place for our ICT Strategy. The review has been under­taken as part of the agreed Intern­al Audit Plan for ²⁰²¹⁄₂₂.

Recom­mend­a­tions

The Audit & Risk Com­mit­tee is asked to:

a) Con­sider the intern­al aud­it­ors report and find­ings; b) Endorse the man­age­ment responses to recom­mend­a­tions for future action and sys­tem improvements.

Exec­ut­ive Summary

1. Azets have under­taken a review of the Authority’s ICT Strategy. The intern­al audit report is presen­ted in full at Annex I to this paper.

2. Four recom­mend­a­tions for improve­ment actions are raised, all of which have been accep­ted by man­age­ment. Responses to recom­mend­a­tions out­lining future action to be taken, officers respons­ible and timetable for action have been set out in the report at Annex I. Two of the recom­mend­a­tions are assessed to have high risk expos­ure and two have been assessed as mod­er­ate risk exposure.

3. Of the four areas of con­trol assess­ment covered by the review, two are iden­ti­fied as hav­ing their con­trol object­ives achieved while with scope for improve­ment. The remain­ing two con­trol object­ives are assessed as not achieved with inad­equate or inef­fect­ive con­trols in place.

Alix Hark­ness, 18 May 2022 alixharkness@​cairngorms.​co.​uk