220930AuCtteePaper4AALEADERReportFINAL
Cairngorms National Park Authority
Internal Audit Report 2022⁄23
LEADER Programme
August 2022
A AZETS
Contents
- Executive Summary 1
- Management Action Plan 5
- Appendix A – Definitions 11
Audit Sponsor: David Cameron, Deputy Chief Executive
Key Contacts: Bridget Trussell, LEADER Programme Manager; Samantha Masson, Programme Supervisor
Audit team: Elizabeth Young, Engagement Lead; Stephanie Hume, Senior Manager; Lorna Munro, Internal Auditor
Executive Summary
Conclusion
We have confirmed that the procedures for the LEADER programme closure within Cairngorms National Park Authority (CNPA) reflect good practice. There is clear guidance for claim and closure processes covering inspection visits, inspection reports, updating the Local Actions in Rural Communities system (LARCs) and reviewing grantees’ files, and we confirmed these are being complied with.
We also confirmed CNPA has made progress in addressing both records management retention and lessons learned issues identified from the 2021⁄22 internal audit, with additional work planned over the remainder of 2022.
Background and scope
The LEADER programme forms part of the Scottish Rural Development Programme 2014 – 2020 for which CNPA is an Accountable Body. The LEADER programme is an initiative which aims to increase support to rural community and business networks to tackle local development objectives.
It is a requirement of the Service Level Agreement (SLA) between the Scottish Government and CNPA that an annual internal audit takes place to review the functions and services provided by the organisation in their role as Accountable Body, and to assess the extent to which they are meeting the requirements outlined in the SLA.
The LEADER programme closed at the end of December 2021.
In accordance with the 2022⁄23 Internal Audit plan we reviewed the project, claim and programme closure processes to ensure compliance with the SLA for the LEADER programme and the effectiveness of project and programme closure.
Control assessment
- Final claims submitted to the Scottish Government are in line with eligibility criteria and review/approved prior to payment, with all outstanding grant claims submitted before the 31 December 2021 deadline.
- Project visits and final inspection reports have been completed prior to final project claims being paid.
- Internal administration closure procedures have been undertaken with a letter of project closure to each applicant being issued.
- Procedures are in place to ensure that all records held by CNPA are maintained and accessible for the periods identified in the Service Level Agreement.
- CNPA has put in place measures to capture lessons learned for inclusion in future grant programmes.
Improvement actions by type and priority (Diagram showing improvement actions by type and priority)
Two improvement actions have been identified from this review, one of which relates to the operation of the controls in place. See Appendix A for definitions of colour coding.
Key findings
Good practice
- Eligibility criteria is clearly outlined in the guidance available to both applicants and staff within CNPA.
- All claims made by applicants are subject to review to ensure they are eligible, and that appropriate evidence of the expenditure incurred has been provided.
- We confirmed there is clear segregation of duties throughout the processes in place.
- The LEADER programme ensured that all projects submitted final claims prior to the 31 December 2021 deadline.
- All projects had an ‘in-situ’ inspection report completed.
- There are a range of internal closure procedures in place, including updating LARCs, in-situ reports and grantee file reviews.
- Each project must complete a ‘Case Study’ to highlight the experience of delivering the programme and the benefits achieved.
- A closure letter is issued to each project reminding them of their responsibilities in relation to maintaining records for review by the Scottish Government and/or European Union (EU).
- A programme evaluation report1, containing lessons learned, has been delivered on programme outcome achievement and programme delivery, using feedback and completed case studies.
Areas for improvement
We have identified a small number of areas for improvement which, if addressed, would strengthen CNPA’s control framework for future grant programmes. These include:
- Ensuring that decisions out with expected grant processes are appropriately documented and recorded.
- Consider whether contingency arrangements are required for key process steps within grant programmes, to ensure grant processes are followed in a timely manner.
These are further discussed in the Management Action Plan below.
Impact on risk register
The CNPA corporate risk register (dated May 2022) included the following risks relevant to this review:
- A11.1: Roles as Lead/Accountable body for major programmes (e.g. LEADER, Landscape Partnership) has risk of significant financial clawback should expenditure prove to be not eligible for funding, while CNPA carries responsibilities as employer for programme staff.
1Covering the period 2014 – 2020, at which 85% of projects had been fully completed.
The downward trend in risk score will continue as the Scottish Government and EU audit queries reduce, however there will be some long-term resourcing risks, due to obligations related to records retention.
Our commentary related to staff capacity and contingency arrangements whilst not of significant impact will contribute to managements consideration of the following risk:
- A9.3: Staffing: additional externally funded projects strains staff workload capacity with increased risks of stress and reduced morale.
Acknowledgements
We would like to thank all staff consulted during this review for their assistance and co-operation.
Management Action Plan
Control Objective 1: Final claims submitted to the Scottish Government are in line with eligibility criteria and review/approved prior to payment, with all outstanding grant claims submitted before the 31 December 2021 deadline. (Yellow)
1.1 Claims approval, evidence and records
We reviewed two final claims and confirmed that all claims had been checked for eligibility.
In respect of the claim for the TICK Project, we noted that this was assessed by the Programme Supervisor on 15 December 2021 and signed off by the Programme Manager on 26 January 2022. The payment authorisation form however was signed on 14 December 2021 and payment made on 17 December 2021, meaning that this was done prior to the prepayment checklist being fully completed. Management confirmed the Programme Manager took the decision, given the impending Scottish Government deadline for final claim submission, to approve the payment as this was the only issue outstanding and the grantee was the Cairngorms Trust (the application body).
We confirmed the payment was appropriately authorised and countersigned by the Deputy Chief Executive and the money has been reimbursed to CNPA by the Scottish Government following their internal checks.
We note the practical reasons for the decision taken, however this transaction did not comply with the agreed policy and procedures.
Risk: There is a risk that the organisation cannot fully evidence adherence to grant requirements as a result of exceptional decisions.
Recommendation: For other grant programmes CNPA should ensure that decisions taken which vary from standard processes are clearly documented including the approval route for the decision being made. Further, any additional risks created by the decision should be appropriately documented on the risk register or any existing, relevant, risk scores adjusted to reflect this.
Management Action (Grade 2 — Operation): In this instance, action was taken in consideration of a balance of risks: risk of expenditure not being reimbursed if payment was not made before programme deadlines (very high risk) as opposed to irrecoverable error in claim being discovered after payment (very low risk given TICK project is a commissioned project by Cairngorms Trust and strength of relationships such that any financial error would be recovered). The learning point taken from this is to ensure that these management and risk considerations are documented at the time and retained for reference.
This seems a general learning point rather than a specific action. However, to evidence learning, we will seek to ensure some explicit reference to this documented requirement is made in the procedures supporting the Community Led Local Development grant fund currently in development.
Action owner: Community Grants Manager Due date: December 2022
1.2 Contingency arrangements
While the final Scottish Government deadline for submission was 31 December, we noted an internal deadline for completion was set for 15 December due to planned staff leave. As highlighted in MAP 1.1 this impacted the final claim process. Further, staff capacity to meet all the associated requirements by the earlier deadline was compounded by staff sick leave and the small size of the team. This also led to an in-situ report on the TICK project not being produced for three weeks, following the payment of the final claim.
The issues which arose highlighted the requirement for contingency arrangements to be agreed in advance to ensure processes continue to operate when staff within the small team become unavailable.
Risk: There is a risk that CNPA is under resourced during key periods of the grant process, resulting in key processes not being adhered to.
Recommendation: To ensure grant processes are followed in a timely manner Management should consider whether contingency arrangements are required at key milestones and/or for key process steps within grant programmes, especially for those with limited staff resources.
Management Action (Grade 1 — Design): This seems something best incorporated into future development of business continuity advice at an operational level rather than being grant programme specific. The need for services to consider their specific business continuity provisions, in context of deadlines / services standards / team size seems a generic matter. We will therefore seek to incorporate this action into our wider Business Continuity Planning thinking
Action owner: Governance, Data and Reporting Manager Due date: September 2023
Control Objective 2: Project visits and final inspection reports have been completed prior to final project claims being paid. (Green)
No reportable weaknesses identified
CNPA and Scottish Government guidance identifies that a site inspection must take place, where appropriate, and this would normally be conducted in line with the final payment, unless an inspection has taken place recently. We confirmed that this was carried out as expected in both of the projects sampled. In both cases an ‘in-situ’ inspection report was also completed for all projects.
Control Objective 3: Internal administration closure procedures have been undertaken with a letter of project closure to each applicant being issued. (Green)
No reportable weaknesses identified
There are clear policies and procedures in place that detail the closure process for each grant, site visits, project file reviews, inspection reports, case studies, final claim payments, final claim reimbursement to CNPA and ensuring LARCs is updated. Our testing confirmed that each of these steps were completed for the two projects sampled and closure letters were issued reminding projects of their ongoing responsibility for maintaining records.
We also confirmed that CNPA had addressed, completed and submitted the form accompanying the Cairngorms Local Action Group (GLAG) Closure Requirements by the required deadline of the 31 December 2021.
Control Objective 4: Procedures are in place to ensure that all records held by CNPA are maintained and accessible for the periods identified in the Service Level Agreement. (Yellow)
4.1 Records management
The LEADER Programme audit of 2021⁄22 noted that:
- CNPA records management retention schedules did not address the 10 years for heritable property requirement as noted in the Service Level Agreement with the Scottish Government.
- Electronic documents are not restricted for editing in Windows Explorer (file management system), impacting the availability of a clear audit trail as documents could be changed and only the last version retained.
- CNPA could be non-compliant with the Service Level Agreement, due to transitioning to Cloud based network access, impacting access to electronic documents, should the Scottish Government or EU wish to access them.
We confirmed that CNPA have since restricted access to the files to three staff and are investigating additional options for restricting editability (mass scanning to pdf or setting to read only), however as files are still being accessed to respond to Scottish Government queries the decision has been deferred for a further three months. We note that the ultimate point of reference for the LEADER programme documentation is LARCS.
We assessed the control as yellow to reflect the ongoing activity and note that the findings will continue to be monitored through the CNPA follow up process.
Control Objective 5: CNPA has put in place measures to capture lessons learned for inclusion in future grant programmes. (Yellow)
5.1 Lessons learned
The 2021⁄22 audit of the LEADER Programme noted that whilst CNPA captured lessons learned from individual LEADER projects and the overarching programme, these activities were substantially focussed on programme outcomes and achievements, with less emphasis on processes and feedback from Cairngorm Local Action Group Members and staff. The processes in place to capture informal feedback from various forums including team and external meetings was also at risk, as it was not documented.
We found no evidence of a structured methodology or process, such as an action plan, to ensure that the lessons were disseminated, and action taken or actively used in future work. However management recently took part in nationally organised sessions to feedback on learning, supporting the evolution of community led local development processes. Internally the LEADER team are supporting work on three small grant programmes (as part of Heritage Horizons grant developments), bringing their experience to bear. The CLAG Members are also involved in this process and providing insight from their perspective of the LEADER Programme implementation. Further a documented lessons learned report for the whole of the LEADER Programme (nationally) is expected in December 2022.
We assessed the control as yellow to reflect the ongoing activity and note that the findings will continue to be monitored through the CNPA follow up process.
Appendix A – Definitions
Control assessments
- R: Fundamental absence or failure of key controls.
- A: Control objective not achieved — controls are inadequate or ineffective.
- Y: Control objective achieved — no major weaknesses but scope for improvement.
- G: Control objective achieved — controls are adequate, effective and efficient.
Management action grades
- 4: Very high risk exposure — major concerns requiring immediate senior attention that create fundamental risks within the organisation.
- 3: High risk exposure — absence / failure of key controls that create significant risks within the organisation.
- 2: Moderate risk exposure — controls are not working effectively and efficiently and may create moderate risks within the organisation.
- 1: Limited risk exposure — controls are working effectively, but could be strengthened to prevent the creation of minor risks or address general house-keeping issues.
© Azets 2022. All rights reserved. Azets refers to Azets Audit Services Limited. Registered in England & Wales Registered No. 09652677. VAT Registration No. 219 0608 22.
Registered to carry on audit work in the UK and regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales.