220930AuCtteePaper5Annex2AzetsCNPAAssuranceMappingReport
Cairngorms National Park Authority
Assurance Mapping
September 2022
A AZETS CAIRNGORMS NATIONAL PARK AUTHORITY Audit & Risk Committee Paper 5 Annex 2 30/09/22
Outline
Background and scope
The Scottish Government Audit Committee Handbook suggests that in order to properly fulfil their role, Audit Committees should be provided with an assurance framework.
Assurance Frameworks build on the ‘three lines of defence’ model by considering the role of all the assurance providers under each line and the level of comfort that their work provides. In other words, the development of an assurance framework will clearly demonstrate to the audit and risk committee members:
- The breadth of assurance they receive
- The strength or quality of that assurance
- Any area where they need more assurance that they currently receive (or are receiving assurance they don’t need)
Accountable officers can also use the assurance framework when considering the systems of internal control, governance and risks management and preparing their annual governance statement.
Methodology
Our assurance mapping methodology breaks the process down into five key stages:
- Assurance Areas: Identify all the key areas of your organisation where assurance may be required.
- Assurance Providers: Confirm and document your current sources of assurance.
- Quality of Assurance: Assess the quality of assurance activities identified and rate these according to pre-agreed criteria including consideration of the frequency and scope of the activity, as well as the expertise of the assurance provider.
- Assurance Need: Identify your current ‘assurance need’ for each area of your organisation.
- Assurance Map: Consolidate all of the information gathered throughout our review and present you with an assurance map.
Work Undertaken to Date
Over the course of the past few months we have created a detailed draft list of assurance areas and shared these with management. Utilising the detailed list agreed with management we have created a high level list of areas for Audit Committee comment.
Audit Committee Action
We ask the Audit Committee to review the draft list of assurance areas at Appendix 1 to ensure it covers all key areas of the organisation and approve the list subject to any change.
The second stage of this process is for the Audit Committee to define the level of assurance they feel is required to assure members that activities are taking place to ensure the delivery of the organisations strategic objectives and statutory obligations. This should be assessed as ‘high’, ‘medium’ or ‘low’. In considering this need members should consider the risks associated with the areas being reviewed, the obligations on the organisation for each area e.g., statutory obligations and the frequency of discussions related to the areas and at what level e.g. operational vs strategic.
In order to support this we have proposed assurance need levels for each of the areas for consideration and discussion at Appendix 1, these have been developed from a review of the strategic risk register, and insights from internal audits undertaken and previous Audit Committee attendance.
Next Steps
Following approval of the assurance areas we will:
- Confirm and document your current sources of assurance.
- Assess the quality of assurance activities identified and rate these according to pre-agreed criteria including consideration of the frequency and scope of the activity, as well as the expertise of the assurance provider.
- Consolidate all of the information gathered throughout our review and present you with an assurance map.
We will undertake this work with a view to presenting the final output to the Audit Committee at the November 2022 meeting.
© Azets 2022. All rights reserved. Azets refers to Azets Audit Services Limited. Registered in England & Wales Registered No. 09652677. VAT Registration No. 219 0608 22.
Registered to carry on audit work in the UK and regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales.