230621AuCtteePaper5CNPA 22-23 ASM
Audit Strategy Memorandum
Cairngorms National Park Authority
Year ending 31 March 2023
Contents
- Engagement and responsibilities summary
- Your audit engagement team
- Audit scope, approach and timeline
- Significant risks and other key judgement areas
- Wider scope and Best Value
- Fees for audit and other services
- Our commitment to independence
- Materiality and misstatements A. Appendix A – Key communication points B. Appendix B – Revised auditing standard on identifying and assessing the risks of material misstatement: ISA (UK) 315 (Revised 2019)
This document is to be regarded as confidential to Cairngorms National Park Authority. It has been prepared for the sole use of the Audit and Risk Committee as the appropriate committee charged with governance. No responsibility is accepted to any other person in respect of the whole or part of its contents. Our written consent must first be obtained before this document, or any part of it, is disclosed to a third party.
1. Engagement and Responsibilities Summary
Overview of engagement:
We are appointed to perform the external audit of Cairngorms National Park Authority (CNPA) for the year to 31 March 2023. The scope of our engagement is set out in the Code of Audit Practice, issued by the Auditor General and the Accounts Commission available from the Audit Scotland website. Our responsibilities are established by the Public Finance and Accountability (Scotland) Act 2000 and the Code of Audit Practice, as outlined below.
Audit opinion:
We are responsible for forming and expressing an independent opinion on whether the financial statements are prepared, in all material respects, in accordance with all applicable statutory requirements. Our audit does not relieve management or the Audit and Risk Committee, as Those Charged With Governance, of their responsibilities.
CNPA is responsible for the assessment of whether it is appropriate for CNPA to prepare its accounts on a going concern basis. As auditors, we are required to obtain sufficient appropriate audit evidence regarding and conclude on: a) whether a material uncertainty related to going concern exists; and b) consider the appropriateness of CNPA’s use of the going concern basis of accounting in the preparation of the financial statements.
Fraud:
The responsibility for safeguarding assets and for the prevention and detection of fraud, error and non-compliance with law or regulations rests with both Those Charged With Governance and management. This includes establishing and maintaining internal controls over reliability of financial reporting.
As part of our audit procedures in relation to fraud we are required to enquire of Those Charged With Governance, including key management and internal audit as to their knowledge of instances of fraud, the risk of fraud and their views on internal controls that mitigate the fraud risks. In accordance with International Standards on Auditing (UK), we plan and perform our audit so as to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Our audit, however, should not be relied upon to identify all such misstatements.
Wider scope and Best Value:
We are also responsible for reviewing and reporting on the wider scope arrangements that CNPA has in place. We discuss our approach to wider scope work further in section 5 of this report.
2. Your Audit Engagement Team
Below is your audit engagement team and their contact details:
Tom Reid Engagement Director tom.reid@mazars.co.uk 07816 354 994
3. Audit Scope, Approach and Timeline
Audit scope:
Our audit approach is designed to provide an audit that complies with all professional requirements. Our audit of the financial statements will be conducted in accordance with International Standards on Auditing (UK), relevant ethical and professional standards, our own audit approach and in accordance with the terms of our engagement. Our work is focused on those aspects of your activities which we consider to have a higher risk of material misstatement, such as those impacted by management judgement and estimation, application of new accounting standards, changes of accounting policy, changes to operations or areas which have been found to contain material errors in the past.
Audit approach:
Our audit approach is risk-based and primarily driven by the issues that we consider lead to a higher risk of material misstatement of the accounts. Once we have completed our risk assessment, we develop our audit strategy and design audit procedures in response to the risks identified. If we conclude that appropriately-designed controls are in place then we may plan to test and rely upon these controls. If we decide controls are not appropriately designed, or we decide it would be more efficient to do so, we may take a wholly substantive approach to our audit testing. Substantive procedures are audit procedures designed to detect material misstatements at the assertion level and comprise: tests of details (of classes of transactions, account balances, and disclosures); and substantive analytical procedures. Irrespective of the assessed risks of material misstatement, which take into account our evaluation of the operating effectiveness of controls, we are required to design and perform substantive procedures for each material class of transactions, account balance, and disclosure. Our audit will be planned and performed so as to provide reasonable assurance that the financial statements are free from material misstatement and give a true and fair view. The concept of materiality and how we define a misstatement is explained in more detail in section 8.
Reliance on internal audit:
Where possible we will seek to utilise the work performed by internal audit to modify the nature, extent and timing of our audit procedures. We will meet with internal audit on an ongoing basis to discuss the progress and findings of their work as part of our ongoing assessment of CNPA’s control environment. Where we intend to rely on the work on internal audit, we will evaluate the work performed by your internal audit team and perform our own audit procedures to determine its adequacy for our audit.
Management’s and our experts:
Management makes use of experts in specific areas when preparing the CNPA’s financial statements. We also use experts to assist us to obtain sufficient appropriate audit evidence on specific items of account.
4. Significant Risks and Other Key Judgement Areas
Following the risk assessment approach discussed in section 3 of this document, we have identified risks relevant to the audit of financial statements. The risks that we identify are categorised as significant, enhanced or standard. The definitions of the level of risk rating are given below:
Significant risk:
Significant risks are those risks assessed as being close to the upper end of the spectrum of inherent risk, based on the combination of the likelihood of a misstatement occurring and the magnitude of any potential misstatement. Fraud risks are always assessed as significant risks as required by auditing standards, including management override of controls and revenue recognition.
Enhanced risk:
An enhanced risk is an area of higher assessed risk of material misstatement at audit assertion level other than a significant risk. Enhanced risks require additional consideration but does not rise to the level of a significant risk, these include but may not be limited to:
- key areas of management judgement, including accounting estimates which are material but are not considered to give rise to a significant risk of material misstatement; and
- other audit assertion risks arising from significant events or transactions that occurred during the period.
Standard risk:
This is related to relatively routine, non-complex transactions that tend to be subject to systematic processing and require little management judgement. Although it is considered that there is a risk of material misstatement (RMM), there are no elevated or special factors related to the nature, the likely magnitude of the potential misstatements or the likelihood of the risk occurring.
Summary risk assessment:
The summary risk assessment, illustrated in the table below, highlights those risks which we deem to be significant and other enhanced risks in respect of CNPA. We have summarised our audit response to these risks on the next page.
Specific identified audit risks and planned testing strategy:
We have presented below in more detail the reasons for the risk assessment highlighted above, and also our testing approach with respect to significant risks. An audit is a dynamic process, should we change our view of risk or approach to address the identified risks during the course of our audit, we will report this to the Audit and Risk Committee.
5. Wider Scope and Best Value
The framework for wider scope work:
The Code of Audit Practice sets out the four areas that frame the wider scope of public sector audit. We are required to form a view on the adequacy of CNPA’s arrangements in four areas:
- Financial management
- Financial sustainability
- Vision, leadership, and governance
- Use of resources to improve outcomes.
Our approach:
Our planned audit work against the four wider scope areas is risk based and proportionate. We need to gather sufficient evidence to support our commentary on CNPAs arrangements and to identify and report on any significant weaknesses. We will carry out more detailed work where we identify significant risks. Where significant weaknesses are identified we will report these to CNPA and make recommendations for improvement. In addition to local risks, we consider challenges that are impacting the public sector as a whole.
The Code of Audit Practice permits an alternative audit approach where an audited body is considered less complex due its size and limited financial activity. The Code of Audit Practice supplementary guidance sets out the criteria for auditors to use to determine if a body is less complex and the audit approach to be adopted in such circumstances.
CNPA’s gross expenditure slightly exceeds the quantitative criteria for a less complex body, however we have rebutted the size criteria based on an assessment of the qualitative criteria for bodies above the quantitative threshold. We have not identified any wider scope risks, CNPA has not been subject to a statutory report in the previous year and CNPA is not subject to significant public scrutiny. We have therefore concluded, based on our understanding of CNPA though our planning work, that it is a less complex body. This was also the judgement of CNPA’s previous auditor.
We will therefore restrict our wider scope work to:
- a review of the Annual Governance Statement
- concluding on the financial sustainability of CNPA and the services that it delivers in the medium to longer term.
6. Fees for Audit and Other Services
Fees for work as CNPA’s appointed auditor
At this stage of the audit, we are not planning any divergence from the expected fees set by Audit Scotland. The breakdown of the fee is set out in the table below.
We have taken account of the risk exposure of CNPA and the management assurances in place. We have assumed that CNPA has effective governance arrangements and will prepare comprehensive and accurate accounts and working papers for audit in line with the agreed timetable for the audit. We reserve the right to charge a supplementary fee where our audit cannot proceed as planned. An additional fee will be required for any other significant exercises not within our planned audit activity.
7. Our Commitment to Independence
We are committed to independence and are required by the Financial Reporting Council to confirm to you at least annually in writing that we comply with the FRC’s Ethical Standard. In addition, we communicate any matters or relationship which we believe may have a bearing on our independence or the objectivity of the audit team.
Based on the information provided by you and our own internal procedures to safeguard our independence as auditors, we confirm that in our professional judgement there are no relationships between us and any of our related or subsidiary entities, and you and your related entities creating any unacceptable threats to our independence within the regulatory or professional requirements governing us as your auditors.
We have policies and procedures in place which are designed to ensure that we carry out our work with integrity, objectivity and independence. These policies include:
- all partners and staff are required to complete an annual independence declaration;
- all new partners and staff are required to complete an independence confirmation and also complete computer based ethical training;
- rotation policies covering audit engagement partners and other key members of the audit team; and
- use by managers and partners of our client and engagement acceptance system which requires all non-audit services to be approved in advance by the audit engagement partner.
We confirm, as at the date of this document, that the engagement team and others in the firm as appropriate, Mazars LLP are independent and comply with relevant ethical requirements. However, if at any time you have concerns or questions about our integrity, objectivity or independence please discuss these with Tom Reid in the first instance.
Prior to the provision of any non-audit services, Tom Reid will undertake appropriate procedures to consider and fully assess the impact that providing the service may have on our auditor independence. Any emerging independence threats and associated identified safeguards will be communicated in our Annual Audit Report.
8. Materiality and Misstatements
Summary of initial materiality thresholds:
Materiality:
Materiality is an expression of the relative significance or importance of a particular matter in the context of financial statements as a whole. Information is considered to be material if omitting, misstating or obscuring it could reasonably be expected to influence the decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.
Judgements on materiality are made in light of surrounding circumstances and are affected by the size and nature of a misstatement, or a combination of both. Judgements about materiality are based on consideration of the common financial information needs of users as a group and not on specific individual users.
The assessment of what is material is a matter of professional judgement and is affected by our perception of the financial information needs of the users of the financial statements. In making our assessment we assume that users:
- have a reasonable knowledge of business, economic activities and accounts;
- have a willingness to study the information in the financial statements with reasonable diligence;
- understand that financial statements are prepared, presented and audited to levels of materiality;
- recognise the uncertainties inherent in the measurement of amounts based on the use of estimates, judgement and the consideration of future events; and
- will make reasonable economic decisions on the basis of the information in the financial statements.
Materiality (continued):
We consider materiality whilst planning and performing our audit based on quantitative and qualitative factors. Whilst planning, we make judgements about the size of misstatements which we consider to be material and which provides a basis for determining the nature, timing and extent of risk assessment procedures, identifying and assessing the risk of material misstatement and determining the nature, timing and extent of further audit procedures.
The materiality determined at the planning stage does not necessarily establish an amount below which uncorrected misstatements, either individually or in aggregate, will be considered as immaterial.
We revise materiality for the financial statements as our audit progresses should we become aware of information that would have caused us to determine a different amount had we been aware of that information at the planning stage.
Our provisional materiality is set based on a benchmark of total expenditure. We will identify a figure for materiality but identify separate levels for procedures designed to detect individual errors, and also a level above which all identified errors will be reported to the Audit and Risk Committee.
We consider that total expenditure remains the key focus of users of the financial statements and, as such, we base our materiality levels around this benchmark.
We expect to set a materiality threshold at 2% of total expenditure. Based on the audited 2021⁄22 financial statements we anticipate the overall materiality for the year ending 31 March 2023 to be in the region of £206,300.
After setting initial materiality, we continue to monitor materiality throughout the audit to ensure that it is set at an appropriate level.
Performance Materiality:
Performance materiality is the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce, to an appropriately low level, the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. For a first-year audit we have applied 70% of overall materiality as performance materiality.
Misstatements:
We accumulate misstatements identified during the audit that are other than clearly trivial. We set a level of triviality for individual errors identified (a reporting threshold) for reporting to the Audit and Risk Committee that is consistent with the level of triviality that we consider would not need to be accumulated because we expect that the accumulation of such amounts would not have a material effect on the financial statements. Based on our preliminary assessment of overall materiality, our proposed triviality threshold is £6,200 based on 3% of overall materiality. If you have any queries about this please do not hesitate to raise these with Tom Reid.
Reporting to the Audit and Risk Committee:
The following three types of audit differences above the trivial threshold will be presented to the Audit and Risk Committee:
- summary of adjusted audit differences;
- summary of unadjusted audit differences; and
- summary of disclosure differences (adjusted and unadjusted).
Appendices
A. Key communication points
B. Revised auditing standard on Identifying and assessing the risks of material misstatement: ISA (UK) 315 (Revised 2019)