Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

231124ACRPaper5InternalAuditHealthandSafety

Cairngorms Nation­al Park Authority

Intern­al Audit Report 202324

Health and Safety

Novem­ber 2023


Page 2

Cairngorms Nation­al Park Authority Intern­al Audit Report 202324 Health and Safety

  • Exec­ut­ive Sum­mary — 1
  • Man­age­ment Action Plan — 4
  • Appendix A – Defin­i­tions — 13
Audit Spon­sorKey Con­tactsAudit team
Dav­id Camer­on, Deputy Chief ExecutiveKate Christie, Head of Organ­isa­tion­al Devel­op­ment Mark Pocock, Facil­it­ies ManagerEliza­beth Young, Part­ner Stephanie Hume, Seni­or Audit Man­ager Aidan Far­rell, Intern­al Auditor

Page 3

Exec­ut­ive Summary

Con­clu­sion

We con­firmed that Cairngorms Nation­al Park (CNPA) have a Health and Safety Policy in place that clearly artic­u­lates the roles and respons­ib­il­it­ies of staff and the require­ment to com­ply with the Health and Safety and Work Act (1974). Fur­ther, we iden­ti­fied that man­age­ment has clearly out­lined the train­ing required for staff, both at induc­tion (where a check­list is provided) and as refresh­er train­ing on an ongo­ing basis. We also note all the policies and pro­ced­ures are held in one easy to access loc­a­tion for staff on an intranet page.

We also iden­ti­fied a num­ber of oppor­tun­it­ies to strengthen the con­trol envir­on­ment. These include the need to bring up to date a num­ber of the policies and pro­ced­ures, improve the com­ple­tion rates for staff train­ing and ensure the Acci­dent Log is kept up to date. Fur­ther, we noted that at present there is no report­ing into the Seni­or Man­age­ment Team on health and safety related activ­it­ies pri­or to inform­a­tion being repor­ted into the gov­ernance struc­ture. Giv­en the work some CNPA staff under­take they are likely to be at a high­er risk than office-based work­ers, there­fore it is essen­tial to have robust Health and Safety arrange­ments in place to pro­tect them.

Back­ground and scope

The primary piece of legis­la­tion cov­er­ing occu­pa­tion­al health and safety in the United King­dom is The Health and Safety at Work Act (1974). The primary aim of the act is to secure the health, safety and wel­fare of people at work.

The gen­er­al pro­vi­sions of the Act impose a duty on all employ­ers to ensure, as far as is reas­on­ably prac­tic­able, the safety of their employ­ees at work by main­tain­ing safe plans, safe sys­tems of work, and safe premises and also by ensur­ing adequate instruc­tion, train­ing and supervision.

To ensure com­pli­ance with rel­ev­ant legis­la­tion, it is vital that CNPA have appro­pri­ate policies and pro­ced­ures in place and that there is aware­ness among all levels of CNPA’s staff regard­ing health and safety arrangements.

In accord­ance with the 2023/2024 Intern­al Audit Plan, we reviewed the oper­a­tion and report­ing on health and safety policies and procedures.


Page 4

Con­trol assessment

Col­ourPri­or­ity
Yel­low4
Amber1 – 3
  1. There are clear health and safety policies and pro­ced­ures in place that have been aligned with legis­la­tion and are being adhered to by staff.
  2. Roles and respons­ib­il­it­ies for ensur­ing com­pli­ance with health and safety legis­la­tion are clearly defined with­in the policies and pro­ced­ures, with appro­pri­ate train­ing provided to all staff, both at induc­tion and on an ongo­ing basis.
  3. A robust pro­cess is in place to record health and safety incid­ents, includ­ing iden­ti­fic­a­tion and imple­ment­a­tion of cor­rect­ive action where necessary.
  4. Mon­it­or­ing and report­ing arrange­ments allow man­age­ment and the Board to con­firm that health and safety policies and pro­ced­ures are fol­lowed con­sist­ently across the organ­isa­tion and identi­fy sys­tem­at­ic issues or trends.

Improve­ment actions by type and priority

(Dia­gram show­ing bars for Con­trol Design and Con­trol Oper­a­tion, graded 1 – 4)

Six improve­ment actions have been iden­ti­fied from this review, four of which relate to the design of con­trols. See Appendix A for defin­i­tions of col­our coding.


Page 5

Key find­ings

Good prac­tice

  • We con­firmed CNPA has a Health and Safety Policy in place that clearly artic­u­lates the respect­ive roles and respons­ib­il­it­ies with­in the organ­isa­tion for ensur­ing com­pli­ance with the Health and Safety at Work Act (1974).
  • The Health and Safety Policy is sup­ple­men­ted by a num­ber of addi­tion­al sup­port­ing policies and pro­ced­ures tailored to cov­er health and safety con­sid­er­a­tions in role/​person spe­cif­ic cir­cum­stances e.g. First Aid, Lone Work­ing and DSE. We con­firmed all health and safety doc­u­ment­a­tion is cent­rally avail­able to staff via the staff intranet (Eolas).
  • We con­firmed CNPA has clearly artic­u­lated the health and safety train­ing required at induc­tion and for refresh­er training.
  • We con­firmed a Health and Safety Com­mit­tee is in place and meets quarterly, with minutes provided to the Resources Com­mit­tee to provide assur­ance over its activities.

Areas for improvement

We have iden­ti­fied a num­ber of areas for improve­ment which, if addressed, would strengthen CNPA’s con­trol frame­work. These include:

  • Ensur­ing the Health and Safety Policy and all sup­port­ing policies are sub­ject to reg­u­lar review.
  • Remind­ing line man­agers of the import­ance of ensur­ing that all new starts com­plete all new start train­ing and man­age­ment ensur­ing the com­ple­tion rates of induc­tion train­ing are mon­itored and repor­ted to the Health and Safety Committee.
  • Ensur­ing the Acci­dent Register is updated for all incid­ents on an ongo­ing basis.
  • Ensur­ing there is reg­u­lar report­ing to the Seni­or Man­age­ment Team on the activ­it­ies sur­round­ing health and safety.

These are fur­ther dis­cussed in the Man­age­ment Action Plan below.

Impact on risk register

The CNPA cor­por­ate risk register (Janu­ary 2023) included the fol­low­ing risks rel­ev­ant to this review:

  • Repu­ta­tion: One-off high-pro­file incid­ents and/​or voci­fer­ous social media cor­res­pond­ents have an undue influ­ence on the Authority’s pos­it­ive reputation.

As a res­ult of the find­ings of our review, in par­tic­u­lar the low com­ple­tion rates for health and safety train­ing both at induc­tion and at refresh­er train­ing man­age­ment should con­sider wheth­er the cur­rent word­ing and rat­ing of this risk requires amendment.

Acknow­ledge­ments

We would like to thank all staff con­sul­ted dur­ing this review for their assist­ance and co-operation.


Page 6

Man­age­ment Action Plan

Con­trol Object­ive 1: There are clear health and safety policies and pro­ced­ures in place which have been aligned with legis­la­tion and are being adhered to by staff.

1.1 Health and Safety Policies and Procedures

We reviewed six key health and safety policies and pro­ced­ures and iden­ti­fied that none had been reviewed with­in the past 12 months:

  • The Health and Safety Policy was last reviewed in March 2022.
  • The DSE Policy was last reviewed in March 2019.
  • The First Aid was last reviewed in Janu­ary 2019.
  • The Con­trol of Sub­stances Haz­ard­ous to Health Policy was adop­ted in Septem­ber 2016 and has not been signed off for review since.
  • The Per­mit to Work Pro­ced­ure had no doc­u­mented review date.

Risk

There is a risk that policies and pro­ced­ures are no longer reflect­ive of cur­rent legis­la­tion or best prac­tice due to not being under reg­u­lar review, res­ult­ing in incon­sist­ent pro­cesses and poten­tial harm to staff.

Recom­mend­a­tion

We recom­mend that the Health and Safety Policy and all sup­port­ing policies are sub­ject to reg­u­lar review to ensure that they reflect the cur­rent legis­lat­ive require­ments, the health and safety risks cur­rently posed to staff and the range of activ­it­ies that staff are involved in. In addi­tion man­age­ment should ensure all policies and pro­ced­ures include ver­sion con­trol and that the Health and Safety Com­mit­tee mon­it­ors pro­gress in this area to ensure appro­pri­ate scru­tiny and oversight.

Man­age­ment ActionGrade 3 (Design)
We accept this recom­mend­a­tion, and will imple­ment a review sched­ule, and will update all policies with a ver­sion con­trol table. Giv­en the num­ber of policies and resource con­straints, this will be a staggered review.
Action own­er: Facil­it­ies ManagerDue date: April 2024

Page 7

Con­trol Object­ive 2: Roles and respons­ib­il­it­ies for ensur­ing com­pli­ance with health and safety legis­la­tion are clearly defined with­in the policies and pro­ced­ures, with appro­pri­ate train­ing provided to all staff, both at induc­tion and on an ongo­ing basis.

2.1 Health and Safety Induc­tion Training

We con­firmed all new staff are required to under­take health and safety train­ing as part of their induc­tion. The require­ment for train­ing is com­mu­nic­ated to line man­agers and staff mem­bers through the induc­tion check­list. We con­firmed the check­list requires induc­tion train­ing through the ELMS sys­tem and cov­ers the fol­low­ing areas:

  • Intro­duc­tion to Health & Safety
  • Man­aging Health & Safety (Man­agers)
  • Fire Safety
  • Driv­ing Safety
  • Manu­al Handling
  • DSE
  • Office Safety

We con­firmed the check­list requests new starts to com­mence their ELMS train­ing dur­ing week one and spe­cif­ic that it should be com­pleted by the end of their first month. We selec­ted a sample of ten new starters with­in the past two years and iden­ti­fied the following:

  • Five (50%) new starters had com­pleted all health and safety training.
  • Five (50%) new starters had only par­tially com­pleted the health and safety train­ing. Of these five we con­firmed four were over the month dead­line for com­ple­tion of train­ing, ran­ging from four months to eight months overdue.

Risk

There is a risk staff may encounter injury at work due to fail­ing to com­plete the neces­sary health and safety train­ing res­ult­ing in poten­tial harm, repu­ta­tion­al dam­age and pos­sible fin­an­cial penalties.

Recom­mend­a­tion

We recom­mend line man­agers are reminded of the import­ance of ensur­ing that all new starts com­plete all new start train­ing on a timely basis. In addi­tion, man­age­ment should ensure the com­ple­tion rates of induc­tion train­ing are mon­itored and repor­ted to the Health and Safety Committee.

Man­age­ment ActionGrade 3 (Oper­a­tion)
New start induc­tion check­list provides details of man­dat­ory train­ing. Line man­agers are expec­ted to imple­ment and mon­it­or this check­list. Induc­tion check­list will be updated with more robust remind­ers about this train­ing. HR team will also provide SMT with quarterly reports on ELMS train­ing completion.
Action own­er: Head of Organ­isa­tion­al DevelopmentDue date: End March 2024

Page 9

2.2 H&S Refresh­er Training

We con­formed that every two years CNPA requires all staff to under­take health and safety refresh­er train­ing on ELMS cov­er­ing the fol­low­ing areas:

  • Intro­duc­tion to Health & Safety
  • Man­aging Health & Safety (Man­agers)
  • Fire Safety
  • Driv­ing Safety
  • Manu­al Handling
  • DSE
  • Office Safety

Addi­tion­ally, CNPA offer addi­tion­al train­ing such as first aid and legion­ella train­ing along­side spe­cial­ised train­ing for their park rangers.

We selec­ted a sample of 13 staff and sought to con­firm the extent to which they had com­pleted refresh­er train­ing with­in the last two years and iden­ti­fied that:

  • Sev­en (54%) staff had com­pleted their training.
  • Six (46%) had not fully com­pleted the train­ing at the time of fieldwork.

Man­age­ment con­firmed that line man­agers receive email noti­fic­a­tions of the train­ing out­stand­ing for their staff for courses launched through the ELMS cer­ti­fic­a­tion pro­gramme, they are also able to log into the sys­tem and view the train­ing logs for staff. It is the respons­ib­il­ity of line man­agers to chase staff com­ple­tion rates.

Risk

There is a risk staff may encounter injury at work or fail to adhere to pro­cesses due to fail­ing to com­plete the neces­sary health and safety train­ing res­ult­ing in poten­tial harm, repu­ta­tion­al dam­age and pos­sible fin­an­cial penalties.

Recom­mend­a­tion

Man­age­ment should ensure the com­ple­tion rates of refresh­er train­ing are mon­itored and repor­ted to the Health and Safety Committee.

Man­age­ment ActionGrade 3 (Oper­a­tion)
We accept this action. Com­ple­tion rates will also be repor­ted quarterly to SMT to sup­port man­age­ment scru­tiny and enforce­ment of train­ing requirements
Action own­er: Head of Organ­isa­tion­al DevelopmentDue date: End March 2024

Page 11

Con­trol Object­ive 3: A robust pro­cess is in place to record health and safety incid­ents, includ­ing iden­ti­fic­a­tion and imple­ment­a­tion of cor­rect­ive action where necessary.

3.1 Invest­ig­a­tions

We con­firmed the Incid­ent and Acci­dent Record­ing Form includes a sec­tion for com­ple­tion by the Safety Advisor on wheth­er an invest­ig­a­tion was required and if so, what action was taken as a res­ult of the invest­ig­a­tion. From our review of the three incid­ents dur­ing 2023 we identified:

  • One had no inform­a­tion recor­ded on wheth­er an invest­ig­a­tion was required or not, and if so, what action was taken.
  • One out­lined the actions taken from the investigation.
  • One noted no invest­ig­a­tion was required but did not note why this con­clu­sion was reached.

Fur­ther, from dis­cus­sions with staff we noted there is no form­al pro­cess in place for under­tak­ing invest­ig­a­tions if these are required, and those charged with the man­age­ment of health and safety have not had form­al invest­ig­a­tion train­ing. In addi­tion, we note the num­ber of incid­ents is very low in com­par­is­on to oth­er organ­isa­tions and sug­gests that per­haps staff are not record­ing all incid­ents and near misses.

Risk

There is a risk incid­ents are not invest­ig­ated as a res­ult of a lack of a form­al pro­cess in place res­ult­ing in actions not being taken to address incidents.

Recom­mend­a­tion

Man­age­ment should ensure the Acci­dent Record­ing Forms include detail on the invest­ig­a­tion under­taken, and where an invest­ig­a­tion is not under­taken the reas­on for this. In addi­tion, man­age­ment should con­sider wheth­er fur­ther invest­ig­a­tion train­ing is required for staff involved in review­ing incidents.

Man­age­ment ActionGrade 3 (Design)
The pro­cess for invest­ig­a­tion is that the A&IR is tabled and dis­cussed at the quarterly H&SC meet­ings. We acknow­ledge none of this com­mit­tee have had spe­cif­ic invest­ig­a­tion” train­ing but expect that the IOSH train­ing does suf­fi­ciently cov­er this. We will nev­er­the­less research if there is a spe­cif­ic invest­ig­a­tion” train­ing avail­able, that is appro­pri­ate and pro­por­tion­ate. We would state that we do not believe low levels of reports sug­gest some acci­dents are not being recor­ded — the peri­od 2020 — 2021 covered lock­down with min­im­al num­bers access­ing the office and cur­rently the aver­age num­ber in the build­ing is 50%. Nev­er­the­less, we will note to table a remind­er staff of the A&IR policy and pro­ced­ure on one of our staff newsletters
Action own­er: Head of Organ­isa­tion­al DevelopmentDue date: End March 2024

Page 13

3.2 Acci­dent Register

We con­firmed that CNPA has an Acci­dent Register tem­plate in place that provides a range of details includ­ing, date of incid­ent, per­son report­ing the incid­ence, cat­egory of per­son report­ing the incid­ent (i.e. employ­ee, con­tract­or etc), loc­a­tion, cat­egory (e.g. near miss, minor, mod­er­ate etc), descrip­tion of injury, cause etc. Man­age­ment noted and we con­firmed that this tem­plate has not been util­ised since 2019. Whilst we con­firmed that staff com­pleted an Incid­ent and Acci­dent Record­ing Form for all incid­ents in 2023 there is no cent­ral, amal­gam­ated record of all incid­ents to enable an over­all review of incid­ents, trends and recur­ring issues.

Risk

There is a risk that CNPA do not identi­fy pat­terns in incid­ents as a res­ult of fail­ing to record all incid­ents in one log over time res­ult­ing in sys­tem­ic cor­rect­ive action not being taken as required.

Recom­mend­a­tion

Man­age­ment should ensure the Acci­dent Register is updated for all incid­ents on an ongo­ing basis. The register should be presen­ted to the Health and Safety Com­mit­tee on a reg­u­lar basis to allow over­sight of any pat­terns in incid­ents across years. Man­age­ment should also con­sider what inform­a­tion is required to be held on this register for example the extent of per­son­al data in com­par­is­on to what is appro­pri­ate under data protection.

Man­age­ment ActionGrade 2 (Design)
Accept – Register is cur­rently too detailed so we will stream­line it and update is going for­ward. H&SC already have over­sight of all A&IRs as they scru­tin­ise each report, but we can also ensure that the A&I Register is a stand­ing item on the H&SC agenda.
Action own­er: Head of Organ­isa­tion­al DevelopmentDue date: June 2024

Page 14

Con­trol Object­ive 4: Mon­it­or­ing and report­ing arrange­ments allow man­age­ment and the Board to con­firm that Health and Safety policies and pro­ced­ures are fol­lowed con­sist­ently across the organ­isa­tion and identi­fy sys­tem­at­ic issues or trends.

4.1 Report­ing to Seni­or Management

We con­firmed the Health and Safety Com­mit­tee meet on a quarterly basis with the minutes of the meet­ing reviewed by the Resources Com­mit­tee. At present there is no report­ing to the Seni­or Man­age­ment Team on updates relat­ing to health and safety pri­or to inform­a­tion being presen­ted to with­in the gov­ernance structure.

Risk

There is a risk the Seni­or Man­age­ment Team are not made aware of updates relat­ing to health and safety pro­cesses pri­or to inform­a­tion being presen­ted to the gov­ernance struc­ture due to of a lack of report­ing res­ult­ing in man­agers being unable to take timely action to address issues.

Recom­mend­a­tion

Man­age­ment should ensure there is reg­u­lar report­ing to the Seni­or Man­age­ment Team on the activ­it­ies sur­round­ing Health and Safety includ­ing details on com­ple­tion rates for train­ing and over­all trends in incid­ents (linked to MAP 2.1,2.2,3.2)

Man­age­ment ActionGrade 2 (Design)
We accept the import­ance of report­ing to SMT. H&SC minutes will be cir­cu­lated to SMT, and we will table train­ing records at a quarterly SMT meeting.
Action own­er: Head of Organ­isa­tion­al DevelopmentDue date: End March 2024

Page 15

Appendix A – Definitions

Con­trol assessments

CodeDefin­i­tion
RFun­da­ment­al absence or fail­ure of key controls.
ACon­trol object­ive not achieved — con­trols are inad­equate or ineffective.
YCon­trol object­ive achieved — no major weak­nesses but scope for improvement.
GCon­trol object­ive achieved — con­trols are adequate, effect­ive and efficient.

Man­age­ment action grades

GradeDefin­i­tion
4Very high risk expos­ure — major con­cerns requir­ing imme­di­ate seni­or atten­tion that cre­ate fun­da­ment­al risks with­in the organisation.
3High risk expos­ure — absence / fail­ure of key con­trols that cre­ate sig­ni­fic­ant risks with­in the organisation.
2Mod­er­ate risk expos­ure — con­trols are not work­ing effect­ively and effi­ciently and may cre­ate mod­er­ate risks with­in the organisation.
1Lim­ited risk expos­ure — con­trols are work­ing effect­ively, but could be strengthened to pre­vent the cre­ation of minor risks or address gen­er­al house-keep­ing issues.

Page 16

© Azets 2023. All rights reserved. Azets refers to Azets Audit Ser­vices Lim­ited. Registered in Eng­land & Wales Registered No. 09652677. VAT Regis­tra­tion No. 219 0608 22. Registered to carry on audit work in the UK and reg­u­lated for a range of invest­ment busi­ness activ­it­ies by the Insti­tute of Chartered Account­ants in Eng­land and Wales.

×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!