Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

231124ARCPaper4ManagementActionFollowUp

Cairngorms Nation­al Park Authority

Intern­al Audit Report

Man­age­ment Action Fol­low-up Part 1 — 202324

Novem­ber 2023

Con­tents

  • Intro­duc­tion and back­ground — 1
  • Sum­mary of pro­gress — 2
  • Appendix 1: Action status by report — 4
  • Appendix 2: Sum­mary of out­stand­ing actions past their ori­gin­al due date — 6
  • Appendix 3: Audit risk cat­egor­isa­tions — 23

Intro­duc­tion and background

Intro­duc­tion

As part of the intern­al audit pro­gramme we have under­taken a fol­low up review to provide the Audit & Risk Com­mit­tee with assur­ance that man­age­ment actions agreed in pre­vi­ous intern­al audit reports have been imple­men­ted appro­pri­ately. This report sum­mar­ises the pro­gress made by man­age­ment in imple­ment­ing agreed man­age­ment actions.

Scope

We have reviewed all open man­age­ment actions and liaised with Cairngorm Nation­al Park Author­ity staff to obtain an update on their imple­ment­a­tion pro­gress. This included man­age­ment identi­fy­ing actions which were no longer applic­able. For recom­mend­a­tions graded pri­or­ity 3 or above, we request evid­ence to val­id­ate com­ple­tion of any actions marked for clos­ure by management.

For all actions raised by the pri­or Intern­al Aud­it­or (BDO) we have aligned their risk assess­ments to the Azets risk grad­ing struc­ture (per Appendix 3).

Action for Audit & Risk Committee

The Com­mit­tee is asked to note the pro­gress made by man­age­ment in imple­ment­ing agreed man­age­ment actions. The Com­mit­tee is also asked to con­sider and approve those actions for which revised times­cales have been provided by man­age­ment (these are detailed at Appendix 2).

Sum­mary of progress

The table below shows the move­ment in the audit actions in the peri­od from May 2023 to Novem­ber 2023:

Num­ber of Actions
Open actions brought forward35
Actions added to tracker20
Total actions to follow-up55
Actions closed11
Actions no longer applicable3
Open actions car­ried forward41

Status of Actions as at Novem­ber 2023

Chart showing status of actions

We have con­firmed that 11 actions (20%) were com­peted in the peri­od to Novem­ber 2023, and three are no longer applic­able (6%). 20 actions (36%) have been assessed as par­tially com­plete, five (9%) are incom­plete and 16 actions (29%) were not yet due at the time of our val­id­a­tion work.

Fur­ther detail on all actions that have passed their cur­rent due dates for com­ple­tion is included at Appendix 2

We recom­mend that man­age­ment retain a strong focus on clear­ing aged items in the com­ing months. We recom­mend pri­or­it­ising the most aged items, dat­ing back to 201617, and those that are grade 3 and grade 4.

Atten­tion should then be paid to those remain­ing actions that have passed their ori­gin­al due date and those which will pass their due date for com­ple­tion over the next period.

A sum­mary of the status of actions by report is shown at Appendix 1.

Open Intern­al audit actions

Of the 41 out­stand­ing actions 25 (61%) have passed their ori­gin­al com­ple­tion date.

15 of these actions have been assessed as a grade 1 or 2 (lim­ited or mod­er­ate risk expos­ure), as a res­ult, man­age­ment should take a view on wheth­er the organ­isa­tion has the appro­pri­ate resource in place to move these actions for­ward, or are will­ing to accept the risk in place, in par­tic­u­lar for those assessed as grade 1.

Chart showing status by grading

Appendix 1: Action status by report

Appendix 1: Action status by report

Appendix 2: Sum­mary of out­stand­ing actions past their ori­gin­al due date

Appendix 2 page 1 Appendix 2 page 2 Appendix 2 page 3

Appendix 3: Audit risk categorisations

Man­age­ment action grades

  1. Very high risk expos­ure — major con­cerns requir­ing imme­di­ate seni­or atten­tion that cre­ate fun­da­ment­al risks with­in the organisation.
  2. High risk expos­ure — absence / fail­ure of key con­trols that cre­ate sig­ni­fic­ant risks with­in the organisation.
  3. Mod­er­ate risk expos­ure — con­trols are not work­ing effect­ively and effi­ciently and may cre­ate mod­er­ate risks with­in the organisation.
  4. Lim­ited risk expos­ure — con­trols are work­ing effect­ively, but could be strengthened to pre­vent the cre­ation of minor risks or address gen­er­al house­keep­ing issues.

Dis­claim­er

© Azets 2023. All rights reserved. Azets refers to Azets Audit Ser­vices Lim­ited. Registered in Eng­land & Wales Registered No. 09652677. VAT Regis­tra­tion No. 219 0608 22.

Registered to carry on audit work in the UK and reg­u­lated for a range of invest­ment busi­ness activ­it­ies by the Insti­tute of Chartered Account­ants in Eng­land and Wales.

×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!