Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

231124AUCtteeApprovedMinute

Approved Minutes of the Audit and Risk Committee

Held at: Cairngorms Nation­al Park Author­ity office, Grant­own on Spey Date: 24 Novem­ber 2023 at 3.00 pm

Present

  • Fiona McLean (Chair)
  • Bill Lob­ban
  • Han­nah Grist
  • Paul Gibb
  • Duncan Miller

In Attend­ance

  • Grant Moir, CEO
  • Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO
  • Louise Allen, Head of Fin­ance, and Cor­por­ate Operations
  • Tom Reid, Mazars
  • Gregory Oduor, Mazars
  • Alfred Mugani, Mazars
  • Stephanie Hume, Azets
  • Neil Belton, Azets
  • Mari­aan Pita, Exec­ut­ive Sup­port Manager

Apo­lo­gies

  • Geva Black­ett
  • Pete Cos­grove

Wel­come and Introduction

  1. Fiona McLean, the Chair, wel­comed every­one to the meet­ing. Apo­lo­gies were noted.

Approv­al of Minutes of Pre­vi­ous Meeting

  1. The draft minutes of the meet­ing on the 22 Septem­ber 2023 were approved with no amendments.

Action Points

RefAction DetailWhoWhenStatus
29/10/2021 (Para 8i)Bring les­sons learned on LEAD­ER back as Agenda item to a future AR Committee.Dav­id CameronReview will come to meet­ing in April 2024Open
29/10/2021 (Para 4i)Com­plete a detailed VAT review.Louise and StephanieCom­plete in next 6 months.In pro­gress
21/06/23 (Para 20)To pro­duce timeline for sched­uled board time to devel­op the stra­tegic risk register along­side the new Cor­por­ate PlanDav­id CameronTo be sched­uled as Board Busi­ness Ses­sion Feb­ru­ary 24Open
24/11/23Review accounts fig­ure for con­sultan­cies (page 68)Louise and David

Mat­ters Arising Not Covered in Agenda

  1. No mat­ters raised.

Declar­a­tions of Interest

  1. Fiona McLean noted interest on item 7 for trans­par­ency. She sits on the Scot­land com­mit­tee of the Nation­al Lot­tery Her­it­age Fund which funds Her­it­age Horizons.

202223 Final Accounts

  1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions intro­duced the paper that presents the annu­al report and accounts for the year from 1 April 2022 to 31 March 2023 in accord­ance with The Nation­al Parks (Scot­land) Act 2000.

The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The team was thanked for work done on the doc­u­ment and to get it to this stage. Mem­bers wel­comed the com­pre­hens­ive cov­er­age of fin­ance and per­form­ance set out in the report.

  1. The Audit and Risk Com­mit­tee agreed the final accounts.

  2. Action — none.

Extern­al Audit Update

  1. Gregory Oduor, Maz­ars presen­ted the report on the audit of the annu­al report and accounts for 202223 pre­pared by Mazars.

b) A mem­ber asked if the con­sultancy fees as noted on p68 was cor­rect. Dir­ect­or of Cor­por­ate ser­vices will look into this and get back to committee.

c) It was also noted that oper­a­tion costs have increased due to people being unable to travel in 2022; we would anti­cip­ate this will increase year on year with less home work­ing and more trav­el­ing for meetings.

d) The Chair thanked the fin­ance team again for all their work as the extern­al aud­it­ors also gave their thanks in good work­ing relationships.

e) Mem­bers noted that the cyber secur­ity risk is an ongo­ing mat­ter and we need to keep an eye on this import­ant area of work. The extern­al audit recom­mend­a­tions in this area mir­ror the out­stand­ing intern­al audit recom­mend­a­tions and updates will be avail­able through pro­gress reports on out­stand­ing intern­al audit recommendations.

f) Dir­ect­or of Cor­por­ate Ser­vices con­firmed that we have our new Inform­a­tion Man­ager in post who has star­ted our trans­fer to Share­Point. Once this is com­plete, we can look at the wider cyber secur­ity envir­on­ment and IT risk man­age­ment. He assured the Com­mit­tee that this work is firmly on the radar.

g) We have also moved our IT net­work onto the Scot­tish Wide Area Net­work in par­al­lel with the Share­Point move. This gives added secur­ity pro­tec­tion to our sys­tems togeth­er with access to man­aged sup­port services.

h) A ques­tion was raised on pro­ject expendit­ure and the fin­ance sys­tem that is used. Head of Fin­ance and Cor­por­ate Oper­a­tions con­firmed that we use five dif­fer­ent com­pan­ies in organ­ising our intern­al account­ing sys­tems, and we are look­ing at an approach to change and sim­pli­fy this in the future.

  1. The Audit and Risk Com­mit­tee agreed the final accounts and man­age­ment rep­res­ent­a­tion letter.

  2. Action:

i) Dir­ect­or of Cor­por­ate Ser­vices to check the con­sultancy fees noted on p68 and get back to committee.

15:49 Tom Reid left the meeting.

Intern­al Audit Report 202324: Her­it­age Horizons

  1. Stephanie Hume, Intern­al Aud­it­or, Azets, provided the over­view of the intern­al audit review of the Park Authority’s gov­ernance and report­ing arrange­ments for the Cairngorms 2030 (Her­it­age Hori­zons) Programme.

  2. The Audit and Risk Com­mit­tee dis­cussed the update and made the fol­low­ing com­ments and observations:

a) It was noted that the know­ledge exchange on les­sons learned and recom­mend­a­tions on how to take the work for­ward is welcomed.

Recom­mend­a­tions

The Audit and Risk Com­mit­tee is asked to:

b) Review the find­ings of the intern­al audit report. c) Endorse the man­age­ment responses to the intern­al audit recom­mend­a­tions for improve­ment to controls.

  1. The Audit and Risk Com­mit­tee noted the paper.

  2. Action — none.

Intern­al Audit Report: Man­age­ment Action Fol­low up 202223

  1. Stephanie Hume, Intern­al Aud­it­or, Azets presen­ted the paper that provides an over­view of man­age­ment action taken on pre­vi­ous intern­al audit recom­mend­a­tions raised and agreed. The fol­low up review work repor­ted here is part of the intern­al audit pro­gramme agreed for 202324.

  2. The Audit and Risk Com­mit­tee dis­cussed the update and made the fol­low­ing com­ments and observations:

a) Mem­bers asked for Management’s thoughts on the risks posed by the out­stand­ing audit recom­mend­a­tions where work has not as yet been com­menced or com­pleted. The Dir­ect­or of Cor­por­ate Ser­vices con­firmed that man­age­ment has been focus­ing on the high­er graded recom­mend­a­tions and some good pro­gress has been made on these high­er risk areas of improve­ment to intern­al con­trols. He was reluct­ant to sug­gest lower graded recom­mend­a­tions should be removed from the list and asso­ci­ated risks accep­ted as these items remained val­id improve­ments to our con­trol sys­tems. The Chair agreed that there was mer­it in retain­ing the lower risk recom­mend­a­tions for the time being.

b) The Park has also agreed to out­source busi­ness con­tinu­ity plan review and devel­op­ment as this is a key piece of work that needs to be car­ried for­ward and there isn’t any staff resource cur­rently in place to pro­gress this work.

c) A mem­ber asked if some of the com­mon area work could be done between the park and LLT­NP. It was agreed that we do have a good rela­tion­ship with them and we are col­lab­or­at­ing on some activ­ity at the moment and we will look to con­tin­ue that in the future.

d) It was agreed that a lot of own­er­ship sits under the Inform­a­tion Man­ager and now that the post is filled many of these things can progress.

Recom­mend­a­tions

The Audit and Risk Com­mit­tee is asked to:

e) note the pro­gress made by man­age­ment in imple­ment­ing agreed man­age­ment actions; and f) note the revised due dates attrib­uted to actions that remain outstanding.

  1. The Audit and Risk Com­mit­tee noted the intern­al audit report on man­age­ment action fol­low up for 2223 update.

  2. Action — none.

Intern­al Audit Report 202324: Health and Safety

  1. Stephanie Hume, Intern­al Aud­it­ors, Azets, presen­ted the paper that presents the intern­al audit review of the Park Authority’s Health and Safety pro­cesses, pro­ced­ures, and intern­al controls.

  2. The Audit and Risk Com­mit­tee dis­cussed the update and made the fol­low­ing com­ments and observations:

a) The report was wel­comed by officers as they felt pre­vi­ously the pro­ced­ures in place were work­ing smoothly but due to the organ­isa­tion­al changes a review was needed, and they will work through the health and safety com­mit­tee on these recommendations.

b) Train­ing was high­lighted and will be con­sidered by Man­age­ment on how best to bal­ance the induc­tion pro­cess with train­ing once in the role and get­ting to grips with the new job. We will be keen to fol­low up the recom­mend­a­tion of reg­u­lar com­mu­nic­a­tion with the line man­agers on how to take this for­ward and pri­or­it­ise it.

c) A mem­ber asked if the organ­isa­tion recog­nises pre­vi­ous train­ing for new staff mem­bers join­ing. Dir­ect­or of Cor­por­ate Ser­vices said that we haven’t looked into that, but we can note the point.

Recom­mend­a­tions

  1. The Com­mit­tee is asked to:

a) Review the find­ings of the intern­al audit report. b) Endorse the man­age­ment responses to the intern­al audit recom­mend­a­tions for improve­ment to controls.

  1. The Audit & Risk Com­mit­tee noted the paper.

  2. Action — none.

Intern­al Audit Pro­gress Report

Stephanie Hume, Intern­al Aud­it­ors, Azets provided an over­view of the intern­al audit pro­gress report, inform­ing the Com­mit­tee that Azets are on track to deliv­er the annu­al report in April.

  1. The Audit & Risk Com­mit­tee noted the paper.

Stra­tegic Risk Management

  1. Louise Allen, Head of fin­ance and cor­por­ate oper­a­tions presen­ted the paper, fol­low­ing the review of risk man­age­ment car­ried out by Intern­al Aud­it­ors we have recon­sidered our approach to the man­age­ment of risk and taken the oppor­tun­ity to build on the recom­mend­a­tions made by the Intern­al Auditor.

  2. The Audit and Risk Com­mit­tee dis­cussed the update and made the fol­low­ing com­ments and observations:

a) Mem­bers com­men­ted say­ing that the doc­u­ment is clear and con­cise with good guid­ance on how to man­age these risks.

b) It was noted that there are sev­er­al new risks on the register, Head of Fin­ance and Oper­a­tions com­men­ted that this is still a work­ing draft, and we are hop­ing to draw up a final pro­pos­al and bring it back as a draft to the full Board for review and board input pri­or to final­isa­tion and adoption.

c) Mem­bers sug­ges­ted to include a chro­no­logy where you can see the risks mov­ing down or high­light­ing pro­gress in imple­ment­ing mit­ig­a­tion action.

d) It was noted that the draft risk register needs to be focused down onto few­er, key risks.

16:34 Neil Belton joined the meeting.

Recom­mend­a­tions

The Audit and Risk Com­mit­tee is asked to:

c) Con­sider the revised risk man­age­ment policy, togeth­er with the new format of the risk register. d) Advise on their suit­ab­il­ity for our refreshed approach to risk man­age­ment. the Health and Safety Committee.

  1. The Audit & Risk Com­mit­tee agreed the new approach to risk man­age­ment and the format of the register.

  2. Action — none.

AOCB

  1. Dir­ect­or of Cor­por­ate Ser­vices thanked the extern­al audit team along with the fin­ance team for their work on the audit this year.

Date of Next Meeting

  1. Sched­uled date is 19 April 2024.

  2. The Com­mit­tee Chair raised a motion to move to a con­fid­en­tial ses­sion due to com­mer­cial sens­it­iv­ity regard­ing future pro­cure­ment exercises.

  3. The pub­lic busi­ness of the meet­ing con­cluded at 4.48 pm.

×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!

Give feedback