Audit and Risk Com­mit­tee Minutes

21 June 2024

Page 1 of 6

Audit and Risk Com­mit­tee Minutes

Held Online on 21 June 2024

Present:

• Fiona McLean (Chair)
• Peter Cos­grove (Deputy Chair)
• Bill Lob­ban
• Geva Black­ett
• Paul Gibb
• Duncan Miller

In Attend­ance

• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO
• Louise Allen, Head of Fin­ance and Cor­por­ate Operations
• Gregory Oduor, Mazars
• Stephanie Hume, Azets
• Eliza­beth Young, Azets
• Mari­aan Pita, Exec­ut­ive Sup­port Manager

Apo­lo­gies:

• Grant Moir, CEO

Wel­come and Introduction

1. Fiona McLean, the Chair wel­comed every­one to the meeting.

Approv­al of minutes of pre­vi­ous meeting

1. The draft minutes of the meet­ing on the 19 April 2024 were approved with no amendments.

Ref	Action Detail	Who	When	Status
24/11/23	Review accounts fig­ure for con­sultan­cies (page 68)	Louise and David	Look when final­ise the 23⁄24 accounts, high­light to the Com­mit­tee at that point.	Open

Page 2 of 6

Mat­ters arising not covered in agenda

1. No mat­ters raised

Declar­a­tions of interest

1. Peter Cos­grove, for trans­par­ency high­lighted he is a dir­ect­or of a busi­ness men­tioned in Paper 1, Alba Ecology.

2. Motion to move to a con­fid­en­tial meet­ing for reas­ons of com­mer­cial confidentiality.

3. Pub­lic ses­sion stopped at 10.05am

4. Pub­lic ses­sion resumed at 11.26am

Intern­al Audit Annu­al Report ²⁰²³⁄₂₄ (Paper 3)

1. Eliza­beth Young, Intern­al aud­it­ors from Azets, presen­ted the aud­it­ors annu­al report sum­mar­ising the con­clu­sions and key find­ings from the intern­al audit work under­taken at Cairngorms Nation­al Park Author­ity dur­ing the year ended 31 March 2024, includ­ing the Intern­al Auditor’s over­all opin­ion on Cairngorms Nation­al Park Authority’s intern­al con­trol system.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The Chair of the Audit and Risk Com­mit­tee thanked the team at Azets for all the work they have done over the year.

1. The Audit and Risk Com­mit­tee noted the paper.

2. Actions: None.

Page 3 of 6

Extern­al Audit Update (Paper 4)

1. Gregory Oduor, Extern­al Aud­it­or from Maz­ars, presen­ted the extern­al audit update sum­mar­ising the pro­gress of our ²⁰²³⁄₂₄ audit as of 12 June 2024.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) Dav­id Camer­on, Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices noted that the pro­gress and work done by the team has been good and wel­comed the good work­ing rela­tion­ships between Maz­ars and the fin­ance team.

1. The Audit and Risk Com­mit­tee noted the paper.

2. Actions: None.

Pro­cure­ment Action Plan (Paper 5)

1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presents an action plan towards improve­ment of the Park Authority’s pro­cure­ment pro­cesses, pro­ced­ures and intern­al con­trols. It has been developed in response to the Intern­al Audit review of pro­cure­ment car­ried out by Azets as part of the approved ²⁰²³⁄₂₄ audit programme.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) A board mem­ber praised that actions are being taken before the pro­cure­ment officer pos­i­tion is filled.

b) Clar­ity was sought with regards to attach­ing the report to the intern­al audit action plan. Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices reques­ted the action plan be adop­ted as a reg­u­lar mon­it­or­ing tool, incor­por­at­ing agreed actions from the report rather than includ­ing the report in entirety, where officers will report to the Chair and Deputy Chair of the Audit and Risk Com­mit­tee monthly then bring this back to the com­mit­tee with an update on the actions.

1. The Audit and Risk Com­mit­tee noted the paper.

2. Action arising:

i. Monthly update on pro­gress to be provided by officers to the Chair and Deputy Chair of the Audit and Risk Committee.

Page 4 of 6

Gov­ernance Actions: Code of Con­duct (Paper 6)

1. Dav­id Camer­on, Deputy CEO and Head of Dir­ect­or of Cor­por­ate Ser­vices, presen­ted an update to the Com­mit­tee on mat­ters relat­ing to gov­ernance and oper­a­tion of the Code of Con­duct with­in the Park Author­ity. The paper sup­ports con­sid­er­a­tion by the Com­mit­tee of any for­ward actions which may be taken with­in the Park Authority.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) Chair of the com­mit­tee sought clar­ity regard­ing para­graph 15. Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices cla­ri­fied that there was recog­ni­tion that the dis­charge of code of con­duct respons­ib­il­it­ies lies entirely with each indi­vidu­al board mem­ber. The respons­ib­il­ity how­ever lies with a Chair or Con­vener to con­sider the poten­tial impacts of those per­son­al decisions made by mem­bers when they chair a meet­ing, if they feel a pos­i­tion taken by a mem­ber is ques­tion­able. The action referred to in this para­graph is there­fore to con­sider wheth­er guid­ance may be developed and/​or amend­ments pro­posed to Stand­ing Orders to help guide responses in such circumstances.

1. The Audit and Risk Com­mit­tee noted the paper.

2. Actions: None

Risk Registers (Paper 7)

1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted a paper sup­port­ing a review by the Com­mit­tee of the Park Authority’s stra­tegic risk man­age­ment position.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) Chair of the com­mit­tee com­men­ted that fol­low­ing the aud­it­ors’ recom­mend­a­tions, pro­cure­ment should be added as the 12^th risk on the stra­tegic risk register for the fore­see­able future. Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices stated that they would adapt the stra­tegic risk register appropriately.

b) It was noted that the risk register for the Cairngorms 2030 pro­gramme sits with the Per­form­ance Com­mit­tee and the Pro­gramme Board. Any obser­va­tions by the Audit and Risk Com­mit­tee will be fed into these gov­ernance mech­an­isms, rather than this Com­mit­tee mak­ing dir­ect amend­ments to the document.

c) Chair of the Com­mit­tee noted that on the risk register for the Cairngorms 2030 pro­gramme, Risk 7, impact descrip­tion was more of an out­come than a descrip­tion, Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices agreed and con­firmed that word­ing will be reviewed.

d) Chair of the Com­mit­tee sug­ges­ted that on the risk register for the Cairngorms 2030 pro­gramme, Risk 4, pro­cure­ment stand­ards prob­ab­il­ity level should be increased as cur­rently sit­ting at 2. Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices agreed that this will be reviewed, while high­light­ing that there were clear instruc­tions across the pro­gramme to ensure pro­cure­ment activ­ity was con­duc­ted through Pub­lic Con­tracts Scot­land which does under­pin achiev­ing standards.

1. The Audit and Risk Com­mit­tee noted the paper.

2. Actions:

i. Add pro­cure­ment on the stra­tegic risk register. ii. Update word­ing on C2030 risk num­ber 7, impact descrip­tion. iii. Review and amend (as appro­pri­ate) the prob­ab­il­ity score for C2030 risk 4.

AOCB

1. There were no oth­er items of com­pet­ent business

Date of the next meeting

1. The next meet­ing is sched­uled for 27 Septem­ber 2024

2. The pub­lic busi­ness of the meet­ing con­cluded at 11.50am

Page 5 of 6

Ref	Action Detail	Who	When	Status
24/11/23	Review accounts fig­ure for con­sultan­cies (page 68)	Louise and David	Look when final­ise the 23⁄24 accounts, high­light to the Com­mit­tee at that point.	Open

Page 6 of 6

Ref	Action Detail	Who	When
27/06/24	At para 15b i. Monthly update on pro­gress to be provided by officers to the Chair and Deputy Chair of the Audit and Risk Committee.	Dav­id and Louise
27/06/24	At para 19a i. Add pro­cure­ment at 12th risk (stra­tegic risk register) ii. Update word­ing on Impact descrip­tion on risk 7 (C2030 risk register) iii. Review and amend (as appro­pri­ate) the prob­ab­il­ity score for risk 4 (C2030 risk register)	Dav­id