Audit and Risk Com­mit­tee Minutes

27 Septem­ber 2024

Page 1 of 10

Audit and Risk Com­mit­tee Minutes

Held Online on 27 Septem­ber 2024 at 12.30

Present:

• Fiona McLean (Chair)
• Peter Cos­grove (Deputy Chair)
• Bill Lob­ban
• Geva Black­ett
• Paul Gibb
• Duncan Miller

In Attend­ance

• Grant Moir, Chief Exec­ut­ive Officer
• Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO
• Gav­in Miles, Dir­ect­or of Plan­ning and Place
• Louise Allen, Head of Fin­ance and Cor­por­ate Operations
• Gregory Oduor, Mazars
• Stephanie Hume, Azets
• Alix Hark­ness, Clerk to the Board

Apo­lo­gies:

None

Wel­come and introduction

1. Fiona McLean, the Chair wel­comed every­one to the meeting.

Approv­al of minutes of pre­vi­ous meeting

1. The draft minutes of the meet­ing on the 21 June 2024 were approved with no amendments.

Mat­ters arising not covered in agenda

1. Updates on out­stand­ing actions as sum­mar­ised in the table at the end of this minute were noted.

Declar­a­tions of interest

1. No interests declared.

Page 2 of 10

²⁰²³⁄₂₄ Final Accounts (Paper 1)

1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted the paper which presents and seeks approv­al to the annu­al report and accounts for ²⁰²³⁄₂₄ pri­or to their being sub­mit­ted to Audit Scot­land for final cer­ti­fic­a­tion. Louise out­lined the main sec­tions of this report and presen­ted the key res­ults for the ²⁰²³⁄₂₄ fin­an­cial year.

Grant Moir arrived at 12.56

1. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The Chair praised the excel­lent res­ults and well writ­ten report and expressed her grat­it­ude to the Head of Fin­ance and Cor­por­ate Oper­a­tions and the wider team with spe­cial men­tion to Daniel Ral­ph, Fin­ance Man­ager, for the amount of work done in bring­ing this doc­u­ment togeth­er. b) With ref­er­ence to the CEO’s sec­tion in the fore­word, the Nation­al Lot­tery Her­it­age fund should be writ­ten out in full and not just the first two words. c) Resound­ing praise for the min­im­al over­spend of £4k which was an excel­lent turnout and recog­ni­tion that it was dif­fi­cult to bal­ance to the dot when deal­ing with such large sums of money. d) With regards to the per­cent­age of reduc­tion in C02 emis­sions by 2030 on page 50 a mem­ber noted that this dif­fers to the com­ment on p64 on over­all account­ab­il­ity report, could it be cla­ri­fied which was the cor­rect per­cent­age? Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO con­firmed that the cor­rect fig­ure was 59 tonnes so 60% reduc­tion C02 emis­sions by 2030. e) Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO high­lighted that there have not been any changes in account­ing policies to bring to mem­bers’ atten­tion, nor does man­age­ment think there have been any estim­ates that need high­lighted to the Audit and Risk Com­mit­tee. f) The Chair asked if next year there would be dif­fer­ent account­ing require­ments? Head of Fin­ance and Cor­por­ate Oper­a­tions con­firmed there would be slight changes and the extern­al aud­it­or would relay these as they come up.

1. The Audit and Risk Com­mit­tee approved the annu­al report and accounts pri­or to sub­mis­sion to Maz­ars and Audit Scot­land for final cer­ti­fic­a­tion sub­ject to two amendments:

a) Nation­al Lot­tery Her­it­age Fund to be writ­ten out in full in the CEO’s fore­word. b) Per­cent­age of reduc­tion in car­bon emis­sions to be cor­rec­ted so that the fig­ures match through­out the document.

1. Action points arising: None.

Page 3 of 10

Extern­al audit update (Paper 2)

1. Gregory Oduor, the extern­al aud­it­or, Maz­ars presen­ted the report on the audit of the annu­al report and accounts for ²⁰²³⁄₂₄.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The Chair thanked the team for their great work and expressed sat­is­fac­tion to receive the reas­sur­ance the extern­al aud­it­ors provide. b) The Chair quer­ied where it said it was best value for the com­mit­tee to self-assess their per­form­ance annu­ally? Gregory Oduor, Maz­ars cla­ri­fied this was refer­ring to the Nation­al Park Author­ity and not the Audit and Risk com­mit­tee. c) Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO advised that they were not anti­cip­at­ing any delays, aim­ing to get the full accounts signed off by end of Octo­ber. There is an intern­al dead­line for audit firms to sign off accounts by 31 Octo­ber and they were work­ing to achieve that. He com­men­ted that they were ahead of timetable from last year. If any­thing of mater­i­al­ity arose he would alert the chair and deputy chair. He is not anti­cip­at­ing that or any delay in timetable to sign accounts. Tom Reid, Maz­ars has sug­ges­ted for trans­par­ency to bring the final report fol­low­ing accounts sign off to the next meet­ing in Novem­ber for information.

1. The Audit and Risk Committee:

a) Con­sidered the auditor’s report and find­ings. b) Con­sidered the draft man­age­ment rep­res­ent­a­tion let­ter provided with­in the report and approve it for sig­na­ture by the Account­able Officer.

1. Action points arising: None.

Extern­al audit assur­ances (Paper 3)

1. Gregory Oduor, Maz­ars presen­ted the paper that presents the Request for inform­a­tion from Man­age­ment and Those Charged with Gov­ernance pre­pared by Mazars.

Page 4 of 10

1. The Audit and Risk Committee:

a) Con­sidered the auditor’s request for inform­a­tion and Management’s response to this. b) Provided assur­ance that its gov­ernance extends to cov­er the items on which assur­ance is reques­ted. c) Agreed the inform­a­tion as set out in the draft response sub­mit­ted as part of the committee’s meet­ing papers

1. Action points arising: None.

Intern­al audit plan ²⁰²⁴⁄₂₅: Oper­a­tion­al and fin­an­cial plan­ning (Paper 4)

1. Stephanie Hume, the Intern­al Aud­it­or, Azets presen­ted the paper that presents the review of the annu­al oper­a­tion­al plan­ning pro­cess at the Cairngorms Nation­al Park Author­ity, includ­ing how oper­a­tion­al plans are developed along­side, and the extent to which they are integ­rated with­in, the annu­al fin­an­cial plan. The review con­sidered the cycle of spend­ing and mon­it­or­ing of spend through­out the year to achieve the oper­a­tion­al plan, and the link to the deliv­ery of cor­por­ate out­comes, includ­ing the use of scen­ario plan­ning. Stephanie out­lined the recom­mend­a­tions for improve­ment that had been made by the audit team, not­ing in this instance one of the recom­mend­a­tions had not been agreed by the man­age­ment team.

2. Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO advised that he wel­comed the work done and the report which they found very help­ful. He explained that unusu­ally there was dis­agree­ment on one of the recom­mend­a­tions. He saw quite an over­lap in recom­mend­a­tions 2.1 and 3.1. He said 2.1 was a good pro­pos­al and agreed there is a need to do more at a gov­ernance level look­ing at key assump­tions giv­en the heavy reli­ance on extern­al fund­ing, and it would be more and more import­ant to mod­el where the organ­isa­tion may be in future years. He explained that the reas­on­ing behind not agree­ing with the detail at 3.1 was it was con­sidered impossible to adhere to the spir­it of this recom­mend­a­tion without get­ting into detail of pos­sible, spe­cif­ic budget changes and con­sidered it was not legit­im­ate to seek to con­sider those at a gov­ernance level under a con­fid­en­tial ban­ner. He was aware of instances of the Inform­a­tion Com­mis­sion instruct­ing organ­isa­tions to release that type of inform­a­tion, with the organ­isa­tion then faced with a risk of repu­ta­tion­al damage.

Page 5 of 10

1. The Chair invited the Audit and Risk Com­mit­tee to dis­cuss the report and spe­cific­ally management’s reas­on­ing for not agree­ing with the detail in recom­mend­a­tion 3.1. They made the fol­low­ing com­ments and observations:

a) Com­ment made that the man­age­ment response was bal­anced and clear and was there­fore happy to sup­port the officer’s recom­mend­a­tion. b) The Chair com­men­ted that she agreed on the sens­it­iv­ity and repu­ta­tion­al risk giv­en pub­lic interest in our activ­it­ies, which appeared much high­er than many oth­er boards she was aware of. She added that if the Com­mit­tee agreed today to accept the man­age­ment recom­mend­a­tion, this would seem reas­on­able giv­en the bal­ance of risk and pub­lic scru­tiny implic­a­tions of put­ting things out in pub­lic domain which could set hares racing. c) A mem­ber asked if it could be con­firmed what the auditor’s response to the rationale provided by man­age­ment was? Stephanie Hume, Azets advised that she appre­ci­ated Dir­ect­or of Cor­por­ate Ser­vices rationale for the pos­i­tion taken. She advised that these things are seen as good prac­tise how­ever it was accept­able for an organ­isa­tion not to accept all the recom­mend­a­tions so long as the Audit and Risk Com­mit­tee were in agree­ment with that. d) Dir­ect­or of Cor­por­ate Ser­vices advised that they would ensure that bal­ance is struck. Plans in place to have a budget dis­cus­sion in Decem­ber with the Board work­ing towards budget paper going before the Board in March. He advised he felt the pos­i­tion between recom­mend­a­tions at 2.1 and 3.1 was actu­ally quite nuanced and it may well be the case that once the audits had sight of the type of mater­i­al planned for the board ses­sion in Decem­ber, they would be more assured of the levels of inform­a­tion being presen­ted and approach to scen­ario plan­ning being taken. e) The Chair wel­comed this pro­pos­al and invited the Dir­ect­or of Cor­por­ate Ser­vices and Azets to work togeth­er on this and to come back to the Com­mit­tee with how they feel this is work­ing in terms of Com­mit­tee assur­ance. f) A mem­ber com­men­ted that the Board were really con­cerned about budget cuts and would sup­port man­age­ment work­ing with Azets to find com­mon agree­ment. g) The Chair added that if they could come to a com­prom­ise that every­one was reas­on­ably con­tent with, this could be revis­ited at the end of report­ing year. Stephanie Hume agreed the Azets intern­al audit team would work with the staff team to review and report back on this matter.

1. The Audit and Risk Committee:

a) Con­sidered the intern­al aud­it­ors report and find­ings. b) Endorsed the man­age­ment responses to recom­mend­a­tions for future action and improvements.

1. Action points arising:

i. Update on intern­al audit view on fin­an­cial scen­ario plan­ning to be provided to the Audit and Risk Com­mit­tee at the end of the fin­an­cial year.

Page 6 of 10

Intern­al audit pro­gress report (Paper 5)

1. Stephanie Hume, Azets presen­ted the report on pro­gress against the intern­al audit pro­gramme for ²⁰²⁴⁄₂₅ pre­pared by Azets.

2. The Audit and Risk Com­mit­tee Chair quer­ied that there were a lot of pieces of work sched­uled to come before the com­mit­tee in April 2025 and asked for reas­sur­ance that this was achiev­able? Stephanie Hume con­firmed that they were happy with that and had time held for staff and no issues with the timetable.

3. The Audit and Risk Com­mit­tee con­sidered the auditor’s report and pro­gress made.

4. Action points arising: None.

Stra­tegic risk registers (Paper 6)

1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted the paper which sup­ports a review by the Com­mit­tee of the Park Authority’s stra­tegic risk man­age­ment position.

2. The Chair ques­tioned R3 pro­cure­ment and the delay in train­ing: could an excep­tion be made giv­en the crit­ic­al­ity of it? Head of Fin­ance and Cor­por­ate Oper­a­tions advised that the new Pro­cure­ment Man­ager may be able to give inhouse train­ing once he has a few months to get into the organ­isa­tion and devel­op our pro­cesses. At present he was rais­ing the pro­file of pro­cure­ment inform­ally in the organ­isa­tion. Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO con­firmed that some of the budget could be con­sidered to be used for busi­ness crit­ic­al train­ing pur­poses and pro­cure­ment train­ing would not be lim­ited by cur­rent budget man­age­ment policies.

3. The Audit and Risk Committee:

a) Con­sidered the cov­er­age and adequacy of the Park Authority’s risk man­age­ment pos­i­tion as set out in both the

i. stra­tegic risk register and

ii. the Cairngorms 2030 pro­gramme risk register.

b) Advised on any gaps or amend­ments required

1. Action point arising: None.

Page 7 of 10

Audit and Risk Com­mit­tee annu­al report (Paper 7)

1. Dav­id Camer­on, Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices presen­ted the draft Audit & Risk Com­mit­tee Report for con­sid­er­a­tion pri­or to sub­mis­sion to the Board.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The Chair com­men­ded the report and noted at para­graph 27 our new­er ser­vice areas have pushed risk recom­mend­a­tions high­er, man­age­ment are recog­nising risk areas and ensur­ing the Com­mit­tee have sight of them. b) The Chair advised that she warmly wel­comes the pri­or­ity focus on intern­al con­trols by our man­age­ment. c) With ref­er­ence to para­graph 24, she praised the work of the Head of Fin­ance and Cor­por­ate Oper­a­tions and her team and explained she has strengthened the pro­fes­sion­al­ism of our account­ing sys­tem which was tre­mend­ous to see. The Chair exten­ded her thanks to the Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO and said that this was test­a­ment of the good job they were all doing. d) A mem­ber quer­ied new­er work streams areas and pri­or men­tion of cla­ri­fic­a­tion of leg­al ele­ments for peat­land teams on site: had the work gone ahead or had it been hal­ted as a res­ult of the budget cuts? Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO advised that the work has been going ahead, with a leg­al frame­work in place to estab­lish roles respons­ib­il­it­ies of Nation­al Park staff in con­text of land man­ager and con­struc­tion team roles. Fol­low­ing staff changes the new man­age­ment struc­ture is becom­ing embed­ded and train­ing going on, fol­low­ing which the value of the leg­al frame­work and doc­u­ments estab­lished would be reviewed. The pro­gramme is not impacted by oth­er con­sid­er­a­tions. e) Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO added that a range of doc­u­ment­a­tion such as Memor­andums of Under­stand­ing are being drawn up to sup­port the range of part­ner­ships the Park Author­ity has across its range of work. How­ever, this doc­u­ment infra­struc­ture work was not yet fin­ished but they were sub­stan­tially fur­ther ahead that were before.

1. The Audit and Risk Com­mit­tee con­sidered the report to its cir­cu­la­tion to the Board at their next meet­ing on 22 Novem­ber 2024.

Page 8 of 10

1. Action points arising: None.

Pro­cure­ment action plan (Paper 8)

1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted an action plan towards improve­ment of the Park Authority’s pro­cure­ment pro­cesses, pro­ced­ures and intern­al con­trols. It has been developed in response to the Intern­al Audit review of pro­cure­ment car­ried out by Azets as part of the approved ²⁰²³⁄₂₄ audit programme.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

a) The Chair reques­ted a fur­ther update on the work of the pro­cure­ment officer is doing at the next meet­ing of the Audit and Risk Com­mit­tee in Novem­ber. b) A mem­ber high­lighted that the main board were con­cerned with ​‘pro­cure­ment issues’ and when pro­gress is made, it would be use­ful to high­light improve­ments made to the board now have a pro­cure­ment officer in place. The CEO agreed to men­tion it in his next CEO report.

1. The Audit and Risk Com­mit­tee reviewed pro­gress made against each activ­ity in the pro­gramme for improve­ment developed by management.

2. Action points arising:

i. Fur­ther update on pro­gress made to be brought to next meet­ing. ii. CEO to men­tion the impact the Pro­cure­ment Officer is mak­ing in the organ­isa­tion with­in his next CEO report for Board meet­ing on 22 Novem­ber 2024.

Pro­cure­ment Strategy (Paper 9)

1. Dav­id Camer­on, Deputy CEO and Dir­ect­or of Cor­por­ate Ser­vices presen­ted the draft pro­cure­ment strategy, developed fol­low­ing the review of pro­cure­ment car­ried out by Intern­al Audit, as part of their pro­gramme of work for ²⁰²³⁄₂₄, and in accord­ance with the recom­mend­a­tions made by the Auditor.

2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing observation:

a) The Chair quer­ied why there was noth­ing on rel­ev­ant staff who have pro­cure­ment respons­ib­il­it­ies hav­ing train­ing, devel­op­ing under­stand­ing, know­ledge and train­ing should it be included in the strategy? Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO advised that there was a sec­tion on the role of the Pro­cure­ment officer and their role in train­ing. How­ever, he would ensure there is some­thing expli­cit in the strategy about the need for appro­pri­ate staff training.

Page 9 of 10

1. The Audit and Risk Com­mit­tee con­sidered the pro­cure­ment strategy and advised on its suit­ab­il­ity as a basis for devel­op­ment of pro­cesses and procedures.

2. Action points arising: None.

AOCB

1. No items presented.

2. Motion to take the next item in con­fid­en­tial session.

3. The pub­lic busi­ness of the meet­ing con­cluded at 14.10 pm

4. The next meet­ing is on 8 Novem­ber 2024.

Page 10 of 10

Ref	Action Detail	Who	When	Status
27/06/24	At para 19a 1 Add pro­cure­ment at 12th risk (stra­tegic risk register)	Dav­id		Closed
	At para 19c Update word­ing on Impact descrip­tion on risk 7 (C2030  risk register)
	At para 19d Review and amend (as appro­pri­ate) the prob­ab­il­ity score for risk 4 (C2030 risk register)
27/09/24	At para 20i Update on intern­al audit view on fin­an­cial scen­ario plan­ning to be provided to the Audit and Risk Committee	Dav­id and Stephanie	At the end of the 24⁄25  fin­an­cial year.
27/09/24	At para 36i Fur­ther update on pro­gress made to Pro­cure­ment Action Plan	Louise	To next meet­ing on 8  Novem­ber 2024
	At para 36ii CEO to men­tion the impact the Pro­cure­ment Officer is mak­ing in the organ­isa­tion with­in his next CEO report for Board meet­ing on 22  Novem­ber 2024.	Grant	Next Form­al Board meet­ing on 22  Novem­ber 2024