Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

A&R Cttee Paper 2 Annex 2 Informing the audit risk assessment 2020-21 20/04/21

Inform­ing the audit risk assess­ment for Cairngorms Nation­al Park Author­ity (‘CNPA’) 202021

John Boyd Dir­ect­or T +44 (0)141 223 0000 E john.​p.​boyd@​uk.​gt.​com

CAIRNGORMS NATION­AL PARK AUTHORITY Audit and Risk Com­mit­tee Paper 2 Annex 2 20/04/2021

(Page 2)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

The con­tents of this report relate only to the mat­ters which have come to our atten­tion, which we believe need to be repor­ted to you as part of our audit pro­cess. It is not a com­pre­hens­ive record of all the rel­ev­ant mat­ters, which may be sub­ject to change, and in par­tic­u­lar we can­not be held respons­ible to you for report­ing all of the risks which may affect your busi­ness or any weak­nesses in your intern­al con­trols. This report has been pre­pared solely for your bene­fit and should not be quoted in whole or in part without our pri­or writ­ten con­sent. We do not accept any respons­ib­il­ity for any loss occa­sioned to any third party act­ing, or refrain­ing from act­ing on the basis of the con­tent of this report, as this report was not pre­pared for, nor inten­ded for, any oth­er purpose.

(Page 3)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Table of Contents

Sec­tionPage
Pur­pose4
Gen­er­al Enquir­ies of Management5
Fraud7
Fraud Risk Assessment8
Laws and Regulations13
Impact of Laws and Regulations14
Related Parties16
Account­ing Estimates18
Account­ing Estim­ates — Gen­er­al Enquir­ies of Management19
Appendix A – Account­ing Estimates22

(Page 4)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Pur­pose

The pur­pose of this report is to con­trib­ute towards the effect­ive two-way com­mu­nic­a­tion between CNPA’s extern­al aud­it­ors and CNPA’s Audit and Risk Com­mit­tee, as those charged with gov­ernance’. The report cov­ers some import­ant areas of the aud­it­or risk assess­ment where we are required to make inquir­ies of the Audit and Risk Com­mit­tee under audit­ing standards.

Back­ground

Under Inter­na­tion­al Stand­ards on Audit­ing (UK), (ISA(UK)) aud­it­ors have spe­cif­ic respons­ib­il­it­ies to com­mu­nic­ate with the Audit and Risk Com­mit­tee. ISA(UK) emphas­ise the import­ance of two-way com­mu­nic­a­tion between the aud­it­or and the Audit and Risk Com­mit­tee and also spe­cify mat­ters that should be communicated.

This two-way com­mu­nic­a­tion assists both the aud­it­or and the Audit and Risk Com­mit­tee in under­stand­ing mat­ters relat­ing to the audit and devel­op­ing a con­struct­ive work­ing rela­tion­ship. It also enables the aud­it­or to obtain inform­a­tion rel­ev­ant to the audit from the Audit and Risk Com­mit­tee and sup­ports the Audit and Risk Com­mit­tee in ful­filling its respons­ib­il­it­ies in rela­tion to the fin­an­cial report­ing process.

Com­mu­nic­a­tion

As part of our risk assess­ment pro­ced­ures we are required to obtain an under­stand­ing of man­age­ment pro­cesses and the Authority’s over­sight of the fol­low­ing areas:

  • Gen­er­al Enquir­ies of Management
  • Fraud,
  • Laws and Regulations,
  • Related Parties, and
  • Account­ing Estimates.

This report includes a series of ques­tions on each of these areas and the response we have received from CNPA’s man­age­ment. The Audit and Risk Com­mit­tee should con­sider wheth­er these responses are con­sist­ent with its under­stand­ing and wheth­er there are any fur­ther com­ments it wishes to make.

(Page 5)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Gen­er­al Enquir­ies of Management

Ques­tionMan­age­ment response
1. What do you regard as the key events or issues that will have a sig­ni­fic­ant impact on the fin­an­cial state­ments for 202021?Cov­id — work­ing remotely and pla­cing more emphas­is on all staff to ensure that work is being car­ried out in terms of con­trac­tu­al arrangements
2. Have you con­sidered the appro­pri­ate­ness of the account­ing policies adop­ted by CNPA’s Have there been any events or trans­ac­tions that may cause you to change or adopt new account­ing policies?Yes, and on going. Text of account­ing policies will be revised for dis­clos­ure the fin­an­cial state­ments. The impact of IFRS 16 has yet to be com­pleted due to imple­ment­a­tion being post­poned until 2223
3. Is there any use of fin­an­cial instru­ments, includ­ing derivatives?No
4. Are you aware of any sig­ni­fic­ant trans­ac­tion out­side the nor­mal course of business?No
5. Are you aware of any changes in cir­cum­stances that would lead to impair­ment of non-cur­rent assets?No
6. Are you aware of any guar­an­tee contracts?No
7. Are you aware of the exist­ence of loss con­tin­gen­cies and/​or un-asser­ted claims that may affect the fin­an­cial statements?No change from pre­vi­ous years. The Author­ity remains the account­able body for the LEAD­ER and NLHF fun­ded pro­jects. A dis­clos­ure note will address these contingencies.
8. Oth­er than in house soli­cit­ors, can you provide details of those soli­cit­ors util­ised by CNPA dur­ing the year. Please indic­ate where they are work­ing on open lit­ig­a­tion or con­tin­gen­cies from pri­or years?Harp­er MacLeod — no change from 1920. No open lit­ig­a­tion from pri­or years

(Page 6)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Gen­er­al Enquir­ies of Management

Ques­tionMan­age­ment response
9. Have any of the CNPA’s ser­vice pro­viders repor­ted any items of fraud, non-com­pli­ance with laws and reg­u­la­tions or uncor­rec­ted mis­state­ments which would affect the fin­an­cial statements?No
10. Can you provide details of oth­er advisors con­sul­ted dur­ing the year and the issue on which they were consulted?Azets (Scott Mon­crief) who replaced BDO as intern­al aud­it­ors. Among intern­al audit work car­ried out they have been asked on the account­ing for the Peat­land Recov­ery pro­ject, and infra­struc­ture assets.

(Page 7)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud

Mat­ters in rela­tion to fraud

ISA (UK) 240 cov­ers aud­it­ors respons­ib­il­it­ies relat­ing to fraud in an audit of fin­an­cial statements.

The primary respons­ib­il­ity to pre­vent and detect fraud rests with both the Audit and Risk Com­mit­tee and man­age­ment. Man­age­ment, with the over­sight of the Audit and Risk Com­mit­tee, needs to ensure a strong emphas­is on fraud pre­ven­tion and deterrence and encour­age a cul­ture of hon­est and eth­ic­al beha­viour. As part of its over­sight, the Audit and Risk Com­mit­tee should con­sider the poten­tial for over­ride of con­trols and inap­pro­pri­ate influ­ence over the fin­an­cial report­ing process.

As CNPA’s extern­al aud­it­or, we are respons­ible for obtain­ing reas­on­able assur­ance that the fin­an­cial state­ments are free from mater­i­al mis­state­ment due to fraud or error. We are required to main­tain pro­fes­sion­al scep­ti­cism through­out the audit, con­sid­er­ing the poten­tial for man­age­ment over­ride of controls.

As part of our audit risk assess­ment pro­ced­ures we are required to con­sider risks of fraud. This includes con­sid­er­ing the arrange­ments man­age­ment has put in place with regard to fraud risks including:

  • assess­ment that the fin­an­cial state­ments could be mater­i­ally mis­stated due to fraud,
  • pro­cess for identi­fy­ing and respond­ing to risks of fraud, includ­ing any iden­ti­fied spe­cif­ic risks,
  • com­mu­nic­a­tion with the Audit and Risk Com­mit­tee regard­ing its pro­cesses for identi­fy­ing and respond­ing to risks of fraud, and
  • com­mu­nic­a­tion to employ­ees regard­ing busi­ness prac­tices and eth­ic­al behaviour.

We need to under­stand how the Audit and Risk Com­mit­tee over­sees the above pro­cesses. We are also required to make inquir­ies of both man­age­ment and the Audit and Risk Com­mit­tee as to their know­ledge of any actu­al, sus­pec­ted or alleged fraud. These areas have been set out in the fraud risk assess­ment ques­tions below togeth­er with responses from CNPA’s management.

(Page 8)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud risk assessment

Ques­tionMan­age­ment response
1. Have CNPA’s assessed the risk of mater­i­al mis­state­ment in the fin­an­cial state­ments due to fraud? How has the pro­cess of identi­fy­ing and respond­ing to the risk of fraud been under­taken and what are the res­ults of this pro­cess? How do the CNPA’s risk man­age­ment pro­cesses link to fin­an­cial reporting?As a NDPB charged with spend­ing GiA from Scot­tish Gov­ern­ment the oppor­tun­it­ies for fraud are much less than a trad­ing com­pany. Any fin­an­cial mis­state­ment is likely to be due to cut off at year end — releasing/​recognising too much income or includ­ing costs for the next AP. While mis­state­ment is pos­sible, mater­i­al mis­state­ment is unlikely giv­en the expense pro­file of run­ning costs — e.g. largest pre­pay­ment likely to be rent for 2 months; accrued costs are usu­ally high­er than wanted and work/​services accrued can fail to hap­pen for a num­ber of reas­ons — fail­ure to update fin­ance or requis­i­tion forms on changed cir­cum­stances, or simply errors. This has been a chal­lenge with the cov­id pan­dem­ic and the inten­tion for 31 03 21 is to again try to min­im­ise accru­als. As pro­ject costs and fund­ing are matched mater­i­al mis­state­ment is unlikely. All claims to Nation­al Lot­tery Her­it­age Fund have been paid out in full, as have the major­ity of claims to LEAD­ER on pro­ject advances made. Due to con­tin­ued work on the LARCS sys­tem dif­fer­ences are now being iden­ti­fied where amounts paid out to claimants may not be reim­bursed in full by SG/LEADER. When iden­ti­fied over­pay­ments are accrued for and repay­ments made when invoiced with any appro­pri­ate adjust­ment made via the irreg­u­lar­it­ies pro­vi­sion. The net impact in the accounts is nil. TBs and detailed trans­ac­tion reports are routinely reviewed by Fin­ance. Trans­ac­tion reports are also cir­cu­lated to Heads of Ser­vices, more so in the run up to the year end for their review and com­ment. (This usu­ally iden­ti­fies miscoding’s) (1) all bank accounts are mon­itored daily to iden­tity any unusu­al activ­ity. There’s very rarely any­thing oth­er than expec­ted lodge­ments or pay­ments. We main­tain very low levels of petty cash and since the start of the cov­id pan­dem­ic pay­ment by cheque has all but been aban­doned. Bank pay­ments require sep­ar­a­tion of duties: those set­ting up pay­ments can­not author­ise and then there is double author­isa­tion. (2) we are now well aware of the vari­ous email and oth­er frauds and any sus­pi­cious email is deleted; (3) with the requis­i­tion sys­tem we do have advance vis­ib­il­ity on invoices/​grants claims due. Any pay­ment without a requis­i­tion is not paid until one is in place and the funds are con­firmed as being avail­able and signed off by Head of Ser­vice or staff mem­ber with appro­pri­ate author­ity; (4) we also really on healthy sceptism with­in the fin­ance team who, and hav­ing been in their roles for some time, know the spend pro­file, sup­pli­ers etc. and do chal­lenge pay­ments etc. (5) there is a risk of fraud where pay­ments are being made to part­ners for work done or as grants where work has not sub­sequently been car­ried out with no inten­tion of it being car­ried out. Grant con­di­tions usu­ally con­tain pro­vi­sions to allow sight of invoices as evid­ence of work done or by phys­ic­al inspec­tion. The greatest risk by value is on the LEAD­ER pro­ject but giv­en it is sub­ject not just to loc­al review and super­vi­sion but audit from Edin­burgh and ulti­mately the EU there is min­im­al risk of fraud.
2. What have you determ­ined to be the classes of accounts, trans­ac­tions and dis­clos­ures most at risk to fraud?Those trans­ac­tions and bal­ances con­sidered above

(Page 9)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud risk assessment

Ques­tionMan­age­ment response
3. Are you aware of any instances of actu­al, sus­pec­ted or alleged fraud, errors or oth­er irreg­u­lar­it­ies either with­in CNPA as a whole or with­in spe­cif­ic depart­ments since 1 April 2020? As a man­age­ment team, how do you com­mu­nic­ate risk issues (includ­ing fraud) to those charged with governance?There have been no instances of fraud or sus­pec­ted fraud in the year to date. We con­tin­ue to received CEO, and phish­ing emails and staff are under instruc­tions to delete and not act on. Bank of Scot­land also uses pop up mes­sages in the bank­ing sys­tem (which have to be acknow­ledged) to high­light the latest trends in (extern­al) fraud etc. To a less­er degree the SG cyber secur­ity dept also issues warn­ings, and the SG NDPB Fin­ance Dir­ect­ors’ For­um. There is an annu­al intern­al audit plan each year with reg­u­lar updates giv­en to the Audit and risk Com­mit­tee. All intern­al audit reports are pub­lished on the Authority’s website.
4. Have you iden­ti­fied any spe­cif­ic fraud risks? Do you have any con­cerns there are areas that are at risk of fraud? Are there par­tic­u­lar loc­a­tions with­in CNPA where fraud is more likely to occur?(1) the most imme­di­ate fraud risk is cyber fraud — phish­ing etc. Staff are reminded not to open any emails etc. where they do not know the sender etc.. This is covered by updates from Bank of Scot­land and SG cyber secur­ity teams and reli­ance on fil­ters etc. and more fre­quent block­ing of known risk IPOs, advised by SG cyber secur­ity. How­ever, the implic­a­tions of a suc­cess­ful cyber attack are unlikely to be the imme­di­ate loss of cash but in the loss of data and access to sys­tems and the sub­sequent costs of recov­er­ing data, and repla­cing hard­ware. The Authority’s serv­ers can­not be accessed via the Authority’s web­site which is hos­ted on a sep­ar­ate remote serv­er. (2) no (3) no. Whilst work­ing remotely for the last year the Bal­later office has remained closed to the pub­lic, and offices for the T&G Land­scape Part­ner­ship are now closed. Grant­own remains the main place of oper­a­tion and access has been restric­ted to only a few key staff for brief peri­ods of time. There are no cash oper­a­tions oth­er than petty cash which is immaterial.
5. What pro­cesses do CNPA have in place to identi­fy and respond to risks of fraud?(1) all 5 bank accounts are reviewed daily to identi­fy any unusu­al activ­ity; (2) we are now well estab­lished in deal­ing with CEO or invoice fraud, and the Bank of Scot­land CBO gives numer­ous remind­ers on this type of fraud, and tent to high­light the most pop­u­lar at any one time. Any CEO email is now deleted when at one point we would liaise with BoS — too time con­sum­ing; (3) with the requis­i­tion sys­tem we do have advance warn­ing on invoices/​grant claims due and any pay­ment without a requis­i­tion is not pro­cessed until one is in place and a Head of Ser­vice or sim­il­ar staff has author­ised for pay­ment. Sus­pi­cious invoices are chal­lenged, or sus­pi­cious emails from unknown sup­pli­ers with attach­ments are deleted. Cur­rently the biggest single risk of fraud would be from some form of cyber fraud: fin­ance staff remain vigil­ant and we rely on net­work secur­ity to reject sus­pi­cious emails etc.

(Page 10)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud risk assessment

Ques­tionMan­age­ment response
6. How do you assess the over­all con­trol envir­on­ment for CNPA, includ­ing: • the exist­ence of intern­al con­trols, includ­ing segreg­a­tion of duties; and • the pro­cess for review­ing the effect­ive­ness the sys­tem of intern­al con­trol? If intern­al con­trols are not in place or not effect­ive where are the risk areas and what mit­ig­at­ing actions have been taken? What oth­er con­trols are in place to help pre­vent, deter or detect fraud? Are there any areas where there is a poten­tial for over­ride of con­trols or inap­pro­pri­ate influ­ence over the fin­an­cial report­ing pro­cess (for example because of undue pres­sure to achieve fin­an­cial targets)?The con­trol envir­on­ment is robust and has pre­formed well under lock­down with the main change in oper­a­tion being reli­ance on emails trails for approv­al of pay­ment from those with the respons­ib­il­ity to approve an invoice/​grant for pay­ment, and gen­er­ally start­ing the pro­cess to being more digit­al”. There have been no changes to the segreg­a­tion of duties or intern­al con­trols and while work­ing prac­tices have been changed there has been no need yet for a detailed review of the effect­ive­ness of the sys­tem of intern­al con­trol. How­ever, for the future, as the Author­ity is embark­ing on a trans­form­a­tion­al peri­od in IT and mov­ing to SWAN, and ulti­mately to Office 365 and more cloud based work­ing, a review of the cur­rent fin­an­cial pro­ced­ures and soft­ware pack­age will at some point take place. There is as yet no times­cale for this. All fin­ance staff have been in post for a num­ber of years and have pre­formed well through­out the last year either work­ing remotely or from the office on reduced office hours. Unlike a com­mer­cial oper­a­tion there are no indi­vidu­al tar­gets for staff to meet: rather the emphas­is is on deliv­er­ing an out­turn as close as is pos­sible to break­even. There are no fin­an­cial rewards/​performance based for meet­ing any tar­gets. If any­thing, work­ing remotely, with increased scru­tiny of trans­ac­tion digit­ally and in paper has meant there have been no errors noted in pay­ments. His­tor­ic­ally at least 1 double pay­ment in the run up to the year end has been noted but there are no such occur­rences this year end. While the cur­rent way of work­ing is not as effi­cient as it could be it has proved reli­able in practice.
7. Are there any areas where there is poten­tial for misreporting?There is the poten­tial for mis­cod­ing of trans­ac­tions and heads of ser­vices are encour­age to inform fin­ance where they find a miss post­ing. Pri­or to year end post­ings will be reviewed for the year. How­ever this is will not give rise to a change in out­turn only in alloc­a­tion of costs.

(Page 11)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud risk assessment

Ques­tionMan­age­ment response
8. How do CNPA com­mu­nic­ate and encour­age eth­ic­al beha­viours and busi­ness pro­cesses of it’s staff and con­tract­ors? How do you encour­age staff to report their con­cerns about fraud? What con­cerns are staff expec­ted to report about fraud? Have any sig­ni­fic­ant issues been reported?Grant offers are accom­pan­ied with stand­ard terms and con­di­tions though it is recog­nised that they are in need of a refresh and this will likely hap­pen in 2122. Staff are encour­aged to be vigil­ant, and, fin­ance staff are encour­aged to enter­tain a degree of scep­ti­cism and to chal­lenge pay­ments if they think neces­sary. I am not aware of any con­cerns raised by staff on fraud, or report­ing of any issues. As an organ­isa­tion we remain vigil­ant on the usu­al, and increas­ingly more fre­quent, cyber threats, invoice fraud, CEO and phishing.
9. From a fraud and cor­rup­tion per­spect­ive, what are con­sidered to be high-risk posts? How are the risks relat­ing to these posts iden­ti­fied, assessed and managed?Giv­en the scheme of del­eg­ate author­ity, segreg­a­tion of duties, need for doc­u­ment­ary evid­ence, dual author­isa­tion of bank pay­ments etc no single post is as risky as any other.
10. Are you aware of any related party rela­tion­ships or trans­ac­tions that could give rise to instances of fraud? How do you mit­ig­ate the risks asso­ci­ated with fraud related to related party rela­tion­ships and transactions?(1) No. (2) all trans­ac­tions are author­ised by a mem­ber of staff with the appro­pri­ate level of del­eg­ated author­ity. Any trans­ac­tion has to be covered by a requis­i­tion (yel­low) and signed off and for high value trans­ac­tions decision will also have been reviewed/​made at Man­age­ment Team level, espe­cially on the the high value green recov­ery fund and Vis­it­or Infra­struc­ture Fund. Trans­ac­tions with oth­er NPBD, gov­ern­ment bod­ies are based on spe­cif­ic pieces of work or fund­ing. Where there is a related party con­nec­tion due to a Board mem­ber being a mem­ber of that body this will be noted for the accounts but Board mem­bers pay no part in the day to day oper­a­tions or author­isa­tion of pay­ments to be made.

(Page 12)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Fraud risk assessment

Ques­tionMan­age­ment response
11. What arrange­ments are in place to report fraud issues and risks to the Audit and Risk Com­mit­tee? How does the Audit and Risk Com­mit­tee exer­cise over­sight over management’s pro­cesses for identi­fy­ing and respond­ing to risks of fraud and breaches of intern­al con­trol? What has been the out­come of these arrange­ments so far this year?There is an intern­al audit plan each fin­an­cial year with reg­u­lar updates giv­en to the Audit and Risk com­mit­tee. All intern­al audit reports are pub­lished on the Authority’s web­site. Spe­cif­ic oper­a­tion­al risks are noted in the Risk register which is updated and presen­ted to the Audit com­mit­tee, and Board twice a year. Noth­ing spe­cially fin­an­cial has been drawn to their atten­tion in the cur­rent year.
12. Are you aware of any whistle blow­ing poten­tial or com­plaints by poten­tial whistle blowers? If so, what has been your response?No
13. Have any reports been made under the Bribery Act?No

(Page 13)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Law and regulations

Mat­ters in rela­tion to laws and regulations

ISA (UK) 250 requires us to con­sider the impact of laws and reg­u­la­tions in an audit of the fin­an­cial statements.

Man­age­ment, with the over­sight of the Audit and Risk Com­mit­tee, is respons­ible for ensur­ing that CNPA’s oper­a­tions are con­duc­ted in accord­ance with laws and reg­u­la­tions includ­ing those that determ­ine amounts in the fin­an­cial statements.

As aud­it­or, we are respons­ible for obtain­ing reas­on­able assur­ance that the fin­an­cial state­ments are free from mater­i­al mis­state­ment due to fraud or error, tak­ing into account the appro­pri­ate leg­al and reg­u­lat­ory frame­work. As part of our risk assess­ment pro­ced­ures we are required to make inquir­ies of man­age­ment and the Audit and Risk Com­mit­tee as to wheth­er the entity is in com­pli­ance with laws and reg­u­la­tions. Where we become aware of inform­a­tion of non-com­pli­ance or sus­pec­ted non-com­pli­ance we need to gain an under­stand­ing of the non-com­pli­ance and the pos­sible effect on the fin­an­cial statements.

Risk assess­ment ques­tions have been set out below togeth­er with responses from management.

(Page 14)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Impact of laws and regulations

Ques­tionMan­age­ment response
1. How does man­age­ment gain assur­ance that all rel­ev­ant laws and reg­u­la­tions have been com­plied with? What arrange­ments does CNPA have in place to pre­vent and detect non-com­pli­ance with laws and reg­u­la­tions? Are you aware of any changes to the Authority’s reg­u­lat­ory envir­on­ment that may have a sig­ni­fic­ant impact on the Authority’s fin­an­cial statements?The Author­ity has Harp­er MacLeod as leg­al advisors who advice on leg­al mat­ters gen­er­ally and spe­cific­ally on plan­ning law and GDPR. Reli­ance is also placed on pro­fes­sion­ally qual­i­fied staff to be aware of changes in laws and reg­u­la­tions, and the mat­ters. The NDPB FD For­um is used for a gen­er­al source of changes likely to impact fin­an­cial mat­ters, and Audit Scotland’s Quarterly Tech­nic­al Bul­let­ins are also reviewed. More recently, for cyber secur­ity mat­ters reli­ance is placed on SG Pub­lic Sec­tor Cyber Resi­li­ence Depart­ment for inform­a­tion on crit­ic­al patch updates and threats. Post cyber attack on SEPA at the New Year great­er sig­ni­fic­ance is being placed on cyber security.
2. How is the Audit and Risk Com­mit­tee provided with assur­ance that all rel­ev­ant laws and reg­u­la­tions have been com­plied with?An annu­al report is made to the Audit and Risk Com­mit­tee and the Gov­ernance report for inclu­sion in the annu­al fin­an­cial state­ments. Emphas­is is put on report­ing on com­plaints and risk gen­er­ally. Any sig­ni­fic­ant break of laws and reg­u­la­tions would be repor­ted to the com­mit­tee, but there has his­tor­ic­ally none to report.
3. Have there been any instances of non-com­pli­ance or sus­pec­ted non-com­pli­ance with laws and reg­u­la­tion since 1 April 2020 with an on going impact on the 202021 fin­an­cial statements?Not that we are aware of.
4. Is there any actu­al or poten­tial lit­ig­a­tion or claims that would affect the fin­an­cial statements?There are cur­rently none.

(Page 15)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Impact of laws and regulations

Ques­tionMan­age­ment response
5. What arrange­ments does CNPA have in place to identi­fy, eval­u­ate and account for lit­ig­a­tion or claims?Spe­cif­ic advice would be taken from the Authority’s leg­al advisor — Harp­er MacLeod.
6. Have there been any report from oth­er reg­u­lat­ory bod­ies, such as HM Rev­en­ues and Cus­toms which indic­ate non-compliance?No

(Page 16)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Related Parties

Mat­ters in rela­tion to Related Parties

CNPA are required to dis­close trans­ac­tions with entities/​individuals that would be classed as related parties. These may include:

  • entit­ies that dir­ectly, or indir­ectly through one or more inter­me­di­ar­ies, con­trol, or are con­trolled by CNPA;
  • asso­ci­ates;
  • joint ven­tures;
  • an entity that has an interest in the author­ity that gives it sig­ni­fic­ant influ­ence over the Authority;
  • key man­age­ment per­son­nel, and close mem­bers of the fam­ily of key man­age­ment per­son­nel, and
  • post-employ­ment bene­fit plans (pen­sion fund) for the bene­fit of employ­ees of the Author­ity, or of any entity that is a related party of the Authority.

A dis­clos­ure is required if a trans­ac­tion (or series of trans­ac­tions) is mater­i­al on either side, i.e. if a trans­ac­tion is imma­ter­i­al from the Autority’s per­spect­ive but mater­i­al from a related party view­point then the Author­ity must dis­close it.

ISA (UK) 550 requires us to review your pro­ced­ures for identi­fy­ing related party trans­ac­tions and obtain an under­stand­ing of the con­trols that you have estab­lished to identi­fy such trans­ac­tions. We will also carry out test­ing to ensure the related party trans­ac­tion dis­clos­ures you make in the fin­an­cial state­ments are com­plete and accurate.

(Page 17)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Related Parties

Ques­tionMan­age­ment response
1. Have there been any changes in the related parties includ­ing those dis­closed in CNPA’s 201920 fin­an­cial state­ments? If so please sum­mar­ise: • the nature of the rela­tion­ship between these related parties and CNPA • Wheth­er CNPA has entered into or plans to enter into any trans­ac­tions with these related parties • the type and pur­pose of these transactionsNo. There are no new Board mem­bers or any pub­lic bod­ies we are deal­ing with for the first time in the year
2. What con­trols does CNPA have in place to identi­fy, account for and dis­close related party trans­ac­tions and relationships?Board mem­bers and staff are required to com­plete a register of interests, which is updated annu­ally. For accounts dis­clos­ure this is reviewed to identi­fy oth­er bod­ies the Board mem­ber or staff mem­ber may have links to, oth­er than mere mem­ber­ship, and trans­ac­tions with those bod­ies are reviewed to derive the accounts disclosures.
3. What con­trols are in place to author­ise and approve sig­ni­fic­ant trans­ac­tions and arrange­ments with related parties?No Board mem­ber is involved in the approv­al pro­cess for pay­ments. A sched­ule of del­eg­ated author­ity is main­tained and where iden­ti­fied that a staff mem­ber has an interest the doc­u­ment­a­tion will be signed off by anoth­er mem­ber of staff. For trans­ac­tion over £25,000 author­isa­tion is by a dir­ect­or with the CEO author­ising pay­ments over £100,000.
4. What con­trols are in place to author­ise and approve sig­ni­fic­ant trans­ac­tions out­side of the nor­mal course of business?There are no trans­ac­tions out­side the nor­mal busi­ness activ­it­ies of the Authority.

(Page 18)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Account­ing estimates

Mat­ters in rela­tion to Related Account­ing estimates

ISA (UK) 540 (Revised Decem­ber 2018) requires aud­it­ors to under­stand and assess an entity’s intern­al con­trols over account­ing estim­ates, including:

  • The nature and extent of over­sight and gov­ernance over management’s fin­an­cial report­ing pro­cess rel­ev­ant to account­ing estimates;
  • How man­age­ment iden­ti­fies the need for and applies spe­cial­ised skills or know­ledge related to account­ing estimates;
  • How the entity’s risk man­age­ment pro­cess iden­ti­fies and addresses risks relat­ing to account­ing estimates;
  • The entity’s inform­a­tion sys­tem as it relates to account­ing estimates;
  • The entity’s con­trol activ­it­ies in rela­tion to account­ing estim­ates; and
  • How man­age­ment reviews the out­comes of pre­vi­ous account­ing estimates.

As part of this pro­cess aud­it­ors also need to obtain an under­stand­ing of the role of those charged with gov­ernance, which is par­tic­u­larly import­ant where the estim­ates have high estim­a­tion uncer­tainty, or require sig­ni­fic­ant judgement.

Spe­cific­ally do Audit and Risk Com­mit­tee members:

  • Under­stand the char­ac­ter­ist­ics of the meth­ods and mod­els used to make the account­ing estim­ates and the risks related to them;
  • Over­see management’s pro­cess for mak­ing account­ing estim­ates, includ­ing the use of mod­els, and the mon­it­or­ing activ­it­ies under­taken by man­age­ment; and
  • Eval­u­ate how man­age­ment made the account­ing estimates?

We would ask the Audit and Risk Com­mit­tee to sat­is­fy itself that the arrange­ments for account­ing estim­ates are adequate.

(Page 19)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Account­ing Estim­ates — Gen­er­al Enquir­ies of Management

Ques­tionMan­age­ment response
1. What are the classes of trans­ac­tions, events and con­di­tions, that are sig­ni­fic­ant to the fin­an­cial state­ments that give rise to the need for, or changes in, account­ing estim­ate and related disclosures?Only hol­i­day pay accru­al, LEAD­ER irreg­u­lar­it­ies pro­vi­sion, and depreciation.(1) the assump­tions and meth­od for cal­cu­la­tion of the accrued hol­i­day pay has remained con­sist­ent for at least the last 5 years; (2) a review of the LEAD­ER irreg­u­lar­ity pro­vi­sion has been post­poned as the pro­gramme has now been exten­ded to 31 Decem­ber when we will be in a bet­ter pos­i­tion to reas­sess a final pro­vi­sion — if required, as actu­al irreg­u­lar­it­ies may have been iden­ti­fied and agreed withe the LEAD­ER Edin­burgh team and these will be recog­nised as an accru­als (3) there has been no change to the meth­ods or rationale on the depre­ci­ation of cap­it­al­ised assets dur­ing the year.
2. How does the Authority’s risk man­age­ment pro­cess identi­fy and addresses risks relat­ing to account­ing estimates?Depre­ci­ation: Estim­ated use­ful lives of assets cap­it­al­ised have been con­sist­ently applied over the last 10 years. Peri­od­ic reviews of oth­er NDPB accounts are under­taken too to ensure rates are in line with oth­er NDPBs. For 2021 fixed asset addi­tions have been IT related: hard­ware or per­petu­al” licences of soft­ware. Accru­als: Weekly review by Heads of ser­vice and oth­er staff, review by fin­ance man­ager, and where iden­ti­fied changes in the requis­i­tion value which is fed into pro­jec­ted out­turn work­ings. Pro­vi­sions: (1) for fixed term redund­ancy on actu­al cal­cu­la­tions on length of con­tract and salar­ies to arrive at expos­ure at end of con­tract (2) LEAD­ER irreg­u­lar­ity pro­vi­sion was based on a % of awar­ded fund­ing based on exper­i­ence of pri­or pro­gramme man­age­ment. Redec­or­a­tion pro­vi­sion is based on liab­il­it­ies fall­ing under the lease and an estim­ate from his­tor­ic cost inform­a­tion of asso­ci­ated cost. Staff hol­i­day pay accru­al is assessed based on sampled evid­ence of staff hol­i­day and flexi­time bene­fits held at the end of the year.
3. How do man­age­ment identi­fy the meth­ods, assump­tions or source data, and the need for changes in them, in rela­tion to key account­ing estimates?Depre­ci­ation: Man­u­fac­tur­ers’ specs and his­tor­ic rates applied, or for cap­it­al­ised lease­hold improve­ments or oth­er assets the length of the life or an estim­ated use­ful life of the asset. Accru­als: The source data is from the requis­i­tion registers run­ning from early Feb­ru­ary list­ing known out­stand­ing requis­i­tions at any date. Dis­cus­sions are also held with Heads of Ser­vice to assess com­plete­ness and reli­ab­il­ity of the requis­i­tion register. Pro­vi­sions: Source data is based on appro­pri­ate man­age­ment inform­a­tion held for each provision
4. How do man­age­ment review the out­comes of pre­vi­ous account­ing estimates?Based on move­ment at year end, spe­cific­ally for the hol­i­day pay accru­al. There has been no move­ment in the LEAD­ER irreg­u­lar­it­ies pro­vi­sion and depre­ci­ation is repor­ted on but largely uncom­men­ted on as it is a non-cash transaction.
5. Were any changes made to the estim­a­tion pro­cesses in 202021 and, if so, what was the reas­on for these?No

(Page 20)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Account­ing Estim­ates — Gen­er­al Enquir­ies of Management

Ques­tionMan­age­ment response
6. How do man­age­ment identi­fy the need for and apply spe­cial­ised skills or know­ledge related to account­ing estimates?Where neces­sary extern­al spe­cial­ised know­ledge will be sought. TO date no such spe­cial­ised know­ledge has ben required.
7. How does the Author­ity determ­ine what con­trol activ­it­ies are needed for sig­ni­fic­ant account­ing estim­ates, includ­ing the con­trols at any ser­vice pro­viders or man­age­ment experts?Depre­ci­ation: Review of depre­ci­ation and cap­it­al­ised assets in year through peri­od­ic man­age­ment accounts and dis­cus­sions between the Fin­ance Man­ager and Dir­ect­or of Cor­por­ate Ser­vices. No out­side ser­vice pro­viders or man­age­ment experts are used. Accru­als: It is left to oper­a­tion­al staff to liaise with the companies/​individuals they have placed work with to ensure it is car­ried out to the stand­ard and price/​value con­trac­ted. In the run up to the year end, where work is not expec­ted to start until after the year end requis­i­tion data is moved to a 2122 sec­tion. In the run up to the year end the registers are mon­itored daily and staff encour­aged to make sure work has been car­ried out and invoiced in year to reduce the level of accru­als. The fin­ance man­ager will dis­cuss the appro­pri­ate­ness of an accru­al with a head of ser­vice to determ­ine if an accru­al is appro­pri­ate, espe­cially with con­trac­ted for goods and ser­vices. For grants awar­ded in year accru­als are set up at the time of accept­ance as the clear con­trac­tu­al oblig­a­tion to pay exists. Pro­vi­sions: The pro­vi­sions are only revised at year end, if neces­sary, and are reviewed as part of out­turn. No ser­vice pro­viders or man­age­ment experts are involved.
8. How do man­age­ment mon­it­or the oper­a­tion of con­trol activ­it­ies related to account­ing estim­ates, includ­ing the key con­trols at any ser­vice pro­viders or man­age­ment experts?As above
9. What is the nature and extent of over­sight and gov­ernance over management’s fin­an­cial report­ing pro­cess rel­ev­ant to account­ing estim­ates, includ­ing: — Management’s pro­cess for mak­ing sig­ni­fic­ant account­ing estim­ates — The meth­ods and mod­els used — The res­ult­ant account­ing estim­ates included in the fin­an­cial statements.From review of fin­an­cial state­ments presen­ted to the Audit and Risk Committee

(Page 21)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Account­ing Estim­ates — Gen­er­al Enquir­ies of Management

Ques­tionMan­age­ment response
10. Are man­age­ment aware of trans­ac­tions, events, con­di­tions (or changes in these) that may give rise to recog­ni­tion or dis­clos­ure of sig­ni­fic­ant account­ing estim­ates that require sig­ni­fic­ant judge­ment (oth­er than those in Appendix A)?Yes , but lim­ited to the 3 classes already con­sidered — depre­ci­ation, accru­als and provisions.
11. Are the man­age­ment arrange­ments for the account­ing estim­ates, as detailed in Appendix A reasonable?Yes
12. How is the Audit and Risk Com­mit­tee provided with assur­ance that the arrange­ments for account­ing estim­ates are adequate ?Through

(Page 22)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Appendix A Account­ing Estimates

Estim­ateMeth­od / mod­el used to make the estim­ateCon­trols used to identi­fy estim­atesWheth­er Man­age­ment have used an expertUnder­ly­ing assump­tions: — Assess­ment of degree of uncer­tainty — Con­sid­er­a­tion of altern­at­ive estim­atesHas there been a change in account­ing meth­od in year?
Depre­ci­ationEstim­ated use­ful lives of assets cap­it­al­ised have been con­sist­ently applied over the last 10 years. Peri­od­ic reviews of oth­er NDPB accounts are under­taken too to ensure rates are in line with oth­er NDPBs. For 2021 fixed asset addi­tions have been IT related: hard­ware or per­petu­al” licences of software.Based on a review of oth­er NDPB accounts, exper­i­ence and gen­er­ally accep­ted prac­tices, and for IT pur­chases the estim­ated use­ful life of kit — where large/​expensive pieces of kit carry a warranty/​support peri­od the asset is depre­ci­ated on a SL over that peri­od. In prac­tice man­u­fac­tur­ers warranty/​support peri­ods have proved to be a reli­able estim­ate of use­ful life. Laptop/​desktop com­puters depre­ci­ation is over a 3 years peri­od giv­en tech­no­lo­gic­al advances and increas­ingly soph­ist­ic­ated soft­ware demand­ing more power­ful machines.N/AMan­u­fac­tur­ers’ specs and his­tor­ic rates applied, or for cap­it­al­ised lease­hold improve­ments or oth­er assets the length of the life or an estim­ated use­ful life of the asset.None

(Page 23)

© 2021 Grant Thornton UK LLP | Cairngorms Nation­al Park Author­ity 202021 Com­mer­cial in confidence

Appendix A Account­ing Estimates

Estim­ateMeth­od / mod­el used to make the estim­ateCon­trols used to identi­fy estim­atesWheth­er Man­age­ment have used an expertUnder­ly­ing assump­tions: — Assess­ment of degree of uncer­tainty — Con­sid­er­a­tion of altern­at­ive estim­atesHas there been a change in account­ing meth­od in year?
Pro­vi­sions(1) for fixed term redund­ancy on actu­al cal­cu­la­tions on length of con­tract and salar­ies to arrive at expos­ure at end of con­tract (2) LEAD­ER irreg­u­lar­ity pro­vi­sion was based on a % of awar­ded fund­ing based on exper­i­ence of pri­or pro­gramme man­age­ment. Redec­or­a­tion pro­vi­sion is based on liab­il­it­ies fall­ing under the lease and an estim­ate from his­tor­ic cost inform­a­tion of asso­ci­ated cost. Staff hol­i­day pay accru­al is assessed based on sampled evid­ence of staff hol­i­day and flexi­time bene­fits held at the end of the year.The pro­vi­sions are only revised at year end
×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!

Give feedback