Draft MINUTES of MEET­ING of the AUDIT & RISK COM­MIT­TEE of THE CAIRNGORMS NATION­AL PARK AUTHORITY

held via Lifes­ize Video Con­fer­ence on 3 Feb­ru­ary 2021

Present:

• Judith Webb (Chair)
• Peter Argyle
• Pippa Had­ley
• Janet Hunter
• John Lath­am
• Gaen­er Rodger (Vice Chair)

In Attend­ance:

• Chris Brown, Azets
• Stephanie Hume, Azets
• John Boyd, Grant Thornton
• Grant Moir, Chief Executive
• Dav­id Camer­on, Cor­por­ate Ser­vices Director
• Vicky Walk­er, Office Ser­vices Manager

Apo­lo­gies: None.

1. Wel­come and Apologies

The Chair wel­comed every­one to the meet­ing and apo­lo­gies were noted.

2. Minutes of Pre­vi­ous Meeting

The draft minutes of the 27^th Novem­ber 2020 meet­ing were approved with no amendments.

3. Mat­ters Arising

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, repor­ted that move­ment on the out­stand­ing actions lis­ted in 27 Novem­ber 2020 Audit & Risk Com­mit­tee Minutes were:

• a) At Para 32i) – Closed: Dir­ect­or of Cor­por­ate Ser­vices has arranged for cir­cu­la­tion of the most up-to-date ver­sion of the Extern­al Audit Report to the Committee.
• b) At Para 34i) – Closed: Dir­ect­or of Cor­por­ate Ser­vices invest­ig­ated the £6 per week work­ing from home allow­ance from HMRC.
• c) At Para 34ii) – Closed: Dir­ect­or of Cor­por­ate Ser­vices con­firmed pro­cesses were to be designed and imple­men­ted to handle any claims from staff of excess costs arising where they were required to work from home.
• d) At Para 34iii) – Closed: The need for Board cohe­sion and the chal­lenges that work­ing from home brings to the Board has been picked up through the Board sur­vey and devel­op­ment con­ver­sa­tions and actions will be picked up against that.

4. Declar­a­tions of Interest

There were no interests declared.

5. Intern­al Audit Review: Gov­ernance (Paper 1)

Chris Brown, Azets, intro­duced the intern­al audit review of the Authority’s gov­ernance arrange­ments. Chris high­lighted the main out­comes of this review:

• a. Over­all, the gov­ernance struc­ture com­plies with rel­ev­ant guid­ance and is pro­por­tion­ate to the organisation’s requirements.
• b. Strategy set­ting and plan­ning pro­cesses are in place and aligned with the Nation­al Parks (Scot­land) Act 2000.
• c. Not­with­stand­ing those pos­it­ives, there were areas iden­ti­fied for improvement.
• d. Roles and respons­ib­il­it­ies for decision-mak­ing should be drawn out and agreed in a gov­ernance and respons­ib­il­ity framework.
• e. Com­mit­tee terms of ref­er­ence should be reg­u­larly reviewed.
• f. Report­ing arrange­ments from com­mit­tees to the Board should be form­al­ised and strengthened.
• g. Arrange­ments for assur­ance over major pro­jects should be strengthened.

Chris also noted that there is a rel­at­ively small staff resource deal­ing with gov­ernance mat­ters, while not­ing there is a man­age­ment struc­ture review under­way which is expec­ted to address this matter.

7. The Audit & Risk Com­mit­tee dis­cussed the report and made the fol­low­ing comments:

• a) The need for improved under­stand­ing between mem­bers and staff, and on a con­sist­ent basis across all mem­bers, on the decision-mak­ing respons­ib­il­it­ies of mem­bers and staff was fully agreed. Mem­bers reflec­ted that the recent dis­cus­sions at the Board meet­ing on the wide range of expec­ted levels of decision-mak­ing seemed clear at that meet­ing as a recent example, and rein­forced the need for improved under­stand­ing. Intern­al aud­it­ors high­lighted on this point that board mem­bers can­not be both part of an oper­a­tion­al decision and also scru­tin­ise it. Hence the import­ance of estab­lish­ing and under­stand­ing stra­tegic decision-mak­ing as opposed to oper­a­tion­al decisions to imple­ment these stra­tegic decisions.
• b) The Dir­ect­or of Cor­por­ate Ser­vices con­firmed work was under­way in draft­ing the Gov­ernance Respons­ib­il­ity Frame­work men­tioned, and a first draft to indic­ate pro­posed dir­ec­tion of travel has been provided to the Con­vener and Deputy Con­vener. The Dir­ect­or noted he did not think it would be pos­sible to always identi­fy spe­cif­ic roles and respons­ib­il­it­ies and judge­ment would always be required, while seek­ing to design some cri­ter­ia to help with this.
• c) The Board self-eval­u­ation sur­vey had been com­pleted and mem­bers also have had devel­op­ment con­ver­sa­tions with the Con­vener. Aspects of work against these recom­mend­a­tions were there­fore well progressed.

8. The Audit & Risk Committee:

• a) Con­sidered the intern­al auditor’s find­ings on the Cor­por­ate Gov­ernance sys­tems and controls.
• b) Endorsed the man­age­ment responses to recom­mend­a­tions for action raised by the intern­al auditor.

9. Action Point Arising: None.

10. Intern­al Audit Review: COVID19 Recov­ery / Busi­ness Con­tinu­ity Plan­ning (Paper 2)

Chris Brown, Azets, intro­duced the intern­al audit review of the Authority’s COVID19 recov­ery arrange­ments and busi­ness con­tinu­ity plan­ning pro­cesses. Chris high­lighted the main out­comes of this review:

• a. The Author­ity had been able to adapt quickly and mobil­ise staff before lock­down was fully implemented.
• b. The Author­ity has engaged with staff reg­u­larly to ensure both oper­a­tion­al issues and staff wel­fare and men­tal health are addressed.
• c. The Author­ity has only par­tially imple­men­ted its Busi­ness Con­tinu­ity Plan­ning (BCP) arrange­ments with a num­ber of key steps still to be completed.
• d. Les­sons learned are not cur­rently all being cap­tured in a single, con­sol­id­ated place to ensure all neces­sary actions are being taken.

11. The Audit & Risk Com­mit­tee dis­cussed the report and made the fol­low­ing comments:

• a. The speed and effect­ive­ness of the staff group put­ting altern­ate BCP arrange­ments in place was recog­nised and welcomed.
• b. The report high­lighted this pos­it­ive response made by the Author­ity to the COVID19 restric­tions to nor­mal work­ing arrange­ments while present­ing very appro­pri­ate and help­ful recom­mend­a­tions for future devel­op­ment of the BCP arrangements.
• c. Vicky Walk­er, Office Ser­vices Man­ager, con­firmed that the recom­mend­a­tions made were recog­nised as actions which needed to be taken and indeed had been planned in early 2020, with the need to imple­ment BCP arrange­ments in March over­tak­ing those plans. The report was there­fore a help­ful state­ment of for­ward dir­ec­tion for work on the fur­ther devel­op­ment of the BCP.

12. The Audit & Risk Committee:

• a. Con­sidered the intern­al auditor’s find­ings on the Cor­por­ate Gov­ernance sys­tems and controls.
• b. Endorsed the man­age­ment responses to recom­mend­a­tions for action raised by the intern­al auditor.

13. Action Point Arising: None.

14. Intern­al Audit Pro­gress Report (Paper 3)

Chris Brown, Azets presen­ted a Paper which presents the Intern­al Audit Pro­gress Report. He high­lighted the fol­low­ing points:

• a) Reviews of Data Man­age­ment and VAT arrange­ments were under­way as planned.
• b) The fol­low up of pri­or audit recom­mend­a­tions, intern­al audit annu­al report and intern­al audit plan for ²⁰²¹⁄₂₂ were all inten­ded for present­a­tion to the next Com­mit­tee meeting.
• c) In con­sulta­tion with man­age­ment, the planned reviews on leg­acy liab­il­it­ies and ICT Strategy had been deferred pending review in plan­ning for the future year’s work as a con­sequence of staff capa­city to sup­port these reviews at this time.

The planned review of out­door access infra­struc­ture had been removed from plans, recog­nising this was not an intern­al audit mat­ter while learn­ing was expec­ted on the same sub­ject areas by man­age­ment in deal­ing with arrange­ments in devel­op­ment for the Peat­land Programme.

15. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

• a) Agreed it was appro­pri­ate to defer some reviews while capa­city was focused on oth­er intern­al priorities.
• b) Agreed the reviews under­way and com­plete retained a good level of cov­er­age for the year.
• c) Noted the ori­gin­al intern­al audit plan had been some­what over-pro­grammed at the start of the year with the expect­a­tion that the num­ber of intern­al audit days would be man­aged down­wards over the course of the year.

16. The Audit & Risk Com­mit­tee noted the recom­mend­a­tions in the report.

17. Draft Extern­al Audit Plan (Paper 4)

John Boyd, Grant Thornton, presen­ted the draft extern­al audit plan for the ²⁰²⁰⁄₂₁ audit. He made the fol­low­ing points:

• a) The plan remained in draft as Audit Scot­land plan­ning guid­ance was only issued in Novem­ber 2020 and their and Grant Thornton’s plan­ning pro­cesses were delayed.
• b) Draft plans had been drawn up in con­sulta­tion with man­age­ment and the Fin­ance Team.
• c) Year-end sub­stant­ive test­ing was planned for June 2021.
• d) Tar­get to report on the audit to the Com­mit­tee is July to August 2021.
• e) The key mater­i­al­ity con­sid­er­a­tions and sig­ni­fic­ant audit risks set out in the report were out­lined and explained to the Committee.

18. The Audit & Risk Com­mit­tee made the fol­low­ing obser­va­tions and comments:

• a) The Chair thanked John and the Grant Thornton team for the report and wel­comed the timetable which still sought to com­plete the annu­al audit pro­cess in a timely man­ner des­pite ongo­ing COV­ID uncertainties.
• b) Noted that work had been under­taken by the Authority’s fin­ance team to digit­ise pro­cesses and audit evid­ence as far as pos­sible to sup­port the audit pro­cess should it con­tin­ue on a remote basis.
• c) Noted the fee for the audit remained to be finalised.

19. The Audit & Risk Com­mit­tee noted the draft report.

20. Action Point Arising:

• a. Final report to be cir­cu­lated when avail­able from Grant Thornton.

21. Frame­work Agree­ment (Paper 4)

Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices, presen­ted the paper out­lining the pro­pos­al to replace the cur­rent Man­age­ment State­ment and Fin­an­cial Memor­andum with a ​“Frame­work Agree­ment” mod­elled on the doc­u­ment presen­ted as pre­pared by Scot­tish Gov­ern­ment Pub­lic Bod­ies Unit. The Dir­ect­or noted this was primar­ily for inform­a­tion at this stage and would be con­sidered fur­ther in due course to estab­lish any amend­ments required to tail­or the doc­u­ment to the Authority’s spe­cif­ic requirements.

22. In dis­cus­sion, the Com­mit­tee the fol­low­ing points were raised:

• a) Noted this would also be con­sidered at the Board ses­sion on governance.
• b) Next step for the Committee’s input would be to con­sider draft amend­ments to the mod­el document.

23. The Audit & Risk Com­mit­tee noted the update.

24. Action Point Arising: None

25. FOISA: Inform­a­tion Commissioner’s Hand­ling of Review (Oral Update)

Dir­ect­or of Cor­por­ate Ser­vices repor­ted on the Inform­a­tion Commissioner’s recent decision on a review escal­ated to the Com­mis­sion­er for decision, fol­low­ing the Authority’s decision that it does not hold the inform­a­tion sought. The Inform­a­tion Com­mis­sion­er had found that the Author­ity had handled the request appropriately.

26. The Audit & Risk Com­mit­tee noted the update.

27. Any Oth­er Business

There were no oth­er items of busi­ness raised.

28. Thanks

The Chair thanked the Com­mit­tee for their con­tri­bu­tion today and exten­ded her thanks to the CNPA Staff and Aud­it­ors teams for the work presen­ted at the meeting.

29. Date of Next Meeting

12 March 2021 at 9:30.