Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

ARC Paper 1.0 Data Manage Cover Paper

CAIRNGORMS NATION­AL PARK AUTHORITY

Audit & Risk Com­mit­tee Paper ?? 03/02/21

CAIRNGORMS NATION­AL PARK AUTHORITY AUDIT & RISK COMMITTEE

FOR DECISION

Title: INTERN­AL AUDIT REVIEW: DATA MANAGEMENT

Pre­pared by: CHRIS BROWN, AZETS STEPHANIE HUMEAZETS

Pur­pose

This paper presents AZETS’ intern­al audit review of the Authority’s sys­tems and con­trols for data management.

Recom­mend­a­tions

The Audit & Risk Com­mit­tee is asked to:

a) Con­sider the intern­al auditor’s find­ings on the Authority’s data man­age­ment sys­tems and con­trols; b) Endorse the man­age­ment responses to recom­mend­a­tions for action raised by the intern­al auditor.

Exec­ut­ive Summary

  1. The Park Authority’s intern­al aud­it­ors, AZETS, have under­taken a review of the Authority’s data man­age­ment sys­tems and con­trols as part of the agreed 202021 intern­al audit plan. The full report of the review is attached at Annex I to this paper.

  2. The report con­siders four areas of con­trol assess­ment, with one of these three areas graded as yel­low”, con­trol object­ive achieved with scope for improve­ment, and two graded as amber”, con­trol object­ive not achieved with con­trols inad­equate or inef­fect­ive. The fourth area has an advis­ory point raised.

  3. Five recom­mend­a­tions for action are raised. Two recom­mend­a­tions are at grade 2, where there is assessed to be mod­er­ate risk expos­ure and con­trols are not work­ing as effect­ively and effi­ciently and may cre­ate mod­er­ate organ­isa­tion­al risk. Three recom­mend­a­tions are assessed as grade 3, sig­ni­fy­ing a high risk of expos­ure through the absence or fail­ure of key controls.

  4. All recom­mend­a­tions have been accep­ted by man­age­ment with responses set out in the report, includ­ing respons­ib­il­it­ies and timetables for imple­ment­ing improve­ment actions. We recog­nise that work planned in the areas of data man­age­ment and file struc­tures have been delayed over the last year of COVID19 busi­ness con­tinu­ity plan­ning arrange­ments. We also recog­nise, as the Com­mit­tee will be aware through our COV­ID Busi­ness Con­tinu­ity Plan risk man­age­ment pro­cesses repor­ted, that under­ly­ing data man­age­ment issues have been exacer­bated dur­ing the exten­ded and ongo­ing peri­od of remote work­ing. Man­age­ment feel this is a help­ful report which assists in struc­tur­ing and pri­or­it­ising our planned data man­age­ment actions over the com­ing period.

Dav­id Camer­on 4 March 2021 davidcameron@​cairngorms.​co.​uk

×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!

Give feedback