Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

ARC Paper 1 Annex 1 Internal Audit Annual Report 25-26

Cairngorms Nation­al Park Author­ity Ugh­dar­ras Pàirc Nàiseanta a’ Mhon­aidh Ruaidh

Paper 1 Annex 1 19 June 2026

Paper 1

Annex 1

wbg Cairngorms Nation­al Park Authority

Intern­al Audit 202526 Annu­al Report

May 2026

Table of Contents

Sec­tionPage num­ber
1. Intro­duc­tion3
2. Exec­ut­ive Summary4
3. Audit Findings6
4. Bench­mark­ing9
5. Key Per­form­ance Indicators12

Appen­dices: A. Grad­ing Struc­ture | 13

wbg

2

1. Intro­duc­tion

wbg

The prime respons­ib­il­ity of the Intern­al Audit Ser­vice (IAS) is to provide Cairngorms Nation­al Park Authority’s (the Organ­isa­tion) Audit & Risk Com­mit­tee, and oth­er Seni­or Man­age­ment of the Organ­isa­tion, with an object­ive assess­ment of the adequacy and effect­ive­ness of management’s intern­al con­trol systems.

We con­duct our activ­ity with­in the over­arch­ing frame­work of the Insti­tute of Intern­al Aud­it­ors, includ­ing the Glob­al Intern­al Audit Stand­ards (GIAS) and Top­ic­al Require­ments, and the Applic­a­tion Note regard­ing the adop­tion of GIAS in the UK Pub­lic Sec­tor. The Applic­a­tion Note replaces the Pub­lic Sec­tor Intern­al Audit Stand­ards from 1 April 2025.

In line with these Stand­ards, we have developed a robust qual­ity assur­ance pro­cess to ensure that each of our activ­it­ies and reports are of a high and con­sist­ent standard.

We act­ively seek to improve the ser­vices we deliv­er through a pro­gramme of CPD, train­ing, net­work­ing and engage­ment with intern­al peers, as well as by pilot­ing new ways of working.

We had an extens­ive extern­al assess­ment under­taken against the new Glob­al Intern­al Audit Stand­ards in Novem­ber 2025. The assess­ment was under­taken by the Chartered Insti­tute of Intern­al Aud­it­ors who concluded:

Fol­low­ing an inde­pend­ent review by the Chartered Insti­tute of Intern­al Aud­it­ors in Novem­ber 2025, the Wbg Ser­vices LLP (Wbg) Intern­al Audit Depart­ment is able to report that the design of its intern­al audit approach and meth­od­o­logy is gen­er­ally aligned to the Glob­al Intern­al Audit Stand­ards (GIAS) and, where appro­pri­ate, the Applic­a­tion Note that sits along­side the GIAS for pub­lic sec­tor organisations.

Giv­en Wbg Intern­al Audit Department’s high level of per­form­ance and achieve­ment with the GIAS, we do not make any form­al recom­mend­a­tions to enhance con­form­ance in this report”.

This Annu­al Report should be con­sidered by the Audit & Risk Com­mit­tee pri­or to the Com­mit­tee sub­mit­ting their annu­al report to the Board.

3

2. Exec­ut­ive Summary

wbg

Over­all Opinion

We are sat­is­fied that suf­fi­cient intern­al audit work has been under­taken to allow us to draw a con­clu­sion as to the adequacy and effect­ive­ness of the Organisation’s risk man­age­ment, con­trol and gov­ernance processes.

In our opin­ion, the Organ­isa­tion did have adequate and effect­ive risk man­age­ment, con­trol and gov­ernance pro­cesses to man­age its achieve­ment of the Organisation’s object­ives at the time of our audit work. In our opin­ion, the Organ­isa­tion has prop­er arrange­ments to pro­mote and secure value for money. We note that we provided a weak level of assur­ance regard­ing the Fol­low Up Review which will be fol­lowed up dur­ing the 202627 Intern­al Audit Plan.

Our field­work was car­ried out between Novem­ber 2025 and April 2026, and we have not under­taken any fur­ther intern­al audit assign­ments at the time of this report.

The over­all find­ings and con­clu­sion of each report are high­lighted in Sec­tion 3. As can be seen from the sum­mary in Sec­tion 3 all areas included in the Oper­a­tion­al Plan for 202526 have been completed.

In form­ing our opin­ion, we have car­ried out the fol­low­ing work:

  • A review and apprais­al of fin­an­cial and oth­er con­trols oper­ated by the Organisation;
  • A review of the estab­lished policies and pro­ced­ures adop­ted by the Organisation;
  • An assess­ment of wheth­er or not the intern­al con­trols are reli­able as a basis for pro­du­cing the fin­an­cial accounts;
  • A review of account­ing and oth­er inform­a­tion provided to man­age­ment for decision making;
  • Com­pli­ance and sub­stant­ive audit test­ing where appro­pri­ate; and
  • A review of the Organisation’s pro­ced­ures in place to pro­mote and secure value for money.

The ana­lys­is of per­form­ance indic­at­ors for the intern­al audit work car­ried out in the year is included at Sec­tion 5.

4

2. Exec­ut­ive Sum­mary (con­tin­ued)

wbg

Basis of Opinion

As the Head of Intern­al Audit at the Organ­isa­tion, we are required to provide the Audit & Risk Com­mit­tee with an opin­ion on the adequacy and effect­ive­ness of the Organisation’s risk man­age­ment, con­trol and gov­ernance processes.

In giv­ing our opin­ion, it should be noted that assur­ance can nev­er be abso­lute. The most that we can provide to the Audit & Risk Com­mit­tee is reas­on­able assur­ance that there are no major weak­nesses in the Organisation’s risk man­age­ment, con­trol and gov­ernance processes.

In assess­ing the level of assur­ance giv­en, we have considered:

  • All audits under­taken dur­ing the year ended 31 March 2026 with the excep­tion of the IT Dis­aster Recov­ery review which was under­taken in April 2026;
  • Any fol­low-up action taken in respect of audits from pre­vi­ous periods;
  • Any sig­ni­fic­ant recom­mend­a­tions not accep­ted by man­age­ment and the con­sequent risks;
  • The effects of any sig­ni­fic­ant changes in the Organisation’s object­ives or systems;
  • Mat­ters arising from pre­vi­ous reports to the Audit & Risk Committee;
  • Any lim­it­a­tions which may have been placed on the scope of intern­al audit;
  • The extent to which resource con­straints may impinge on the Head of Intern­al Audit’s abil­ity to meet the full audit needs of the Organisation;
  • What pro­por­tion of the Organisation’s audit need has been covered to date; and
  • The out­comes of our qual­ity assur­ance processes.

5

3. Audit Findings

wbg

Sum­mary of Work Undertaken

The fol­low­ing table sum­mar­ises the audit work under­taken in 202526. The grad­ing struc­ture used in our reports can be found in Appendix A.

AreaPlanned DaysActu­al DaysStatusOver­all Con­clu­sionHigh Pri­or­ity Recom­mend­a­tionsMedi­um Pri­or­ity Recom­mend­a­tionsLow Pri­or­ity Recom­mend­a­tionsAdvis­ory Action Points
Gov­ernance88Com­pleteStrong--2-
New Fin­ance System88Com­pleteSub­stan­tial-1--
Pro­ject Initiation88Com­pleteSub­stan­tial-14-
Fol­low Up Review55Com­pleteWeak18--
Grant Admin­is­tra­tion & Management88Com­pleteStrong--4-
IT Dis­aster Recovery88Com­pleteAdvis­ory---6
Audit Man­age­ment55N/AN/AN/AN/AN/A-
Total5050-110106

6

3. Audit Findings

wbg

HIGH PRI­OR­ITY RECOMMENDATIONS

The fol­low­ing high pri­or­ity recom­mend­a­tions were raised dur­ing the year.

# 4. Benchmarking

wbg

We have set out below in graphical format an analysis of the Benchmarking totals by grade of recommendation made.

## Benchmarking

|     | High | Medium | Low | Total |
| :-- | :--- | :----- | :-- | :---- |
| Average number of recommendations in similar organisations | 1 | 1 | 2 | 2 |
| Recommendations at Cairngorms National Park Authority | 1 | 2 | 2 | 3 |

As demonstrated on the earlier page, the Organisation has a higher number of recommendations in comparison with the organisations it has been benchmarked against.

11