Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

Draft ARC Minute 14 Nov 2025

Cairngorms Nation­al Park Author­ity Ugh­dar­ras Pàirc Nàiseanta a’ Mhon­aidh Ruaidh 14 Novem­ber 2025 Page 1 of 7

Draft minutes of the Audit and Risk Com­mit­tee meeting

Held at Cairngorms Nation­al Park Author­ity office, Grant­own-on-Spey Hybrid 14 Novem­ber 2025 at 9.00am

Present

Paul Gibb Ian McLar­en Bill Lob­ban Duncan Miller

Vir­tu­al

Fiona McLean (Chair) Geva Black­ett Grant Moir, Chief Exec­ut­ive Officer Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO Tom Reid, Maz­ars Paul Dav­is­on, Inform­a­tion Manager

In attend­ance

Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions Mari­aan Pita, Exec­ut­ive Sup­port Man­ager Alix Hark­ness, Clerk to the Board

Apo­lo­gies

Peter Clark, wbg Gra­ham Gillespie, wbg

Page 2 of 7

Wel­come and apologies

  1. Fiona McLean, Chair of the Audit and Risk Com­mit­tee, wel­comed every­one to the meet­ing. Apo­lo­gies were noted.
  2. The Chair wel­comed Ian McLar­en on board the Audit and Risk Committee.

Approv­al of minutes of pre­vi­ous meetings

  1. The draft minutes of the pre­vi­ous Audit and Risk Com­mit­tee meet­ing held on 12 Septem­ber 2025 were approved with no amendments.

Mat­ters arising not covered elsewhere

  1. In fol­low­ing up the action to estab­lish the time taken in hand­ling Free­dom of Inform­a­tion (FOISA) requests, Dav­id Camer­on, Deputy Chief Exec­ut­ive, explained that the Park Author­ity does not require staff to log time spent on spe­cif­ic tasks. As such, FOISA hand­ling does not record indi­vidu­al staff time, or which teams handle FOISA requests. As any estim­ate of time spent is likely to vary widely, a cost estim­ate has nev­er been cal­cu­lated, and track­ing this would be too com­plex so data for cost of hand­ling FOISA requests is not avail­able. Dav­id con­firmed that the Park Author­ity had nev­er sought to make a charge for FOISA hand­ling, where the costs of respond­ing to a com­plaint may be con­sidered high. Com­mit­tee mem­bers were con­tent that no fur­ther action was required on this matter.
RefAction DetailWhoWhenStatus
27/09/24At para 20iDav­id and StephanieAt the end of the 2425 fin­an­cial year.Ongo­ing Man­age­ment to report back to Com­mit­tee to give assurance
i. Update on intern­al audit view on fin­an­cial scen­ario plan­ning to be provided to the Audit and Risk Committee
Update:Grant and Dav­id have been work­ing on it over the sum­mer; more work to be done before can be brought to the Committee.
20/06/25At Para 29PaulFor the next update to CommitteeClosed — staff time taken not recor­ded as it goes out
inform­a­tion request to be cap­tured and included in the next report.Novem­ber meetingto teams. Nev­er reached a point where had to charge because of time/​scale. Com­mit­tee con­tent with this explan­a­tion and agreed to close this action.
ii. Each request to include a little bit of detail to help identi­fy emer­ging themes.Closed included in today’s agenda (Paper 2)

Page 3 of 7

Declar­a­tions of interest

  1. There were no declar­a­tions of interest.

Elec­tion of Deputy Chair of Audit and Risk Com­mit­tee (Oral)

  1. Dav­id Camer­on, Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO, intro­duced the item, invit­ing nom­in­a­tions for Deputy Chair of the Audit and Risk Com­mit­tee to come for­ward from com­mit­tee members.
  2. The Chair nom­in­ated Ian McLar­en as Deputy Chair. Paul Gibb and Geva Black­ett seconded the nomination.
  3. The Com­mit­tee voted Ian McLar­en as Deputy Chair of the Audit and Risk Com­mit­tee to start imme­di­ately for a peri­od of three years.

Page 4 of 7

  1. Action Points Arising: None.

Stra­tegic Risk Registers (Paper 1)

  1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted the Park Authority’s stra­tegic risk man­age­ment position.

  2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and obser­va­tions: a. A mem­ber com­men­ted on an instance of repu­ta­tion­al risk arising from a pro­ject to real­loc­ate a bus stop in Bal­later. To secure Sus­trans fund­ing, the pro­ject must be presen­ted as devel­op­ment of a trans­port hub and include addi­tion­al fea­tures. This is caus­ing the com­munity frus­tra­tion and cre­at­ing poten­tial repu­ta­tion­al con­cerns for the Park Author­ity. The CEO advised that he would gath­er more inform­a­tion on this mat­ter and get back to the Mem­ber. The Deputy Chief Exec­ut­ive also noted that the stra­tegic risk register included a stra­tegic risk around repu­ta­tion­al dam­age arising from pro­ject and part­ner actions, with mit­ig­a­tion in place. b. With regards to the cor­por­ate risk register, the item describ­ing the need for devel­op­ment of a busi­ness con­tinu­ity plan remained stat­ic at red. The com­mit­tee asked what pro­gress was being made and wheth­er con­sult­ants will be used. Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO repor­ted that work had not yet star­ted; the plan is to ini­ti­ate the pro­cess over the winter by con­tract­ing con­sult­ants to carry out a busi­ness con­tinu­ity review and cre­ate a busi­ness con­tinu­ity plan tem­plate. c. On the C2030 risk register com­ment was made that it was good to see mit­ig­a­tion for the act­ive travel strand and that coun­cil staff are sit­ting on the pro­ject board.

  3. The Audit and Risk Com­mit­tee agreed to the recom­mend­a­tions: a. Con­sidered the cov­er­age and adequacy of the Park Authority’s stra­tegic risk man­age­ment pos­i­tion and advise on any gaps or amend­ments required to the cur­rent stra­tegic risk register. b. Con­sidered the cov­er­age and adequacy of the Cairngorms 2030 pro­gramme risk man­age­ment pos­i­tion and advise on any gaps or amend­ments required to the cur­rent pro­gramme risk register.

Page 5 of 7

Action Point Arising: None.

Inform­a­tion requests and com­plaints update (Paper 2)

  1. Paul Dav­is­on, Inform­a­tion Man­ager presen­ted the paper which provides an update on the num­ber of inform­a­tion requests, and key per­form­ance meas­ures in meet­ing them, under Free­dom of Inform­a­tion (Scot­land) Act (FOISA)/ Envir­on­ment­al Inform­a­tion (Scot­land) Reg­u­la­tions (EIR) and data pro­tec­tion arrange­ments, provid­ing an update for the first half of fin­an­cial year 202526. The paper also describes num­bers and out­comes of form­al com­plaints to the Park Authority.

  2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ment: a. The Chair advised that she really appre­ci­ated the break­down and had found it very help­ful. b. Mem­bers wel­comed the wealth of inform­a­tion provided and thanked Paul for the pro­vi­sion of the addi­tion­al inform­a­tion on the nature of the request to help under­stand the areas of interest to requesters.

  3. The Audit and Risk Com­mit­tee noted the paper and agreed to the recom­mend­a­tions: a. Note activ­ity in this area and Park Author­ity per­form­ance, b. Com­ment on breadth and depth of report­ing for future updates.

  4. Action Points Arising: None.

Geo­graph­ic­al dis­tri­bu­tion of con­tracts awar­ded (Paper 3)

  1. Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions presen­ted the paper which provides inform­a­tion on pro­cure­ment activ­ity over the year ended 31 Octo­ber 2025, and in par­tic­u­lar the loc­a­tion of sup­pli­ers who were suc­cess­ful in con­tract­ing with the Park Author­ity. The paper was pre­pared in response to a ques­tion raised by a mem­ber of the Committee.

  2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and observations:

Page 6 of 7

a.  The Chair passed her thanks on behalf of the Committee to Mikko Saari, Procurement Manager for preparing the paper.
b.  A member asked if there was a clause in our invitations to tender that states preference will be given to local companies. Head of Finance and Corporate Operations confirmed that there was not, as it would be deemed as discriminatory and would put the Park Authority in breach of the regulatory requirements.
c.  With regards to the larger contracts awarded, a member asked why larger firms tended to secure the awards. CEO explained that for certain contracts in certain areas local companies don't have the capacity or right skillset.
d.  There was discussion around whether it would be possible to stipulate that some of the larger national companies who are awarded contracts within the National Park, have to use local people to help boost the impact on the local economy. The Head of Finance and Corporate Operations cautioned that while the Local Authority may use this approach successfully, the opportunities for the Park Authority to do this are limited by the relatively small size of our contract awards.

  1. The Audit and Risk Com­mit­tee noted the inform­a­tion provided and com­men­ted on the suit­ab­il­ity of report­ing for their needs.

  2. Action Points Arising: None.

Draft Audit and Risk Com­mit­tee annu­al report (Paper 4)

  1. Dav­id Camer­on, Deputy CEO presen­ted the draft Audit and Risk Com­mit­tee report for con­sid­er­a­tion pri­or to sub­mis­sion to the Board.

  2. The Audit and Risk Com­mit­tee dis­cussed the report and made the fol­low­ing com­ments and obser­va­tions: a. Chair thanked staff for draft­ing the report. b. Chair high­lighted parts of the report that she took com­fort in as it demon­strates the work of the Com­mit­tee the past year. c. Chair said it had been a test­ing year and thanked the Dir­ect­or of Cor­por­ate Ser­vices and Head of Cor­por­ate Oper­a­tions for their hard work and dedication.

Page 7 of 7

  1. The Audit and Risk Com­mit­tee con­sidered the report and agreed it being cir­cu­lated to the Board.

  2. Action Points Arising: None.

AOCB

  1. A mem­ber com­men­ted with regards to what was hap­pen­ing in Bal­later, the risk is where we are work­ing with part­ners, their cri­ter­ia is hard to achieve, the con­cern was dir­ec­ted to the Board mem­ber as a Park Author­ity part­ner. Dir­ect­or of Cor­por­ate Ser­vices and Deputy CEO agreed and advised that it encap­su­lates one of the risks on the risk register, of repu­ta­tion­al expos­ure to part­ner­ship activ­ity and our mit­ig­a­tion of focused work to pre­vent pro­jects failing.

  2. Motion to take the next items in con­fid­en­tial session.

Date of Next Meeting

  1. The date of the next meet­ing is 13 March 2026 in person.

  2. The pub­lic part of the meet­ing con­cluded at 9.34 am

RefAction DetailWhoWhenStatus
27/09/24At para 20iDav­id and StephanieAt the end of the 2425 fin­an­cial year.Ongo­ing Man­age­ment to report back to Com­mit­tee to give assurance
iii. Update on intern­al audit view on fin­an­cial scen­ario plan­ning to be provided to the Audit and Risk Committee
Update:Grant and Dav­id have been work­ing on it over the sum­mer; more work to be done before can be brought to the Committee.