Paper 1 Annex 1 Ex annual audit plan 25 26
Cairngorms National Park Authority Ughdarras Pàirc Nàiseanta a’ Mhonaidh Ruaidh
Paper 1 Annex 1 13 March 2026
Paper 1
Annex 1
Annual Audit Plan Cairngorms National Park Authority – Year ending 31 March 2026 March 2026
forvis mazars
forvis mazars
Audit and Risk Committee Cairngorms National Park Authority 14 The Square Grantown-On-Spey PH26 3HG 4 March 2026
Forvis Mazars 100 Queen Street Glasgow G1 3DN
Dear Audit and Risk Committee Members, Annual Audit Plan – Year ending 31 March 2026
I am pleased to present our Annual Audit Plan (“AAP”) for Cairngorms National Park Authority (CNPA) for the year ending 31 March 2026.
This document will be presented at the Audit and Risk Committee meeting on 13 March 2026. If you would like to discuss any matters in more detail, please contact me on 0781 6354 994.
This report provides an overview of the planned scope and timing of our audit, including the significant and enhanced audit risks we have identified. In addition, as it is a fundamental requirement that we are, and are seen to be, independent of the Park Authority this report also summarises our considerations and conclusions on our independence.
Two-way communication with you is key to a successful audit and is important in:
- Reaching a mutual understanding of the scope of our audit and our respective responsibilities,
- Sharing information to assist each of us with fulfilling our respective responsibilities,
- Providing you with constructive observations arising during our audit, and
- Ensuring that we gain an understanding of your attitude and views in respect of the risks facing the Park Authority which may affect our audit, including the likelihood of those risks materialising and how they are monitored and managed.
Forvis Mazars LLP – 100 Queen Street, Glasgow, G1 3DN — Tel: 0141 227 2400 — www.forvismazars.com/uk Forvis Mazars LLP is the UK firm of Forvis Mazars Global, a leading global professional services network. Forvis Mazars LLP is a limited liability partnership registered in England and Wales with registered number OC308299 and with its registered office at 30 Old Bailey, London, EC4M 7AU. Registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales. Details about our audit registration can be viewed at www.auditregister.org.uk under reference number C001139861. VAT number: GB 839 8356 73
forvis mazars
Annual Audit Plan – Year ending 31 March 2026 (continued)
This report, which we have prepared following our initial planning discussions with management, facilitates a discussion with you on our audit approach. We welcome any questions, concerns, or input you may have on our approach.
Providing a high-quality service is extremely important to us and we strive to provide technical excellence with the highest level of service quality, together with continuous improvement to exceed your expectations.
During the meeting, we would be grateful for your views/knowledge on the following specific matters:
- Whether you have identified any other risks (business, laws & regulation, fraud, going concern, etc.) that may result in material misstatements in the financial statements.
- If you are aware of any significant communications between the Park Authority and its regulators.
- If there are any matters that you consider warrant particular attention during our audit and/or any areas where you would like additional procedures to be undertaken.
This report has been prepared in accordance with the responsibilities set out within the Audit Scotland’s Code of Audit Practice (“the Code”) and for the sole benefit of The Audit and Risk Committee. Except where required by law or regulation, it should not be used, quoted or made available to any other parties without our prior written consent.
Yours faithfully,
T.Reid Tom Reid Forvis Mazars LLP
Forvis Mazars LLP – 100 Queen Street, Glasgow, G1 3DN — Tel: 0141 227 2400 — www.forvismazars.com/uk Forvis Mazars LLP is the UK firm of Forvis Mazars Global, a leading global professional services network. Forvis Mazars LLP is a limited liability partnership registered in England and Wales with registered number OC308299 and with its registered office at 30 Old Bailey, London, EC4M 7AU. Registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales. Details about our audit registration can be viewed at www.auditregister.org.uk under reference number C001139861. VAT number: GB 839 8356 73
Contents
01 Engagement and responsibilities summary 02 Your audit engagement team 03 Audit scope, approach and timeline 04 Materiality and misstatements 05 Significant risks and other key judgement areas 06 Wider scope and Best Value 07 Audit fees and other services 08 Confirmation of our independence
Appendix A – Key communication points Appendix B — Current year updates, forthcoming accounting and other issues
This document is to be regarded as confidential to Cairngorms National Park Authority. It has been prepared for the sole use of the Audit and Risk Committee as the appropriate committee charged with governance. No responsibility is accepted to any other person in respect of the whole or part of its contents. Our written consent must first be obtained before this document, or any part of it, is disclosed to a third party.
forvis mazars 4
Executive summary
Audit timeline (page 14)
| Planning and risk assessment | February 2026 |
|---|---|
| Presentation of Annual Audit Plan | 13 March 2026 |
| Interim work | February to March 2026 |
| Fieldwork | July to August 2026 |
| Completion | September to October 2026 |
| Presentation of Annual Audit Report and Independent Auditor’s Report | 2 October 2026 |
Audit risks and other significant matters (pages 21 — 26)
| Risk | Significant risk | Enhanced risk | Risk evolution | Page |
|---|---|---|---|---|
| Management override of controls | • | Ο | = | Page 23 |
| Risk of fraud in income recognition | • | Ο | = | Page 24 |
| Risk of fraud in expenditure recognition | • | Ο | = | Page 25 |
| New finance system | Ο | = | Page 26 |
Fees (page 32)
| Audit fees | £17,400 |
|---|---|
| Non-audit fees | N/A |
| Total fees | £17,400 |
Materiality (pages 17 — 20)
Total Gross Expenditure: £13,989,000
| Materiality | Performance materiality | Reporting threshold |
|---|---|---|
| £279,780 | £195,846 | £8,393 |
Our independence (page 34)
We are independent of the Park Authority in accordance with the ethical requirements that are relevant to our audit in the UK, including the FRC’s Ethical Standard.
forvis mazars 5
01
Engagement and responsibilities summary
Engagement and responsibilities summary
We are appointed to perform the external audit of Cairngorms National Park Authority (CNPA) for the year to 31 March 2026. The scope of our engagement is set out in the Code of Audit Practice, issued by the Auditor General and the Accounts Commission available from the Audit Scotland website: Code of audit practice | Audit Scotland. Our responsibilities are principally derived from the Public Finance and Accountability (Scotland) Act 2000 and the Code of Audit Practice, as outlined below and overleaf.
Audit opinion We are responsible for forming and expressing an opinion on whether the financial statements are prepared, in all material respects, in accordance with applicable law and UK adopted international accounting standards as interpreted and adapted by the 2025⁄26 Government Financial Reporting Manual.
Our audit does not relieve management or the Audit and Risk Committee, as Those Charged With Governance, of their responsibilities.
The Chief Executive and Accountable Officer is responsible for the assessment of CNPA’s ability to continue as a going concern. As auditors, we are required to obtain sufficient, appropriate audit evidence regarding, and conclude on: a) whether a material uncertainty related to going concern exists, and b) the appropriateness of the Chief Executive and Accountable Officer’s use of the going concern basis of accounting in the preparation of the financial statements.
Fraud The responsibility for safeguarding assets and for the prevention and detection of fraud, error, and non-compliance with law or regulations rests with both you and management. This includes establishing and maintaining internal controls over asset protection, compliance with relevant laws and regulations, and the reliability of financial reporting.
As part of our audit procedures in relation to fraud, we are required to inquire of you and key management personnel including internal audit on their knowledge of instances of fraud, and their views on the risks of fraud and on internal controls that mitigate those risks. In accordance with International Standards on Auditing (UK), we plan and perform our audit to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. However, our audit should not be relied upon to identify all such misstatements.
forvis mazars 7
Engagement and responsibilities summary (continued)
Internal control Management is responsible for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. We are responsible for obtaining an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of CNPA’s internal control.
Wider scope and Best Value We are also responsible for reviewing and reporting on the wider scope arrangements that CNPA has in place and its arrangements to secure Best Value. We discuss our approach to wider scope and Best Value work further in the ‘Wider scope and Best Value’ section of this report.
forvis mazars 8
02
Your audit engagement team
Your audit team
Tom Reid Engagement Director Tom.Reid@mazars.co.uk 07816 354 994
Caleb Oguche Engagement Manager Caleb.Oguche@mazars.co.uk 07974 124 504
Gregor Chalmers Team Leader Gregor.Chalmers@mazars.co.uk 07977 570 378
forvis mazars 10
03
Audit scope, approach, and timeline
Audit scope, approach, and timeline (continued)
Audit scope
Our audit approach is designed to provide an audit that complies with all professional requirements.
Our audit of the financial statements will be conducted in accordance with International Standards on Auditing (UK), relevant ethical and professional standards, our own audit methodology, and in accordance with the terms of our engagement. Our work is focused on those aspects of your business which we consider to have a higher risk of material misstatement, such as those impacted by management judgement and estimation, application of new accounting standards, changes of accounting policy, changes to operations, or areas found to contain material errors in the past.
Audit approach
Our audit approach is risk-based, and the nature, extent, and timing of our audit procedures are primarily driven by the areas of the financial statements we consider to be more susceptible to material misstatement. Following our risk assessment where we assess the inherent risk factors (subjectivity, complexity, uncertainty, change and susceptibility to misstatement due to management bias or fraud) to aid in our risk assessment, we develop our audit strategy and design audit procedures to respond to the risks we have identified.
If we conclude that appropriately designed controls are in place, we may plan to test and rely on those controls. If we decide controls are not appropriately designed, or we decide that it would be more efficient to do so, we may take a wholly substantive approach to our audit testing where, in our professional judgement, substantive procedures alone will provide sufficient appropriate audit evidence. Substantive procedures are audit procedures designed to detect material misstatements at the assertion level and comprise tests of detail (of classes of transaction, account balances, and disclosures), and substantive analytical procedures. Irrespective of our assessed risks of material misstatement, which takes account of our evaluation of the operating effectiveness of controls, we are required to design and perform substantive procedures for each material class of transaction, account balance, and disclosure.
Our audit has been planned and will be performed to provide reasonable assurance that the financial statements are free from material misstatement and give a true and fair view. The concept of materiality and how we define a misstatement is explained in the ‘Materiality and misstatements’ section of this report.
The diagram on the next page outlines the procedures we perform at the different stages of our audit. We have also provided, later in this report, a table setting out the procedures we perform for the significant financial statement areas.
Reliance on internal audit
Where possible, we will use the work performed by internal audit when designing the nature, extent, and timing of our audit procedures. We will discuss with internal audit the progress of their work and their findings prior to commencing our controls evaluation procedures.
Where we intend to rely on the work on internal audit, we will evaluate the work performed by them and perform our own procedures to determine the adequacy of that work for our audit.
forvis mazars 12
Audit scope, approach, and timeline (continued)
Management’s and our experts
Management makes use of experts in specific areas when preparing the CNPA’s financial statements. We also use experts to assist us to obtain sufficient appropriate audit evidence on specific items of account.
| Item of account | Management’s expert | Our expert |
|---|---|---|
| Cash Equivalent Transfer Values for senior management team pension benefits disclosed in the Remuneration and Staff Report | Capita | We have identified Deloitte as an auditor’s expert. Deloitte perform an annual review of the approach adopted by Capita in its calculation of CETV pension values. |
Service organisations
International Auditing Standards (UK) (ISAs) define service organisations as third party organisations that provide services to CNPA that are part of its information systems relevant to financial reporting. We are required to obtain an understanding of the services provided by service organisations as well as evaluating the design and implementation of controls over those services.
We are not aware, from our planning procedures and enquiries of management, that CNPA uses any service organisations.
forvis mazars 13
Audit scope, approach, and timeline
Planning and risk assessment February 2026
- Planning our visit and developing our understanding of the entity
- Risk identification and assessment
- Considering proposed accounting policies and accounting treatments
- Developing our audit strategy and planning the audit work to be performed
- Agreeing timetable and deadlines
- Preliminary analytical review
- Determination of materiality
- Undertake planning work for our wider scope and Best Value responsibilities
Interim February to March 2026
- Documenting Key systems and controls
- Performing walkthroughs
- IT general controls testing
- IT application controls testing
- Reassessment of our audit strategy (and revising if necessary)
- Early substantive testing of transactions
- Collate evidence to support our wider scope and Best Value work, including obtaining key documents and confirming our understanding of arrangements in place, including consideration of whether a significant risk exists.
Fieldwork July to August 2026
- Receiving and reviewing the draft financial statements
- Executing our strategy, starting with significant risks and other higher-risk areas
- Use of data analytics for testing journal
- Form a view on the adequacy of CNPA’s arrangements for financial sustainability and in relation to securing Best Value.
Communication Throughout the audit
- Communicating progress and any issues arising
- Clearance meeting(s)
Completion September to October 2026
- Final review of financial statements, and disclosure checklist
- Final engagement director review
- Agreeing the content of the letter of representation
- Preparing our auditor’s report
- Reporting to the Audit and Risk Committee
- Subsequent events procedures
- Signing our auditor’s report
forvis mazars 14
Audit scope, approach, and timeline (continued)
Audit approach for significant financial statement areas
Our audit approach on significant financial statement areas is set out below.
| Financial statement area | Significant risk | Key judgement area or enhanced risk | Testing of controls | Substantive Procedures | Comments |
|---|---|---|---|---|---|
| Operational plan income | Yes | No | No | Yes | See page 24 for details of significant risk |
| Board and staff costs | No | No | No | Yes | Standard risk |
| Operational plan expenditure | Yes | No | No | Yes | See page 25 for details of significant risk |
| Other operating costs | Yes | No | No | Yes | See page 25 for details of significant risk |
| Depreciation, amortisation and impairment charges | No | No | No | Yes | Standard risk |
| Tangible assets | No | No | No | Yes | Standard risk |
| Right of use assets | No | No | No | Yes | Standard risk |
| Intangible assets | No | No | No | Yes | Standard risk |
| Trade and other receivables | No | No | No | Yes | Standard risk |
| Cash and cash equivalents | No | No | No | Yes | Standard risk |
| Trade and other payables | Yes | Yes | No | Yes | See page 25 for details of significant risk |
forvis mazars 15
Audit scope, approach, and timeline (continued)
Audit approach for significant financial statement areas (continued)
Our audit approach on significant financial statement areas is set out below.
| Financial statement area (Disclosures) | Significant risk | Key judgement area or enhanced risk | Testing of controls | Substantive Procedures | Comments |
|---|---|---|---|---|---|
| Statement of Cash Flows | No | No | No | Yes | Standard risk |
| Related party transactions | No | No | No | Yes | Standard risk |
| Capital commitments, contingent assets and contingent liabilities | No | No | No | Yes | Standard risk |
| Performance Report | No | No | No | Yes | Standard risk |
| Governance Statement | No | No | No | Yes | Standard risk |
| Remuneration and Staff Report | No | No | No | Yes | Standard risk |
| Statement of Changes in Taxpayers’ Equity | No | No | No | Yes | Standard risk |
forvis mazars 16
04
Materiality and misstatements
Materiality and misstatements
Definitions
Materiality is an expression of the relative significance or importance of a particular matter in the context of the financial statements as a whole.
Misstatements in the financial statements are considered to be material if they could, individually or in aggregate, reasonably be expected to influence the economic decisions of users based on the financial statements.
Materiality
We determine materiality for the financial statements as a whole (overall materiality) using a benchmark that, in our professional judgement, is most appropriate to the entity. We also determine an amount less than materiality (performance materiality), which is applied when we carry out our audit procedures and is designed to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality. Further, we set a threshold above which all misstatements we identify during our audit (adjusted and unadjusted) will be reported to the Audit and Risk Committee.
Judgements on materiality are made in light of surrounding circumstances and are affected by the size and nature of a misstatement, or a combination of both. Judgements about materiality are based on a consideration of the common financial information needs of users as a group and not on specific individual users.
An assessment of what is material is a matter of professional judgement and is affected by our perception of the financial information needs of the users of the financial statements. In making our assessment we assume that users:
- Have a reasonable knowledge of business, economic activities, and accounts;
- Have a willingness to study the information in the financial statements with reasonable diligence;
- Understand that financial statements are prepared, presented, and audited to levels of materiality;
- Recognise the uncertainties inherent in the measurement of amounts based on the use of estimates, judgement, and consideration of future events; and
- Will make reasonable economic decisions based on the information in the financial statements.
We consider overall materiality and performance materiality while planning and performing our audit based on quantitative and qualitative factors.
When planning our audit, we make judgements about the size of misstatements we consider to be material. This provide a basis for our risk assessment procedures, including identifying and assessing the risks of material misstatement, and determining the nature, timing and extent of our responses to those risks.
The overall materiality and performance materiality that we determine does not necessarily mean that uncorrected misstatements that are below materiality, individually or in aggregate, will be considered immaterial.
We revise materiality as our audit progresses should we become aware of information that would have caused us to determine a different amount had we been aware of that information at the planning stage.
forvis mazars 18
Materiality and misstatements (continued)
Materiality (continued)
We consider that total operating expenditure is the key focus of users of the financial statements. We have therefore determined our initial materiality levels using total operating expenditure as