Paper 2 - Cover Internal Audit Annual Report

Audit and Risk Com­mit­tee Paper 2 20 June 2025 Page 1 of 2

For decision

Title: Intern­al Audit Annu­al Report ²⁰²⁴⁄₂₅ Pre­pared by: Cov­er paper-Louise Allen, Head of Fin­ance and Cor­por­ate Oper­a­tions Paper: Eliza­beth Young, Chief Intern­al Auditor

Pur­pose This paper sum­mar­ises the con­clu­sions and key find­ings from the intern­al audit work under­taken at Cairngorms Nation­al Park Author­ity dur­ing the year ended 31 March 2025, includ­ing the Intern­al Auditor’s over­all opin­ion on Cairngorms Nation­al Park Authority’s intern­al con­trol system.

Recom­mend­a­tions The Audit and Risk Com­mit­tee is asked to: a) Con­sider the Intern­al Auditor’s annu­al report for 2024 – 25. b) Note the Intern­al Audit annu­al opin­ion as set out in page 4 of the report and endorse the inclu­sion of that opin­ion with­in the Gov­ernance State­ment for 2024 – 25.

Exec­ut­ive Summary

1. As the Intern­al Aud­it­or of the Cairngorms Nation­al Park Author­ity, Azets are required to provide the Audit and Risk Com­mit­tee annu­ally with assur­ance on the whole sys­tem of intern­al con­trol. Azets’ Intern­al Audit Annu­al Report for 2024 – 25 includes their over­all opin­ion that:

In our opin­ion, CNPA has a frame­work of gov­ernance, risk man­age­ment and con­trols that provides reas­on­able assur­ance regard­ing the effect­ive and effi­cient achieve­ment of objectives.

1. The Intern­al Auditor’s opin­ion is typ­ic­ally included as part of the Gov­ernance State­ment, form­ing part of the Park Authority’s Annu­al Report and Accounts. The draft Gov­ernance State­ment was con­sidered by the Com­mit­tee at its meet­ing on 21 March 2025. The Com­mit­tee is asked to endorse the inclu­sion of the Intern­al Auditor’s opin­ion as part of the Gov­ernance Statement.
2. The full Intern­al Audit Annu­al Report provid­ing wider con­text on this over­all intern­al audit opin­ion is provided as an Annex to this paper.

Audit and Risk Com­mit­tee Paper 2 20 June 2025 Page 2 of 2

1. The report makes ref­er­ence to the planned work on Cyber Secur­ity, which was delayed at the Park Authority’s request. At the time the audit would have com­menced, the IT team were in the final stages of work­ing towards the Cyber Secur­ity+ accred­it­a­tion. It was agreed that the audit would be more effect­ive once the work to achieve accred­it­a­tion had been com­pleted. A review of cyber secur­ity has been included in the intern­al audit plan for 2025 – 26.

Con­clu­sion The aud­it­or will present their report and answer any ques­tions raised by the Committee.

Louise Allen louiseallen@​cairngorms.​co.​uk 11 June 2025