Cairngorms National Park Authority Ughdarras Pàirc Nàiseanta a’ Mhonaidh Ruaidh

Audit and Risk Committee Paper 9 13 March 2026

For decision

Title: Internal audit plan

Prepared by: Cover — Louise Allen, Head of Finance and Corporate Operations Report — Peter Clark, wbg

To present the report on a proposed internal audit plan for 2026 – 27 (Annex 1) prepared by wbg.

The Audit and Risk Committee is asked to:

a) Consider the auditor’s proposal
b) Assess the plan for 2026 – 27 within the context of the strategic risks currently live on the strategic risk registers (main register and Cairngorms 2030 programme register) and consider whether the focus of work meets the Park Authority’s need for assurance.

The programme has been developed from the Audit Needs Assessment prepared by wbg on their appointment in 2025. It has been designed to provide assurance on matters of strategy & governance, operational delivery and the integrity of systems. Table 1 maps the audit plan to the risk registers.
Appendix A of the report provides an overview of the planned audit assignments within the 3‑year audit plan to ²⁰²⁷⁄₂₈. It places the areas chosen for review during the coming year, within the context of the overall audit plan prepared by wbg.

Table 1 — assurance mapping to strategic risk registers

Context	Audit assignment	Associated risks
Strategy & governance	C2030 mid-programme review	2 — Match funding C2030 programme risk register
Operational delivery	Workforce management	3 — gaps in staff skill sets 13 — senior staff involvement in Scottish Government policy 14 — workforce management 18 – workforce flexibility to take advantage of funding opportunities
System function / integrity	Payroll	6 — systems development 9 — robust IT services
System function / integrity	Cyber-security	10 — business continuity

The auditor will present their report and answer any questions raised by the Committee.

Louise Allen louiseallen@cairngorms.co.uk 02 March 2026