Paper1Annex1LEADERReview
Cairngorms National Park Authority — Internal Audit Report: LEADER Review
May 2019
CAIRNGORMS NATIONAL PARK AUTHORITY Audit & Risk Committee Paper I Annex I 06/09/19
BDO
Level of Assurance
| Design | Operational Effectiveness | |
|---|---|---|
| Level of Assurance | Substantial | Substantial |
Contents
- Executive Summary — 3
- Observations — 8
- Appendices:
- I. Staff Interviewed — 9
- II. Definitions — 10
- III. Terms of Reference — 11
Report Status
- Auditors: Mark Foley
- Dates work performed: 29 April 2019 — 03 May 2019
- Draft report issued: 21 May 2019
- Final report issued: 24 May 2019
Distribution List
- David Cameron — Director of Corporate Services
- Audit Committee
Restrictions of use: The matters raised in this report are only those which came to our attention during the course of our audit and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. The report has been prepared solely for the management of the organisation and should not be quoted in whole or in part without our prior written consent. BDO LLP neither owes nor accepts any duty to any third party whether in contract or in tort and shall not be liable, in respect of any loss, damage or expense which is caused by their reliance on this report.
Executive Summary
Level of Assurance (See Appendix II for definitions)
- Design: There is a sound system of internal control designed to achieve system objectives.
- Effectiveness: The controls that are in place are being consistently applied.
Summary of Recommendations (See Appendix II)
- High: ▲
- Medium: ▲
- Low:
- Total number of recommendations: 0
Overview
Background: As part of the 2019 – 20 Internal Audit plan, it was agreed that Internal Audit would assess the processes in place to ensure compliance with the requirements of the Service Level Agreement (SLA) for the Leader Programme. The LEADER programme is a European Union initiative which aims to increase support to local rural community and business networks to build knowledge and skills, and encourage innovation and co-operation in order to tackle local development objectives. LEADER is part of the Scottish Rural Development Programme 2014 – 2020, for which Cairngorms National Park Authority (CNPA) is an Accountable Body. The Service Level Agreement (SLA) between Scottish Government and Accountable Bodies for LEADER Local Action Groups (LAGs) requires an annual internal audit of the functions and services undertaken by each Accountable Body in fulfilment of their role, including an internal audit assessment of the extent of observance by the Accountable Body of the requirements of the SLA. In the case of Cairngorms LEADER, the SLA was signed on 14 August 2015, supplemented by a side letter from the Authority setting out its intention to vary information management elements of the SLA dated 11 September 2015.
The SLA defines the responsibilities and obligations, duties and accountabilities of both the Scottish Government and CNPA as a result of CNPA’s role as Accountable Body and delivery partner in the Scottish Rural Development Programme for the period 2014 – 20. The obligations of CNPA as Accountable Body are categorised into a number of sections on the SLA, including retention of documentation, performance targets, conflicts of interest, gifts and hospitality, data sharing and financial arrangements. Within the financial arrangements, for example, the SLA outlines that CNPA is obliged to make claims for eligible expenditure in accordance with the format set out in relevant guidance within 20 working days of the end of the quarter. However, Scottish Government has issued guidance to Accountable Bodies explaining that drawdowns may be submitted more frequently than quarterly, although there must be at least one drawdown per quarter as per the SLA. CNPA currently submits monthly drawdown claims to Scottish Government.
A technical checklist requires to be completed which assesses all applications on a number of criteria, including strategic fit, return on investment and equality. The inclusion of supporting documents in the application, such as financial statements and cash flow forecasts, is recorded on the checklist, which requires to be approved by the Programme Manager or Chair of the Accountable Body.
A Scoring Sub-Group has been established to review project applications against a defined scoring matrix in advance of Cairngorms Local Action Group (CLAG) meetings. The CLAG is responsible for the oversight of the Local Development Strategy (LDS) and the Business Plan to ensure that LEADER investments are made in accordance with the Business Plan to achieve the outcomes defined in the LDS. The Sub-Group is comprised of five members of the CLAG and is responsible for providing scores to the CLAG in order to form the basis of discussion and funding decisions on project applications. The CLAG holds the final responsibility for determining project scores, either agreeing the scores for each element suggested by the Scoring Sub-Group or agreeing variations from those scores suggested by the Sub-Group. The scores adopted by the CLAG represent the final approved scores for each project.
A project assessment scoring sheet is completed for each application and categorises assessment criteria between Eligibility and Technical criteria. The Eligibility criteria assesses project applications on a number of areas, such as strategic fit and return on investment, and the Technical criteria assesses project applications on areas such as organisational competence and robust delivery plans. Additional guidance is provided on the scoring matrix for the scores which can be awarded for each assessment criteria. For example, a score of ‘0’ for organisational competence represents no evidence being available to support the relevant criteria, whereas a score of ‘3’ represents that the organisation has a well established track record of project delivery in this area.
The LAG Programme Claims Guidance outlines a number of eligibility criteria which must be satisfied by CNPA when submitting a claim to Scottish Government for running costs and animation costs. Running costs can include the following:
- Direct staff costs
- Travel and subsistence
- Office running service costs
- Insurance
- Office running material costs
Animation costs can include the following:
- Publications including newsletters, leaflets and signage
- Events including workshops, networking and conferences
- Stakeholder Engagement
Applicants are required to complete a LEADER Grant Claim and Milestone report when requesting funds from CNPA in relation to project expenditure. Progress against approved milestones is recorded on the report, in addition to narrative detailing the project activities during the reporting period which support the milestone progress. Documents such as bank statements, receipts and timesheets are required to be attached to the form where relevant in order to evidence the expenditure.
The SLA outlines a number of requirements in relation to use of the Scottish Government’s LARC IT system when processing applications. Requirements include the storing of all records, documents and electronic data relating to any projects considered on the system, including scoring sheets, which must be completed, signed and filed on LARC.
Scope and Approach
The scope of our review was to assess whether:
- Efficient, effective and well controlled processes have been developed to ensure compliance with the service level agreement;
- Project and funding applications are considered and scored in accordance with a clearly defined process;
- Applications are approved appropriately and on a timely basis;
- Claims submitted to Scottish Government by CNPA are in line with eligibility criteria;
- Claims submitted to CNPA by applicants are reviewed and approved appropriately prior to payment;
- Grant claim regulations are being complied with; and
- Scottish Government’s LARC IT system is being used effectively in accordance with the SLA.
Our approach was to review key documentation in relation to LEADER and interview key staff to assess whether the design of the controls is appropriate and these controls are operating effectively and as described. As part of our testing, we selected a sample of projects and test that the key controls are operating effectively. We also performed a detailed walkthrough of a formally approved LEADER project from initial application through to the claiming of the grant.
Good Practice
We are pleased to report that efficient, effective and well controlled processes have been developed to ensure compliance with the SLA. Project and funding applications are considered and scored in accordance with the process clearly defined in the technical checklist and scoring sheet. Claims submitted to CNPA by applicants are recorded on a LEADER Grant Claim and Milestone report and are reviewed and approved appropriately prior to payment, in accordance with the Scottish Government’s LEADER Claims Guidance. Our detailed walkthrough of a formally approved LEADER project confirmed that the application had been assessed and approved in accordance with the clearly defined process. The sample testing indicated that the process outlines in the SLA were followed appropriately.
Conclusion
We are able to provide substantial assurance over the design and operational effectiveness of the controls in place to ensure compliance with the requirements of the SLA.
Risks Reviewed Giving Rise to No Findings of a High or Medium Significance
- Efficient, effective and well controlled processes may not have been developed to ensure compliance with the service level agreement.
- Project and funding applications may not be considered and scored in accordance with a clearly defined process.
- Applications may not be approved appropriately and on a timely basis.
- Claims submitted to Scottish Government by CNPA may not be in line with eligibility criteria.
- Claims submitted to CNPA by applicants may not be reviewed and approved appropriately prior to payment.
- Grant claim regulations may not be complied with.
- Scottish Government’s LARC IT system may not be used effectively in accordance with the SLA.
Observations
1. LARC System
Management noted that there has been no changes to the LARC system since the internal audit in 2018 therefore the below observation remains relevant from the prior year. The SLA outlines a number of requirements in relation to use of Scottish Government’s LARC system when processing applications, including the storing of all records, documents and electronic data relating to any projects considered on LARC, including scoring sheets, which should be completed, signed and filed on LARC. Whilst we noted that the system is not being used in accordance with aspects of the SLA (as CNPA LEADER staff are manually assessing and signing all records prior to storing these on LARC), section 4.3 of the SLA states that: “All administrative functions, monitoring checks and case management must be recorded via the Leader Actions in Rural Communities system (LARCs) or equivalent until such time as LARCs is operational”. CNPA outlined limitations of the LARC system to deliver aspects of the programme locally in a letter to the Scottish Government, including that a number of applicants cannot use the system as their own broadband access is limited, and are dependent on the CNPA LEADER team acting on their behalf in uploading documents onto LARCs. Scottish Government is therefore aware of these issues. The Accountable Body Group also prepared a paper in March 2017 which expands on the limitations of LARC and the limitations of the SLA. The limitations discussed by the group include the lack of print and PDF functionality of the system, in addition to the inability of all LAG members to access the system simultaneously when assessing applications at LAG meetings as a result of variable broadband provision at the venues used for meetings. Management believe that, as a result of these limitations, the LARC system is not yet operational and that the Authority therefore is in compliance with section 4.3 of the SLA.
2. Out of Date Milestone and Cash Flow Planner
One approved project has an out-of-date Milestone Planner on file with the first milestone falling due in April 2019. However, some time elapsed between LAG approval and Offer of Grant which meant the first milestones in the application had passed. A new Milestone and Cash flow planner will be agreed with the applicant prior to Letter of Offer. The LEADER manager will create a signed file note confirming the process, confirming that the Accountable Body and LAG were content with the update and will issue the Letter of Offer with the updated cash flow and milestone dates within the offer. If the milestones had not already elapsed, CNPA would have used the Change Request Process to update the project once the Letter of Offer had been issued and accepted. In either case, an up to date Milestone and Cash flow would be in place prior to any claiming process starting.
Appendix I — Staff Interviewed
| Name | Job Title |
|---|---|
| David Cameron | Director of Corporate Services |
| Bridget Trussell | LEADER Programme Manager |
| Daniel Ralph | Finance Manager |
| Kirsty MacKenzie | Project Development & Support Officer |
BDO LLP appreciates the time provided by all the individuals involved in this review and would like to thank them for their assistance and cooperation.
Appendix II — Definitions
Design of Internal Control Framework
| Level of Assurance | Findings from review | Design Opinion |
|---|---|---|
| Substantial | Appropriate procedures and controls in place to mitigate key risks. | There is a sound system of internal control designed to achieve system objectives. |
| Moderate | In the main there are appropriate procedures and controls in place to mitigate the key risks reviewed albeit with some that are not fully effective. | Generally a sound system of internal control designed to achieve system objectives with some exceptions. |
| Limited | A number of significant gaps identified in the procedures and controls in key areas. Where practical, efforts should be made to address in-year. | System of internal controls is weakened with system objectives at risk of not being achieved. |
| No | For all risk areas there are significant gaps in the procedures and controls. Failure to address in-year affects the quality of the organisation’s overall internal control framework. | Poor system of internal control. |
Operational Effectiveness of Internal Controls
| Findings from review | Effectiveness Opinion |
|---|---|
| No, or only minor, exceptions found in testing of the procedures and controls. | The controls that are in place are being consistently applied. |
| A small number of exceptions found in testing of the procedures and controls. | Evidence of non-compliance with some controls, that may put some of the system objectives at risk. |
| A number of reoccurring exceptions found in testing of the procedures and controls. Where practical, efforts should be made to address in-year. | Non-compliance with key procedures and controls places the system objectives at risk. |
| Due to absence of effective controls and procedures, no reliance can be placed on their operation. Failure to address in-year affects the quality of the organisation’s overall internal control framework. | Non-compliance and/or compliance with inadequate controls. |
Recommendation Significance
- High: A weakness where there is substantial risk of loss, fraud, impropriety, poor value for money, or failure to achieve organisational objectives. Such risk could lead to an adverse impact on the business. Remedial action must be taken urgently.
- Medium: A weakness in control which, although not fundamental, relates to shortcomings which expose individual business systems to a less immediate level of threatening risk or poor value for money. Such a risk could impact on operational objectives and should be of concern to senior management and requires prompt specific action.
- Low: Areas that individually have no significant impact, but where management would benefit from improved controls and/or have the opportunity to achieve greater effectiveness and/or efficiency.
Appendix III — Terms of Reference
Background
The Service Level Agreement (SLA) between Scottish Government and Accountable Bodies for LEADER Local Action Groups (LAGs) requires an annual internal audit of the functions and services undertaken by each Accountable Body (AB) in fulfilment of their role, including an internal audit assessment of the extent of observance by the Accountable Body of the requirements of the SLA. In the case of Cairngorms LEADER, the SLA was signed on 14 August 2015, supplemented by a side letter setting out its intention to vary information management elements of the SLA dated 11 September 2015. Cairngorms National Park Authority (CNPA) has subsequently outlined its views of the limitations of the LEADER LARCS IT system to deliver aspects of the programme locally in a letter to the Scottish Government. The Accountable Body Group has also prepared a paper which expands on the limitations of LARCS and the limitations of the SLA.
Purpose of Review
The purpose of this review is to provide management and the Audit Committee with a level of assurance that CNPA is maintaining effective processes and is complying with the requirements of the service level agreement.
Key Risks
Based upon the risk assessment undertaken during the development of the internal audit operational plan, through discussions with management, and our collective audit knowledge and understanding the key risks associated with the area under review are:
- Efficient, effective and well controlled processes may not have been developed to ensure compliance with the service level agreement;
- Project and funding applications may not be considered and scored in accordance with a clearly defined process;
- Applications may not be approved appropriately and on a timely basis;
- Claims submitted to Scottish Government by CNPA may not be in line with eligibility criteria;
- Claims submitted to CNPA by applicants may not be reviewed and approved appropriately prior to payment;
- Grant claim regulations may not be complied with; and
- Scottish Government’s LARC IT system may not be used effectively in accordance with the SLA.
(Page 13 contains BDO LLP contact information and is omitted here for brevity.)