WARNING - By their nature, text files cannot include scanned images and tables. The process of converting documents to text only, can cause formatting changes and misinterpretation of the contents can sometimes result. Wherever possible you should refer to the pdf version of this document. FRONT PAGE Cairngorms National Park Authority Annual Audit Plan 2008/09 - DRAFT PAGE 1 Contents Summary plan 1 Summary of planned audit activity 1 Introduction 1 Our responsibilities 1 Our approach 2 Responsibility for the preparation of accounts3 Format of the accounts 3 Audit issues and risks 4 Materiality 5 Reporting arrangements 6 Quality control 7 Fees and resources 7 Independence and objectivity 8 Appendix A 9 Summary assurance plan 9 Appendix B 12 Financial statements audit timetable 12 Appendix C 13 Audit team 13 Appendix D 14 Reliance on internal audit 14 Appendix E 15 Independence and Objectivity 15 PAGE 2 Summary plan Summary of planned audit activity Based on our analysis of the risks facing Cairngorms National Park Authority our planned work in 2008/09 includes: • an audit of the financial statements and provision of an opinion on whether: -they give a true and fair view of the state of affairs of Cairngorms National Park Authority -the income and expenditure for the year were incurred or applied in accordance with applicable enactments and guidance issued by Scottish Ministers -the accounts have been properly prepared in accordance with the National Parks (Scotland) Act 2000 and directions made by Scottish Ministers • a review and assessment of Cairngorms National Park Authority’s governance and performance arrangements in a number of key areas including the adequacy of internal audit • review of restatement of 2008 opening balances, based on IFRS. Introduction 1. Our audit is focused on the identification and assessment of the key challenges and risks to Cairngorms National Park Authority (CNPA) in achieving its business objectives. We also assess the risk of material misstatement or irregularity in CNPA financial statements. This report summarises the key challenges and risks facing CNPA and sets out the audit work that we propose to undertake in 2008/09. Our plan reflects: • the risks and priorities facing CNPA • current national risks relevant to local circumstances • the impact of changing international auditing and accounting standards • our responsibilities under the Code of Audit Practice as approved by the Auditor General for Scotland • issues brought forward from previous audit reports. Our responsibilities 2. Our responsibilities, as independent auditor, are established by the Public Finance and Accountability (Scotland) Act 2000 and the Code of Audit Practice approved by the Auditor General for Scotland, and guided by the auditing profession’s ethical guidance. PAGE 2 3. Audit in the public sector goes beyond simply providing assurance on the financial statements and the organisation’s internal control environment. We are also required to provide a view on performance, regularity and the organisation’s use of resources. In doing this, we aim to support improvement and accountability. 4. In carrying out our audit, we seek to gain assurance that CNPA: • has good corporate governance arrangements in place which reflect the three fundamental principles of openness, integrity and accountability • has systems of recording and processing transactions which provides a sound basis for the preparation of financial statements and the effective management of its assets and interests • prepares financial statements which are true and fair and in accordance with the National Parks (Scotland) Act 2000, the Financial Reporting Manual (FReM) and directions from Scottish Ministers • has systems of internal control which provide an adequate means of preventing or detecting material misstatement, error, fraud or corruption • complies with established policies, procedures, laws and regulations • has made proper arrangements for securing best value in its use of resources. Our approach 5. Our audit approach is based on an understanding of the characteristics, responsibilities and principal activities, risks and governance arrangements of CNPA, and identification of the key audit risks and challenges in the central government sector generally. This approach includes: • understanding the business of CNPA and the risk exposure which could impact on the financial statements • assessing the key systems of internal control, and considering how risks in these systems could impact on the financial statements • identifying major transaction streams, balances and areas of estimation, understanding how CNPA will include these in the financial statements and developing procedures to audit these • assessing the risk of material misstatement in the financial statements, in conjunction with our evaluation of inherent risk, the control environment and control risk as part of our risk assessment • determining the nature, timing and extent of our testing programme to provide us with sufficient appropriate audit evidence as to whether the financial statements are free of material misstatement. 6. Through this approach we have also considered and documented the sources of assurance which will make best use of our resources and allow us to focus testing on higher risk areas during the audit of the financial statements. The main areas of assurance for the audit come from planned management PAGE 3 action and reliance on systems of internal control. Management action being relied on for 2008/09 includes: • comprehensive closedown procedures for the financial statements accompanied by a timetable issued to all relevant staff • clear responsibilities for provision of accounts and working papers being agreed • delivery of unaudited accounts and schedules to agreed timescales with a comprehensive working papers package • completion of the internal audit programme for 2008/09. 7. Auditing standards require internal and external auditors to work closely together to make optimal use of available audit resources. We seek to rely on the work of internal audit wherever possible and, as part of our planning process we carry out an early assessment of the internal audit function. Internal audit is provided by Deloitte & Touche LLP. Based on our review of internal audit we plan to place formal reliance on the areas of work set out in Appendix D. 8. At the completion of the audit we will provide the Chief Executive with an annual report on the audit containing observations and recommendations on significant matters which have arisen in the course of the audit. Responsibility for the preparation of accounts 9. It is the responsibility of CNPA and the Chief Executive as Accountable Officer (appointed by Scottish Ministers), to prepare the financial statements in accordance with the Public Finance and Accountability (Scotland) Act 2000 and Directions signed by Scottish Ministers. This means: • acting within the law and ensuring the regularity of transactions by putting in place systems of internal control to ensure that financial transactions are in accordance with the appropriate authority • maintaining proper accounting records • preparing financial statements timeously which give a true and fair view of the financial position of CNPA as at 31 March 2009 and its expenditure and income for the year then ended • preparing an annual report, including management commentary and remuneration report. Format of the accounts 10. The financial statements should be prepared in accordance with the FReM and Directions signed by Scottish Ministers. The FReM sets out the principles applicable to the accounting and disclosure requirements for the annual report and accounts which bodies covered by resource accounting are required to prepare annually. International Financial Reporting Standards (IFRS) PAGE 4 11. As part of the UK Budget 2007, the Chancellor announced that the timetable for IFRS implementation As part of the UK Budget 2007, the Chancellor announced that the timetable for IFRS implementation was to be extended by a year. This means central government and health accounts in Scotland have to become IFRS compliant with effect from the 2009/10 financial year. The Scottish Government have notified central government bodies that they will be required to produce shadow IFRS based accounts for the financial year 2008/09, which must include a restated balance sheet as at 1 April 2008. A detailed timetable and list of requirements has been issued by the Scottish Government. 12. Our role, as part of the 2008/09 audit activity, is to carry out a review of the restated balance sheet as at 1 April 2008. As part of this review we will: • review and report on the arrangements that the organisation has made to manage the transition, including training and timetable • provide early commentary on proposed changes to accounting polices • review proposed accounting entries and the restated 1 April 2008 opening balance sheet. Audit issues and risks 13. Based on our discussions with staff, consideration of your own risk management arrangements and a review of supporting information, we identified the main risk areas for your organisation: • performance • governance and internal control. 14. Within these identified risk areas there is a range of more specific risks and these are summarised at Appendix A. In most cases, actions to manage these risks are either planned or already underway within the organisation. Details of the sources of assurance that we have received for each of these risks and any audit work we plan to undertake is also set out in Appendix A. In the period prior to the submission of the unaudited financial statements, we will liaise with senior officers on any new or emerging issues. Efficient government 15. Budgets for 2008/09 and the immediate future will need to be managed within a tighter funding regime. This includes significantly less scope for the application of end of year flexibility for the Government with HM Treasury until the next Spending Review; no option to transfer funds from capital to revenue; and the impact of the introduction of International Financial Reporting Standards (IFRS), particularly on PFI, leases and infrastructure accounting. As part of our audit we will examine the prioritising of spending, the identification of efficiencies and future commitments and the delivery of key targets and objectives. We will again focus on the robustness of reported efficiency gains and the impact on service quality in the light of the commitment for 2% savings during the year. PAGE 15 Best value 16. Best Value (BV) duties apply across the public sector. In central government, all Accountable Officers have a duty to achieve BV. Audit Scotland has adopted a generic framework to the audit of BV across all public bodies based on the key principles of flexibility and proportionality; alignment and integration with our existing activities; being delivered within our existing resources, and with an evolutionary implementation. 17. Our approach to BV continues to develop as the environment in which we operate changes, including the Crerar Review, outcome agreements and Scotland Performs. However we are committed to ensuring that BV auditing across the public sector adds value to existing arrangements, is proportionate and risk-based. Specifically we aim to: • report on the delivery of outcomes for people who use services; • protect taxpayers’ interests by examining use of resources; • put an increasing emphasis on self assessment by public bodies with audit support and validation; and • work collaboratively with other inspectorate bodies to ensure our work is aligned and prevent duplication. 18. Currently we are concentrating on the development of Use of Resources audit toolkits, focusing initially on Financial Management, Efficiency, and Information Management. These toolkits are being piloted in a sample of NHS and central government clients during 2008/09 with a wider roll out planned for 2009/10. Developed toolkits will also be made available to public bodies to consider self assessment. Performance audit 19. In addition to the above work, Audit Scotland’s Public Reporting Group undertake a programme of studies on behalf of the Auditor General and Accounts Commission. The Group is currently finalising their forward work programme for approval by the Auditor General. We will notify the Audit and Risk Management Committee of any areas which will impact on SNH in due course. Materiality 20. We consider materiality and its relationship with audit risk when planning the nature, timing and extent of our audit and conducting our audit programme. Specifically with regard to the financial statements, we assess the materiality of uncorrected misstatements, both individually and collectively. 21. International Standard on Auditing 320 states that, “information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. Materiality depends on the size of item or error judged in the particular circumstances of its omissions or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative characteristic which information must have if it is to be useful.” PAGE 6 22. When considering, in the context of a possible qualification, whether the misstatement of an item, or a When considering, in the context of a possible qualification, whether the misstatement of an item, or a number of items taken together, is material in terms of its monetary value, we use professional judgement, experience and internal guidelines from peers as broad guidance in regard to considering whether the results of tests of detail are material. 23. An item may be judged material for reasons other than its monetary or quantitative value. An inaccuracy, which would not normally be regarded as material by amount, may be important for other reasons. When such an item affects a critical point in the accounts, its materiality has to be viewed in a narrower context (for example the failure to achieve a statutory requirement, an item contrary to law, or areas affected by central government control). Again we use professional judgement, experience and internal guidelines from peers to determine when such matters would fall to be covered in an explanatory paragraph, rather than as a qualification to the audit opinion. Reporting arrangements 24. Under the Public Finance and Accountability (Scotland) 2000 Act, there is a requirement for the Resource account of the Scottish Government to be presented to Parliament within nine months of the financial year-end i.e. 31 December. CNPA is required to have their audited financial statements submitted to meet the consolidation timetable. 25. As the accounts have to be signed by the relevant officers and by the appointed auditor, Stephen O’Hagan – Senior Audit Manager, prior to submission, it is critical that a timetable is agreed with us for the production of the unaudited accounts. An agreed timetable is included at Appendix B of this plan, which takes account of submission requirements, proposed audit committee dates and audit resources. 26. Matters arising from our audit will be reported on a timely basis and will include agreed action plans. Draft management reports will be issued to the Head of Corporate Services Group and relevant manager to confirm factual accuracy. Responses to draft reports are expected within four weeks of submission. 27. A copy of all final agreed reports will be sent to the Chief Executive, Head of Corporate Services Group, relevant manager, Internal Audit and Audit Scotland’s Public Reporting Group. 28. We will provide an independent auditor’s report to CNPA and the Auditor General that the audit of the financial statements has been completed in accordance with applicable statutory requirements, including an opinion on those financial statements. An annual report to CNPA will also be produced to summarise all significant matters arising from the audit and overall conclusions about CNPA management of key risks. 29. All annual reports produced by Audit Scotland are published on our website: (www.auditscotland. gov.uk). PAGE 7 30. The full range of outputs to be delivered by the audit team are summarised below: Planned outputs / Target delivery date Governance Internal audit reliance 24 December 2008 Internal controls management letter 28 March 2009 Financial statements Financial statements management letter 1 June 2009 Report to Audit Committee in terms of ISA 260 (Communication of audit matters to those charged with governance) 15 June 2009 Independent auditor’s report on the financial statements 17 July 2009 Annual report to the Accountable Officer and the Auditor General for Scotland/Members and the Controller of Audit 31 July 2009 Quality control 31. We are committed to ensuring that our audit reflects best practice and demonstrates best value to CNPA and the Auditor General for Scotland. We operate a strong quality control framework that seeks to ensure that your organisation receives a high quality service. The framework is embedded in our organisational structures and processes and includes an engagement lead for every client; in your case this is Lorna Meahan, who is responsible for ensuring that our work is carried out on time and to a high quality standard. 32. As part of our commitment to quality and continuous improvement, we may periodically seek your views. We would be grateful for any feedback on our services. Fees and resources 33. Our proposed fee for the 2008/09 audit of CNPA is £11,300 comprising a local audit fee of £10,100 and a fixed charge of £1,200. Our fee covers: • all of the work and outputs described in this plan, including the considerable work to review 2008 IFRS restated balance sheet • a contribution towards the costs of national performance studies and statutory reports by the Auditor General • attendance at the audit committee • access to advice and information on relevant audit issues • access to workshops/seminars on topical issues • travel and subsistence costs. PAGE 8 34. In determining the agreed fee we have taken account of the risk exposure of CNPA, the management the management assurances in place, and the level of reliance we plan to take from the work of internal audit. We have assumed receipt of the draft accounts and working papers by 8 May 2009. If the draft accounts and papers are late, agreed management assurances are unavailable, or planned internal audit reliance is not achieved, we reserve the right to charge an additional fee for further audit work. 35. An additional fee will be required in relation to any work or other significant exercises not within our planned audit activity. An additional fee will also be charged for work on any grant claims or returns not included in the planned outputs noted previously. 36. Stephen O’Hagan, Senior Audit Manager, is your appointed auditor. The local audit team will be led by Alison Macdonald] who will be responsible for the day to day management of the audit and who will be your primary contact. Details of the experience/skills of our team are provided at Appendix C. The core audit team will call on other specialist and support staff, as necessary. Independence and objectivity 37. Auditing and ethical standards require the appointed auditor to communicate any relationships that may affect the independence and objectivity of audit staff. We are not aware of any such relationships within the audit team. 38. We comply with ethical standards issued by the Auditing Practices Board and with Audit Scotland’s requirements in respect of independence and objectivity, as summarised at Appendix E. Audit Scotland November 2009 PAGE 9 Appendix A Summary assurance plan In this section we identify a range of operational risks facing CNPA, the related source of assurance received and the audit work we propose to undertake to secure additional assurance. The management of risk is the responsibility of CNPA and its officers, with the auditor’s role being to review the arrangements put in place by management. Planned audit work, therefore, will not necessarily address all residual risks. Risk / Source of assurance / Planned audit action Performance Single environment and rural service Phase 2 of SEARS will be introduced in summer 2009 and includes the review of areas such as ranger services, provision of advice and support to land managers. Although the Authority is a relatively small organisation in relation to other stakeholders, this could have a significant impact on the way the Authority operates, including the resources required to develop proposals and deliver expectations. • Key members of management team represented on programme board and project workstreams • Regular reporting to board on programme progress and potential implications for Authority • Monitor progress through board minutes • Update in annual report Co-location A review is underway examining the opportunities for co-location between SEARS partners. One aspect of the review will consider arrangements in the Park Authority, SEPA, and SNH. A general space specification has been developed, and consultants have been appointed for option appraisal to begin in early 2009. Possible options may include relocation of CNPA from current offices. There is a risk that proposals impact on staff morale, as well as recruitment and retention. • Management team representation on review group • Regular reporting to board on progress • Monitor progress thorough board minutes • Update in annual report PAGE 10 Risk / Source of assurance / Planned audit action 5 year strategic review Phase 1 recommendations from the strategic review including the board size, proportion of directly elected members, and collaboration between the Park Authorities are currently being consulted on. Future decisions by the proposed National Park Strategy Group could still have a significant impact on the way in which the Park Authority operates in the future, including its responsibilities, operation and boundaries. ..Authority response to recommendations being prepared as part of consultation process ..Regular reporting to Board of developments ..Authority will be represented on proposed strategy group ..Monitor through management discussions ..Update in annual report Efficient Government Budgets for 2008/09 and the immediate future will need to be managed within a tighter funding regime. There is a risk that proposals for efficiencies cannot be delivered, or will impact adversely on delivery of objectives. ..Regular reporting to finance committee on efficiency targets .. Regular performance monitoring at management and board level ..Monitor through management discussions ..Update in annual report National Park Plan Delivery of the priorities set out in the national park plan requires a coordinated approach involving a range of partners. There is a risk that the five year outcomes are not achieved as a result of poor communication and partnership working. ..CNPA has responsibility for leading and coordinating delivery of the plan. Through this role, it will ..Establish groups to deliver and report progress on actions ..Set up advisory forums to communicate on implementation around plan themes ..Annual report will be prepared on implementation of national park plan .. Indicators developed around key themes for monitoring the state of the park ..Regular reporting to board on NPP targets ..Review delivery group and board minutes .. Review performance as reported in CNPA annual report ..Update in annual report PAGE 11 Risk / Source of assurance / Planned audit action Local Plan finalisation A key goal in the Corporate Plan 2008-11 is the delivery of a Local Plan. A Local Plan has been drafted, however a number of objections on policies within the plan have been raised through the consultation process. There is a risk that the target delivery set out in the Corporate Plan cannot be achieved. ..Regular reporting to board on Local Plan progress ..Final modifications are now being made to the plan ..Park Authority currently liaising with the Scottish Government Reporters unit about the timing of an inquiry into the local plan ..Monitor adoption of local plan through minute review ..Update in annual report Governance and Internal Control International Financial Reporting Standards (IFRS) IFRS will apply to the financial year from 1 April 2009. A restated 2008 opening balance sheet is to be completed by the authority along with 2008/09 shadow IFRS based accounts to be completed. Although this may not have a huge impact on the Financial Statement for CNPA the resource required to prepare 2008/09 accounts and shadow IFRS based accounts maybe underestimated. ..Regular reporting to the Finance Committee with IFRS progress .. Liaison with Scottish Government ..Review restated 2008 opening balance during interim audit work ..Update in annual report PAGE 12 Appendix B Financial statements audit timetable Key stage / Date Testing and review of internal control systems and transactions Jan/Feb 2009 Meetings with officers to clarify expectations of detailed working papers and financial system reports Feb 2008 Latest submission of unaudited financial statements with working papers package 8 May 2009 Progress meetings with lead officers on emerging issues As required during audit process Latest date for submission of management letter on financial statements audit 31 May 2009 Latest date for final clearance meeting with Head of Corporate Resources 10 June 2009 Report to the audit committee on the audit of financial statements (ISA 260) 15 June 2009 Accountable Officer to sign accounts 17 July 2009 Independent Auditors Report signed 17 July 2009 Annual Report to the Accountable Officer 31 July 2009 PAGE 13 Appendix C Audit team A summarised curriculum vitae for each core team member is set out below: Stephen O’Hagan, CPFA Senior Audit Manager Stephen has over 11 years experience of public sector audit with Audit Scotland, covering local government, health and the education sector. Prior to this, Stephen worked in local government finance for 5 years. Alison Macdonald, ACCA Senior Auditor Alison joined Audit Scotland in 2007 and has experience of audit in local government, health and central government sectors. Prior to joining us Alison worked in the public sector as an accountant. PAGE 14 Appendix D Reliance on internal audit Auditing standards require internal and external auditors to work closely together to make optimal use of available audit resources. We seek to rely on the work of internal audit wherever possible and as part of our planning process we carry out an early assessment of the internal audit function. Our review of the internal audit service concluded that the internal audit operates in accordance with government internal audit standards. We therefore plan to place reliance on the work of internal audit in the following areas: • Budgetary management and monitoring • Procurement • Financial controls PAGE 15 Appendix E Independence and Objectivity Auditors appointed by the Auditor General for Scotland are required to comply with the Code of Audit Practice and standing guidance for auditors, which defines the terms of appointment. When auditing the financial statements auditors are also required to comply with the auditing and ethical standards issued by the Auditing Practices Board (APB). The main requirements of the Code of Audit Practice, standing guidance for auditors and the standards are summarised below. International Standards on Auditing (UK and Ireland) 260 (Communication of audit matters to those charged with governance) requires that the appointed auditor: • discloses in writing all relationships that may bear on the auditor’s objectivity and independence, the related safeguards put in place to protect against these threats and the total amount of the fee that the auditor has charged the client • confirms in writing that the APB’s ethical standards are complied with and that, in the auditor’s professional judgement, they are independent and their objectivity is not compromised. The standard defines ‘those charged with governance’ as ‘those persons entrusted with the supervision, control and direction of an entity’. In your case, the appropriate addressee of communications from the auditor to those charged with governance is the audit committee. The auditor reserves the right to communicate directly with members on matters which are considered to be of sufficient importance. Audit Scotland’s Code of Audit Practice has an overriding general requirement that appointed auditors carry out their work independently and objectively, and ensure they do not act in any way that might give rise to, or could reasonably be perceived to give rise to, a conflict of interest. Appointed auditors and their staff should avoid entering in to any official, professional or personal relationships which may impair their independence, or might lead to a reasonable perception that their independence could be impaired. The standing guidance for auditors includes a number of specific requirements. The key requirements relevant to this audit appointment are as follows: • during the currency of an appointment, auditors should not perform non-audit work for an audited body, consultancy or otherwise, without the prior approval of Audit Scotland • the appointed auditor and key staff should, in all but exceptional circumstances, be changed at least once every five years in line with Audit Scotland’s rotation policy • the appointed auditor and audit team are required to carry out their duties in a politically neutral way, and should not engage in high profile public party political activity • the appointed auditor and audit team must abide by Audit Scotland’s policy on gifts and hospitality, as set out in the Audit Scotland Staff Code of Conduct.