WARNING - By their nature, text files cannot include scanned images and tables. 
The process of converting documents to text only, can cause formatting changes and 
misinterpretation of the contents can sometimes result. Wherever possible you 
should refer to the pdf version of this document.

Cairngorms National Park Authority 
2003/04 Audit 
Main Accounting System 
30 April 2004 

Robert W Clark FCCA - Senior Audit Manager 
Audit Services, Audit Scotland 
Ballantyne House, 84 Academy Street, Inverness IV1 1LU 
Tel. no. 01463 713500 Fax. no. 01463 715080 

Cairngorms National Park Authority 
2003/04 Audit 
Contents
Main Accounting System 

Section 1 
Executive Summary 

Section 2 
Action Plan 

Section 3 
Introduction 

Section 4 
Main Findings 
• Input controls  
• Output controls  
• Audit trail 
 

Section 1 
Executive Summary 

Introduction 
1.1 The Cairngorms National Park Authority was set up under the National Parks (Scotland) Act 
2000. It is Scotland’s second national park and the United Kingdom’s largest at 3800 square 
kilometres (1400 square miles). 

1.2 This report summarises the findings from our review of the Authority’s main accounting systems 
and, where appropriate, makes recommendations to address the weaknesses identified. The 
weaknesses outlined are only those which have come to our attention during the course of our 
normal audit work and are not necessarily, therefore, all the weaknesses that exist. 

1.3 Although we include a number of specific recommendations in this report to strengthen internal 
control, it is the responsibility of management to implement appropriate internal control systems. 
It should also be noted that communication of weaknesses does not absolve management from 
its responsibility for the maintenance of an adequate system of control. 

Key objectives 
1.4 As part of our 2003/04 audit, we undertook a review of procedures to evaluate whether the 
internal control system is adequate. The key objectives of the audit were to assess: 
• The extent of controls over data input; 
• The extent of controls over system output; 
• The extent to which an audit trail of transactions is maintained. 

Summary of Main Findings 
1.5 Our review has found that the system of internal control within the main accounting system is 
generally operating satisfactorily and there are some examples of good practice. An example of 
good practice we would highlight is the audit trail within the Sage accounting system, which 
allows an item to be traced from input through to its final resting place. However, audit testing 
did highlight a number of areas of concern which management will require to address. In 
particular, we found that there is no comprehensive set of written procedures covering the 
Authority’s financial operations. The main points arising from the audit are as follows: 

Areas of good practice 
• The existence of an audit trail within the Sage accounting system, which allows an item to 
be traced from input through to its final resting place; 
• The BACS report as submitted to the bank is retained on file and contains the required 
two signatures as evidence of authorisation. 
Areas with Scope for Improvement 
• There is no comprehensive set of written procedures covering the Authority’s financial 
operations; 
• There is no regular reconciliation between the nominal ledger and its feeder systems; 
• The audit trail is not regularly reviewed by a senior officer. 
Audit Service -Audit Scotland 1 30 April 2004 

Action Plan 
1.6 The Action Plan included in Section 2 of this report sets out the agreed actions to be taken in 
response to the main recommendations. They are graded to show their relative priority, and the 
timescales within which the issues are to be addressed. The Action Plan should be read in 
conjunction with the relevant reference from the main findings (Section 4). 

1.7 The factual accuracy of the content of this report, and the remedial action to be taken, has been 
agreed in discussion with the appropriate officials. 

Acknowledgements 
1.8 The co-operation and assistance afforded to audit staff during the course of the review are 
gratefully acknowledged. 
Audit Service -Audit Scotland 2 30 April 2004 


Section 2 
Main Accounting System 
Action Plan
Information supplied in table format - Please see pdf for details  
Recommendation 
Responsible Officer 
Agreed 
Comments 
Agreed Completion Date 

Input controls 
1 There should be a comprehensive set of 
procedural instructions covering all aspects of the 
Authority’s financial operations. 
Head of Corporate Services 
Yes 
October 2004 
Medium priority 

2 Procedures should be reviewed to ensure that all 
payment vouchers show evidence of having been 
authorised before input to financial systems. 
High priority 
Head of Corporate Services 
Yes 
The review is complete and 
procedures have been revised. 
These procedures will be included 
in the procedural instructions 
referred to above. 
October 2004 


3 There should be regular reconciliation between 
the nominal ledger and the feeder systems 
(purchase ledger and payroll systems). 
Head of Corporate Services 
Yes June 2004 
Medium priority 

Output controls 
The payroll report should be signed and dated as 
evidence of having been checked and authorised. 
Head of Corporate Services 
Yes 
Implemented 
Medium priority 

Audit trail 
5 Arrangements should be put in place for the audit 
trail to be reviewed by a senior official on a regular 
basis. 
Head of Corporate Services 
Yes June 2004 
Medium priority 

6 Where payment vouchers are held in subsidiary 
files (e.g. payroll) the main file should contain an 
appropriate cross-reference to the subsidiary file. 
Head of Corporate Services 
Yes Implemented 
Medium priority 

7 The accounting software used by the Authority 
does not identify individual users on the audit trail. 
We recommend that the possibility of including 
this facility be investigated. 
Head of Corporate Services 
Yes 
June 2004 
Medium priority 

 
Section 3 

Introduction 
Background 

3.1 The Cairngorms National Park was set up under the National Parks (Scotland) Act 2000 with the 
aim of promoting sustainable economic and social development of the area’s communities, 
conserving and enhancing the natural and cultural heritage of the area, to promote sustainable 
use of the natural resources of the area and to promote understanding and enjoyment of the 
special qualities of the area by the public. The Cairngorms National Park is Scotland’s second 
national park and the United Kingdom’s largest at 3800 square kilometres (1400 square miles). 

3.2 The Authority’s forecast gross expenditure on a cash basis for 2003/04 is £2m. The main 
source of income is grant-in-aid from the Scottish Executive. 

3.3 The Cairngorm National Park Authority uses the Sage Line 50 computerised accounting system 
for its financial ledger and processing payroll, accounts payable and accounts receivable. 
Audit Scope and Objectives 

3.4 As part of our 2003/04 audit activity we carried out a review of the Authority’s main accounting 
systems, including the nominal ledger, purchase ledger and payroll systems. In particular we 
examined the Authority’s controls to ensure that: 
• All data input is genuine, complete, accurate, not previously processed, properly 
authorised and timely. 
• There are sufficient controls over output to ensure its accuracy, completeness, 
confidentiality and timeliness. 
• A complete audit trail is maintained which allows an item to be traced from input through 
to its final resting place and the final result to be broken into its constituent parts. 

3.5 Our audit work included interviews with the Head of Corporate Services, and other officers in the 
Authority. We also carried out detailed testing of individual transactions within the accounting 
systems. 

3.6 Details of our audit findings are given in section 4 of this report. 
 
Section 4 
Main Findings 
Input controls 

4.1 It is important for any organisation to have comprehensive written procedures covering its 
financial operations. The use of such procedures helps to strengthen existing controls and also 
helps to ensure a consistent approach to data processing. 

4.2 Our audit found that written guidance has been prepared for parts of its financial systems such 
as payroll and expenses claims. We recommend that a comprehensive set of procedural 
instructions be prepared covering all aspects of the Authority’s financial operations. 
Refer Action Plan Point 1 

4.3 We noted that data is input to the main accounting systems from the following sources: 
• Purchase ledger - input from invoices authorised for payment 
• Nominal ledger - input either from interface with purchase ledger or direct input by way of 
journal entries 
• Payroll - input from authorised payroll documentation 
We also noted that there is no interface between the payroll system and the nominal ledger and 
that payroll data are input to the ledger by journal entry. 

4.4 As part of our audit work we selected a sample of thirty transactions from the month of January 
2004 and checked that, where appropriate, they had been properly authorised before input. We 
found two instances of payments that did not have a fully authorised payment voucher on file. 
We recommend that procedures be reviewed to ensure that all payment vouchers show 
evidence of having been authorised before input. 
Refer Action Plan Point 2 

4.5 An important control over data input is to have systematic reconciliations between the main 
financial ledger and any subsidiary feeder systems. The Authority’s purchase ledger is 
integrated with the main nominal ledger with postings being channelled through a nominal ledger 
control account. We were unable to find evidence of any regular reconciliation between the 
control account and the balance on the purchase ledger. 
Refer Action Plan Point 3 

4.6 We also found little evidence of any comprehensive reconciliation between the payroll system 
and the nominal ledger, although we understand that certain items, such as PAYE, are regularly 
checked against the corresponding control accounts in the ledger. Systematic reconciliation is 
extremely important in this instance because the two systems are not integrated and to confirm 
the integrity of the systems. 

Refer Action Plan Point 3 

 Output controls 
4.7 We would expect to find adequate controls in place to ensure the accuracy, completeness and 
timeliness of system outputs. As part of our audit we examined the Authority’s controls 
regarding the payroll output. 

4.8 The monthly payroll report includes a list of the salaries to be paid to employees. It is 
understood that the Finance Support Officer submits the payroll report to the Head of Corporate 
Services (or the Chief Executive) for checking prior to payment. Payments are made direct to 
employees’ bank accounts via the Bankers Automated Clearing System (BACS). 

4.9 It was noted that the payroll report does not show evidence of having been checked and 
authorised for payment. However, the BACS report as submitted to the bank is retained on file 
and contains the required two signatures as evidence of authorisation. As an additional control 
we recommend that the payroll report itself should also be signed and dated by the Head of 
Corporate Services or the Chief Executive as evidence of having been checked and authorised. 
Refer Action Plan Point 4 

Audit trail 
4.10 It is important for a complete audit trail to be maintained. The trail should allow an item to be 
traced from input through to its final resting place and should allow the final result to be broken 
down into its constituent parts. We noted that the Sage accounting software is designed to 
produce a satisfactory audit trail, which is retained on the system. 

4.11 However, we noted that there are no written procedures in place regarding the use of the audit 
trail facility and there does not appear to be any arrangements for regular review of the audit trail 
by a senior official. This is an important control, as it will confirm that documented procedures 
are being complied with or highlight controls may require to be strengthened. We recommend 
that arrangements be put in place for the audit trail to be reviewed by a senior official on a 
regular basis. 
Refer Action Plan Point 5 

4.12 To enable items to be readily traced it is important for input documentation to be filed 
sequentially. Out of the sample of thirty referred to at paragraph 4.4 above, we found five 
transactions where there was no input voucher on the main file. It emerged that the transactions 
in question related to payroll and the relevant voucher, in the form of a payroll output report, was 
held in a separate payroll file. In such instances, in order to provide a full audit trail and make 
the location of the originating document easier for the Authority’s staff, we recommended that 
the main file contain an appropriate cross-reference to the payroll file 

Refer Action Plan Point 6 
4.13 We would expect a comprehensive audit trail to includes details of the users of the system 
against each transaction. This would help identify which users were responsible for particular 
transactions should it be necessary to investigate any matter. It appears that the Sage 
accounting software used by the Authority does not include this information on the audit trail, 
and we recommend that the possibility of including this facility be investigated. 
Refer Action Plan Point 7