WARNING - By their nature, text files cannot include scanned images and tables. The process of converting documents to text only, can cause formatting changes and misinterpretation of the contents can sometimes result. Wherever possible you should refer to the pdf version of this document. CAIRNGORMS NATIONAL PARK AUTHORITY Audit Committee Meeting 16/12/05 Paper 2 FOR DECISION Cairngorms National Park Authority Internal Audit Operational Plan2005/06 September 2005 Strictly Private and Confidential Contents Introduction & Areas of Review Page 1 Statement of Responsibility Page 3 Introduction & Areas of Review Introduction Following discussions with the Head of Corporate Services and analysis of the main areas of risk within Cairngorms National Park Authority, we are pleased to present the operational plan for 2005/06. The plan has a total of 45 days allocated to it, split amongst the following categories: .. Strategy and planning; .. IT Risk .. Financial Management Processes .. Legal, regulatory and business risk management; .. Follow-up; .. Contract management. The reviews contained within these areas are detailed below. Budget Days / Proposed Timing Strategy & Planning Corporate Planning 5 16th January 2006 IT Risk Contingency Planning 4 16th January 2006 IT Security 5 16th January 2006 Financial Managmenet Processes Financial Ledger 5 20th February 2006 Grant Awards 5 20th February 2006 Cash Flow Management 5 27th February 2006 Legal, Regulatory and Business Risk Management Risk Management 5 20th March 2006 Operational Reviews Procurement 5 10th April 2006 Follow-up Reviews Follow-up 2004/05 2 27th February 2006 Contract Management 4 Total Budget Days 45 Strategy and Planning Within the strategy and planning category, we will undertake a further review of the Corporate Planning process. Our 2004/05 review in this area concluded that the process for the creation of the 2005-2008 corporate plan was adequate. Our conclusion included the caveat that, due to the plan being in its infancy, we were unable to provide an opinion on the processes for monitoring and reviewing the corporate plan. Our 2005/06 review will focus in this area, in order to provide full coverage of the corporate planning process. IT Risk As noted in our internal audit Annual Report, we did not undertake any IT reviews in 2004/05. In 2005/06, we will undertake two reviews, covering Contingency Planning and IT Security. Our contingency planning review will follow on from the recommendations raised by Audit Scotland, the Authority’s external auditors Introduction & Areas of Review Financial Ledger Good financial planning, financial management and reporting are achieved through a sound system of control within the financial ledger. Our review will assess the controls in place to ensure the validity, timeliness and completeness and accuracy of entries to the financial ledger. Additionally, we will assess the controls in place to ensure the accuracy and completeness of reporting to management and the Board. Cash Flow Management As a cash limited organisation, the Authority must have a robust cash flow forecasting process, linking into the budgeting and financial ledger processes. Our review will assess the controls in place to ensure that cash flow forecasts and cash draw-downs are based on valid and appropriate assumptions. Grant Awards The Authority awards a substantial amount of grants to external parties. Our review will assess the controls in place to ensure that expenditure on grants is valid, appropriate and will further the aims of the Cairngorms National Park Authority. Risk Management Our risk management review will assess the controls in place over the risk management system within the Authority. This will include the operation of the risk register, its links with the Corporate Plan, and the level to which risk management has been imbedded within the organisation. Procurement Our procurement review will assess the controls in place to ensure that all procurement by the Authority is valid and that it represents best value. Follow-up 2004/05 An essential element of internal audit work is the follow-up of recommendations raised in previous years to ensure that the control system has been amended as agreed in our reports. Our follow-up work will cover the reports issued in 2004/05. These are: .. Fixed Asset Register; .. Payroll; .. Strategic & Operational Planning; .. Project Management. Our follow-up work will be undertaken in stages throughout the financial year, depending on the timing of our original work. The status of recommendations will be shown as a standing agenda item for each Audit Committee. Statement of Responsibility Statement of Responsibility We take responsibility for this report, which is prepared on the basis of the limitations set out below. Enterprise Risk Services Deloitte & Touche LLP Inverness September 2005 This interim plan and the work connected therewith are subject to the Terms and Conditions of the engagement letter between the Cairngorms National Park Authority and Deloitte & Touche LLP. This document and any work or reports related to it are produced solely for the use of Cairngorms National Park Authority. Its contents should not be quoted or referred to in whole or in part without our prior written consent, unless required by law. Deloitte & Touche LLP will accept no responsibility to any third party, as the project specification and any related work or reports have not been prepared, and are not intended for any other purpose. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein. © 2005 Deloitte & Touche LLP. All rights reserved.