WARNING - By their nature, text files cannot include scanned images and tables. The process of converting documents to text only, can cause formatting changes and misinterpretation of the contents can sometimes result. Wherever possible you should refer to the pdf version of this document. CAIRNGORMS NATIONAL PARK AUTHORITY Audit Committee Paper 3 17/04/09 CAIRNGORMS NATIONAL PARK AUTHORITY FOR DECISION Title: INTERNAL AUDIT: STRATEGIC RISK MANAGEMENT Prepared by: LISA MacDONALD, DELOITTE DAVID CAMERON, HEAD OF CORPORATE SERVICES Purpose To present Deloitte’s report on the outcome of the strategic risk management workshop. To present the revised, draft strategic risk register for consideration by Committee, following its approval by the Management Team in March 2009. Recommendations The Committee is asked to: a) Note the internal auditor’s report on the strategic risk management workshop, as set out in Annex 1; b) Consider and, subject to any agreed amendments, approve the revised strategic risk register set out in Annex 2 for future ongoing monitoring by the Management Team and Audit Committee. Executive Summary Deloitte, the Authority’s internal auditors, facilitated a strategic risk management workshop in December 2008. This workshop reviewed and updated the strategic risk register in line with the Authority’s 2008 to 2011 Corporate Plan. The results of the workshop are set out in Deloitte’s report, at Annex 1. The Authority’s management team considered the outputs from the workshop at its meeting on 3 March 2009. Management Team has agreed a draft Strategic Risk Register, based on the top 25 risks identified at the workshop and amended slightly to remove one area of duplication and also to bring in a new risk not identified. Management Team has also identified leads for the strategic risks, who will be responsible for managing or monitoring the progress of risk management activity in each area. In a few areas, the full management team will remain responsible for collective consideration of risk management. The revised strategic risk register agreed by Management Team is set out in Annex 2. Future Action Programme, project and activity managers will be encouraged to refer to this risk register in thinking through the design of projects and, where possible, ensure activities help address key risks identified. The “risk management” aspect of the Authority’s project proposal / expenditure justification form will also be adapted to focus project managers’ attention on the Authority’s risk register and to raise awareness of the need to address strategic risks in the design and delivery of projects. This process will make a significant contribution toward further embedding the risk management culture within the organisation.