WARNING - By their nature, text files cannot include scanned images and tables. 
The process of converting documents to text only, can cause formatting changes and 
misinterpretation of the contents can sometimes result. Wherever possible you 
should refer to the pdf version of this document.


CAIRNGORMS NATIONAL PARK AUTHORITY 
Audit Committee Paper 7 19/03/08 

CAIRNGORMS NATIONAL PARK AUTHORITY 


FOR DECISION 

Title: 2006/07 ACCOUNTS: DRAFT STATEMENT OF INTERNAL CONTROL 

Prepared by: David Cameron, Head of Corporate Services 

Purpose 

To seek the Committee’s approval for the Statement of Internal Control, to be included in 
the draft accounts for 2007/08. 

Recommendations 

The Committee is requested to: 

a) Approve the draft Statement of Internal Control, set out in Annex 1, for inclusion in 
the draft accounts for 2007/08. 

Executive Summary 

As advised elsewhere on the Committee’s agenda for the current meeting, the Authority is 
seeking to bring forward its timetable for review of the annual accounts and publication of 
the Annual Report and Accounts for the year. In light of this, a draft Statement of Internal 
Control has been produced for inclusion in the draft accounts report for 2007/08. 

An element of the Committee’s remit is to provide advice to the Accountable Officer on their 
completion of the Statement of Internal Control, which forms part of the preface to the 
accounts. Accordingly, the Audit Committee is requested to consider a draft Statement of 
Internal Control in light of their experience of internal and external auditors’ reports, and of 
reports from the Authority’s management, brought to the Committee over the course of the 
year. 

Although the draft Statement of Internal Control has previously been considered by the 
Committee at its August meeting, it is considered sufficiently close to the year end that the 
Committee may reasonably pass comment on the draft statement at this point. With respect 
to the statement in paragraph 17 in particular, it is recognised that the internal auditors have 
yet to produce their annual report for 2007/08. This statement may, therefore, have to be 
modified in light of the opinion expressed in their report. 

The Committee will have an opportunity to review the statement prior to finalisation of the 
Annual Report and Accounts for 2007/08. 



DRAFT STATEMENT OF INTERNAL CONTROL 

For the period ended 31 March 2008 

Scope of Responsibility 

1. As Accountable Officer, I have responsibility for maintaining a sound system of 
internal control that supports the achievement of the organisation's policies, aims and 
objectives, whilst safeguarding the public funds and assets for which I am personally 
responsible, in accordance with the responsibilities assigned to me in the Management 
Statement for the Cairngorms National Park Authority. In discharging this 
responsibility I am held accountable by the Authority’s Board, and by Scottish 
Ministers. In particular, the Authority’s Board has Finance and Audit Committees in 
place, each of which has remits to ensure elements of the Authority’s internal control 
systems, including risk management systems, are in place and function effectively. 

2. The Scottish Public Finance Manual (SPFM) is issued by the Scottish Ministers to 
provide guidance to the Scottish Executive and other relevant bodies on the proper 
handling of public funds. It is mainly designed to ensure compliance with statutory 
and parliamentary requirements; promote value for money; ensure high standards of 
propriety; secure effective accountability and risk management within organisations; 
and hence ensure good systems of internal control. An element of my responsibility 
as Accountable Officer is to ensure the Authority’s internal control systems comply 
with the requirements of the SPFM. 

Purpose of the System of Internal Control 

3. The system of internal control is designed to manage risk to a reasonable level rather 
than to eliminate all risk of failure to achieve policies, aims and objectives; it can 
therefore only provide reasonable and not absolute assurance of effectiveness. 

4. The system of internal control is based on an ongoing process designed to identify 
and prioritise the risks to the achievement of departmental policies, aims and 
objectives, to evaluate the likelihood of those risks being realised and the impact 
should they be realised, and to manage them efficiently, effectively and 
economically. 

5. The system of internal control has been in place in the Cairngorms National Park 
Authority for the year ended 31 March 2008 and up to the date of approval of the 
annual report and accounts, and accords with Treasury guidance. 

6. The internal audit function is an integral element of the Authority’s internal control 
systems. Deloitte LLP were appointed as the Authority’s internal auditors in June 
2004 and have undertaken a comprehensive review of key internal control systems 
since their appointment. Over the course of the year to 31 March, the internal 
auditors have reported to the Audit Committee on their independent reviews of the 
Authority’s health and safety management; budgetary control systems; financial 
control systems and project management. Work is ongoing on a review of pensions 
administration and Best Value. The Board’s Audit Committee has considered reports 
on each of these reviews and approved management actions required to address any 
recommendations made. Recommendations made were for improvements to control 
systems, with all reviews finding adequate control systems to be in place and 
operational. 

Capacity to Handle Risk 

7. Leadership for the process of risk management within the organisation is provided at 
the highest level, with the Park Authority Board recognising the importance of risk 
management in the activities of the organisation. Through adoption of risk based 
monitoring reports for delivery of Corporate and Operational Plan objectives, and 
for wider assessment of organisational performance, the Board has provided 
leadership on the importance of risk management at the highest level within the 
organisation. 

8. The Board’s Audit Committee and Management Team are also each actively 
involved in leading on embedding risk management processes throughout the 
organisation. Both these groups consider the management of strategic risk at regular 
intervals, reviewing and updating the strategic risk register and seeking to ensure 
that the required actions to manage risk at a strategic level are appropriately 
reflected and incorporated in operational delivery plans. Accordingly, a risk 
management focus has been developed into key control processes, including 
quarterly organisational performance monitoring and project initiation and delivery 
documents. 

The Risk and Control Framework 

9. The Authority’s strategic risk management processes are based on a schedule of key 
risks and risk management strategy approved by the Audit Committee in March 2005. 
Risk appetite is set within the agreed risk management strategy. This process has 
given rise to the Authority’s Strategic Risk Register, setting out responses to key risks 
and officers responsible for their management, which was subsequently approved by 
the Audit Committee in March 2006. The Strategic Risk Register is reviewed and 
updated quarterly by the Authority’s Management Team and at each Audit 
Committee, and maintains an audit trail of action taken. 

10. A comprehensive review of the strategic risk register will be undertaken following 
adoption of the Authority’s new Corporate Plan for April 2008 to March 2011. 

11. The Authority has also adopted a risk based approach to the management and 
monitoring of its Operational and Corporate Plan delivery, and of key aspects of 
organisational performance, whereby any increased risk to achievement of targets is 
assessed, reported to Board and Management Team, and, where required, remedial 
action determined and implemented. 

12. More generally, the organisation is committed to a process of continuous 
development and improvement: developing systems in response to any relevant 
reviews and developments in best practice in this area. In particular, in the period 
covering the year to 31 March and up to the signing of the accounts the organisation 
has: 

a) Acted on a range of internal audit recommendations for further improvements 
in the internal control framework; 

b) Completed a process of Best Value self-assessment, culminating in a Best 
Value action plan, that seeks prioritised, continuous improvement in service 
delivery. 

c) Finalised development and commenced implementation of a coordination 
framework within which public stakeholders will, along with the Authority, 
deliver priority actions set out in the National Park Plan agreed by Scottish 
Ministers. This framework will also support the management of risks by these 
public stakeholders in their delivery of National Park Plan actions. 

Review of Effectiveness 

13. As Accountable Officer, I have responsibility for reviewing the effectiveness of the 
system of internal control. My review of the effectiveness of the system of internal 
control is informed by the work of the internal auditors and the executive managers 
within the Authority who have responsibility for the development and maintenance 
of the internal control framework, and comments made by the external auditors in 
their management letter and other reports. I have been advised on the implications 
of the result of my review of the effectiveness of the system of internal control by the 
CNPA Board, and its Audit Committee, and a plan to address weaknesses and 
ensure continuous improvement of the system is in place. 

14. Advice from independent internal and external auditors forms a key and essential 
element in informing my review of the effectiveness of the systems of internal control 
within the Authority. The Board’s Audit Committee also plays a vital role in this 
regard, through its review of audit recommendations arising from reviews of internal 
control systems and its consideration of proposed management action. In particular, 
the Audit Committee is tasked with monitoring the operation of the internal control 
function and bringing any material matters to the attention of the full Board. Detailed 
findings of all audit reviews are made available to both management and the Audit 
Committee. The Audit Committee produces an Annual Report to the Board assessing 
the adequacy and effectiveness of the Authority’s internal controls. 

15. Senior Managers on the Authority’s Management Team also play an important role in 
implementing control systems and advising on any improvements required. The 
Head of Corporate Services is particularly involved in implementing a variety of 
internal control process, ensuring a continuing process of review and improvement to 
these systems is in place, and taking a leading role in embedding the principles of risk 
management throughout the organisation. 

16. Appropriate action is in place to address any weaknesses identified and to ensure the 
continuous improvement of the system. 

17. The internal auditors have reported that, overall, adequate internal controls were in 
place within the Authority over the course of 2007/08. 


David Cameron 
March 2008 

davidcameron@cairngorms.co.uk