WARNING - By their nature, text files cannot include scanned images and tables. The process of converting documents to text only, can cause formatting changes and misinterpretation of the contents can sometimes result. Wherever possible you should refer to the pdf version of this document. CAIRNGORMS NATIONAL PARK AUTHORITY Audit Committee Paper 1 21/08/09 CAIRNGORMS NATIONAL PARK AUTHORITY FOR DECISION Title: AUDIT COMMITTEE DRAFT ANNUAL REPORT Prepared by: David Cameron, Head of Corporate Services Purpose To present a draft Audit Committee Annual Report to members for approval, prior to its submission to the Board. Recommendation The Committee is requested to consider the draft annual report to the Board, set out in the paper and to: a) Agree any amendments required. b) Approve the submission of the report to the Board, subject to incorporation of any amendments agreed. Executive Summary The Audit Committee is required to report annually to the Board on its activities. The paper presented here sets out a draft of the fourth such annual report, covering the Committee’s activities from January 2008 to July 2009. It is intended that the agreed report will be presented as a paper to the Board at its meeting in September 2009, following the Committee’s consideration of the draft report and incorporation of any agreed changes. PAGE 2 AUDIT COMMITTEE ANNUAL REPORT – FOR DECISION Background 1. The Audit Committee is required to report annually to the full Board on its activities over the year, and on the reports presented to the Committee by the Authority’s internal and external auditors. 2. The previous Audit Committee Annual Report was submitted to the Board on 20 March 2008, covering the period from January to December 2007. This fourth Annual Report is presented on behalf of the Audit Committee to cover the period of its operations from January 2008 to July 2009. Overview 3. The period of this Annual Report covers consideration of final accounts for both 2007/08 and 2008/09, together with associated reports from Audit Scotland, the Authority’s external auditors. The Committee has also continued to review the work of Deloitte, the Authority’s internal auditors, and consider reports issued by them. 4. The Committee met four times in 2007 and has met three times to date in 2009. 5. In addition to management reports from the Authority’s Internal and External Auditors, considered in further detail below, the Committee considered the following issues during the course of the year: a) Risk management: the Audit Committee participated in a workshop to completely renew the Authority’s Strategic Risk Register in line with the Corporate Plan for 2008 to 2011, in December 2008, and has since approved the resultant risk register at its meeting in April 2009. The new Strategic Risk Register is included with this report, at Appendix 1. b) National Park Plan Monitoring Framework: the Committee considered progress on developing the National Park Plan monitoring framework and the proposed process for finalising and formalising it. c) Internal Audit Contract and efficiency savings: the Committee considered and approved an extension to the internal audit contract with Deloitte, pending a planned tender exercise for a new contract which is likely to be undertaken jointly with Loch Lomond and the Trossachs NPA, in 2011. The Committee also approved a reduction of around 10% in the number of internal audit days delivered, as part of the Authority’s response to the Scottish Government’s objective of all public sector bodies realising 2% annual efficiency savings. d) Best Value: the Committee considered a formal internal audit review of aspects of the Authority’s Best Value processes, in follow up to the detailed self- assessment review considered in 2007. e) International Financial Reporting Standards (IFRS): the Committee has been monitoring the Authority’s implementation of IFRS, which becomes a requirement for financial reports from the 2009/10 financial year, through updates from officers and reports on initial review of IFRS implementation by Audit Scotland, the external auditors. PAGE 2 f) Statement of Internal Control: review and approval of this statement, prior to its inclusion in the annual accounts and prior to signature by the Accountable Officer. g) Updates on progress in implementing previous audit recommendations: officers have presented regular progress updates on the implementation of audit recommendations. These officer reports have been highlighted by internal auditors as establishing best practice. The internal auditors have also undertaken formal follow-up reviews of action taken on previous recommendations. h) Consideration and agreement of forward internal audit activity plans: internal audit work has increasingly included work on project management reviews, designed to test the linkages between project design and delivery to the strategic objectives set out in the Authority’s approved Corporate Plan. In this way, the Audit Committee is able to test the validity of project outputs, while the Finance Committee is charged with monitoring the effectiveness of use of project inputs such as staff time and financial resources. Internal Audit 6. The Committee agree an annual internal audit work programme presented by Deloitte LLP. 7. Over the course of the period of this report, Deloitte have presented eight management reports to the Committee. Their findings and consequent recommendations for action are graded according to the internal auditors’ assessment of the significance of the underlying weakness to the effective management of the organisation. Table One presents a summary of the internal audit findings over the period of this report. Table One: Summary of Internal Audit Findings Internal Audit Study / Number of Recommendations Priority 1 / Priority 2 / Priority 3 Project Management (Apr 08) - 2 2 Financial Controls (Apr 08) - 3 4 Budget Controls (Apr 08) - 1 1 Best Value (Aug 08) - 1 3 Pensions Processes (Aug 08) - - 3 Project Management Review – Point of Entry Marker Signage Project (Apr 09) - 5 - Project Management Review – Land Managers Support Project (Apr 09) - 3 - Financial Controls (Jun 09) - 3 5 8. Internal audit have also completed work on a review of the Authority’s LEADER functions and a report will be considered by the Committee at its meeting in August. Work has also been completed on a review of procurement, with findings to be discussed in August with the Head of Corporate Services and Finance Manager. The resulting report on procurement will be considered by the Committee in December 2009. PAGE 4 9. The Committee welcomes the fact that no priority 1 recommendations have been raised by internal audit over the course of the year and a half covered by this report. Priority one recommendations reflect findings which the internal auditors consider to be major issues which need to be brought to the attention of senior management and the Audit Committee. 10. In practice, the Committee is aware of all recommendations made by the internal auditors, through consideration of full management reports following each audit review. 11. The Committee has agreed management responses to all recommendations made and continues to monitor progress made. The internal auditors have also conducted follow-up reports and report back to the Committee on their findings. 12. All scheduled internal audit work for 2008 and the first half of 2009 was undertaken, with the exception of a study on the Authority’s Human Resource systems. This was deferred appointment of the HR Manager and will be delivered during the 2009/10 financial year. 13. The Committee has considered Internal Auditors’ Annual Reports for 2007/08 and 2008/09. The internal auditor’s annual report for each year concludes: “on the basis of work undertaken in the year … we consider that Cairngorms National Park Authority generally has an adequate framework of control over the systems we examined.” External Audit 14. The Authority’s accounts for 2007/08 and 2008/09 received a clear, unqualified external auditor’s report and opinion from Audit Scotland, our external auditors. 15. The accounts and external auditor’s report for 2007/08 were signed on 30 July 2008, one month earlier than the date for the previous year. This improving trend has been repeated again for the 2008/09 accounts, which were signed on 26 June. This means that accounts for 2008/09 have been signed off some 4 months earlier than was the case for the 2005/06 accounts. 16. The Audit Committee has considered Audit Scotland’s Management Report on the audit of the 2007/08 accounts and the report on the audit of the 2008/09 accounts. There are no points for action raised in either of the reports. 17. Audit Scotland have highlighted one point for action in implementation of IFRS, following their initial review of IFRS implementation by the Authority. The auditors highlight that further work needs to be done in finalising the format of “segmental reporting” to be used in the accounts. This refers to reporting financial information in the accounts on the same basis as that used internally for resource allocation and management. The report itself notes that work is ongoing to deal with this matter and the Committee has been assured by the head of Corporate Services that a reporting scheme is in place to deal with this matter. PAGE 5 Conclusions 18. The Audit Committee considers that it has been successful in progressing the Board’s governance and internal control priorities during the period to January 2008 to July 2009. 19. The Committee warmly welcomes the evidence of successful progress in closing annual accounts and completing the external audit process more promptly each year. The Committee would like to take this opportunity in reporting to the Board to register its thanks to all staff involved in this process and to the effective work of the Audit Scotland team led by Stephen O’Hagan. 20. There has been an engagement through the year with issues identified by the Authority’s internal and external auditors, and also by the Authority’s officers. The Committee has received full reports on issues raised; considered recommendations made; and approved responses and actions. 21. Both the internal auditors’ finding of adequate levels of internal controls within the Authority, and the external auditors’ unqualified audit certificate provide assurance to the Committee and Board that the Authority’s internal control and governance objectives are being met by management. 22. It is also reassuring to see that no priority 1 recommendations have been raised by the internal auditors over the course of the year. While it is accepted that there will always be a range of improvements than can be made to services and controls, and as such a number of recommendations for improvement from internal audit will be expected, the Committee welcomes the evidence of generally effective control systems evidenced by the reports. 23. The Committee also wishes to express it thanks to the internal audit team from Deloitte, led by Lisa MacDonald, for their consistently clear reports which are very well presented to members. 24. The Committee will continue to address key, basic issues of internal control and the development of appropriate processes within the Authority. 25. The Committee has also implemented a wider range of review of the period, to encompass consideration of how well the Authority delivers its overall corporate and operational plan objectives. These reviews have begun to test the extent to which the underpinning rationale for projects development can be linked back to delivery of strategic corporate objectives, and the extent to which project outputs make a contribution to Corporate Plan outcomes. 26. This has started an interesting and potentially very useful area of work which will be continued into the next two years. DAVID CAMERON davidcameron@cairngorms.co.uk July 2009