WARNING - By their nature, text files cannot include scanned images and tables. 
The process of converting documents to text only, can cause formatting changes and 
misinterpretation of the contents can sometimes result. Wherever possible you 
should refer to the pdf version of this document.

CAIRNGORMS NATIONAL PARK AUTHORITY 
Board Paper 10 Annex 1 23/02/07 


AUDIT COMMITTEE ANNUAL REPORT 

Background 

1. 
The Audit Committee is required to report annually to the full Board on its activities 
over the year, and on the reports presented to the Committee by the Authority’s 
internal and external auditors. 

2. 
The previous Audit Committee Annual Report was submitted to the Board in January 
2006, covering the period from April 2004 to August 2005. This second Annual Report 
is presented on behalf of the Audit Committee to cover the period of its operations 
from September 2005 to its meeting of 15 December 2006. 


Overview 

3. 
This period of this Annual Report covers consideration of draft final accounts for both 
2004/05 and 2005/06, together with associated reports from Audit Scotland, the 
Authority’s external auditors. The period also covers the second phase of internal 
audit work undertaken by Deloitte, following their appointment in July 2004. 

4. The Committee met four times in the period September 2005 to December 2006. In 
addition to management reports from the College’s Internal and External Auditors, 
considered in further detail below, the Committee considered the following issues 
during the course of the year: 

a) Risk management: approval of the Authority’s Strategic Risk Register and 
processes for embedding regular review of strategic risk management by the 
Management Team and Audit Committee. 

b) Health and Safety Policy 

c) Information Technology contingency planning and business continuity plans. 

d) Freedom of Information: update on caseload and management of information 
requests. 

e) Balanced scorecard: development of performance measures to provide a high 
level, overview assessment of corporate governance and risk management 
performance. 

f) Review of governance arrangements through consideration of the number and 
outcomes of complaints made to external review bodies. 

g) Organisational Greening Policy: update on action taken in implementing the 
greening policy approved by the Board in March 2006. 

h) Statement of Internal Control: review and approval of this statement, prior to its 
inclusion in the annual accounts and prior to signature by the Accountable 
Officer. 

i) 
Updates on progress in implementing previous audit recommendations: officers 
have presented regular progress updates on the implementation of audit 
recommendations. These officer reports have been highlighted by internal 
auditors as establishing best practice. 



Internal Audit 

5. 
The Committee agreed an annual internal audit work programme presented by 
Deloitte. 

6. 
Deloitte have since presented seven management reports to the Committee. Their 
findings and consequent recommendations for action are graded according to the 
internal auditors’ assessment of the significance of the underlying weakness to the 
effective management of the organisation. Table One presents a summary of the 
internal audit findings over the course of the year. 


Table One: Summary of Internal Audit Findings 

Internal Audit Study / Number of Recommendations 

Priority 1 / Priority 2 / Priority 3 

Project Planning 
-
5 
1 

IT Contingency Planning 
-
3
 -

Server Security
-
3
 -

Financial Ledger
 -
5 
2 

Grant Awards 
-
2 
3 

Risk Management
 -
-
2 

Cash and Cash Flow Management
 -
-
2 

7. 
Despite the ongoing development of the organisation, no priority 1 recommendations 
have been made following the seven internal audit reviews reported to the Committee 
in the period. Priority one recommendations would reflect findings which the internal 
auditors consider to be major issues which need to be brought to the attention of 
senior management and the Audit Committee. 

8. 
In practice, the Committee is aware of all recommendations made by the internal 
auditors, through consideration of full management reports following each audit 
review. 

9. 
The Committee has noted management responses to all recommendations made and 
will monitor progress made. The internal auditors will also conduct follow-up reports 
and report back to the Committee on their findings. 

10. 
All planned internal audit work for 2005/06 was undertaken, with the exception of a 
study on procurement policy and practice. The Audit Committee was informed that 
this review had been deferred, with the agreement of the Internal Audit Manager and 
Head of Corporate Services, pending clarification of the requirements of the recent 
McClelland report on this subject. 

11. 
The Internal Auditors’ Annual Report was presented to the Committee at its meeting 
in August 2006. Their report concludes that, on the basis of work undertaken, the 
Authority has an adequate and effective framework of internal control. 

12. 
The Committee has agreed an internal audit programme for 2006/07. This programme 
reduces slightly the number of internal audit days compared with previous years. 
Internal audit work over the last two years has now covered detailed reviews of all 
key control areas, and the auditors’ opinion was that they could focus more on self-
assessment, undertaken initially by officers, in testing the ongoing refinement and 
improvement of systems. The level of findings from previous years and assessment of 
risks supported their proposals to reduce the number of planned days. 


External Audit 

13. 
The Authority’s accounts for both 2004/05 and 2005/06 have received clear, unqualified 
certificates from Audit Scotland, our external auditors. 

14. The Audit Committee considered Audit Scotland’s Management Report on the 2004/05 
accounts at its meeting in December 2005 and noted three points for action raised in 
the report: 

a) Discussing with the Scottish Executive the possibility of bringing into line 
differing accounting policies for the treatment of grant-in-aid and expenditure; 

b) Dissemination and embedding of financial regulations agreed by the Audit 
Committee in August 2005; 

c) Completion of a risk register from the work undertaken in identifying strategic 
risks and establishing a Risk Management Policy. 

15. 
All three of these action points have now been addressed and no follow up actions are 
identified in Audit Scotland’s Management Report on the 2005/06 accounts. 

16. The Committee considered Audit Scotland’s Management Report on the 2005/06 
accounts at its meeting in December 2006 and noted three points for action raised in 
the report: 

a) Review the Financial Reporting Manual (FReM) to determine whether any 
improvements are required to the Authority’s disclosures in the Annual Report 
and Accounts; 

b) 
Review disclosure policy for senior management remuneration in the Annual 
Report and Accounts; 

c) Develop performance measures to demonstrate that the Authority is securing 
continuous improvement. 

17. 
Management responses on these issues arising from the Management Report on the 
2005/06 accounts have been approved. It is anticipated that action taken will be 
reviewed by Audit Scotland as part of their reviews leading to certification of future 
years’ accounts. 

18. 
The internal audit work programme and follow up activity will also be informed by 
the findings raised in these Audit Scotland reviews. 



Conclusions 

19. 
The Audit Committee considers that it has been successful in progressing the Board’s 
governance and internal control priorities during the period to December 2006. There 
has been an engagement through the year with issues identified by the Authority’s 
internal and external auditors, and also by the Authority’s officers. The Committee 
has received full reports on issues raised; considered recommendations made; and 
approved responses and actions. 

20. 
Both the internal auditors’ finding of adequate levels of internal controls within the 
Authority, and the external auditors’ unqualified audit certificate provide assurance to 
the Committee and Board that the Authority’s internal control and governance 
objectives are being met by management. 

21. 
In particular, reports over the course of the year have indicated that our practice of 
reviewing the status of action on outstanding audit recommendations sets best 
practice in this aspect of the Committee’s work on internal controls. 

22. 
It is also worth highlighting that the internal audit report considered in December 2006 
on risk management indicates that the Authority’s Risk Management processes are 
more mature than might be anticipated for an organisation at this stage of 
development. The internal auditors have indicated that their review in this area finds 
that significant progress has been made over the last 18 months. 

23. 
The Committee will continue to address key, basic issues of internal control and the 
development of appropriate processes within the Authority. 

24. 
The Committee also plans over the course of the coming years to undertake post-
completion review of projects. The Committee will consider how well a sample of 
projects have contributed to the Authority’s objectives and outcomes, and through this 
process contribute to the future development of the organisation’s project appraisal 
and control systems. 

25. 
In future years, the Committee will also consider follow up reviews by both internal 
and external auditors in order to provide the Board with assurance that actions 
highlighted are being addressed, and therefore that weaknesses in internal control 
systems identified are corrected. 


DAVID CAMERON 
December 2006 

davidcameron@cairngorms.co.uk