WARNING - By their nature, text files cannot include scanned images and tables. 
The process of converting documents to text only, can cause formatting changes and 
misinterpretation of the contents can sometimes result. Wherever possible you 
should refer to the pdf version of this document.


CAIRNGORMS NATIONAL PARK AUTHORITY 

Minutes of the Meeting of the Audit Committee 

Held at Ben Mhor Hotel, Grantown-on-Spey 
On Thursday 24 March 2005, 9.00 am 


Present 

Eric Baird (Chair) 		Sheena Slimon 
Duncan Bryden 		Bob Wilson 
Sally Dowden 


In Attendance 

David Cameron 		Andy Rinning 
Stuart Sands, Deloitte 


Apologies 

Jane Hope 


Welcome 

1. The Chair welcomed everyone to the meeting and noted apologies as set out above. 


Minutes of the Previous Meeting 

2. The minutes of the meeting of 17 December were approved. 

3. It was noted with regard to point 13 that guidance had been circulated to all Board 
members on the operation of the Freedom of Information Act. 

4. Actions arising at points 17 (risk management strategy), 26 (Guardian Social, Ethical 
and Environmental Audit) and 27 (green audit) were all covered by items on the 
current agenda. 


Internal Audit Reviews of Fixed Assets and Payroll (Paper 1) 

5. Stuart Sands of Deloitte introduced his internal audit reports following reviews 
undertaken on fixed assets and payroll. The conclusions of the internals auditors 
reviews were that adequate controls were in place for the payroll system, while 
significant weaknesses were identified in the fixed asset systems which could become 
increasingly problematic with future expansion of the Authority. One priority one 
issue was identified for action on payroll systems, while two priority one 
recommendations had been made for fixed assets. 

6. David Cameron indicated that a number of points of response had been made to the 
internal auditors on the recommendations made, including questioning the 
appropriateness of a number of the recommendations for action. Those points would 
be followed up with Deloitte prior to finalising the reports. However, it had been 
considered worthwhile to present the draft reports to the Committee in order to allow 
early consideration of the issues raised and provide a view of the work being 
undertaken by the internal auditors. 

7. Overall, however, David Cameron indicated the he accepted the general thrust of the 
findings of the reviews. He felt that the number and relative importance of findings 
reflected the current stage of development of the Authority and its internal processes. 
Many systems had been inherited from the previous Cairngorms Partnership and 
required review to reflect the changing scale of operations and funding environment. 

8. In response to a request for clarification of the priority classification of 
recommendations made, it was clarified that Deloitte used a three point classification 
system for recommendations made. Those classed as priority one are deemed to be 
major issues that the internal auditors consider need to be brought to the attention of 
management and the Audit Committee. 

9. It was also clarified that the 78 people on the Authority’s payroll included both 
members of staff and Board. 

10. Members queried whether the internal auditors might supplement their reports with 
documented system notes which may be developed into fuller financial procedures as 
a means of adding additional value to the organisation from their work. Stuart Sands 
agreed to look into this, and indicated it should be possible to develop these from 
system notes held on the audit files. 


Strategic Risk Register and Risk Management Strategy (Paper 2) 

11. Sally Dowden arrived at the meeting at this point. 

12. David Cameron introduced his paper, which set out a proposed risk management 
strategy and associated risk management processes. This followed from the 
identification of 77 strategic risks which could impact on the delivery of the 
organisation’s strategic objectives, and assessment of each of these on their likelihood 
of occurrence and impact were they to occur. 

13. In discussions, it was noted that the risk management strategy was intended to set the 
organisation’s appetite to accept or manage risks around the delivery of its objectives. 
Not all risks identified need to be actively managed with action taken to address them. 
Other options were to accept the existence of risks or to monitor them to ensure their 
likelihood or impact did not increase. Risks would be reviewed embedded in 
corporate and operational plans and reviewed annually. 

14. Members noted that as an enabling organisation, key risks would appear to be around 
the lack of public clarity about the Authority and its objectives. It was agreed that to 
an extent this area related to the top two risks identified within the register – the lack 
of clarity on priorities and lack of public understanding of the CNPA’s objectives. 

15. Members agreed that it may be useful to consider the management of these two risks 
as a case study to illustrate the operation of the risk management strategy at a future 
meeting, towards the end of the year. 

16. The Committee approved the Strategic Risk Register. 

17. The Committee approved the proposed Risk Management Strategy. 


General Environmental Review (Paper 3) 

18. Andy Rinning introduced the paper setting out the results of the environmental review 
commissioned to consider the Authority’s premises and operations. He indicated that 
a group of officers would be formed to take forward environmental improvements 
within the organisation, and this action had been established in the operational plan 
for the coming year. 

19. Members noted the report. 


Guardian Social, Ethical and Environmental Audit 2004 (Discussion) 

20. Members considered the Guardian’s Social, Ethical and Environmental Audit for 
2004 previously distributed to them, and the wider question of whether the Audit 
Committee might undertake a broader role in the review of the Authority’s activities 
and its impact. 

21. In discussion, members noted that it would be valuable to look at whether the 
Authority was delivering what it had been set up to do. It was recognised that to a 
degree this was part of reviewing corporate and operational plan delivery, but 
suggested that sample testing of the effect of some individual projects would 
complement review of broader plan delivery. 

22. There was also some concern expressed by members that the Committee still needed 
to ensure that the fundamentals were put in place as the organisation developed, 
before broadening the Committee’s areas of interest. 

23. Members discussed the level of input which might be given by internal auditors and it 
was agreed that these issues could be considered further at a future meeting when the 
proposed future work schedule and prioritised areas for review was put forward for 
the Committee’s consideration. 


Date of Next Meeting 

24. Friday 26 August at 9:00am, Ballater.