WARNING - By their nature, text files cannot include scanned images and tables. The process of converting documents to text only, can cause formatting changes and misinterpretation of the contents can sometimes result. Wherever possible you should refer to the pdf version of this document. CAIRNGORMS NATIONAL PARK AUTHORITY Audit Committee Meeting Paper 1 25/08/06 CAIRNGORMS NATIONAL PARK AUTHORITY FOR DECISION Title: 2005/06 ACCOUNTS: STATEMENT OF INTERNAL CONTROL Prepared by: David Cameron, Head of Corporate Services Purpose To seek the Committee’s approval for the Statement of Internal Control to be set out in the accounts for 2005/06. Recommendations The Committee is requested to: 1. Approve the draft Statement of Internal Control set out in the accounts for 2005/06; Executive Summary Draft accounts for the year ended 31 March 2006 have been prepared. External audit review of the accounts is also nearing completion. An element of the Committee’s remit is to provide advice to the Accountable Officer on their completion of the Statement of Internal Control, which forms part of the preface to the accounts. Accordingly, the Audit Committee is requested to consider a draft Statement of Internal Control in light of their experience of internal and external auditors’ reports, and of reports from the Authority’s management, brought to the Committee over the course of the year. 2005/06 ACCOUNTS: STATEMENT OF INTERNAL CONTROL Background 1. The Board approved a revised remit for the Audit Committee at its meeting in April 2006 to bring this into line with the requirements of the Scottish Public Finance Manual. The revised remit includes the provision of advice to the Accountable Officer on the completion of the Statement of Internal Control included as part of the preface to the annual accounts report. 2. Draft accounts for 2005/06 were completed and forwarded to the external auditors by the end of June, in accordance with the agreed external audit timetable. External audit work has been progressing since that point and Bob Clark of Audit Scotland will provide an update of progress to members at the meeting. Statement of Internal Control 3. A draft Statement of Internal Control is set out at Annex 1 to this paper. Text set out in italics in the Annex is prescribed within the accounting guidelines issued for the Authority’s accounts and must therefore be included in the statement. 4. The Audit Committee is requested to consider a draft Statement of Internal Control in light of their experience of internal and external auditors’ reports, and of reports from the Authority’s management, brought to the Committee over the course of the year. 5. The Committee is requested to approve the Statement of Internal Control for 2005/06. Future Action 6. It is currently intended that the Draft Annual Report and Accounts will be submitted to the Board and Scottish Executive for comment in early September. 7. We plan to have the accounts signed off by the Chief Executive and finalised audit certificate by the end of September. DAVID CAMERON 15 August 2006 davidcameron@cairngorms.co.uk DRAFT STATEMENT OF INTERNAL CONTROL For the year ended 31 March 2006 Scope of Responsibility As Accountable Officer, I have responsibility for maintaining a sound system of internal control that supports the achievement of the organisation's policies, aims and objectives set by the Scottish Ministers, whilst safeguarding the public funds and assets for which I am personally responsible, in accordance with the responsibilities assigned to me. In discharging this responsibility I am held accountable by the Authority’s Board, and by Scottish Ministers. In particular, the Authority’s Board has Finance and Audit Committees in place, each of which has remits to ensure elements of the Authority’s internal control systems are in place and function effectively. The Scottish Public Finance Manual (SPFM) is issued by the Scottish Ministers to provide guidance to the Scottish Executive and other relevant bodies on the proper handling of public funds. It is mainly designed to ensure compliance with statutory and parliamentary requirements, promote value for money and high standards of propriety, and secure effective accountability and good systems of internal control. An element of my responsibility as Accountable Officer is to ensure the Authority’s internal control systems comply with the requirements of the SPFM. Purpose of the System of Internal Control The system of internal control is designed to manage rather than eliminate the risk of failure to achieve the organisation's policies, aims and objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an ongoing process designed to identify the principal risks to the achievement of the organisation's policies, aims and objectives; to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically. The process within the organisation accords with the SPFM and has been in place for the year ended 31 March 2006 and up to the date of approval of the annual report and accounts and accords with guidance from the Scottish Ministers. The internal audit function is an integral element of the Authority’s internal control systems. Deloitte LLP were appointed as the Authority’s internal auditors in June 2004 and have undertaken a comprehensive review of key internal control systems since their appointment. Over the course of the year to 31 March, the internal auditors have reported to the Audit Committee on their independent reviews of Corporate and Operational Planning; project planning; information technology contingency planning; and server security. Work is ongoing on reviews of cash management and implementation of risk management. The Board’s Audit Committee has considered reports on each of these reviews and approved management actions required to address any recommendations made. Recommendations made were for improvements to control systems, with all reviews finding adequate control systems to be in place and operational. Risk and Control Framework All bodies subject to the requirements of the SPFM must operate a risk management strategy in accordance with relevant guidance issued by the Scottish Ministers. The general principles for a successful risk management strategy are set out in the SPFM. The Authority’s strategic risk management processes are based on a schedule of key risks and risk management strategy approved by the Audit Committee in March 2005. This has given rise to the Authority’s Strategic Risk Register, setting out responses to key risks and officers responsible for their management, which was subsequently approved by the Audit Committee in March 2006 and is now subject to quarterly review and update by the Committee and the Authority’s Management Team. The Authority has also adopted a risk based approach to the management and monitoring of its Operational and Corporate Plan delivery, whereby any increased risk to achievement of targets is assessed, reported to Board and Management Team, and where required remedial action determined and implemented. More generally, the organisation is committed to a process of continuous development and improvement: developing systems in response to any relevant reviews and developments in best practice in this area. In particular, in the period covering the year to 31 March and up to the signing of the accounts the organisation has: • Implemented financial regulations and published accompanying guidance on budget management; • Implemented a standard planning process for operational plan activities, to improve management and control of our activities aimed at delivering Corporate Plan outcomes; • Developed a “balanced scorecard” model to further assist in monitoring and controlling key organisational risks around the Authority’s finances, its staffing, its governance and its delivery of key outcomes. Review of Effectiveness As Accountable Officer, I have responsibility for reviewing the effectiveness of the system of internal control. My review is informed by: • the executive managers within the organisation who have responsibility for the development and maintenance of the internal control framework; • the work of the internal auditors, who submit to the organisation's Audit Committee regular reports which include the Head of Internal Audit's independent and objective opinion on the adequacy and effectiveness of the organisation's systems of internal control together with recommendations for improvement; • comments made by the external auditors in their management letters and other reports. Advice from independent internal and external auditors forms a key and essential element in informing my review of the effectiveness of the systems of internal control within the Authority. The Board’s Audit Committee also plays a vital role in this regard, through its review of audit recommendations arising from reviews of internal control systems and its consideration of proposed management action. In particular, the Audit Committee is tasked with monitoring the operation of the internal control function and bringing any material matters to the attention of the full Board. Detailed findings of all audit reviews are made available to both management and the Audit Committee. The Audit Committee also produces an Annual Report to the Board assessing the adequacy and effectiveness of the Authority’s internal controls. Senior Managers on the Authority’s Management Team also play an important role in implementing control systems and advising on any improvements required. The Head of Corporate Services is particularly involved in implementing a variety of internal control process and for ensuring a continuing process of review and improvement to these systems. Appropriate action is in place to address any weaknesses identified and to ensure the continuous improvement of the system. The internal auditors have reported that, overall, adequate internal controls were in place within the Authority over the course of 2005/06. JANE HOPE, CHIEF EXECUTIVE September 2006