WARNING - By their nature, text files cannot include scanned images and tables. 
The process of converting documents to text only, can cause formatting changes and 
misinterpretation of the contents can sometimes result. Wherever possible you 
should refer to the pdf version of this document.


CAIRNGORMS NATIONAL PARK AUTHORITY 
AUDIT COMMITTEE 
26/08/05 MINUTES 


CAIRNGORMS NATIONAL PARK AUTHORITY 

Minutes of the Audit Committee 

Held at George Beaton Room, Albert Hall, Ballater 
On Friday 26 August 2005, 9:00 am 


Present 

Eric Baird (Chair) 		Sally Dowden 
Duncan Bryden 		Bob Wilson 


In Attendance 

David Cameron 		Bob Clark (Audit Scotland) 
Duncan Geddes (Deloitte) 


Apologies 

Jane Hope, Stuart Sands (Deloitte), Sheena Slimon 


Welcome and Apologies 

1. The Chair welcomed everyone to the meeting and noted apologies as above. 


Minutes of Previous Meeting 

2. The minutes of the meeting held on 24 March 2005 were approved without 
amendment. 


Matters Arising 

3. There were no matters arising not covered elsewhere on the agenda. 


Internal Audit Review of Corporate and Operational Planning (Paper 1) 

4. Duncan Geddes introduced this paper and in particular drew members’ attention to 
page 4, which set out the internal auditors’ overall conclusion following their review 
of the Authority’s Corporate and Operational Planning processes. Their view was 
that the processes set up by the Authority were relatively robust, and only 2 relatively 
minor, category 3 recommendations had been made regarding their findings. These 
were deemed to be relatively minor issues which management may wish to consider 
for future implementation. 

5. The internal auditors’ next steps would be to consider the Authority’s consideration of 
operational plan delivery and this work had been built into future internal audit plans. 

6. Members queried the wording of the second recommendation made – point 2.2 of the 
Deloitte report – which gave emphasis to elected Board members in particular being 
involved in the brainstorming sessions used at the early stages of corporate plan 
development. Members discussed whether this should relate to the five directly 
elected members or also to those appointed following nomination from the four local 
authorities. Members appreciated that there may be some subtle differences in 
accountability of directly elected members from other Board members and, hence 
could appreciate the rationale for the statement. Overall, members agreed that all 
Board members had an equal part to play and equal responsibility for the development 
of the corporate plan and that this part of the recommendation should therefore be 
removed. Duncan Geddes for Deloitte agreed that it would be acceptable for them to 
adjust the recommendation in this way. 

7. Agreed that recommendation 2.2 should read: Board members should ensure 
that they are involved in the brainstorming sessions with staff and also in the 
management team prioritisation sessions to ensure their views are fairly 
reflected. 

8. Members agreed that the timetable for preparation of the next Corporate Plan 
should be considered to ensure that sufficient time was built in to allow for 
appropriate levels of Board participation. 

9. Members discussed the wording of the overall audit conclusion – that controls over 
creation and approval of plans were adequate. Members suggested that this could be 
read as being somewhat faint praise, masking underlying problems. Duncan Geddes 
assured members that this was standard internal audit wording and actually reflected 
findings of very sound processes and systems, as had been reflected in the overall 
assessment set out in section 1.4 where 5 of 7 aspects had been found to have 
arrangements in place and operating which accord with good practice. The findings 
were therefore at the top end of an internal audit assessment. 

10. Members noted their congratulations to the Chief Executive and officers for 
establishing and implementing these arrangements. 


Internal Auditors Annual Report for 2004/05 (Paper 2) 

11. Duncan Geddes introduced this paper, which set out the scope of the internal auditors’ 
work over 2004/05 following their appointment over the course of that year. The 
internal auditors’ role is to provide the Audit Committee, Board and management 
with independent assurance as to the adequacy and effectiveness of the systems which 
they review and to report on weaknesses identified. The annual report for 2004/05 
sets out that, on the basis of Deloitte’s work undertaken in the year and assuming high 
priority recommendations are addressed, the Authority generally has an adequate 
framework of control over systems examined. Members’ attention was drawn to the 
need for work to be done in completing the Authority’s suite of formal financial 
policies and procedures, although it was noted that an element of this was to be 
covered later on the current agenda. 

12. Members noted their contentment with this position reported for 2004/05 and also 
agreed the need to move forward on the implementation of financial procedures. 

13. Members questioned the reason behind the postponement of the audit review on 
project management for a year and also the content of the Heathguard audit noted in 
the annual report. David Cameron clarified that the project management audit had not 
been postponed for a full year. Rather, the intention of the note in Deloitte’s annual 
report had been to indicate that the work had slipped from the 2004/05 audit 
programme into the 2005/06 schedule. In reality, the review had been planned for 
March 2005 and was now commencing in August 2005, with the agreement of a 
broad scope and terms of reference. The delay was therefore only 5 months and had 
been agreed to allow officers to concentrate on completion of 2004/05 operational 
plan activities and also initial implementation of 2005/06 plans. 

14. David Cameron also clarified that the Heathguard audit work related to the 
requirement for independent certification of expenditure on a particular project, 
required by third party funders. He would provide a fuller note updating members on 
the nature of the project itself. 

15. Members discussed the need for a review of project management to consider the 
means by which the Authority assessed whether overall objectives had been delivered, 
and not simply focus on management of finances and delivery of specific outputs. 
Duncan Geddes agreed that he would feed this into the scope and terms of reference 
for the audit review. 

16. Members discussed the means of maintaining an ongoing overview of 
recommendations made to them and the progress made on implementing remedial 
actions. 

17. Members agreed a schedule of recommendations and the status of work undertaken on 
them should be incorporated as a standing item on the Committee’s agenda. 
Recommendations would be removed from the schedule after follow-up by the 
auditors indicated that actions had been satisfactorily implemented. 


2004/05 Accounts and Statement of Internal Control (Paper 3) 

18. David Cameron introduced this paper, which set out the draft accounts for 2004/05 
and sought the Committee’s approval to the statement of internal control. The 
external audit review process for the 2004/05 accounts was nearing completion and it 
was therefore timely to present a draft to the Committee. 

19. While it was the Chief Executive’s responsibility to sign the statement of internal 
control, it primarily reported on areas of internal control development, 
implementation and review over which the Committee had responsibility. Therefore, 
it was appropriate that members be given an opportunity to consider the statement 
prior to it being signed. David Cameron indicated that external auditors had raised a 
point regarding the Authority’s reference in the draft statement to the development of 
a risk register. In their opinion, the Authority had yet to establish a formal risk 
register: a stand-alone document that set out identified risks and established how those 
risks were being managed. David Cameron accepted that this was the position, with 
risks identified and prioritised in accordance with the agreed risk management 
strategy, and management action identified within the operational plan. 

20. The Committee agreed that the Head of Corporate Services should be given the 
authority to agree revised wording in the internal control statement with the 
external auditors. 

21. The Committee agreed that they were otherwise content with the wording of the 
Statement of Internal Control set out in the draft accounts. 

22. In discussion over timetables for future action, Bob Clark of Audit Scotland 
confirmed that the process was still ahead of the schedule to complete certified 
accounts for 2004/05 by the end of October, as had been agreed by the Committee in 
December, provided that no material issues arose in the remaining period. He also 
informed members that, following an internal restructure within Audit Scotland, it 
would be a Director of Audit Services who would have final responsibility for 
certifying the accounts, rather than his own responsibility. However, internally, Audit 
Scotland was at the stage of final review and this change should not, therefore, affect 
the timetable for certification. 


Audit Scotland Computer Services Overview (Paper 4) 

23. Bob Clark indicated that the work summarised in this paper had been undertaken by 
Audit Scotland as part of their external audit review process for the 2004/05 accounts. 
He felt that the review was of a significance that merited a separate report to the 
Committee, rather than summarising the findings within the overall review of the 
accounts. He highlighted that the review of the Authority’s IT services had found a 
number of areas of good practice, and had set out three recommendations for future 
development. In particular, it had been recommended that an IT strategy be 
developed for the Authority setting out the vision for future information needs, and 
that a business continuity plan should be prepared, implemented and tested. 

24. Members stated that they were happy with the findings of this report and discussed 
how the review of IT might be taken forward. David Cameron indicated that a further 
review of IT had been built into the internal auditor’s work plans for 2005/06, 
following his audit planning meeting with Deloitte earlier in August. 

25. Members agreed that the development of an IT strategy should be widened to 
cover communications technologies, and also to consider the wider implications 
on the Authority’s standing order that holding formal meetings by audio or 
video conferencing may have. The Committee requested the Head of Corporate 
Services to take this forward. 


Financial Regulations (Paper 5) 

26. David Cameron introduced this paper and draft set of financial regulations by 
highlighting that the proposed regulations represented the first step in the 
development and implementation of formal financial regulations and procedures 
which had been discussed earlier by the Committee when considering the internal 
auditors’ annual report for 2004/05. The paper sought the Committee’s approval for 
the draft financial regulations set out, which would establish a set of relatively “static” 
principles of financial administration and stewardship. These Regulations would then 
be supplemented as required by more detailed operational procedures. 

27. Members discussed the intended audience for these regulations and the 
appropriateness of the language used. Members recognised the need for some degree 
of formality in such a document, establishing primary financial regulations for the 
Authority, but were also keen to ensure that the regulations and terminology used 
would be understandable for staff. David Cameron agreed that the inclusion of a 
glossary of terms, as a minimum, would certainly be helpful and would be added to 
the document. The Regulations themselves had been taken from a model set of 
financial regulations prepared by the Chartered Institute of Public Finance and 
Accountancy (CIPFA) and the terminology used was therefore quite standard for such 
a document. As a result of using these model regulations, he accepted that the actual 
wording had not been subjected to a significant review, other than to make specific 
areas relevant to the Authority’s circumstances. 

28. Both Internal and External Auditors commented that this was a key document from 
which much of their future review work would stem. 

29. The Chair accordingly requested that members note the importance of the document 
and welcomed its presentation to the Committee. The Chair also requested that 
appropriate training be put in place for staff on the Financial Regulations, and that 
prominence be given to the importance placed on implementation of the Regulations 
by the Audit Committee in delivering that training. 

30. The Committee agreed the Financial Regulations set out in the Annex to the 
Paper, with the inclusion of a glossary of terms and a review of the wording used 
in order to balance ease of understanding with the need to establish an 
appropriate set of financial regulations. 

31. Members discussed whether it would be appropriate to delegate responsibility for 
approving operational financial procedures, falling within these regulations, to the 
Chief Executive, as Accountable Officer, and Head of Corporate Services. Both 
internal and external auditors confirmed that it was common practice within a wide 
range of organisations to delegate responsibility for establishing operational 
procedures in this way. Members also noted that officers would update the 
Committee on additions and changes made to procedures, while procedures 
implemented would also be the subject of future audit reviews with subsequent 
reports coming before the Committee. 

32. Members agreed to delegate approval of operational financial procedures to the 
Chief Executive and Head of Corporate Services. Updates would be provided 
regularly to the Committee, to inform members of areas in which additional 
procedures had been put in place or where revisions had been made. 


Other Business 

33. Members discussed the manner in which the Committee might broaden its activities to 
cover issues of sustainability and corporate responsibility. This followed 
consideration at their previous meeting of the Guardian’s Social, Ethical and 
Environmental Audit for 2004. Members thought that the justification for looking at 
such issues related in part for a need to ensure the Authority adhered to the kind of 
principles which it was seeking other organisations and businesses to adhere to. 

34. Members considered that this had to be kept under review by the Committee, although 
there also remained a need for the foreseeable future to continue to review the basics 
such as the issues considered at today’s meeting. In time, it was agreed that there 
might be scope for the internal auditors to undertake some work in broader areas of 
the organisation’s operations. Members also acknowledged that the type of work 
considered on delivery of overall objectives as part of the project management review, 
discussed under an earlier item, might also begin to cover aspects of this broader 
remit. 


Date and Time of Next Meeting 

35. 16 December 2005, at 9:00am.