Audit, Risk and Assurance Committee

The formal minute of the public items of business from 17 April was approved at the meeting held 9 May. The formal minute of the public items of business from 9 May will be available at the meeting scheduled for 15 August. These will also be published on the SPA’s website.
A full recording of the public items of business taken at these meetings can be accessed at: Scottish Police Authority Audit, Risk & Assurance Committee - 17 April 2024 | Scottish Police Authority (spa.police.uk) and Scottish Police Authority Audit, Risk & Assurance Committee - 9 May 2024 | Scottish Police Authority (spa.police.uk)

ITEMS OF BUSINESS CONSIDERED

Internal Audit reports on electronic data retention; investment prioritisation; middle office restructure project; grievance process; review of ICT general controls; and best value readiness
Internal and External Audit updates
Annual Internal Audit Report.
Police Scotland and SPA Audit and Improvement Recommendation Trackers
Police Scotland Best Value Bi-annual Update
Accounting Policies, judgements and estimates
Integrated Assurance Statement 2023/24
SPA Corporate 2023/24 Year End Performance
Audit, Risk and Assurance Committee Annual Report
Evaluation of Committee Effectiveness
Police Scotland, Forensic Services and SPA Risk Management Reporting
Police Scotland and SPA 6 monthly information management updates

KEY ISSUES RAISED

Internal and External Audit Reporting
Internal Audit Report on electronic data retention. Discussion on the report focussed on not accepted and partially accepted auditor findings, with agreement reached on a way forward for some. Members received assurance from BDO that no issues with data quality had been identified. The Committee were briefed on the value of holding iVPD data, how it is managed, the practicability of reviewing large level of records, and the intention to broaden data analysis. Members sought comment on system use in relation to new hate crime legislation and heard information would only be added after any follow up investigation, and third-party information would not be recorded.
Internal Audit Report on investment prioritisation. Members welcomed the focus on improving the transparency of prioritisation within the context of limited capital and reform funding available.
Internal Audit Report on middle office restructure project. Members received assurance from Police Scotland that the project was an exception and not representative of the portfolio, and that there were no other projects ongoing which had started in the same manner.
Internal Audit Report on grievance process. Members received updates from the Director of People and Development on work ongoing to mitigate risks relating to data systems; the intention to introduce new case management systems at the earliest opportunity; and the link between People and Development and the Professional Standards Department. Members welcomed the report and were assured by the updates provided.
Internal Audit Report on review of ICT general controls. Members noted the scope of work was broad but heard that audits undertaken during the current year will focus on specific areas, building on knowledge from this report.
Internal Audit Report on best value readiness. Members welcomed the report and heard the recommendations were not unexpected by Police Scotland. Members raised concern on the resourcing of the Best Value function and requested consideration be given to prioritising recruitment in the area.
Internal Audit Updates. Members received updates on open internal audit recommendations and were provided assurance on work to progress partially accepted recommendations relating to ICT resource planning.
Annual Internal and External Audit Plans. Members sought reflections from BDO on their first year of auditing SPA, Police Scotland and Forensic Services. BDO advised themes identified were on legacy versus modern practice, and capacity and capability to drive change. Members also recognised this and welcomed BDOs intent to help drive continuous improvements. Members welcomed the progress update from Grant Thornton and discussion focussed on issues around receiving information from the Scottish Public Pensions Agency (SPPA) who administer and pay lump sum payments on behalf of SPA. Members were informed there was no resistance from SPPA to providing the information but quality and timeliness of receiving it was challenging.

Assurance Reporting
Accounting Policies, judgements and estimates. Members received assurance that estates and disposal values were correctly recorded within the accounting policies. Members welcomed this new annual report which had been introduced following gap analysis at the most recent Committee development day.
The Committee were provided with a number of annual performance and governance reports which were well received. Whilst noting the positive outcomes of the Evaluation of Committee Effectiveness Report, Members were assured work will continue to drive continuous improvement, with focus on volume and length of Committee reports, improved alignment between Agendas and Committee Terms of Reference, and delivery of actions.
Information Management Updates. Members were provided with bi-annual and end of year updates from Police Scotland and SPA. Discussion focussed on required improvements in training.

Risk Management Reporting. Members received updates from Police Scotland, Forensic Services and SPA, where updates and discussion focussed on movements in Police Scotland’s strategic risks and those out with tolerance.

CONCLUSIONS/ACTIONS REACHED
To gain better understanding of the value of the system, the Committee are to be provided with an overview of how individuals are added and removed from the iVPD database.
Recent meetings have reported recommendations where BDO and Police Scotland had not come to an agreement on proposed closures. Members agreed it was not for the Committee to arbitrate these issues therefore they requested a process be put in place to ensure these matters are resolved before being reported to the Committee.

The Committee welcomed the new format of Police Scotland’s Audit and Improvement Recommendation Tracker, but requested future reports focus on high risk and out of date actions.
To understand further how People and Development and the Professional Standards Department work together, the Committee are to be shared the Terms of Reference for the newly established Case Review Panel.
The Committee were concerned by the lack of progress within the Best Value function, although it noted the recruitment challenges it has faced. The Committee requested an updated plan be presented to the next meeting to ensure it is receiving appropriate priority within Police Scotland.