Main Issues Raised at Audit, Risk and Assurance Committee

Internal and External Audit Reporting

Internal Audit Report on DESC Change Management.

Members were assured that 5 of 8 recommendations had progressed but stressed that resource and capacity issues need to be resolved.

Internal Audit Report on Organisational Design Change Management.

Members heard efforts are underway to bring consistency and nationwide standards; and welcomed the commitment to provide more detail on progress against recommendations. The Committee noted that red risk actions were within the Internal Audit annual report, and having sought assurance on timescales, heard that high risk actions were due to be delivered by the end of 2023.

Internal Audit Report on Forensic Services Physical Data Management.

Members heard Forensic Services welcomed the report as it supported plans already in place to address issues highlighted and already known. Members raised concern on the lack of weeding and casefile disposing after 2019 and heard changes in policy had attribute to delays. However, processes were now in place along with plans to ensure work is progressed. The Committee sought comment on why not all recommendations were fully accepted, and accepted the rationale provided which was based on a number of factors including policy changes, resource capability and best value.

Internal Audit Report on Core Financial Systems.

The Committee were informed it was a deliberate choice for core financial systems to be the first audit undertaken by BDO in order to gain a fresh opinion, and Members were encouraged to receive substantial assurances and a list of good practice. Members received updates in relation to scope for data cleansing and were assured all actions were on target.

Annual Internal Audit Report.

The Committee noted the Annual Report which concluded that the SPA, Police Scotland and Forensic Services have a framework of governance, risk management and controls in place that provide reasonable assurance regarding the effective and efficient achievement of objectives. Members noted this opinion was except in relation to resource deployment unit change management and compliance arrangements relating to PAVA spray and airwave terminal units.

Internal Audit Update

In August, the Committee were presented the first Internal Audit Update from BDO and were supportive of intentions for future reports to include follow up work of all open recommendations.

Assurance Reporting
Police Scotland Audit and Recommendation Tracker.

Discussion focussed on ensuring work is undertaken to review timelines and Members were assured they remain realistic. Members sought further comment on benefits realisation and questioned whether the agreed process is useful without evidence. Members heard BDO would be reviewing a Police Scotland project allowing them the opportunity to comment within the next update.

Police Scotland Change Portfolio Update.

Members raised concern over the number of projects which were reporting red from a previous status through to a forecasting status. Members heard those statues were over a three-month period and it was anticipated some would move to amber and/or green by the next Committee report in November. The Committee reinforced the importance of prioritisation and requested further information on long term expectations.

Audit, Risk and Assurance Committee Annual Report.

Members noted there was one criterion from the National Audit Office (NAO) best practice gudiance which the Committee were not compliant with, which related to assurances of the risk and controls environment encompassing services outsourced to external providers. Members were assured SPA and Police Scotland procurement staff are liaising to determine how reporting in this area can develop.

Information Management Year End Report. Members heard an update from Police Scotland’s Senior Information Risk Owner and discussed issues related to increased mandatory staff training. Members were also provided with an update from SPAs perspective.

DESC.

Members were provided with an update on the DESC project and progress on the pilot. The Committee noted and were assured by the robust levels of oversight from the SPA.

Cyber Security.

An update was provided of current activity and strategic direction, and discussion thereafter focussed on prioritisation and financial resource.

Police Scotland Best Value Update.

Members welcomed the feedback on learning from the pilot on procurement and received further information on roll out intentions.

SPA Best Value Update.

Members sought more detail on issues of non-compliance and were informed it was in relation to Best Practice. More detail is anticipated to be provided in future reports.

Police Scotland Annual Whistleblowing Report.

Members sought and received more information on how assessments are reviewed, and sought assurances that staff have knowledge of whistleblowing and confidence of using the system. Members heard there is not a process of assessing all complaints to determine whether or not they are from whistle-blower’s and that this process is overseen by a senior officer. Members heard the subject of whistleblowing is included in a session relating to professional standards which recruits attend early in their training.

SPA Annual Whistleblowing report.

Discussion focussed on awareness within Forensic Services and Members reinforced the need for recording confidence to be the next step.

Risk Management Reporting.

Members received updates from Police Scotland and SPA where discussion focussed on risks out with tolerance and appetite. Member sought assurance that work was progressing to move those risks.

HMICS Scrutiny Plan.

Members welcomed an overview of the plan, noting changes from consultation were around prioritisation.
Draft Annual Report and Accounts.

The Committee received their first presentation of the draft Annual Report and Accounts and sought further clarity and provided feedback on a number of areas. The Committee will be provided with an updated draft at a meeting in September 2023 where recommendation to the Authority for approval will be sought.