Who We Are

The Scottish Police Authority is independent of both the Scottish Government and policing. It is the primary governance body for policing in Scotland, and was established as a public body on 1 April 2013 by the Police and Fire Reform (Scotland) Act 2012. It was set up to hold the Chief Constable to account; promote, support and oversee improvement in policing. It is also responsible for the management and delivery of Forensic Services in Scotland and Independent Custody Visiting Scotland.

In this section, find out more about the Authority’s priorities, the Board and the Leadership team.

Who We Are

What We Do

The Scottish Police Authority is responsible for maintaining policing. It has four specific areas of responsibility:

promoting the policing principles

supporting continuous improvement

keeping policing under review

holding the Chief Constable to account.

This section tells you in outline what the Authority does.

What We Do

Published: 03 November 2023

Internal Audit Reports - 7 November 2023

ITEM 3.1 Internal Audit Reports (pdf, 2.03MB )

Report Summary

To access the full document please open the PDF document above.

To view as accessible content please use the sections below. (Note that tables and some appendixes are not available as accessible content).

Meeting

The publication discussed was referenced in the meeting below

Audit, Risk and Assurance Committee - 7 November 2023

Date : 07 November 2023

Location : online

View Meeting

Biometrics

Background:
As part of the 2023/2024 internal audit plan for the Scottish Police Authority (SPA), BDO as Internal Auditor perform an audit of compliance with the Code of Practice on the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes in Scotland, as published by the Scottish Biometrics Commissioner.
The organisations in scope for this review are:
Police Scotland – who are responsible for the acquisition of biometric data and manage the retention and weeding of Criminal Justice DNA, and
SPA Forensic Services – who are responsible for managing the retention, use and weeding of all other DNA sample types and all fingerprint types. We note both Police Scotland and SPA FS jointly manage the use of criminal justice DNA.
The purpose of this audit was to review Police Scotland’s, and SPA Forensic Services’, levels of compliance with the Scottish Biometrics Commissioners Code of Practice.

Internal Audit Findings:
BDO are able to provide moderate assurance over the design and operational effectiveness of the arrangements in place to comply with the Scottish Biometrics Commissioners Code of Practice.
Overall, BDO found the controls governing the acquisition, use, retention and destruction of DNA and fingerprint biometric data to generally adhere with the new Code of Practice.
Throughout the review, BDO identified seven findings where there is an opportunity for improvement, four assessed as medium and three as low significance.

Summary of Findings of Biometrics Report:

TABLE

BDO have made recommendations regarding Police Scotland and SPA Forensic Services to effectively demonstrate adherence to the Code of Practice when completing the first annual self-assessment, including consideration of the strategy for both internal and external engagement to raise awareness of the new requirements, the intended strategic priorities, and of how biometric data is being managed in a manner which contributes to national outcomes.

SPA Considerations:

SPA welcomes the assurance this internal audit report brings relating to the levels of compliance with the Scottish Biometrics Commissioners Code of Practice.

Previous Section | Next Section

Back to all documents