Further Detail

Appendix A - Internal audit progress report

Appendix A provides a detailed progress update on the annual IA plan for 2024/2025.
The plan includes ten assignments, excluding the quarterly follow ups, of which one was planned to be reported to the August 2024 ARAC. The remainder of the audits are scheduled to be reported to ARAC throughout the rest of the year. Your Leadership Matters (YLM) audit has been completed and the final IA report is Presented to this meeting.
Internal Audits KPI’s are outlined in the report. All KPI’s are shown as “green” as on track or “grey” as not yet started.
The report has also included details of additional services carried out by BDO outside of the internal audit plan.

Appendix B – Q1 Management action follow-up

Appendix B summarises the progress made by Police Scotland, Forensic Services and SPA in implementing previously agreed internal audit actions. Internal audit have validated the closure of actions with targeted timeline in Q1 2024/2025.

The total number of open actions has moved as follows:
Actions No of actions:
Previously open 35
Add New 49
Less Closed (Fully implemented and Superseded) 25
Remaining Open 59

A total of 49 recommendations were followed up in July 2024:
 25 (51%) are fully implemented
 13 (27%) remain in the process of being implemented
 11 (22%) were not yet implemented
 0 (0%) could not be tested
 0 (0%) were superseded

There are two high significance ICT Service Delivery risks which Police Scotland advised last quarter that they do not intend to implement; the ARAC did not come to a decision on whether to approve removal of these recommendations. BDO note that by not assigning resources to these areas, the organisation is carrying these high significance risks.

There are five recommendations where Police Scotland have not accepted IA recommendation, per their original management response. Two of these recommendations carry a medium significance level whilst the remaining three are low significance.