Report Summary
This report provides members of the Scottish Police Authority's Audit, Risk & Assurance Committee with an overview of BDO’s Internal Audit progress. This includes review conclusions on Forensic Performance Management and Performance, Core Operational Solutions (COS), Risk Management Review, Equality and Human Rights Impact Assessment (EqHRIA) audits, and Q2 Follow Up review results.
To access the full document please open the PDF document above.
To view as accessible content please use the sections below. (Note that tables and some appendixes are not available as accessible content).
Meeting
The publication discussed was referenced in the meeting below
Audit, Risk and Assurance Committee - 20 November 2024
Date : 20 November 2024
Location : online
Further detail
FURTHER DETAIL
Appendix A - Internal audit progress report
Appendix A provides a detailed progress update on the annual IA plan for 2024/2025.
The plan includes ten assignments, excluding the quarterly follow ups, of which one was planned to be reported to the November 2024 ARAC. The remainder of the audits are scheduled to be reported to ARAC throughout the rest of the year. Forensic Performance Management and Performance, Core Operational Solutions (COS), Risk Management Review, Equality and Human Rights Impact Assessment (EqHRIA) have been completed and the final IA reports are presented to this meeting.
Internal Audits KPI’s are outlined in the report. All KPI’s are shown as “green” as on track or “grey” as not yet started.
The report has also included section to listed out additional services that carried out by BDO, a rationale has included for each service on how BDO will remain independent from Management as IA.
Appendix B – Q2 Management action follow-up
Appendix B summarises the progress made by Police Scotland, Forensic Services and SPA in implementing previously agreed internal audit actions. Internal audit validate the closure of actions with targeted timeline in Q2 2024/2025.
The total number of open actions has moved as follows:
Actions Number of actions:
Previously open 59
Add New 10
Less Closed (Fully implemented 19 and Superseded)
Remaining Open 50
Total 69 recommendations followed up in October 2024:
19 (28%) are fully implemented
33 (48%) remain in the process of being implemented
17 (24%) were not yet implemented
0 (0%) could not be tested
0 (0%) were superseded
There are two high significance ICT Service Delivery risks which Police Scotland advised last quarter that they do not intend to implement; the ARAC did not come to a decision on whether to approve removal of these recommendations. BDO note that by not assigning resources to these areas, the organisation is carrying these high significance risks.
There are five recommendations where Police Scotland have not accepted IA recommendation, per their original management response. Two of these recommendations carry a medium significance level whilst the remaining three are low significance.
