Home
Publications
Annual report by NRS Audit and Risk Committee - 2023-2024

Corporate information Corporate governance

Annual report by NRS Audit and Risk Committee - 2023-2024

Date published: 14 June 2024
Publication frequency: Annually

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

1. Executive summary

1.1 The Audit and Risk Committee (the Committee) of NRS completed its programme of work for 2023-2024 and was satisfied that the range of assurances and evidence of effective internal controls, together with responses to strengthen internal controls, supplied to the Committee were sufficiently reliable to provide overall assurance and support to the Accountable Officer in their financial stewardship responsibilities.

1.2 Sources of assurance considered by the Committee during the year include reports from the external auditors, internal auditors, objective scrutiny of risk management systems, and internal controls reports received from management.

1.3 The Committee was satisfied with the quality and relevance of the reports it received from both the external auditors and internal auditors.

1.4 The Committee noted the reasonable assurance opinion received from Scottish Government Directorate for Internal Audit and Assurance (DIAA).

1.5 During the year the Committee conducted thematic reviews into the Census Programme including Census 22 programme and development of the Future of Population Statistics. Other reviews included Estates follow up and the development of a business case to support the Archival and Digital Storage Programme.

2. Purpose of the Committee

2.1 The Committee has been appointed to provide independent advice and support to the Accountable Officer of NRS in delivering their responsibilities for issues of risk, internal controls and governance.

2.2 The Committee operates by providing robust constructive challenge and scrutiny to support the Accountable Officer, including reviewing the effectiveness of internal controls, risk management arrangements, financial information, and the integrity and independent audit of the Annual Report and Accounts.

2.3 The Committee carries out a planned schedule of four meetings per year but may convene additional meetings if necessary. For 2023-2024 financial year, no additional meetings were held. The quorum is a minimum of two Non-Executive members.

3. Duties of the Committee

3.1 The Committee will advise the NRS Chief Executive Officer, Accountable Officer and the NRS Strategic Board on:

the strategic processes for risk, control and governance and the governance statement;
the approval and signing of the annual report and accounts, including the process for review of the accounts prior to submission for audit, levels of error identified, and management's letter of representation to the external auditors;
the planned activity and results of both internal and external audit including reports, advice and findings from external audit on NRS financial statements in the annual report and accounts, in accordance with ISA 260;
the adequacy of management response to issues identified by audit activity, including external audit's management letter/report;
the effectiveness of the internal control environment;
the formulation of an effective three lines of defence assurance framework focussed on the organisation’s key risks;
counter-fraud policies, whistle-blowing processes, and arrangements for special investigations.

3.2 The Committee primarily utilises work of internal audit, external audit and other sources of assurance, but will not limit itself to these sources. It will also seek reports and assurances from NRS as appropriate, concentrating on the over-arching systems of governance, risk management and internal control, together with indicators of their effectiveness.

3.3 The Committee can also recommend to the Accountable Officer issues of concern and/or opportunity it deems appropriate to bring to the attention of the NRS Strategic Board.

4. Membership and meetings

4.1 Membership of ARC during 2023-2024 was:

Bill Matthews, Non-Executive Director (Committee chair from 16 September 2022 to 27 June 2023)
Maggie Waterston, Non-Executive Director (from 1 February 2022, Committee chair from 28 September 2023)
Christine Martin, Non-Executive Director (until September 2023)
Anne Moises, Non-Executive Director (from August 2022)
Tim Wright, Non-Executive Director (from February 2024)
Gordon Shipley, Non-Executive Director (attended February 2024 to ensure quorate)

4.2 Other regular attenders were NRS Chief Executive, NRS Accountable Officer, NRS Chief Finance Officer, NRS Head of Business Management, External Auditors (Audit Scotland) and Internal Auditors (Scottish Government Internal Audit Division)

4.3 The Chief Executive for NRS during 2023-2024 was Janet Egdell, Interim Chief Executive

4.4 During 2023-2024 meetings were held by Microsoft Teams.

5. External Audit (Grant Thornton UK LLP) activities

5.1 External audit provide a significant independent test of the financial integrity, effectiveness of internal controls and robustness of sources of assurance at NRS. The 2023-2024 audit plan set out arrangements for the audit of 2023-2024 financial statements, as well as consideration and review of the following dimensions:

Financial management
Financial sustainability
Governance and transparency
Value for money

5.2 The main review activities carried out were:

an interim audit of the National Records of Scotland's main financial systems and governance arrangements
an audit of the National Records of Scotland's 2022-2023 annual report and accounts including the issue of an independent auditor's report
a review of NRS’ arrangements in relation to the audit dimensions noted above

5.3 Grant Thornton UK LLP have been appointed by the Auditor General for Scotland as external auditors for NRS from 2023-2024 financial year. The appointment is for five years. The Committee received updates relating to the transition from Audit Scotland to Grant Thornton including their audit plan. The Committee also considered the 2023-2024 Annual Audit Report, reviewed on 28 August 2024 as part of the Annual Accounts process.

5.4 The Committee was pleased to record that external auditors Grant Thornton UK LLP had determined that the financial statements of NRS for 2023-2024 give a true and fair view of the state of the body's affairs and of its net expenditure for the year. The Committee also noted the
recommendations raised in the report and the agreed actions with management.

6. Scottish Government Directorate for Internal Audit and Assurance (DIAA) activities

6.1 DIAA focus on key activities which are relevant to NRS’s business purpose and objectives. Audits are designed to ensure that an independent opinion on the adequacy of governance, risk management and internal control arrangements is provided.

6.2 The 2023-2024 audit comprised reviews of:

Data Governance and Management
NHSCR Cyber Incident Management
Budget Monitoring and Reporting
Storage of Records
Workforce Planning and Recruitment
Registration Services

6.3 The Committee received regular progress reports from DIAA against the audit plan, considering recommendations made to NRS and the response to these including monitoring implementation of recommendations by NRS throughout the year. The committee received regular briefings regarding the NHSCR cyber incident and historical thefts. Updates were giving regularly at committee meetings.

6.4 The Committee noted the reasonable assurance opinion received from DIAA.

7. Budget Monitoring Activities

7.1 The Committee regularly scrutinised budget-monitoring reports during the year, which reported projected outturns against the budgets approved by the Executive Management Board and Scottish Government limits.

8. Risk Management Activities

8.1 The Committee reviewed quarterly reports from management at each meeting covering the following topics;

General NRS business and planning updates
Financial Performance and Financial Balance
Key Risks
Fraud Risk
Procurement Risks
Health & Safety
Human Resources
Equality
IT & Cyber Risk
Organisational Resilience and Business Continuity
Corporate Projects
Assurance Reporting

8.2 The Committee conducted a series of thematic reviews into key areas of risk. These included reviews of:

The Census and Future of Population Statistics programmes
Estates follow up
Archival and digital storage programme

9. Effectiveness of the Committee

9.1 The Committee annually reviews the effectiveness of its own operations, in line with good practice, using the “Audit Committee Self-Assessment Checklist” contained in the Scottish Government’s Audit Committee Handbook and seeks to put in place actions plans for any areas for improvement identified. The Committee also meets privately with the Chief Executive and the Accountable Officer and seeks feedback on the Committee’s performance. The review was completed by the Committee on 7th June 2024 and the results are attached as Appendix 1. A number of improvement actions were identified and the action list is included as Appendix 2.

Appendixes are available in the PDF version of this publication.

File downloads

Audit And Risk Committee Annual Report 2023 2024

File type: PDF,
File size: 232.05 KB