SCOTTISH CRIMINAL CASES REVIEW COMMISSION

MINUTES OF THE MEETING OF THE AUDIT COMMITTEE ON MONDAY 24 MARCH 2025 @ 13:30, HYBRID MEETING

FOR DISCLOSURE VIA THE PUBLICATION SCHEME

In line with the Commission’s Disclosure policy, various paragraphs may have been edited or deleted from these minutes as the information contained therein relates to specific case information and/or personnel-related matters. Where the summary of discussion has been edited or the names have been deleted, this is indicated at the start of the relevant paragraph or section.

There have been no edits to these minutes.

Members of the Audit Committee:

  • Mr Finlay Young (Chair) – Video Conference
  • Mrs Suzanne Mertes – Video Conference
  • Ms Laura Reilly – Video Conference

In attendance:

  • Ms Gillian McCreadie, Senior Audit Manager, Audit Scotland – Office
  • Miss Emma McCarter, Trainee Auditor, Audit Scotland – Office
  • Ms Pamela Wilkinson, Deputy Director of Internal Audit & Assurance, Scottish Government – Office
  • Mr Dougie Shepherd, Senior Internal Auditor Manager, Scottish Government – Office
  • Mr Michael Walker, Chief Executive & Accountable Officer – Office
  • Mr Chris Reddick, Director of Corporate Services, SCCRC – Video Conference

 

1.1 Apologies

There were no apologies.

Mrs Mertes confirmed that Mr Young had agreed to Chair the Audit Committee meeting on this occasion.

 

1.2 Conflicts of Interest/Declarations of Interest/Gifts & Hospitality

Members were asked to declare any known conflicts of interests or gifts and hospitality.

There were no declarations of conflicts, gifts or hospitality.

 

1.3 Minutes of the Audit Committee meeting held on 14 November 2024

The Audit Committee approved the minutes of the meeting held on 14 November 2024, subject to minor amendment. The Audit Committee also approved the version for the publication scheme, subject to the same minor amendment.

 

1.4 Matters Arising

There were no matters arising.

 

1.5 External Audit

2024-25 Annual Audit Plan

1.5.1 Ms McCreadie introduced herself and Miss McCarter to the Audit Committee and confirmed that they would be presenting the 2024-25 Annual Audit Plan. She noted that Miss McCarter would be joining the audit team along with Miss Nelson in taking forward the annual audit of the Commission’s 2024-25 accounts and invited Miss McCarter to take Members through the plan.

1.5.2 Miss McCarter referred Members to the circulated Annual Audit Plan and confirmed that she would talk them through the key aspects of the plan. Starting at Exhibit 1, she set out the materiality levels for the audit confirming that planning materiality had been set at £24,000, performance materiality at £17,000 and reporting materiality at £1,000, noting that any identified errors above this amount would be individually reported on.

1.5.3 In respect of Exhibit 2, she referred Members to significant risks of material misstatement to the financial statements which had been listed as fraud caused by management override of controls. She confirmed that this risk appeared in all plans as standard and set out how this would be tested as part of the audit. She also referred to paragraph 16 of the report which set out potential implications of the implementation of the new Oracle Cloud system, where the impact would continue to be monitored.

1.5.4 Miss McCarter referred to the Wider Scope and Best Value section of the plan, confirming that there had been no change to the content given the Commission’s classification of a less complex body.

1.5.5 Finally, Miss McCarter went over Exhibit 3, which covered the reporting arrangements, timetable and audit fee. She noted that draft accounts were due to be submitted to the auditors by 12 May 2025 and the aim was to work towards signing by the Audit Committee on 12 June 2025. She also confirmed that the audit fee for the year had increased by 1.9% to £11,580. Mr Young thanked Miss McCarter for her summary and invited questions from Members.

1.5.6 Mrs Mertes noted that there appeared to be mixed feedback in respect of the rollout of Oracle Cloud and asked the auditors for their opinion. Ms McCreadie provided an update on their consideration of the impact of Oracle Cloud and, from discussions with Mr Reddick, didn’t anticipate any problems in the production of accounts from the new system. She noted that the new system had clear areas of improved control, including the journals authorisation process which was weak under SEAS.

1.5.7 Mr Reddick referred to the audit timetable and noted that delays in obtaining remuneration and pension information from MyCSP could impact on the plan. Ms McCreadie confirmed that they were aware of this as a potential issue and would monitor closely. After further discussion the Audit Committee formally noted the 2024-25 Annual Audit Plan and Mr Young thanked the external auditors for their input.

 

1.6 Internal Audit

Quarter 4 – Internal Audit 2024-25 Progress Report

1.6.1 Mr Shepherd presented the 2024-25 Progress Report to the Audit Committee and commenced by summarising an issue in respect of the internal audit team and impact on delivery which had been discussed separately with management, external audit and the Chair of the Audit Committee. He confirmed that he would be bringing to a conclusion the main body of work in respect of KPIs and Performance Reporting. He also confirmed that there was one outstanding piece of work in respect of financial controls and the timing of this would be considered further in terms of delivery in either April 2025 or being pushed into the 2025-26 audit plan.

1.6.2 Mr Shepherd also provided Members with an overview of the 2025-26 Internal Audit Plan, confirming this had been developed alongside consultation with the Chair and management. After full discussion, the Internal Audit Plan was approved.

1.6.3 Mr Shepherd also confirmed that a number of additional reports/papers had been included on the agenda for noting only and these included:

  • Quarter 4 – DIAA Letter – New Government Internal Audit Standard
  • Quarter 4 Bulletin – Issue 21
  • Quarter 4 Bulletin – Issue 22
  • EY Thought Leadership considerations for DIAA

1.6.4 Mrs Mertes asked for an update on DPO recruitment at Scottish Government. Mr Shepherd confirmed that Ms Helen Findlay had recently been appointed and that the compliance function was currently going through a reset. Ms Wilkinson also provided some Director of Audit reflections including information on robust governance/whistleblowing arrangements and impact on incidents including the Post Office IT scandal and Dundee University financial situation. She also noted the new GIAS coming into place from 1 April 2025 with new mandatory Accountable Officer required. Mr Shepherd confirmed that he would discuss these with Mr Reddick.

1.6.5 Mr Young and Mrs Mertes both highlighted the importance and value they would place on training and awareness raising with the Audit Committee and Members. Mr Shepherd confirmed that he would be happy to facilitate further internal audit and audit committee awareness training.

1.6.6 Mrs Mertes referred to the circulated risk horizon scanning document and queried if this all had relevance to the Commission. Mr Reddick noted that this document was a summary of common risks emerging or already at the fore in the sector and that he took comfort in that the Commission’s top 10 was well covered.

1.6.7 After further discussion, Mr Young thanked the internal auditors for their input and update in respect of the planning and performance issue discussed earlier.

Opportunity for Audit Committee to meet privately with the Auditors – the Audit Committee and Auditors confirmed that they did not wish to take up the opportunity to meet privately.

 

1.7 Risk Management

Corporate Risk Register – Quarter 4 Update

Mr Reddick confirmed that the Commission’s Corporate Risk Register was last considered by the Board in January 2025 as part of their quarterly performance reporting arrangements. He confirmed that no recommended changes to scoring were being made but updates had been made to reflect current staff and turnover, new Board appointments, resource planning issues and funding updates for 2025-26. He also noted that future updates were likely in respect of environmental obligations facing the Commission. After full discussion the Audit Committee noted the updated Corporate Risk Register.

 

1.8 Business Continuity Plan

Updated Business Continuity Plan (redacted)

Mr Reddick presented the redacted version of the updated Business Continuity Plan. He reported that the incident log had been updated to include details of a Cyber Resilience Early Warning Notice received in January 2025, along with details of the response to this notice and confirmation that no further action was required by the IT Contractors and assurances provided. He also confirmed that a number of updates to the plan had been made in respect of staff and Board changes. The Audit Committee noted the updated plan.

 

1.9 Best Value

Best Value Action Plan – Progress Report 2024-25

1.9.1 Mr Reddick provided Members with a verbal update on implementation of the 2024-25 Best Value Action Plan. He confirmed that when the plan was approved, all agreed actions were incorporated into the Commission’s annual Business Plan Objectives, in order to avoid unnecessary duplication.

1.9.2 Mr Reddick confirmed that the Annual Business Plan Objectives report for 2024-25 would be considered by the Board at their meeting on 25 April 2025, along with other year-end performance reports.

 

1.10 AOCB

There was no other competent business.

 

1.11 Date of Next Meeting

  • Audit Committee – Thursday 12 June 2025 @ 10:30

Chris Reddick

4 April 2025

Download Publication