Positive internal audits of Leader Programme and Data Protection Legislation Compliance welcomed

Members of the Audit and Scrutiny Committee – which took place today, 25 November – were presented with a report outlining the areas of work which have been undertaken by Highland Council’s Internal Audit section since the Committee’s previous meeting during September 2021.

Of the three audit reports considered, two were given the audit opinions of significant assurance or full assurance.

Internal Audit of Leader Programme 2020-21

This was the sixth and final audit assessing the administration of the 2014-2020 Highland LEADER Programme and covers the period 16/10/20 to 15/10/21. The programme is part of the Scottish Rural Development Programme, aimed at promoting economic and community development within rural areas. Funding from the EU is centrally distributed by the SGRPID to eligible areas.

A total of 120 projects have been funded and, including admin and animation costs, the total value of LEADER allocation from the Scottish Government to December 2021 is £9.12m.

The audit reviewed three key areas:

  • Adherence to the 2014 – 2020 Programme Service Level Agreement (SLA)
  • Implementation of previous management agreed actions
  • Preparation for the Programme closure with effect from 31 December 2021

The audit concluded with an opinion of Full Assurance. 


Internal Audit of Compliance with Data Protection Legislation

The audit assessed the Council's compliance with Data Protection Legislation – The Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulations (UK GDPR) governs how UK organisations collect, handle and protect personal data.  The audit review covered the period April 2020 to July 2021.

The objectives were to establish the effectiveness of the Council’s:

  • governance and oversight procedures;
  • awareness, training and communication processes; and
  • arrangements for the processing and sharing of personal data including the investigation of data breaches.

The audit concluded that the Council has good arrangements for complying with data protection legislation and gave the opinion of significant assurance.

Councillor Graham MacKenzie, Chair of the Audit and Scrutiny Committee, said: “Once again we have been presented with an Internal Audit report which is showing positive outcomes for the majority of the reviews undertaken over the last quarter.  The review carried out on the Leader Programme has been given an audit opinion of full assurance and is testament to the diligent work being undertaken in this area of the organisation.  My colleagues and I on the Committee are well aware of the hard work, controls and careful management required in order achieve such a status.”

Full Assurance is defined as having a sound system of control designed to achieve the system objectives and the controls are being consistently applied.

Substantial Assurance highlights that while there is a generally a sound system, there are minor areas of weakness which put some of the system objectives at risk, and/or there is evidence that the level of non-compliance with some of the controls may put some of the system objectives at risk.


25 Nov 2021