Disclosure log

Request

Request 1

We emailed you on 7 November 2022 with the following in response to your issue of concerns about Transport Scotland

"Thank you for recent correspondence concerning the A82 project between Tarbet and Inverarnan. In line with our policy, your concerns were shared with the external auditor for Transport Scotland.

I should point out that it is not appropriate for Audit Scotland to comment on policy decisions made by public bodies, although we do have an interest in the processes undertaken to support such decisions.

Following discussions with relevant officers we understand that Transport Scotland considers that it has applied the STAG process in a manner which it determines as being proportionate.

Having considered the requirements contained in the STAG guidance and reviewed relevant evidence, the auditor has concluded that the STAG process has been applied. The auditor confirmed that:

• Transport Scotland carried out an initial STAG assessment before adopting DMRB
• As part of DMRB stage 2, Transport Scotland considered various options before identifying a preferred option
• Public consultation events were undertaken as part of DMRB stages 1 and 2. Members of the public will also be able to raise concerns at future stages of the project
• High level costings have been done for tunnelling and cycle paths, with more detailed work to follow. We believe this a reasonable approach."

The Auditor at the time had meetings with Transport Scotland and reviewed the following documents:

• A82 Tarbet to Inverarnan Upgrade Strategic Business Case March 2014
• A82 Tarbet to Inverarnan Story Map
• DMRB Stage 1 Assessment Report
• Strategic Transport Projects Review October 2009 Final Report

The information we reviewed is exempt under Section 25 of the Freedom of Information (Scotland) Act 2002 (FOISA) as it is publicly available from Transport Scotland using the following links:

• A82 Tarbet to Inverarnan Upgrade Strategic Business Case March 2014
• A82 Tarbet to Inverarnan Story Map
• DMRB Stage 1 Assessment Report
• Strategic Transport Projects Review October 2009 Final Report

Request

Information on Pay and Grading, including communications with Glasgow City Council and recommendations in 2025.

Response

This email is to acknowledge and reply to your freedom of Information request dated 07 May 2025.

In your request you asked for ‘Information on Pay and grading, including communications with Glasgow City Council and recommendations in 2025’ There is no information relating to your request from 2025. The Controller of Audit provided an update to the Commission via Correspondence in December 2024. The Commission have not been updated, on pay and grading at Glasgow City Council, since then.

A copy of the letter to the Accounts Commission is available on the Commissions’ web pages. Accounts Commission meeting: Thursday 12 December 2024. It is the last page of the Minutes for the meeting.

The appointed auditor for Glasgow City council is EY a private firm and therefore not subject to Freedom of information.

Exemption applied: None

Request

I am writing to request any/all information held on Glenmavis Community Hall / Community Center.

The original Community Hall was on one side of Coatbridge Road and was built and paid for, for the community by John Irvine, as was a piece of land at the opposite side of the road on the junction of Glenmavis Road/Coatbridge Road this was either when it was Monklands District Council or Airdrie Burgh Council.

The Hall had been known as:

• Glenmavis Hall
• Irvines Hall
• Glenmavis Community Hall
• Glenmavis Community Centre

All information on this would be greatly appreciated.

Response

This email is in response to your Freedom of Information request dated 24 May 2025. We have searched our records and the only information we hold is two entries on the Fixed Asset Register for North Lanarkshire Council. This organisation was not sampled by our auditors and we do not hold any information on title deeds or similar.

Exemption applied: None

Request

Please provide 1. meeting agenda packs & 2. meeting minutes - for the CIPFA/LASAAC Local Authority Accounting Code Board from February 2020 to May 2025.

Response

Minutes supplied

Exemption applied: None

Request

1. Please confirm what action Audit Scotland has taken in relation to the article published in the Herald 21 May ' Investigation details 'dubious' payments at Scottish college'?

2. Please confirm what action Audit Scotland took in relation to the reports referred to in this article to the College acting as a pensions agency, making Pensions payments to children of pensioners from their payroll budget, alleged tax evasion relating to HMRC, lecturers giving students the answers, etc.

3. Please confirm what actions Audit Scotland took in relation to the allegations that the executive and board of SLC were suppressing reports indicating financial mismanagement over decades and bullying across the college.

4. Please provide the rationale and advice taken by Audit Scotland in relation to failing to reference to these issues in their annual audit or reporting.

5. Please confirm if Audit Scotland has written to Scottish Government or the Public Audit Committee to clarify the extent of the financial mismanagement and the cost to the Scottish public of this financial mismanagement.

Response

Please note that under the Freedom of Information (Scotland) Act 2002 you have the right to ask for recorded information we hold but not for thoughts or opinions, unless they’ve been recorded.

Under the duty to assist we have provided the following response.

Audit Scotland are aware of the issues mentioned in the Herald article and some of this has been covered in the 2022/23 and 2023/24 annual reports. Whilst we have done work on this, we have not done any specific work in relation to the article. The reasons for this include:

• Some of these issues are historical and we are well sighted on them – see the 2023/24 Annual Audit Report.
• Some of what is being referred to is factually inaccurate / we have seen no evidence of, and does not require any audit work e.g. College acting as a pensions agency, making Pensions payments to children of pensioners from their payroll budget.
• Some of the issues referred to were recently reported on (February) by Internal Audit and we will consider what, if any, impact this will have on our 24/25 audit.

The South Lanarkshire College 2022/23 Annual audit report - reference to the governance arrangements in place at the college – see section 4.

And in the South Lanarkshire College 2023/24 Annual audit report - historical pension issues are referenced in Sections 1 and 2.

Exemption applied: 38 (1)b

Request

In a response to a recent FOI request ‘Financial Mismanagement in South Lanarkshire College’ dated 31 May 2025, in relation to an article published in the Herald 21 May 'Investigation details 'dubious' payments at Scottish college' your response included the following; “Whilst we have done work on this, we have not done any specific work in relation to the article. The reasons for this include: Some of what is being referred to is factually inaccurate / we have seen no evidence of, and does not require any audit work e.g. College acting as a pensions agency, making Pensions payments to children of pensioners from their payroll budget.” The Herald article claimed it was citing directly from investigatory reports of which it was in possession. It includes extracts of findings from these reports across all of these issues, including alleged tax evasion. As these reviews were conducted by reputable firms (Henderson Loggie and Anderson Strathern), it's reasonable to assume the reports are evidence-based. It's also reasonable to assume you are also in possession of these reports and/or the evidence that supports them. As such, under the freedom of information legislation, I would appreciate you providing the following information; 1. Copies of both reports cited in the Herald article; 2. The recorded date you were provided these reports by South Lanarkshire College; 3. Any internal analysis/papers/correspondence related to this article that led you to conclude the article was ‘factually incorrect’; 4. The legislative or procedural powers (or lack of) which you claim exempt Audit Scotland from investigating; a. A Scottish College acting as a pensions agency and using public funds to pay pensions to specific ex-staff from their payroll with no duty/policy/legislative mandate to do so; b. A Scottish College making pensions payments to children of deceased ex-staff from their payroll budget; c. Alleged tax evasion relating to HMRC payments by a Head of Finance in a Scottish College.

Response

This email is in response to your clarified Freedom of Information request dated 29 June 2025. Responses to each aspect (numbered) of your request are set out below:

1. Copies of both reports cited in the Herald article;
   1. Audit Scotland does not hold the Anderson Strathern report and therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 I can confirm that we do not hold the information requested.
   2. Henderson Loggie report ‘South Lanarkshire College - Consultancy Review of Payroll and Pensions Management – Processing of Leavers, “Pensioners”, Long-Term Absence Calculations, and Advances’. Audit Scotland is withholding this report under Section 40 of the Freedom of Information (Scotland) Act. Details are provided below.
2. The recorded date you were provided these reports by South Lanarkshire College;
   1. Anderson Strathern – Not applicable
   2. The Henderson Loggie report was received 3 February 2025 the date the report was issued.
3. Any internal analysis/papers/correspondence related to this article that led you to conclude the article was ‘factually incorrect’;
   1. Below is a link to the audited 2023/24 Annual Report and Financial Statements. Paragraph 37 details the pension schemes that the college is a member of. They do not administer the scheme and are not acting as a pension agency. This arrangement is the same for most, if not all, public sector colleges in Scotland.
   2. For the Year Ended 31st July 2024 and Financial Statements. Note 19 (page 70) details the pension schemes that the college is a member of.

4. The legislative or procedural powers (or lack of) which you claim exempt Audit Scotland from investigating;

   Audit Scotland audits Further Education Colleges under the Further and Higher Education (Scotland) Act 1992. However, because colleges are registered charities they are also conducted under section 44(1)(c) of the Charities and Trustee Investment (Scotland) Act 2005.

   In no part of our response have we stated that Audit Scotland is exempt from investigating the issues raised in your FOI request. In fact, we provided links to reports going back to 2022/23 showing that Audit Scotland has audited the issues you raised at South Lanarkshire College.

   1. A Scottish College acting as a pensions agency and using public funds to pay pensions to specific ex-staff from their payroll with no duty/policy/legislative mandate to do so;
      1. As stated in the response to question three the College is not a pensions agency and therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 I can confirm that we do not hold the information requested.
   2. A Scottish College making pensions payments to children of deceased ex-staff from their payroll budget;
      1. Audit Scotland have seen no evidence that pension payments have been made to children. Therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 I can confirm that we do not hold the information requested.
   3. Alleged tax evasion relating to HMRC payments by a Head of Finance in a Scottish College.
      1. For the Year Ended 31st July 2024 and Financial Statements Page 75 under contingent liabilities 75 notes that ‘Owing to the ongoing work to resolve employee pension contributions that have been misstated and referenced within the governance statement on pages 39-40, the College anticipates that HMRC may impose a potential fine on the College. The likelihood and value of any potential fine is currently unknown’

To provide additional context, as part of the duty to provide advice and assistance as set out in s.17 of the Freedom of Information (Scotland) Act 2002:

The Henderson Loggie report was received in February 2025. Issues raised in the report, that have not already been covered in previous annual reports will be reviewed and may form part of the 2024/25 audit of South Lanarkshire College (SLC). The Further Education (FE) financial year runs to 31 July and the for the year ending 31 July 2024/25 report is due to be published in January 2026.

Audit Scotland has published the following reports that make reference to the issues raised in your FOI requests:

• South Lanarkshire College 2022/23 Annual audit report
• 2023/24 Annual Audit Report Pension, Governance issues, HMRC
• The June 2023 section 22 report, Governance issues
• Report and Financial Statements for the Year Ended 31st July 2024 Pension, Governance issues, HMRC

Exemption applied: Section 40 Audit function

Request

1. Audit Activity – Council Software and System Governance
   • Has Audit Scotland reviewed or audited the management of software systems, digital infrastructure, or system procurement by Scottish local authorities in the past five years?
   • If so, please provide:
     • Copies of any reports, findings, recommendations, or risk flags;
     • Any reference to software duplication, outdated systems, or poor system oversight;
     • Any systemic findings regarding poor visibility or control over internal systems.
2. Artificial Intelligence (AI) Use
   • Has Audit Scotland issued any guidance or included any assessment of AI use (or risks) in council operations in the past five years?
   • If yes, please supply related documentation, reports, or findings.
3. Cybersecurity and Digital Risk
   • Has Audit Scotland assessed cyber resilience or digital risk across local authorities — specifically in relation to system sprawl, lack of asset registers, or AI misuse?
   • Please provide copies of any related work, including:
     • Internal assessments;
     • Risk memos;
     • Correspondence with councils or the Scottish Government.
4. Enterprise Agency Systems
   • Has Audit Scotland reviewed the digital systems, software procurement, or data infrastructure used by Scotland’s three Enterprise Agencies?
   • If yes, please provide relevant audit reports or observations.

Response

This email is in response to your Freedom of Information request dated 30 June 2025 and your subsequent email on the same date titled Critical Oversight Gap in Public Sector Software & AI Governance.

Request 1 response

Partly – Auditing standards, mainly ISA (UK) 315, requires auditors to obtain an understanding of an audited body’s system of internal control and information systems and communication relevant to financial reporting, which includes IT applications that are relevant to financial reporting. This is embedded within our financial audit approach and all local audit teams would perform the audit procedures required to obtain this understanding as part of their annual audits. The outcome of these audit procedures assists audit teams in identifying if there are any risks of material misstatement to the financial statements and the audit procedures required in response to any identified risks. 

Any significant risks of material misstatement that are identified by an audit team are reported in the Annual Audit Plan prepared for the audited body along with the audit procedures planned in response to the risks. The outcome of audit procedures performed in response to the risks and any significant findings from the audit are reported in the Annual Audit Report prepared for the audited body. 

We do not review system procurement specifically as part of the annual audits. This may be considered as part of an annual audit if there is a new IT application being implemented that is relevant to financial reporting, or if an audit team has identified a significant wider scope risk around system procurement and has planned audit procedures in response to the risk. As above, if such a risk is identified, the risk and outcome of audit procedures in response to the risk are reported through the Annual Audit Plan and Annual Audit Report. 

The annual audit report may, where appropriate, report findings and recommendations from this work. All Annual Audit Plans and Annual Audit Reports are available on Audit Scotland’s website.

Request 2 response

No – Audit Scotland has not issued any guidance to public bodies as this is not within our scope / remit. However, if any audited bodies make use of AI, this would be considered by audit teams as part of the process outlines in the response to question 1. 

It should be noted that there is no AI legislation agreed at present. However, the Scottish Government has published an AI Strategy (August 2022), AI playbook to provide support and guidance to organisations (Artificial intelligence strategy: trustworthy, ethical and inclusive - gov.scot), and also has an AI register (Scottish AI Register - GOV.UK). We will continue to monitor developments in this area. 

The Financial Reporting Council has recently issued guidance (AI in Audit) in June 2025, and we are currently reviewing this and considering if any updates are required to our financial audit approach.

Request 3 response

Yes – As outlined in the response to question 1, our financial audit approach requires audit teams to obtain an understanding of an audited body’s system of internal control and information systems and communication relevant to financial reporting, which would include IT applications that are relevant to financial reporting. As part of the audit procedures required to obtain this understanding, audit teams consider the arrangements the audited body has in place around strategic planning for IT, cyber security and resilience arrangements, and business continuity, disaster recovery, and data back-up arrangements. As above, any risks of material misstatement identified in this area would be reported in the Annual Audit Plan and the outcome of audit procedures in response to the risks and any significant findings would be reported the Annual Audit Report.

Request 4 response

Yes – The enterprise agencies’ audit teams apply the financial audit approach outlined in the response to question 1. Any risks of material misstatement identified in these areas for the enterprise agencies would be reported in their Annual Audit Plan and the outcome of audit procedures in response to the risks and any significant findings would be reported their Annual Audit Report. 
See our audit approach overview noted at question 1 above. 

All reports are public documents and available on our website. Please note that our findings within our reports are exception based and therefore may not outline all work undertaken. In addition, if the issue is deemed to be a sensitive or security matter then this may not be fully disclosed within our reports.

Additional Request 2

1. Has Audit Scotland conducted any national or local audit work on digital system oversight, licensing, or cybersecurity exposure?

   Yes – As outlined in the response to question 1 as part of request 1, local audit teams cover this as part of the financial audit approach each year. 

   There have been cyber-attacks within a few our audited bodies over the past few years (SEPA, Western Ises Council, NHS D&G, and West Lothian Council). Where auditing standards or the Code of Audit Practice require specific reporting in relation to these events, this would be reported in the audited body’s Annual Audit Plan and / or Annual Audit Report. 

   The work that Audit Scotland does in relation to digital systems is published on our digital hub:  Digital | Audit Scotland. This contains links to all performance audit related work on digital in recent years including Digital progress in local government. 

   National reports - The work programme for national reports / reviews for 2025/26 is available on Audit Scotland’s website. The work programme does not include any specific work around cyber security and resilience or AI for 2025/26. However, the work programme is continually reviewed and updated to reflect any developments that may result in national reports / reviews being required.

2. Are public bodies expected to maintain software or AI system inventories as part of good governance?

   There are no specific requirements for audited bodies to main inventories. However, this would be considered to be good practice and audited bodies would be encouraged to do this. Public bodies are encouraged to register AI Systems with the Scottish AI register. However, this is not mandatory at present.

3. Will this issue be subject to future scrutiny given recent cyberattack trends?

   Cyber security and resilience arrangements are assessed each year as part of the annual audit in line with the response to question 1 as part 1 of request 1. 

   The work programme for national reports / reviews for 2025/26 is available on Audit Scotland’s website. The work programme does not currently include any specific work around cyber security and resilience or AI for 2025/26. However, the work programme is continually reviewed and updated to reflect any developments that may result in national reports / reviews being required.

Exemption applied: None

Request

Please include the following information for the financial years 2023/24 and 2024/25:

• A list of all the staff networks at the organisation
• Whether each network receives internal funding and, if so, how much (please express annually for the last four financial years)
• How much FTE equivalent staff time each network is entitled to. For example, a staff network may have a chair who’s entitled to spend 10% of their working hours devoted to the network (please express annually for the last three financial years)
• A list of events that each network has held in this financial year so far (April to the present day), including the title of the event, information on any guest speakers and the time of the event

Response

Request

• As of 19 June 2025, or the most recent estimate, how many staff members were given permission to work outside Scotland, or who were working outside Scotland with this body’s knowledge?
• In relation to Q1, in what country were they working in? Please provide as much data as possible for each employee.

Response

This email is in respond to your Freedom of Information request dated 19 June 2025.

Employees must provide a valid business case for working outside the UK which must be approved by their Director, Digital Services and Human Resources and be for a specific, limited time period.

As the number of staff working outside Scotland is small, we have aggregated the numbers for the period requested. For the period of your request, we have had less than ten people working abroad in locations including Europe and Asia.

Exemption applied: None

Request

• The total operational budget of Accounts Commission for Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The total headcount of Accounts Commission for Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The total FTE number of staff employed by Accounts Commission for Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The FTE number of staff in the Financial Year 2024/25 earning salaries over a. £50,000, b. £80,000 and c. £100,000.

For questions 1-3, a template for the response would be the following:

And for question 4, a template would be:

Response

This email is in response to the Freedom of Information request submitted on Thursday 19 June 2025.

Responses to questions 1-3 for the Accounts Commission are in this table:

For question 4, there are no members of the Accounts Commission earning salaries over a. £50,000, b. £80,000 and c. £100,000.

Exemption applied: None

Request

• The total operational budget of Audit Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The total headcount of Audit Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The total FTE number of staff employed by Audit Scotland in the Financial Years a. 2022/23, b. 2023/24, and c. 2024/25.
• The FTE number of staff in the Financial Year 2024/25 earning salaries over a. £50,000, b. £80,000 and c. £100,000.

For questions 1-3, a template for the response would be the following:

And for question 4, a template would be:

Response

And for question 4:

Exemption applied: None

Request

A full list of all public bodies which are responsible to Audit Scotland under present statutes

Response

This email is in response to your Freedom of Information request dated 29 June 2025. Your request asked for ‘A full list of all public bodies which are responsible to Audit Scotland under statutes’. 

The information we hold is publicly available and is therefore exempt information under section 25 (1) of the Freedom of Information (Scotland) Act 2002 (FOISA) as information that is otherwise accessible. 

However, to assist you in finding the information I have included a link to the page on our website.

Exemption applied: Section 25

Request

Under the Freedom of Information Act, I would request you to respond to questions included in the attachment.

For any reason if you are unable to open the attachment do let me know. I can then send the questions within the email itself.

Please note: If you do not have records relating to the questions in the attachment, please pass on this request to your IT department to provide us with the required information.

Response

Request

Accounts Commission - I would be grateful if you could confirm whether your organisation has the capability, tooling, or current processes in place to carry out the following types of analysis on the contract registers or payment data of companies that fall under your regulatory, audit, or inspection remit. If not, please state whether you have any plans to explore the market to identify tools or services that could support this: Identify payments made to companies that were dissolved, in liquidation, administration, or receivership at the time of payment. Identify payments made to companies where one or more directors were disqualified at the time of payment. Identify payments made to companies considered to be at high financial risk — based on credit ratings, adverse filings (e.g. CCJs), or other financial indicators. Please also confirm: Whether any of these checks are conducted before or after payments are made by the organisations in question; Whether your analysis includes cross-referencing with Companies House, the Insolvency Register, or third-party financial risk data providers; Whether any such analysis has led to follow-up actions such as investigations, write-offs, recoveries, or changes in policy or guidance. Finally, could you confirm which team or job title within your organisation holds business responsibility for this type of analysis?

Response

This email is in response to your Freedom of Information request dated 16 June 2025.

Audit Scotland provides services for the Accounts Commission. The Accounts Commission do not procure any software. Therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 I can confirm that the Accounts Commission does not hold the information requested.

Under a duty to assist please see the response to the request addressed to Audit Scotland.

Exemption applied: None

Request

Audit Scotland -I would be grateful if you could confirm whether your organisation has the capability, tooling, or current processes in place to carry out the following types of analysis on the contract registers or payment data of companies that fall under your regulatory, audit, or inspection remit. If not, please state whether you have any plans to explore the market to identify tools or services that could support this: Identify payments made to companies that were dissolved, in liquidation, administration, or receivership at the time of payment. Identify payments made to companies where one or more directors were disqualified at the time of payment. Identify payments made to companies considered to be at high financial risk — based on credit ratings, adverse filings (e.g. CCJs), or other financial indicators. Please also confirm: Whether any of these checks are conducted before or after payments are made by the organisations in question; Whether your analysis includes cross-referencing with Companies House, the Insolvency Register, or third-party financial risk data providers; Whether any such analysis has led to follow-up actions such as investigations, write-offs, recoveries, or changes in policy or guidance. Finally, could you confirm which team or job title within your organisation holds business responsibility for this type of analysis?

Response

This email is in response to your Freedom of Information request dated 16 June 2025.

We can confirm that Audit Scotland does not have tooling that targets the specific types of analysis stated in your request and we are not exploring this as an area.

We would not routinely look at / do as part of our annual audits the actions highlighted in the request. Internal audit would do more in this area from a controls and governance perspective.

Exemption applied: None

Request

In your 2022/23 report at exhibit 4, you published details of complaints or correspondence received about central government bodies. This does not appear in the same format in the 2023/24 report. Can you please now provide that information as a list of named public bodies about whom you received correspondence in the 2023/24 year? Each one should be clearly identifiable by its corporate name, or the name that is commonly used and known amongst the general public. May I also request that you include this format in future annual reports to ensure an appropriate level of transparency?

Response

This email is in response to your Freedom of Information request dated 22 May 2025.

Please see below a table confirming the amount of correspondence received regarding central government bodies in 23/24 similar to exhibit 4 in the 22/23 report.

Exemption applied: None

Request

The number of FTE employees who work in Accounts Commission for Scotland’s internal legal team, including all lawyers, solicitors, etc. in a. Financial Year 2022/23, b. Financial Year 2023/24, and c. Financial Year 2024/25.

The total amount spent by Accounts Commission for Scotland on internal legal services, including the salaries of employees in the legal team, expenses, etc. in a. Financial Year 2022/23, b. Financial Year 2023/24, and c. Financial Year 2024/25.

The total amount spent by the Accounts Commission for Scotland on external legal services in a. Financial Year 2022/23, b. Financial Year 2023/24, and c. Financial Year 2024/25.

Response

In response to questions 1 and 2, the Accounts Commission for Scotland does not have an internal legal team. Therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 I can confirm that the Accounts Commission does not hold the information requested.

For question 3, Audit Scotland provides services to the Accounts Commission, and we have included the amount spent on Accounts Commission for Scotland related external legal advice in the table below.

Exemption applied: None

Request

1. Contract Register Request:

I am seeking the full and entirety of the organisation's contract register or database. The register should include the following columns/headings or something similar:

• Contract Title: The title of the contract, e.g., "IT Services Contract".
• Supplier Name: The name of the organisation providing the goods or services.
• Estimated Spend (Total or Annual): [Radio Button] Whether the estimated spend is for the entire contract period or annually
• Contract Duration: The initial term of the contract in months.
• Total Contract Period: The total duration of the contract, including any potential extensions.
• Contract Extensions: The number of months for any potential extensions.
• Contract Start Date: The date the contract officially begins.
• Contract Expiry Date: The date the initial contract period ends.
• Contract Review Date: The date on which the contract should be reviewed for renewal or extension.
• Contract Description: A detailed description of the contract, this could include the purpose, scope, and key terms and conditions.
• Contact Owner: The name, job title, main contact number, and email address of the individual responsible for the contract.
• Contract Notes: Any additional relevant information, such as specific terms and conditions, risk assessments, or performance metrics.
• Department: The department within your organisation that the contract is associated with.
• Contract Award Date: The date the contract was awarded.
• Participating Organisations: Other organisations involved in the procurement process.
• Procurement Category: The category of the procurement, e.g., IT, Facilities, or Professional Services. [I will send you a list of categories]
• Framework Reference: The reference number of procurement framework.
• Central Purchasing Body: The organisation responsible for the overall procurement.
• Tender Reference: The reference number of the tender notice.
• CPV Codes/Pro-Class/eClass: Standard classification codes used to categorise public procurement. [Radio Button] On select they should be able to select the classes.

If any of the headings within your contract register has not been provided, please state this within your response. 
Please provide the contract's register file in Excel format.

2. Procurement Strategy Document Request:

• Can the organisation provide a full version of their Procurement Strategy for the fiscal year 2024-2025?
• If the Procurement Strategy is a strategic direction (2022-2025) instead of an annual plan, please provide an update document for 2023-2024. If an update cannot be provided, please provide information on when an update is planned to be published.

We require the full document. If any parts of this document have been removed, please state this within your response.

3. Contact Details Request:

• Provide contact details of the person responsible for API or data sharing, including [Name, Job Title, Telephone, Email Address].
• Provide contact details of the person responsible for the actual contract's register, including [Name, Job Title, Telephone, Email Address].

IMPORTANT:

• If the organisation has a CRM system or a similar system, ensure there is a facility to download and extract contract data.
• If providing a weblink to a portal, ensure that all contracts are included, as some organisations may only upload a small portion of their contracts.
• For organisations planning to make an exemption around spend, clarify that the spend information requested is an overall figure, and a complete breakdown is not required.

Please provide the contract's register file in Excel format.

Response

This email is in response to your Freedom of Information request dated 11 June 2025.

Contracts register

The Audit Scotland Contracts register is published on our website – Supplying Audit Scotland. Therefore, under section 25 of the Freedom of Information (Scotland) Act 2002 this information is otherwise accessible.

Procurement Strategy Document

Audit Scotland do not produce an annual organisation procurement strategy as the legislation does not require one unless there is significant procurement expenditure planned (defined as £5 million). This is kept under review. Therefore, under section 17 of the Freedom of information (Scotland) Act 2002, Audit Scotland does not hold the information requested. Audit Scotland does not incur significant expenditure, with the exception of the external audit contract and Audit Quality & Appointments produce a procurement strategy on a one-off basis every five years when the audit appointment rotation is required.

Contact details

The contact information for contracts is info@audit.scot.

Exemption applied: Section 25

Request

Please can you supply the Best Companies survey that was circulated across your organisation last year. I do not require the findings of the survey only the questions asked.

If, for any reason, my request is denied in whole or in part, I ask that you justify all deletions and redactions by reference to specific exemptions of the act. I will also expect you to release all non-exempt material. I reserve the right to appeal your decision to withhold any information or to charge excessive fees. I would prefer to receive this information electronically. If you require any clarification I expect you to contact me to provide advice and assistance if you find any aspect of my FOI request problematic. Please acknowledge receipt of this request, and I look forward to receiving this information in the near future.

Response

This email is in reply to your Freedom of Information request dated 11 April 2019 regarding the Best Companies survey. In your request you are asking for the Best Company survey questions used in the 2018 survey.

We are withholding this information under the Freedom of Information (Scotland) Act 2002 (FOISA) section 33 (1b), the commercial interest and the economy exemption. The reason for withholding the information is that disclosure of the information would be likely to, prejudice substantially the commercial interest of any person (including, without prejudice to that generality , a Scottish public authority).

The copyright and intellectual property of the questions are invested with Best Companies, the release of those questions would prejudice their commercial interests. The development of the survey methodology and questions are the result of significant investment and they form a key aspect of their intellectual property and are additionally covered by copyright and therefore protected against unauthorised use.

We have considered the public interest and whether on balance that it is in the public interest to withhold or release the information being requested. FOISA does not define the public interest but it is described elsewhere as “something which is of serious concern and benefit to the public”, not merely something of individual interest. It has also been described as something that is “in the interest of the public”, not merely “of interest to the public.” In other words, it serves the interests of the public.

While the information may be of interest to you, we believe on balance that the public is best served by withholding the requested information.

Any queries you may have concerning the Best Companies survey should be directed to them and I have included their contact details:

Best Companies Ltd,
Hamilton House, Rackery Lane, Llay, Wrexham, United Kingdom LL12 0PB
Email enquiries@b.co.uk

Request

Audit Scotland use 'Advisors' when it is conducting audits. Can you please provide me with a link to the procedures that you have which ensure that;

• Advisors do not have a conflict of interest or a potential conflict of interest in relation to the content of the Audit.
• If there might be a conflict of interest regarding part of an Audit the Advisor is excluded from commenting on that content.

Please also advise;

• How when an individual may have particular knowledge Audit Scotland decides beween appointing them as an Advisor or taking evidence from them.
• If it correct that Advisors get a pre-view of the Audit Report and can correct what are believed to be factual errors.

Response

Thank you for your recent e-mail concerning the selection of members of advisory groups.

Advisory groups are an important part of our performance audit process. These groups are created on a temporary basis for independent advice and feedback to our audit teams undertaking performance audits on behalf of the Auditor General for Scotland and/or the Accounts Commission. The role of the advisory group is, as the name suggests, advisory. The responsibility for the content of audit reports lies solely with Audit Scotland, and we do not always agree with or take on board the views of advisory group members.

We ask people to join our advisory groups because of their individual knowledge and expertise of the subject of the audit or on the basis of the organisations that they work for. This means that on occasion individuals will be invited to serve on advisory groups who are employed by organisations that fall within the scope of the audit in question. For example, civil servants with relevant policy responsibilities may serve on advisory groups while separately providing evidence or being interviewed as part of the audit. This does not create a conflict of interest as, although draft performance audit reports are routinely shared with advisory group members, this is not for factual accuracy checking purposes, it is for the purpose of getting more general feedback on report structure, tone, readability, and the relevance and added value of our improvement recommendations.

We have an entirely separate process for checking the factual accuracy of audit reports with audited bodies which is distinct from the work of audit advisory groups. In common with all other UK public audit agencies that factual accuracy checking process (commonly described as ‘clearance’) operates through the Accountable Officer of the audited body in question.

All of our audits operate under a strict ethical and audit quality framework which obliges Audit Scotland staff to apply professional scepticism throughout all stages of an audit and ensure that our audit reports are supported by a sufficient body of evidence to support our audit judgements. Further information can be found on the Audit Scotland website.

I hope this has answered your query.

Request

I wish to submit a request for some of the organisation’s information around the internal plans and strategy documents around ICT.

The ICT documents I require is the 2019 – onwards. If any of the documents is for example 2017-2020 please make sure that this is the 2019 version of the document. Or the most recent update.

I wish to obtain the following documents:

• ICT/IM&T/IS Strategy- The IT department strategy or plans, highlights their current and future objectives.
• ICT Org Chart- A visual document that present the structure of the IT department, please include name and job titles. If this can’t be sent please work towards a structure with job titles.
• ICT Annual or Business Plan- Similar to the ICT strategy but is more annually focused.
• ICT Capital Programme/budget- A document that shows financials budget on current and future projects.

If some of these documents are not valid, please state when the 2019 ICT documents are planned to be published.

Please do get back to me if you have further questions or feedback.

Response

This email is in response to your freedom of information request dated 18 April 2019. In you request you ask for:

• ICT/IM&T/IS Strategy- The IT department strategy or plans, highlights their current and future objectives
  - See Digital Services Strategy below
• ICT Org Chart- A visual document that present the structure of the IT department, please include name and job titles. If this can’t be sent please work towards a structure with job titles.
  - See page 18, Digital services strategy below
• ICT Annual or Business Plan- Similar to the ICT strategy but is more annually focused.
  - Audit Scotland does not have this. The Digital Services Strategy below drives business actions
• ICT Capital Programme/budget- A document that shows financials budget on current and future projects.
  - 2019/20 budget below

 Download Digital Services Strategy - PDF 1.3Mb

 Download Digital Services budget - PDF 13Kb

Request

Please can you send me the information stated below:

• Supplier of the contract for CCTV maintenance and support
• How much the Organisation spend annually with the supplier? (if multiple suppliers please list the annual spend for each)
• What is the renewal date of this contract?
• What is the duration of the contract?
• What is the review date of this contract? If possible the likely outcome of this review
• The primary brand of the CCTV equipment. I don’t require the model just the brand. If there is various brands could you please list?
• What is the total number of cameras in use/under this contract?
• The description of the services provided under this contract. Please state if this contract includes more than just CCTV services.
• Contact details of the employee responsible for the contract between the supplier and the organisation. Can you please provide me with their full contact details

If there is no CCTV maintenance contract in place

• What is the brand of CCTV cameras in use? if there is variety could you please send me a list? I do not need the serial number or model just the brand.
• How much is the average annual spend on the in-house maintenance?
• How many cameras are in use?
• Is there a plan to review this at any point, if so what would the date be?
• Who is in charge of overseeing the in-house maintenance?

If there is no maintenance contract or in-house maintenance in place, is there a ad-hoc agreement? If yes,

• Who is the supplier? Is this varies could you please list?
• What is the brand of CCTV cameras in use? if there is variety could you please send me a list? I do not need the serial number or model just the brand.
• How many cameras are in use?
• How much is the average annual spend on the ad-hoc agreement?
• What is the date it is to be reviewed?

Response

This email is to acknowledge and respond to your Freedom of Information request dated 28 May 2019. Audit Scotland does not operate CCTV systems and therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 Audit Scotland does not hold the information requested.

Request

I want to submit a request for some information from the organisation, in relation to their contract’s register. The contract register should display all the organisations existing/live contracts I would like the register to display the following columns/headings:

1. Contract Reference
2. Contract Title
3. Procurement Category
4. Supplier Name
5. Spend (Total or Annual)
6. Contract Duration
7. Contract Extensions
8. Contract Starting Date
9. Expiration Date
10. Contract Description [Please provide me with as much detail as possible.]
11. Contact Owner (Full contact details if possible.)
12. CPV codes/ProClass
13. Contract Reference

IMPORTANT

• For those organisation planning to make an exemption, the spend information I have requested is an overall figure and I am not requesting a complete breakdown of services relating to the spend.
• If the organisation has a CRM system or a similar system there should be a facility to download and extract contract data.
• You may forward me a Weblink to a portal to download the contract register, please make sure all of the organisation’s contracts are provided as doing prior research I have found that most organisations have only uploaded a small portion of all of their contracts.

Please do not think that this is the only information I require if you could provide me with more information that would be great.

Contract Data/API Contact Details

14. Can you also provide me with contact details of the person responsible for the actual contract’s register or someone responsible for API? [Name, Job Title, Telephone, Email Address] At the very least provide me with their actual job title.

(Meaning of API “a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.”)

Please provide me with the contract’s register file in an excel format.

Response

The Procurement Reform (Scotland) Act 2014 requires public bodies to maintain a contract register providing information about any contracts entered into as a result of a regulated procurement.

The information we hold is publicly available and is therefore exempt information under section 25 (1) of the Freedom of Information (Scotland) Act 2002 (FOISA) as information that is otherwise accessible.

However, to assist you in finding the information I have included links and page numbers to the appropriate areas of our website. Supplying Audit Scotland

Request

I have now had confirmation from the Scottish Housing Regulator that Dundee City Council had, in the Regulator's view, a legal duty to consult the Dundee Federation of Tenants before agreeing to demolish tenements in Blackness Road. I understand Lynn Sweeney from the Housing Regulator discussed issues concerning Blackness Road with Audit Scotland on a number of occasions.

Your decision was to feed the intelligence which I provided into the evidence considered for ongoing audit work on governance and community engagement. I now request any information you can provide about how this was done. I also request copies of any correspondence you sent to Dundee City Council concerning 219-245 Blackness Road and the processes surrounding the demolition decision.

I hope you will be able to answer this without invoking the Freedom of Information legislation. However, if necessary, please regard this as a freedom of information request.

Response

This email is to acknowledge and respond to your Freedom of Information request dated 30 July 2019.

On 17 May 2018 we explained in an email to you, that after careful consideration of the information, the audit team will not carry out specific work on this issue and I can confirm that this is still the case.

The auditor considers the information, along with a range of other information, when planning what audit work to perform at the council. As per our issues of concern flow chart

The auditor has confirmed that the intelligence you provided has been considered as part of their ongoing audit work on governance and community engagement. The 2017/18 Annual Audit Report was issued in September 2018 and included comments on the council’s governance arrangements but no specific reference to Blackness Road.

The 2018/19 Annual Audit Report will be issued in September 2019, this will include comments on the council’s governance arrangements and reference to the Scottish Housing Regulator’s conclusion on the community consultation relating to Blackness Road. As well as the coverage in annual audit reports, governance and community engagement will be commented on in a Best Value Assurance Report to be published on the council in 2021.

The audit team have confirmed that no correspondence has been sent to Dundee City Council concerning 219-245 Blackness Road and the processes surrounding the demolition decision and therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 Audit Scotland does not hold the information requested.

Request

NHS Lothian’s Board Papers for the meeting on 26 June 2019 made reference to project commissioned by Audit Scotland relating to the Royal Hospital for Sick Children Settlement Agreement and the expectation that this would conclude in June.

Under the Freedom of Information (Scotland) Act 2002 could I please request a copy of the final report and/or outcomes of the project.

Under the Freedom of Information (Scotland) Act I understand that you have 20 working days to provide me with the information and so I expect to receive your response by no later than 3 September 2019.

Response

This email is to acknowledge and respond to your Freedom of information request dated 6 August 2019.

Please see the press release issued today which I believe is the report you are looking for.

Royal Hospital for Children and Young People – For immediate release

In light of the ongoing public interest in the new Royal Hospital for Children and Young People, Audit Scotland is today (6 August) publishing the Annual Audit Report (AAR) on NHS Lothian.

Pars 163 to 175 of the report cover a high level review of the arrangements around the settlement agreement between NHS Lothian and the contractor, IHS Lothian Ltd, and consider project governance and value for money. The Auditor General for Scotland asked Scott Moncrieff, the external auditors of NHS Lothian, to carry out the review to provide assurance in this area.

The report – as with all health AARs – was issued to NHS Lothian’s board and the Auditor General at the end of June in line with the deadline for NHS audits, and would normally be published by Audit Scotland in September. This gap between the completion of the AAR and publication gives the Auditor General time to consider whether to bring any issues to the attention of Parliament through an accompanying Section 22 report.

However, given the high levels of interest in the new children’s hospital, the Auditor General is making the report available now.

Caroline Gardner, Auditor General for Scotland, said: “We have continued to monitor events since the annual audit report was issued and will be taking a close interest in the NHS safety review’s findings and KPMG’s report on the governance of the project.”

ENDS

Notes to editor:

• The review work by Scott Moncrieff was conducted earlier this year and the auditors were not aware of the subsequent issues that arose at the children’s hospital in early July.

Request

I am investigating the transfer of assets on the boundary changes from Monifieth to Dundee City Council. In particular the Monifieth Common Good Fund which held both property, land and a healthy bank balance. I have gathered information from a report compiled in 2007 by Andy Wightman & James Perman on the subject of Common Good Funds held in Scotland.

There was a recommendation in the report that there was discrepancies on how the transfer of boundary changes were administered it led to some councils being held accountable given the millions of pounds involved throughput Scotland.

I have contacted both Dundee Council and Angus Council who were both very vague in trying to deal with my enquiry.

Given that an investigation was recommended I would be pleased if you can provide any facts or documents relating to the transfer of Monifieth Burgh Council to Dundee City Council on the 16th May 1975.

Response

This email is to acknowledge and respond to your Freedom of Information requested dated 20 September 2019.

We have searched our records and are unable to find the information you are looking for. Therefore, under section 17 of the Freedom of Information (Scotland) Act 2002 Audit Scotland does not hold the information requested.

For information I can tell how Common good funds are audited now. In part it depends whether the council has registered the Common Good as a charity or not. If not a registered charity, the only requirement is a disclosure in the council’s own accounts – see section 11 on trust funds generally in this guidance.

I hope the attached guidance notes are of help.

 Download Audit of 2018/19 annual accounts (local government)- other financial statement areas - PDF 399Kb

 Download Audit of 2018/19 annual accounts (local government) - section 106 charities - PDF 350Kb

Request

I hope you can help me with an exercise we are conducting, to understand more about the Procurement Strategies in the Public Sector; specifically within Local Authorities and around the take up of G Cloud.

The information you provide as part of this Freedom of Information exercise will help us to understand the most appropriate way of interacting with Local Authorities in their buying cycles.

Please could you answer the following questions and respond via email to foi.request@hornbill.com

1. Is your current IT Service Management function and associated software application based in house or Outsourced to a 3rd Party?
2. Please provide the full name and version of the ITSM software application in use?
3. What is the lifetime value of the contract and over how many years?
4. As part of the existing contract how many support operatives (agents) are licenced/subscribed to use the solution? (These are individuals who work on the desk in resolver groups, not customers using a Self-Service function).
5. When is the contract due for renewal?
6. How was the current solution procured – directly with the Vendor, through a Framework or via G Cloud?
7. What are your published procurement thresholds for tendering purposes?
8. What is the Authority’s strategy with regards to Cloud solutions as opposed to In House installations?
9. Has the organisation ever procured through the G Cloud Framework?

Response

This email is to acknowledge and respond to your Freedom of Information request dated 23 September 2019. For ease I have added our response to the question in your email below.

I hope you can help me with an exercise we are conducting, to understand more about the Procurement Strategies in the Public Sector; specifically within Local Authorities and around the take up of G Cloud.

The information you provide as part of this Freedom of Information exercise will help us to understand the most appropriate way of interacting with Local Authorities in their buying cycles.

Please could you answer the following questions and respond via email to foi.request@hornbill.com

1. Is your current IT Service Management function and associated software application based in house or Outsourced to a 3rd Party?
   Cloud hosted by 3rd party
2. Please provide the full name and version of the ITSM software application in use?
   Nethelpdesk (cloud so current vendor deployed version)
3. What is the lifetime value of the contract and over how many years?
   Rolling contract can cancel when we want
4. As part of the existing contract how many support operatives (agents) are licenced/subscribed to use the solution? (These are individuals who work on the desk in resolver groups, not customers using a Self-Service function).
   10
5. When is the contract due for renewal?
   As answer 3 when we choose to stop rolling contract
6. How was the current solution procured – directly with the Vendor, through a Framework or via G Cloud?
   GCloud
7. What are your published procurement thresholds for tendering purposes?
   Procument Handbook
8. What is the Authority’s strategy with regards to Cloud solutions as opposed to In House installations?
   Digital Services Strategy digital_services_strategy_18-21
9. Has the organisation ever procured through the G Cloud Framework?
   Yes

Request

I am seeking the following information; are the above three quangos, wholly owned by Scottish ministers, in the list of public bodies audited by Audit Scotland? If not , why not?

Response

• Calmac Ferries Ltd is one of a group of companies of which David MacBrayne Ltd is the parent company.
• Both David MacBrayne and CMAL are public corporations whose sole shareholder is the Scottish Ministers.
• David MacBrayne and CMAL are responsible for appointing their own auditors of their accounts.
• Audit Scotland does not generally audit the accounts of public corporations. The main exception to this is Scottish Water, which is the responsibility of the AGS to audit. The reason for this is largely historic – go back 25 years and water services were provided by councils. The predecessor bodies from which David MacBrayne and CMAL emerged were private sector companies but were nationalised in the 1960s. However, we do have powers under S.23 of the Public Finance and Accountability (Scotland) Act to look at issues of economy, efficiency and effectiveness in both bodies. Said powers are made under SSI number 389 of 2010.
• Transport Scotland provides loans to CMAL in order for it to build ferries. It also provides grant to CalMac to provide ferry services on the Clyde and Hebrides. Audit Scotland audits the accounts of Transport Scotland.

For further information you may be interested in our October 2017 ferry services performance audit report Transport Scotlands Ferry Services

Request

I would like to request information under the Freedom of Information Act. The information that I require relates to a specific telephone maintenance contract.

The contract information sent by the organisation previously has now expired please can you provide me with a new update of the telephone maintenance contract:

Please can you send me the following contract information with regards to the organisation’s telephone system maintenance contract (VOIP or PBX, other) for hardware and Software maintenance and support:

1. Contract Type: Maintenance, Managed, Shared (If so please state orgs)
   Managed
2. Existing Supplier: If there is more than one supplier please split each contract up individually.
   GCI
3. Annual Average Spend: The annual average spend for this contract and please provide the average spend over the past 3 years for each provider
   £56,376.29
4. Hardware Brand: The primary hardware brand of the organisation’s telephone system.
   Polycom
5. Number of telephone users:
   300
6. Contract Duration: please include any extension periods.
   3 years
7. Contract Expiry Date: Please provide me with the day/month/year.
   October 2019
8. Contract Review Date: Please provide me with the day/month/year.
   September 2019
9. Application(s) running on PBX/VOIP systems: Applications that run on the actual PBX or VOIP system. E.g. Contact Centre, Communication Manager.
   Skype for business
10. Telephone System Type: PBX, VOIP, Lync etc
    Skype for business
11. Contract Description: Please provide me with a brief description of the overall service provided under this contract. Hosted
    Skype for business
12. Go to Market: How where these services procured, please provide me with either the tender notice or the framework reference number. Please specify if procured through other routes.
    Gcloud
13. Contact Detail: Of the person from with the organisation responsible for each contract full Contact details including full name, job title, direct contact number and direct email address.
    David McGurk. Service Delivery Manager, dmcgurck@audit.scot, 0131 625 1500

If the service support area has more than one provider for telephone maintenance then can you please split each contract up individually for each provider.

If the contract is a managed service or is a contract that provides more than just telephone maintenance please can you send me all of the information specified above including the person from with the organisation responsible for that particular contract.

If the maintenance for telephone systems is maintained in-house please can you provide me with:

1. Number of telephone Users:
2. Hardware Brand: The primary hardware brand of the organisation’s telephone system.
3. Application(s) running on PBX/VOIP systems: Applications that run on the actual PBX or VOIP system. E.g. Contact Centre, Communication Manager.
4. Contact Detail: Of the person from with the organisation responsible for telephone maintenance full Contact details including full name, job title, direct contact number and direct email address.

Also if the contract is due to expire please provide me with the likely outcome of the expiring contract.

If this is a new contract or a new supplier please can you provide me with a short list of suppliers that bid on this service/support contract?

I’m happy to receive this information on an email.

Response

This email is to acknowledge and respond to your Freedom of Information request dated 02 September 2019. For ease I have include our response in your email.

Request

Last year Scotland’s Auditor General said Nicola Sturgeon’s government needed to be more open about its loans to private firms. In the last few days a similar announcement was made, saying that Parliament needed better information to be able to better scrutinise ministers' financial decision-making and to ensure value for money is achieved from a limited budget pot.

What methods does the auditor general use to monitor the response to her reviews and will she publish all correspondence to and from the Scottish government on this matter.

Response

This email is in response to your Freedom of Information request dated 28 September 2019.

Each year, Audit Scotland carries out the audit of the Scottish Government’s consolidated accounts on behalf of the Auditor General for Scotland. In conducting the audit, auditors are required to make judgements on four key areas: financial management, financial reporting, governance and transparency and value for money as outlined in the Code of Audit Practice. In our report on the 2017/18 audit of the Scottish Government consolidated accounts, we reported that:

“There is a need for the Scottish Government to be more transparent about its overall approach in providing significant public funds to support private companies. While the business cases for loan support were clear, there is no framework in place to support the Government's decision making or approach in providing loans to private companies. The Scottish Government should develop a framework that clearly outlines its role in financial interventions in private companies to support decision making over where, when and at what level to invest. Such a framework should provide clear information on financial capacity, risk tolerance and expected outcomes. In doing so, the Scottish Government will provide the Parliament with greater assurance and better information over its strategic objectives in entering these agreements and allow for greater scrutiny of the risks and opportunities that exist, including the opportunity costs involved.”

In our 2018/19 audit, we considered progress against this recommendation. We found that the Scottish Government had not yet published a framework in line with our recommendation. We reported this to the Scottish Government in our draft report on 11 September 2019. The draft report included the following text:

“In recent years, the Scottish Government has taken a direct role in providing financial support to private companies. In 2018/19, the Scottish Government provided a further loan of £30 million to Ferguson Marine Engineering Limited (FMEL) in addition to a loan of £15 million in 2017/18. The Scottish Government impaired the value of the loans to nil at the end of the financial year due to the challenging financial position of FMEL. The valuation of loans and guarantees to other private companies, such as Burntisland Fabrications Ltd and Prestwick Airport, also declined significantly during 2018/19. The Scottish Government has not yet implemented my recommendation to develop a framework to clearly outline its role in financial interventions in private companies.” And…

“The Scottish Government has not yet implemented a framework to clearly outline its role in financial interventions in private companies. Last year, I highlighted the need for the Scottish Government to be more transparent about its overall approach in providing significant public funds to support private companies. This included a recommendation that the Scottish Government should develop a framework that clearly outlines its role in financial interventions in private companies to support decision making over where, when and at what level to invest. Such a framework should provide clear information on financial capacity, risk tolerance and expected outcomes. In doing so, the Scottish Government will provide the Parliament with greater assurance and better information over its strategic objectives in entering these agreements and allow for greater scrutiny of the risks and opportunities that exist, including the opportunity costs involved.” And…

“My audit work has highlighted areas for improvement to help support the Parliament and the public in their scrutiny of public finances in this new environment. This includes recommendations from previous audit work where action remains outstanding. The Scottish Government should:

• Develop a framework outlining its role in financial interventions in private companies covering financial capacity, risk tolerance and expected outcomes.”

On 18 September 2019, we received back comments on the draft report from the Scottish Government. In relation to the points above, the Scottish Government made the following comment:

“The response to the recommendation referenced in this paragraph noted that:

• Scottish Ministers make decisions in accordance with policy objectives and alignment with the Government Economic Strategy and to respond to particular, often rapidly evolving, needs and circumstances.
• While there is not a specific framework for decision-making on situations of financial intervention, the decision-making in relation to private companies takes place within the SG’s overall governance arrangements and in particular the framework in the Scottish Public Finance Manual for all decisions on the use of resources to ensure regularity, propriety and value for money (as summarised in the Medium Term Financial Strategy published in May 2018):
• Internal guidance already exists to steer decision-making by Accountable Officers in making recommendations to Ministers in business intervention situations, taking account of the policy and legislative frameworks/guidance set out above.

The commitment was that this internal guidance would be revised for publication as part of the wider review of the Scottish Public Finance Manual that was underway. Updates to SGAAC have informed of progress in sharing and refining material in the light of experience and the guidance is now published within the Scottish Public Finance Manual and is available at: https://www.gov.scot/publications/scottish-public-finance-manual/borrowing-lending-and-investment/borrowing-lending-and-investment/

Grateful if this paragraph could be removed or changed to acknowledge this, please. Perhaps wording along the following lines:

“The Scottish Public Finance Manual (SPFM) was updated in August 2019, as part of a wider quarterly update, to include the additional considerations incumbent on Accountable Officers and satisfying the previous year's audit recommendation. The SPFM is the most appropriate vehicle with which to set out these considerations as it sets the wider framework for "the proper handling and reporting of public funds".”

Details of our final judgement can be found in the 2018/19 audit of consolidated accounts report, specifically page 5 and paragraph 26.

Request

I am writing to you to ask for a copy of the Guidance Document that you provide to Local Authorities, pertaining to the Local Authority borrowing from the PWLB (using the certainty rate discount) in order to use these funds to lend on to communities looking to invest via Community Shared Ownership into a Local Windfarm Development, in the current non-subsidy world, in order that we, the affected local communities can determine whether or not AB Council's position matches Audit Scotland's guidance on the matter.

Response

In your email dated 5 February you ask 'I am writing to you to ask for a copy of the Guidance Document that you provide to Local Authorities, pertaining to the Local Authority borrowing from the PWLB (using the certainty rate discount) in order to use these funds to lend on to communities looking to invest via Community Shared Ownership into a Local Windfarm Development, in the current non-subsidy world, in order that we, the affected local communities can determine whether or not AB Council's position matches Audit Scotland's guidance on the matter'.

Audit Scotland have not produced guidance on this matter and therefore under section 17 of Freedom of Information (Scotland) act 2002 I must inform you that we do not hold the information requested.

The reason Audit Scotland has not produced guidance on this is that guidance on Local authority borrowing is covered by the Finance circular 5/2010, The Local Authority (Capital Finance and Accounting) Scotland) 2016 and CIPFA The Prudential Code for Capital Finance in Local Authorities.

Audit Scotland’s interest is for councils to act in accordance with their statutory powers while observing supporting professional codes of practice. The Finance circular 5/2010 allows councils to invest in a range of investments, including the investment of temporary surplus funds, shareholdings in companies, loans to group undertakings and third parties. The Local Authority (Capital Finance and Accounting) Scotland) 2016 Regulations provide the power for councils to borrow to make these investments.

The 2016 regulations require councils to have regard to the CIPFA The Prudential Code for Capital Finance in Local Authorities when exercising their powers to borrowing is subject to compliance with the requirements of the this Code.

Request

Please can you provide the following data for each of the past 5 years.

The number of (a) domestic and (b) international flights taken by staff in each of the last 5 years.

Please provide all information held relating to the above request, including but not exclusively all information held in the following formats: email, internal messaging, hardcopy, letter, file, report, graphic and publication.

Please provide the information electronically in the form of word, excel, PDF or image, and if that is not possible please send me paper copies (printed, photocopied or otherwise) at the address supplied.

If it is not possible to provide the information requested due to the information exceeding the cost of compliance limits identified in Section 12, please provide advice and assistance, under your Section 16 obligations, as to how I can refine my request to be included in the scope of the Act. I reserve the right to appeal any decision not to supply the information requested.

In any case, if you can identify any way that my request could be refined please provide further advice and assistance to indicate this.

I look forward to your response within 20 working days, as stipulated by the Act.

Response

In response to your freedom of information request dated 6 February we have the following information on the flights taken. Please note that the data for 2019/20 is not yet available so I have provideD the last five years data that we have. Our mix of domestic and international fluctuates from year to year. For example, in 2014/15 several of our international flights were to fulfil our role in United Nations work to develop public audit in the Balkans, and in 2018/19, 64 per cent of our air travel was domestic flights to the Scottish islands.

Flights taken

Request

Section 69 of the Scotland Act 1998 provides for Her Majesty to appoint an Auditor-General for Scotland on the nomination of the Scottish Parliament.

I am therefore writing under the Freedom of Information (Scotland) Act 2002 to request a copy of the Royal Warrant (or Letters Patent, or similar) appointing the current Auditor-General.

Response

This email is to acknowledge and respond to your Freedom of Information request dated 24 February 2020. The Royal Warrant is a large document and I am unable to copy it but I have attached a picture which I hope is of use. Alternatively if you would like to make an appointment to see the document this can be arranged. The document is in our Edinburgh office and the address is included in my signature below.(Photograph available on request)

Request

Can I please make a request under the Freedom of Information Act and I would like to request the following information about the organisation’s Local Area Network (LAN) environment. You may have received the same request in the past and this information sent has now expired and I require an update as soon as possible.

Please can you send me the organisation’s Local Area Network (LAN) contract, which may include the following:

• Support and Maintenance- e.g. switches, router, software etc
• Managed- If this includes services than just LAN.
  1. Contract Type: Managed or Maintenance
  2. Existing Supplier: Who is the current supplier?
  3. Annual Spend for each supplier: What is the annual average spending on the supplier above? If there is more than one supplier please split the annual averages spend for each supplier.
  4. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
  5. Number of Sites: The number of sites, where equipment is supported by each contract.
  6. Hardware Brand: What is the hardware brand of the LAN equipment?
  7. Contract Description: Please provide me with a brief description of the overall contract.
  8. Contract Duration: What is the duration of the contract is and can you please also include any extensions this may include.
  9. Contract Expiry Date: When does the contract expire?
  10. Contract Review Date: When will the organisation is planning to review the contract?
  11. Responsible Officer: Contact details including name, job title, contact number and email address?

If the LAN maintenance is included in-house please include the following information:

1. Hardware Brand: What is the hardware brand of the LAN equipment?
2. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
3. Number of Sites: Estimated/Actual number of sites the LAN covers.
4. Responsible Officer: Who within the organisation is responsible for LAN please provide me with contact details including name, job title, contact number and email address?

If the contract is managed by a 3rd party e.g. Can you please provide me with

1. Existing Supplier: Who is the current supplier?
2. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
3. Number of Sites: Estimated/Actual number of sites the LAN covers.
4. Contract Type: Managed, Maintenance, Installation, Software
5. Hardware Brand: What is the hardware brand of the LAN equipment?
6. Contract Description: Please provide me with a brief description of the overall contract.
7. Contract Duration: What is the duration of the contract is and can you please also include any extensions this may include.
8. Contract Expiry Date: When does the contract expire?
9. Contract Review Date: When will the organisation is planning to review the contract?
10. Responsible Officer: Who within the organisation is responsible for each of these contract(s) please provide me with contact details including name, job title, contact number and email address?

Response

This email is in response to your Freedom of Information request dated 24 February 2020. For ease I have included our response in your email below.

The Freedom of information (Scotland) Act 2002 allow for the application of exemptions and I have applied Section 30 (c) prejudice to effective conduct of public affairs to some of the information requested. The information is withheld as we are seeing a significant increase in targeted attacks specific to some brands/software and equipment. Providing the expiry of support would give information on when our network devices would be vulnerable for attack. Providing the name of the person who manages the network devices would make a targeted phishing attack more likely.

We have considered the Public interest test and whilst we acknowledge that this is of interest to you it is not in the wider public interest for Audit Scotland to be subject to the significant threat to our systems which enable the work we do.

• Support and Maintenance- e.g. switches, router, software etc
• Managed- If this includes services than just LAN.
  1. Contract Type: Managed or Maintenance
     Maintenance
  2. Existing Supplier: Who is the current supplier?
     Three suppliers names withheld as this information could be used to target attacks on our infrastructure and therefore damage our business
  3. Annual Spend for each supplier: What is the annual average spending on the supplier above? If there is more than one supplier please split the annual averages spend for
     Supplier 1 - None over past 3 years
     Supplier 2 - £800 over past 3 years
     Supplier 3 - £14,000 over past 3 years
  4. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
     350
  5. Number of Sites: The number of sites, where equipment is supported by each contract.
     38
  6. Hardware Brand: What is the hardware brand of the LAN equipment?
     Withheld under section 30 (c) Prejudice to effective conduct of public affairs . The release of the information is likely to be used to target attacks on our infrastructure when patching has expired. We are seeing a significant increase in targeted attacks specific to some brands/software and equipment. Providing the expiry of support would give information on when our network devices would be vulnerable for attack.
  7. Contract Description: Please provide me with a brief description of the overall contract.
     Supplier 3 - patching, support and migration support
  8. Contract Duration: What is the duration of the contract is and can you please also include any extensions this may include.
     Supplier 3 - 3 years
  9. Contract Expiry Date: When does the contract expire?
     Withheld under section 30 (c) Prejudice to effective conduct of public affairs . The release of the information is likely to be used to target attacks on our infrastructure when patching has expired. We are seeing a significant increase in targeted attacks specific to some brands/software and equipment. Providing the expiry of support would give information on when our network devices would be vulnerable for attack.
  10. Contract Review Date: When will the organisation is planning to review the contract?
      Withheld under section 30 (c) Prejudice to effective conduct of public affairs . The release of the information is likely to be used to target attacks on our infrastructure when patching has expired. We are seeing a significant increase in targeted attacks specific to some brands/software and equipment. Providing the expiry of support would give information on when our network devices would be vulnerable for attack.
  11. Responsible Officer: Contact details including name, job title, contact number and email address?
      info@audit.scot
      Please use the info@ email provided. The direct contact details are withheld under section 30 (c) Prejudice to effective conduct of public affairs . Providing the name of the person who manages the network devices will make a targeted phishing attack more likely.

If the LAN maintenance is included in-house please include the following information:

1. Hardware Brand: What is the hardware brand of the LAN equipment?
   Two hardware brands names withheld as this information could be used to target attacks on our infrastructure and therefore damage our business
2. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
   350
3. Number of Sites: Estimated/Actual number of sites the LAN covers.
   38
4. Responsible Officer: Who within the organisation is responsible for LAN please provide me with contact details including name, job title, contact number and email address?
   info@audit.scot
   Please use the info@ email provided. The direct contact details are withheld under section 30 (c) Prejudice to effective conduct of public affairs . Providing the name of the person who manages the network devices will make a targeted phishing attack more likely.

If the contract is managed by a 3rd party e.g. Can you please provide me with

1. Existing Supplier: Who is the current supplier?
   N/A
2. Number of Users: Please can you provide me with the number of users this contract covers. Approximate number of users will also be acceptable.
   N/A
3. Number of Sites: Estimated/Actual number of sites the LAN covers.
   N/A
4. Contract Type: Managed, Maintenance, Installation, Software
   N/A
5. Hardware Brand: What is the hardware brand of the LAN equipment?
   N/A
6. Contract Description: Please provide me with a brief description of the overall contract.
   N/A
7. Contract Duration: What is the duration of the contract is and can you please also include any extensions this may include.
   N/A
8. Contract Expiry Date: When does the contract expire?
   N/A
9. Contract Review Date: When will the organisation is planning to review the contract?
   N/A
10. Responsible Officer: Who within the organisation is responsible for each of these contract(s) please provide me with contact details including name, job title, contact number and email address?
    N/A

Request

I’m currently reviewing Best Value Audit reports on your site for local authorities/councils.

I’m looking to find out who the external auditor / partner auditor was with Audit Scotland for the reports detailed below.

Two of the reports that I have reviewed (1 and 4 below) specify the external auditor, the others do not.

1. Highland – January 2020 – Audit Scotland & Grant Thornton LLP
2. Scottish Borders - October 2019 - ?
3. Perth and Kinross – August 2019 - ?
4. Midlothian – Audit Scotland & Ernst & Young LLP
5. North Lanarkshire – May 2019 - ?
6. Stirling – April 2019 - ?
7. South Lanarkshire – March 2019 - ?
8. Glasgow City – August 2018 - ?

Are you able to provide me with the details of external auditor for 2,3,5,6,7 and 8 above?

Response

In response to your email dated 25 February the appointed auditor for each of the councils you listed are:

• Highland – Grant Thornton
• Scottish Borders – Audit Scotland - Gillian Woolman
• Perth & Kinross - KPMG
• Midlothian - EY
• North Lanarkshire – Audit Scotland - Brian Howarth
• Stirling – Audit Scotland - John Cornett
• South Lanarkshire – Audit Scotland - Fiona Mitchell Knight
• Glasgow City – Audit Scotland - John Cornett