Letter to the Convener from Stephen Boyle, the Auditor General for Scotland, 21 December 2021
Dear Convenor
I am writing to inform you that I intend to publish a report under Section 22 of the Public Finance and Accountability (Scotland) Act 2000 on the 2020/21 audit of the Scottish Environment Protection Agency (SEPA). This relates to a cyber security incident that occurred on 24 December 2020 which compromised SEPA’s corporate and business systems. This incident has had a significant impact on SEPA’s ability to prepare and submit its annual report and accounts for audit, together with the information needed by the auditor to finalise their work.
The auditor gave a modified audit opinion on the annual report and accounts on 21 December 2021. Given the date of the conclusion of the audit, there is now insufficient time to allow me to fully consider the auditor’s findings, prepare the Section 22 report and conclude our clearance processes before the end of December. Consequently, SEPA will not be able to lay their annual report and accounts before Parliament in advance of the statutory laying deadline of 31 December 2021. We have agreed with SEPA that Scottish Ministers will now lay the SEPA annual report and accounts, together with the S22 report on 1 February 2022.
I, or members of my team, would be happy to discuss this matter further with you should you require more information.
Yours sincerely
Stephen Boyle Auditor General for Scotland