Internal Audit Service

1.1. This report supports Audit Committee's responsibility under its terms of reference to consider performance reports from internal audit on progress with delivery of the 2022/23 audit plan, agreed at the March 2022 Committee meeting.

1.2. We are grateful for the assistance that has been provided to us in the course of our work.

2. Summary of progress against the 2022/23 audit plan

2.1. Work carried out during the period 1 April 2022 to 9 November 2022 was in accordance with the agreed audit plan. To date, 18.25 days have been spent this financial year on completion of the 2022/23 plan, equating to 26% of the total planned audit activity of 70 days. The table below shows the current status of all audit work.

No areas of concern have come to our attention in conducting our assurance work to date that requires bringing to the attention of committee members.

Audit review	Audit days			Status	Assurance Opinion
Audit review	Planned	Actual	Variation	Status	Assurance Opinion
Governance and business effectiveness
Overall governance, risk management and control arrangements	3	0.25	2.75	Progressing	N/A
Service delivery and support
Recruitment	12	1	11	Progressing	N/A
Carbon Management Arrangements	12	0	12	Not Started	N/A
Business processes
Accounts payable	8	0	8	Not started	N/A
Accounts receivable	5	0	5	Not started	N/A
General ledger	5	0	5	Not started	N/A
HR/ Payroll	9	8	1	Completed	˜ Substantial
Pensions administration	1	0	1	Not started	N/A
Treasury management	4	4.5	(0.5)	Completed	˜ Substantial
Follow up audit activity
Training, Learning and Development	1	2	(1)	Progressing	N/A
Management of On Call provision	1	0	1	Not started	N/A
Other components of the audit plan
Management activity	8	2.5	5.5	N/A
National Fraud Initiative	1	0	1	N/A

3. Extracts from Audit Reports

3.1. Extracts of assurance summaries are shown below.

Treasury Management

Overall assurance rating	Audit findings requiring action
˜	Extreme	High	Medium	Low
Substantial	0	0	0	0

LCFA has a Service Level Agreement with Lancashire County Council (LCC) for the provision of a treasury management service. This includes cash flow management, investment of cash balances and the arrangement of borrowing. We can provide substantial assurance on the controls operating over treasury management. The system of control is adequately designed and effectively operated. There are no actions proposed in this report. The Treasury Management Strategy provides a framework for treasury management activity and the strategy has been followed by officers during the period covered by our review.

Human Resources & Payroll

Overall assurance rating	Audit findings requiring action
˜	Extreme	High	Medium	Low
Substantial	0	0	0	0

The review considered the adequacy and effectiveness of the controls in place within the Payroll and Human Resources (HR) service, to mitigate the risks of fraudulent and unauthorised appointments or payments and unauthorised access to the HR and payroll systems and records. A monthly managed payroll service is provided by Greater Manchester Fire and Rescue Service (GMFRS) using the Midland i-Trent payroll system, via a delegation of function, Lancashire Fire and Rescue Service (LFRS) HR and Payroll teams retain responsibility for the quality of data and the input of payroll information into the Midland i-Trent system. A strong control environment exists over HR and payroll processes, to ensure that valid appointments have been correctly established and the right amount is paid to individuals at the right time. Monitoring arrangements are in place to prevent and detect any anomalies or errors that might arise. A good working relationship is also in place with the payroll provider.

Audit assurance levels and classification of residual risk

Note that our assurance may address the adequacy of the control framework's design, the effectiveness of the controls in operation, or both. The wording below addresses all of these options and we will refer in our reports to the assurance applicable to the scope of the work we have undertaken.

˜ Substantial assurance: the framework of control is adequately designed and/ or effectively operated.

˜ Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout.

˜ Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk.

˜ No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives.

Classification of residual risks requiring management action

All actions agreed with management are stated in terms of the residual risk they are designed to mitigate.

Extreme residual risk: critical and urgent in that failure to address the risk could lead to one or more of the following: catastrophic loss of the county council's services, loss of life, significant environmental damage or significant financial loss, with related national press coverage and substantial damage to the council's reputation. Remedial action must be taken immediately.

High residual risk: critical in that failure to address the issue or progress the work would lead to one or more of the following: failure to achieve organisational objectives, significant disruption to the council's business or to users of its services, significant financial loss, inefficient use of resources, failure to comply with law or regulations, or damage to the council's reputation. Remedial action must be taken urgently.

Medium residual risk: failure to address the issue or progress the work could impact on operational objectives and should be of concern to senior management. Prompt specific action should be taken.

Low residual risk: matters that individually have no major impact on achieving the service's objectives, but when combined with others could give cause for concern. Specific remedial action is desirable.