1 Introduction

1.1 This paper sets out a proposed plan of work to be undertaken by the Internal Audit Service for the Combined Fire Authority for the coming financial year. The plan amounts to a total resource of 70 audit days, which equates to an overall cost of £23,450 (ex VAT) at our daily rate of £335.

1.2 The Audit Plan for 2023/24 has been prepared in accordance with the requirements of the Public Sector Internal Audit Standards (PSIAS). The PSIAS represent mandatory best practice for all internal audit service providers in the public sector. The PSIAS require that the internal audit service is delivered and developed in accordance with the internal audit charter, which accompanies this plan.

2 Roles and responsibilities

2.1 Responsibility for maintaining and reviewing the system of internal control and for implementing a system of governance and risk management rests with the Combined Fire Authority. However, the process by which the Annual Governance Statement is produced includes obtaining assurances on the effectiveness of key controls and internal audit provides one of the key sources of such assurance.

2.2 The Head of Internal Audit is required by professional standards to provide an opinion addressing governance, risk management and control and thereby to provide assurance that the risks to the objectives of Lancashire Combined Fire Authority are being adequately and effectively controlled.

2.3 The Audit Committee's terms of reference require it to review and approve the internal audit plan.

3 Production of the audit plan

3.1 An internal audit plan designed to provide the evidence necessary to support the opinion of the Head of Internal Audit needs to encompass coverage of the key components of each part of the opinion, namely, governance, risk management and control as well as sufficient coverage over operations as a whole either on an annual or periodic basis to enable production of a robust annual audit opinion.

3.2 Individual items are proposed for inclusion in the annual audit programme based on known changes to operational activity, systems or processes; and information obtained from our annual governance review, from our review of the corporate risk register and by liaising with the Director of Corporate Services to establish his view of those areas where independent assurance would be welcomed.

3.3 Where it is known that assurance will be provided from another body, (for example, His Majesty's Inspectorate of Constabulary and Fire and Rescue Services, or the external auditors), the Internal Audit Service will not duplicate work but will take it into account if it is relevant to the overall opinion on governance, risk management and control.

4 Degrees of assurance

4.1 For 2023/24 we will continue to categorise our assurance levels, using the following definitions:

Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall.

Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout the service, system or process.

Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of the service, system or process' objectives at risk.

No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve the service, system or process' objectives.

5 Deployment of audit resources

5.1 The plan is stated in terms of days input, which represents our best estimate of the way in which the audit resources will be deployed. The plan itself should however be viewed as a fluid document, with the specific content of individual reviews being subject to revision if required following the more detailed scoping meetings held with client management teams prior to formal commencement of individual audit reviews.

5.2 The content and outline scope of each audit within the plan, as well as an estimate of the number of audit days considered appropriate, is provided in the table below:

Audit review	Outline audit scope	Days
Governance and business effectiveness
Overall governance, risk management and control arrangements	In addition to the direct assurance gained from the individual audit assignments listed below, we will additionally gain assurance as follows: · We will consider the robustness of the risk management arrangements from our involvement and attendance at the meetings of the Audit Committee. · We will obtain assurance regarding the adequacy of governance arrangements, through our review of the minutes of key operational and decision-making boards across LFRS.	3
Service delivery and support
Equality Impact Assessments	The review will consider the adequacy and effectiveness of how Equality Impact Assessments are considered on all policy, practice, or decisions across the Lancashire Fire and Rescue Service.	10
Management of change within LFRS	The review will consider the adequacy and effectiveness of the management of change within the Lancashire Fire and Rescue Service. Specifically, how they measure benefits realised.	10
Business processes
Accounts payable	The audit will consider whether there are adequate and effective controls in place to ensure: · Compliance with financial regulations and the scheme of delegation. · Processes employed for the ordering, receipting and payment of goods and services are appropriate and efficient. · Inaccurate, illegitimate or duplicate orders/ invoices are not processed and paid.	9
Accounts receivable	The audit will consider whether there are adequate and effective controls in place to ensure: · Invoices are raised on a timely basis for all goods and services provided. · Invoices are cancelled or written off appropriately. · Income is correctly accounted for. · Debtors are actively managed so as to reduce the level of bad debts and loss of income.	6
General ledger	The audit will consider whether there are adequate and effective controls in place to ensure: · Access to the accounting systems is appropriately managed and controlled. · There are no unauthorised changes to the accounting records. · Financial data is complete, timely and accurate. · Misappropriations or errors are detected.	6
HR/ Payroll	The audit will consider whether there are adequate and effective controls in place to ensure: · Access to the HR and payroll systems is appropriately managed and controlled. · Key HR and payroll data and information is securely retained. · No unauthorised or invalid appointments have been made and valid appointments have been correctly established. · No unauthorised or inaccurate payments or adjustments to pay have been processed. · Staff are paid in a timely manner. · Payroll costs and deductions are correctly accounted for.	10
Treasury management	The audit will consider whether there are adequate and effective controls in place to ensure: · The regulatory framework/ internal treasury management strategy/ policy is followed. · Treasury management reports to members are accurate and clear. · Investment and borrowing decisions are based on accurate and complete cash flow forecasting data. · There is effective scrutiny of Treasury management activity by those charged with governance.	4
Follow up audit activity
· The reviews will incorporate a self-assessment by management of the progress made in implementing agreed actions; and · Selective test checking of controls introduced to address identified unmitigated risk.		2
Other components of the audit plan
Management activity	· Attendance at meetings of the Audit Committee. · Production of the annual audit plan. · Preparation of the Audit Committee monitoring reports. · Preparation of the annual report of the Head of Internal Audit. · Liaison with external audit. · Pension Assurance.	9
National Fraud Initiative	· Support to LCFA with the NFI data matching process as required.	1
Approved days		70