Lancashire Combined Fire Authority
Internal Audit Service Charter
1 Introduction
1.1 This charter establishes the framework within which Lancashire County Council’s Internal Audit Service operates to best serve the Combined Fire Authority and to meet its professional obligations under applicable professional standards. It defines the purpose, authority and responsibility of internal audit activity, establishes the Internal Audit Service's position in relation to the Combined Fire Authority; authorises access to records, personnel and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.
1.2 It will be subject to periodic review by the head of internal audit and presented to the Audit Committee for approval.
2 Relevant regulations and interpretation
2.1 The requirement for an internal audit function in local government is set out in the Accounts and Audit Regulations 2015 ('the Regulations').
"Internal audit: A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes taking into account public sector internal auditing standards or guidance."
Regulation 5. (1)
Accounts and Audit Regulations 2015
2.2 Accounts and Audit (Amendment) Regulations 2022 The Chartered Institute of Public Finance and Accountancy (CIPFA) is the relevant standard setter for internal audit in local government in the United Kingdom. CIPFA has published Public Sector Internal Audit Standards ('PSIAS'), which encompass the Mission of Internal Audit and the mandatory elements of the Global Institute of Internal Auditors' International Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards and the Definition of Internal Auditing).These documents are therefore mandatory for internal audit in local government in the United Kingdom, and they are supplemented within PSIAS by additional public sector interpretation and guidance. CIPFA has also published a Local Government Advisory Note setting out sector-specific requirements for local government within the United Kingdom.
2.3 Lancashire County Council's Internal Audit Service therefore operates in accordance with this mandatory definition, code, standards and advice.
2.4 Section 151 of the Local Government Act 1972 states that every local authority in England and Wales, which includes Combined Fire Authorities should "make arrangements for the proper administration of their financial affairs and shall secure that one of their officers has responsibility for the administration of those affairs". In its Statement on the Role of the Chief Financial Officer in Local Government CIPFA has defined ‘proper administration’ as including compliance with the statutory requirements for accounting and internal audit. It also requires the person fulfilling the role of Chief Finance Officer to ensure an effective internal audit function is resourced and maintained.
3 Definitions
3.1 Both the Global Institute of Internal Auditors and PSIAS set out the following definition of internal auditing:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
Global Institute of Internal Auditors, and
Public Sector Internal Audit Standards, 2017
3.2 The Global Institute of Internal Auditors and PSIAS also refer to the 'board' and 'senior management' and PSIAS recognise that these terms need to be interpreted in the context of the Combined Fire Authority's own governance arrangements.
3.3 PSIAS defines the board as:
"The highest level of governing body charged with the responsibility to direct and/ or oversee the activities and management of the organisation. […] ‘Board’ may refer to an audit committee to which the governing body has delegated certain functions."
Public Sector Internal Audit Standards, 2017
3.4 In relation to the Combined Fire Authority, the board is defined as the Audit Committee.
3.5 Senior management is represented by the Executive Board which consists of the Chief Fire Officer, the Deputy and Acting Assistant Chief Fire Officers, the Director of Corporate Services/Treasurer and the Director of People and Development.
3.6 PSIAS also refers to the 'chief audit executive' who is deemed to be the head of internal audit.
4 Responsibilities
4.1 The Regulations set out that the Combined Fire Authority must ensure that it has a sound system of internal control which facilitates the effective exercise of its functions and the achievement of its aims and objectives; ensures that financial and operational management is effective; and includes effective arrangements for the management of risk.
4.2 The Combined Fire Authority has taken the decision to outsource internal audit provision to Lancashire County Council's Internal Audit Service. However, responsibility for maintaining an adequate and effective system of internal audit remains with the Combined Fire Authority.
4.3 It is the role of the Internal Audit Service to provide independent assurance that these risk management, control and governance processes are adequately designed and effectively operated. PSIAS make clear that the provision of this assurance is internal audit's primary role and that this requires the head of internal audit to provide an annual opinion based on an objective assessment of the framework of governance, risk management and control.
4.4 This assessment will be supported by the identification, analysis, evaluation and documentation of sufficient information on each individual audit assignment, and the completion of sufficient assignments to support an overall opinion for the organisation as a whole. The scope of internal audit's work therefore encompasses all of the functions, services and activities of the Combined Fire Authority.
4.5 The requirement to be independent and objective means that the Internal Audit Service cannot assume management responsibility for risk management, control or governance processes. However, the Internal Audit Service may support management by providing consultancy services. These are advisory in nature and are generally performed at the specific request of the organisation, with the aim of improving governance, risk management and control. They will also contribute to the overall assurance opinion.
4.6 Accountability for responses to the Internal Audit Service’s advice and recommendations for action lies with senior management, who either accept the advice or accept the risks associated with not taking action. Audit advice, including where the Internal Audit Service has been consulted about significant changes to internal control systems, is given without prejudice to the right of the Internal Audit Service to review and recommend further action on the relevant policies, procedures, controls and operations at a later date.
4.7 The head of internal audit will provide an annual report incorporating an overall opinion, a summary of the work that supports that opinion, and a statement of conformity with PSIAS and the results of the quality assurance and improvement programme.
4.8 A note of the responsibilities of senior management and the Audit Committee ('the board') in relation to the internal audit function are set out in the appendix to this charter. The Internal Audit Service's responsibilities are set out in PSIAS, and these are supported by detailed operational policies and procedures that are regularly reviewed and updated as necessary.
5 Independence, objectivity, and integrity
5.1 The Internal Audit Service remains independent of the other functions of the Combined Fire Authority and no member of the Internal Audit Service has any executive or operational responsibilities. Auditors are expected to deploy impartial and objective professional judgement in all their work.
5.2 The Internal Audit Service’s work programme and priorities are determined in consultation with senior management and the Audit Committee but remain a decision for the head of internal audit. The head of internal audit and audit manager have direct access to and freedom to report in their own names and without fear or favour to all officers and members, and specifically the Audit Committee. They have the formal opportunity prior to each committee meeting to meet with the chair of the Audit Committee.
5.3 All auditors make an annual declaration of their interests and update this during the year as necessary, and where any auditor has a real or perceived conflict of interest this is managed to maintain the operational independence of the service as a whole. If independence or objectivity are impaired in fact or appearance, then the nature of the impairment is disclosed as appropriate. The head of internal audit makes an annual declaration that the internal audit function is operationally independent.
5.4 All auditors also make an annual declaration that they have read and are aware of the obligations placed on them by the Public Sector Internal Audit Standards and, specifically the Code of Ethics. They each acknowledge that they must adhere to the Code of Ethics and demonstrate integrity, objectivity, competence and confidentiality in the discharge of all their duties.
6 Reporting lines and relationships
6.1 The head of internal audit and audit manager report functionally to the Audit Committee and have direct access to senior management of Lancashire Fire and Rescue Service.
6.2 The head of internal audit and the audit manager have, in addition, access to the chair of the Audit Committee which meets at least four times each year, and the head of internal audit or the audit manager reports to each meeting of that committee under its terms of reference. The Audit Committee is responsible for approving the annual audit plan.
6.3 The head of internal audit and, the Internal Audit Service as a whole, adhere to the requirements of CIPFA's Statement on the Role of the Head of Internal Audit.
7 Access to information
7.1 The Internal Audit Service has the right of unrestricted and direct access to the records (however held), assets, premises and officers of Lancashire Fire and Rescue Service. The Internal Audit Service has the authority to obtain all such information and explanations as it considers necessary to fulfil its responsibilities.
7.2 Internal auditors respect the value and ownership of information they receive and the reports they produce, and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. They are prudent in the use and protection of information acquired in the course of their duties and shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the Combined Fire Authority's legitimate and ethical objectives.
8 Internal audit resources
8.1 The Treasurer of the Combined Fire Authority is responsible for ensuring that internal audit resources are sufficient to meet their responsibilities and achieve their objectives. If the head of internal audit or the Audit Committee considers that the level of audit resources or the terms of reference in any way limits the scope of internal audit or prejudices the ability of the Internal Audit Service to deliver a service consistent with its statutory and related requirements, they will advise the Combined Fire Authority accordingly.
8.2 The Combined Fire Authority determines through its budget the number of audit days in the annual audit plan. The Internal Audit Service's resources are therefore deployed to meet an annual audit plan that pays regard to the relative risks accepted, and levels of assurance required, by the Combined Fire Authority and the Audit Committee.
9 Competency
9.1 The head of internal audit and audit managers are required to hold appropriate professional audit qualifications. These are defined as full membership of one of the institutes of the Consultative Committee of Accountancy Bodies or full professional membership of the Chartered Institute of Internal Auditors. It is expected that senior auditors will either hold, or be close to and actively working towards, full professional qualification but, exceptionally, they may be qualified by experience at a demonstrably professional level.
9.2 The county council’s performance and development opportunities are applicable to all staff within the Internal Audit Service, which supports continuous staff performance appraisal and development.
10 Quality assurance and improvement
10.1 The head of internal audit operates a quality assurance and improvement programme that both monitors the on-going performance of internal audit activity and periodically assesses the Internal Audit Service's compliance with PSIAS. This includes both internal and external assessments and is set out in a separate Quality Assurance and Improvement Programme.
10.2 The results of the quality assurance and improvement programme including any areas of non-conformance with PSIAS are reported annually to senior management and the Audit Committee. This report will include information regarding:
· The scope and frequency of both the internal and external assessments.
· The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest.
· Conclusions of assessors.
· Corrective action plans.
11 Non-audit work
11.1 PSIAS recognises that the Internal Audit Service may go beyond the work needed to meet its assurance responsibilities and provide services to support management, including consultancy services. Such services apply the professional skills of internal audit and contribute to the overall assurance opinion.
11.2 Lancashire County Council's Internal Audit Service facilitates the Combined Fire Authority's participation in the National Fraud Initiative, which matches data from Lancashire Fire and Rescue Service's information systems with information held by other bodies to identify potentially fraudulent activity.
11.3 The Internal Audit Service is not responsible for the prevention or detection of fraud and corruption. Managing the risk of fraud and corruption is the responsibility of management. Internal auditors will, however, be alert in all their work to risks and exposures that could allow fraud or corruption and to any indications that fraud and corruption may have occurred. Internal audit procedures alone, even when performed with due professional care, cannot guarantee that fraud or corruption will be detected.
11.4 The head of internal audit or the audit manager should be informed of all suspected or detected fraud, corruption or impropriety and will consider the implications for her opinion on the adequacy and effectiveness of the relevant controls, and the overall internal control environment.
Responsibilities In Relation to The Internal Audit Function
The Executive Board ('senior management') of Lancashire Fire and Rescue Service will:
· Consider the Internal Audit Charter, including the internal audit function's purpose and authority, and the mandatory elements of the International Professional Practices Framework.
· Consider, and contribute to the development of the risk-based internal audit plan, supporting its completion within the organisation.
· Make appropriate enquiries to determine whether there are inappropriate scope and/ or resource limitations to the internal audit function.
· Receive and consider the results of the quality assurance and improvement programme, including areas of non-conformance with PSIAS.
The Audit Committee ('the board') will:
· Consider and approve the Internal Audit Charter.
· Consider and approve the risk-based internal audit plan, including the Internal Audit Service’s approach to using other sources of assurance and any work required to place reliance upon those other sources.
· Approve significant interim changes to the risk-based internal audit plan and resource requirements.
· Make appropriate enquiries of senior management and the head of internal audit to determine whether there are inappropriate scope and/ or resource limitations to the internal audit function.
· Receive reports from the head of internal audit on the Internal Audit Service's performance and audit findings, including the head of internal audit's annual report and overall opinion for the year.
· Receive and consider the results of the quality assurance and improvement programme, including areas of non-conformance with PSIAS, considering whether the non-conformance is significant enough that it must be included in the annual governance statement.
· Consider and approve any significant consulting services not already included in the audit plan, in light of any potential impairments to the auditors' independence or objectivity.