1 Purpose of this report

1.1 The Internal Audit Plan for 2023/24 was approved by the Audit Committee in March 2022. This report details the progress to date in undertaking the agreed coverage.

2 Internal audit work undertaken

2.1 To date, 1 day has been spent this financial year on completion of the 2023/24 plan. The table at section 3 below provides a summary of the assignments that comprise the 2022/23 audit plan.

2.2 Time spent between 1 April 2023 and 12 June 2023 in completing assignments from the 2022/23 audit programme, has been accounted for within the 2022/23 Annual Report of the Head of Internal Audit.

2.3 Since the 2022/23 audit plan was agreed, an additional Audit has been requested by the Director of Corporate Services on District Planning. The proposed additional resources that would be required for this is approximately 10 days and have been provisionally added to the Plan.

Use of this report

2.4 This report has been prepared solely for the use of Lancashire Combined Fire Authority and it would therefore not be appropriate for it or extracts from it to be made available to third parties other than the external auditors. We accept no responsibility to any third party who may receive this report, in whole or in part, for any reliance that they may place on it and, in particular, we expect the external auditors to determine for themselves the extent to which they choose to utilise our work.

3 Progress

Audit review	Audit days			Status	Assurance Opinion
Audit review	Planned	Actual	Variation	Status	Assurance Opinion
Governance and business effectiveness
Overall governance, risk management and control arrangements	3	0	3	Not started
Service delivery and support
Equality Impact Assessments	10	0	10	Started scoping	N/A
Management of change within LFRS	10	0	10	Not started	N/A
District Planning Activity (provisional)	10	0	10	Not started	N/A
Business processes
Accounts payable	9	0	9	Not started	N/A
Accounts receivable	6	0	6	Not started	N/A
General ledger	6	0	6	Not started	N/A
HR/ Payroll	10	0	10	Not started	N/A
Treasury management	4	0	4	Not started	N/A
Follow up audit activity
Follow up activity	2	0	2	Not started	N/A
Other components of the audit plan
Management activity	9	1	8	Ongoing
National Fraud Initiative	1	0	1	Ongoing
Total	80	1	79

Audit assurance levels and residual risks Appendix 1

Note that our assurance may address the adequacy of the control framework's design, the effectiveness of the controls in operation, or both. The wording below addresses all of these options and we will refer in our reports to the assurance applicable to the scope of the work we have undertaken.

˜ Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall.

˜ Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout.

˜ Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk.

˜ No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives.

Classification of residual risks requiring management action

All actions agreed with management are stated in terms of the residual risk they are designed to mitigate.

Extreme residual risk: critical and urgent in that failure to address the risk could lead to one or more of the following: catastrophic loss of the LRFS services, loss of life, significant environmental damage or significant financial loss, with related national press coverage and substantial damage to the LRFS reputation. Remedial action must be taken immediately.

High residual risk: critical in that failure to address the issue or progress the work would lead to one or more of the following: failure to achieve organisational objectives, significant disruption to the LRFS business or to users of its services, significant financial loss, inefficient use of resources, failure to comply with law or regulations, or damage to the LRFS reputation. Remedial action must be taken urgently.

Medium residual risk: failure to address the issue or progress the work could impact on operational objectives and should be of concern to senior management. Prompt specific action should be taken.

Low residual risk: matters that individually have no major impact on achieving the service's objectives, but when combined with others could give cause for concern. Specific remedial action is desirable.