Appendix 1
Lancashire Combined Fire Authority
Internal Audit Service monitoring report: period ended 13 November 2023
1 Purpose of this report
1.1 The Internal Audit Plan for 2023/24 was approved by the Audit Committee in March 2023. This report details the progress to date in undertaking the agreed coverage.
2 Internal audit work undertaken
2.1 Work carried out during the period 1 April 2023 to 11 November 2023 was in accordance with the agreed audit plan. To date, 22 days have been spent this financial year on completion of the 2023/24 plan, equating to 28% of the total planned audit activity of 80 days. The table below shows the current status of all audit work.
2.2 No areas of concern have come to our attention in conducting our assurance work to date that requires bringing to the attention of committee members.
|
Audit review |
Audit days
|
Status |
Assurance Opinion |
||
|
Planned |
Actual |
Variation |
|||
|
Governance and business effectiveness |
|||||
|
Overall governance, risk management and control arrangements |
3 |
1 |
2 |
Ongoing This is ongoing by the Audit Manager within the year. |
|
|
Service delivery and support |
|||||
|
Equality Impact Assessments |
10 |
9 |
1 |
Draft Report shared with client |
N/A |
|
Management of change within LFRS |
10 |
9 |
1 |
Final
|
˜ Substantial |
|
District Planning Activity |
10 |
0.5 |
9.5 |
Progressing: Scope agreed and testing started
|
N/A |
|
Business processes |
|||||
|
Accounts payable |
9 |
0 |
9 |
Not started |
N/A |
|
Accounts receivable |
6 |
0 |
6 |
Not started |
N/A |
|
General ledger |
6 |
0 |
6 |
Not started |
N/A |
|
HR/ Payroll |
10 |
0 |
10 |
Progressing: Scope agreed and detailed testing starting end of November |
N/A |
|
Treasury management |
4 |
0 |
4 |
Not started |
N/A |
|
Follow up audit activity |
|||||
|
Follow up activity |
2 |
0 |
2 |
Not started There is only KFS actions which will be picked up in the main KFS audit. |
N/A |
|
Other components of the audit plan |
|||||
|
Management activity |
9 |
2.5 |
6.5 |
Ongoing: This is ongoing by the Audit Manager within the year. |
|
|
National Fraud Initiative |
1 |
0 |
1 |
||
|
Total |
80 |
22 |
58 |
|
|
3 Extracts from AuditReports
3.1 Extracts of assurance summaries are shown below
Management of Change within LFRS
|
Overall assurance rating |
Audit findings requiring action |
||||
|
˜ |
Extreme |
High |
Medium |
Low |
|
|
Substantial |
0 |
0 |
0 |
0 |
|
|
See Appendix A for Rating Definitions
|
|||||
|
Overall, we can provide substantial assurance on the adequacy & effectiveness of the management of the change process within Lancashire Fire and Rescue Service (LFRS), and how they measure benefits realised for the projects and programmes that have been implemented. Service Order Administration 130 – Project Management lays out the governance structure and the roles and responsibilities for those individuals who will be involved in the implementation of the project. Additionally, LFRS has developed a new guidance document which is intended to be used as a step-by-step guide for project managers and those who may be new to the role. All the staff within the Corporate Planning and Programmes team have completed the Prince 2 foundation and practitioners training. Historically, staff who could take on the role of Project Manager were all offered Prince 2 foundation training. However, due to unforeseen circumstances the courses have not been undertaken for newly promoted or appointed staff for a few years. To address this the Corporate Policy and Programmes Manager is currently in the process of reviewing a one-day training course through the Knowledge Academy. The course is expected to be implemented before the end of the calendar year. Approvals and authorisation of the initial go ahead of the project and other subsequent approvals or authorisations that may be required whilst the project is on-going is through the Executive Board or Corporate Programme Board. Once the project has started, the operation and the implementation of the project is managed through regular project meetings, checkpoint reporting and health reports, which are then reported to the Programme Board as well as the Corporate Programme Board. The Corporate Policy and Programme Manager has populated a draft evaluation framework which is currently out for internal consultation. Many projects do complete some form of evaluation, but this will provide some consistency in approach going forward. Benefits realised analysis would be picked up in both the closure report and the post implementation review report. LFRS was inspected by Her Majesty's Inspectorate of Constabulary and Fire & Rescue Service in July 2022 in relation to the service’s effectiveness, efficiency and people. The report congratulated LFRS in its excellent performance in keeping people safe and secure from fires and other risks. The report also highlighted and complimented the implementation of the changes that the service has made since the last inspection, providing Internal Audit with assurance of the effectiveness of how the service identifies changes and implements them. The report considered several areas and LFRS received "Good" in all aspects that were reviewed, however there were two "areas of improvement" which if implemented would also benefit the "management of change" process. The evaluation draft framework mentioned above contributes to addressing these two actions. |
|||||
Audit assurance levels and residual risks Appendix A
Note that our assurance may address the adequacy of the control framework's design, the effectiveness of the controls in operation, or both. The wording below addresses all of these options and we will refer in our reports to the assurance applicable to the scope of the work we have undertaken.
˜ Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall.
˜ Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout.
˜ Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk.
˜ No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives.
Classification of residual risks requiring management action
All actions agreed with management are stated in terms of the residual risk they are designed to mitigate.
|
|
Extreme residual risk: critical and urgent in that failure to address the risk could lead to one or more of the following: catastrophic loss of the LRFS services, loss of life, significant environmental damage or significant financial loss, with related national press coverage and substantial damage to the LRFS reputation. Remedial action must be taken immediately.
|
|
High residual risk: critical in that failure to address the issue or progress the work would lead to one or more of the following: failure to achieve organisational objectives, significant disruption to the LRFS business or to users of its services, significant financial loss, inefficient use of resources, failure to comply with law or regulations, or damage to the LRFS reputation. Remedial action must be taken urgently.
|
|
Medium residual risk: failure to address the issue or progress the work could impact on operational objectives and should be of concern to senior management. Prompt specific action should be taken.
|
|
Low residual risk: matters that individually have no major impact on achieving the service's objectives, but when combined with others could give cause for concern. Specific remedial action is desirable.