1 Introduction

1.1 The plan amounts to a total resource of 70 audit days. To ensure that the fees charged reflect the resource costs incurred the auditor and manager will be charged at different rates. The daily rate for auditors will be £380 and audit managers £450. The approximate overall cost for 2024/25 will be £28,280. Addendum 1 shows how this has been calculated.

1.2 The Audit Plan for 2024/25 has been prepared in accordance with the requirements of the Public Sector Internal Audit Standards (PSIAS). The PSIAS represent mandatory best practice for all internal audit service providers in the public sector. The PSIAS require that the internal audit service is delivered and developed in accordance with the internal audit charter, which accompanies this plan.

2 Roles and responsibilities

2.1 Responsibility for maintaining and reviewing the system of internal control and for implementing a system of governance and risk management rests with the Combined Fire Authority. However, the process by which the Annual Governance Statement is produced includes obtaining assurances on the effectiveness of key controls and internal audit provides one of the key sources of such assurance.

2.2 The Head of Internal Audit is required by professional standards to provide an opinion addressing governance, risk management and control and thereby to provide assurance that the risks to the objectives of Lancashire Combined Fire Authority are being adequately and effectively controlled.

2.3 The Audit Committee's terms of reference require it to review and approve the internal audit plan.

3 Production of the audit plan

3.1 An internal audit plan designed to provide the evidence necessary to support the opinion of the Head of Internal Audit needs to encompass coverage of the key components of each part of the opinion, namely, governance, risk management and control as well as sufficient coverage over operations as a whole either on an annual or periodic basis to enable production of a robust annual audit opinion.

3.2 Individual items are proposed for inclusion in the annual audit programme based on known changes to operational activity, systems or processes; and information obtained from our annual governance review, from our review of the corporate risk register and by liaising with the Director of Corporate Services to establish his view of those areas where independent assurance would be welcomed.

3.3 Where it is known that assurance will be provided from another body, (for example, His Majesty's Inspectorate of Constabulary and Fire and Rescue Services, or the external auditors), the Internal Audit Service will not duplicate work but will take it into account if it is relevant to the overall opinion on governance, risk management and control.

4 Degrees of assurance

4.1 For 2024/25 we will continue to categorise our assurance levels, using the following definitions:

Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall.

Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout.

Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk.

No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives.

5 Deployment of audit resources

5.1 The plan is stated in terms of days input, which represents our best estimate of the way in which the audit resources will be deployed. The plan itself should however be viewed as a fluid document, with the specific content of individual reviews being subject to revision if required following the more detailed scoping meetings held with client management teams prior to formal commencement of individual audit reviews.

5.2 The content and outline scope of each audit within the plan, as well as an estimate of the number of audit days considered appropriate, is provided in the table below:

Audit review	Outline audit scope	Days
Governance and business effectiveness
Overall governance, risk management and control arrangements	In addition to the direct assurance gained from the individual audit assignments listed below, we will additionally gain assurance as follows: · We will consider the robustness of the risk management arrangements from our involvement and attendance at the meetings of the Audit Committee. · We will obtain assurance regarding the adequacy of governance arrangements, through our review of the minutes of key operational and decision-making boards across Lancashire Fire and Rescue Service (LFRS).	3
Service delivery and support
Cyber Security	To determine the adequacy and effectiveness of the overall governance arrangements for Cyber Security including Business Resilience and Business Continuity.	15
Implementation of learning from National Incidents	Determine if the authority adequately responds and effectively embeds change that is a result of national incidents.	15
Business processes
Accounts payable	The audit will consider whether there are adequate and effective controls in place to ensure: · Compliance with financial regulations and the scheme of delegation. · Processes employed for the ordering, receipting and payment of goods and services are appropriate and efficient. · Inaccurate, illegitimate, or duplicate orders/ invoices are not processed and paid.	9
Accounts receivable	The audit will consider whether there are adequate and effective controls in place to ensure: · Invoices are raised on a timely basis for all goods and services provided. · Invoices are cancelled or written off appropriately. · Income is correctly accounted for. · Debtors are actively managed so as to reduce the level of bad debts and loss of income.	9
General ledger	The audit will consider whether there are adequate and effective controls in place to ensure: · Access to the accounting systems is appropriately managed and controlled. · There are no unauthorised changes to the accounting records. · Financial data is complete, timely and accurate. · Misappropriations or errors are detected.	6
Follow up audit activity
· The reviews will incorporate a self-assessment by management of the progress made in implementing agreed actions; and · Selective test checking of controls introduced to address identified unmitigated risk.		2
Other components of the audit plan
Management activity	· Attendance at meetings of the Audit Committee. · Production of the annual audit plan. · Preparation of the Audit Committee monitoring reports. · Preparation of the annual report of the Head of Internal Audit. · Pension Assurance.	10
National Fraud Initiative	· Support to Lancashire Combined Fire Authority (LCFA) with the NFI data matching process as required.	1
Approved days		70

Addendum 1

Proposed Fees

				Proposed Charges
Audit Review	Audit days	Auditor Days	Audit Manager Days	Auditor/ Senior Charges	Audit Manager Charges	Total Charges
Cyber Security	15	12	3	£4,560.00	£1,350.00	£5,910.00
Implementation of learning from National Incidents	15	12	3	£4,560.00	£1,350.00	£5,910.00
Accounts payable	9	7.2	1.8	£2,736.00	£810.00	£3,546.00
Accounts receivable	9	7.2	1.8	£2,736.00	£810.00	£3,546.00
General ledger	6	4.8	1.2	£1,824.00	£540.00	£2,364.00
Follow up activity	2	1.8	0.2	£684.00	£90.00	£774.00
Overall governance, risk management and control arrangements	3	0	3	£0.00	£1,350.00	£1,350.00
Management activity	10	0	10	£0.00	£4,500.00	£4,500.00
National Fraud Initiative	1	1	0	£380.00	£0.00	£380.00
Total	70	46	24	£17,480.00	£10,800.00	£28,280.00