1 Purpose of this report

1.1 The Internal Audit Plan for 2024/25 was approved by the Audit Committee in March 2024. This report details the progress to date in undertaking the agreed coverage.

2 Internal audit work undertaken

2.1 Work carried out during the period 1 April 2024 to 6 September 2024 was in accordance with the agreed audit plan. To date, 14 days have been spent this financial year on completing the 2024/25 plan, equating to 20% of the total planned audit activity of 70 days. The table below shows the current status of all audit work.

Use of this report

2.2 This report has been prepared solely for the use of the Lancashire Combined Fire Authority, and it would therefore not be appropriate for it or extracts from it to be made available to third parties other than the external auditors. We accept no responsibility to any third party who may receive this report, in whole or in part, for any reliance that they may place on it. In particular, we expect the external auditors to determine for themselves the extent to which they choose to utilise our work.

Audit review	Audit days			Status	Assurance Opinion
Audit review	Planned	Actual	Variation	Status	Assurance Opinion
Governance and business effectiveness
Overall governance, risk management and control arrangements	3	1	2	Ongoing
Service delivery and support
Cyber security	15	0	15	Not started	N/A
Implementation of learning from national incidents	15	8	7	Progressing: Scope agreed and testing started	N/A
Business processes
Accounts payable	9	0	9	Not started	N/A
Accounts receivable	9	0	9	Not started	N/A
General ledger	6	0	6	Not started	N/A
Follow up audit activity
District Planning Activity	2	1.5	0.5	Final	N/A
Other components of the audit plan
Management activity	10	3	7	Ongoing
National Fraud Initiative	1	0.5	0.5	Ongoing
Total	70	14	56

3 Extracts from AuditReports

3.1 Extracts of assurance summaries are shown below

District Planning Activity: Follow Up

		Status of agreed actions
Original audit assurance rating		Extreme	High	Medium	Low
˜ Limited See Appendix A for Rating Definitions	Number of actions
	Implemented	-	2	2	-
	Superseded	-	-	-	-
	Progressing	-	-	-	-
	Not implemented	-	-	-	-
The Lancashire Fire and Rescue Service (LFRS) has successfully implemented the Service Order 03 – Performance Management Policy and the District Plan Compilation Guide. These documents provide a comprehensive framework for effectively managing district plans. The Annual Service Plan and the Risk Management Plan have been updated to include detailed processes for populating and delivering district plans, as well as a thorough approach to identifying district risks. Modifications to the district plans have resulted in a more comprehensive strategy, outlining the identification of risks and the measures LFRS intends to take to mitigate them. Each risk is accompanied by a clear narrative describing the actions to be taken to reduce it. The review of the 2024-25 district plans indicates that intelligence profiling and district plan completion are now conducted in a timely fashion, ensuring that the information they contain is both accurate and current. Furthermore, the District Quarterly Performance Report and the Measuring Progress Reports (Quarterly) are now effectively integrated with the district plans. LFRS engages in detailed analysis during intelligence profiling and the development of district plans, reviewing patterns and changes from previous years. This analysis supports continuous improvement and the making of strategic decisions that are relevant and tailored to the needs of the district. The result is a set of district plans that are not only relevant and up-to-date but also accurately reflect the specific requirements of the district.

Audit assurance levels and residual risks Appendix 1

Note that our assurance may address the adequacy of the control framework's design, the effectiveness of the controls in operation, or both. The wording below addresses all of these options and we will refer in our reports to the assurance applicable to the scope of the work we have undertaken.

˜ Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall.

˜ Moderate assurance: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout.

˜ Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk.

˜ No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives.

Classification of residual risks requiring management action

All actions agreed with management are stated in terms of the residual risk they are designed to mitigate.

Extreme residual risk: critical and urgent in that failure to address the risk could lead to one or more of the following: catastrophic loss of the LRFS services, loss of life, significant environmental damage or significant financial loss, with related national press coverage and substantial damage to the LRFS reputation. Remedial action must be taken immediately.

High residual risk: critical in that failure to address the issue or progress the work would lead to one or more of the following: failure to achieve organisational objectives, significant disruption to the LRFS business or to users of its services, significant financial loss, inefficient use of resources, failure to comply with law or regulations, or damage to the LRFS reputation. Remedial action must be taken urgently.

Medium residual risk: failure to address the issue or progress the work could impact on operational objectives and should be of concern to senior management. Prompt specific action should be taken.

Low residual risk: matters that individually have no major impact on achieving the service's objectives, but when combined with others could give cause for concern. Specific remedial action is desirable.