Appendix 1
Lancashire Combined Fire Authority
Internal Audit Service
Internal Audit Plan: 2025/26
1.1 Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation achieve its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
1.2 Responsibility for maintaining and reviewing the system of internal control and for implementing a system of governance and risk management rests with the Combined Fire Authority. However, the process by which the Annual Governance Statement is produced includes obtaining assurances on the effectiveness of key controls and Internal Audit provides one of the key sources of such assurance.
2.1 The primary aims of Internal Audit include:
· Enhancing Governance: Strengthening the effectiveness of governance processes.
· Risk Management: Evaluating and improving the effectiveness of risk management processes.
· Control Processes: Assessing and enhancing the effectiveness of control processes.
· Objective Assurance: Providing independent and objective assurance to the board and management.
· Advisory Services: Offering advice and insights to improve organisational operations and decision-making.
3.1 The annual plan was developed in compliance with the new Global Internal Audit Standards, which came into effect for UK Local Government on 1st April 2024. These standards guide the worldwide professional practice of Internal Auditing and serve as a basis for evaluating and elevating the quality of Internal Audit. These standards require that Internal Audit be delivered and developed in accordance with the Internal Audit charter. The charter is currently being reviewed to reflect the new audit standards. Developing an annual plan is crucial for several reasons, including:
· Strategic Alignment: It ensures that the Internal Audit activities are aligned with the organisation's strategic objectives and priorities. This alignment helps in focusing audit efforts on areas that are most critical to the organisation's success.
· Risk Management: An annual plan is developed based on a comprehensive risk assessment. This approach ensures that Internal Audit addresses the most significant risks facing the organisation, thereby enhancing risk management processes.
· Resource Allocation: It helps in the efficient allocation of Internal Audit resources. By planning ahead, the Internal Audit team can ensure that they have the necessary skills, tools, and time to effectively carry out their audits.
· Compliance and Standards: Developing an annual plan ensures compliance with professional standards, such as those set by the Institute of Internal Auditors (IIA). These standards require a risk-based approach to planning, which helps in maintaining the quality and effectiveness of Internal Audit.
· Stakeholder Expectations: It ensures that Internal Audit meets the expectations of key stakeholders, including the committee, senior management, and other relevant parties. By involving stakeholders in the planning process, Internal Audit can address their concerns and provide valuable insights.
3.2 By developing an annual plan, Internal Audit can systematically and effectively contribute to the governance, risk management, and control processes of the Lancashire Fire and Rescue Service, ultimately supporting the achievement of their organisational objectives.
4.1 When developing an annual audit plan, the Global Internal Audit Standards require:
· Risk-Based Approach: The Internal Audit plan must be based on an assessment of the organisation’s strategies, objectives, and risks. This assessment must be informed by the Chief Audit Executive’s (CAE) understanding of the organisation’s governance, risk management, and control processes.
· Alignment with Corporate Priorities: The Internal Audit plan must support the strategic objectives and success of the organisation and align with the expectations of the board, senior management, and other key stakeholders.
· Integrated Assurance: The Internal Audit plan should integrate assurance activities to ensure comprehensive coverage of the organisation’s risk landscape.
5.1 The Internal Audit annual plan is a critical tool for ensuring that Internal Audit effectively supports the organisation’s objectives. By adhering to the new Global Internal Audit Standards, the plan ensures a risk-based, strategically aligned approach that enhances governance, risk management, and control processes. Internal Audit focus should be proportionate and appropriately aligned.
5.2 The plan will remain fluid and subject to ongoing review and amendment, in consultation with senior management within the Lancashire Fire and Rescue Service, to ensure it continues to reflect the organisation's' needs and risks. Any significant amendments to the plan will be reported to the Audit Committee.
6.1 The planning and scheduling of audit activities will be coordinated with management. The detailed scoping of each audit will also be discussed and agreed to ensure that all relevant areas are covered comprehensively. The results of all audits will be communicated to the relevant management levels upon completion. Our audit team will provide an assessment and assurance level regarding the effectiveness and adequacy of the control framework in the audited area, based on our findings.
6.2 We will continue to support management by offering prioritised recommendations aimed at enhancing governance, risk management, and internal control frameworks. These recommendations, if implemented, will improve overall effectiveness and efficiency. They will be documented in an action plan and categorised into those that enhance governance and control, and those that improve efficiency and effectiveness.
6.3 Throughout the year, we will engage with senior management to provide updates on audit performance, significant findings, and to address any issues that may impact current and future audit plans.
6.4 We will also continue to explore and implement opportunities to enhance service delivery through the use of technology and remote information capture. This approach will help maximise the efficiency of audit resources and minimise the impact of audit activities on operational staff.
7.1 For 2025/26 we will categorise our assurance levels using one of the following four definitions: Please note that we have changed "moderate assurance" to "reasonable assurance" following feedback from clients. These assurance opinions are the most commonly used options in the industry.
|
Substantial assurance: the framework of control is adequately designed and/ or effectively operated overall. |
|
Reasonable: the framework of control is adequately designed and/ or effectively operated overall, but some action is required to enhance aspects of it and/ or ensure that it is effectively operated throughout. |
|
Limited assurance: there are some significant weaknesses in the design and/ or operation of the framework of control that put the achievement of its objectives at risk. |
|
No assurance: there are some fundamental weaknesses in the design and/ or operation of the framework of control that could result in failure to achieve its objectives. |
8.1 The content and outline scope of each audit within the proposed plan, as well as an estimate of the number of audit days considered appropriate, is provided in the table below. The plan amounts to a total resource of 70 audit days. To ensure that the fees charged reflect the resource costs incurred the auditor and manager will be charged at different rates. The daily rate for auditors will be £380 and audit managers £450.
8.2 The total approximate overall cost for the 2025/26 plan will be £28,266.
|
Outline audit scope |
Link to corporate priorities |
Audit Days |
|
||
|
Governance and business effectiveness |
|||||
|
Overall governance, risk management and control arrangements |
In addition to the direct assurance gained from the individual audit assignments listed below, we will additionally gain assurance as follows: · We will consider the robustness of the risk management arrangements from our involvement and attendance at the meetings of the Audit Committee. · We will obtain assurance regarding the adequacy of governance arrangements, through our review of the minutes of key operational and decision-making boards across LFRS. |
Responding to fires and other emergencies quickly and competently. |
3 |
||
|
Service delivery and support |
|||||
|
Risk Management |
Evaluate the controls in place to ensure the adequacy and effectiveness of risk management arrangements within the Lancashire Fire and Rescue Service. |
Preventing
fires and other emergencies from happening. |
12 |
||
|
Business Continuity |
Assess the adequacy and effectiveness of Business Continuity within the Lancashire Fire and Rescue Service, building on the work already undertaken in the Cyber Security Governance Audit. |
Preventing
fires and other emergencies from happening. |
10 |
||
|
Business Processes |
|||||
|
VAT |
Evaluate the controls in place for managing VAT, now that it has been brought in-house from Lancashire County Council. |
Delivering value for money in how we use our resources. |
8 |
||
|
Treasury Management |
Assess the controls in place for managing Treasury Management, following its transition in-house from Lancashire County Council. |
Delivering value for money in how we use our resources. |
10 |
||
|
Procurement |
Evaluate how Lancashire Fire and Rescue Service has implemented the new Public Procurement regulations. |
Delivering value for money in how we use our resources. |
12 |
||
|
Other aspects of the audit plan |
|||||
|
Follow up audits |
These reviews will comprise a self-assessment by management of the progress made in implementing agreed actions, and selective test checking of controls and review of documentary evidence. |
|
4 |
||
|
Audit programme management activity |
· Liaison with external audit. · Attendance at meetings and liaison. · Central reporting (annual and periodic progress); and · General management of the contract. |
10 |
|||
|
National Fraud Initiative |
Support to Lancashire Combined Fire Authority as required with the testing of data matches identified. |
1 |
|||
|
Plan Total |
|
|
70 |
||