Language selection

Government of Canada / Gouvernement du Canada

Search

Audit of Integrated Planning and Risk Management

Executive summary

Integrated planning is an important building block in continuously improving and building the capacity of the Public Service to deliver services to Canadians. Corporate Planning and Management Directorate (CPMD), Strategic Policy and Research Branch (SPRB), has the mandate to contribute to and support departmental managers through its leadership in areas such as integrated business planning and priority-setting, management accountability initiatives, performance measurement and integrated risk management. Planning personnel in each branch are responsible for supporting their respective organizations and the departmental planning cycles. Service Management Branch (SMB), Business Planning and Governance Unit leads Service Canada’s integrated corporate priority-setting, planning and governance activities.

Audit objective

The objective of this engagement was to provide assurance that the integrated planning and risk management processes are timely Footnote 1 , useful Footnote 2 , and cost effective Footnote 3 to develop multi-year risk-based Integrated Business Plans (IBP).

Summary of key findings

  • There is confusion over the use of the word ‘priority’. There is consensus that mandated work has first call on branch resources but this is not characterized as a priority in the context of corporate-level discussions or reporting about the annual plans.
  • The branches with a mature planning culture have developed tools and processes to help in the creation of risk-based plans. Multi-year planning was not required in the guidance for plans created for fiscal year 2012–13 although some branch plans had elements of multiyear planning.
  • The guidance from CPMD is used by planning staff in all branches to respond to requests for input to corporate planning processes. The guidance and templates examined asked for information that was limited to the branch itself. Information provided to CPMD was only in relation to established departmental priorities.
  • Requests for information often have tight timelines which can affect the quality of the information received.
  • Enabling services do not consistently participate in planning at the branch level.

Audit conclusion

The audit team concludes that the processes in place for 2012–13 did not facilitate the preparation of fully integrated multi-year business plans. However, there is a foundation of good guidance and good practices scattered through the Department which can be built upon.

Risk information is created at many levels but is not always available to the right level of management to inform risk-based decision making. Multi-year plans were prepared by some branches for the 2012–13 fiscal year but guidance for that year did not require multi-year plans.

The planning and risk management processes used by branches are useful for managing the core mandate of the Department assigned to that branch. There are opportunities to improve the timeliness of the process at all levels and to improve the completeness of risk information provided to senior management through CPMD. The cost effectiveness of the process can be improved by clarifying expectations and minimizing the amount of rework.

The improvements recommended will not be a quick fix. The branches with the most mature planning and risk management cultures began to develop their tools more than six years ago and did not see any marked improvement until the ground work was finished three years later.

Recommendations

The Senior Assistant Deputy Minister (SADM) SPRB should, in consultation with:

  • The various departmental planning networks, develop a common department-wide planning process to produce multi-year integrated business plans that links to standardized calendars, tools, risk registers, templates and guidance.
  • The Assistant Deputy Ministers (ADMs) responsible for enabling services, develop a protocol for these services to be integrated into each branch’s business planning cycle to facilitate a greater understanding of the Department’s core business.

1.0 Background

1.1 Context

Integrated planning is an important building block in continuously improving and building the capacity of the Public Service to deliver services to Canadians. Integrated, formalized and rigorous planning can mitigate risks associated with an aging workforce, tight labour markets, technological change, and so on. Integrated planning can help identify optimal strategies and activities for such important human resources (HR) management components as recruitment, retention, learning, development, employee engagement, promotion, succession, employment equity and official languages.

Note: Guidance on business planning and HR planning

In 2008, Treasury Board Secretariat (TBS) issued guidance outlining a five step process to integrate business planning with HR planning.

CPMD has the mandate to contribute to and support departmental managers through its leadership in areas such as integrated business planning and priority-setting, management accountability initiatives, performance measurement and integrated risk management. CPMD also serves as a focal point for the departmental planning community, information sharing and providing guidance.

Note: Business planning and risk management process

In 2009, TBS outlined the responsibilities of deputy heads with respect to compliance with government rules while encouraging innovation and informed risk-taking to achieve results.

Planning personnel in each branch are responsible for supporting their respective organizations and the departmental planning cycles. In accordance with the guidance provided by CPMD, they ensure the effective implementation and coordination of the business planning and risk management process.

SMB coordinates the integrated planning process for Service Canada. The Business Planning and Governance Unit leads Service Canada’s integrated corporate priority-setting, planning and governance activities. Their work involves coordinating and developing Service Canada’s input to the departmental planning activities.

1.2 Audit objective

The objective of this engagement was to provide assurance that the integrated planning and risk management processes are timely Footnote 4 , useful Footnote 5 , and cost effective Footnote 6 to develop multi-year risk-based IBP.

1.3 Scope

The scope of this audit included the processes and controls related to the development of the Corporate Risk Profile (CRP), IBP and related products for the latest completed planning cycle, which was fiscal year 2012–13. Guidance for 2013–14 was also examined. The integrated planning process includes the following components: resource planning, HR planning, risk management and performance measurement. The audit only confirmed the existence of performance measures. The audit did not examine the processes used to define the Program Alignment Architecture or the Performance Measurement Framework.

1.4 Methodology

This audit used a number of methodologies including document review and interviews. Representatives from Income Security and Social Development Branch (ISSDB), Innovation, Information and Technology Branch (IITB), SPRB, Citizen Service Branch, Integrity Services Branch (ISB), SMB and Ontario and Quebec regions were interviewed in order to have a comprehensive view of the operational environment. Travel to regional offices located in Toronto and Montreal took place in October 2013.

2.0 Audit findings

Planning is a management process to define goals for the organization's future direction and to allocate the tasks and resources needed to achieve those goals. In the context of the Department, much of our direction is established by Parliament and answers the question “What are our goals?”. This still leaves the Department significant latitude in planning for how to achieve those goals in both the short term and the long term.

Keeping those goals in mind, integrated business planning is a continuous exercise to deliver quality services to clients on time at the lowest cost in an environment that seeks continual improvement. Rigorous risk management permits managers at all levels to make informed decisions when choosing among competing priorities and investment opportunities.

2.1 A single comprehensive department-wide planning process needs to be established

The various framework documents published by the TBS indicate that there are five phases to integrated business planning with risk management principles built into the entire cycle. The phases are:

  • Validation of business objectives or mandate
  • Environmental scan, including re-assessment of current tools, practices and guidance
  • Identification and analysis of risks to the accomplishment of business objectives
  • Development of detailed plans to accomplish work, mitigate known risks and set priorities
  • Establishing performance measures to enable management for success

It is important to note that management owns the plans that result from an integrated business planning and risk management process. Planners and planning networks provide guidance and support and can improve the quality of risk information by challenging assumptions and facilitating rigorous risk analysis. However, the usefulness of any plan is decided by the manager and business unit that execute it.

Mandated responsibilities

At the branch level, mandated responsibilities were fully taken into account. These mandated responsibilities are called ‘activities’, ‘run’, or ‘responsibilities’ by the managers interviewed by the audit team. For the period under audit, CPMD did not ask branches to report on plans against mandated activities, although key performance indicators and targets were incorporated into both the Report on Plans and Priorities (RPP) and the Departmental Performance Report (DPR). Both the RPP and DPR contain multi-year elements but the RPP focus is on the current fiscal year.

At the corporate level, information collected was primarily aimed at informing the priorities for investment decisions or to draft the Department’s response to Government of Canada priorities.

Risk analysis and identification

Branches, with varying degrees of rigour, perform an environmental scan and risk analysis exercise. Departmental and government priorities also provide lenses for examining risks in a different fashion. Branches with well-established sources of risk information treat this phase of the process as a validation exercise and a way to brainstorm and identify emerging risks. Branches that are lower on the maturity model informed the audit team that they often feel that the risk analysis phase of the process is rushed.

The output from the risk analysis phase becomes the Branch Risk Register. Some branches have an evergreen process to document the risks for validation in the next iteration. The majority of the branches examined start fresh each year, treating each phase of the planning cycle as a stand-alone event rather than the next phase in a continuous cycle.

Branch registers form the basis of the risk information used in the development of the CRP. The risk information reported to CPMD is a limited set of key risks that apply only to the risks under that branch’s control. The relative ranking of the risks were self-identified by the branch in relation to corporate priorities. Risks relating to on-going business or to dependencies on other stakeholders were incompletely reported to senior management through this process.

Templates provided to branches focussed on reporting risks under their control. The templates and associated guidance did not provide a formal opportunity to discuss known risks posed by dependencies on enabling services. Therefore, there is an opportunity to improve the identification of horizontal risks. Such gaps in risk knowledge at the corporate level could result in poor recommendations or significant delays in taking decisions due to last minute objections or requests for clarification made at the corporate planning tables.

Call letters from CPMD for the corporate risk register process often contained quick turnaround times. Several managers interviewed were not comfortable with their ability to provide robust, reliable risk analysis in the times allowed. These timelines were further compressed for branches operating under the Service Canada umbrella. To mitigate this deadline pressure, CPMD and the SMB have made concerted efforts to provide advance warning through the various planning networks prior to the issuance of the official request. Despite this, the highest performing branches informed the audit team that the timelines were still very tight and CPMD and SMB confirmed that deadlines were frequently not respected. Clearer expectations and guidance would be useful.

Enterprise risk management in a high performing organization requires detailed information about business objectives and risks to achieving those objectives. The business intelligence gathered by the Department during the strategic and operating review initiated by Budget 2011 could provide a good foundation for a detailed corporate-wide risk register.

Priorities

The third phase of the integrated planning cycle is where management sets priorities and allocates resources to various activities and investments. It is during this phase that the Business Planning Tables (BPTs) and other formal committees discussed resource allocation to the various activities within the Department. We were informed that the BPTs were primarily concerned with planning for departmental priorities.

We were also informed that ‘priorities’ are the transformational initiatives and improvement projects identified by the government and senior management of the Department. However, all branches developed their plans with delivery of core and mandated services as their highest priority. Only Ontario Region included ‘Service to Canadians’ as a formal priority in their plan.

At the branch level, planning was focussed on achieving core and mandated service objectives while preserving enough free resources to implement the improvement projects that address the government and departmental priorities. At the corporate level, the focus was on deciding which of the many recommended improvement projects and investment opportunities were worth funding and which ones must be funded to address government-wide priorities.

Most of the information collected by CPMD was designed to help senior management make informed decisions about investment priorities. This shift of focus from the branch level to the corporate level can be confusing for middle managers and front line staff. Service delivery personnel are proud of the work they do to serve Canadians and found it difficult to connect their service delivery priorities with the priorities enumerated in the RPP.

Resource allocation

The Department allocates resources to accomplish its routine work in advance of the fiscal year start. However, resource allocation for priority improvement projects is often not completed prior to the beginning of the fiscal year. The audit team was informed that this has affected the start date of projects and activities related to discretionary funding.

The available guidance from CPMD addresses priority setting and resource allocation in a comprehensive way.

Performance measures

The last phase of the planning exercise is to establish or confirm performance measures so that managers can monitor performance against business objectives and make course corrections. All managers confirmed the existence of performance measures against business objectives and indicated those measures were embedded in their performance management agreements.

2.2 User-friendly guidance for managers is needed

Planning calendar

At the time of the audit the standard planning calendar was not used by departmental managers. Several branches have developed detailed planning calendars with reference to available guidance for each phase or step in the planning cycle. A frequent suggestion for improvement from managers interviewed was for a planning calendar that takes lead times for approval and the potential for rework into account.

Deadlines for corporate reports to Treasury Board and Parliament are consistent from year to year but details of the content change. In order to meet the deadlines, branches either create their own planning calendar and tools or wait until the official requests arrive from CPMD or SMB. Where there are established tools, branches can, with minimal effort, rework existing material to satisfy the request. In branches without established tools, material is prepared quickly and is often returned to the affected branch by SMB or CPMD for rework and clarification. In either case, the resource cost of preparing the plan increases.

Harmonization of the planning cycles and information requests was suggested as a way to reduce the effort needed to respond to multiple planning requests. The current calendars and templates are not fully synchronized and extra work is required to provide information in different formats and to confirm that available information is sufficient or to compile the additional information requested.

Ontario Region has a stable predetermined planning cycle with a detailed calendar showing start and finish dates. Each section of the calendar has a brief description of the activity or report to be completed along with a pointer to guidance relating to that step or phase. This calendar could be used as a model for a corporate calendar.

Recommendations

The SADM SPRB should, in consultation with the various departmental planning networks, develop a common department-wide planning process to produce multi-year integrated business plans that links to standardized calendars, tools, risk registers, templates and guidance.

Management response

Management agrees. SPRB will develop a common department-wide planning process, in consultation with the various branches, that will produce multi-year integrated business plans. Once this planning process has been developed, SPRB will prepare an implementation plan for this process that will be presented to the Corporate Management Committee for approval to ensure related accountabilities for implementing this integrated process are clear and supported.

SPRB will also lead, in consultation with the departmental planning community, the development of an on-line planning process map that will contain links to required calendars, tools, risk registers, templates and other guidance. The estimated completion date for implementation is June 2014 with a formal review to be completed by September 2015.

Corporate planning and branch planning

The audit team found that the guidance provided by CPMD for 2012–13 was not complete enough to be useful to managers in the branches examined. The expected results of the corporate planning process for that year were twofold: identification of projects for continuous improvement, which was business as usual, and responding to the Treasury Board’s deficit reduction initiatives, which was not. With respect to the planning process, CPMD issued formal guidance and requests for information only in relation to continuous improvement and investment projects. Plans produced using only that guidance would not have been useful for managing the business units. Additionally, the plan requested was not multi-year in nature.

The guidance issued for 2012–13 was considered good advice by the planning network. Managers, however, needed to plan for their mandated activities before proposing projects that would address known areas for improvement or established Government priorities. Five of the eight branches examined during the audit established processes to supplement the 2012–13 CPMD guidance, such as additional tools and templates to create comprehensive branch plans. The three remaining branches used the CPMD guidance and templates only to respond to corporate calls for information. These branches had planning processes that, in the audit team’s opinion, were ad hoc in nature.

CPMD updated its planning guidance for fiscal year 2013–14. This guidance was well received by the various planning networks. Planning staff interviewed were satisfied but line managers found that the guidance was not structured in a useful manner. Most managers interviewed obtained their guidance and information from working sessions at the branch level. Responsibility Centre (RC) managers understood their responsibilities with respect to their own RC but did not always connect their planning role with the branch or corporate planning cycle.

The guidance issued by CPMD for 2013–14 did not include an explicit validation of mandate as a separate step. Risk assessment is described as part of the environmental scan but is not highlighted as a key step. CPMD’s guidance correctly recognizes that plans are intended to be used by managers to assist them in accomplishing assigned responsibilities and that managers must be held accountable for the planned work by reporting performance against the plans.

Planning tools

Planning tools are primarily developed and used at the branch level. ISSDB Integrated Planning Assistant has been used to good effect for a number of years and its use is being expanded to other branches. Proposals have been made by CPMD to develop or obtain database solutions for a detailed corporate risk register.

Training

The audit team was informed that all Executives are introduced to planning, risk management and performance measurement in the standard courses. However, there is no mandated supplementary training for managers or planning support staff. When asked about available training there were no consistent recommendations from those interviewed.

2.3 Enabling services need to be fully integrated into the planning cycle

The Department has a number of branches (Chief Financial Officer Branch (CFOB), Human Resources Services Branch (HRSB), IITB, and ISB) that enable program delivery. These enabling services touch on all programs that the Department delivers to Canadians. This support is available to managers on request throughout the planning process.

Horizontal integration of the Department’s enabling services is not present throughout the planning cycle. We were informed that CFOB personnel routinely join the planning process at the resource allocation and forecasting phase. Other enabling services only participate when invited to provide particular expertise and most managers do not think to invite them. Enablers, therefore, are not present during the phases of the planning cycle where their clients’ mandate is validated, the environmental scan is conducted, and the risks to the business objectives are assessed. The first chance that the enablers have to comment constructively on branch plans is at the BPTs.

The exception to this is Ontario Region. Representatives of all enabling services are present during all phases of the planning cycle. While this benefits line managers in Ontario Region, it provides a greater benefit to the enabling services. By being present as part of the extended management team, the enabling services acquire a greater understanding of the business of the region, which they can then use to refine their own plans. They can also contribute to and influence the design of various transformational initiatives, bringing their expertise to bear on problems facing the management team and providing a different lens through which to view the problems or challenges.

Some branches have worked around this by ensuring that the planning support team has expertise in finance, HR or information technology. This benefits only the branch in question unless the individual in that support role has good networks with the related enabling services.

Enabling branches are the best positioned to examine and identify horizontal risks within the Department. The current practice of providing services and advice on request does not facilitate the identification of horizontal risks leading to inconsistent integration of risk information into decision making at both the branch and corporate level.

Recommendations

The SADM SPRB should, in consultation with ADMs responsible for enabling services, develop a protocol for these services to be integrated into each branch’s business planning cycle to facilitate a greater understanding of the Department’s core business.

Management response

Management agrees. SPRB will modify business planning guidelines to more explicitly identify the requirement to involve enabling areas such as CFOB, IITB, HRSB and ISB in branch and regional business planning processes, and to ensure that required support from these areas and associated risks regarding this support are reflected in branch and regional business plans. The planning schedule will also be modified to allow time for enabling services, as appropriate, to review support requirements within business plans, prior to final ADM and Executive Heads Service Management approval. The estimated completion date is December 2014.

3.0 Conclusion

The audit team concludes that the processes in place for 2012–13 did not facilitate the preparation of fully integrated multi-year business plans. However, there is a foundation of good guidance and good practices scattered through the Department which can be built upon.

Risk information is created at many levels but is not always available to the right level of management to inform risk-based decision making. Multi-year plans were prepared by some branches for the 2012–13 fiscal year but guidance for that year did not require multi-year plans.

The planning and risk management processes used by branches are useful for managing the core mandate of the Department assigned to that branch. There are opportunities to improve the timeliness of the process at all levels and to improve the completeness of risk information provided to senior management through CPMD. The cost effectiveness of the process can be improved by clarifying expectations and minimizing the amount of rework.

The improvements recommended will not be a quick fix. The branches with the most mature planning and risk management cultures began to develop their tools more than six years ago and did not see any marked improvement until the ground work was finished three years later.

4.0 Statement of assurance

In our professional judgement, sufficient and appropriate audit procedures were performed and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on observations and analyses at the time of our audit. The conclusions are applicable only for the assessment of integrated planning and risk management processes. The evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing.

Appendix A: Audit criteria assessment

Audit Criteria Rating
It is expected that: National Headquarters Branches Regions Corporate Planners Overall
Roles and responsibilities, guidelines and timeframes have been established and communicated to managers Footnote 7 involved in the integrated planning exercise. Controlled, but should be strengthened, medium risk exposure Controlled, but should be strengthened, medium risk exposure Sufficiently controlled, low risk exposure Controlled, but should be strengthened, medium risk exposure
Managers use risk and resource information gathered through the integrated planning exercise to establish or confirm their respective unit priorities, to set performance expectations and to mitigate risks. Sufficiently controlled, low risk exposure Sufficiently controlled, low risk exposure Controlled, but should be strengthened, medium risk exposure Controlled, but should be strengthened, medium risk exposure
Processes for the integrated planning exercise are designed to maximize the usefulness of the resulting plan and to minimize rework and redundancy. Controlled, but should be strengthened, medium risk exposure Controlled, but should be strengthened, medium risk exposure Controlled, but should be strengthened, medium risk exposure Controlled, but should be strengthened, medium risk exposure
Planning staff provides coordination, tools and training to managers. Sufficiently controlled, low risk exposure Sufficiently controlled, low risk exposure Sufficiently controlled, low risk exposure Sufficiently controlled, low risk exposure

Appendix B: Glossary

ADMs
Assistant Deputy Ministers
BPTs
Business Planning Tables
CFOB
Chief Financial Officer Branch
CPMD
Corporate Planning and Management Directorate
CRP
Corporate Risk Profile
DPR
Departmental Performance Report
HR
Human Resources
HRSB
Human Resources Services Branch
IBP
Integrated Business Plan
IITB
Innovation, Information and Technology Branch
ISB
Integrity Services Branch
ISSDB
Income Security and Social Development Branch
RC
Responsibility Centre
RPP
Report on Plans and Priorities
SADM
Senior Assistant Deputy Minister
SMB
Service Management Branch
SPRB
Strategic Policy and Research Branch
TBS
Treasury Board Secretariat

Page details

Date modified: