Archived: Integrated Risk-Based Audit and Evaluation Plan 2015-2016: chapter 6

Fraud Risk Assessment and Governance Review

The objectives of this project are to:

• Review the fraud governance and management framework regarding the prevention, detection, investigation, response and reporting of fraud; and
• Conduct a high level Fraud Risk Assessment.

Risks or Considerations: Recommended under the TBS Guidance and IIA Standards. New departmental Policy on Administrative Investigations. Recommended by Internal Audit Practice Inspection.

EC Priority: Management Priority

MAF Elements: Public Service Values, Financial and Asset Management

Review and Benchmarking of Privacy Management

The objectives of this review are to determine:

• if the management framework and key management processes over EC’s privacy information are in place; and
• through a benchmarking exercise if EC key selected privacy processes are comparable to selected OGDs, and if EC applies best practices.

Risks or Considerations: Importance and related risks of protecting personal information. Issue of concern to senior management (requested by previous DM).

EC Priority: Management Priority

MAF Element: People Management

Audit of External Reporting on Performance

The overall objective of the audit is to determine whether the department’s external reporting on performance, in selected areas, is of acceptable quality, through implementation of appropriate governance and other relevant processes and procedures.

Risks or Considerations: Challenges of performance indicators and multiple reporting vehicles, including results of program evaluations. Recent and expected changes in performance reporting. Consistency and quality of performance information collected and reported.

EC Priorities: Cuts across all priorities

MAF Element: Results and Accountability

Review of Information Technology Security -

Project part of the OCG Horizontal Audit on IT Security

The objectives of the review are to assess:

• whether the governance framework over IT security of unclassified government network is in place within EC; and
• if EC has established a control framework for its unclassified government network to ensure that key mitigation measures are in place (CSEC Top 35 Mitigation Measures - Guidance for the Government of Canada).

Risks or Considerations: New Shared Services Canada delivery model and challenges of meeting shared responsibilities.

Opportunity to coordinate our audit work with SSC. Increasing cyber threats and risks.

EC Priority: Management Priority

MAF Element: Governance and Strategic Management

System Under Development Review of the Departmental Financial System Renewal Project

This project will be a system under development review of the implementation of the SAP financial system, configuration management, as well as business process re-engineering.
The overall objective of this SUD Review is to assess the appropriateness of the project management approach used to ensure a successful implementation of SAP.

Risks or Considerations: Major systems and business processes changes underway. Major multi-year project involving high level of resources (investment). Likely impact on key financial business processes and operations.

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit of the Management and Delivery of Procurement

The objectives of this audit are to :

• Determine if procurement activities and the management framework in support of the departmental operational needs are efficient; and
• Provide assurance that procurement transactions are in compliance with Government of Canada requirements, departmental and central agency policies and guidelines.

Risks or Considerations: Procurement challenges raised consistently through RBAEP consultations, and previously at EMC. Significant spending through procurement (20% of EC’s budget). Recent significant changes (service standards, e-requisition, reorganization).

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit of Regulation Making (World Class Regulator)

The objective of this audit is to provide assurance on whether EC effectively manages the timely development, amendment and monitoring of the regulatory instruments required to meet its mandate.

Risks or Considerations: World Class Regulator is a key initiative for EC. Regulation development integral to many programs. Initiative crosses many programs. Efficiency of process concerns raised through consultations. Client based request and current DM interest.

EC Priority: Clean, Safe, Sustainable Environment

MAF Element: Management of Policy and Program

Audit of Vote Netted Revenue (VNR)

The objectives of this project are to review the management of the vote netted revenues. The initial scope will include all accounting and financial aspects of VNR (both VNR expenses and revenues), as well as the related revenue agreements.

Risks or Considerations: Concerns raised through consultations and at EMC. Increasing complexity and importance of VNR transactions. Link to external dependencies and collaborations. Related CESD concerns in past audits.

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit of Staffing and Classification

(Planned audit collaboration with PSC) The objectives of this audit are to ensure that the staffing and classification functions are well managed; that they are executed in an efficient manner; and that proper internal controls are in place to ensure compliance with acts, regulations and policies. Will also include a follow-up on the previous PSC audit.

Risks or Considerations: Past PSC audit identified issues. Recent changes to departmental service standard, and reorganization. Concerns raised by senior managers during consultations on associated workload and efficiency. MAF 2013-14 assessment identified that attention is required for staffing. Previously deferred to accommodate HR.

EC Priority: Management Priority

MAF Element: People

Governance Framework Review

The objective of the project is to assess the adequacy of EC's corporate governance framework (structure, processes and information) necessary for coordinating activities and programs, and implementing strategic directions.

Risks or Considerations: TB Policy audit requirement to assess the effectiveness of governance on a periodic basis. EC’s new Governance model came into effect in 2012 and recently revised by the DM. Project previously deferred. Project subject to DM’s advice and consultation. Internal and external interdependencies.

EC Priority: Management Priority

MAF Element: Governance and Strategic Management

Audit of Expenditure Management and Controls

The objectives of this audit are to determine the extent to which key processes and controls pertaining to expenditures comply with TB policies and EC requirements, and assess the effectiveness of the expenditure management control framework.

Risks or Considerations: Review of core controls is central to TBS requirements (e.g. FAA Section 33 & 34). Impact of SAP implementation and associated business processes. External reporting implications (e.g. financial statements, DPR). Various expenditure policy compliance requirements (e.g. travel, hospitality, events). Review and analysis of IT expenditure patterns requested by client.

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit or Review of Emergency and Business Continuity Planning (Planned participation in OCG related horizontal audit)

This project will assess EC’s framework, management and information pertaining to emergency and business continuity planning.

Risks or Considerations: Revised Strategic Emergency Management Plan. Restructuring of the Environmental Emergencies Program. Business continuity planning raised through consultations. Heightened security in the context of recent events.

EC Priorities: All priorities

MAF Elements: Management of Policy and Programs, Financial and Asset Management

Audit of Aboriginal Land Claim Agreements*

The objective of this audit is to provide assurance on how EC is tracking and managing and complying with its various obligations related to numerous land claims agreements

Risks or Considerations: Issues raised through planning discussions with respect to EC obligations. Compliance risks previously raised at EMC. Current related OAG audit.

EC Priorities: Clean, Safe, Sustainable Environment

MAF Element: Results and Accountability

Audit of International Environmental Agreements

The objective of this audit is to provide assurance on the management and compliance of a selected number of agreements (of greater risk). The project will also focus on the domestic implementation of programs and measures related to selected agreements and the results achieved.

Risks or Considerations: Two past CESD Audits on international environmental agreements (2004 and 2008), and possible CESD re-audit. High and increasing volume of agreements, and diverse responsibilities for management of agreements.

EC Priorities: Clean, Safe, Sustainable Environment

MAF Element: Results and Accountability

Review of Integrated Planning/Operational Planning

The objective of this project is to provide assurance on the processes and systems in place for operational planning, including how planning is integrated between branches and between enablers, and to identify best practices.

Risks or Considerations: Integrated Planning has been a PS Renewal priority. Past attempts at integrated planning had challenges. CESD concerns about operational planning (e.g. Audit of Environmental Science). Also identified as an issue through planning consultations. Diverse interpretations of integrated planning.

EC Priority: Management Priority

MAF Element: Governance and Strategic Management

Audit of Pay and Benefits

The government of Canada has centralised its pay system, and consolidated pay administration under PWGSC (Miramichi). EC shares responsibility for the administration for pay and benefits, and the audit will provide assurance that EC processes and controls contribute to the effective and efficient management and delivery of pay and benefits, in the context of new business and shared responsibilities.

Risks or Considerations: New Government-wide compensation system and consolidation. Related concerns raised regarding HR data management, and current issues with pay/benefit operations. Possible impact of pay consolidation on related business processes and authorities. Salaries are significant part of EC budget.

EC Priority: Management Priority

MAF Elements: People; Financial and Asset Management

Audit of the Implementation of EC S&T Strategy and Plans

The objective of this project is to assess how the Science Strategy developed in 2013-14 is used and operationalized at EC. The audit will examine the planning, coordination and reporting of science activities, and their integration under the Science Strategy

Risks or Considerations: New Science and Technology (S&T) Strategy to be implemented in 2014-15, to be followed by more detailed plans. Consultations confirmed the key role of the Science Strategy in support/coordination of programs. CESD related concerns in the Audit of Environment Science. Science-based departments’ audit committee members interested in the coordination of science.

EC Priorities: Clean, Safe, Sustainable Environment

MAF Element: Management of Policy and Programs
Governance and Strategic Management

Audit of the Financial Management Framework *

The objective of this audit is to assess the current state and effectiveness of EC’s financial management framework. The audit may include an analysis of the roles and responsibilities, the effectiveness of the budgetary and commitments processes, and financial information and reports.

Risks or Considerations: Various concerns raised in consultations (e.g. related to long-term financial planning, B-base reliance and unfunded liabilities). Impacts of new system (SAP) on financial information and management. Increased importance of financial management in face of declining of resources.

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit of Inventory Management and Control*

The initial objective of this audit is to assess the adequacy and the effectiveness of controls in place over inventory, and the overall efficiency of the inventory management process in SAP environment.

Risks or Considerations: Inventory control issues raised through consultations. Likely impacts on inventory management due to SAP implementation. Implementation of Asset Lifecycle Management. Decentralized responsibility for inventory and related expenditures (e.g., credit card purchases).

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Audit of HR Planning and Management

The objective of this audit is to assess the overall effectiveness of the HR planning and management functions, including key controls and processes. The focus of the project is on examining how EC managers ensure effective HR capacity and succession.

Risks or Considerations: HR capacity identified as a corporate risk. Various issues related to succession planning, recruitment and retention, particularly in a science-based department. Interest of science-based departments’ audit committee members.

EC Priority: Management Priority

MAF Element: People Management

Audit of Communications*

The objective of this audit is to assess EC compliance to the TB Communications Policy of the Government of Canada, related directives, and the effectiveness and efficiency of supporting processes and controls.

Risks or Considerations: Increasing demand and policy requirements. Compliance review request by client. Issues discussed pertaining to the overall communications strategy and internal coordination.

EC Priority: Management Priority

MAF Element: Management of Policy and Programs

Audit of Information Management

The implementation of the GCDocs system should allow the department to deal with longstanding records management issues. The objective of this audit is to assess the implementation of GCDocs and its effectiveness at improving records and information management.

Risks or Considerations: Information management overall identified as a risk area in the past. Lack of comprehensive records management system, and delayed implementation of GCDocs.

EC Priority: Management Priority

MAF Element: Information Management

Audit of Real Property and Accommodation

The objective of this audit is to assess the implementation of EC’s accommodation strategy, the effective rationalization of its properties and potential impact on departmental programs. Also to examine the effectiveness of the controls and framework over the management of accommodations.

Risks or Considerations: Current accommodations strategy with anticipated high level savings. Potential significant impacts on department-wide program delivery. High number of diverse EC properties, and responsibilities within EC.  Possible impacts of SAP implementation on capital asset budgeting and accounting.

EC Priority: Management Priority

MAF Element: Financial and Asset Management

Regional Roles and Responsibilities, and Management*

The objective of the audit is to assess the effectiveness of the regional management control frameworks for governance, communications and selected internal services.

Risks or Considerations: Various issues raised through consultations concerning the changing roles and responsibilities of regional management, and the governance and communication challenges in context of past reorganizations (e.g., reduction of 5 regions to 3). Complexity of regional files and delivery.

EC Priority: Clean, Safe, Sustainable Environment

MAF Element: Governance and Strategic Management

Internal Audit Follow-up

To periodically monitor the implementation of past recommendations and management action plans.

Quality Assurance

To maintain the internal audit quality assurance system and update audit tools and processes.