Report of Internal Audit Committee to the Commissioners of the Public Service Commission for Calendar Year 2009

(February 2010)

Introduction

The Internal Audit Committee (IAC) of the Public Service Commission of Canada (PSC) is comprised of external members to provide the President with independent advice on matters relating to management controls and reporting of plans and results. As required by the Committee’s Terms of Reference, this report outlines Committee activities during the calendar year 2009.

Membership and meetings

The Committee was chaired by the President and has as its members: Dr. D. Adam and Messrs P. Boomgaardt and R. Little; in the absence of the President other members chaired the meetings on a rotating basis. A representative of the Office of the Auditor General (OAG) was invited to attend all meetings. On a select basis members of the PSC senior management and Internal Audit staff attended as observers and to respond to questions from members.

The Committee met six times during the year (January, February, May, August, October and December) with external members participating in all meetings in person or by teleconference. Two of the external members met with all the Commissioners on May 15. The Committee regularly had ‘in camera’ sessions involving only the external members, the President and other staff as appropriate.

Committee Terms of Reference

The Committee updated its Terms of Reference in October to reflect the new Treasury Board Policy on Internal Audit of July 2009.

The committee makes appropriate use the OCG provided Aides-Memoires on the PSC Internal Audit Committee (IAC) eight key areas of oversight responsibility.

Eight Areas of Oversight Responsibility

Values and Ethics (V&E)

In October 2008, the Committee was briefed on how the PSC disseminates its Values and Ethics to all staff and encourages compliance through leadership, infrastructure and organizational culture initiatives and how the values of the PSC (integrity, respect, fairness and transparency) and the Public Service Employment Act (PSEA) (fairness, access, transparency, merit and representativeness) were integrated into every part of the organization’s work. A multi-year management plan to improve V&E performance measurement and communication; implement recommendations arising from annual employee surveys; strengthen the activities of the office of Ombudsman, Ethics and Conflict Resolution and training in the exercise of recourse mechanisms; etc. was reviewed. This topic and progress in implementing the management plan are slated to be covered again in the May 2010 meeting.

Risk Management

The Committee reviewed the Corporate Risk Profile and associated mitigating strategies included in the Report on Plans and Priorities (RPP) and Departmental Performance Report (DPR). The committee selected three areas of risk for specific follow-up during subsequent meetings, namely: Public Service Staffing Modernization Program (PSSMP), Cost Recovery; and Management of Information Technology Security (MITS) implementation. As the year progressed, it became evident that there was a number of differing risk assessments being managed (e.g. external facing by Staffing and Assessment Services Branch (SASB), internal facing by Internal Audit Directorate (IAD), etc.) The committee requested an amalgamated report on Risk Assessment be prepared. The Committee was kept fully briefed on the Test Security Action Plan progress in risk mitigation.

Management Control Framework

The Committee was informed of the key management issues and how procedures have been adopted to mitigate concerns and produce desired results. In particular the Committee reviewed the Summary of Control Reviews and assessments of the Management Accountability Framework. The Committee was provided with key reports used by the Executive Committee of the PSC to monitor activities and engaged in full and open discussions on specific issues with follow up actions included in the meeting minutes. The Committee noted the strong financial controls in place within the PSC as evidenced by results of cyclical financial audits, OAG audit of annual financial statements and improving budget management results.

OAG and Central Agencies

By virtue of the regular attendance of a representative of the OAG, the Committee has been kept well informed of matters raised by the OAG and about the OAG’s audit plans. The Chief Audit Executive (CAE) periodically updated Committee on developments in the Office of the Comptroller General (OCG), particularly on evolving role of internal audit and its audit committees. Members attended various symposia, think-tanks and development courses sponsored by the OCG during the year. The Committee noted that all nine good practices outlined in the OAG Horizontal Audit of Travel and Hospitality in Small Departments and Agencies were already implemented within the PSC.

Follow-up on Management Action Plans

The committee uses three means of follow up on Management Action Plans. General Committee-related actions are included in the “IAC Tracking of Follow-Ups” which is updated for each meeting. Management Plans and progress on actions arising from recommendations of internal audits are reported semi-annually. Progress on PSC commitments and action plans arising from PSC external audits are also reported on a six month schedule. In all cases, individual actions are monitored until the Committee is satisfied that changes have been successfully achieved.

Financial Statements and Public Accounts Reporting

Regarding the OAG audit of the PSC’s financial statements at March 31, 2009, the Committee noted that the OAG issued an unqualified opinion on the financial statements presented and reported no matters of concern and made no recommendations for improvement to management.

Accountability Reporting

During its first meeting of the year in January 2009 the Committee reviewed a draft of the RPP for 2009-10. During its August meeting it reviewed a draft of the DPR for 2008-09 including the audited financial statements for the 2009 fiscal year. In December it considered a draft of the RPP for 2010-11. The committee offered a number of minor suggestions to strengthen clarity and completeness but in all cases was satisfied that the PSC was presenting fair and reasonable reports to Parliament. The Committee was fully briefed on the results of Round VI of the Management Accountability Framework (MAF) assessment and the resultant PSC Action Plan. The Committee received briefings on continuous improvement efforts toward implementing the provisions of the PSEA. Of particular note were the briefings on the findings of the Independent Review Committee contained in its report of January 2009 ‘Review of the Public Service Commission Oversight’ and the PSC’s action plan to respond to the 18 recommendations; the Committee continues to monitor these actions together with the preparations for the PSEA five year legislative review. The Committee received regular updates on strategic matters and such key challenges as development of the PSSMP and the implementation of policies and procedures covering expanded cost recovery for services. The Committee was provided with a copy of the Fiscal Year 2008-2009 PSC Annual Report to Parliament for information.

Internal Audit Function

The Committee reviewed the draft internal audit plan for 2009-10 and outlook to 2013-14, provided some suggestions for future and recommended the plan to the President for approval. The Committee also received a briefing on the resources of internal audit and all staffing actions throughout the year. At each meeting the Committee was updated on the status of audits and plans; where appropriate based on findings at the preliminary survey stage, further work was modified on the recommendation of the Committee. All internal audit reports were presented to the Committee, with special emphasis on findings and recommendations, as well as management’s remedial action plans. All internal audit reports were recommended for approval. A thorough systematic approach has been adopted to inform the Committee on the implementation of all internal audit recommendations. The Committee heard from the CAE concerning plans to prepare an annual assurance report in 2010, as contemplated in policies and directives issued by the OCG. The Committee considers that the internal audit function: a) is staffed by professionally qualified people; b) schedules its audits using a risk-based methodology; c) applies a professional approach to planning, executing, reviewing and reporting on its audits; d) follows up systematically on the progress of actions by management in response to audit reports; and e) follows guidance provided by the Treasury Board Policy on Internal Audit. Accordingly, the Committee considers that the internal audit function continues to evolve in line with OCG guidance, has a reasonable capacity to address its mandate and is performing its role in a satisfactory manner.

Conclusion

Building on its experience since 2006, the Committee considers that the 2009 activities constitute good progress in the evolving sphere of internal audit committees in the public sector. Members were provided with relevant and transparent information to enable the Committee to discharge its mandate. In particular, members were regularly briefed on how the PSC is dealing with the major challenges it faces. Members were pleased with the professionalism of staff, the candour concerning the challenges they face and the willingness to implement suggestions.

After its fourth year of activities, the Committee considers that it has a realistic appreciation of the complex issues faced by the PSC and its management processes. Based on observations over the past year the Committee concludes that the PSC has a rational approach and systematic management control framework to addressing its mandate, to monitoring results and to reporting publicly.

A Look Ahead

In 2010, the IAC planned reviews of key management activities are outlined in the attached schedule.

In addition, specific issues that the IAC plans on addressing include:

• Amalgamated PSC risk management framework assessment and development.
• Internal Control Policy implementation for financial reporting, utilizing an innovative software tool.
• IIA Internal Audit Capabilities Model determinations.
• PSSMP extensions including associated cost recovery and information technology developments
• PSEA five-year legislative review

Attachment: Internal Audit Committee Annual Planning 2010