ESDC Department Audit Committee 2015 – 2016 Annual report
Official title: ESDC Department Audit Committee 2015 – 2016 Annual report for the period of: April 1, 2015 to March 31, 2016.
Alternate formats
ESDC Department Audit Committee 2015 – 2016 Annual report[PDF - 477 KB]
Large print, braille, MP3 (audio), e-text and DAISY formats are available on demand by ordering online or calling 1 800 O-Canada (1-800-622-6232). If you use a teletypewriter (TTY), call 1-800-926-9105.
Message from the independent Committee members
The Departmental Audit Committee (DAC) is pleased to present the fiscal-year (FY) 2015-2016 Annual Report to the Deputy Minister (DM). This eighth consecutive report for Employment and Social Development Canada (ESDC) highlights the continued success of the DAC due in large part to the commitment, and attentiveness of the DM and of senior management. The DM sets the tone for how management responds to and supports the DAC. As a member of the Committee, and an ardent supporter and listener, the Deputy has engendered an environment where the DAC can operate effectively and efficiently. The independent Committee members appreciate this support.
Our role is to provide constructive advice and guidance to the DM and senior management. This past year the DAC focused on audit entities as described in the 2015-17 Risk Based Internal Audit Plan (RBAP) tied to the three areas of focus: Financial stewardship and compliance with the Financial Administration Act (FAA); Safeguarding and protection of information, assets, and people; and Maintaining program and service delivery commitments. In addition, the themes of Information Management (IM) / Information Technology (IT), risk management, corporate coherence, Human Resources (HR) capacity, and the Policy on Internal Control (PIC) continue to be areas of interest for the DAC in FY 15-16.
Critical to the role of the DAC is ensuring there is appropriate coverage of the FAA compliance through the audits; consideration was given to this throughout the year. The annual Technical Briefing to review and make recommendations on the financial statements and related Office of the Auditor General (OAG) financial audits took place in August, 2015.
For the third year in a row the OAG has had a presence at DAC meetings providing a venue for discussions on their strategic multi-year audit plan which outlines potential future ESDC audits. Management has had in-depth discussions with the OAG on their audit findings and has accepted all 37 recommendations presented at DAC meetings this past FY. The OAG brings differing perspectives than that of Internal Audit (IA) which is healthy in providing additional observations on risk. We look forward to continued collaboration with the OAG and achieving a better understanding of their priorities to enable the DAC to focus its approach and assessment of OAG insights into the future.
We are thankful for the collaborative relationship and are appreciative of the support received from the Chief Audit Executive (CAE) and his team. Once again we have found the CAE and his staff to be professional and responsive and their work of critical importance to the committee. We look forward to the year ahead and to addressing the challenges to come with the same rigour and collaboration as in past years.
Finally, we would like to thank the outgoing DAC Chair, Mr Rod Monette, for his commitment and service to the DAC over the last four years. Rod has brought invaluable insights to the table thanks to his extensive experience in both the private and public sector. Rod’s leadership, thoughtful contributions and character will be missed by all. We wish him the best of luck in his future endeavours and adventures!
Issues and observations
Our Annual Report provides an opportunity for an overview of DAC activities, advice, and recommendations provided to the DM and CAE each FY. Monitoring and challenging the Department, positions the DAC to provide invaluable and comprehensive advice to the DM. We believe our recommendations and engagement continue to have a positive impact on the Department.
IA did significant work this past year related to IT Security, Security Management, Privacy Management, Enterprise Risk Management, Integrated Planning and Performance Measurement, Financial Management, among other areas. The IA function continues to identify opportunities for efficiencies and risk mitigation.
For FY 15/16, all IA findings and recommendations were accepted by senior management. We believe that management’s receptivity to IA observations and their commitment to address and respond to findings and recommendations reflects the collaborative relationship the IA function has with its clients and the confidence that management has in the audit function. Additionally, the DAC plays an active and critical assessment role through an annual review of management’s progress in implementing their action plans developed in response to audit recommendations.
Themes for 2015-2016
Reflecting on the activities and operations of the committee throughout FY 15/16, the following themes emerged whereby the DAC provided advice and recommendations to senior departmental officials and the DM.
Information Management / Information Technology
ESDC continues to prioritize IM/IT risks and risk mitigation strategies, with a specific focus on protecting and securing personal information. The DAC received IM/IT updates throughout FY 15/16 all of which confirmed the great strides being made by senior management to reduce IM/IT risks and improve governance. The DAC recognizes the challenges ESDC faces with the dependent nature of the current IT infrastructure on Shared Services Canada (SSC) and acknowledges the work ESDC is doing to encourage collaborative partnerships. The importance of IM/IT is reflected within the Internal Audit Services Branch’s (IASB) current RBAP which includes a horizontal audit of IM, an IA of IM as well as four IT security audits.
Risk Management
An update on the RBAP was provided during the November 10, 2015 DAC meeting. We were comfortable that the articulated key risk areas were consistent with the Corporate Risk Profile (CRP), and that emerging risk areas including Security Management, Integrated Planning, and Risk Management would be addressed in the 2016-18 RBAP. We did request that specific mention of the FAA be added to the “Risk Areas of Focus” section in the 2016-18 RBAP.
Corporate coherence
Management control is an area that should be viewed corporately and holistically across all areas of the Department as a means of encouraging and supporting horizontal integration. Given that ESDC is a very large and complex organization, it can be a significant challenge to achieving appropriate coordination resulting in ‘corporate coherence’.
Corporate coherence was an area of specific focus for the DAC during FY 14/15 and is a topic IASB addressed in both the 2015-16 CAE Annual Report as well as the 2015-18 RBAP. A series of audits are identified in the current FY 16-18 RBAP (as one risk area of focus) with regards to corporate coherence, including: planning; risk management; performance measurement; and, project management and oversight.
The Department is currently undertaking several transformative initiatives whereby DAC members want to be kept appraised of direction, progress and horizontal linkages. Appropriate governance is seen as critical to the success of these initiatives.
Human resources capacity
HR management was also a theme covered this past year. The DAC received a briefing at the June, 2015, meeting on the ESDC Workforce Management Strategy, specifically regarding the development of the departmental 2015-2020 Workforce Strategy. We were pleased to see that the strategy is consistent with the Clerk of the Privy Council’s Annual Report and that a phased-in implementation approach has been adopted. The Department will be building on initiatives already piloted across the ESDC, mitigating any concerns regarding the organizational capacity to properly implement the strategy at the managerial level.
Policy of internal control
Throughout FY 2015-16, the Chief Financial Officer (CFO) kept the committee apprised of emerging concerns, challenges, and issues that had the potential to affect the target implementation date of the Department’s strategy on the PIC. At the March 2016 DAC meeting, the CFO advised that active vigilance is required to ensure that modernization activities are accounted for in the PIC process. Overall, we find the internal control system to be well balanced and managed. We anticipate an additional briefing in 2016-17 to further discuss the PIC implementation progress.
Assessment of the internal audit function
As outlined in the CAE 2015-16 Annual Report; IA met all its obligations under the Treasury Board Policy on Internal Audit, and remained compliant with the Internal Auditing Standards for the Government of Canada and International Standards for the Professional Practice of Internal Auditing, as validated by the external practice inspection of the ESDC internal audit function, which took place between November and December 2015. The results were presented to the DAC on March 1, 2016.
IA completed a variety of assurance and advisory engagements over the past FY which provided senior management with sound advice and guidance on the effectiveness and efficiency of their overall operations.
The CAE and the IASB senior management team continue to demonstrate their commitment to ensure appropriate resources are available through recruitment, retention, and succession planning. This has had a direct correlation on the volume and quality of work being produced.
From our unique external vantage point in reviewing the 2015-2016 audit projects, we were able to provide recommendations and advice of value to senior management. The regular updates of the RBAP and the IA status reports allow the DAC to remain apprised of the status of audit projects and of changes in the departmental risk environment.
We continue to view the IA function as highly successful and of great value to ESDC and appreciate the high-degree of professionalism of the CAE and his staff.
Follow-up on Management Action Plans
The CAE tabled the results of the annual Management Action Plan (MAP) follow-up exercise to the Committee for discussion and information at the March 2016 meeting. This provided an opportunity for the committee to receive valuable and critical information pertaining to the Department’s progress in implementing its action plans and the risks of exposure of outstanding action plans.
The DAC was informed that the majority of outstanding MAPs experienced significant implementation delays. While many of these delays can be attributed to significant system enhancements or transformational initiatives, we nonetheless are concerned that MAP implementations may not be getting the attention they require. As a result, we suggested that updates be provided to senior level committees on a regular basis, particularly for those planned actions experiencing significant delays. It is worth noting that the Department has received several IT-related recommendations which are dependent on the infrastructure support provided by Shared Services Canada. This can create challenges for ESDC as the Department is often reliant on activities outside of its direct control. We look forward to the results of the additional analysis and management engagement efforts IA plans to undertake in FY 16-17 to continually strengthen its approach to MAP follow-up.
Values and ethics
Since the launch of the ESDC Code of Conduct (the Code) in April 2012 the Department has focused on employee awareness initiatives including employee training. At our March 2016 meeting, the Code’s effectiveness was demonstrated in the results of the Public Service Employee Survey which indicated that not only are employees reporting more code breaches but that the overall instances of breaches are low and continue to decrease (from a total of 120 in FY 2013-14 to 71 in FY 2014-15). This demonstrates increased and ongoing confidence in the system.
External assurance providers
Regular status briefings as well as engagement results were provided to the DAC in order to facilitate our ability to monitor and make inquiries into external audit activity of the various external assurance providers throughout 2015-16.
Due to the size and complex nature of ESDC, the Department’s input is often considered for inclusion in external audit engagements. From our unique position as an external advisory body to the DM we will continue to offer our scrutiny and insights related to external assurance provider engagements.
Financial statements and public accounts reporting
Following our request outlined in the 2014-15 DAC Annual Report, the CFO has utilised DAC meetings as an opportunity to advise on notable seasonal and cyclical patterns and to highlight significant material difference from one quarter to the next.
The annual Technical Briefing was held in August 2015 and proved once again to be a positive opportunity to review in detail the following financial statements (F/S):
- 2014-2015 Unaudited Departmental Consolidated F/S;
- 2014-2015 Employment Insurance (EI) Operating Account F/S;
- 2014-2015 Canada Pension Plan (CPP) Account F/S;
- 2014-2015 General Annuities Account (GAA) F/S; and,
- 2014-2015 ESDC Public Accounts.
During the Technical Briefing, the DAC received a comprehensive overview of the unaudited 2014-15 Departmental Consolidated Financial Statements prepared by CFOB.
The OAG tabled their annual financial audit results of the EI Operating Account, the CPP Account, the GAA, and the ESDC portion of the Public Accounts of Canada for the year ending March 31, 2015. Although Management Letters issued by the OAG at the conclusion of their annual 2014-15 financial audits recommended some internal control enhancements, once again no significant audit or accounting matters were identified.
Accountability reporting
We reviewed and received briefs on several key departmental reports throughout 2015-16 including:
- Reports on Plans and Priorities 2016-2017;
- Departmental Performance Report 2014-2015;
- 2014-15 Management Accountability Framework assessment results; and
- 2015-16 to 2018-19 Departmental Evaluation Plan
We noted a continuing improvement in the reports and we feel that this is a direct result of the Department’s commitment to improving the clarity and usefulness of its reporting.
Moving forward
For 2016-2017, as part of our annual report process, our areas of ongoing interest are outlined below and align with those identified by IA in the 2016-18 RBAP. We feel that these key areas will be of utmost importance not only to the DAC but to the Department.
- Demonstrated strong project management oversight and achievement of expected results for key departmental IM/IT transformational initiatives;
- Ongoing departmental focus in securing and protecting information, assets and people; and
- Continued management efforts towards robust HR planning resulting in the required capacity complement and skill-sets to successfully achieve departmental priorities while maintaining ongoing program delivery commitments.
Conclusion
The DAC is confident it has met its mandated responsibilities in addition to having provided advice to the DM and the DM’s management team on a number of issues. In this respect, the 2015-2016 year has been success.
In the upcoming year the DAC will focus on the areas of risk identified in the 2016-18 RBAP and will continue to ensure the FAA, which has been and will remain as one of our “bread and butter” responsibilities, receives ample visibility and is allotted sufficient time for discussion and deliberation.
We appreciate the fulsome support of the DM, the DM’s management team, the CAE, and the internal audit team and look forward to continuing the excellent and professional relationships we have forged.
Annex A - Departmental Audit Committee composition, operations, and biographies
Composition
The Employment and Social Development Canada (ESDC) Departmental Audit Committee (DAC) is comprised of three independent, external members recruited from outside of the federal public administration as well as one internal member, the Deputy Minister (DM) of ESDC, for a total of four members.
The DAC Chair is Mr. Rod Monette (an independent, external member), and the other two independent, external members are Mr. Tim Wilson and Ms. Marie-Josée Lamothe. All of the independent, external members were recruited and appointed via the established Office of the Comptroller General process for recruiting and appointing DAC members. The approach was selected following consultations with representatives of the former Public Appointments Commission Secretariat, which confirmed that the approach meets the requirements of a fair, transparent and merit-based selection process. Embedded within the DAC member recruitment and appointment process is a validation phase which ensures that appointed DAC members are free of any potential conflicts of interest. In addition, the ESDC DAC members review and attest to the ESDC Code of Conduct.
Operations
The DAC complies with the Directive on Internal Auditing in the Government of Canada by ensuring that our DAC Charter clearly outlines the committees’ roles, responsibilities and operations as well as those of senior management pertaining to DAC matters.
We convened four in-person meetings and participated in one conference call during fiscal-year 2015-2016.
An integral part of in-person DAC meetings are the in-camera sessions with the Deputy Minister, the Chief Financial Officer (CFO) and the Chief Audit Executive (CAE). In-camera sessions with the DM occur at every in-person meeting (either at the onset or conclusion), whereas CAE and CFO in-camera sessions occur on a rotational basis.
Biographies
Rod Monette, FCPA-FCA, BSc, MBA
Rod Monette has over 35 years of experience in management and administration. He was a federal public servant for 28 years, 17 of which were at the levels of Deputy Minister and Assistant Deputy Minister in regional and national positions in various program, policy, and management areas. He serves on a number of Boards and Committees, including Chair of the Public Sector Accounting Board of the Canadian Chartered Professional Accountants.
Mr. Monette is a Fellow Chartered Professional Accountant and holds a Bachelor of Science degree from Carleton University, as well as a Masters of Business Administration from the University of Ottawa.
He completed his public service career as the Comptroller General of Canada. The Comptroller General is responsible for government-wide direction and leadership for financial management and audit. Notably, Mr. Monette was the architect of the financial accountability measures for Canada’s $62 Billion Economic Action Plan.
Prior to Comptroller General of Canada, Mr. Monette was Associate Deputy Minister of National Defence, where he worked on long-term defence strategy, procurement, and program issues.
Mr. Monette began his career with Clarkson Gordon Chartered Accountants, now Ernst and Young, in 1978.
Born in Regina, he now lives in Toronto with his wife and enjoys playing music and motorcycling.
Tim Wilson, CA, MBA
Mr. Wilson is the Vice-President and Chief Financial Officer of Equitable Group Inc. and its wholly-owned subsidiary, Equitable Bank.
Previously he held the position of President of Visa Canada where he was active in shaping Visa Canada's strategic direction as part of an ongoing and focused evaluation of Visa's operations, structure, governance and business strategy.
Prior to joining Visa, Mr. Wilson served as Vice President, Finance at CIBC and also as a Manager at Ernst & Young in Toronto.. He served as a Management Consultant at The Monitor Group, serving clients in a variety of industries, including financial services, across North America.
Mr. Wilson received his Chartered Accountant designation in 1997 while working with Ernst and Young and holds a B.Comm. from Queen's University, and an M.B.A. from Harvard Business School.
Marie-Josée Lamothe
As Managing Director of Branding and as Managing Director of Quebec at Google Canada, Marie-Josée Lamothe helps brands harness the best of the web to grow their business in Canada and Internationally.
A 20 year veteran of the competitive world of Consumer Product Marketing, Marie-Josée Lamothe is best noted for her expertise in International Branding. Prior to joining Google Canada, she held various roles during her 12 years at L’Oréal from International Marketing Director, in France to Vice-President and General Manager luxury brands in Canada, and since 2010, as CMO and CCO in Canada where her main mandate was to leverage the strengths of digital to help L’Oréal’s 33 beauty brands compete.
Marie-Josée was recognized in 2015 by InfoPresse as Personality of the Year in Quebec, both in 2013 and 2012 among Canada’s Top 100 Most Powerful Women in the Financial Post and WXN as well as Canada’s Marketers of the Year by Strategy magazine. In 2013, Social Media Magazine named her one of the Top 100 CMO's on Twitter and most recently, Forbes Magazine recognized her as a 2014 Top Marketing Minds To Follow on Twitter. In 2015, Marie-Josée was recognized Personality of the Year by InfoPresse and received an Honorary recognition from the University of Montreal for her contribution to the advancement of our society.
Marie-Josée sits as a Director on the Reitman’s Canada Limited Board, the University of Montreal Board and the INCR Board (Institute of Clinical Research of Montreal). She was also appointed in 2015 to the Audit committee of the Employment and Social Development of Canada by the Treasury Board of Canada. Marie-Josée Lamothe is a jury member for various Canadian commissions and associations in the Marketing, Communication and Digital fields. She also regularly participates in conferences on those themes.
Marie-Josée lives in Montreal and is a proud mom of 3. She is actively involved in Canadian organizations that promote education and solidarity such as the University of Montreal Board of Directors and the Women Center of Montreal Foundation Board.
Annex B: Departmental Audit Committee operations per key area of responsibility
The following table depicts the various Departmental Audit Committee (DAC) agenda items and presentations to their corresponding area(s) of responsibility. As the DAC’s areas of responsibility are not independent, linkages between these areas must be achieved in order to for the committee to succeed in its advisory role. Due to these linkages, certain agenda items will be reported under more than one area of responsibility.
| Area of responsibility | June 9, 2015 | August 28, 2015 Technical briefing |
November 10, 2015 | February 9, 2016 Conference call |
March 1, 2016 |
|---|---|---|---|---|---|
| Values and ethics |
|
||||
| Risk management |
|
||||
| Management Control Framework and Reporting |
|
|
|||
| Internal audit function |
|
|
|
|
|
| External assurance providers |
|
|
|
||
| Follow-up on Management Action Plans |
|
||||
| Financial statements and public accounts reporting |
|
|
|
|
|
| Accountability reporting |
|
||||
| DAC operations |
|
|
|
|
|
| Monitoring and reporting (Annual reporting) |
|
||||
| Ad-hoc / Other briefings |
|
|
|