Archived: Risk-based audit and evaluation plan: 2013-14 to 2017-18: chapter 3


3. Planning Approach

3.1 Key Requirements

There are a number of requirements and obligations stemming from TB policies, directives and guidelines which drive audit and evaluation planning in the federal government.

A. Internal Audit Plan

B. Evaluation Plan

Accordingly, the evaluation plan and projects are determined mainly by mandatory requirements as described above. The risk assessment is used to help scope the evaluation projects as well as determine priorities for non-mandatory projects. The required evaluation project effort is mainly driven by the nature (e.g. complexity, evaluabilityFootnote 7, horizontality) and scope (materiality) of the program.

3.2 Approach and Considerations

The planning exercise is always based, to some extent, on the previous year's risk assessment and plans as its initial starting point. The approach to the planning exercise is also grounded on the following key elements:

  1. Planning "Universe".  The planning universe serves as the "roadmap" or "backdrop" for risk assessment and planning, and helps define the potential audit and evaluation areas and projects.
    • For evaluation, the planned projects are defined according to the department’s 2013-14 Program Alignment Architecture (PAA), which is consistent with TB Evaluation Policy requirements (e.g. Direct Program Spending coverage).
    • For internal audit, the key elements of TBS's Management Accountability Framework (MAF) are utilized to identify and organize (map) the planned audit projects.
  2. Risks and Considerations.  As indicated previously (section 3.1),  both internal audit and evaluation rely in part, and to different degrees, on risks to either identify or scope planned projects, as well as rely on other requirements and considerations. Accordingly, as part of its planning exercise AEB conducts an independent risk assessment, based on the following steps:
    • A preliminary risk assessment is based on AEB's knowledge of the Department's programs, priorities and risks, and includes consideration of a number of key sources (e.g. prior year's assessment; past audits and evaluation reports; the CRP exercise; current MAF assessments; and key corporate documents)
    • The assessment is further developed and refined mainly through consultations with senior executives, the EAAC, the DEC and the DMs.

    A summary of AEB's independent risk assessment is presented in Appendix C.

  3. RBAEP Update. The current RBAEP is revised and updated from the prior year such as to consider a number of competing planning requirements, priorities and risks, as outlined previously (section 3.1). The revised RBAEP must take into account:
    • Internal audit requirements and coverage of key risks and considerations;
    • Mandatory evaluation coverage and risks for non-mandatory evaluations;
    • Audits or reviews to be conducted by external assurance providers (e.g. CESD) and horizontal audits planned by the OCG;
    • Comments and advice received from senior management;
    • Ability or capacity of EC branches to accommodate multiple projects; and
    • Resources and capacity of the AEB.
  4. Process and Approval. The approach to develop AEB’s integrated RBAEP is founded foremost on significant phased consultations with senior management, and accordingly the exercise is very much iterative. This year, the consultations and overall planning process included the following major steps and milestones:
    • Changes to the planning approach discussed with EAAC (December)
    • Consultations with EMC members including the DMs (January-February)
    • Status Update and Initial Consultation with EAAC (February)
    • Summary of the Draft Evaluation Plan provided to DEC for comments (March)
    • Complete Draft of the RBAEP provided to DMs and presented to EAAC for review and recommendation (March)
    • RBAEP updated and Summary provided to EMC for information (April)
    • Final RBAEP approved by the DM
    • Approved RBAEP provided to TBS, OCG and OAG, circulated to EMC (and subsequently posted on the EC web-site).

The final RBAEP is approved by the DM, based on the review and recommendations of the EAAC (audit plan component) and of the DEC (evaluation plan component). The RBAEP is an evolving document and must remain evergreen. Accordingly, at mid-year each year (normally in November) the RBAEP is updated and resubmitted to EAAC and DEC for consideration and any changes approved by the DM. In addition, progress against the approved RBAEP is regularly monitored at both EAAC and DEC.

Page details

Date modified: