Archived: Integrated Risk-Based Audit and Evaluation Plan 2014-2015: chapter 9


Appendices A

Appendix A. Detailed Internal Audit Plan - 2014-15 To 2016-17

The following table presents the internal audit projects in progress or planned for the next three years.   Please refer to the Legend on the last page (PD = person-days)

Projects in Progress

Initial Project Description and Objectives Risks and Rationale Start Date (Quarter and Year) End Date (Quarter and Year) Estimated Cost
2014-15
PD
Estimated Cost
2014-15
$’000
Estimated Cost
2015-16
PD
Estimated Cost
2015-16
$’000
Estimated Cost
2016-17
PD
Estimated Cost
2016-17
$’000
Capital Asset Management
The objective of the audit is to provide assurance on the adequacy and effectiveness over the management of capital asset maintenance and renewal and how capital assets management support program objectives.

Risks or Considerations: Effectiveness of capital assets management, maintenance and renewal, and asset life-cycle management have significant impact on meeting the objectives of many programs.

EC Priorities: Clean, Safe, Sustainable Development

MAF Elements: Stewardship

Q4
2011-12
Q1
2014-15
15          
IT Service Delivery
The objective of this review is to assess the service delivered by IT to the various programs, in particular in the context of the creation of Shared Services Canada.

Risks or Considerations:  The governance related to IT services and the coordination with Shared Services Canada is a concern for some managers, in ensuring the timeliness and continuity of program operations.

EC Priority: Management Priority

MAF Elements: Stewardship

Q1
2012-13Footnote13
Q2
2014-15
15          
Management of Laboratories
The objectives of the audit are to assess the adequacy and effectiveness of the management controls for the laboratories.  The project will address the core management controls pertaining to the management of research projects and laboratories.

Risks or Considerations: EC laboratories support critical functions of the department, such as science and technology; ESB, for example in support to CMP, and regulation development; and enforcement.

EC Priorities: Clean, Safe, Sustainable Environment

MAF Elements: Stewardship

Q3
2012-13
Q1
2014-15
15          
Fraud Risk Management Review
The objective of this review is to conduct an overall fraud assessment and to provide assurance on the governance and framework pertaining to fraud risk management.

Risks or Considerations: Recommended under the TBS Guidance and IIA Standards. New departmental Policy on Administrative Investigations.

EC Priority: Management Priority

MAF Elements: Public Service Values; Stewardship

Q4
2012-13Footnote14
Q3
2014-15
50 7        
Review and Benchmarking of Privacy Processes
The objective of the project is to assess EC compliance to the Privacy Act and related policies and directives, and the effectiveness of supporting processes and controls.

Risks or Considerations: Recent case indicates the importance of protecting personal information.  Issue of concern to senior management.

EC Priority:  Management Priority

MAF Elements: Stewardship

Q2
2013-14
Q4
2014-15
100          
External Reporting on Performance
The objective of this project is to provide assurance on the accuracy and effectiveness of external reporting, and related quality assurance processes.

Risks or Considerations: Challenges of multiple performance indicators and multiple reporting vehicles. Recent and expected changes in performance reporting (e.g., lower level reporting RPP/DPR; efficiency indicators). Consistency and quality of performance information collected and reported.

EC Priorities: All priorities

MAF Elements: Results & Performance

Q3
2013-14
Q3
2014-15
50 40        
Information Technology Security
Proposed participation in OCG Horizontal Audit on IT Security

The objectives of this project are to ensure IT security is properly managed and that controls are effective.  This audit is to be conducted in collaboration with OCG which is planning an audit on the same topic, and this will allow reviewing the whole spectrum of IT security.

Risks or Considerations: New delivery model with the creation of SSC, and resulting uncertainties on shared IT controls and related challenges of shared responsibility and obligations.  Opportunity to coordinate our audit work with OCG. Increasing cyber threats and risks.

EC Priority: Management Priority

MAF Elements: Stewardship

Q3
2013-14
Q1
2015-16Footnote15
190 40 10      
Systems, Applications and Products (SAP) Implementation (System Under Development)
This project will be a system under development review of the implementation of the SAP financial system, configuration management, as well as business process re-engineering.  The objective of this project is to ensure appropriate project management is taken to ensure a successful implementation of SAP.

Risks or Considerations: Major business processes changes underway or planned.  Major multi-year project involving high level of resources (investment).  Potential impact on key financial business processes and controls.

EC Priority:          Management Priority

MAF Elements:   Stewardship

Q3Footnote16
2013-14
Q2
2015-16
100 70 40      
Management and Delivery of Procurement
The objectives of this audit are to ensure that procurement is well managed complies with policies, the supporting processes are efficient and related controls are effective.

Risks or Considerations: Procurement challenges raised consistently through RBAEP consultations, and previously at EMC. Significant spending through procurement (20% of EC’s budget). Significant changes underway or anticipated (service standards, e-requisition, new delegation).

Corporate Priority: Management Priority

MAF Elements:  Stewardship

Q3
2013-14Footnote17
Q2
2015-16
200   40      
World Class Regulator
The objectives of this project are to review the regulatory processes from an effectiveness and efficiency perspective, and against the standards and criteria established for a World Class Regulator.

Risks or Considerations: World Class Regulator is a key initiative for EC.  Regulation development integral to many programs.  Initiative crosses many programs. Efficiency and delivery concerns raised through consultations. Client based request.

EC Priority: Clean, Safe, Sustainable Environment

MAF Elements: Policy & Program

Q4
2013-14
Q4
2014-15
200          

Projects Planned

Initial Project Description and Objectives Risks and Rationale Start Date (Quarter and Year) End Date (Quarter and Year) Estimated Cost
2014-15
PD
Estimated Cost
2014-15
$’000
Estimated Cost
2015-16
PD
Estimated Cost
2015-16
$’000
Estimated Cost
2016-17
PD
Estimated Cost
2016-17
$’000
Vote Netted Revenue (VNR)Footnotea
The objectives of this project are to review the management of the vote netted revenues.  The initial scope will include all the financial aspects of VNR from setting the price for services, to collecting and recording the revenues.

Risks or Considerations: Financial concerns raised through consultations. Increasing complexity and importance of VNR transactions. Link to external dependencies and collaborations. Related CESD concerns in past audits.

EC Priority: Management Priority

MAF Elements: Stewardship

Q3
2014-15
Q3
2015-16
110   20      
Staffing and Classification
The objectives of this audit are to ensure that the staffing and classification functions are well managed; that they are executed in an efficient manner; and that proper internal controls are in place to ensure compliance with acts, regulations and policies.

Risks or Considerations: Past PSC audit identified issues. New departmental service standards. Concerns raised by senior managers during consultations on associated workload expectations. MAF 2013-14 assessment identified that attention is required for staffing.

Deferred to 2015-16 to accommodate HR work recently initiated in this area.

EC Priority: Management Priority

MAF Elements: People

Q1
2015-16
Q1
2016-17
    170   20  
Governance Framework Review
The objective of the project is to assess the adequacy of EC's corporate governance framework (structure, processes and information) necessary for coordinating activities and programs, and holding management to account for implementing strategic directions.

Risks or Considerations: TB Policy on Internal Audit outlines the requirement for IA to assess the effectiveness of the governance process and for EAAC to provide advice and recommendations to the deputy head on the adequacy and functioning of the department’s governance framework and process. EC’s new Governance model came into effect on February 1, 2012.

EC Priority: Management Priority

MAF Elements:Governance & Strategic Directions

Q2
2015-16
Q2
2016-17
    120 25 60  
Integrated Planning/Operational Planning
The objective of this project is to provide assurance on the processes and systems in place for operational planning, including how planning is integrated between branches and between enablers.

Risks or Considerations: Integrated Planning is a PS Renewal priority. Past attempts at integrated planning had limited success. Outstanding CESD concerns on operational planning (e.g. pertaining to CESD Audit of Environmental Science). Integrated planning raised as an issue through RBAEP consultations.

EC Priority:Management Priority

MAF Elements: Governance & Strategic Directions

Q1
2015-16
Q1
2016-17
    175   15  
Expenditure Management Framework
The objectives of this audit are to determine the extent to which key processes and controls pertaining to expenditures comply with TB policies and EC requirements, and assess the effectiveness of the expenditure management control framework.

Risks or Considerations: Review of core expenditure controls is a TBS requirement (e.g. FAA Section 33 & 34).  Impact of SAP implementation and associated changing business processes.  External reporting implications (e.g. financial statements, DPR).  Various compliance requirements.

EC Priority:  Management Priority

MAF Elements:   Stewardship

Q2
2015-16
Q2
2016-17
    140   60  
Management and/or Compliance of International Environmental Agreements
The objective of this audit is to provide assurance on the management in compliance of a selected number of agreements (in the areas of greater risks).  The project will also focus on the domestic implementation of the agreements and the results achieved.

Risks or Considerations: Two previous CESD Audits on international environmental agreements conducted in 2004 and 2008. Potential ongoing issues, high volume of agreements. Similar concerns raised with regards to Aboriginal Land Claim Agreement.

EC Priorities:Clean, Safe, Sustainable Environment

MAF Elements: Policy & Program

Q1
2015-16
Q1
2016-17
    160   10  
Emergency Management and Planning
This project will assess EC’s framework, management and information pertaining to emergency and business continuity planning.

Risks or Considerations: Revised Strategic Emergency Management Plan.  Restructuring of the environmental emergencies program.  Possible impact of Government Business Transformation Initiative.  Business continuity planning raised through consultations.

EC Priorities:   All priorities

MAF Elements: Policy & Program, Stewardship

Q1
2015-16
Q2
2015-16
    100 50 20  
Records Management including Implementation of GCDocs
The implementation of GCDocs should allow the department to deal with longstanding records management issues.  The objective of this audit is to assess the implementation of GCDocs and its effectiveness at improving records and information management.

Risks or Considerations: Information management overall identified as a risk area in the past.  Lack of comprehensive records management system.  Far reaching and complex initiative.  Concerns raised through consultations on GCDocs and E-mail Transformation.

EC Priority: Management Priority

MAF Elements: Stewardship

Q1
2016-17
Q4
2016-17
        140 25
HR Planning and Management
The objective of this audit is to assess the overall effectiveness of the HR planning and management functions, including key controls and processes.  The focus of the project is on examining how EC managers ensure adequate HR capacity and succession.

Risks or Considerations: HR capacity identified in the CRP and through consultations.  Issues related to succession planning.

EC Priority: Management Priority

MAF Elements: People

Q1
2016-17
Q4
2016-17
        160  
Implementation of EC Science and Technology Strategy and PlansFootnotea
The objective of this project is to assess how the Science Strategy developed in 2013-14 is used and operationalized at EC.

Risks or Considerations: New Science and Technology (S&T) Strategy to be implemented in 2014-15.  To be followed by an operational plan.  Consultations confirmed both the importance and concerns related to Science Strategy and Program.  A CESD audit had identified concerns about implantation plans for the previous Science Plan.

EC Priorities: Clean, Safe, Sustainable Enviro.

MAF Elements: Policy & Program

Q2
2016-17
Q2
2017-18
        150 40
Pay and BenefitsFootnotea
The government of Canada is renewing its pay system.  Although EC will not be user of the system, it will provide information to the system, which will require changes to EC business processes.  The objectives of this project are to provide assurance that appropriate controls are in place in the new business processes.

Risks or Considerations: New Government-wide compensation system and consolidation.  Related concerns raised regarding data pertaining to HR management in the current system.  Possible impact of pay consolidation on related business processes and authorities.

EC Priority: Management Priority

MAF Elements: Stewardship; People

Q2
2016-17
Q2
2017-18
        175  
Real Property and Accommodation
The objective of this audit is to assess the implementation of EC’s accommodation strategy, the effective rationalization of its properties and potential impact on departmental programs.

Risks or Considerations: New accommodations strategy with anticipated high level savings.  Potential significant impacts on program delivery.

EC Priority: Management Priority

MAF Elements: Stewardship

Q1
2016-17
Q1
2017-18
        170 20
TOTAL INTERNAL AUDIT PROJECTS ONLY       1045 $ 157 975 $ 75 980 $ 85

Other Related Activities

Initial Project Description and Objectives Risks and Rationale Start Date (Quarter and Year) End Date (Quarter and Year) Estimated Cost
2014-15
PD
Estimated Cost
2014-15
$’000
Estimated Cost
2015-16
PD
Estimated Cost
2015-16
$’000
Estimated Cost
2016-17
PD
Estimated Cost
2016-17
$’000
Internal Audit Follow-up
To periodically monitor the implementation of past recommendations and management action plans.
Per TB Internal Audit Policy and Directive Ongoing   25   25   25  
Quality Assurance
To maintain the internal audit quality assurance system, and update audit tools and processes. 
To comply with professional standards. Ongoing   20   20   20  
TOTAL INTERNAL AUDIT PLAN       1090 $ 157 1020 $ 75 1025 $ 85

Legend & Notes:

PD: Person-days

  • There is one audit project from last year’s RBAEP planned for 2014-15 that was removed from the current plan.  The previously planned audit of the Financial Management Framework was removed in part to reduce the audit burden on the Finance Branch (after the Branch assumed responsibility for Procurement in 2013-14),as well as considering the potential impact of the SAP implementation.  This audit may be reconsidered at a later date.
  • The previously planned audit of Species at Risk was also removed from the current plan, after consultation with senior management and consideration that a number of related audits were recently tabled by the CESD in 2013.
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: