Archived: Integrated Risk-Based Audit and Evaluation Plan 2014-2015: chapter 9
Appendices A
Contents
Appendix A. Detailed Internal Audit Plan - 2014-15 To 2016-17
The following table presents the internal audit projects in progress or planned for the next three years. Please refer to the Legend on the last page (PD = person-days)
Projects in Progress
| Initial Project Description and Objectives | Risks and Rationale | Start Date (Quarter and Year) | End Date (Quarter and Year) | Estimated Cost 2014-15 PD |
Estimated Cost 2014-15 $’000 |
Estimated Cost 2015-16 PD |
Estimated Cost 2015-16 $’000 |
Estimated Cost 2016-17 PD |
Estimated Cost 2016-17 $’000 |
|---|---|---|---|---|---|---|---|---|---|
| Capital Asset Management The objective of the audit is to provide assurance on the adequacy and effectiveness over the management of capital asset maintenance and renewal and how capital assets management support program objectives. |
Risks or Considerations: Effectiveness of capital assets management, maintenance and renewal, and asset life-cycle management have significant impact on meeting the objectives of many programs. EC Priorities: Clean, Safe, Sustainable Development MAF Elements: Stewardship |
Q4 2011-12 |
Q1 2014-15 |
15 | |||||
| IT Service Delivery The objective of this review is to assess the service delivered by IT to the various programs, in particular in the context of the creation of Shared Services Canada. |
Risks or Considerations: The governance related to IT services and the coordination with Shared Services Canada is a concern for some managers, in ensuring the timeliness and continuity of program operations. EC Priority: Management Priority MAF Elements: Stewardship |
Q1 2012-13Footnote13 |
Q2 2014-15 |
15 | |||||
| Management of Laboratories The objectives of the audit are to assess the adequacy and effectiveness of the management controls for the laboratories. The project will address the core management controls pertaining to the management of research projects and laboratories. |
Risks or Considerations: EC laboratories support critical functions of the department, such as science and technology; ESB, for example in support to CMP, and regulation development; and enforcement. EC Priorities: Clean, Safe, Sustainable Environment MAF Elements: Stewardship |
Q3 2012-13 |
Q1 2014-15 |
15 | |||||
| Fraud Risk Management Review The objective of this review is to conduct an overall fraud assessment and to provide assurance on the governance and framework pertaining to fraud risk management. |
Risks or Considerations: Recommended under the TBS Guidance and IIA Standards. New departmental Policy on Administrative Investigations. EC Priority: Management Priority MAF Elements: Public Service Values; Stewardship |
Q4 2012-13Footnote14 |
Q3 2014-15 |
50 | 7 | ||||
| Review and Benchmarking of Privacy Processes The objective of the project is to assess EC compliance to the Privacy Act and related policies and directives, and the effectiveness of supporting processes and controls. |
Risks or Considerations: Recent case indicates the importance of protecting personal information. Issue of concern to senior management. EC Priority: Management Priority MAF Elements: Stewardship |
Q2 2013-14 |
Q4 2014-15 |
100 | |||||
| External Reporting on Performance The objective of this project is to provide assurance on the accuracy and effectiveness of external reporting, and related quality assurance processes. |
Risks or Considerations: Challenges of multiple performance indicators and multiple reporting vehicles. Recent and expected changes in performance reporting (e.g., lower level reporting RPP/DPR; efficiency indicators). Consistency and quality of performance information collected and reported. EC Priorities: All priorities MAF Elements: Results & Performance |
Q3 2013-14 |
Q3 2014-15 |
50 | 40 | ||||
| Information Technology Security Proposed participation in OCG Horizontal Audit on IT Security The objectives of this project are to ensure IT security is properly managed and that controls are effective. This audit is to be conducted in collaboration with OCG which is planning an audit on the same topic, and this will allow reviewing the whole spectrum of IT security. |
Risks or Considerations: New delivery model with the creation of SSC, and resulting uncertainties on shared IT controls and related challenges of shared responsibility and obligations. Opportunity to coordinate our audit work with OCG. Increasing cyber threats and risks. EC Priority: Management Priority MAF Elements: Stewardship |
Q3 2013-14 |
Q1 2015-16Footnote15 |
190 | 40 | 10 | |||
| Systems, Applications and Products (SAP) Implementation (System Under Development) This project will be a system under development review of the implementation of the SAP financial system, configuration management, as well as business process re-engineering. The objective of this project is to ensure appropriate project management is taken to ensure a successful implementation of SAP. |
Risks or Considerations: Major business processes changes underway or planned. Major multi-year project involving high level of resources (investment). Potential impact on key financial business processes and controls. EC Priority: Management Priority MAF Elements: Stewardship |
Q3Footnote16 2013-14 |
Q2 2015-16 |
100 | 70 | 40 | |||
| Management and Delivery of Procurement The objectives of this audit are to ensure that procurement is well managed complies with policies, the supporting processes are efficient and related controls are effective. |
Risks or Considerations: Procurement challenges raised consistently through RBAEP consultations, and previously at EMC. Significant spending through procurement (20% of EC’s budget). Significant changes underway or anticipated (service standards, e-requisition, new delegation). Corporate Priority: Management Priority MAF Elements: Stewardship |
Q3 2013-14Footnote17 |
Q2 2015-16 |
200 | 40 | ||||
| World Class Regulator The objectives of this project are to review the regulatory processes from an effectiveness and efficiency perspective, and against the standards and criteria established for a World Class Regulator. |
Risks or Considerations: World Class Regulator is a key initiative for EC. Regulation development integral to many programs. Initiative crosses many programs. Efficiency and delivery concerns raised through consultations. Client based request. EC Priority: Clean, Safe, Sustainable Environment MAF Elements: Policy & Program |
Q4 2013-14 |
Q4 2014-15 |
200 |
Projects Planned
| Initial Project Description and Objectives | Risks and Rationale | Start Date (Quarter and Year) | End Date (Quarter and Year) | Estimated Cost 2014-15 PD |
Estimated Cost 2014-15 $’000 |
Estimated Cost 2015-16 PD |
Estimated Cost 2015-16 $’000 |
Estimated Cost 2016-17 PD |
Estimated Cost 2016-17 $’000 |
|---|---|---|---|---|---|---|---|---|---|
| Vote Netted Revenue (VNR)Footnotea The objectives of this project are to review the management of the vote netted revenues. The initial scope will include all the financial aspects of VNR from setting the price for services, to collecting and recording the revenues. |
Risks or Considerations: Financial concerns raised through consultations. Increasing complexity and importance of VNR transactions. Link to external dependencies and collaborations. Related CESD concerns in past audits. EC Priority: Management Priority MAF Elements: Stewardship |
Q3 2014-15 |
Q3 2015-16 |
110 | 20 | ||||
| Staffing and Classification The objectives of this audit are to ensure that the staffing and classification functions are well managed; that they are executed in an efficient manner; and that proper internal controls are in place to ensure compliance with acts, regulations and policies. |
Risks or Considerations: Past PSC audit identified issues. New departmental service standards. Concerns raised by senior managers during consultations on associated workload expectations. MAF 2013-14 assessment identified that attention is required for staffing. Deferred to 2015-16 to accommodate HR work recently initiated in this area. EC Priority: Management Priority MAF Elements: People |
Q1 2015-16 |
Q1 2016-17 |
170 | 20 | ||||
| Governance Framework Review The objective of the project is to assess the adequacy of EC's corporate governance framework (structure, processes and information) necessary for coordinating activities and programs, and holding management to account for implementing strategic directions. |
Risks or Considerations: TB Policy on Internal Audit outlines the requirement for IA to assess the effectiveness of the governance process and for EAAC to provide advice and recommendations to the deputy head on the adequacy and functioning of the department’s governance framework and process. EC’s new Governance model came into effect on February 1, 2012. EC Priority: Management Priority MAF Elements:Governance & Strategic Directions |
Q2 2015-16 |
Q2 2016-17 |
120 | 25 | 60 | |||
| Integrated Planning/Operational Planning The objective of this project is to provide assurance on the processes and systems in place for operational planning, including how planning is integrated between branches and between enablers. |
Risks or Considerations: Integrated Planning is a PS Renewal priority. Past attempts at integrated planning had limited success. Outstanding CESD concerns on operational planning (e.g. pertaining to CESD Audit of Environmental Science). Integrated planning raised as an issue through RBAEP consultations. EC Priority:Management Priority MAF Elements: Governance & Strategic Directions |
Q1 2015-16 |
Q1 2016-17 |
175 | 15 | ||||
| Expenditure Management Framework The objectives of this audit are to determine the extent to which key processes and controls pertaining to expenditures comply with TB policies and EC requirements, and assess the effectiveness of the expenditure management control framework. |
Risks or Considerations: Review of core expenditure controls is a TBS requirement (e.g. FAA Section 33 & 34). Impact of SAP implementation and associated changing business processes. External reporting implications (e.g. financial statements, DPR). Various compliance requirements. EC Priority: Management Priority MAF Elements: Stewardship |
Q2 2015-16 |
Q2 2016-17 |
140 | 60 | ||||
| Management and/or Compliance of International Environmental Agreements The objective of this audit is to provide assurance on the management in compliance of a selected number of agreements (in the areas of greater risks). The project will also focus on the domestic implementation of the agreements and the results achieved. |
Risks or Considerations: Two previous CESD Audits on international environmental agreements conducted in 2004 and 2008. Potential ongoing issues, high volume of agreements. Similar concerns raised with regards to Aboriginal Land Claim Agreement. EC Priorities:Clean, Safe, Sustainable Environment MAF Elements: Policy & Program |
Q1 2015-16 |
Q1 2016-17 |
160 | 10 | ||||
| Emergency Management and Planning This project will assess EC’s framework, management and information pertaining to emergency and business continuity planning. |
Risks or Considerations: Revised Strategic Emergency Management Plan. Restructuring of the environmental emergencies program. Possible impact of Government Business Transformation Initiative. Business continuity planning raised through consultations. EC Priorities: All priorities MAF Elements: Policy & Program, Stewardship |
Q1 2015-16 |
Q2 2015-16 |
100 | 50 | 20 | |||
| Records Management including Implementation of GCDocs The implementation of GCDocs should allow the department to deal with longstanding records management issues. The objective of this audit is to assess the implementation of GCDocs and its effectiveness at improving records and information management. |
Risks or Considerations: Information management overall identified as a risk area in the past. Lack of comprehensive records management system. Far reaching and complex initiative. Concerns raised through consultations on GCDocs and E-mail Transformation. EC Priority: Management Priority MAF Elements: Stewardship |
Q1 2016-17 |
Q4 2016-17 |
140 | 25 | ||||
| HR Planning and Management The objective of this audit is to assess the overall effectiveness of the HR planning and management functions, including key controls and processes. The focus of the project is on examining how EC managers ensure adequate HR capacity and succession. |
Risks or Considerations: HR capacity identified in the CRP and through consultations. Issues related to succession planning. EC Priority: Management Priority MAF Elements: People |
Q1 2016-17 |
Q4 2016-17 |
160 | |||||
| Implementation of EC Science and Technology Strategy and PlansFootnotea The objective of this project is to assess how the Science Strategy developed in 2013-14 is used and operationalized at EC. |
Risks or Considerations: New Science and Technology (S&T) Strategy to be implemented in 2014-15. To be followed by an operational plan. Consultations confirmed both the importance and concerns related to Science Strategy and Program. A CESD audit had identified concerns about implantation plans for the previous Science Plan. EC Priorities: Clean, Safe, Sustainable Enviro. MAF Elements: Policy & Program |
Q2 2016-17 |
Q2 2017-18 |
150 | 40 | ||||
| Pay and BenefitsFootnotea The government of Canada is renewing its pay system. Although EC will not be user of the system, it will provide information to the system, which will require changes to EC business processes. The objectives of this project are to provide assurance that appropriate controls are in place in the new business processes. |
Risks or Considerations: New Government-wide compensation system and consolidation. Related concerns raised regarding data pertaining to HR management in the current system. Possible impact of pay consolidation on related business processes and authorities. EC Priority: Management Priority MAF Elements: Stewardship; People |
Q2 2016-17 |
Q2 2017-18 |
175 | |||||
| Real Property and Accommodation The objective of this audit is to assess the implementation of EC’s accommodation strategy, the effective rationalization of its properties and potential impact on departmental programs. |
Risks or Considerations: New accommodations strategy with anticipated high level savings. Potential significant impacts on program delivery. EC Priority: Management Priority MAF Elements: Stewardship |
Q1 2016-17 |
Q1 2017-18 |
170 | 20 | ||||
| TOTAL INTERNAL AUDIT PROJECTS ONLY | 1045 | $ 157 | 975 | $ 75 | 980 | $ 85 |
Other Related Activities
| Initial Project Description and Objectives | Risks and Rationale | Start Date (Quarter and Year) | End Date (Quarter and Year) | Estimated Cost 2014-15 PD |
Estimated Cost 2014-15 $’000 |
Estimated Cost 2015-16 PD |
Estimated Cost 2015-16 $’000 |
Estimated Cost 2016-17 PD |
Estimated Cost 2016-17 $’000 |
|---|---|---|---|---|---|---|---|---|---|
| Internal Audit Follow-up To periodically monitor the implementation of past recommendations and management action plans. |
Per TB Internal Audit Policy and Directive | Ongoing | 25 | 25 | 25 | ||||
| Quality Assurance To maintain the internal audit quality assurance system, and update audit tools and processes. |
To comply with professional standards. | Ongoing | 20 | 20 | 20 | ||||
| TOTAL INTERNAL AUDIT PLAN | 1090 | $ 157 | 1020 | $ 75 | 1025 | $ 85 |
Legend & Notes:
PD: Person-days
- There is one audit project from last year’s RBAEP planned for 2014-15 that was removed from the current plan. The previously planned audit of the Financial Management Framework was removed in part to reduce the audit burden on the Finance Branch (after the Branch assumed responsibility for Procurement in 2013-14),as well as considering the potential impact of the SAP implementation. This audit may be reconsidered at a later date.
- The previously planned audit of Species at Risk was also removed from the current plan, after consultation with senior management and consideration that a number of related audits were recently tabled by the CESD in 2013.
Page details
- Date modified: