Audit of business continuity planning, Environment and Climate Change Canada: Objective, scope and methodology

Objective

The objective of the audit was to determine whether ECCC had in place a departmental governance framework and processes for business continuity planning (BCP).

Scope

The audit focused on the BCP governance framework and processes that were in place on December 31, 2015. For the assessment of departmental BCP processes, the scope also included a risk-based sample of departmental business continuity plans as of that date.

The audit team expected to find a governance framework and BCP processes that aligned with the government’s BCP requirements (for example, TB’s Operational Security Standard – Business Continuity Planning Program [TB-OSS-BCP Program]).

Given the unique nature, complexities and risks, ECCC’s emergency operations centres and their related standard operating procedures and information technology (IT) continuity planning were excluded from the audit scope.

Methodology

The audit criteria (see Appendix A) were mainly developed using TB’s Policy on Government Security and TB‑OSS‑BCP Program.

The audit approach included the following:

a review of relevant documentation and systems, including policies, standards, frameworks and processes supporting the BCP program
interviews with senior management and business continuity plan coordinators and owners
a review of the compliance of the business impact analysis and business continuity plans for ECCC’s critical services and critical support services with the requirements outlined in the TB‑OSS‑BCP Program (see Table 1 for sample)

Table 1: Sample of ECCC critical services (CS) and critical support service (CSS) reviewed
CS or CSS	Service description	ECCC lead
CS	Weather and environmental forecasts	Meteorological Service of Canada (Canadian Meteorological Centre, Montreal [Quebec])
CS	National hydrometric monitoring	Meteorological Service of Canada (Canadian Centre for Inland Waters, Burlington [Ontario])
CS	Maintain national incident reporting and alerting systems	Environmental Protection Branch (National Environmental Emergencies Centre (NEEC), Montréal [Quebec])
CSS	Emergencies, operational analytical laboratories and research support, including scientific expertise and on‑site field support for environmental emergencies and technical support services	Science and Technology Branch and Environmental Protection Branch (for River Road location, Ottawa [Ontario])

As mentioned previously, the Audit of BCP was conducted concurrently with the OCG’s Horizontal Audit of BCP. The objectives of the OCG’s audit consisted in determining whether Government-wide and departmental governance frameworks for BCP and departmental BCP processes were in place.

Statement of conformance

The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Table of contents

Date modified:: 2018-12-06

Language selection

Search

Audit of business continuity planning, Environment and Climate Change Canada: Objective, scope and methodology

Objective

Scope

Methodology

Statement of conformance

Page details