Audit of business continuity planning, Environment and Climate Change Canada: Objective, scope and methodology

Objective

The objective of the audit was to determine whether ECCC had in place a departmental governance framework and processes for business continuity planning (BCP).

Scope

The audit focused on the BCP governance framework and processes that were in place on December 31, 2015. For the assessment of departmental BCP processes, the scope also included a risk-based sample of departmental business continuity plans as of that date.

The audit team expected to find a governance framework and BCP processes that aligned with the government’s BCP requirements (for example, TB’s Operational Security Standard – Business Continuity Planning Program [TB-OSS-BCP Program]).

Given the unique nature, complexities and risks, ECCC’s emergency operations centres and their related standard operating procedures and information technology (IT) continuity planning were excluded from the audit scope.

Methodology

The audit criteria (see Appendix A) were mainly developed using TB’s Policy on Government Security and TB‑OSS‑BCP Program.

The audit approach included the following:

  • a review of relevant documentation and systems, including policies, standards, frameworks and processes supporting the BCP program
  • interviews with senior management and business continuity plan coordinators and owners
  • a review of the compliance of the business impact analysis and business continuity plans for ECCC’s critical services and critical support services with the requirements outlined in the TB‑OSS‑BCP Program (see Table 1 for sample)
Table 1: Sample of ECCC critical services (CS) and critical support service (CSS) reviewed
CS or CSS Service description ECCC lead
CS Weather and environmental forecasts Meteorological Service of Canada (Canadian Meteorological Centre, Montreal [Quebec])
CS National hydrometric monitoring Meteorological Service of Canada (Canadian Centre for Inland Waters, Burlington [Ontario])
CS Maintain national incident reporting and alerting systems Environmental Protection Branch (National Environmental Emergencies Centre (NEEC), Montréal [Quebec])
CSS Emergencies, operational analytical laboratories and research support, including scientific expertise and on‑site field support for environmental emergencies and technical support services Science and Technology Branch and Environmental Protection Branch (for River Road location, Ottawa [Ontario])

As mentioned previously, the Audit of BCP was conducted concurrently with the OCG’s Horizontal Audit of BCP. The objectives of the OCG’s audit consisted in determining whether Government-wide and departmental governance frameworks for BCP and departmental BCP processes were in place.

Statement of conformance

The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: