Audit of business continuity planning, Environment and Climate Change Canada: Objective, scope and methodology

Objective

The objective of the audit was to determine whether ECCC had in place a departmental governance framework and processes for business continuity planning (BCP).

Scope

The audit focused on the BCP governance framework and processes that were in place on December 31, 2015. For the assessment of departmental BCP processes, the scope also included a risk-based sample of departmental business continuity plans as of that date.

The audit team expected to find a governance framework and BCP processes that aligned with the government’s BCP requirements (for example, TB’s Operational Security Standard – Business Continuity Planning Program [TB-OSS-BCP Program]).

Given the unique nature, complexities and risks, ECCC’s emergency operations centres and their related standard operating procedures and information technology (IT) continuity planning were excluded from the audit scope.

Methodology

The audit criteria (see Appendix A) were mainly developed using TB’s Policy on Government Security and TB‑OSS‑BCP Program.

The audit approach included the following:

Table 1: Sample of ECCC critical services (CS) and critical support service (CSS) reviewed
CS or CSS Service description ECCC lead
CS Weather and environmental forecasts Meteorological Service of Canada (Canadian Meteorological Centre, Montreal [Quebec])
CS National hydrometric monitoring Meteorological Service of Canada (Canadian Centre for Inland Waters, Burlington [Ontario])
CS Maintain national incident reporting and alerting systems Environmental Protection Branch (National Environmental Emergencies Centre (NEEC), Montréal [Quebec])
CSS Emergencies, operational analytical laboratories and research support, including scientific expertise and on‑site field support for environmental emergencies and technical support services Science and Technology Branch and Environmental Protection Branch (for River Road location, Ottawa [Ontario])

As mentioned previously, the Audit of BCP was conducted concurrently with the OCG’s Horizontal Audit of BCP. The objectives of the OCG’s audit consisted in determining whether Government-wide and departmental governance frameworks for BCP and departmental BCP processes were in place.

Statement of conformance

The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

Page details

Date modified: