Annual Audit Committee Report to the Clerk of the Privy Council 2016-2017

Memorandum to the Clerk

I am pleased to present the Annual Report of the Privy Council Office Audit Committee, my first as the new Chair, on behalf of all of the Committee members. I want to thank you personally in giving me the opportunity to be the Chair of this Committee that performs, in my view, a valuable role in helping PCO manage the risks it faces.

We decided to use the flexibility with respect to annual reporting offered in the new Treasury Board Internal Audit Policy in drafting the Report. You will find that the main body of the Report is short with a focus on providing you with the highlights of what was accomplished last year and what we plan to focus on in the next year. It is our view that the past year was a very productive one and we look forward to being helpful in providing advice to you in our areas of responsibility in the future.

In this context, in addition to the two ongoing priorities, security risk and the production of high quality assurance and review products, it is our view that a third priority - a fresh look at risk and risk management, both in the way PCO assesses risks and does risk management and the way the Committee engages on these issues - would be helpful in further enhancing the Committee’s contribution.

We take this opportunity to thank those, without whose considerable support, the Committee could not have been successful over the past year. This includes Kami Ramcharan, Jim Hamer, the internal audit staff and all other PCO staff that appeared before the Committee.

The Committee looks forward to discussing this Report with you.

Munir A. Sheikh

Chair, PCO Audit Committee

Review of 2016-17 and Priorities for 2017-18

Introduction

This report provides a review of the Audit Committee’s work for 2016-17 and proposes priorities for 2017-18. Annexes include:

A note entitled: A review of Risk and Risk Management (Annex A);
Key areas of the Committee responsibility (Annex B); and the
PCO Audit Committee 2017-18 Annual Plan (Annex C).

A. Review of 2016-17

The PCO Audit Committee met with the Clerk on August 12, 2016 to discuss its Draft 2015-16 Annual Report and to finalize its priorities for 2016-17. Progress against these priorities is discussed below.

Priority 1: Ensure the continued effectiveness of the Committee while managing the current succession of internal membership and forthcoming succession of external membership

It is the Committee’s view, supported by the information provided in this Report, that we were effective. We were able to meet all the priorities during a period of significant transition of both internal and external membership.

The new internal committee members at the start of the year included Serge Dupont, the new Deputy Clerk, Matthew Mendelsohn, the second internal member, and Kami Ramcharan, the new Chief Financial Officer. Serge Dupont, who left the committee, played a huge role in the deliberations of the Committee, given his understanding and knowledge of your needs as the Clerk and the operations of PCO as a department. We welcome Andrea Lyon to the Committee as the new internal member and look forward to working with her as effectively as with Serge.

The period also saw considerable change in external membership with the replacement of two members, including the Chair. As the first external chair, Larry Murray played a highly effective leadership role in shaping the functions and operations of the Committee and developed its positive relationship with PCO management over the past eight years. Keith Coulter, another external member, who played an invaluable role with his experience and his incisive commentary on issues brought to the Committee, completed his terms and has been replaced by Meena Roberts. Meena brings a wealth of experience and knowledge to the Committee. We are fortunate to have Mary Ritchie on the Committee as a continuing member, which will be immensely helpful in providing institutional memory and transitional support to the Committee over the next two years.

In addition, Jim Hamer, the Chief Audit Executive departed and was replaced by Anne Weldon-Lacroix. The internal audit division’s work over the past year, as summarized below, is indicative of Jim’s contribution. Anne comes to us from Global Affairs Canada, with a wealth of experience in audit.

Now that these changes have all taken place, we are confident that the Committee will continue to perform well and give you the best advice.

Priority 2: Maintain the emphasis on the production of highly focused assurance and review products in areas of highest risk and significance, and on the implementation of management action plans.

The Committee was satisfied both with the “production of highly focused assurance and review products in the areas of highest risk and significance" and with "the implementation of management action plans." The Committee, however, felt that there were opportunities for improvement in the future, particularly as it reviews risk and risk management (Annex A).

Identification of areas of highest risk: The Committee was satisfied with the process that identified audit issues to be taken up in the development of the Risk-Based Audit Plan, prepared by the Chief Audit Executive (CAE). A particularly useful feature of the identification of areas of highest risk is information brought to the Committee by individual Deputy Secretaries.

An issue for the Committee, which is part of the priorities for next year as discussed below, is whether opportunities exist to strengthen this process (Annex A).

Assurance and other products completed in 2016-17: This was another productive year for the Committee as five substantive products of high quality were completed and approved by the Clerk.

These products included: “The Audit of the Management and Use of Acquisition Cards”; “The Performance Measurement Strategy for PCO’s Central Innovation Hub”; “The Risk Assessment of PCO’s Personal Information Holdings”; “The Review of PCO’s Performance Management Framework for Employees”; and “The Audit of PCO’s Accounts Payable Function.”

Implementation of Management Action Plans (MAPs): There was significant progress in implementing MAPs during the year. Management’s ongoing efforts to fully implement their MAPs is an indicator of the value added that the internal audit function brings to PCO. The Committee, however, felt that improvements could be made in getting better information on the significance of delays in the implementation of MAPs^{Footnote 1} and on the residual risks associated with these delays.

Priority 3: Sustain the Committee’s focus on the management of security risks

As an indication of the importance attached to this priority, the Committee received updates on security-related matters at each of its quarterly meetings^{Footnote 2} and provided its input and advice.

The Committee was pleased with the work that has taken place at PCO in dealing with security risks. By their very nature, the issues are complex and there are many uncertainties. A constant vigil is required and, for that reason, the Committee has, and will continue to, attach a high degree of importance to be briefed on these issues and provide advice for improvements.

Priority 4: Provide support and advice to help PCO meet the requirements of the new Treasury Board “Policy on Results.”

The Treasury Board unveiled its new “Policy on Results,” which took effect on July 1, 2016 and gives departments until November 1, 2017 to implement it. The policy replaces a number of older policies and streamlines reporting results. PCO has started work to meet the requirements of the Policy and has briefed the Committee on the progress made to-date.

The Committee’s objective was to provide support and advice to help PCO meet the requirements of the new Policy on Results. It is the Committee’s view that PCO is making progress on this front but significant work remains, given the challenges associated both with quantifying results and linking those results back to PCO priorities.^{Footnote 3}

The Committee believes that more could be done to strengthen PCO’s approach to results based management and will continue to encourage and support these efforts.

The Committee will continue to monitor progress in this important area in 2017-18 and offer its advice both on the direction being proposed and implementation of changes.

Priority 5: Continue to support PCO’s efforts to strengthen its approach to risk management.

Over the past year the Committee dealt with a number of topics that indicate its commitment to continuously support PCO’s focus to strengthen the way it manages risks.

The Committee’s advice is based on a number of activities: its detailed discussion of the drafts of the Enterprise Risk Profile (ERP) and its contribution in improving it; the assurance work of the internal audit staff; an ongoing review of the implementation of MAPs; the review of financial statements and public accounts reporting; the Committee’s regular discussions with Deputy Secretaries; and, briefings by PCO staff.

Overall Opinion with Respect to Priorities:

The Committee is pleased with:

PCO’s efforts in understanding and managing the variety of risks it faces;
Its own contribution in helping PCO make progress in this regard; and,
The quantity and quality of the work undertaken by the Internal Audit and Evaluation Division.
Having stated this, the Committee is of the view that there is potential for enhancing the degree of rigour in examining risk and risk management issues that should improve the quality of outcomes in these critical areas. This matter is discussed in Annex A.

B. Priorities for 2017-18

The Committee’s role is to give you advice. In this context, our proposed priorities for the current year are the following:

Priorities

The production of highly focused assurance and review products in areas of highest risk and significance, and on the implementation of management action plans;
To engage and provide advice on the management of security risks; and
To support PCO's development of a risk management framework that would enhance the rigour attached to risk and risk management issues (see Annex A).

Annex A - Note: A Review of Risk and Risk-Management

Record of Decision: Audit Committee Meeting June 9, 2017

The Committee agreed with the conclusion in this note that this is an opportune time to review the practice of risk management and study the need for developing a risk management framework in view of its importance for both the organization and the Committee’s work.

To that effect, the Committee agreed that the next step is for the CFO to review the existing integrated risk management framework and determine how it can be adapted to take into account the issues raised in this paper. The review by the CFO will be discussed at the September Committee meeting.

The document “Charter for the Privy Council Office Audit Committee” describes the Committee’s role as follows:

“The Committee provides objective advice and recommendations to the Clerk regarding the sufficiency, quality and results of internal audit engagements related to the adequacy and functioning of PCO’s risk management, control and governance frameworks and processes. To do this, the Committee uses a risk-based approach to review and provide advice on the core area…”

The document lists eight areas of responsibility for the Committee’s work that are sourced directly from the Treasury Board Policy Suite on Internal Audit:

Values and Ethics
Risk Management
Management Control Framework
Internal Audit
External Assurance Providers
Follow-Up on Management Action Plans
Financial Statements, Public Accounts Reporting
Accountability Reporting

Accountability Reporting

In the context of this importance of a risk-based approach and risk management to the Committee’s work, this note was prepared for the June meeting and asks whether there could be benefits to bringing more rigour to the various aspects of risk and risk management as they are dealt with at PCO and brought to the Committee.

Analysis

Definitions: The Treasury Board defines risk management broadly as: “Risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, making decisions on and communicating risk issues.” It would be useful to have greater clarity on how this definition applies to the eight areas of responsibility for the Committee’s work. Risk management is listed as a separate item 2 under the eight categories above. At the same time, it would seem that items 3-8 in the eight areas of responsibility listed above are all components of how risk is managed in item 2. That leaves the first item “Values and Ethics” as stand-alone: it could be an area of risk or not depending on the subject matter it covers.
Common view on risk: At the present time, there are a number of sources of information on risk, which include the Departmental Plan, consultants’ views, ERP, Deputy Secretaries’ views of the risks they face, and the risk profile underlying the Risk-based Audit Plan (RBAP), which is put together by the CAE based on his extensive consultations with PCO staff. While there are similarities across various lists of risks, there are also significant differences.
Framework: On the framework to manage risk, the Treasury Board does not suggest one: it asks a question whether the department has one (p.20 of its Guidebook for a Departmental Audit Committee).

Key Questions

The most important question that arises is whether there may be value in the development of an explicit “risk framework” by PCO (a review of the risk management references in PCO’s Management Control Framework document may be of value to addressing this question). Further thought and discussion on this may be helpful in light of the following questions that arise from the above analysis, which a framework may be able to deal with:

Given the new flexibility given to audit committees, but ensuring that all requirements laid out by the Office of the Comptroller General are met, should the risk-related work that comes to the Committee be arranged, to be clear and more rigorous, under the headings of: the risks that PCO faces; and, how they are managed? This question arises in the context of enhancing clarity to the Committee’s eight areas of responsibility to help bring more rigour to the Committee’s work.
With this arrangement, what are the key risk-related areas that fall under risk and those that fall under how risk is managed?
How important is it to have a unified assessment of risks within PCO?
Does this framework suggest we have an appropriate balance of work under the two headings to capture the most important issues PCO faces?
Are there gaps in what is the work done in the two areas and/or relative overemphasis in one of these areas? As an example, is there enough precision in evaluating how much risk has changed after steps have been taken to manage it?
How does PCO manage risk when it occurs at short notice? And what is the Committee’s role in such situations?

What is the right balance between doing an internal audit and undertaking a review of optimal strategies to manage risk? Is there any place in this possible set-up to use short/quick reviews as different from comprehensive reviews, as an example of dealing with issues that are important but emerge without notice and require a quick response?

What is the right balance in audits between auditing processes and outcomes in better understanding the nature of risk being faced?

The note does not deal with, nor does it envisage, a change in the evaluations that are done in PCO and brought to the Committee.

Conclusion

There has been a fairly large turnover in the Audit Committee. Given that risk management is at the core of what the Committee does, it is an opportune time to review it. This should help the Committee to be better informed and more rigorous in the way it considers risks and provides advice to management. The analysis asks whether there is merit in PCO developing a risk management framework that could help answer a number of question that are summarized above, which would be entirely consistent with Treasury Board direction.

Annex B - Key Areas of Responsibility

During 2016-17, the Committee held four meetings to fulfill its oversight requirements. It examined issues related to all of the following eight areas of its responsibility as listed in the TB Directive on Internal Audit and the PCO Audit Committee Charter:

Values and Ethics
Risk Management
Management Control Framework
Internal Audit
External Assurance Providers
Follow-Up on Management Action Plans
Financial Statements, Public Accounts Reporting
Accountability Reporting

1. Values and Ethics

The Committee is satisfied that PCO has a robust approach to values and ethics with both managers and staff appropriately engaged.

At the September meeting, the PCO Champion for Values and Ethics and the Senior Officer for Disclosure briefed the Committee on the PCO Climate Study on Values and Ethics and noted that, although the response rate to the Climate Study was low, the qualitative results were meaningful. The Committee commended PCO for the Climate Study initiative and the way it has integrated the recommendations from this initiative into its current Values and Ethics Action Plan.

The March 2017 meeting discussed a number of items related to values and ethics. First, Destination 2020 highlighted a number of innovative programs to promote mental health and work/life balance. The Committee acknowledged the good work being done but suggested that additional focus could be brought to emerging workplace challenges and how they could be addressed. The Committee also suggested exploring ways of expanding and strengthening mentorship programs.

Second, the Committee accepted both the Audit of the Performance Management Framework (PMF) for Employees and its Management Action Plan (MAP) but suggested a number of improvements related to clarifying the roles between the Human Resources Advisory Committee and the PCO Review Panel.

Third, an update was provided to the Committee on the Terms of Reference for the Self-Assessment of PCO’s Staffing Activities. The Committee was pleased with the work done and made suggestions for further improvements, particularly in regards to the degree to which the PCO Staffing Policy was consistent with the new PSC Framework.

2. Risk Management

Since risk management was one of the Committee’s priorities for 2016-17, this core area of the Committee’s responsibility is described in the main body of the report and in Annex A.

3. Management Control Framework

The Committee assesses that the PCO Management Control Framework (MCF) remains effective and that internal controls are continuing to be improved and strengthened.

PCO has, over the past year, implemented a new ICFR (Internal Controls over Financial Reporting) Framework, which includes an updated version of the PCO’s Management Control Framework as an annex.

In September 2016, the Committee discussed the Statement of Management Responsibility over ICFR. It is the Committee’s recommendation that the MCF reflects both formal and informal PCO controls. The CAE recommended and the Committee agreed that, since MCF was stable, its discussion in the future should be scheduled on an as-required basis and PCO work would be followed secretarially.

In March 2017, there was a discussion of “2016-2017 Monitoring Results” deck on key controls that outlined high risk business processes, the ratings applied to those processes (Effective vs Area for Improvement), a summary of the monitoring results, recommendations for improvement, and a status on remedial actions. Key processes included resource allocation, vendor accounts, budget review, financial delegations, capital assets, departmental liabilities, accounts receivable and travel expenses. Of seven key processes monitored over the last two years, five have warranted some minor remedial actions while two were deemed “Effective.”

In addition to the progress related to internal controls noted above, the Committee assessment has also been informed by the Committee’s ongoing review of Financial Statements and Public Accountability documents and by numerous briefings and discussions with PCO staff and senior management.

The Committee will also receive regular updates on progress implementing the MAP for the Audit of Internal Controls over Financial Reporting (ICFR) and continue its longstanding practice of including an in-camera session with the CFO, and separately with the CAE, during every Committee meeting.

Notwithstanding the many recent changes in senior PCO personnel, the Committee continues to have confidence that the overall governance structure of the organization remains robust as part of the management’s focus to control and manage risk. In this context, the Committee has continued to have extensive dialogue with many PCO personnel ranging from Deputy Secretaries to other levels of staff. These discussions on a variety of subjects throughout the year, coupled with the results achieved in assurance and review work, provide the Committee with confidence in its overall positive view.

4. Internal Audit Function

The Committee is satisfied with the performance of the internal audit function over the past year, which faced significant turnover in its staff.

The number, variety and the quality of assurance products were maintained at a reasonable level. Extensive consultations with senior management, the Committee members and other stakeholders, including the CAE of Shared Services Canada and other potential partner departments, is now a standard feature of the annual audit planning process and the development of the Risk-Based Audit Plan. Post-audit feedback remained generally positive.

Internal Audit staff fully supported the PCO effort to contribute to increased transparency and more open government by improving coordination processes to facilitate more efficient preparation and posting of an increasing number of assurance products online. The PCO Internal Audit Performance Measurement Framework continues to be refined this year and is becoming a more useful monitoring tool for the staff, senior management and the Committee.

5. External Assurance Providers

A regular feature of the Committee’s work on this topic is the discussion of the Machinery of Government’s quarterly update on external audits. At the June meeting, the Committee discussed the audits in the External Assurance Providers (EAP) Report, which was tabled by the CAE with the Clerk. At the December meeting, the Committee was briefed on the new approach to the Governor in Council (GIC) appointments process and the recent Office of the Auditor General Audit of PCO’s GIC Appointment Process in Administrative Tribunals.

An ongoing issue for the Committee at most of its meetings over the past year has been that PCO lacked a reliable mechanism to ensure external audits, which involve PCO as a department (as opposed to PCO as a Central Agency), are brought to it for information and consideration. At the September meeting, the Committee asked PCO to revisit the current arrangements with a view to establishing better mechanisms to ensure it is informed on EAP audits and corresponding MAPs. As a follow-up, three improvements have resulted: first, the CAE tabled an “Audit Projects by External Assurance Providers” report showing all EAP projects so that the Committee has an opportunity to engage on those that are relevant to its mandate. The Committee will use this report to stay informed on EAP projects and request information/presentations as necessary. Second, the Assistant Secretary to the Cabinet, Machinery of Government (MoG), discussed arrangements to improve the flow of information to the Committee. Third, the CFO agreed to liaise with MoG to ensure these information flows are efficient.

It is the Committee’s view that it should not only be informed about external audits but also be informed in a more timely way so that the Committee has an opportunity to provide its advice at the right moment (as required under the IA Policy, both old and new). We have confidence in the new arrangements but will be closely monitoring implementation.

6. Follow-up on Management Action Plans

The Committee reviewed the status of implementation of MAPs, based on self- assessments by management, during each of its four meetings.

At the start of the 2016-17, eight trackable actions relating to three PCO audits were in progress. Another 11 new actions were added during the year in response to two audits that were approved by the Clerk in 2016-17, including seven in the MAP for the Audit of IT Management and four in the MAP for the Audit of the Management and Use of Acquisition Cards. This brought the total to 19 actions being tracked in relation to five PCO audits during the fiscal year. Of these 19 actions, six achieved full implementation status during the year, leaving 13 actions at various stages of implementation in relation to five PCO audits at year-end. Management’s ongoing efforts to fully implement their MAPs is an indicator of the value added that the internal audit function brings to PCO.

Based on the progress achieved in implementing MAPs during the year, the Committee assesses that they appear to be implemented in a reasonable manner. However, in order to assess the extent to which audit recommendations and the associated MAPs are achieving the intended results, the Committee will, over the upcoming year, consider whether to recommend another review of the implementation of MAPs similar to the one conducted in 2014-15.

The Committee will continue to track MAP implementation going forward. In addition the Committee will examine the extent of residual risk attached to those MAPs that are not implemented on time.

7. Financial Statements, Public Accounts Reporting

The Committee reviews the Quarterly Financial Statements and the annual Future-Oriented Statement of Operations and remains satisfied with the quality and discipline of financial reporting. The Committee is particularly pleased with the positive impact that the Audit of ICFR is having on further improving related processes in this important area.

8. Accountability and Reporting

The Committee reviewed and provided input on the 2015-16 Departmental Performance Report and on the 2017-18 Departmental Plan (previously known as the Report on Plans and Priorities). While the Committee is satisfied with the progress being made in maturing the narrative of these documents, progress remains slow with respect to performance measurement. The Committee is hopeful that the new Treasury Board Policy on Results, which places a higher priority on performance information, will lead to improvements in this area.

The comprehensive feedback to Committee input on these various documents by involved PCO staff is appreciated and makes the effort seem particularly worthwhile.

Annex C - PCO Audit Committee 2017-18 Annual Plan

The key areas of responsibility that shall be addressed by the Committee during the 2017-2018 fiscal year are listed below. The particular emphasis and priorities for the Committee will be adjusted as necessary in consultation with the Clerk and in consideration of the departmental mandate, objectives and priorities, as well as the corresponding risks affecting PCO and the government. It should be noted that ‘review’ actions may be accomplished in several ways, including: the review of documents (during meetings or secretarially); receiving presentations by subject matter experts; and discussions with PCO officials.

No.	Action Item Description.^{Footnote 4}		Timing
No.	Action Item Description.^{Footnote 4}		June 2017	Sept/Oct 2017	Dec 2017/Jan 2018	Mar/Apr 2018
Audit Committee Infrastructure
1	Audit Committee Charter Review the Audit Committee Charter and as necessary seek reaffirmation by the Clerk.
2	Audit Committee Meeting Annual Plan The Chair, in consultation with the other Committee members, will prepare a plan for recommendation to the Clerk to ensure that the Committee’s annual and ongoing responsibilities are scheduled and fully addressed.
Audit Committee Responsibilities
3	Values and Ethics Review and provide advice on PCO’s systems and practices established to monitor compliance with laws, regulations, policies and standards of ethical conduct and identify and deal with any legal or ethical violations.
4	Risk Management Review and provide advice on PCO’s risk management arrangements, including the department’s risk profile.
5	Management Control Framework Review and provide advice on PCO’s internal control arrangements, and be informed of significant issues relevant to the Committee’s mandate and relating to the effectiveness of those arrangements that may arise from work performed by others who provide assurances to senior management and the Clerk.
6a	Departmental Internal Audit Charter Review PCO’s Internal Audit Charter and recommend for reaffirmation by the Clerk, as necessary.
6b	Adequacy of Internal Audit Resources Provide advice to the Clerk on the sufficiency of resources of the internal audit function. This action will be linked to discussion of the AC Annual Report (item 11) and the CAE Annual Report (item 6g).
6c	Risk-Based Internal Audit Plan Review and recommend for approval the multi-year risk-based internal audit plan.
6d	Performance of the Internal Audit Function/CAE Monitor and assess the performance of the internal audit function; and Provide advice to the Clerk on the performance of the Chief Audit Executive.
6e	Internal Audit Reports & Management Action Plans Review and recommend for approval internal audit reports and corresponding management action plans to address recommendations.
6f	Progress Against Risk-Based Internal Audit Plan Review regular reports on progress against the risk-based internal audit plan.
6g	Annual Report from the CAE Review the annual report prepared by the Chief Audit Executive.
7	External Assurance Providers Be informed by the quarterly PCO report to the Clerk, and after requesting and receiving presentations and/or detailed information from line management on discrete audit projects, advise the Clerk, as appropriate, on: All audit work relating to the department to be undertaken by external assurance providers, including management's response; and Audit-related issues and priorities raised by external assurance providers.
8	Follow-up on Management Action Plans Review semi-annual reports on the progress implementing approved management action plans resulting from both prior internal audit recommendations as well as management action plans resulting from the work of external assurance providers, including reviewing and concurring with management requests for extensions to planned MAP completion dates as well as the Chief Audit Executive’s assessment of residual risk on a recommendation by recommendation basis as these MAPs are being implemented.
9a	Financial Statements and Public Accounts Reporting Review and provide advice to the Clerk on the key financial management reports and disclosures of the department, including quarterly financial reports, annual financial statements and Public Accounts. This activity will normally be performed secretarially.
9a		As required
9b	Review the annual Statement of Management Responsibility Including Internal Control over Financial Reporting and provide advice to the Clerk on the risk-based assessment plans and associated results related to the effectiveness of the departmental system of Internal Control over Financial Reporting.
10	PCO Accountability Reporting Receive and review copies of PCO’s Departmental Results Report (formerly the Departmental Performance Report - DPR), the Departmental Plan (formerly the Report on Plans and Priorities – RPP), and any other significant accountability reports. The Committee may also receive information copies of plans and reports prepared by the departmental evaluation function. This activity will normally be performed secretarially
10		As required
Accountability Reporting by the Committee
11	Audit Committee Annual Report to the Clerk The independent external members of the Committee will prepare and submit an annual report to the Clerk. The Clerk will be fully briefed in advance of the finalization of the Annual Report of the Committee
Other
12	In-Camera Sessions The Committee will meet individually in camera at each of its in-person meetings with PCO’s Chief Financial Officer and Chief Audit Executive, and any other officials the Committee may determine.
13	External Practice Inspection As applicable, the Committee will review regular reports on the progress implementing the CAE’s action plan resulting from recommendations from the 2013 External Practice Inspection.

Endnotes:

Footnote 1

During the year, there were 19 actions being tracked in relation to five PCO audits. Of these, six achieved full implementation status during the year, leaving 13 actions at various stages of implementation. The Committee will continue to track MAP implementation in this way going forward.

Return to footnote1 Referrer

Footnote 2

The following topics were covered: physical and personnel security; IT and IT-related security matters; PCO self-assessment against Communications Security Establishment Canada’s “Top 10 IT Security Actions to Protect the Government of Canada Internet-Connected Networks and Information;” business continuity plans; security-related issues in relation to the move to e-binders for Cabinet; and the protection of Cabinet confidences including the development of protocols to handle them. In addition, the Committee was briefed: on the “Security Operations Annual Report;” and, by the Deputy National Security Advisor and the Director of Security Operations.

Return to footnote2 Referrer

Footnote 3

Mr. M. Mendelsohn briefed the Committee on the work of the Results and Delivery Unit (RDU) noting that what they are trying to do is ambitious, and that data shortage is a key risk in the achievement of desired results. He described an evolving framework being put in place government-wide to promote the achievement of results. The Committee was interested in knowing how the achievement of efficiencies fits into this framework. In response, Mr. Mendelsohn explained that the current focus was effectiveness and that added work would be necessary to factor efficiency more explicitly in the framework.

Return to footnote3 Referrer

Footnote 4

This 2017-2018 AC work plan corresponds with the new 2017 TB Policy Suite on Internal Audit. Since the new Policy Suite contains significantly less detail than the previous Policy Suite about how an Audit Committee might plan its activities relative to its eight (8) areas of responsibility, this 2017-2018 work plan maintains many of the more detailed line items that have been used to plan the Audit Committee’s activities in the past few years.

Return to footnote4 Referrer

Report a problem or mistake on this page

Please select all that apply:

A link, button or video is not working

It has a spelling mistake

Information is missing

Information is outdated or wrong

I can't find what I'm looking for

Other issue not in this list

Date modified:: 2018-03-01

Language selection

Search