Internal Audit Committee Annual Report - 2014-2015

Table of contents

Introduction

This Annual Report of the Internal Audit Committee (IAC) of the Public Service Commission (PSC) covers the period from April 2014 to March 2015. It follows the guidance provided by the Treasury Board Secretariat (TBS) in the Practice Guide: Departmental Audit Committees Annual Report and meets the reporting requirements for the IAC, as established in the Directive on Internal Auditing in the Government of Canada.

The report begins with some important context for the IAC’s interactions with the PSC during this period. It then provides a summary of key issues and observations, followed by highlights in each of the IAC’s key areas of responsibility. The report also includes a brief summary of the results of the IAC’s annual self-assessment and an annex with additional information about the membership and operations of the IAC.

Context

Fiscal year 2014-2015 was the second full year of operations for the IAC, following a complete turnover in external membership. It was also the first full year for a new Chief Audit and Evaluation Executive (CAEE).

The PSC continued to move forward during this period with its comprehensive effort to transform the way it does its business through better alignment of its policy and oversight functions. The end state will be an approach focused on helping departments more effectively manage their risks in the staffing process without imposing unnecessarily tight controls. This Enhanced Integration Project, which will require a strong and sustained effort over several years, was a major preoccupation for the organization in 2014-2015. 

The PSC also moved forward with preparations for implementation of Bill C-27. This Veterans Hiring Act (VHA), which is expected to come into force soon, will enhance hiring opportunities in the Public Service of Canada for certain serving and former members of the Canadian Armed Forces (CAF). The VHA required amendments to the Public Service Employment Act and preparations by the PSC to implement the new provisions for various categories of CAF personnel and veterans. This effort was another major preoccupation for the organization.

At the same time, the PSC had to continue implementing structural adjustments to achieve its ongoing spending reduction targets under the deficit reduction action plan and to adjust to changing demands for services by departments. Managing the related issues and risks required significant attention by senior management, particularly during the early part of this reporting period.

The PSC senior executive team stabilized during the year, following the period of significant turnover highlighted in the IAC’s last Annual Report. However, during the final months of this reporting period, and now extending to the summer, senior executives have been required to resume acting roles that they had assumed following the departure of the previous Senior Vice-President, so the new Senior Vice-President could serve as Acting President. In this context, the organization has rallied well to sustain the organization’s operations and continue its transformation agenda. The IAC will, of course, continue to monitor the situation and do everything it can to support the Acting President and the rest of the PSC senior executive team until the President returns.

Throughout this period, IAC members have been encouraged by the transparent and collaborative way the PSC has engaged the Committee. Senior managers have continued to make themselves available for special briefings and discussions with external members, which have proven to be extremely valuable in helping them understand the operating context in key areas. In addition, the President, and, in her absence the Acting President, have continued to seek the advice of external members on a number of issues and challenges not directly related to the formal mandate of the IAC.

Members have also been encouraged by the way the CAEE has established greater discipline around IAC processes and administration. During his first full year, he has taken effective steps to understand the perspectives of IAC members and address their issues in these areas. The processes around meetings and administrative support to the Committee are now running smoothly.    

One other relevant development during this period was that the President asked the Committee to provide advice on the evaluation function at the PSC. The IAC was pleased to accept this new role and, as outlined below, has taken initial steps to implement it.

Issues and observations

Based on the results of internal audits and its engagement with senior managers during this period, the IAC has a positive overall view about how the organization is managed and does not have any fundamental concerns or recommendations. While there remain, as highlighted in this report, some areas where continued work is required, external members believe the organization is generally on the right path with respect to risk management, control and governance.

In its previous annual report, the IAC identified three areas for special attention during 2014-2015: monitoring the PSC’s progress in implementing the Management Action Plan (MAP) in response to the Audit on Information Management, supporting the PSC’s efforts to develop a more mature approach to risk management and supporting the PSC’s efforts to ensure its controls were adapted to fit with the changing environment. As outlined below, the IAC engaged fully over the reporting period in all of these areas and believes significant progress has been made in each of them. 

Looking ahead, the IAC has also identified three areas for special attention during 2015-2016 supporting the PSC’s efforts to improve its Performance Management Framework (PMF), strengthen its approach to risk management, and further develop its Financial Management Framework (FMF). The reasons why these areas have been chosen for special attention are explained in the sections below.

Key areas of responsibility

1. Assessment of the internal audit function

The internal audit function has been significantly strengthened during this period, under the leadership of the CAEE who, having arrived at the PSC during the last quarter of 2013-2014, has now completed his first full year.

Although one of three planned audit engagements for 2014-2015 will not be completed until early 2015-2016, the two that were completed were well done and contributed to improved management practices. An ambitious core control audit and a timely audit on personal information were both delivered as expected and will strengthen the organization’s approaches in these two critically-important areas.

The core control audit is particularly noteworthy. This audit was recommended by the CAEE shortly after his arrival. It was supported by the IAC because it aligned well with the priority the Committee wished to place on ensuring the continued effectiveness of controls in light of significant changes the organization has made to meet targets under the deficit reduction action plan and adjust to changing demands for services. This audit provided members with a solid understanding of the effectiveness of controls in a number of key areas.

Another important development was that the Risk-Based Audit Plan for 2015-2016 to 2017-2018 was reviewed and recommended by the IAC and approved by the President before the start of this three-year period. The Committee believes this kind of discipline in the planning process, which had not been previously established, is important and commends the new CAEE for having established it in his first year.

Overall, the IAC is pleased with the way the audit function has been positioned this past year to deliver products that are more timely and useful for management and the IAC. The Committee is also satisfied that the audit function is maintaining an appropriate level of independence from management and has the audit capacity required to do its job. Although this capacity is limited to providing two or three full audits per year, this is appropriate for an organization of the PSC’s size, if the audit engagements are the most suitable ones. The IAC is now confident that the planning process will ensure the right engagements. 

In short, the IAC is now very comfortable with the way that the audit function is evolving and has no major concerns. 

2. Follow-up on Management Action Plans

In its previous annual report, the IAC identified the need to follow more closely the implementation of Management Action Plans (MAPs) in order to provide more timely inputs and advice. As a result, the IAC asked the CAEE to develop a more effective instrument to track progress and to report on this progress at each IAC meeting, rather than at every second meeting.

Progress in implementing all actions in MAPs is now discussed at each IAC meeting. To facilitate these discussions, the CAEE produced an improved tracking instrument which has subsequently been refined, based on inputs of IAC members. It includes the CAEE’s assessment of risks related to outstanding items in MAPs. As a result, the IAC now has a much clearer picture of the status of management’s implementation of MAPs and is able to provide informed advice.

Based on its monitoring over the past year, the IAC believes there is reasonable discipline in implementing the actions to which management has committed in MAPs. While there are sometimes delays on specific items as a result of unforeseen external or internal factors, these are now being explained to the IAC and it has an opportunity to provide its perspective and advice. 

One of the areas identified for special attention in 2014-2015 was monitoring progress in implementing the MAP in response to the Audit on Information Management. The IAC provided considerable advice on this particular MAP and believes that effective implementation, which will require cultural change, is essential. While significant delays in implementation have occurred, these are directly related to delays in the implementation of government-wide initiatives and therefore beyond the control of the PSC. The IAC will continue to monitor progress closely during the upcoming year.

3. Values and ethics

During this reporting period, the IAC again reviewed the PSC’s values and ethics program. The organization has a comprehensive program which is being implemented well.

At its last meeting of 2014-2015, the IAC reviewed a comprehensive progress report on implementation of the PSC’s Values and Ethics Action Plan which covered the period from 2012-2013 to 2014-2015.  The PSC is currently preparing an updated action plan for the next three years and has made it clear it will take into account the advice previously provided by the IAC. The Committee will be reviewing the updated plan early in the next reporting period.

The IAC also reviewed the results of the recent Public Service Employee Survey. While the results in most areas are encouraging, including a respectful workplace, the results for workplace discussion around values and ethics are less encouraging, especially given the PSC’s unique role. In this context, the IAC has encouraged the organization to strengthen its approach in this area, including through more emphasis on two-way communication, in its updated action plan.

4. Risk management

Another area the IAC identified for special attention in 2014-2015 was supporting the PSC’s efforts to strengthen its approach to risk management. In this context, the IAC reviewed the PSC’s Management Accountability Framework (MAF) results for risk management early in the year and the organization’s evolving Corporate Risk Profile (CRP) at two subsequent meetings.

The IAC is encouraged by the progress that is being made in this area. Senior management is fully engaged in efforts to strengthen its approach by identifying risks and impacts, at both the branch and corporate levels and by developing appropriate mitigation strategies. As a result, the CRP has continued to improve and is now being utilized more effectively in the PSC’s planning and reporting processes. The Committee commends these efforts. 

At the same time, as noted in the last IAC Annual Report, a sustained effort will be required over the longer term to implement a fully mature approach and culture around risk management. Supporting the PSC’s efforts to do this will remain a priority for the IAC in 2015-2016. The Committee will be particularly interested in continuing its discussions with management about how the current CRP could be strengthened by clearly defining and integrating certain key external risks.

5. Management control framework

The final area identified for special attention in 2014-2015 was supporting the PSC’s efforts to ensure its controls remain effective in the context of transformational changes and structural adjustments. The need to challenge and support the PSC in this area was a continuing focus for the IAC throughout this period. 

The core control audit provided an assessment of the design and effectiveness of controls in financial management, contracting, procurement, travel, hospitality and compensation. Given the broad focus of this audit, it took longer than anticipated to deliver and was reviewed by IAC at the end of the reporting period before management had completed the MAP. Nevertheless, while the audit identified some areas for improvement, it is clear from the audit that, overall, the PSC has effective controls in the areas tested. 

One important issue identified last year was the need for a formalized organizational FMF. Encouraged by both the IAC and TBS, the PSC delivered this FMF early in this reporting period. During its consideration of this framework, the IAC noted that it summarizes the policy requirements well, but does not yet explain how the PSC actually ensure that the right level of control is maintained. The IAC has therefore encouraged continued development of the FMF to include this aspect. The IAC believes that evolving the FMF in this direction will help make it more relevant and strengthen the PSC’s overall approach. Supporting the PSC in this area will be a priority for the IAC in the coming year.

6. External assurance providers

One audit with recommendations for the PSC, largely in its role as a central agency, was completed by the Office of the Auditor General (OAG) during this reporting period. The IAC was briefed on this Audit of Required Reporting by Federal Organizations just prior to the tabling of the audit in the House of Commons in April 2015.

This was the first audit with recommendations for the PSC conducted by the OAG since the turnover of external members and since the current CAEE arrived. In retrospect, the IAC did not engage on this audit as early as it should have to provide external perspective and advice as the PSC was developing its response. However, given its responsibility under the Directive on Internal Auditing in the Government of Canada to provide advice on audits by external assurance providers, the IAC will review PSC’s more detailed MAP for this audit early in 2015-2016.

While the PSC was not included within the scope, the IAC was also briefed on two horizontal audits conducted by the Office of the Comptroller General (OCG) during this period. For one of them, the Horizontal Audit of Financial Forecasting, the PSC did a self-assessment against the findings and presented it to the IAC. For the other, the Horizontal Internal Audit on the Protection of Personal Information, no self-assessment was done because the PSC conducted its own internal audit.

7. Financial statements and public accounts reporting

During this reporting period the IAC reviewed and provided comments on the PSC’s Quarterly Financial Statements and the PSC’s year-end submission for Public Accounts. Based on these reviews, the Committee is confident that the quality of the PSC’s financial statements remains high. 

An effort was made during the year, in response to a request from the IAC, to establish greater discipline in providing feedback to members on specific comments they make on financial reports. This discipline is now in place and will help strengthen the Committee’s understanding of reporting commitments and the value of its comments over time.

The only significant issue in this area for the IAC is that, for the second year in a row, the Committee did not have an opportunity to review the PSC’s Future-Oriented Statement of Operations, including Internal Controls over Financial Reporting before finalization. Since this is an obligation for the IAC under the Directive on Internal Audit in the Government of Canada, senior management has provided the Committee with assurances that it will be given a timely opportunity to engage during subsequent cycles.

8. Accountability reporting

During this reporting period, the IAC reviewed the PSC’s Annual Report, Report on Plans and Priorities (RPP) and the Departmental Performance Report (DPR). At the request of the President, the Committee provided substantive comments and advice on the RPP and the DPR. It also reviewed the PSC’s PMF and the monthly reports produced for senior management. In addition, external members met with key managers to discuss the PMF and the IAC Chair participated in a follow-on discussion with the PSC’s Executive Management Committee.

Based on its engagement with the PSC over the past two years, the IAC believes the PSC’s approach to results-based management should be strengthened. The Committee notes that the PSC’s approach in this area has remained essentially static for the last couple of years and has therefore encouraged the organization to again move forward.  

In the view of the IAC, the essential foundation needed to move forward is further development of the PMF. Beyond continuing to mature expected results, performance indicators and targets related to the performance of the PSC as a department, the Committee believes the PMF should also include more system-wide expected results, performance indicators and targets that align with the mandate of the PSC.   

The IAC is encouraged that senior management is committed to taking a fundamental look at what can be done to move forward in the current planning cycle. In this context, the Committee will monitor developments and assist in any way it can. Supporting the PSC’s efforts in this area will be another priority for the IAC in 2015-2016.

Evaluation function

During this reporting period, the IAC also began to respond to the President’s request for advice on issues related to the evaluation function at the PSC. This included providing advice on the evaluation components of the PSC’s first integrated Internal Audit and Evaluation Plan, the Student Employment Programs Evaluation and associated MAP and the framework for the forthcoming Second Language Testing Evaluation.

While the IAC is still in the early stages of implementing this new role, it is confident that it will be able to do so without any major difficulty, especially since the CAEE also serves as the Head of Evaluation at the PSC. Based on its early engagements, the Committee is also confident it will be able to provide value-added advice to President on evaluation issues.  

As the IAC enters its third year of operations, following the turnover of external members, one of its key objectives will be to continue to improve its understanding of the PSC and its operating environment. Continuing to implement its new advisory role for evaluation will provide the Committee with additional insight into the PSC’s operations and therefore represents one important way that greater understanding can be achieved. Moreover, members are already seeing synergies between their advisory roles for audit and evaluation and expect that these will increase over time and help maximize the quality of their advice in both areas.

Departmental Audit Committee self-assessment

In accordance with the Directive on Internal Auditing in the Government of Canada, the IAC conducted a self-assessment for 2014-2015, based on an adapted version of the tool developed by the OCG. This self-assessment is the second by the Committee, following the turnover of external members.

The results of the assessment were very positive. Members believe they have the necessary skills and expertise to fulfill their mandate and have been able to act with appropriate independence and objectivity. They feel that they are able to make the contributions they want during meetings and that differences of opinion, although rare, are resolved to their satisfaction. They also believe the line between the roles of the IAC and management is well understood and there is mutual respect on both sides.

The results of this self-assessment indicate the current approach is working well. The IAC is well supported by the PSC. It is now well established, with a solid team that works well together. In addition, members feel that the President and other senior managers value their contributions, which makes their engagement with the organization professionally satisfying.

Annex A: Membership and operations of the Internal Audit Committee

Membership

The Internal Audit Committee (IAC) is currently comprised of three external members, including the Committee Chair and one internal member, the President of the Public Service Commission (PSC). 

Members

  • Keith Coulter, External Member and Chair
  • James Lahey, External Member
  • Hélène Fortin, External Member
  • Anne-Marie Robinson, President of the PSC

Ex officio members

  • Omer Boudreau, Vice-President Corporate Management and Chief Financial Officer (CFO)
  • Greg Nesbitt, Chief Audit and Evaluation Executive (CAEE)
  • Phillip Morton, Director General, Finance and Administration (DGFA)

Overview of qualifications of members

External members have an appropriate diversity of skills, knowledge and experience. One is a former Deputy Minister who also has senior management experience in the Canadian Armed Forces and the private sector. Another is a former Associate Deputy Minister with a wealth of experience in public administration, including experience in the Privy Council Office, directly supporting implementation of the Clerk’s priorities on public service renewal. The third has extensive private sector experience in accounting, finance and governance, including service on several Boards of Directors and is a practicing Chartered Accountant with FCA, FCPA and ICD.D designations.

All members are free of conflict of interest with respect to their IAC responsibilities.

Attendance at Internal Audit Committee meetings

The three external members attended all four meetings of the IAC during this reporting period. The President of the PSC attended the first two meetings. As Acting President, the Senior Vice-President, Policy Branch, also served as the internal member for the other two meetings. 

The ex officio members, the CFO, CAEE and DGFA, attended all four meetings. Other Vice-Presidents also attended IAC meetings regularly to provide support and respond to questions.

Operations

The IAC’s mandate is set out in the IAC Charter. This Charter was reviewed and updated by the IAC during this reporting period.

In 2014-2015, the Committee met four times at the PSC’s new location in Gatineau. These meetings took place in June, September and December 2014 and in March 2015.

All IAC meetings were preceded by an in-camera lunch with only members present. Following these meetings, separate in-camera meetings were held with the CFO and CAEE and an additional in-camera meeting with members.

During this reporting period, the costs specific to IAC operations were $66,800, a slight decrease from the previous reporting period. Most of this amount ($64,900) was for direct compensation to external members in the form of payroll expenses. The remainder ($1,900) was for travel expenses for one member ($1,600) commuting from Montreal and hospitality expenses ($300).

To ensure the IAC addressed its responsibilities in a balanced way, a rolling forward agenda and work plan for the reporting period were developed by the Chair, with the assistance of the CAEE, and approved by members. These documents are reviewed at each IAC meeting. Agendas for these meetings were set two to three weeks in advance by the Chair, in consultation with the President and CAEE.

Following a teleconference consultation with external members, the Chair drafted this report with the CAEE, providing assistance as requested. A draft report was then circulated to the other external members for comment and a second draft was prepared. This second draft was reviewed by external members, and by the Acting President, the CFO and the CAEE.

Consistent with the requirements outlined in the Directive on Internal Auditing in the Government of Canada, the views expressed in this Annual Report are entirely and exclusively those of the independent external members.

Annex B: Internal Audit Committee annual activity 2014-2015

# Audit Committee Action
Item Description
Purpose/Action Frequency June
2014
Q1
September
2014
Q2
December
2014
Q3
March
2015
Q4
Secretarially 2014-15
Departmental Audit Committee Infrastructure
1 Departmental internal Audit Committee Charter (D6.5.1) IAC to review, Deputy Heads to reaffirm Annually         addressed
August 2014
2 Deputy Heads to offer to meet (i) Minister along with Audit Committee (P6.1.6) and (ii) and Commissioners Offer Annually addressed
Met with Commissioners
      addressed
September 2014
Invite to Minister
Internal Audit Oversight Responsibilities
3 Departmental internal audit charter/policy (D6.2.2.2d) Review and recommend for approval Annually     addressed    
4 Adequacy of internal audit resources (D6.2.2.2d) Advise Annually         addressed
February 2015
5 Risk-based internal audit plan (D6.2.2.2d) Review and recommend for approval Annually   addressed
Methodology
addressed
Planned audits
  addressed
February 2015
Final Approval
6 Performance of the internal audit function/Chief Audit Executive (D6.2.2.2d) Monitor/Assess Annually addressed        
7 Departmental internal audit reports and Management Action Plans to address internal audit recommendations (D6.2.2.2d) Review and recommend for approval Ongoing     addressed addressed addressed
July 2014
8 Audit engagements or tasks that do not result in a report to the Audit Committee (D6.2.2.2d) Receive for information Ongoing         addressed
August 2014
9 Update on progress against Risk-Based Audit Plan (D6.2.2.2d) Review Ongoing addressed addressed addressed addressed  
10 Follow-up reports on management actions taken on internal audit recommendations (D6.2.2.2f) Review Regularly addressed
addressed addressed addressed  
Other Responsibilities
11 Values and ethics (D6.2.2.2a) Review Annually       addressed  
12 Departmental Corporate Risk Profile  and risk management arrangements (D6.2.2.2.b) Review Annually addressed
MAF
addressed
CRP
  addressed
CRP
 
13 Financial management framework (D6.2.2.2c) Review Annually addressed     addressed
Core control audit
addressed
July 2014
14 Audit work undertaken by external assurance providers, including management responses and issues raised (D6.2.2.2e) Review and advise Deputy Heads Ongoing addressed addressed
OCG audits
addressed
OAG audits
addressed
OAG audits
 
15 Arrangements to monitor and follow-up on related management action plans responding to external assurance providers (D6.2.2.2f) Review Regularly addressed addressed
 
addressed addressed
 
 
16 Key financial management reports, including quarterly financial reports, financial statements and public accounts (D6.2.2.2.g) Review and advise Deputy Heads Ongoing   addressed     addressed
Q1
July 2014,
Q2
October 2014,
Q3
January 2015
17 Statement of Management Responsibility, including Internal Control over Financial Reporting (ICoFR) and related assessment plans and results on effectiveness of ICoFR (D6.2.2.2.g) Review and advise Deputy Heads Annually   addressed      
18 Report on Plans and Priorities, Departmental Performance Report and other significant accountability reports (D6.2.2.2.h) Review Annually addressed
MAF
  P/A
RPP
  addressed
DPR
July 2014
19 Copies of plans and reports prepared by the departmental evaluation function (D6.2.2.2.h) Review and recommend Ongoing   addressed
Student Employment Programs Evaluation
addressed
Second Language Testing Evaluation Framework
addressed
Annual Evaluation Plan
February 2015
 
20 CAEE’s annual overview report (D6.6.1) Receive Annually addressed        
Accountability Reporting
21 Departmental Audit Committee Annual Report (D6.6.1.2) Prepare and submit to Deputy Heads Annually addressed        
In Camera Meetings
22 In-camera with Chief Audit and Evaluation Executive, Chief Financial Officer and any representatives of external assurance providers, when attending (D6.5.4) Discussion Ongoing addressed
CAEE
CFO
addressed
CAEE
CFO
addressed
CAEE
CFO
addressed
CAEE
CFO
Comptroller General
 

Legend

P/A
partially addressed
addressed

Page details

Date modified: