Internal Audit Committee Annual Report – 2016-2017
Table of contents
- Summary of the Internal Audit Committee’s work
- Assessment of the Public Service Commission
- Assessment of the Internal Audit and Evaluation functions
- Results of annual self-assessment
- Proposed priorities
This annual report of the external members of the Internal Audit Committee (IAC) of the Public Service Commission (PSC) covers the period from April 2016 to March 2017. It includes contextual information, a summary of our work, our assessment of the PSC and its internal audit and evaluation functions, the results of our annual self-assessment and our proposed priorities for the upcoming year.
Unlike the previous Treasury Board (TB) policy suite on internal audit, the new policy suite that took effect on 1 April 2017 does not include a mandatory requirement for us to submit an annual report to the President. Nevertheless, we believe that an annual report based on our independent views is still worthwhile because:
- This report serves as the foundation for an important annual strategic-level discussion with the President and the other Commissioners of the PSC.
- This report helps us communicate our views to the members of the PSC’s Executive Management Committee in a way that facilitates an annual exchange of views about our role and our interactions with them.
- The process of producing this report helps ensure we reflect in a disciplined way on our experiences over the previous year, critically assess our performance as a committee and carefully think through our priorities going forward.
In this context, we have produced an annual report that takes full advantage of the flexibility in the new policy suite with respect to annual reporting. It is more selective and succinct than previous reports which included TB-prescribed sections that, in our view, added very little or no value.
There are three contextual issues that should be understood in reading this report. Two of them relate to the PSC and one to the IAC.
First, on April 1, 2016, having completed its foundational work on its new policy and oversight frameworks, the PSC entered the implementation phase of the New Direction in Staffing (NDS). This initiative, which was designed to simplify and strengthen the staffing system across the federal public service, was a major preoccupation for the organization throughout the reporting period and some significant progress was made in some areas. At the same time, however, it is clear to us that successful implementation of the NDS across the system will take a sustained leadership effort by the PSC over a period of several years and that its credibility as a central agency is now directly linked to the success of this initiative.
Second, in December 2016, the Acting President, who had been in place for nearly two years during the critical stages of finalizing the NDS and its early implementation, was appointed to an Associate Deputy Minister position in another department. This required the appointment of another Vice President as Acting President and another wave of adjustments to the responsibilities of other senior executives within the organization. While we have been impressed by how well senior managers have continued to work as a team throughout this period, it is clear to us that the organization needs more permanent leadership at the top. We are therefore encouraged by the recent appointment of a new President.
Third, in May 2016, the IAC membership was renewed with the reappointment of the chair and appointment of a new member. Delays to these appointments in the post-election period of early 2016 resulted, as reported in our last annual report, in an interruption to IAC operations including cancellation of the last meeting of the previous fiscal year. However, these appointments were made in sufficient time for all four meetings in the current reporting period to be held as scheduled. The integration of the new member into the IAC took place during this reporting period and is now complete.
Summary of the Internal Audit Committee’s work
During this reporting period the IAC held four meetings. This included two full-day meetings and two half-day meetings. Prior to each of these meetings the external members held half-day meetings during which we received a variety of updates and briefings on specific topics. In addition, we engaged in discussions about the key risks and challenges facing the organization during in-camera lunch meetings with the Acting President on meeting days. We also held additional in-camera discussions with the Acting President following each of the IAC meetings.
For 2016-17, we developed a comprehensive plan to ensure we met all of our obligations under the previous TB Internal Audit Policy and Directive on Internal Auditing and we were able to complete all of the actions identified in the plan. This included actions to ensure that we engaged appropriately throughout the year in each of the core areas of responsibility defined in the Directive on Internal Auditing: Values and Ethics, Risk Management, Management Control Framework, Internal Audit Function, External Assurance Providers, Follow-up on Management Action Plans, Financial Statements and Public Accounts Reporting, and Accountability Reporting.
With respect to formal reports produced by the Internal Audit and Evaluation Division (IAED) during this period, we provided advice on the Audit of Priority Administration and its associated Management Action Plan (MAP), the Report on Consulting Engagement on the Efficiency of the Investigations Process and Process Maps, and the Consultation on the Public Service Resourcing System (PSRS) and the Priority Information Management System (PIMS). We also provided advice on the Evaluation of the Second Language Testing Program and the associated MAP.
In addition to our work in our core areas of responsibility, we continued to provide input and advice on issues related to the PSC’s efforts to transform the staffing system across the federal public service. This included providing advice on steps required within the PSC to ensure successful implementation of the NDS, and on the development of a new Departmental Results Framework.
Assessment of the Public Service Commission
Based on our engagements during this reporting period, we continue to hold an overall positive view about how the PSC is managed. Despite the significant personnel changes at the senior management level over the past couple of years, the organization has continued to move forward in an effective, determined way with its system-wide transformation agenda. Along the way, it has been able to identify and manage its key risks competently, maintain effective controls over its operations and adjust its governance arrangements to align with the NDS. As a result, we are in broad agreement with the way that the PSC has been internally managed and have no critical recommendations about this to make in this report.
At the same time, our assessment is that there is a very significant risk that the implementation of the NDS will not achieve the system-wide objectives it was designed to achieve over the next few years, and this is a risk for the public service as well as the PSC. In our view, the PSC will need to implement effective strategies to manage this risk to ensure, to the maximum extent possible, these system-wide objectives are achieved during this period to help position the public service for the future and ensure that the PSC’s credibility as a central agency is strengthened.
Simply put, there is no doubt in our minds that success in achieving the objectives of the NDS will require both strong central-agency leadership and effective risk management from the PSC over the next several years. In this context, we have identified four areas where we think that strengthening the PSC’s approach would help mitigate the risks moving forward:
- First, a credible performance management framework (PMF) to measure progress in the implementation of the NDS across the system is needed. While we are encouraged by the work the PSC has done, with our input and advice, on its Departmental Results Framework, the metrics to support a truly results-based operational-level PMF for the organization are still under development. This framework needs to be implemented as soon as possible to provide the data needed to determine whether specific strategies are succeeding or failing.
- Second, an area of significant risk for the PSC moving forward could be its mission-critical information technology (IT) systems. The recent risk assessment of the PSRS and PIMS clearly demonstrated that the risks facing the organization with respect to these two systems are substantial and growing as they continue to age. Since the PSC does not have an agreed strategy or roadmap to deal with the significant issues raised in this assessment, development of a long-term comprehensive strategy is now required.
- Third, the PSC needs to align its risk management approach and culture more fully with the NDS. While considerable progress has been made over the past couple of years in developing the organization’s Corporate Risk Profile and Risk Registry, the risks related to possible failure in the system-wide implementation of the NDS have not been fully reflected in this framework. Doing this would strengthen the PSC’s approach to risk management.
- Fourth, the PSC needs to implement the NDS strategy well internally. Doing so will not only help the organization lead by example, it will also help ensure that senior managers in the PSC more fully understand the challenges that other departments will have to address in an effective way if system-wide implementation of the NDS is to be successful.
While we have a positive view of the PSC and the way it has been managed for over the past two years under the leadership of Acting Presidents, we believe, especially now that the organization is entering a new phase of certainty and continuity with respect to leadership at the top, these issues can and should be fully addressed. We are prepared to assist in every way we can with our advice and support.
Assessment of the Internal Audit and Evaluation functions
The external members of the IAC also have a positive view of the internal audit and evaluation functions at the PSC. 2016-2017 was the first full year for the current Chief Audit and Evaluation Executive (CAEE) and he has achieved success in rebuilding the capacity of the Internal Audit and Evaluation Division (IAED) for the longer term. He has also achieved success in improving both the quality of the products that have been produced and in strengthening the discipline with respect to how management’s progress against MAPs are tracked and reported.
We are fully satisfied that the audit function is maintaining an appropriate level of independence from management. During this reporting period the CAEE reported directly to the Acting President and continued to have unfettered access to senior management and to us. We are also fully satisfied with the quality assurance approach that has been implemented for the audit function.
At the request of the previous President and consistent with the IAC Charter, we now also provide advice on evaluation reports and their associated MAPs. During 2016-2017 we therefore continued to engage on evaluation issues and, although we reviewed only one evaluation report, we have been pleased with the way IAED has engaged with us to provide essential background information and to seek our input and advice.
The one area where we believe further attention is needed is in the flow of products from IAED to senior management and the IAC. Now that the IAED is at full strength and has clearly demonstrated it can produce quality products that have a positive impact on the organization, we believe the time is right to increase the number of products produced each year. We are therefore encouraged that the CAEE is fully committed to doing this by scoping projects more tightly and taking additional steps to increase productivity within the division. We strongly support his efforts to move in this direction and will provide our advice on the scope of individual projects to assist him.
Results of annual self-assessment
Consistent with the commitment we made in our last annual report, we conducted a comprehensive self-assessment based on the questionnaire included in the OCG’s most recent Guidebook for a Departmental Audit Committee.
Overall, we are pleased that we have been able to fully integrate a new external member and continue to build strength as a committee during this reporting period. We are also pleased with the transparent and collaborative way in which senior managers have engaged us on all issues, and with the way that the organization, and especially IAED, has supported us in our role as independent advisers to the President.
One of our key challenges moving forward will be to build our relationship with the new President and position ourselves as a strategic resource to him. This strategic role, which we have been developing as a committee over the past few years, is a role that is now formally recognized in the new policy suite, and we think this is an area where we can add increasing value going forward.
The other challenge, of course, will be to sustain our momentum in terms of adding value in our core areas of responsibility. To this end we will, now that the new TB policy suite has been approved, finalize our formal work plan for 2017-2018 before our first IAC meeting in June to ensure the committee engages appropriately throughout the year in each of the core areas confirmed in the new policy suite.
Based on the considerations outlined in this report, the external members of the IAC recommend the following priorities for the IAC in 2017-2018:
- Continuing to strengthen our strategic advisory role with the new President.
- Supporting the PSC’s efforts to achieve its system-wide objectives by providing advice on the development of an effective operational-level PMF, a longer-term IT strategy and a risk management approach more fully aligned with the NDS.
- Supporting the CAEE’s efforts to tighten the scope of projects and increase productivity to improve the flow of products from IAED to senior management and the IAC.
- Date modified: