Report of the Internal Audit Committee to the Commissioners of the Public Service Commission for Calendar Year 2010
The Internal Audit Committee (IAC or Committee) of the Public Service Commission of Canada (PSC) is comprised of external members to provide the President with independent advice on matters relating to management controls and reporting of plans and results. As required by the Committee's Terms of Reference, this report outlines Committee activities during the calendar year 2010.
Membership and meetings
The Committee was chaired by the President and has as its members: D. Adam PhD, Peter Boomgaardt and Robert Little. Following a discussion on the matter, the members unanimously endorsed the effectiveness of its meetings and requested the President to continue chairing the meetings.A representative of the Office of the Auditor General (OAG) was invited to attend all meetings. On a select basis members of the PSC senior management and Internal Audit staff attended as observers and to respond to questions from members.
The Committee met five times during the year (February, May, August, November and December) with all members participating in all meetings in person or by teleconference. Two of the external members met with all the Commissioners on June 3. The Committee regularly had ‘in camera' sessions involving only the external members, the President and other staff as appropriate.
Committee Terms of Reference
The Committee reviewed its Terms of Reference in November and approved it with some minor points of clarification.
In determining meeting agenda topics and in completing this report the Committee refers to eight key areas of oversight responsibility that are outlined in IAC guidance provided by the Office of the Comptroller General (OCG).
Eight Areas of Oversight Responsibility
Values and Ethics (V&E)
In May 2010, the Committee was updated on how the PSC disseminated its Values and Ethics to all staff and encouraged compliance; it was emphasized that the values of the PSC (integrity, respect, fairness and transparency) and the Public Service Employment Act (PSEA) (fairness, access, transparency, merit and representativeness) were integrated into every part of the organization's work.
As well, the Committee was briefed on the ‘acceptable' rating in the current Management Accountability Framework (MAF) assessment by Treasury Board Secretariat. Senior management reported on its activities to:
- implement a multi-year management plan to improve V&E performance measurement and communication;
- implement recommendations arising from annual employee surveys;
- support activities of the Ombudsman's Office, Ethics and Conflict Resolution and training in the exercise of recourse mechanisms; and
- apply the privacy management framework, covering the collection use and disclosure of personal information as well as the move towards the related Enterprise Privacy Impact Assessment.
The Committee was informed that a new Code of Conduct is being prepared for the public sector. Once it is finalized, it will be the basis for updating the PSC's own code.
Building on its review of the Corporate Risk Profile in 2009, during its August 2010 meeting the Committee received a risk assessment from the Chief Audit Executive (CAE) with input from all branches. The Committee suggested that results and associated mitigating strategies be included in the Report on Plans and Priorities (RPP).
The Committee was informed about a review of certain Advance Contract Award Notices (ACANs) and was regularly updated and consulted on findings and the ultimate reporting of the matter. The Committee was briefed on ‘PSC Investment Planning and Organizational Management Capacity Assessment' and discussed challenges posed in monitoring projects. The Committee identified several projects and areas of risk for specific follow-up during its meetings, namely:
- Public Service Staffing Modernization Program (PSSMP);
- Cost Recovery;
- Test Security;
- Management of Information Technology Security (MITS) implementation;
- Business Intelligence/Enterprise Data Warehouse; and
- Budget constraints.
The Committee is mindful of the changing risk landscape at both the PSC and government-wide levels.
Management Control Framework
The Committee was informed of the key management issues and how procedures have been adopted to mitigate concerns and produce desired results. In particular, the Committee received a presentation by Finance and Administration Directorate on the 'Implementation of Internal Control Policy at the PSC' which highlighted a new process to document and test internal controls over financial reporting called 'Resolver Risk'. Members were pleased with the progress but cautioned against excessive detail in the assessments.
The Committee was provided with key reports used by the Executive Committee of the PSC to monitor activities and engaged in full and open discussions on specific issues with follow up actions included in the meeting minutes. The Committee noted the strong financial controls in place within the PSC as evidenced by results of cyclical financial audits and the OAG audit of annual financial statements.
OAG and Central Agencies
By virtue of the regular attendance of a representative of the OAG, the Committee has been kept well informed of matters raised by the OAG and about the OAG's audit plans.
The CAE periodically updated the Committee on developments in the OCG, particularly on evolving role of internal audit and audit committees. The Committee was briefed on the findings and recommendations arising from the OCG's Horizontal Internal Audit of High Risk Expenditure Controls; the PSC reported compliance with the recommendations.
The Comptroller General attended part of the Committee's August meeting to discuss plans and exchange ideas. Members attended a symposium on ‘The Evolution of DAACs – From Vision to Reality' sponsored by the OCG on November 4, 2010.
The Committee was updated on the Procurement Ombudsman's horizontal review of contract auditing by departments and the PSC's plans to work with the Ombudsman and PWGSC regarding next steps.
The Committee was informed of the PSC's report card on Official Languages Act compliance and discussed measures to further address opportunities.
Follow-up on Management Action Plans
The Committee uses three means of follow up on Management Action Plans:
- General Committee-related actions are included in the “IAC Tracking of Follow-Ups” which is updated for each meeting;
- Management plans and progress on actions arising from recommendations of internal audits are reported semi-annually;
- Progress on PSC commitments and action plans arising from PSC external audits are also reported on a six month schedule.
In all cases, individual actions are monitored until the IAC is satisfied that changes have been successfully achieved. The Committee is generally satisfied with management's progress in implementing its action plans.
Financial Statements and Public Accounts Reporting
The IAC reviewed the annual financial statements prepared by management and noted no concerns with the judgments and estimates embodied in them. With respect to the OAG audit of the PSC's financial statements at March 31, 2010, the Committee was pleased to note that the OAG issued an unqualified opinion on the financial statements, reported no matters of concern and made no recommendations for improvement to management. The IAC recommended acceptance of the financial statements to the President.
During its August meeting the IAC reviewed a draft of the Departmental Performance Report for 2009-10 including the audited financial statements for the 2010 fiscal year. In December the Committee reviewed a draft of the Report on Plans and Priorities for 2011-12. The Committee directed special attention to performance metrics and consistent presentation of financial data; it offered a number of minor suggestions to strengthen clarity and completeness and was satisfied that the PSC was presenting fair and reasonable reports to Parliament.
The IAC was briefed on the results of Round VII (and preparations for Round VIII) of the Management Accountability Framework (MAF) assessment and the resultant PSC Action Plan. The Committee monitored the continuing implementation of recommendations arising from the Independent Review Committee's report of January 2009 ‘Review of the Public Service Commission Oversight'. The Committee also received periodic updates on the preparations for the PSEA five year legislative review.
The Committee received regular updates on strategic matters and such key challenges as development of the Public Service Staffing Modernization Project and the implementation of policies, procedures and tools covering cost recovery for services. For information purposes, the IAC was provided with a copy of the Fiscal Year 2009-2010 PSC Annual Report to Parliament.
Internal Audit Function
At its February meeting the Committee reviewed the draft internal audit plan for 2010-11 and outlook to 2014-15. It was noted that the OCG has not yet defined its expectations for annual audit coverage and reporting. The Committee provided some suggestions for future and recommended the plan to the President for approval.
The IAC also received a briefing on the resources of internal audit and all staffing actions throughout the year. At each meeting the Committee was updated on the status of audits and plans; where appropriate based on findings at the preliminary survey stage, further work was modified on the recommendation of the Committee. Three internal audit reports were presented to the Committee:
- Implementation of Service Transformation;
- PeopleSoft; and
- Cost Management of Information Technology
The Committee placed special emphasis on findings and recommendations, as well as management's remedial action plans. All internal audit reports were recommended for approval. A thorough systematic approach has been adopted to inform the Committee on the implementation of all internal audit recommendations.
During November and December Committee members were interviewed by Internal Audit in preparation for next year's audit plan and provided input with the intent of balancing the various requirements in advance of the draft plan being presented for approval.
The IAC considers that the internal audit function: a) is staffed by professionally qualified people; b) schedules its audits using a risk-based methodology; c) applies a professional approach to planning, executing, reviewing and reporting on its audits; d) follows up systematically on the progress of actions by management in response to audit reports; and e) follows guidance provided by the Treasury Board Policy on Internal Audit. Accordingly, the Committee considers that the internal audit function continues to evolve in line with OCG guidance, has a reasonable capacity to address its mandate and is performing its role in a satisfactory manner.
Building on its experience since 2006, the Committee considers that the 2010 activities constitute a satisfactory discharge of its responsibilities. The IAC recognizes that its role will continue to evolve as the OCG clarifies its expectations of internal audit committees in the federal public sector.
The IAC was provided with relevant and transparent information to enable the Committee to fulfill its mandate. In particular, the Committee was regularly briefed on how the PSC is dealing with the major challenges it faces. The Committee was pleased with the professionalism of staff, the candour concerning the challenges they face and the willingness to implement suggestions.
After its fifth year of activities, the IAC considers that it has a realistic appreciation of the complex issues faced by the PSC and its management processes. Based on observations over the past year the Committee concludes that the PSC has a rational approach and systematic management control framework to addressing its mandate, to monitoring results and to reporting publicly.
A Look Ahead
In 2011, the IAC's planned reviews of key management activities are outlined in the attached schedule.
In addition, specific issues that the IAC plans on addressing include:
- Succession planning
- Public Service Employment Act 5 year legislative review
- Planning for the 2013 move to Gatineau
- Information Technology Strategic Plan
- PSC Investment Plan
- PSC Code of Conduct
- Information Management and Security Control Framework
Report a problem or mistake on this page
- Date modified: