Governance of the Values and Ethics Environment
Corporate Audit and Evaluation Branch
November 2006
Table of Contents
Background
Effective governance framework of Values and Ethics (V&E) can influence the extent to which an organization meets its objectives by promoting internal cohesion and building stakeholder trust and confidence. A comprehensive V&E governance framework is made up of clear responsibilities, plans and activities intended to clarify, promote, and guide an organization to achieve high ethical standards.
All employees have a role in supporting Values and Ethics and management has a leadership role to play including modelling desired behaviour. Human Resources Branch (HR), Finance & Administration Branch (F&A), and Public Affairs Branch (PAB) each have specific responsibility for shaping, maintaining and communicating CRA policies, procedures and guidelines that govern the Agency's V&E framework. HRB and F&A are responsible for policies and guidelines that promote conduct consistent with the CRA's vision, mission and values. All branches have a responsibility to participate in the development and implementation of these policies. PAB is responsible for developing a communications strategy that allows for effective and consistent communication.
In March 2006, the Commissioner of the CRA nominated an Agency V&E Champion with a mandate to review the current status of V&E, develop an action plan and make recommendations to the Commissioner. Throughout this review internal audit has consulted and provided information to the Champion.
This report summarises internal audit's review of the governance of V&E within the CRA. This project was planned as part of the 2004-2007 Corporate Audit and Evaluation Business Plan. The terms of this assignment were approved at the December 2005 meeting of the Internal Audit and Program Evaluation Committee. The methodology for this report relies on a review of evidence sufficient to provide assurance on the existence and maturity of key governance themes. The information collected for this review is based on generally accepted industry standards on key elements that should be in place as the basis for providing assurance on the maturity level of CRA's V&E governance framework.
In order to determine the components of a comprehensive governance framework, the audit team examined authoritative sources including the Office of the Auditor General of Canada (OAG), the Public Service Human Resources and Management Agency of Canada (PSHRMAC) and the Institute of Internal Auditors (IIA). The following five key governance themes emerged:
- Organization Design;
- Leadership;
- Objective Setting and Planning;
- Communications; and
- Monitoring and Reporting.
Objective
The objective of this review was to determine whether the governance framework in place to manage the CRA's values and ethics is comprehensive. Examinations were conducted during April to July 2006 and included:
- Interviews with and/or questionnaires completed by Assistant Commissioners;
- Interviews with senior executives in six branches and three regions;
- Policy, legislation, document and website reviews; and
- Interviews with four other federal government departments.
The review conforms with the International Standards for the Professional Practice of Internal Auditing, which calls for periodic assurance to senior management and boards of directors regarding V&E.
Analysis
To illustrate the CRA's governance framework, the audit team mapped the V&E governance profile of the Agency against three maturity levels. The criteria, determined by the audit team and used for this table, are based on elements that would be found under the five themes. As previously mentioned, these themes were developed based on a review of authoritative sources such as the IIA, OAG and PSHRMAC.
| Maturity Level of the Values and Ethics Governance Framework | Established | Being Developed | Not in Place |
|---|---|---|---|
| Level 1 - Fundamental | |||
| Mission, vision, corporate values, policies and procedures exist |  |
||
| Senior managers demonstrate leadership and due diligence | |
||
| Resources are utilized to support V&E initiatives | |
||
| Employees are provided with V&E training/awareness, have access to information, and make regular declarations on ethical awareness | |
||
| Mechanisms are in place to investigate and resolve alleged violations of V&E policies and procedures | |
||
| V&E roles and responsibilities have been defined | |
||
| Channels exist to distribute information at all levels | |
||
| Level 2 - Intermediate | |||
| Policies are clear, complete and easily understood | |
||
| V&E program mandate, objectives and goals are clearly defined | |
||
| Employees are provided with ongoing advice and guidance | |
||
| V&E standards/benchmarks are established and reports are prepared and distributed | |
||
| A V&E communications strategy exists | |
||
| Confidential internal disclosure and reprisal protection processes are in place | |
||
| Level 3 - Mature | |||
| Comprehensive set of mechanisms are in place to measure progress and determine ethical climate of the organization (e.g., results of investigations analyzed) | |
||
| Agency level V&E strategy exists and is centrally coordinated | |
||
| A central authority provides consistent V&E advice and guidance | |
||
| A formal V&E risk management process is conducted | |
||
| Agency level V&E objective setting and planning is in place and plans are revised periodically | |
||
| Agency level V&E program goals and objectives are "SMART" (specific, measurable, achievable, realistic, and timely) | |
||
As the table indicates, the fundamental elements of the Agency's V&E governance frameworkare established and most of the intermediate elements are being developed. The V&E Champion's mandate includes developing a 3-year action plan that will further mature the governance framework.
Organizational Design
An overall strategy is important to coordinate V&E related activities. An uncoordinated approach could lead to duplication of resources and missed opportunities to expand best practices. Currently, the CRA does not have a central point of contact and/or authority for V&E. However, in March 2006, the Commissioner of the CRA nominated an Agency V&E Champion with a mandate to review the current situation, develop an action plan and make recommendations to the Commissioner.
In December of 2003, the Government of Canada announced plans to modernize human resources management of the public service - with the creation of PSHRMAC. Within PSHRMAC there is an Office of Public Service Values and Ethics (OPSVE), which is a centre of expertise and leadership responsible for furthering values-based management within the Public Service. The OPSVE serves as a contact point for all public servants to gain insight and knowledge on values and ethics. PSHRMAC has not prescribed or recommended a standard structure for V&E across the federal government. Individual organizations can use the structure that best fits them.
Values and Ethics standards, policies and procedures should provide clear direction of the expectations for an organization. The CRA has a mission, vision and four corporate values (integrity, professionalism, respect, and cooperation) as well as a Code of Ethics and a suite of policies and guidelines to provide direction and guidance in relation to V&E. Policies and guidelines should also be concise and easily accessible to provide appropriate support and consistency. The CRA has core policies in place that deal specifically with Values and Ethics. When other sources related to values and ethics are included, however, there are over 150 distinct sources of guidance. In terms of setting direction and raising awareness this coverage is beneficial, however the large number introduces risks related to effective understanding and consistent application of the appropriate guidance. Some organizations have adopted a consolidation exercises to better assist line management in navigating through and applying appropriate policy. For example, the Treasury Board Secretariat is currently working to reduce their policy suite by one half.
The Gomery Report, the Public Servants Disclosure Protection Act (PSDPA) and the Federal Accountability Act all acknowledge the need and benefit of a mechanism to permit employees to raise concerns without the threat of reprisal.
The PSDPA was introduced to establish a mechanism for the disclosure of wrongdoing in the public sector and to protect public servants who make disclosures. The legislation received Royal Assent on November 25, 2005 and although it is law, has yet to come into force. The government proposes to strengthen this legislation, particularly as it relates to reprisal protection, by amendments contained in the Federal Accountability Act. The Federal Accountability Act is currently in the Senate and the second reading began on June 27, 2006.
The PSDPA and the Federal Accountability Act identify the Public Service Integrity Commissioner (PSIC) as the independent central contact for the entire public sector. This provides CRA employees with direct access to the PSIC to report wrongdoing in the workplace. The PSDPA also requires Chief Executives to designate a senior officer to be responsible for receiving and dealing with disclosures of wrongdoings made by public servants and transitional accountability within the CRA has been assigned to the F&A branch. Through the process of formalizing an internal disclosure mandate, considerations of confidentiality and anonymity will be important.
Assistant Commissioner and senior management interviewees indicated they were not aware of any formal confidential mechanisms for employees to disclose alleged wrongdoing. However, interviewees identified other avenues that could be used for this purpose, such as ComDirect, suggestion boxes, and union representatives. These informal alternatives would not fully meet the requirements of pending legislation - for example, they do not have a specific focus on investigating allegations of internal wrongdoing nor do they explicitly provide for protection from reprisal - and therefore, it is important for the Agency to establish an approach that fully conforms to the legislative requirement.
Leadership
The actions and attitudes of senior management greatly influence the ethical climate of an organization and the behaviour of its employees. In 2003, the CRA launched a Trust and Integrity (T&I) website. The Commissioner's welcoming address on the T&I website, which recognises the critical role played by CRA integrity in maintaining the public trust required in order to carry out Agency business, demonstrates V&E leadership qualities.
Furthermore, senior management interviewees provided numerous examples of support for V&E, including the Ontario Region Executive Cadre (EC) Conference held in March 2006 and PAB incorporating trust and integrity in their 2004-2007 Strategic Plan. In addition, support for the V&E program is articulated in the CRA mission and corporate values, and is evident throughout Agency policies and guidelines.
Leadership is also evident through senior managements exercise of due diligence including, dealing with V&E issues in a timely, fair and direct fashion; taking every opportunity to speak about V&E; and leading by example.
Objective Setting and Planning
A coordinated strategy benefits organizations because it facilitates the sharing of innovations of small groups with the organization as a whole and reduces duplications. In addition, a coordinated strategy could result in timelier implementation of initiatives.
There are numerous activities and special initiatives taking place such as the Agency 2010 vision and the Corporate Business Plan (trust and integrity is one of the four agency strategic priorities); as well as branch and region specific initiatives including, the Information Technology Branch's (ITB) “DNA Strands” campaign [Footnote 1] and Quebec Region's “Ethics Committee Responsible for Developing Awareness” campaign. However, there is no unified, coordinated strategy for V&E planning across the Agency.
Communications
An effective communications strategy provides consistent and clear information across an organization. It ensures that the message is received and understood as intended. The audit team found evidence of various V&E communications methods, including internal communications, training and awareness sessions and national e-mails. However, the audit team found no evidence of a coordinated communications strategy.
Interviewees noted that the most effective methods for delivering the V&E message are face-to-face discussions and awareness sessions. They also identified the least effective method as passive, broad based, lengthy national e-mails that contain too many links and/or attachments and lack a personal message.
Monitoring and Reporting
Monitoring entails periodically reviewing processes to ensure that goals and objectives are still relevant and being achieved, and to identify risks to the organization. Risk management is a logical and systematic method of identifying, analyzing, assessing, and addressing risks associated with a program, project, or activity. As an organization evolves, new risks are assessed, priorities determined and goals and objectives are adjusted to address these new risks.
A number of mechanisms exist to measure progress and gauge the ethical climate of V&E in the CRA. These include: the number and nature of taxpayer and employee complaints; the number and type of security incidents; the Public Service Employee Survey; and the CRA Annual Corporate Survey (external).
Formal risk management in regard to V&E, along with performance criteria and benchmarks to gauge and monitor the ethical climate, are aspects of a mature model that are still under development in the CRA.
A report provides an organization with a snapshot regarding performance in a given activity. Reports over a period of time can help an organization determine its progress and identify trends. Reporting also permits an organization to communicate organizational performance and progress to stakeholders. The CRA prepares a variety of V&E related reports including: security incident reports, Internal Affairs reports and Online Audit Trail System (OATS) reports. However, there is no cohesive report that pulls all V&E related information together.
Conclusion
The fundamental elements of the Agency's V&E governance framework are established and most of the intermediate elements are being developed. The CRA has a foundation in place to govern values and ethics, and exhibits strong leadership on the part of individual executives and managers. The V&E Champion's mandate includes developing a 3-year action plan that will further advance the maturity of the governance framework.
Next steps
The research from this review has been shared with the CRA V&E Champion in order to support the Champion's mandate to further enhance the V&E governance framework.
Over the course of this review, the audit team did not identify any areas that require immediate attention. V&E will be revisited during the annual Corporate Audit and Evaluation Branch planning process and should specific high risks be identified, internal audit work will be recommended at that time.
Footnotes
- [Footnote 1]
- As part of the ITB Renewal Program a branch specific initiative was developed called ITB Development, Norms, and Attitudes “DNA Strands”. This campaign provides descriptions of attitudes and practices that make ITB a good place to work.
Page details
- Date modified: