Archived - Risk-Based Audit Plan 2007-2008 to 2009-2010

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Author: (Audit and Evaluation Sector)

PDF Version (694 Kb, 30 pages)

Introduction
- Background
- Scope of the Internal Audit Function
Risk-Based Audit Planning Methodology
The Three-Year Audit Plan

Introduction

Background

The Audit and Assurance Services Branch within Indian and Northern Affairs Canada (INAC) is engaged in implementing a new mandate for internal audit as defined in the Treasury Board's (TB) Internal Audit Policy that came into force April 1, 2006, with full implementation to be completed by April 1, 2009.

The 2006 Internal Audit Policy places considerable emphasis on:

increasing the independence of the internal audit function
strengthening and further professionalizing the internal audit function
providing a consistent, comprehensive government-wide approach to the way internal audit activities are planned and conducted and
enhancing the oversight, monitoring and reporting role of the internal audit function.

The Government of Canada's Federal Accountability Act (Bill C-2) reinforces this new mandate by enacting measures that are meant to strengthen accountability and increase transparency and oversight in government operations. The Act includes specific measures to strengthen auditing and accountability within departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility, and by bolstering the internal audit function within departments. This three-year audit plan is a fundamental element of the new mandate, providing a strong and credible audit regime that contributes to effective risk management, sound resource stewardship and good governance in the delivery of Indian and Northern Affairs Canada's programs and activities.

Scope of the Internal Audit Function

The internal audit function plays an important role in supporting departmental operations. It provides assurance on all important aspects of risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive insight and recommendations for the strengthening of operations. In this way, internal audit contributes to enhanced accountability and performance.

The Government of Canada's standards for the professional practice of internal audit stipulate that the role of internal audit is to provide assurance that the system of internal control is adequate and effective to manage risk at a level that is acceptable to management. In this way, the internal audit function will provide the Deputy Minister and the Audit and Evaluation Committee with confidence that the risks to their objectives are being managed effectively. The internal audit function has a vital role to play in supporting the principles of modern comptrollership.

Internal control is defined broadly and encompasses those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support the achievement of the organizational objectives.

The scope of the internal audit function is broad and includes those systems of internal control that are in place to achieve the following objectives:

compliance with legislation, regulations, policies and procedures
economy and efficiency of operations
safeguarding of assets
reliability and integrity of financial and operational information
achievement of operational objectives.

Return to Table of Contents

Risk-based Audit Planning Methodology

The methodology employed in the development of the three-year internal audit plan is described below and is consistent with professional standards for the development of risk-based audit plans.

Identification of Auditable Units

The Audit and Assurance Services Branch identified a number of auditable units based upon an analysis and grouping of INAC's potential audit universe of programs, corporate functions, and authorities. A list of the auditable units is included as Appendix A.

Risk Assessment

Recognizing that the most effective processes for risk assessment for internal audit purposes are ultimately based on sound professional judgment, the Audit and Assurance Services Branch adopted a framework that assesses the risks associated with each auditable unit in terms of its significance, complexity, and sensitivity, using a scale of 1 to 5 for each factor where 1 is low risk and 5 is high risk. A total score of 12 – 15 would indicate a high risk auditable unit, 8 – 11 a moderate risk auditable unit, and 3 – 7 a low risk auditable unit. This approach to risk assessment is highly consistent with approaches proposed by the Office of the Comptroller General to identify its possible cross-government audit priorities and by the Blue Ribbon Panel on Grants and Contributions to identify which recipients should be subject to audit.

In completing its initial identification of the risks associated with the auditable units, the Audit and Assurance Services Branch relied on information contained in:

previous audit or evaluation reports (including those of the Auditor General of Canada)
reports or summaries of previous corporate level risk assessments
records of early 2007 meetings between senior INAC and Office of the Auditor General officials in the context of their One Pass Plan exercise
Treasury Board Submissions, including Results based Management and Accountability Frameworks (RMAFs) and Risk-Based Audit Frameworks (RBAFs)
statistical results and narrative reports from the conduct of Grant and Contribution Control Self Assessment Sessions at headquarters and in two regions between April and May, 2007
assessments provided by the Office of the Comptroller General as to common government objectives and risks
audit plans prepared by other government departments (particularly as they related to corporate functions or to contribution programs
other related reports or documents.

As one component in validating the Audit and Assurance Services Branch's assessment of risks, the Audit and Evaluation Sector convened a small working group of senior executives with no direct responsibility for program delivery. The members of the group were asked to individually identify the highest risk areas they perceived for INAC in terms of three categories – fundamental controls (based on the Management Accountability Framework elements), funding authorities, and elements of INAC's Program Activity Architecture. The compiled results confirmed that the Audit and Assurance Services Branch's assessment of risks was well founded and that its resulting proposed projects were well aligned. Appendices B1, C1 and D1 display the results of the assessments, while appendices B2, C2 and D2 identify the high and medium risks in each category in terms of how they are addressed in the first year of the Three-Year Audit Plan.

Recommended Audit Projects

Following the assessment of auditable units, the Audit and Assurance Services Branch considered the nature and type of audit project that would be most appropriate to address the highest risk areas on a priority basis.

In some cases, related audit work had recently been completed or initiated. In these instances, the branch considered whether coverage was likely to be sufficient or whether additional work would be required over the term of the Three-Year Audit Plan. As a result, audit work in some priority areas may be deferred, while in others it may be seemingly repeated or expanded, e.g. in the case where the scope of a recent audit may have been too limited to provide assurance over the entire auditable unit.

In the case of auditable units for which there has been little or no recent relevant audit or evaluation activity, the branch has identified a preliminary survey as a first step in the audit process to identify the management control framework as well as potential risks that would be suitable for audit attention.

As a result of a synthesis of risks previously identified through a variety of sources, it was recognized that there was an opportunity to introduce a small number of audit projects that would examine key issues or risks from a horizontal or cross boundary perspective.

Finally, through its review of Treasury Board Submissions and related RMAFs and RBAFs, the Audit and Assurance Services Branch identified two instances where INAC had committed to Treasury Board to do an audit. Although these projects have been identified in the Plan, it is the Branch's intention to initiate discussions with Treasury Board Secretariat (TBS) to determine whether it is necessary to complete these audits within the time frame indicated, since they did not arise as high risks in the Branch's risk assessment.

Since the Audit and Evaluation Sector formally assumed a responsibility to review INAC's RMAFs and RBAFs, it has paid particular attention to ensuring that audit commitments are not made which undermine the Treasury Board's own policy that internal audit activity be based on risk assessments which are conducted at least annually.

Consultations with INAC Management

Consultations were held with the senior management of all sectors in INAC to explain and verify the identification of auditable units and to present the recommended audit projects that affect their sector or their interests as corporate managers.

Return to Table of Contents

The Three Year Audit Plan

Based on the results of the risk-based prioritization of auditable units, a formal three-year audit plan has been developed, taking into consideration the known planned activities of external parties. The Three-Year Audit Plan (Table 1) sets out the recommended projects over the period from 2007-2008 to 2009-2010.

Prior to each subsequent fiscal year, the risk assessment of auditable units and the identification of projects will be updated to ensure that audit attention is devoted to those areas of greatest risk that are suitable for examination.

The audit plan for 2007-2008 is presented in Table 2 with each project described in terms of its nature, its objective, its estimated timeframe, and its rationale.

Table 1

Auditable Unit	Risk Profile	2007-2008 Audit Project	2008-2009 Audit Project	2009-2010 Audit Project
Capital Facilities and Maintenance	High risk: major materiality (approaching $1 billion) with significant infusion, highly complex delivery model, sensitive to beneficiaries and public	Audit of Capital Facilities and Maintenance
Income Assistance	High risk: major materiality ($3/4 billion range), highly sensitive to public – living conditions and potential for abuse, decentralized and devolved delivery	Audit of Income Assistance		Audit of Income Assistance
Child and Family Services	High risk: significant materiality ($1/2 billion range), highly sensitive to beneficiaries and public, complex and challenging delivery models	Follow-up Audit of Child and Family Services
Family Violence and Other Social Services	Low risk: moderate materiality (>$80 million), some complexity due to number of authorities, little specific sensitivity			Audit of Family Violence and Other Social Services
Post Secondary Education	High risk: significant materiality (>$250 million), more complex delivery than elementary/secondary education, sensitive to beneficiaries (demand) and public	Audit of Post Secondary Education
Elementary and Secondary Schools	High risk: major materiality (> $1 billion), sensitive to beneficiaries and public, challenge to meet standards and improve results, renewal underway		Audit of Elementary and Secondary Schools
Other Education	Low risk: moderate materiality (>$100 million), complexity only due to number of specific purpose authorities, low sensitivity			Audit of Other Education
Registration and Membership	High risk: low direct materiality but highly significant in terms of potential impacts, complex to determine eligibility, highly sensitive in the event of fraud or abuse	Audit of Registration and Membership
Natural Resources and Environmental Management	Moderate risk: lower relative materiality (approx. $50 million) with potentially increased significance due to contingent liabilities, complex because of competing demands – environment vs. development, public sensitivity if environment threatened	Audit of Healthy Northern Communities - Knowledge and Adaptation	Audit of Natural Resources and Environmental Management
Economic Development	Moderate risk: moderate relative materiality (greater than $200 million) with significant challenges of integrating Industry Canada programming, inherently highly complex to pick "winners" in multi-jurisdiction environment, limited sensitivity unless failures highlighted	Follow-up Audit on the Industry Canada 2006 Audit of Aboriginal Business Canada		Audit of Economic Development
Self Government/Claims	High risk: significant materiality (approaching $400 million), highly complex to negotiate and implement, highly sensitive due to time and resources invested	Preliminary Survey of Specific Claims	Audit of Specific Claims
Self Government/Claims	As above	Audit of the Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement	Audit of Self Government, including Comprehensive Claims - Preliminary Survey	Audits (Scope TBD)
Band Support Funding	Moderate risk: significant materiality (>$300 million), moderately complex, potentially sensitive if funding misused		Audit of Band Support Funding
Office of the Federal Interlocutor (OFI)	High risk: lower relative materiality (approaching $30 million), however, highly sensitive and complex due to challenges of mandate, expanded Urban Aboriginal Strategy and central agency interest	Audit of the OFI Management Control Framework for Contribution Programs and Operations	Audits of OFI Contribution Programs (Urban Aboriginal Strategy, Powley, OFI) (as required)
Northern Air Stage Funding Subsidy (Food Mail)	Low risk: low relative materiality, some complexity due to pressure for change, some sensitivity because of OAG interest		Audit of Northern Air Stage Funding Subsidy
Emergency	Low risk: normally low materiality, some complexity in implementing appropriate responses, low sensitivity unless mismanaged			Audit of Emergency
Capacity Development	High risk: moderate relative materiality (>$100 million) but significant impact on INAC's agenda and highly complex due to numerous initiatives; sensitive to public if results not evident	Audit of Capacity Development
Grants and Contributions Departmental Controls	High risk: highest materiality and significance representing approximately 85% of INAC budget, highly complex and sensitive (variety of authorities and delivery mechanisms)	Horizontal Departmental Audit – (Scope TBD)	Horizontal Departmental Audit – (Scope TBD)	Horizontal Departmental Audit – (Scope TBD)
External Reporting (Financial Statements Audit Readiness)	Moderate risk: moderate significance and sensitivity although OAG and TBS are interested, highly complex because of decentralized organization and tight timeframes	Audit of Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts) and Payroll (4 related auditable units)	Audit of Revenues, Loans and Accounts Receivable, and Flow Through Funding (3 auditable units)
External Reporting (Financial Statements Audit Readiness)	As above	Entity Level Controls Preliminary Survey for Audit of External Reporting	Audit (Scope TBD)	Audit (Scope TBD)
Financial Planning, Budgeting and Forecasting	Moderate risk: potentially significant if reliable information not available consistently, complex in a decentralized organization, little sensitivity			Horizontal Departmental Audit of Financial Planning, Budgeting and Forecasting
Procurement/Contracting	Moderate risk: significant support to achievement of INAC objectives, moderately complex to respect principles and policies, little sensitivity unless mismanaged			Audit of Procurement/ Contracting
Travel and Hospitality	Low risk: support to achievement of INAC objectives, not complex, however, can be sensitive if abuse suspected			Audit of Travel and Hospitality
Information Management/Information Technology (IM/IT) Policy, Planning and Management (HR)	High risk: highly significant because of potential impacts on program delivery and corporate services, highly complex to establish governance that can set priorities and meet competing demands, sensitive if needs not met	Preliminary Survey (with IM/IT Applications)	Audit (Scope TBD)	Audit (Scope TBD)
IM/IT Applications Development and Support	Moderate risk: potential for significant impact if corporate or program systems not reliable or effective, system development can be quite complex, sensitivity usually moderate	Preliminary Survey (with IM/IT Policy, Planning and Management)	Post-Implementation Audit of First Nations and Inuit Transfer Payment System Audit of System Under Development or Application in Place – (TBD)	Audit of System Under Development or Application in Place – (TBD)
Documentation and Records Management	Moderate risk: potential significance in terms of efficiency and effectiveness of INAC, complex to implement consistently across a large decentralized organization, not normally sensitive unless breaches occur		Audit of Documentation and Records Management
IT Security	Moderate risk: potentially significant if security breached, quite complex to keep abreast of threats, little sensitivity unless breach occurs			Audit of IT Security
Human Resource Planning and Resourcing	High risk: major issue facing INAC, highly complex to identify and match future needs to resource availability, potentially significant impact if resources not available when needed	Horizontal Departmental Audit of HR Planning and Resourcing
Training and Development	Moderate risk: significant impact in terms of implementing programs as intended across large, decentralized organization, complex to ensure that learning occurs, little sensitivity		Horizontal Departmental Audit of Training and Development
Organizational Design and Classification	Low risk: indirectly supports INAC objectives, moderately complex to achieve best structure, little sensitivity			Audit of Organizational Design and Classification
Complaints and Allegations	Moderate risk: moderate complexity to determine facts and appropriate course of action; significant in terms of INAC's integrity and responsiveness	Special Study
Regional Headquarters (TBD)	Potential disconnects between strategic direction and program implementation in highly decentralized organization	Audits (Scope TBD)	Audits (Scope TBD)	Audits (Scope TBD)
Risk Management, Strategic Policy and Planning, and Values and Ethics (3 auditable units)	High risk: entity level controls with potentially significant indirect impacts across INAC, highly complex to inculcate across a large decentralized organization, failure can result in high sensitivity, directly linked to Internal Audit Policy requirements		Audit of Entity Controls - Risk Management, Strategic Policy and Planning, and Values and Ethics
Communications	Moderate risk: indirectly significant to achievement of INAC objectives, complex to communicate consistent messages across a large decentralized organization and with numerous stakeholders, sensitive when attention focused on INAC		Preliminary Survey of Internal and External Communications	Audit
Compliance Monitoring	Moderate risk: moderate significance in ensuring compliance, moderate complexity due to need for judgment in application, little sensitivity			Audit of Compliance Monitoring
Legal Services and Litigation Management	High risk: highly significant impact and cost for INAC, highly complex litigation in litigious environment, costs sensitive to public		Audits (TBC)

Table 2 – Audit Projects for 2007-08

Audit Project	Audit Objective	Timeframe	Rationale
Audits
Income Assistance	Provide assurance on the adequacy and appropriateness of the management control framework	Planning Underway	Due for Treasury Board renewal by March 31, 2008
Registration and Membership	Provide assurance that internal controls over the modernized Indian Registry System and the issuance of Certificate of Indian Status cards are adequate and effective	Spring 2007	Security over card issuance is highly sensitive due to potential misuse (inappropriate access to benefits) Complex delivery model with additional challenge of introducing change High degree of indirect materiality and importance
The Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement	Provide assurance to TBS that the Agreement is being implemented in accordance with approved authorities	Summer 2007	A commitment was made to TBS for an audit in 2007-2008
Office of the Federal Interlocutor's Management Control Framework for Contribution Programs and Operations	Provide assurance to TBS that management control frameworks for utilization of O&M and contribution funds are appropriate	Summer 2007	A commitment was made to TBS for an audit in 2007-08 prior to renewal by March 31, 2008
Grants and Contributions – Departmental Controls	Provide assurance on the controls over selected components of the Program and Recipient cycles	Summer 2007	Highest risk area comprising approximately 85% of expenditures with high degrees of reputational and public awareness sensitivity and complex inter-relationships and delivery mechanisms AES project completed June 2007 to identify and validate audit criteria Annual audit activity to focus on horizontal assessment of key controls to contribute to a holistic opinion
Capital Facilities and Maintenance	Provide assurance on the adequacy and appropriateness of the management control framework	Fall 2007	Resources invested represent one of INAC's largest program areas Can have significant impacts in terms of quality of life for First Nations Delivered in a very complex and sensitive environment Resource s are expected to be significantly increased with the First Nations Infrastructure Fund Recent audit coverage has not provided a holistic perspective
Post Secondary Education	Provide assurance on the adequacy and appropriateness of the management control framework	Fall 2007	Investment of resources exceeds 250 million Delivery quite complex considering wide range of post-secondary options Sensitivity arises from potential inability to meet demand
Capacity Development	Provide assurance that capacity development programs and authorities are being implemented in a coordinated manner and in accordance with approved authorities and terms and conditions	Fall 2007	Capacity of First Nations a critical element in implementing INAC's change agenda Complexity arises from a number of different programs or initiatives Significant cumulative resources
Healthy Northern Communities – Knowledge and Adaptation	Provide assurance that the initiative was implemented in accordance with approved authorities	Fall 2007	INAC 2006-07 Audit Plan identified an audit in 2009-10 Program management requested that audit work be advanced to 2007-08
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts) and Payroll (4 related auditable units)	Provide assurance on the controls governing selected high risk areas	Fall 2007	Support to financial statements readiness for audit by March 31, 2009
Regional Headquarters	Provide assurance on the management control framework, including financial management, human resource management, and program delivery	Fall 2007	Challenged to deploy a limited staff to manage a large number of programs Significant core and non-core budgets over large geographic areas High degree of autonomy and provincial contexts result in a variety of approaches to national programs Questions raised as to the most effective utilization of limited resources Opportunity to identify best practices in resource deployment, e.g. risk-based activities
Human Resource Planning and Resourcing	Provide assurance that INAC has in place the appropriate policies and practices to ensure that it can meet its human resource requirements	Winter 2007	Major issue facing the federal public service Critical to the success of INAC's change agenda
Preliminary Surveys
Specific Claims	Provide assurance on the adequacy and appropriateness of the Specific Claims Branch's management control framework	Completed	Audit of Specific Claims – Preliminary Survey completed in June 2007 Further work recommended only in 2008-09
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support	Prepare the Audit and Assurance Services Branch to carry out audits in the IM/IT area that will provide assurance over IM/IT investments	Summer 2007	Limited previous audit activity in a corporate function with significant resource investment Documentation of the management control framework Identification of systems in place or under development which should be subject to audit
Entity Level Controls for Audit of External Reporting (Financial Statements Audit Readiness)	Prepare the Audit and Assurance Services Branch to carry out audits of financial reporting controls	Fall 2007	Support to financial statements readiness for audit by March 31, 2009 A program of audits of key controls must be established starting with entity level controls Identification of priorities for audit activity including those notionally identified for 2008-09 (i.e. Risk Management, Strategic Policy and Planning and Values and Ethics)
Follow-up Audits
Child and Family Services	Provide assurance regarding the implementation of the management action plan	Fall 2007	Follow-up required on the basis of recommendations resulting from recent audit Central agencies have a particular interest in Child and Family Services
Aboriginal Business Canada	Provide assurance regarding the implementation of the management action plan	Winter 2007	Follow-up required on the basis of recommendations resulting from recent audit Recent transition to INAC with a significant change agenda
Other Initiatives
Special Study of Complaints and Allegations	Assess whether policies and procedures are sufficiently clear and appropriately respected to mitigate potential risks.	Underway	Increasing demand from First Nations for audits Assurance required that an effective framework is in place to capture, assess, and act upon complaints and allegations, whether external or internal

Performance of the Audit Engagements

The Audit and Assurance Services Branch will carry out the approved 2007-2008 audit engagements on a systematic basis. A small number of audit projects has already been initiated, with the concurrence of, or at the request of, the Deputy Minister.

Audits will be carried out in accordance with the Professional Standards for Internal Audit as outlined in the TB Policy on Internal Audit.

Ever-greening of the Plan

The risk-based audit plan will be updated, where justified on the basis of risk and urgency, as departmental and related environmental risks change. This "ever-green" approach will enable the Audit and Assurance Services Branch to ensure that internal audit activity remains relevant and effective. Modifications to the plan will be presented at AEC meetings and submitted to the Deputy Minister for approval.

The Audit and Assurance Services Branch will also continue to monitor the scope and timing of external audits (e.g. OAG, OCG, Public Service Commission, Office of the Commissioner of Official Languages) in order to optimize coverage and minimize duplication of effort.

Level of Activity and Direct Resource Requirements

The Three-Year Plan identifies that some seventeen audit projects will be carried out on an annual basis. While the level of audit effort will vary from project to project, it is the Audit and Assurance Services Branch's professional opinion that this level of activity is the minimum necessary to provide adequate and meaningful risk-based coverage of the programs and corporate functions of INAC and to meet the requirements of the Treasury Board Policy.

The Branch has been advised that this level of activity is commensurate with that required and undertaken in other government departments of similar size.

Apart from variations in the objectives and scope of audit projects, the cost of carrying out individual audit projects will also vary considerably depending on:

whether internal or external contract resources are employed
whether contract work is done through large nationally recognized professional organizations or through mid-size locally based firms
whether the engagement requires general audit skills or a high degree of expertise and
whether or not travel is required.

For purposes of identifying initial resource requirements, the Audit and Assurance Services Branch has assumed, based on experience, that its average portfolio of seventeen audit projects will normally be comprised of 3-5 large projects at an expected cost of $250,000 each (in contract dollar terms), 5-7 medium size projects with an expected cost of $150,000 each, and 6-8 small projects with an expected cost of $75,000 each. These assumptions result in an annual requirement for a budget equivalent to $2,500,000 in contract funds. Appendix E details the anticipated costs of audit projects in the Three-Year Plan.

Based on these assumptions, the Audit and Assurance Services Branch foresees a potential shortfall of $900,000 in 2007-2008.

Infrastructure and Non-Core Resource Requirements

In addition to the resource requirements for the carrying out of audit projects, the Audit and Assurance Services Branch also faces significant demands on its existing resource base to:

serve as the Departmental liaison with the Office of the Auditor General and the Commissioner for the Environment and Sustainable Development
represent INAC in the planning, conduct and reporting of forensic audits (unfunded responsibility of increasing importance)
provide advice, guidance and challenge on the performance of risk assessments and related mitigation strategies and on the preparation of Risk-Based Audit Frameworks and related Treasury Board submissions (unfunded responsibility recently assumed)
support the establishment and operation of an independent Audit Committee as required by the Internal Audit Policy, e.g. an Audit Committee Charter and an Internal Audit Mandate
formalize and inculcate a set of professional standards and practices (e.g. Audit Manual, Code of Ethics, Quality Assurance) that will enhance the capacity of the Branch to add value.

Challenges to Achievement of the Audit Plan

The Audit and Assurance Services Branch recognizes that its recommended Plan is very ambitious, especially in terms of its approval late in the first quarter of the fiscal year, but believes that it is an essential first step in achieving full compliance with the Internal Audit Policy by April 1, 2009.

The extent to which the Branch is able to achieve full implementation of the Plan is dependent, however, on a number of factors:

the Branch must be largely successful by the end of the second quarter in its current efforts to staff five approved audit manager positions
the Branch must be able to engage competent audit managers on a temporary help contractual basis pending staffing of permanent positions
the Branch must be able to limit the extent to which its resources are detracted into non-core, non-funded activities
the Branch may have to respond to OCG (yet to be determined) requirements for government-wide audit activity or for providing holistic opinions
the Branch may have to respond to emerging INAC or government-wide priorities or issues and
the Branch may need additional contract dollars (as noted above).

The Audit and Assurance Services Branch will provide an update to the Audit Committee at each of its meetings on the progress it is making in implementing the Plan and the challenges it is facing in so doing.

Appendix A – Auditable Units

Departmental Programs

1. Self Government/Claims
2. Band Support Funding
3. Capacity Development
4. Capital Facilities and Maintenance
5. Economic Development
6. Federal Interlocutor
7. Emergency
8. Natural Resources and Environmental Management
9. Child and Family Services
10. Income Assistance
11. Elementary and Secondary Schools
12. Post Secondary Schools
13. Other Education
14. Youth Employment Strategy
15. Family Violence and Other Social Services
16. Registration and Membership
17. Food Mail

Corporate Functions
Financial and Asset Management
1. Financial Planning, Budgeting and Forecasting
2. External Reporting (Financial Statements Audit Readiness)

a. Controls over Financial Reporting

b. Accrual Accounting

c. Public Accounts

d. DPR/RPP

3. Contingent Liabilities
4. Environmental Liabilities
5. Special Purpose Accounts (Trusts)

6. Proactive Disclosure

7. Revenues
8. Travel and Hospitality
9. Loans and Accounts Receivable
10. Delegation of Financial Authority

a. Policies

b. Compliance

11. Flow Through Funding –

a. NAP

b. Non-INAC

12. Compliance Monitoring

a. Financial

b. Horizontal

13. Fixed Asset, Property and Materiel Management

a. Physical Security

b. Materiel Management

14. Procurement/Contracting

a. Acquisition Cards

15. Memberships

Human Resources Management and Services
1. Planning and Resourcing

a. Staffing

b. Security Screening

2. Organizational Design and Classification
3. Compensation and Benefits (Payroll)
4. Training and Development
5. Labour Relations
6. Occupational Health and Safety

Information Management and Technology
1. Policy, Planning and Management
2. Applications Development and Support

a. Current Systems

i. Program Systems

ii. Management Support Systems (e.g. Financial, HR, Materiel)

iii. Workplace Systems

b. Systems under Development

d. Data Services

e. Telecommunications

4. Documentation and Records Management

a. Information Security
5. Library and Information Centre

6. Aboriginal Connectivity
Corporate Governance
1. Strategic Policy and Planning
a. Research
i. Aboriginal Peoples Survey
ii. Legislation
2. ATIP
3. Official Languages
4. Values and Ethics
a. Staff Ombudsman
5. Complaints and Allegations

6. Continuity of Operations

a. Crises

b. Emergencies

7. Communications

a. Internal

b. External

8. Legal Services and Litigation Management
9. Corporate Secretary
10. Departmental Audit and Evaluation
11. Sustainable Development

a. Contaminated Sites

12. Risk Management

a. Follow-up of Audit and Evaluation Recommendations

b. Policies and Practices

c. Corporate Risk Profile

d. Intervention Policy

Regional Management

1. B. C. Region
2. Alberta Region
3. Saskatchewan Region
4. Manitoba Region
5. Ontario Region
6. Quebec Region
7. Atlantic Region
8. Yukon Region
9. NWT Region
10. Nunavut Region

Appendix B1 – Core Controls – Oversight Priorities

Appendix B2 – Coverage of Core Controls – Oversight Priorities by Recommended Audit Projects

High and Medium Priority Core Controls: Audit Projects:	1. Risk Management	2. Recruitment, Hiring amp; Promotion	3. Strategic Direction and Objectives	4. Compliance Monitored	5. Policy and Programs	6.Reliance on FNs Audited Financials
Capital Facilities and Maintenance	X		X	X	X	X
Income Assistance	X		X	X	X	X
Child and Family Services (Follow-up)	X		X	X	X	X
Registration and Membership	X		X	X	X
Post Secondary Education	X		X	X	X	X
Capacity Development	X		X	X	X	X
Aboriginal Business Canada (Follow-up)	X		X	X	X
Specific Claims (Preliminary Survey	X		X
OFI Management Control Framework	X		X	X	X	X
Grants and Contributions – Departmental Controls	X			X	X	X
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)	X
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll	X
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)	X		X		X
Human Resources Planning and Resourcing	X	X	X	X	X
Complaints and Allegations (Special Study)	X	X	X	X
Regional Headquarters	X	X	X	X	X	X
Implementation of the Yukon Devolution Transfer Agreement	X			X
Healthy Northern Communities – Knowledge and Adaptation	X		X	X

Appendix B2 – Coverage of Core Controls – Oversight Priorities by Recommended Audit Projects - continued

High and Medium Priority Core Controls: Audit Projects:	7.Transfer Payments	8.Results amp; Perfor- mance Measurement	9.Contract Management	10.Operational Planning	11.Intervention Policies and Procedures	12.Management of Change	13.Developing Employee Skills
Capital Facilities and Maintenance	X	X		X
Income Assistance	X	X		X
Child and Family Services (Follow-up)	X	X		X
Registration and Membership	X	X	X	X
Post Secondary Education	X	X		X
Capacity Development	X	X		X
Aboriginal Business Canada (Follow-up)	X	X		X
Specific Claims (Preliminary Survey				X
OFI Management Control Framework	X	X	X	X		X
Grants and Contributions – Departmental Controls	X	X			X		X
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)		X	X	X		X
Human Resources Planning and Resourcing		X		X		X	X
Complaints and Allegations (Special Study)	X		X		X
Regional Headquarters	X	X	X	X	X	X	X
Implementation of the Yukon Devolution Transfer Agreement	X	X		X			X
Healthy Northern Communities – Knowledge and Adaptation	X	X		X		X

Appendix B2 – Coverage of Core Controls – Oversight Priorities by Recommended Audit Projects - continued

High and Medium Priority Core Controls: Audit Projects:	14.Sustainable HR Policies and HR Planning	15.Knowledge and Talent Management	16.Governance and Oversight of Collaborative Initiatives	17.Accountabilities for Collaborative/ Horizontal Initiatives	18.Authority, Responsibility and Accountability	19.SUDs
Capital Facilities and Maintenance			X	X	X
Income Assistance			X	X	X
Child and Family Services (Follow-up)			X	X	X
Registration and Membership					X	X
Post Secondary Education					X
Capacity Development			X	X	X
Aboriginal Business Canada (Follow-up)					X
Specific Claims (Preliminary Survey
OFI Management Control Framework			X	X	X
Grants and Contributions – Departmental Controls					X
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)					X
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)					X	X
Human Resources Planning and Resourcing	X	X
Complaints and Allegations (Special Study)					X
Regional Headquarters	X	X			X
Implementation of the Yukon Devolution Transfer Agreement			X	X
Healthy Northern Communities – Knowledge and Adaptation					X

End Notes:
1, 3, 5. A standalone audit of Risk Management, Strategic Policy and Planning and Values and Ethics is scheduled for 2008-09

4. A standalone audit of Compliance Monitoring is scheduled for 2009-10

9. An audit of departmental contracting was completed in 2006-07. Another standalone audit is scheduled for 2009-10

12. Management of change was followed very closely by Developing Employee Skills, Sustainable HR Policies and Practices, and Knowledge and Talent Management – all areas suitable for inclusion in the HR Planning and Resourcing Audit. In addition, an audit of Training and Development is scheduled for 2008-09

13. amp; 15. Training and Development is scheduled for audit in 2008-09

19. A system in operation or under development is scheduled to be audited in each year of the Plan

Appendix C1 – PAA – Oversight Priorities

Appendix C2 – Coverage of PAA – Oversight Priorities by 2007-08 Recommended Audit Projects

High and Medium Priority Core Controls: Audit Projects:	1.Elementary & Secondary Education	2.Infrastructure Facilities	3.Post-Secondary Education	4.Income Assistance	5.Contamin-ated Sites	6.Housing
Capital Facilities and Maintenance		X				X
Income Assistance				X
Child and Family Services (Follow-up)
Registration and Membership
Post Secondary Education			X
Capacity Development
Aboriginal Business Canada (Follow-up)
Specific Claims (Preliminary Survey
OFI Management Control Framework
Grants and Contributions – Departmental Controls	X	X
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll		X			X
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)
Human Resources Planning and Resourcing
Complaints and Allegations (Special Study)
Regional Headquarters	X	X				X
Implementation of the Yukon Devolution Transfer Agreement
Healthy Northern Communities – Knowledge and Adaptation

Appendix C2 – Coverage of PAA – Oversight Priorities by 2007-08 Recommended Audit Projects - continued

High and Medium Priority Core Controls: Audit Projects:	7.Negotiation of Claims and Self-Government	8.FNs Child and Family Services	9.Mgt. of Lands and Resources	10.Supporting Governments	12.Education Facilities
Capital Facilities and Maintenance					X
Income Assistance
Child and Family Services (Follow-up)		X
Registration and Membership					X
Post Secondary Education
Capacity Development				X
Aboriginal Business Canada (Follow-up)
Specific Claims (Preliminary Survey	X
OFI Management Control Framework
Grants and Contributions – Departmental Controls
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll			X
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)
Human Resources Planning and Resourcing
Complaints and Allegations (Special Study)
Regional Headquarters
Implementation of the Yukon Devolution Transfer Agreement	X		X
Healthy Northern Communities – Knowledge and Adaptation

End Notes:
1. Because Elementary and Secondary Education is undergoing major reform, audit is scheduled for 2008-09

5. Contaminated Sites will also be examined in an Audit of Natural Resources and Environmental Management scheduled for 2008-09

7. Negotiations of Claims and Self-Government will also be covered through an Audit of Specific Claims in 2008-09 and a Preliminary Survey of other Self Government/Claims components in 2008-09

9. Management of Lands and Resources will also be covered in an Audit of Natural Resources and Environmental Management scheduled for 2008-09

Appendix D1 – Authorities – Oversight Priorities

Appendix D2 – Coverage of Authorities – Oversight Priorities by 2007-08 Recommended Audit Projects

High and Medium Priority Funding Areas: Audit Projects:	1.Capital Facilities & Maintenance	2.Education	3.Social Development	4.Indian Government Support	5.Economic Development	6.Comp. Land or Self Government Agreements	7.Governance, Administrative & Accountability Systems
Capital Facilities and Maintenance	X
Income Assistance			X
Child and Family Services (Follow-up)			X
Registration and Membership
Post Secondary Education			X
Capacity Development				X			X
Aboriginal Business Canada (Follow-up)					X
Specific Claims (Preliminary Survey)							X
OFI Management Control Framework
Grants and Contributions – Departmental Controls	X	X	X
External Reporting – (Financial Statements Audit Readiness)- Preliminary Survey)
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts), and Payroll
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support (Preliminary Survey) Development and Support (Preliminary Survey)
Human Resources Planning and Resourcing
Complaints and Allegations (Special Study)
Regional Headquarters	X	X	X	X	X		X
Implementation of the Yukon Devolution Transfer Agreement						X
Healthy Northern Communities – Knowledge and Adaptation			X

Appendix E – Resource Requirements for the Three-Year Audit Plan

2007-08 Audit Projects	2007-08 Contract Dollars	2008-09 Audit Projects	2008-09 Contract Dollars	2009-10 Audit Projects	2009-10 Contract Dollars
Audit of Capital Facilities and Maintenance	$250,000	Audit of Specific Claims Audit of Self Government including Comprehensive Claims (PS)	$250,000	Audit of Income Assistance	$250,000
Audit of Income Assistance	$75,000	Audit of the Office of the Federal Interlocutor's Contribution Programs	$75,000	Audit of Economic Development	$250,000
Follow-up Audit of First Nations Child and Family Services	$150,000	Audit of Grants and Contributions – Departmental Controls (Scope TBD)	$250,000	Audit of Self Government/Claims (Scope TBD)	$250,000
Audit of Registration and Membership	$150,000	Audit in Support of External Reporting (Scope TBD)	$250,000	Audit of Grants and Contributions – Departmental Controls (Scope TBD)	$250,000
Audit of Post Secondary Education	$150,000	Post-Implementation audit of FNITP and Audit of System Under Development or Application in Place – TBD	$250,000	Audit in Support of External Reporting (Scope TBD)	$250,000
Audit of Capacity Development	$250,000	Audits of Regional Headquarters	$250,000	Audit of System Under Development or Application in Place – TBD	$150,000
Follow-up Audit on the IC 2006 Audit of Aboriginal Business Canada	$75,000	Audit of Elementary and Secondary Schools	$250,000	Audits of Regional Headquarters	$250,000
Preliminary Survey of Specific Claims	$75,000	Audit of Band Support Funding	$150,000	Audit of Other Education	$75,000
Audit of the Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement	$150,000	Audit of Natural Resources and Environmental Management	$150,000	Audit of Emergency	$75,000
Audit of the Office of the Federal Interlocutor's Management Control Framework	$75,000	Audit of Northern Air Stage Funding Subsidy	$75,000	Audit of Family Violence and other Social Services	$150,000
Audit of Grants and Contributions – Departmental Controls	$250,000	Audit of Entity Controls – Risk Management, Strategic Policy and Planning, and Values and Ethics	$150,000	Audit of Communication (Scope TBD)	$75,000
External Reporting – Financial Readiness – Preliminary Survey	$100,000	Audit of Documentation and Records Management	$150,000	Audit of Financial Planning, Budgeting and Forecasting	$150,000
Audit of Contingent Liabilities, Special Purpose Accounts (Trusts) and Payroll	$150,000	Preliminary Survey of Internal and External Communications	$75,000	Audit of Procurement/Contracting	$150,000
IM/IT Policy, Planning and Management and Applications Development and Support – Preliminary Survey	$150,000	Audit of Revenues, Loans and Accounts Receivable, and Flow Through Funding	$150,000	Audit of Compliance Monitoring	$75,000
Audit of Human Resources Planning and Resourcing	$150,000	Audit of Training and Development	$150,000	Audit of Travel and Hospitality	$150,000
Complaints and Allegations – Special Study	$75,000	Audit of Legal Services and Litigation Management – Preliminary Survey	$150,000	Audit of IT Security	$150,000
Audits of Regional Headquarters	$150,000			Audit of Organization Design and Classification	$150,000
Audit of Healthy Northern Communities – Knowledge and Adaptation	$75,000
Total Requirement	$2,500,000		$2,700,000		$2,750,000
Current Contract Allocation	$1,350,000		$1,350,000		$1,350,000
Convertible from Salary (Staffing Delays)	$250,000		$0		$0
Shortfall	$900,000		$1,350,000		$1,400,000

Return to Table of Contents

Did you find what you were looking for?

What was wrong?

I can't find the information

The information is hard to understand

There was an error or something didn't work

Other reason

Please provide more details

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Date modified:: 2010-09-15