Archived - Risk-Based Audit Plan 2011-2012 to 2013-2014
Archived information
This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
PDF Version (326 Kb, 29 Pages)
Table of Contents
- Introduction
- The Role and Scope of Internal Audit
- Risk-Based Audit Planning Approach
- The Three Year Risk-Based Audit Plan
- Resource Considerations
- Appendix A - INAC Audit Universe
- Appendix B - Linkage of 2011-2012 Audits to the Corporate Risk Profile
- Appendix C - Linkage of 2011-2012 Audits to MAF Elements
- Appendix D - 2011-2012 Audit Projects
- Appendix E - Changes to the Audit Plan
- Appendix F - Resource Utilization
Introduction
The Treasury Board Policy on Internal Audit (2009) seeks to support strong and accountable public sector management by ensuring effective internal auditing. In response to this requirement, INAC has developed this three-year Risk-Based Audit Plan. This plan details the assurance services that Audit and Assurance Services Branch will provide, independent of line management, to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.
Purpose
This document was prepared by Indian and Northern Affairs Canada, Audit and Assurance Services Branch (AASB) for the Deputy Minister who is advised by an independent, external five (5) member Audit Committee. It outlines the Risk-Based Audit Plan 2011-2012 to 2013-2014 for Indian and Northern Affairs Canada (INAC). The plan has been designed to support the allocation of audit resources to those areas that represent the most significant priorities for INAC and to respond to requirements of the Treasury Board Policy on Internal Audit (2009).
Document Organization
The Role and Scope of Internal Audit
Internal audit plays a vital role in governance and accountability. Without a strong, objective and independent assurance function, the effectiveness of the overall governance framework of the organization is severely weakened. With an effective internal audit function, there is greater confidence that the decisions being taken are informed by appropriate information on risk and control. Internal audit's systematic and disciplined approach adds value and improves an organization's operations.
Through the Federal Accountability Act (2006) and Action Plan, the Government of Canada committed to strengthen auditing and accountability within departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility, and by enhancing the internal audit function.
The role of the INAC internal audit function, in conjunction with the Audit Committee, is to ensure that INAC's Deputy Minister and the Comptroller General of Canada, are provided with assurance, independent from line management, on the department's risk management, control and governance processes. The internal audit function fulfills this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the department's risk management, control and governance processes.
The scope of work of the internal audit function is to determine whether INAC's network of risk management, control, and governance processes (as designed and represented by management) is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed;
- Financial, managerial, and operating information is accurate, reliable, and timely;
- Compliance with policies, standards, procedures, and applicable laws and regulations is achieved;
- Resources are acquired economically, used effectively, and adequately protected;
- Programs, plans, and objectives are achieved;
- Quality and continuous improvement are fostered in the department's control processes; and
- Legislative or regulatory issues affecting the department are recognized and addressed properly.
When opportunities for improving management control, governance, or resource stewardship are identified during audits, they are communicated to the suitable level of management so that appropriate action can be taken.
The internal audit function plays an important role in supporting departmental operations. It provides assurance on all important aspects of the risk management strategy and practices, management control frameworks and practices and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive advice and recommendations. In this way, internal audit contributes to enhanced accountability and performance.
Treasury Board Policy Requirements
INAC is subject to the Treasury Board Policy on Internal Audit (2009). This policy states that the internal audit function in the Government of Canada is a professional, independent appraisal function that provides objective, substantiated conclusions as to how well an organization's risk management, control and governance processes are designed and working.
The Policy on Internal Audit (2009) further clarifies that the focus of internal audit is on all management systems, processes and practices, including the integrity of financial and non-financial information. The policy requires that the Deputy Minister approve a risk-based audit plan that identifies and addresses areas of highest risk and significance, including audits identified by the Office of the Comptroller General as part of government-wide or sectoral coverage. The Audit Committee is required to review the audit plan and advise the Deputy Minister on its adequacy.
Recent changes to the Internal Audit Policy have removed the requirement that the Chief Audit Executive provide an annual holistic opinion. However, the Internal Audit Policy (2009) now requires the audit plan to "perform risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the department." The Treasury Board Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General directs that the risk based audit plan focus predominantly on the provision of assurance services.
The Government of Canada has adopted the Institute of Internal Auditors' (IIA) Professional Practices Framework, including the International Standards for the Professional Practice of Internal Auditing (IIA Standards) for internal auditing in the Government. AASB conducts its work in accordance with these standards.
Strategy for Assurance Reporting on Risk Management, Control & Governance Processes
One of the cornerstones of the Policy on Internal Audit (2009) is the requirement that the Chief Audit Executive provide annual assurance overview reporting on departmental risk management, control and governance processes. In support of annual reporting for these three elements, the audit plan aims to achieve sufficient coverage of all elements of the Treasury Board's Management Accountability Framework (MAF) and Core Management Controls Framework. Together, these frameworks describe departmental risk management, control and governance processes for an effectively controlled and accountable department.
The Chief Audit and Evaluation Executive's annual assurance report, together with other inputs such as the Chief Financial Officer's Statement on Internal Control as well as information gleaned from other assurance providers, collectively provide departmental Senior Management and the Comptroller General with assurance on the state of the Department's risk management, controls and governance processes.
Risk-Based Audit Planning Approach
To meet the expectations of the Treasury Board Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General for audit plans, a risk-based approach was used. This approach allows audit resources to be targeted to areas of highest risk.
In establishing priorities for the Risk-Based Audit Plan, AASB employs a risk-based approach to annual audit planning, consistent with guidance from the Office of the Comptroller General (OCG). The approach includes assessments of risk and significance for each of the INAC program activities (51 entities) and internal services (31 entities) aligned to the INAC Program Activity Architecture (PAA) (see INAC Audit Universe in Appendix A).
In preparing the three-year audit plan, AASB's prioritization of auditable units was completed based on information gathered through extensive review of corporate documents such as the departmental risk profiles, departmental plans and priorities, performance reports, budgets, results of past audits, evaluations and reviews, and results from last year's risk-based planning exercise. An auditable unit is an entity that is definable and has discrete objectives that would be the subject of an audit. The audit universe is the collection of the auditable entities. The audit universe was reviewed to confirm that the existing auditable units were still valid and to add or delete any auditable units so that the universe reflects the current PAA and business environment. AASB met with members of INAC's Senior Management Committee to gain a better understanding of their priorities, risks in their sectors as well as other areas of the department, and to discuss planned and potential audits. AASB has also connected with external stakeholders (Office of the Comptroller General and the Office of the Auditor General) to get their input in the risk assessment and identification and timing of potential audits.
Conduct and Timing of an Internal Audit
Once approved, the Risk-Based Audit Plan provides AASB with the Deputy Minister's direction on what specific audits should be undertaken in the coming year. Each audit consists of the following phases:
The Planning Phase is undertaken to gain an understanding of the objectives, activities, key risks and controls of the area subject to audit. The audit objectives and scope are finalized and audit criteria are established. During the Conduct Phase, auditors carry out the audit program to ascertain whether each audit criterion is satisfied. Auditors conduct interviews, review documentation, perform analysis, observe activities and employ other techniques to obtain sufficient, relevant and reliable information to reach conclusions and support preliminary findings. Findings are reviewed with management to validate accuracy.
During the Reporting Phase, the draft audit report is prepared outlining background and context, and the auditor's findings, conclusions and recommendations. Management prepares a Management Response and Action Plan outlining their response to the findings as well as the corrective action planned to mitigate the identified control gaps.
In the Follow-up Phase, a follow-up is performed to ensure that the required measures have indeed been implemented.
The audit may take from three (3) to twelve (12) months depending on the size and complexity of the area subject to audit as well as the specific scope and objectives of the engagement.
Several audit planning and prioritization workshops were held with INAC internal audit staff. During the workshops, AASB participants engaged in discussions to analyze and put in priority order each auditable unit based on assessments of risk level, significance and legal risk. Risk level is defined as the level of risk to which each entity is exposed and considers the auditable unit's current and anticipated business conditions, the presence of risk factors and the impact of specific risk exposures. Significance considers the relative importance of the program activity or internal service to the achievement of the department's overall objectives. Significance includes materiality of the entity and its intrinsic importance to the department. Legal risk considers the level of exposure to legal issues that may affect the activities of the department. The methodology employed for the assessment of risk is aligned to the departmental corporate risk tolerances, as defined in the INAC corporate risk assessment scales.
In accordance with the OCG's guidance on risk-based audit planning, once units in the audit universe were analyzed based on risk and significance, a final audit priority rank was assigned. The second pass allowed AASB staff to determine the final audit priority ranking of each auditable unit by considering additional factors including priorities of the OCG where horizontal audits are planned and the activities of the Office of the Auditor General (OAG). Planned evaluations, the corporate risk profile, recent audits, and audits already underway were also considered. The result was a final audit priority rating of the auditable units.
Following that exercise, AASB held two consultation sessions with Directors and Directors General from across the department to discuss the priority rankings and potential audits. Modifications were made to the risk and significance assessment of auditable units to adjust ratings to reflect new information. The information and perspectives gathered during these sessions were particularly useful in informing the potential scope and timing of planned audits.
Finally, the three-year audit plan was developed taking into account the following planning considerations:
- The Risk-Based Audit Plan should be a body of work that can be reasonably achieved with AASB's current staff complement and operating budget;
- Annual allocations should be made to address two OCG-directed audits per year and four emerging (OAG, Public Service Commission or management) projects or advisory engagements per year;
- Any mandated audits scheduled by central agencies may influence the Audit Plan timelines. Support required by the OAG should be scheduled on a priority-basis;
- Audit units assessed as very high and high priority should be given priority and audited once in the three year-cycle, resources permitting;
- Audit units assessed as medium priority should only be considered for audit if all high priority units are covered or if coverage is required to support the Chief Audit and Evaluation Executive's annual assurance report or INAC management priorities;
- Adequate coverage of corporate risks identified in the corporate risk profile should be obtained;
- A reasonable allocation of effort should be included to conduct follow-up reviews and audit procedures to assess the adequacy of management actions in addressing past audit recommendations;
- The timing of activities should take into account program evaluations and OAG audits, so as not to place an unreasonable burden on any one corporate entity and to avoid duplication of effort; and
- The three-year plan should ensure sufficient coverage of risk management, control and governance processes to support the Chief Audit and Evaluation Executive's annual assurance report.
The plan is also presented to Audit Committee members for their review and recommendation for approval by the Deputy Minister.
The Three Year Risk-Based Audit Plan
This section presents an overview of the INAC 2011-12 to 2013-14 Risk-Based Audit Plan. As described in detail in the Risk-Based Audit Planning Approach section, INAC internal audit priorities for the upcoming three years are based on a set of planning considerations and AASB assessments of risk and significance for auditable units or because they are a condition of renewal or change. The INAC Audit Universe (Appendix A) encompasses all significant activities performed by INAC in support of its mandate. It is comprised of program activities and internal services at the sub-activity level, and serves as the basis from which audit priorities are selected. In prioritizing the INAC audit universe, AASB performed extensive interviews, review of corporate documents, completed three internal prioritization workshops and two consultation workshops with management. The distribution of the final priority ranking of these units is illustrated in the figure to the right.
Auditable Unit Priority Rankings
Auditable Unit Priority Rankings - Pie Chart
The chart illustrates the final priority rankings for each auditable unit of INAC's audit universe. The priority rankings are as follows:
- Very High: 15% or 12 auditable units
- High: 28% or 23 auditable units
- Moderate: 38% or 31 auditable units
- Low: 17% or 14 auditable units
- Not rated: 2% or 2 auditable units
Audit Coverage
INAC's Three Year Risk-Based Audit Plan meets Treasury Board expectations that the plan addresses areas of higher risk and significance through appropriate audit coverage of these areas.
This section describes how the plan appropriately addresses areas of higher risk and significance. The chart to the right summarizes the audit coverage over the three years of the plan. There is complete coverage of all Very High ranked units. For entities rated High, there is 91% coverage, the remainder having been covered by recent INAC audits or PSC audits. The coverage of moderate ranked units is 9% (due to participation in an OCG audit of an entity considered moderate risk by INAC), while coverage of low priority auditable units is 0%.
Coverage of Auditable Units
Coverage of Auditable Units (histogram)
The chart illustrates the Risk-Based Audit Plan's coverage of auditable units. In determining the coverage of auditable units, priority was given to auditable units that received a final priority ranking of "Very High" or "High". The coverage of auditable units is as follows:
- Very High: 100%
- High: 91%
- Moderate: 9%
- Low: 0%
The Corporate Risk Profile is management's point in time reflection of the most significant risks that threaten 'achievement of INAC's mandate and AASB seeks to ensure that all of these risks are covered in the planned audits. The chart to the right summarizes the number of new and ongoing audits and preliminary surveys in the first year (2011-2012) and linkages to the corporate risks. Every corporate risk is covered by at least two assurance engagements (audits). Appendix B describes these linkages in greater detail.
Coverage of Corporate Risks
Audit Coverage of Corporate Risks (histogram)
The graph illustrates the extent to which INAC corporate risks are covered by the new and ongoing audits and preliminary surveys in 2011-2012. Please note that individual projects may cover one or more risk area. The coverage is as follows:
- Legal Risk: 7
- External Partnership Risk: 6
- Aboriginal Relationship Risk: 5
- Federal Partnership Risk: 6
- Resource Alignment Risk: 7
- Implementation Risk: 8
- Information for Decision Making: 3
- HR Capacity and Capabilities: 2
In support of the CAEE's annual reporting on departmental risk management, control and governance processes, the audit plan aims to achieve sufficient coverage of all elements of the Treasury Board's Management Accountability Framework (MAF) and Core Management Controls Framework. The chart to the right summarizes the extent to which these frameworks are covered in the planned audits and preliminary surveys for 2011-2012. Appendix C describes these linkages in greater detail. The only elements not covered by at least one audit are Effectiveness of Internal Audit and Effectiveness of Evaluation, both responsibilities of the CAEE. It should be noted that the role of the CAEE as Chief Audit Officer and Chief Evaluation Officer would present impairments to the internal auditor's independence and objectivity, should these functions be subject to internal audit.
Coverage of MAF / Core Management Control Elements
Coverage of MAF/Core Management Control Elements (histogram)
The graph illustrates the extent to which Management Accountability Framework (MAF) and Core Management Control elements are covered by all planned and on-going projects in 2011-2012. Please note that individual projects may cover one or more element. The coverage is as follows:
- Investment Planning and Management of Projects: 2
- Effectiveness of Asset Management: 3
- Effectiveness of Information Technology Management: 2
- Effectiveness of Information Management: 3
- Effective Procurement: 2
- Excellence in People Management: 1
- Integrated Risk Management: 8
- Effective Management of Security: 1
- Effectiveness of Financial Management and Control: 8
- Quality and Use of Evaluation: 0
- Effectiveness of Internal Audit Function: 0
- Citizen-focused Service: 4
- Governance and Planning: 7
- Managing for Results: 4
- Value-based Leadership and Organizational Culture: 2
The measures suggested by the IIA to mitigate any impairment will be employed during any such internal auditing engagement. The OAG has recently assessed both areas, Evaluating the Effectiveness of Programs (Fall 2009) and Effectiveness of Internal Audit (report expected Spring 2011).
2011-2012 to 2013-2014 Audit Plan
Table 1 below outlines the number of planned audits, OCG audits and preliminary surveys for each of the three years of the plan.
| 2011-12 | 2012-13 | 2013-14 | ||
|---|---|---|---|---|
| Ongoing | New Projects | New Projects | New Projects | |
| Audits | 4 | 6 | 9 | 9 |
| OCG Audits | 2 | 1 | ||
| Preliminary Surveys | 2 | 1 | 1 | 1 |
| Total | 6 | 9 | 11 | 10 |
Table 2, accessible via the link below, presents a three-year view of the audit plan that sets out the recommended projects over the period from 2011-2012 to 2013-2014. For each project, the final priority ranking and current and planned audits are outlined. Each of the planned audits for the auditable unit is listed over the three-year period.
At the end of the three-year plan, audits and reviews of all high risk and significant ranked auditable units will have been started, allowing INAC to achieve the coverage required by the Policy on Internal Audit (2009).
| Priority | 2010-2011 (ongoing) |
2011-2012 (Year 1) |
2012-2013 (Year 2) |
2013-2014 (Year 3) |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | ||
| Ongoing (projects that commenced in 2010-11 and will carry forward into 2011-12) * AC indicates quarter in which the project should be tabled at the INAC Audit Committee | |||||||||||||||
| 1. Audit of Infrastructure | Very High | AC | |||||||||||||
| 2. System Under Development Audit of the Indian Registry System | Very High | AC | |||||||||||||
| 3. Audit of the Delegation of Authorities, Organizational Design and Classification | High | AC | |||||||||||||
| 4. Audit of Business Continuity Planning | Moderate | AC | |||||||||||||
| 5. Preliminary Survey of IM/IT Governance | High | AC | |||||||||||||
| 6. Preliminary Survey of Litigation Management | High | AC | |||||||||||||
| 2011-12 (projects commenced in 2011-12, some of which carry forward into 2012-13) | |||||||||||||||
| 1. Audit of Contracting (incl. exceptional contracting limits for Chief Federal Negotiator contracts) | Very High | AC | |||||||||||||
| 2. INAC Horizontal Audit of Grants and Contributions (Note- this is a recurring audit due to the importance to the department and level of materiality. Audit scope will be amended annually to reflect results of previous audits.) | Very High | AC | |||||||||||||
| 3. Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | Very High | AC | |||||||||||||
| 4. Implementation Audit of Child and Family Services Prevention Focused Approach | Very High | AC | |||||||||||||
| 5. Audit of Environmental Management & Contaminated Sites - South of 60 | Very High | AC | |||||||||||||
| 6. Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | High | AC | |||||||||||||
| 7. OCG Audit of the Management of Horizontal Issues | Moderate | AC | |||||||||||||
| 8. OCG Horizontal Audit of Information Management | Very High | AC | |||||||||||||
| 9. Preliminary Survey of Implementation of Modern Treaty Obligations & Additions to Reserves | Very High | AC | |||||||||||||
| 2012-13 (projects commenced in 2012-13, some of which carry forward into 2013-14) | |||||||||||||||
| 1. Audit of Income Assistance | Very High | AC | |||||||||||||
| 2. Audit of Management of Negotiation Loans | Very High | AC | |||||||||||||
| 3. Audit of Housing Certification and Ministerial Loan Guarantee Processes | High | AC | |||||||||||||
| 4. Audit of Northern Contaminated Sites | High | AC | |||||||||||||
| 5. Audit of INAC Support to the Specific Claims Process | High | AC | |||||||||||||
| 6. Audit of Post-Secondary Education | High | AC | |||||||||||||
| 7. Audit of the Management of the Strategic Policy Process | High | AC | |||||||||||||
| 8. Audit of Financial Budgeting and Forecasting | High | AC | |||||||||||||
| 9. Follow up Audit of INAC Implementation of Government of Canada Payroll Interface | High | AC | |||||||||||||
| 10. OCG Horizontal Audit of G&C's MCF Phase 2 | Very High | AC | |||||||||||||
| 11. Preliminary Survey of Lands Management | High | AC | |||||||||||||
| 2013-14 (projects commenced in 2013-14, some of which carry forward into 2014-15) | |||||||||||||||
| 1. Audit of Elementary and Secondary Schools | Very High | AC | |||||||||||||
| 2. Post Implementation Audit of Education Information System | Very High | ||||||||||||||
| 3. Audit of Community focused Economic Development Programming | Very High | AC | |||||||||||||
| 4. INAC Horizontal Audit of Grants and Contributions (Note- this is a recurring audit due to the importance to the department and level of materiality. Audit scope will be amended annually to reflect results of previous audits.) | Very High | ||||||||||||||
| 5. Audit of Information Technology Security | High | ||||||||||||||
| 6. Audit of Financial Reporting | High | ||||||||||||||
| 7. Audit of Nutrition North | High | AC | |||||||||||||
| 8. Audit of Capacity Development Programs | High | ||||||||||||||
| 9. Audit of Management of Moneys | High | ||||||||||||||
| 10. Preliminary Survey of Northern Oil and Gas | High | AC | |||||||||||||
The table presents a three-year view of the audit plan that sets out the ongoing and planned projects over the period from 2011-2012 to 2013-2014. For each project, the final priority ranking and planned timeline are outlined. In addition, the table notes the estimated Audit Committee presentation tabling dates for each project.
The ongoing and planned projects, priority ranking, timeframes, and the anticipated Audit Committee presentation date are as follows:
Ongoing (projects that commenced in 2010-11 and will carry forward into 2011-12)
Audit of Infrastructure
- Priority: Very High
- Timeframe: Q3 2010-2011 to Q1 2011-2012
- Audit Committee presentation date: Q1 2011-2012
System Under Development Audit of the Indian Registry System
- Priority: Very High
- Timeframe: Q4 2010-2011 to Q2 2011-2012
- Audit Committee presentation date: Q2 2011-2012
Audit of the Delegation of Authorities, Organizational Design and Classification
- Priority: High
- Timeframe: Q4 2010-2011 to Q3 2011-2012
- Audit Committee presentation date: Q3 2011-2012
Audit of Business Continuity Planning
- Priority: Moderate
- Timeframe: Q3 2010-2011 to Q1 2011-2012
- Audit Committee presentation date: Q1 2011-2012
Preliminary Survey of IM/IT Governance
- Priority: High
- Timeframe: Q4 2010-2011 to Q1 2011-2012
- Audit Committee presentation date: Q1 2011-2012
Preliminary Survey of Litigation Management
- Priority: High
- Timeframe: Q4 2010-2011 to Q2 2011-2012
- Audit Committee presentation date: Q2 2011-2012
2011-12 (projects started in 2011-12, some of which carry forward into 2012-13)
Audit of Contracting (incl. exceptional contracting limits for Chief Federal Negotiator contracts)
- Priority: Very High
- Timeframe: Q1 2011-2012 to Q3 2011-2012
- Audit Committee presentation date: Q3 2011-2012
INAC Horizontal Audit of Grants and Contributions (Note- this is a recurring audit due to the importance to the department and level of materiality. Audit scope will be amended annually to reflect results of previous audits.)
- Priority: Very High
- Timeframe: Q2 2011-2012 to Q4 2011-2012
- Audit Committee presentation date: Q4 2011-2012
Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences
- Priority: Very High
- Timeframe: Q4 2011-2012 to Q1 2012-2013
- Audit Committee presentation date: Q1 2012-2013
Implementation Audit of Child and Family Services Prevention Focused Approach
- Priority: Very High
- Timeframe: Q3 2011-2012 to Q1 2012-2013
- Audit Committee presentation date: Q1 2012-2013
Audit of Environmental Management & Contaminated Sites - South of 60
- Priority: Very High
- Timeframe: Q1 2011-2012 to Q3 2011-2012
- Audit Committee presentation date: Q3 2011-2012
Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process
- Priority: High
- Timeframe: Q1 2011-2012 to Q3 2011-2012
- Audit Committee presentation date: Q3 2011-2012
OCG Audit of the Management of Horizontal Issues
- Priority: Moderate
- Timeframe: Q3 2011-2012 to Q4 2011-2012
- Audit Committee presentation date: Q4 2011-2012
OCG Horizontal Audit of Information Management
- Priority: Very High
- Timeframe: Q3 2011-2012 to Q4 2011-2012
- Audit Committee presentation date: Q4 2011-2012
Preliminary Survey of Implementation of Modern Treaty Obligations & Additions to Reserves
- Priority: Very High
- Timeframe: Q1 2011-2012 to Q2 2011-2012
- Audit Committee presentation date: Q2 2011-2012
2012-13 (projects started in 2012-13, some of which carry forward into 2013-14)
Audit of Income Assistance
- Priority: Very High
- Timeframe: Q1 2012-2013 to Q4 2012-2013
- Audit Committee presentation date: Q4 2012-2013
Audit of Management of Negotiation Loans
- Priority: Very High
- Timeframe: Q1 2012-2013 to Q3 2012-2013
- Audit Committee presentation date: Q3 2012-2013
Audit of Housing Certification and Ministerial Loan Guarantee Processes
- Priority: High
- Timeframe: Q1 2012-2013 to Q3 2012-2013
- Audit Committee presentation date: Q3 2012-2013
Audit of Northern Contaminated Sites
- Priority: High
- Timeframe: Q1 2012-2013 to Q3 2012-2013
- Audit Committee presentation date: Q3 2012-2013
Audit of INAC Support to the Specific Claims Process
- Priority: High
- Timeframe: Q2 2012-2013 to Q4 2012-2013
- Audit Committee presentation date: Q4 2012-2013
Audit of Post-Secondary Education
- Priority: High
- Timeframe: Q3 2012-2013 to Q1 2013-2014
- Audit Committee presentation date: Q1 2013-2014
Audit of the Management of the Strategic Policy Process
- Priority: High
- Timeframe: Q2 2012-2013 to Q4 2012-2013
- Audit Committee presentation date: Q4 2012-2013
Audit of Financial Budgeting and Forecasting
- Priority: High
- Timeframe: Q3 2012-2013 to Q1 2013-2014
- Audit Committee presentation date: Q1 2013-2014
Follow up Audit of INAC Implementation of Government of Canada Payroll Interface
- Priority: High
- Timeframe: Q4 2012-2013 to Q1 2013-2014
- Audit Committee presentation date: Q1 2013-2014
OCG Horizontal Audit of G&C's MCF Phase 2
- Priority: Very High
- Timeframe: Q3 2012-2013 to Q4 2012-2013
- Audit Committee presentation date: Q4 2012-2013
Preliminary Survey of Lands Management
- Priority: High
- Timeframe: Q1 2012-2013 to Q2 2012-2013
- Audit Committee presentation date: Q2 2012-2013
2013-14 (projects started in 2013-14, some of which carry forward into 2014-15)
Audit of Elementary and Secondary Schools
- Priority: Very High
- Timeframe: Q1 2013-2014 to Q4 2013-2014
- Audit Committee presentation date: Q4 2013-2014
Post Implementation Audit of Education Information System
- Priority: Very High
- Timeframe: Q2 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Audit of Community focused Economic Development Programming
- Priority: Very High
- Timeframe: Q1 2013-2014 to Q4 2013-2014
- Audit Committee presentation date: Q4 2013-2014
INAC Horizontal Audit of Grants and Contributions (Note- this is a recurring audit due to the importance to the department and level of materiality. Audit scope will be amended annually to reflect results of previous audits.)
- Priority: Very High
- Timeframe: Q2 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Audit of Information Technology Security
- Priority: High
- Timeframe: Q1 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Audit of Financial Reporting
- Priority: Very High
- Timeframe: Q2 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Audit of Nutrition North
- Priority: High
- Timeframe: Q1 2013-2014 to Q2 2013-2014
- Audit Committee presentation date: Q2 2013-2014
Audit of Capacity Development Programs
- Priority: High
- Timeframe: Q2 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Audit of Management of Moneys
- Priority: High
- Timeframe: Q2 2013-2014 to TBD 2014-2015
- Audit Committee presentation date: TBD 2014-2015
Preliminary Survey of Northern Oil and Gas
- Priority: High
- Timeframe: Q2 2013-2014 to Q3 2013-2014
- Audit Committee presentation date: Q3 2013-2014
The detailed audit plan for 2011-2012, including objective, scope and rationale, is presented in Appendix D. All audits will be conducted with a high level of assurance.
Changes to the Plan
The audit plan is an evergreen document and is updated annually with adjustments in-year if necessary. This year's audit plan is a continuation of the 2010-2011 to 2012-2013 Plan and as such, includes ongoing audits and audits carried forward that have been delayed or revised to reflect current business priorities and conditions. Details of these changes can be found in Appendix E.
Challenges to Achieving the Three Year Plan
INAC programs and services are delivered in a complex policy and political environment by a department with responsibility and accountability for meeting the needs of Canada's Aboriginal people and Northerners. INAC operates in a constantly evolving policy landscape and is shifting from a legalistic approach to a policy-based approach that is more focussed on reconciliation, partnerships, and the sustainable development of Aboriginal communities.
Two other factors complicating operations in the INAC context, as identified in the Corporate Risk Profile, are challenges related to the availability of timely, pertinent, consistent, and accurate information and second, the need to attract, recruit and retain sufficiently qualified experienced and representative human resources. Given this context, the plan was crafted to allow flexibility to respond to changes and emerging risks. The plan identifies resources to address unplanned INAC or government-wide priorities and to fully support the OCG's general requirements for government-wide audit activity.
Audit and Assurance Services Branch is in a rebuilding phase seeking to strengthen its internal staff capacity and capability. The audit community continues to face a shortage of qualified staff. In response, AASB has adopted a team approach where internal resources are supplemented with qualified contractors. This approach not only allows AASB to access required capability from the external community, it also facilitates transfer of knowledge and skills to internal resources thereby building internal capacity. To enable this team approach, AASB requires access to efficient contracting vehicles and efficient contracting services.
Audit and Assurance Services Branch will mitigate these challenges by ensuring that senior management closely monitors progress against the three-year plan and takes timely action to resolve any issues that arise. AASB will provide an update to the Audit Committee at each of its meetings on the progress it is making implementing the plan, any challenges it is facing in doing so, and the actions being taken to manage these challenges.
Resource Considerations
This section presents the resource requirements of all internal audit activities planned for 2011-2012. Projects actually undertaken will depend on the availability of financial and human resources. The estimated resource requirements for small, medium, and large projects have been updated to reflect current forecasts and are consistent with the results of historical project cost analysis presented to Audit Committee in 2010-2011. This approach has proven to be the most accurate basis of forecasting costs. All INAC program activities and internal services operate under challenging business conditions that can only be completely understood once audit planning is completed. Prior to the planning process, it is not possible to accurately forecast resource requirements for each project.
Audit and Assurance Services Branch assurance activities represent over 80% of branch resource requirements. Other internal audit activities which include monitoring of action plans from past audits, administration, annual audit planning, quality assurance and improvement, reporting, learning and development, as well as liaison with OAG and other external assurance providers represents 12%. The remainder is allocated to management assurance requests and emerging priorities.
The Three-Year Plan identifies that, on average, 11 audit projects will be carried out on an annual basis. This number has decreased slightly from earlier plans and reflects the capacity of the organization and its partners and the inclusion of some larger audits.
Resource Considerations
Resource Considerations - Pie Chart
The chart illustrates the resource allocations for all internal audit activities planned for 2011-2012. The resource requirements are as follows:
- Assurance Engagements: 72%
- OAG Liaison: 4%
- OCG: 6%
- Management Request & Emerging Priorities: 7%
- Other Audit Activities: 6%
- Survey: 5%
Resource Requirements
Based on the cost assumptions in Appendix F in terms of the planned audits for 2011-2012, the resource requirements are summarized in the same annex. The dollar and staff resource requirements presented below are aligned with current budget forecasts.
While the level of effort and costs will vary from project to project, it is our professional opinion that this level of resourcing is adequate to achieve the plan.
Appendix A - INAC Audit Universe
| Auditable Units | Planned Audit | Ranking |
|---|---|---|
| Departmental Programs | ||
| First Nations Child and Family Services | Audit of the Implementation of Child and Family Services Prevention Focused Approach (2011-12) | Very High |
| Elementary and Secondary Education | Audit of Elementary and Secondary Schools (2013-14) Post Implementation Audit of Education Information System (2013-14) | Very High |
| Income Assistance | Audit of Income Assistance (2012-13) | Very High |
| Registration and Membership | System Under Development Audit of Indian Registry System (ongoing) | Very High |
| Environmental Management | Audit of Environmental Management and Contaminated Sites - South of 60 (2011-12) | Very High |
| Implementation of Modern-Treaty Obligations | Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves (Comprehensive Claims, Self Government Agreements, Modern Treaties and Additions to Reserves) (2011-12) | Very High |
| Negotiations of Claims and Self-Government | Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) (2011-12) Audit of Management of Negotiation Loans (2012-13) | Very High |
| Activation of Community Assets | Audit of Community focused Economic Development Programming (2013-14) | Very High |
| Community Infrastructure Assets and Facilities | Audit of Infrastructure (ongoing) | Very High |
| Specific Claims | Audit of INAC Support to the Specific Claims Process (2012-13) | High |
| Independent Assessment Process | Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process (2011-12) | High |
| Post-Secondary Education | Audit of Post-Secondary Education (2012-13) | High |
| First Nations Government | Audit of Capacity Development Programs (2013-14) | High |
| Water and Wastewater Infrastructure | Audit of Infrastructure (ongoing) | High |
| Housing | Audit of Infrastructure (ongoing) Audit of Housing Certification and Ministerial Loan Guarantee Processes (2012-13) |
High |
| Northern Contaminated Sites | Audit of Northern Contaminated Sites (2012-13) | High |
| Aboriginal Entrepreneurship | The program is undergoing a major redesign and will be reassessed at a later date. | High |
| Nutrition North | Audit of Nutrition North (2013-14) | High |
| Management of Moneys | Audit of Management of Moneys (2013-14) | High |
| Registration of Rights and Interests in Reserve Lands | Preliminary Survey of Lands Management (2012-13) | High |
| Additions to Reserve | Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves (Comprehensive Claims, Self Government Agreements, Modern Treaties and Additions to Reserves) (2011-12) | High |
| Northern Oil and Gas | Preliminary Survey of Northern Oil and Gas (2013-14) | High |
| Education Facilities | Audit of Infrastructure (ongoing) | Moderate |
| Estate Management | Moderate | |
| Strategic Federal Investments and Partnerships (Economy) | Moderate | |
| Management of Treaty Relationships | Moderate | |
| Family Violence Prevention | Moderate | |
| Science Initiatives | Moderate | |
| Assisted Living | Moderate | |
| Consultation and Engagement | Moderate | |
| Métis Rights Management | Moderate | |
| National Child Benefit Reinvestment | Moderate | |
| Northern Political Development and Government Relations | Moderate | |
| Northern Mines and Minerals | Moderate | |
| Northern Land and Water Management | Moderate | |
| Institutions and Organizations (including Representative Organizations) | Moderate | |
| Urban Aboriginal Strategy | Moderate | |
| Common Experience Payments | Moderate | |
| Northern Environmental Management | Moderate | |
| Clarity of Reserve Boundaries (land surveys) | Moderate | |
| Commemoration | Moderate | |
| Climate Change Adaptation | Moderate | |
| First Nation and Inuit Youth Employment Strategy | Low | |
| Northern Contaminants (research) | Low | |
| Management of Other Negotiated Settlements | Low | |
| Métis and non-status Indian Organizational Capacity Development (Representative Organizations) | Low | |
| Inuit Relations | Low | |
| Renewable Energy and Energy Efficiency | Low | |
| Treaty Annuities | Low | |
| Cultural Education Centres | Low | |
| Support to the Truth and Reconciliation Commission | Low | |
| Auditable Units | Planned Audit | Ranking |
|---|---|---|
| Internal Services | ||
| Information Management | OCG Horizontal Audit of Information Management (2011-12) | Very High |
| Grants and Contributions Controls |
INAC Horizontal Audit of Grants and Contributions (2011-12) OCG Horizontal Audit of G&C's MCF Phase 2 (2012-13) INAC Horizontal Audit of Grants and Contributions (2013-14) |
Very High |
| Expenditure Management | Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) (2011-12) Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences (2011-12) |
Very High |
| Information Technology | Post Implementation Audit of Education Information System (2013-14) | High |
| Financial Planning and Budgeting | Audit of Financial Budgeting and Forecasting (2012-13) | High |
| External Reporting | Audit of Financial Reporting (2013-14) | High |
| IM/IT Security | Audit of Information Technology Security (2013-14) | High |
| Strategic Policy Development | Audit of the Management of the Strategic Policy Process (2012-13) | High |
| Organizational Design and Classification | Audit of the Delegation of Authorities, Organizational Design and Classification (ongoing) | High |
| IM/IT Governance | Preliminary Survey of IM/IT Governance (ongoing) | High |
| Litigation Management | Preliminary Survey of Litigation Management (ongoing) | High |
| Compensation and Benefits | Follow up Audit of INAC Implementation of Government of Canada Payroll Interface (2012-13) | High |
| Human Resources Staffing and Planning | Not covered due to planned PSC audits | High |
| Strategic and Business Planning | OCG Audit of the Management of Horizontal Issues (2011-12) | Moderate |
| Complaints and Allegations | Moderate | |
| ATIP Management | Moderate | |
| Risk Management | Moderate | |
| Corporate Security | Moderate | |
| Learning and Development | Moderate | |
| Occupational Health and Safety | Moderate | |
| Values and Ethics | Moderate | |
| Loans and Accounts Receivable | Moderate | |
| Assets and Property Management | Moderate | |
| Continuity of Operations | Audit of Business Continuity Planning (Continuity of Operations) (ongoing) | Moderate |
| Labour Relations | Low | |
| Revenues | Low | |
| Official Languages | Low | |
| Accommodations | Low | |
| Library and Information Centre | Low | |
| Legal Services | Not Rated | |
| Audit and Evaluation | Not Rated | |
Appendix B
Appendix B – Linkage of 2011-2012 Audits to the Corporate Risk Profile
| 2011-2012 Audit Projects | HR Capacity & Capabilities | Information for Decision Making | Implementation | Resource Alignment | Federal Partnership | Aboriginal Relationship | External Partnership | Legal Risk |
|---|---|---|---|---|---|---|---|---|
| Ongoing | ||||||||
| System Under Development Audit of the Indian Registry System | X | X | X | X | ||||
| Audit of Infrastructure | X | X | X | X | ||||
| Audit of the Delegation of Authorities, Organizational Design and Classification | X | |||||||
| Audit of Business Continuity Planning | X | X | X | X | ||||
| Preliminary Survey of IM/IT Governance | X | X | ||||||
| Preliminary Survey of Litigation Management | X | X | ||||||
| 2011-12 Projects | ||||||||
| Audit of the Implementation of Child and Family Services Prevention Focused Approach | X | X | X | X | X | |||
| Grants and Contributions – INAC Horizontal Audit | X | X | X | X | ||||
| Audit of Environmental Management and Contaminated Sites – South of 60 | X | X | X | X | X | |||
| Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) | X | |||||||
| Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | X | |||||||
| Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | X | X | X | |||||
| OCG Horizontal Audit of Information Management | X | X | ||||||
| OCG Audit of the Management of Horizontal Issues | X | X | X | |||||
| Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves | X | X | X | |||||
Appendix C
Appendix C – Linkage of 2011-2012 Audits to MAF Elements
| 2011-2012 Audit Projects | Values-based Leadership and Organizational Culture | Managing for Results | Governance and Planning | Citizen-focused Service | Effectiveness of Internal Audit Function (1) | Quality and Use of Evaluation (1) | Effectiveness of Financial Management and Control | Effective Management of Security |
|---|---|---|---|---|---|---|---|---|
| Ongoing Note (1) – These 2 Areas of MAF are the responsibility of the CAEE and therefore were not considered in the RBAP. | ||||||||
| System Under Development Audit of the Indian Registry System | X | |||||||
| Audit of Infrastructure | X | |||||||
| Audit of the Delegation of Authorities, Organizational Design and Classification | X | X | ||||||
| Audit of Business Continuity Planning | X | X | X | |||||
| Preliminary Survey of IM/IT Governance | X | |||||||
| Preliminary Survey of Litigation Management | X | |||||||
| 2011-12 Projects | ||||||||
| Audit of the Implementation of Child and Family Services Prevention Focused Approach | X | X | ||||||
| Grants and Contributions – INAC Horizontal Audit | X | X | X | X | ||||
| Audit of Environmental Management and Contaminated Sites – South of 60 | X | |||||||
| Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) | X | |||||||
| Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | X | X | ||||||
| Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | X | X | X | |||||
| OCG Horizontal Audit of Information Management | X | |||||||
| OCG Audit of the Management of Horizontal Issues | X | X | ||||||
| Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves | X | |||||||
| 2011-2012 Audit Projects | Integrated Risk Management | Excellence in People Management | Effective Procurement | Effectiveness of Information Management | Effectiveness of Information Technology Management | Effectiveness of Asset Management | Investment Planning and Management of Projects |
|---|---|---|---|---|---|---|---|
| Ongoing Note (1) – These 2 Areas of MAF are the responsibility of the CAEE and therefore were not considered in the RBAP. | |||||||
| System Under Development Audit of the Indian Registry System | X | X | |||||
| Audit of Infrastructure | X | ||||||
| Audit of the Delegation of Authorities, Organizational Design and Classification | X | X | X | ||||
| Audit of Business Continuity Planning | X | X | X | ||||
| Preliminary Survey of IM/IT Governance | X | X | X | X | |||
| Preliminary Survey of Litigation Management | X | ||||||
| 2011-12 Projects | |||||||
| Implementation Audit of Child and Family Services Prevention Focused Approach | |||||||
| Grants and Contributions – INAC Horizontal Audit | |||||||
| Audit of Environmental Management and Contaminated Sites – South of 60 | X | ||||||
| Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) | X | X | |||||
| Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | X | X | |||||
| Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | |||||||
| OCG Horizontal Audit of Information Management | X | ||||||
| OCG Audit of the Management of Horizontal Issues | X | ||||||
| Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves | |||||||
Appendix D - 2011-2012 Audit Projects
The more detailed audit plan for 2011-2012 is presented below with each project described in terms of its objective, scope and rationale.
| Audit Objective and Scope | Rationale for Conduct |
|---|---|
| Audit of the Implementation of Child and Family Services Prevention Focused Approach | Very High |
|
The objective of this audit is to assess the adequacy and effectiveness of the controls supporting the implementation of the prevention-focused approach within the First Nations Child and Family Services (FNCFS) Program. The new prevention model is being implemented in First Nations communities in five provinces, covering nearly half of the First Nations children in Canada.
The scope of the audit will include the management controls that support the implementation, delivery and monitoring of prevention-focused FNCFS programming in the INAC regions where implementation is underway. The type of audit testing performed in each of the five regions will be determined during the planning phase and will be dependent on the extent to which prevention focused programming is implemented in each region. The proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship, and accountability related to the FNCFS program. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
The First Nations Child and Family Services (FNCFS) Program assists First Nations in providing access to culturally sensitive child and family services in their communities, and ensures that the services provided to First Nations children and their families on-reserve are comparable to those available to other provincial residents in similar circumstances. Programming is material (over $500 million), highly visible and extremely sensitive. The delivery model is complex and includes a variety of third party partners, participants and agreements. The shift to the Prevention Focused Approach has resulted in significant new investments by the department and a change in programming focus. A recent departmental evaluation in one Region has indicated a number of issues that need to be resolved. This audit will provide assurance to management and others that the new prevention focused programming is being implemented in accordance with the department's authorities and commitments. |
| Grants and Contributions – INAC Horizontal Audit | Very High |
|
The objective of this audit is to assess the adequacy and effectiveness of selected controls in INAC's management Grants and Contributions Management Control Framework, as well as compliance with the Policy on Transfer Payments (2008).
The scope of this audit will be determined during the planning phase and will include a selection of management practices and controls that ensure the efficiency and effectiveness of the implementation of Grants and Contributions within the department. The scope will be designed to build upon the findings of audits undertaken by the department in prior years. In assessing the adequacy and effectiveness of the selected controls, the audit will look horizontally at their application across a selection of programs and regions. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
Grants and Contributions are the primary vehicles through which INAC programming is delivered. In addition to being financially material (over $6 billion), the Comptroller General and Treasury Board place emphasis on improving the effectiveness of transfer payment controls through the introduction of risk-based approaches and increased consideration of the demands on recipients. INAC continues to implement the 2008 Policy on Transfer Payments, in particular those provisions which came into effect on April 1, 2010. Several large programs have introduced risk-based program control frameworks and the CFO Sector is finalizing the INAC Grant and Contribution Management Control Framework to formalize and improve transfer payment management controls. |
| Audit of Environmental Management and Contaminated Sites - South of 60 | Very High |
|
The objective of this audit is to provide assurance over the adequacy and effectiveness of the management controls established to ensure that the department's responsibilities related to environmental management and contaminated sites (south of 60th parallel), are being met.
The scope of the audit will include the management practices and controls that ensure compliance with relevant legislation, regulations, guidelines and policies. The audit will most likely include a focus on how INAC works with other federal departments and levels of government that have jurisdiction over environmental matters on reserve. The scope will also likely include those controls for identifying and assessing contaminated sites on First Nation lands south of 60th parallel. The specific regions and program activities to be included within the scope of this audit will be determined during the planning phase. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
One of INAC's legislated responsibilities and continued priorities is sound environmental management and conservation of Canada's natural resources on reserve. Federal environmental acts, regulations, guidelines and policies demonstrate the government's determination to be a leader in these domains and to ensure that the actions of federal departments are exemplary. Over the last few years, there have been significant changes to the environmental legislative and regulatory frameworks in which federal organizations operate. The environmental management and contaminated sites programs are highly visible and are inherently high risk due to their complexity, magnitude of potential impacts, liability issues and degree of recent change. While past Auditor General reports indicate that progress is being made South of 60, recent reallocations of funds to sites North of 60 have resulted in concern around resource levels available for South of 60 sites. As well, the OAG has cited INAC and Environment Canada as having significant control gaps in meeting on-reserve environmental management obligations. |
| Audit of Contracting (incl. Exceptional Contracting Limits for CFN contracts) | Very High |
|
The objective of this audit is to provide assurance over the adequacy and effectiveness of the controls in place to support the effective and efficient management and processing of goods and services contracts, including compliance with the Financial Administration Act and Government of Canada and INAC policies, procedures and guidelines.
The scope of the audit will include contracting processes for procuring service and goods, and include special authorities related to exceptional contracting limits for Chief Federal Negotiator contracts. The audit will likely focus on CFO Branch, Sector, and Regional controls for entering into and managing the various contracting processes (i.e. low-dollar contracts, sole-source contracts, competitive contracts, and larger Standing Offers and Supply Arrangements). The audit may include focus on controls in place to support the implementation of the Procurement Strategy for Aboriginal Business. The focus of this audit will be on Core Management Controls related to governance, stewardship, accountability and Treasury Board requirements related to contracting and procurement. The scope of this audit will be finalized during the planning phase of the audit. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
Contracting is financially material given the magnitude of services contracts procured, particularly within certain Sectors located in Headquarters. The Government and Canadians are very sensitive to the importance of respecting the principles of fairness and integrity in the letting of contracts and this function can be subject to intense public scrutiny. The timeliness of contracting processes remain a challenge in the department, particularly for those functions that place heavy reliance on procuring technology and services to deliver on their commitments. Prior internal and OAG audits have raised concerns in the area of contracting and the CFO Sector plans to review its contracting processes in the coming year. |
| Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | Very High |
|
The objective of this audit is to provide assurance over the adequacy and effectiveness of the management controls supporting the use and management of acquisition cards and the procurement of travel, hospitality, taxis and conferences, including compliance with legislation and Government of Canada and INAC policies, procedures and guidelines.
The proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship and accountability related to acquisition cards, travel, hospitality, taxis and conferences. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
Departmental expenditures on acquisition cards, travel, hospitality, taxis and conferences are subject to strict policy requirements and by their nature, subject to government and public scrutiny. The Government of Canada recently announced the new Directive on the Management of Expenditures on Travel, Hospitality and Conferences to ensure that the costs of travel, hospitality and conferences are reasonable and tied to Government priorities. |
| Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | High |
|
The objective of this audit is to provide assurance on the adequacy and effectiveness of the management controls of both INAC and Indian Residential Schools Adjudication Secretariat (IRSAS) in meeting their obligations to support to the Independent Assessment Process.
The scope of the audit will include the responsibilities of INAC and IRSAS to support the Independent Assessment Process (IAP) and the Chief Adjudicator. The proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship, and accountability related to support to the IAP. The scope will not include those aspects of the independent alternative dispute resolution processes within the Independent Assessment Process that are administered under the direction of the Chief Adjudicator, and appointee of the Oversight Committee (formed of representatives of the parties to the Indian Residential Schools Settlement Agreement). |
Maps to Program Activity Architecture
This is a very significant program, both in terms of importance and the magnitude of financial payments (estimated at over $600M). Risk is inherently high given the speed at which the processes and organizational capacity must be developed and fully operational. Actual volumes of claims cannot be reasonably predicted which makes it difficult to plan for and respond to demands on short notice, particularly given the imposed deadlines for receipt of claims (2012-13) and processing of claims (2013-14). Processes have been streamlined considerably to improve efficiency of processing, yet INAC and IRSAS are highly dependent on Adjudicators to achieve efficiency and timeliness of processing. |
| Preliminary Survey of Implementation of Modern Treaty Obligations and Additions to Reserves | Very High |
| The objective of the preliminary survey is to document the programs activities and risks and recommend objectives and priorities for a future audit of one or more aspects of these programs. The survey will be exploratory and focus on gaining an understanding of management controls supporting the implementation of comprehensive claims, self-government agreements, and other modern treaties. The survey will also explore the relationship between claims implementation processes and the additions to reserves processes. |
Maps to Program Activity Architecture
Maps to Corporate Risk Profile
These programs are highly complex due to the magnitude and many facets of settled claims and self-government agreements. Successful implementation of these modern treaty obligations requires a high degree of knowledge and skill sets to negotiate implementation agreements and implement agreed upon program activities. To accomplish this, in-depth understanding of both the settlements and related programming are required. These program activities are significant in INAC's efforts to move forward the Aboriginal agenda from Indian Act into own governance. There is significant downstream uncertainty and risk associated with estimating costs and timelines of implementation. Legal risk could be high if Canada fails to meet its obligations. No recent audits have been completed by Audit and Assurance Services Branch in these program areas. |
Appendix E - Changes to the Audit Plan
Ongoing Audits
The resource implications of audit projects that began in 2010-2011 but were not completed within that period are identified below as ongoing audits from the 2010-2011 Plan.
| 2010-2011 Ongoing Audits | Expected Completion Date |
|---|---|
| Audit of Infrastructure | Q1 2011-2012 |
| System Under Development Audit of Indian Registry System | Q2 2011-2012 |
| Audit of the Delegation of Authorities, Organizational Design and Classification | Q3 2011-2012 |
| Audit of Business Continuity Planning | Q1 2011-2012 |
| Preliminary Survey of IM/IT Governance (previously scoped as audit) | Q1 2011-2012 |
| Preliminary Survey of Litigation Management | Q2 2011-2012 |
Removed or Carry-Forward Audits
In light of last year's activities and the results of this year's risk assessment and prioritization exercise, the table below identifies any changes. A complete analysis of all the changes from the 2010-2011 to 2012-2013 plan is reflected below.
| Audit Name and year planned | Rationale |
|---|---|
| Review of Performance Measurement System for Education (2010-11) | This audit was deferred to 2013-2014 to allow for further development and implementation of the system. |
| Audit of Band Classification (2010-11) | This audit was removed because it may be covered in the Audit of Capacity Development Programs in 2013-14. |
| Audit of Family Violence Prevention Program (2010-11) | This audit was replaced with a Preliminary Survey in 2010-2011 at the request of the Departmental Audit Committee |
| Audit of Income Assistance (2011-12) | This audit was deferred to 2012-13 to allow program to implement planned changes |
| Audit of Specific Claims (2011-12) | This audit was deferred to 2012-2013 to allow for implementation of the Specific Claims Tribunal operations |
| Audit of Negotiation Loans (2011-12) | This audit was deferred to 2012-2013 and replaced with the Audit of Management of Negotiation Loans |
| Audit of Funding for Implementation (2011-12) | This audit was removed from the plan and will be covered under the Preliminary Survey of Implementation of Modern Treaty Obligations & Additions to Reserves in 2011-2012 |
| Audit of INAC Emergency Response Capability (2011-12) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of Consultation and Accommodation (2011-12) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of OASIS (2011-12) | The audit was removed from the plan until determination is made as to whether the system will be replaced |
| Audit of Data Warehouse (2011-12) | This audit was removed from the plan as departmental IT priorities have changed |
| Audit of Financial Planning and Budgeting (2011-12) | This audit was deferred to 2012-2013 and renamed Audit of Financial Reporting to allow for implementation of planned process changes |
| Audit of Performance Measurement and Reporting (2011-12) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of Lands Management (2012-13) | This audit was revised to a Preliminary Survey in 2012-2013 to better scope the project |
| Audit of Economic Development (2012-13) | The audit was deferred to 2013-2014 to allow for program restructuring and renamed Audit of Community focused Economic Development Programming |
| Audit of Indian Government Support (2012-13) | This audit was removed from the plan as it may be covered under the Audit of Capacity Development Programs in 2013-2014 |
| Audit of Natural Resources (2012-13) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of Human Resource Planning (2012-13) | This audit was removed from the plan due to coverage provided in other audits and Management Practices Audits |
| Audit of Advertised Appointments (2012-13) | This audit was removed from the plan due to coverage provided in PSC Audits of Advertised Appointments |
| Audit of IT Security (2012-13) | This audit was deferred to 2013-2014 to allow for higher priority audits |
| Audit of Occupational Health and Safety (2012-13) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of Learning and Development (2012-13) | This audit was removed from the plan as the auditable entity was identified as low audit priority |
| Audit of Integrated Planning (2012-13) | This audit was removed from the plan to allow for the further development of the strategic planning process in the department |
| Audit of Strategic Policy and Planning (2012-13) | This audit was renamed Audit of the Management of the Strategic Policy Process |
Appendix F - Resource Utilization
Cost Assumptions
For purposes of identifying initial resource requirements, AASB has assumed, based on experience, that its average portfolio is comprised of large, medium, and small audit engagements as well as preliminary surveys. The anticipated direct and indirect costs of these projects in 2011-2012 are detailed below.
| Cost Factors | Large Audit | Medium | Small Audit or Preliminary Survey |
|---|---|---|---|
| Contract Dollars | $275,000 | $180,000 | $95,000 |
| FTEs | 2 | 1.5 | 1 |
| FTE Costs | $150,000 | $112,500 | $75,000 |
| Travel and Other | $40,000 | $30,000 | $13,000 |
Resource Utilization
| Audits and Preliminary Surveys | To Complete in 2011-2012 | FTE | Contract $ | FTEs | Travel & Other $ | Total |
|---|---|---|---|---|---|---|
| Audit of Infrastructure (ongoing) | 15% | 0.3 | $41,000 | $23,000 | $6,000 | $70,000 |
| System Under Development Audit of the Indian Registry System (ongoing) | 40% | 0.8 | $110,000 | $60,000 | $16,000 | $186,000 |
| Audit of the Delegation of Authorities, Organizational Design and Classification (ongoing) | 60% | 1.2 | $165,000 | $90,000 | $24,000 | $279,000 |
| Audit of Business Continuity Planning (ongoing) | 25% | 0.5 | $69,000 | $38,000 | $10,000 | $117,000 |
| Preliminary Survey of IM/IT Governance (ongoing) | 25% | 0.25 | $24,000 | $19,000 | $3,000 | $46,000 |
| Preliminary Survey of Litigation Management (ongoing) | 40% | 0.4 | $38,000 | $30,000 | $5,000 | $73,000 |
| Audit of Contracting (including exceptional contracting limits for Chief Federal Negotiator contracts) |
100% | 2 | $275,000 | $150,000 | $40,000 | $465,000 |
| INAC Horizontal Audit of Grants and Contributions | 100% | 2 | $275,000 | $150,000 | $40,000 | $465,000 |
| Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences | 60% | 0.6 | $108,000 | $68,000 | $18,000 | $194,000 |
| Audit of the Implementation of Child and Family Services Prevention Focused Approach | 75% | 1.5 | $206,000 | $112,500 | $30,000 | $349,000 |
| Audit of Environmental Management & Contaminated Sites - South of 60 | 100% | 2 | $275,000 | $150,000 | $40,000 | $465,000 |
| Audit of INAC and Adjudication Secretariat Support to the Independent Assessment Process | 100% | 2 | $275,000 | $150,000 | $40,000 | $465,000 |
| OCG Audit of the Management of Horizontal Issues | 100% | 1 | $95,000 | $75,000 | $13,000 | $183,000 |
| OCG Horizontal Audit of Information Management | 100% | 1 | $95,000 | $75,000 | $13,000 | $183,000 |
| Preliminary Survey of Implementation of Modern Treaty Obligations & Additions to Reserves | 100% | 1 | $95,000 | $75,000 | $13,000 | $183,000 |
| Other | ||||||
| Management Practices Audits (6 audits) | 100% | 6 | $570,000 | $450,000 | $78,000 | $1,098,000 |
| Monitoring of action plans from past audits | 100% | 0.5 | $0 | $38,000 | $0 | $38,000 |
| Administration | 100% | 0.5 | $0 | $38,000 | $0 | $38,000 |
| Audit Committee Secretariat | 100% | 0.5 | $0 | $38,000 | $0 | $38,000 |
| Annual Risk-Based Audit Planning | 100% | 0.5 | $0 | $38,000 | $0 | $38,000 |
| Quality Assurance & Improvement Program | 100% | 0.5 | $0 | $38,000 | $0 | $38,000 |
| Annual Report of the CAE | 100% | 0.25 | $0 | $19,000 | $0 | $19,000 |
| Learning & Development | 100% | 1.47 | $0 | $110,000 | $11,000 | $121,000 |
| Liaison on External Audit activities | 100% | 3 | $0 | $225,000 | $0 | $225,000 |
| Management Requests and Emerging Priorities | 100% | 0.5 | $374,000 | $0 | $0 | $374,000 |
| Grand Total | 30.27 | $3,090,000 | $2,260,000 | $400,000 | $5,750,000 | |