Risk-Based Audit Plan 2015-2016 to 2017-2018
February 2015
PDF Version (343 Kb, 34 Pages)
Table of Contents
- Introduction
- Risk-Based Audit Planning Approach
- The Three Year Risk-Based Audit Plan
- Resource Considerations
- Appendix A - AANDC Audit Universe
- Appendix B - Linkage of 2015-2018 Audits to the Corporate Risk Profile
- Appendix C - Linkage of 2015-2016 Audits to MAF Elements
- Appendix D – 2015-2016 Audit Projects
- Appendix E – Changes to the Audit Plan
Introduction
The Treasury Board Policy on Internal Audit seeks to contribute to the improvement of public sector management by ensuring a strong, credible, effective and sustainable internal audit function within departments as well as government-wide. In response to this requirement, Aboriginal Affairs and Northern Development Canada (AANDC) has developed this three-year Risk-Based Audit Plan. This plan details the assurance services that Audit and Assurance Services Branch will provide, independent of line management, to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.
Purpose
The Audit andf Assurance Services Branch (AASB) of AANDC has prepared this document for the Deputy Minister to outline the 2015-2016 to 2017-2018 Risk-Based Audit Plan for AANDC. The plan is designed to support the allocation of audit resources to those areas that represent the most significant risks to the achievement of AANDC's objectives and to respond to the requirements of the Treasury Board Policy on Internal Audit (April 1, 2012). In considering the appropriateness of the plan, the Deputy Minister is advised by an independent, departmental Audit Committee, comprised of five external members.
Document Organization
Introduction | This section provides an overview of the role of the internal audit function and Treasury Board expectations with respect to audit in order to provide the reader with the context for the Plan. |
---|---|
Risk-Based Audit Planning Approach | This section describes the process followed to develop the Plan. |
The Three-Year Risk-Based Audit Plan | This section details the comprehensive plan for the 2015-2016 to 2017-2018 fiscal years, including a summary of activities over three years. |
Resource Considerations | This section details the resource considerations required to execute the Plan. |
Appendices | This section provides various detailed tables to further describe the Plan. |
The Role and Scope of Internal Audit
Internal audit plays a vital role in governance and accountability. Without a strong, objective and independent assurance function, the effectiveness of the overall governance framework of an organization is severely weakened. With an effective internal audit function, there is greater confidence that the decisions being taken are informed by appropriate information on governance, risk management and control. Internal audit's systematic and disciplined approach adds value and improves an organization's operations.
Through the Federal Accountability Act (2006) and Action Plan, the Government of Canada committed to strengthen auditing and accountability within Departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility and by enhancing the internal audit function.
The role of AANDC's internal audit function is to ensure that, in conjunction with advice from the Audit Committee, the Deputy Minister is provided with independent assurance regarding the effectiveness of the Department's risk management, control and governance processes. The internal audit function fulfils this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the Department's risk management, control and governance processes.
The scope of work of the internal audit function is to assess if AANDC's network of risk management, control, and governance processes (as designed and represented by management) is adequate and functioning such that:
- Risks are appropriately identified and managed;
- Financial, managerial, and operational information is accurate, reliable, and timely;
- Compliance with policies, standards, procedures and applicable laws and regulations is achieved;
- Resources are acquired economically, used effectively and adequately protected;
- Programs, plans and objectives are achieved;
- Quality and continuous improvement are fostered in the Department's control processes; and,
- Legislative or regulatory issues affecting the Department are recognized and addressed properly.
When opportunities for improving management control, governance or resource stewardship are identified in audits, they are communicated to the suitable level of management so that appropriate action can be taken.
The internal audit function plays an important role in supporting departmental operations. It provides assurance on all the important aspects of the risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive advice and recommendations. In this way, internal audit contributes to enhanced accountability and performance.
Treasury Board Policy Requirements
AANDC is subject to the Treasury Board Policy on Internal Audit. This policy states that the internal audit function in the Government of Canada "…is a professional, independent and objective appraisal function that uses a disciplined, evidence-based approach to assess and improve the effectiveness of risk management, control and governance processes".
The Policy on Internal Audit requires the Deputy Minister to approve a multi-year risk-based audit plan that considers departmental areas of high risk and significance, as well as Government-wide audits led by the Comptroller General. The Treasury Board Directive on Internal Auditing in the Government of Canada (April 1, 2012) requires that the Chief Audit Executive "…establish and update at least annually a multi-year plan of internal audit engagements based on a risk assessment and which is focused predominantly on the provision of assurance services". The Directive also requires that the Audit Committee "…review and recommend for approval a multi-year risk-based internal audit plan".
The Treasury Board specifies that "the Government of Canada has adopted the Institute of Internal Auditors'(IIA) International Professional Practices Framework and that all federal departments are required to meet the IIA Standards in undertaking their internal auditing responsibilities, unless the Standards are in conflict with the Treasury Board Policy on Internal Audit or any related directives or standards, in which case the Policy, Directive or Standards will prevail".
The Chief Audit Executive's Annual Written Report to the Deputy Minister and the Audit Committee
A requirement of the Directive on Internal Auditing in the Government of Canada is that the Chief Audit Executive must annually prepare a written report to the Deputy Minister and the Audit Committee that includes sections on:
- "Internal audit's independence, proficiency, performance and results relative to its plan, including resource utilization, lessons learned and influences on future years' plans;
- The results of the Quality Assurance and Improvement Program including internal audit's conformance with the Internal Auditing Standards for the Government of Canada;
- The results of the follow-up on the implementation of management action plans; and,
- An overview of the aggregate findings following the execution of the risk-based audit plan, including the actions taken by management to address key findings."
Collectively, the Chief Audit Executive's annual report and other inputs, such as the Chief Financial Officer's Statement of Management Responsibility including Internal Control over Financial Reporting, and reports of other assurance agencies, provide departmental senior management and the Comptroller General with assurance on the state of the Department's risk management, controls and governance processes.
Risk-Based Audit Planning Approach
To meet the requirement of the Directive on Internal Auditing in the Government of Canada for the establishment, and at least annual update, of a multi-year plan of internal audit, the Audit and Assurance Services Branch's assessment of AANDC's areas of risk was reviewed and updated to ensure that audit resources continue to be targeted to areas of highest risk and significance.
Conduct and Timing of an Internal Audit
Once approved, the Risk-Based Audit Plan provides AASB with the Deputy Minister's direction on what specific audits should be undertaken in the coming year. Each audit consists of the following phases:
The Planning Phase is undertaken to gain an understanding of the objectives, activities, key risks and controls of the area subject to audit. The audit objectives and scope are finalized and audit criteria are established.
During the Conduct Phase, auditors carry out the audit program to ascertain whether each audit criterion is satisfied. Auditors conduct interviews, review documentation, perform analysis, observe activities and employ other techniques to obtain sufficient, relevant and reliable information to reach conclusions and support preliminary findings. Findings are reviewed with management to validate accuracy.
During the Reporting Phase, the draft audit report is prepared outlining background and context, and the auditor's findings, conclusions and recommendations. Management presenting a Management Response and Action Plan outlining their response to the findings as well as the corrective action planned to mitigate the identified control gaps.
In the Follow-up Phase, action is taken to ensure that the required measures have indeed been implemented.
The audit may last three (3) to twelve (12) months depending on the size and complexity of the area subject to audit as well as the specific scope and objectives of the engagement.
In establishing priorities for the Risk-Based Audit Plan, AASB employed a risk-based approach. Because a very extensive risk assessment exercise, including many consultative meetings, were held in last year's risk-based audit planning process, this year's process was less extensive, but still risk-based.
As a first step in updating the Risk-Based Audit Plan, AASB reviewed the audit universe to confirm that the existing auditable unitsFootnote 1 were still valid. The audit universe is a collection of all auditable units. The auditable units generally correspond to the programs and sub-programs identified in AANDC's Program Alignment Architecture (PAA) and to the major organizational units of the Department (Appendix A presents the entire AANDC audit universe). In total, there are 42 program units and 34 internal services units
AASB then reviewed departmental priorities, business conditions and risks as identified in a wide variety of sources, including, but not limited to, corporate, sector and program risk profiles, corporate and sector business plans, past audit, evaluation and review reports, and last year's risk-based planning exercise. The purpose of this review was to determine if the risk ratings as determined in last year's process continue to be valid. Based on this determination, changes were made to more accurately reflect the current risk of each auditable unit. The distribution of auditable units by rank is displayed in Figure 1.
This process became the basis for the development of an initial listing of potential audit projects over the three-year horizon of the Plan. To develop the Plan, the auditable units assigned a Very High and High risk rating and which were deemed worthy of attention were preliminarily assigned audits within the three years of the Plan. Once the audit priorities were determined, the timing of each audit was reviewed, taking into account the following planning considerations:
- The Plan should be a body of work that can be reasonably achieved with AASB's current staff complement and operating budget;
- Auditable units rated very high and high risk and for which it was determined that audit work is a priority should be audited once in the three-year cycle, resources permitting;
- Auditable units assessed as medium risk should only be considered for audit if all very high and high risk units are covered or if they represent an AANDC management priority;
- Adequate coverage of corporate risks identified in the corporate risk profile should be obtained;
- The Risk-Based Audit Plan should ensure sufficient coverage of risk management, control and governance processes;
- The timing of activities should take into account program evaluations, OAG, OCG and other central agency audits and any other considerations such as program renewals, so as not to place an unreasonable burden on any entity and to avoid duplication of effort; and,
- A reasonable allocation of effort should be included to conduct follow-up reviews and audit procedures to assess the adequacy of management actions in addressing past audit recommendations.
This Chief Audit and Evaluation Executive reviewed the proposed Plan and then shared it with Assistant Deputy Ministers and internal service heads to provide an opportunity to gain their perspective on the recommended listing and schedule of potential projects. After making adjustments to take into consideration feedback received from senior management, the Plan was then presented to Audit Committee members for their review and recommendation for approval by the Deputy Minister. The implementation of the Risk-Based Audit Plan will be monitored on a regular basis throughout the year and proposed changes will be reviewed and formally recommended for the Deputy Minister's approval by the Audit Committee. An update of the Plan will be presented at the mid-year meeting of the Audit Committee to confirm that it still provides appropriate coverage over the departmental priorities and highest risks.
The Three Year Risk-Based Audit Plan
This section presents an overview of the AANDC 2015-2016 to 2017-2018 Risk-Based Audit Plan.
Audit Coverage
This section describes how the Plan addresses areas of higher risk and significance. As detailed in Appendix A, there is coverage of all Very High and High audible units; for which it was determined that audit work is a priority during the three year period. The Corporate Risk Profile is management's point in time reflection of the most significant risks that threaten achievement of AANDC's objectives. AASB seeks to ensure that all of these risks are covered in the planned audits. The chart to the right summarizes the number of 2015-2016 audits that will address one or more of the corporate risks. Appendix B presents the specific linkages of audits to corporate risks.
In support of the Chief Audit Executive's annual report to the Deputy Minister and the Audit Committee, the Plan endeavours to address all elements of Treasury Board's Management Accountability Framework (MAF). The chart to the right summarizes the extent to which the elements of this framework are covered in the planned audits for 2015-2016. Appendix C describes these linkages in greater detail.
2015-2016 to 2017-2018 Risk-Based Audit Plan
Table 1 outlines the number of planned internal audits, reviews, and OCG audits for each of the three years of the Plan.
2014-15 Ongoing |
2015-2016 | 2016-2017 | 2017-2018 | |
---|---|---|---|---|
Audits | 4 | 11 | 12 | 13 |
Reviews | 1 | 0 | 0 | 0 |
Management Practices Reviews | 1 | 3 | 2 | 2 |
OCG Horizontal Internal Audits | 0 | 1 | 1 | 0 |
Total | 6 | 15 | 15 | 15 |
** To be determined |
Table 2 below presents the planned audits for 2015-2016 and identifies the audit priority assigned to each and the fiscal quarter in which each is expected to begin and in which the results are expected to be presented to the Audit Committee (denoted as "AC" in the table).
Table 3 below lists the proposed audits for 2016-2017 and 2017-2018 and their respective audit priority rankings. The audit plans for 2016-2017 and 2017-2018 are tentative and the selection and timing of audits will be revisited during next year's annual planning exercise.
TABLE 2 - 2015-2016 Audit Plan | 2014-15 (ongoing) |
2015-16 (Year 1) |
|||||
---|---|---|---|---|---|---|---|
Priority | Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | |
Ongoing (Projects commenced in 2014-15 to be completed in 2015-16)* | |||||||
1. Audit of Indian Registration (Qalipu Phase II) [10% to complete] | Very High | AC | |||||
2. Audit of Information Technology Security [10% to complete] | High | AC | |||||
3. Audit of Values and Ethics [50% to complete] | High | AC | |||||
4. Management Practices Review of the Manitoba Region [40% to complete] | High | AC | |||||
5. Review of AANDC Systems of Record [5% to complete] | High | AC | |||||
6. Audit of the Management Control Framework for Grants and Contributions 2014-2015 [60% to complete] |
Very High | AC | |||||
2015-16 | |||||||
1. Audit of Contracting | High | AC | |||||
2. Management Practices Review of the Ontario Region | Very High | AC | |||||
3. System Under Development Audit of the Secure Integrated Registration and Certification Unit | Very High | AC | |||||
4. OCG Horizontal Internal Audit of the Information Management (to be confirmed) | Very High | AC | |||||
5. Audit of Payables at Year-End | High | AC | |||||
6. Audit of the Education Information System | Very High | AC | |||||
7. Audit of Governance and Institutions of Government Programs | High | AC | |||||
8. Audit of the Additions to Reserve Process | Very High | AC | |||||
9. Management Practices Review of the Atlantic Region | Very High | AC | |||||
10. Management Practices Review of the Saskatchewan Region | Very High | AC | |||||
11. Audit of AANDC Support to the Specific Claims Process | Very High | AC | |||||
12. Audit of the Income Assistance Program | High | AC | |||||
13. Audit of the Operation Return Home Project | High | AC | |||||
14. Audit of the Housing Program | Very High | AC | |||||
15. Audit of the Management Control Framework for Grants and Contributions 2015-2016 | Very High | ** | |||||
* Although there are six ongoing projects from 2014-15 to complete in 2015-16, this represents a total level of effort equivalent to approximately 1.75 entire projects, as per the percentages noted, which indicate the portion of each audit remaining to be completed in 2015-16. |
TABLE 3 - 2016-2017 to 2017-2018 Audit Plan | Priority |
---|---|
2016-2017 Projects | |
1. Audit of Lands Management (incl. Lands Registry System) | Very High |
2. Audit of the Management Control Framework for Grants and Contributions 2016-2017 | Very High |
3. Audit of the Water and Wastewater Infrastructure Program | Very High |
4. Audit of the Implementation of Modern Treaty Obligations | Very High |
5. Audit of the Indian Registration System | Very High |
6. Management Practices Review of the Quebec Region | Very High |
7. Management Practices Review of the Alberta Region | Very High |
8. Audit of the Emergency Management Assistance Program | Very High |
9. Audit of the First Nations Child and Family Services Program | Very High |
10. Audit of Economic Development Programs | High |
11. Audit of IM/IT Governance | High |
12. Audit of Corporate Business Planning | High |
13. Audit of the Urban Aboriginal Strategy | High |
14. OCG Horizontal Internal Audit (to be determined) | High |
15. Audit of the Education Facilities Program | High |
TABLE 3 - 2016-2017 to 2017-2018 Audit Plan | Priority |
---|---|
2017-2018 Projects | |
1. Audit of the Management Control Framework for Grants and Contributions 2017-2018 | Very High |
2. Audit of the Elementary and Secondary Education Programs | Very High |
3. Audit of Negotiation of Comprehensive Land Claims and Self Government Agreements | Very High |
4. Audit of Contingent Liabilities | Very High |
5. Management Practices Review of the British Columbia Region | Very High |
6. Management Practices Review of the Yukon Region | Very High |
7. Audit of Contaminated Sites Programs | Very High |
8. Audit of Consultation and Accommodation | High |
9. Audit of Métis and Non-Status Indian Relations and Métis Rights Management | High |
10. Audit of Information Technology Security | High |
11. Audit of Nutrition North Canada | High |
12. Audit of Occupational Health and Safety | High |
13. Audit of HR Staffing and Planning | High |
14. Audit of Performance Measurement and Reporting | High |
15. Senior Management Requested Audit(s) | High |
The detailed audit plan for 2015-2016, including project objective, scope and rationale, is presented in Appendix D. Consistent with the requirements of the Internal Auditing Standards of the Government of Canada, all audits will be designed to achieve a high level of assurance.
Changes to the Plan
As noted previously, AANDC's Risk Based Audit Plan is updated annually with adjustments during the year, if necessary. This year's audit plan is an evolution of the 2014-2015 to 2016-2017 Plan and, as such, includes six on-going audits that will be completed in 2015-2016. Other projects have been cancelled or deferred as a result of changing business priorities and conditions, details of these changes can be found in Appendix E.
Challenges to Achieving Fulfillment of the Three-Year Plan
AANDC programs and services are delivered in a complex policy and political environment that is constantly evolving and shifting from a legalistic approach to a policy-based approach that is more focused on reconciliation, partnerships, and the sustainable development of Aboriginal communities. Two risk factors that were identified in the 2014-2015 Corporate Risk Profile are of particular importance to the successful implementation of the Risk-Based Audit Plan. These are: (1) the risk related to the availability of timely, pertinent, consistent, and accurate information; and, (2) the risk related to the need to attract, recruit and retain sufficiently qualified, experienced and representative employees. Given this context, the Plan allows flexibility to respond to emerging risks and policy or program changes. If these risks or changes emerge and suggest higher priority audit activity, the Plan will be adjusted so that internal audit can undertake appropriate responses.
To support the need for flexibility, AASB has adopted an approach whereby internal resources are supplemented with qualified contractors. Considering the cross-government shortage of qualified auditors, this approach not only allows AASB to access required capacity and skills but also facilitates transfer of knowledge and skills to internal resources, thereby building internal capacity. The establishment of the Professional Audit Support Services Supply Arrangement (PASS) by AASB in 2012-2013 has contributed to more efficient contracting and has helped to overcome some of these challenges.
Resource Considerations
This section presents the resource requirements of all internal audit activities planned for 2015-2016. Projects undertaken will depend on the availability of financial and human resources. The estimated resource requirements for small, medium, and large projects have been updated to reflect current forecasts and are consistent with the results of historical project cost analysis for the last three fiscal years (2012-13 to 2014-15). This approach has proven to be the most accurate basis for forecasting costs, as specific requirements can only be determined once audit planning has been completed.
The Audit and Assurance Services Branch's assurance activities represent 91% (90% for AANDC-led and 1% for OCG-led) of branch resource requirements. Other internal audit activities, including monitoring of action plans from past audits, annual audit planning, Quality Assurance and Improvement, reporting, learning and development, and liaison with OAG and other external assurance providers represents 9%.
The Plan identifies an average of 15 audit projects to be carried out on an annual basis.
Appendix A - AANDC Audit Universe
Departmental Program Auditable Units (11) | Planned Audit(s)* |
---|---|
Administration of Reserve Land | Audit of Lands Management (incl. Lands Registry System) (2016-2017) Audit of Additions to Reserve Process (2015-2016) |
Elementary and Secondary Education | Audit of the Education Information System (2015-2016) Audit of Elementary and Secondary Education Program (2017-2018) |
Emergency Management Assistance | Audit of the Emergency Management Assistance Program (2016-2017) |
First Nations Child and Family Services | Audit of the First Nations Child and Family Services Program (2016-2017) |
Housing | Audit of the Housing Program (2015-16) |
Management and Implementation of Agreements and Treaties | Audit of the Implementation of Modern Treaty Obligations (2016-2017) |
Negotiations of Claims and Self-Government | Audit of Negotiation of Comprehensive Land Claims and Self Government Agreements (2017-2018) |
Specific Claims | Audit of AANDC Support to the Specific Claims Process (2015-2016) |
Northern Contaminated Sites | Audit of Contingent Liabilities (2017-2018) Audit of Contaminated Sites Program (2017-2018) |
Registration and Membership | Audit of Indian Registration (Qalipu Phase II) (2014-2015) (Carry Forward) System under Development Audit of the Secure Integrated Registration and Certification Unit (2015-2016) Audit of the Indian Registration System (2016-2017) |
Water and Wastewater Infrastructure | Audit of Water and Wastewater Infrastructure Program (2016-2017) |
Internal Services Auditable Units (4) | Planned Audit(s)* |
Grants and Contributions Controls | Audit of the Management Control Framework for Grants and Contributions (2014-2015) (Carry Forward) Audit of the Management Control Framework for Grants and Contributions (2015-2016) Audit of the Management Control Framework for Grants and Contributions (2016-2017) Audit of the Management Control Framework for Grants and Contributions (2017-2018) |
Information Management | Audit of the Indian Registration System (2016-2017) OCG horizontal Internal Audit of Information Management (2015-2016) |
Information Technology | Audit of the Indian Registration System (2016-2017) Audit of the Education Information System (2015-2016) OCG horizontal Internal Audit of Information Management (2015-2016) Review of AANDC Systems of Record (2014-2015) (Carry Forward) |
Liabilities | Audit of Contingent Liabilities (2017-2018) |
* Very High Risk Auditable Units will be subject to audit coverage at least once every three years. |
Departmental Program Auditable Units (18) | Planned Audit(s)* |
---|---|
Aboriginal Governance Institutions and Organizations | Audit of Governance and Institutions of Government Programs (2015-2016) |
Consultation and Engagement | Audit of Consultation and Accommodation (2017-2018) |
Education Facilities | Audit of Education Facilities Program (2016-2017) |
First Nations Governments | Audit of Governance and Institutions of Government Programs (2015-2016) |
Income Assistance | Audit of the Income Assistance Program (2015-2016) |
Investment in Economic Opportunities | Audit of Economic Development Programs (2016-2017) |
Lands and Economic Development Services | Audit of Economic Development Programs (2016-2017) |
Métis and Non-Status Indian Relations and Métis Rights Management | Audit of Métis and Non-Status Indian Relations and Métis Rights Management (2017-2018) |
Nutrition North | Audit of Nutrition North Canada (2017-2018) |
Other Community Infrastructure and Activities | Audit of Operation Return Home Project (2015-2016) |
Urban Aboriginal Participation | Audit of the Urban Aboriginal Strategy (2016-2017) |
Contaminated Sites | Audit of Contaminated Sites Program (2017-2018) |
Assisted Living | None |
Independent Assessment Process | None |
National Child Benefit Reinvestment | None |
Petroleum and Minerals | None |
Post-Secondary Education | None |
Science Initiatives | None |
Internal Services Auditable Units (11) | Planned Audit(s) |
Expenditure Management | Audit of Payables at Year-End (2015-2016) Audit of Contracting (2015-2016) |
HR Staffing and Planning | Audit of HR Staffing and Planning (2017-2018) |
IM/IT Governance | Audit of IM/IT Governance (2016-2017) |
IM/IT Security | Audit of Information Technology Security (2014-2015) (Carry Forward) Audit of Information Technology Security (2017-2018) |
Occupational Health and Safety | Audit of Occupational Health and Safety (2017-2018) |
Performance Measurement and Reporting | Audit of Performance Measurement and Reporting (2017-2018) OCG Horizontal Audit of Shared Accountability in Interdepartmental Service Arrangements (2014-2015) (Carry Forward) |
Strategic and Business Planning | Audit of Corporate Business Planning (2016-2017) |
Values and Ethics | Audit of Values and Ethics (2014-2015) (Carry Forward) |
ATIP Management | None |
Litigation Management | None |
Organizational Design and Classification | None |
* Some of the high risk auditable units will not be subject to audit coverage in this Plan as it was determined during the planning process that audit work is not a priority at this time. |
Departmental Program Auditable Units (9) | Internal Services Auditable Units (11) |
---|---|
Family Violence Prevention | Financial Planning and Budgeting |
Reconciliation | External Reporting |
Support to the Truth and Reconciliation Commission | Loans and Accounts Receivable |
Business Capital and Support Services | Strategic Policy Development |
Strategic Partnerships | Continuity of Operations |
Political Development and Intergovernmental Relations | Compensation and Benefits (Payroll) |
Climate Change Adaptation | Learning and Development |
Northern Contaminants | Labour Relations |
Northern Land and Water Management | Accommodations |
Corporate Security | |
Communications |
Departmental Program Auditable Units (4) | Internal Services Auditable Units (4) |
---|---|
Estates | Assets and Property Management |
Common Experience Payments | Revenues |
Business Opportunities | Official Languages |
Renewable Energy and Energy Efficiency | Library and Information Centre |
Departmental Program Auditable Units (0) | Internal Services Auditable Units (4) |
---|---|
Audit and Evaluation | |
Complaints and Allegations | |
Legal Services | |
Risk Management |
Appendix B - Linkage of 2015-2018 Audits to the Corporate Risk Profile
2015-2016 Audit Projects | HR Capacity and Capabilities | Information for Decision Making | Implementation | Resource Alignment | Government Partnership | Aboriginal Relationship | External Partnership | Legal | Environmental |
---|---|---|---|---|---|---|---|---|---|
Ongoing | |||||||||
Audit of Indian Registration (Qalipu Phase II) | Selected | Selected | Selected | Selected | |||||
Audit of the Management Control Framework for Grants and Contribution (2014-2015) | Selected | Selected | Selected | Selected | |||||
Audit of Information Technology Security | Selected | Selected | Selected | Selected | Selected | ||||
Audit of Values and Ethics | Selected | Selected | |||||||
Management Practices Review of the Manitoba Region | Selected | Selected | Selected | Selected | Selected | Selected | |||
Review of AANDC Systems of Record | Selected | Selected | Selected | Selected |
2015-2016 Audit Projects | HR Capacity and Capabilities | Information for Decision Making | Implementation | Resource Alignment | Government Partnership | Aboriginal Relationship | External Partnership | Legal | Environmental |
---|---|---|---|---|---|---|---|---|---|
2015-2016 Projects | |||||||||
Audit of the Management Control Framework for Grants and Contributions 2015-2016 (recurring audit) | Selected | Selected | Selected | Selected | |||||
Audit of the Education Information System | Selected | Selected | Selected | ||||||
OCG Horizontal Internal Audit of Information Management | Selected | ||||||||
Management Practices Review of the Ontario Region | Selected | Selected | Selected | Selected | Selected | Selected | |||
Audit of the Income Assistance Program | Selected | Selected | Selected | Selected | Selected | ||||
Audit of Governance and Institutions of Government Programs | Selected | Selected | Selected | Selected | Selected | Selected | |||
Management Practices Review of the Atlantic Region | Selected | Selected | Selected | Selected | Selected | Selected | |||
Management Practices Review of the Saskatchewan Region | Selected | Selected | Selected | Selected | Selected | Selected | |||
Audit of AANDC Support to the Specific Claims Process | Selected | Selected | Selected | Selected | Selected | ||||
System Under Development Audit of the Secure Integrated Registration and Certification Unit | Selected | Selected | Selected | Selected | Selected | ||||
Audit of Payables at Year-End | Selected | Selected | |||||||
Audit of the Operation Return Home Project | Selected | Selected | Selected | Selected | Selected | Selected | |||
Audit of the Additions to Reserve Process | Selected | Selected | Selected | Selected | |||||
Audit of Contracting | Selected | Selected | |||||||
Audit of the Housing Program | Selected | Selected | Selected | Selected | Selected | Selected | Selected |
Appendix C - Linkage of 2015-2016 Audits to MAF Elements
2015-2016 Audit Projects | People Management | Financial Management | Integrated Risk, Planning and Performance | IM/IT Management | Assets & Acquired Services | Security Management | Service Management |
---|---|---|---|---|---|---|---|
Ongoing | |||||||
Audit of Indian Registration (Qalipu Phase II) | Selected | Selected | Selected | Selected | Selected | ||
Audit of the Management Control Framework for Grants and Contribution (2014-2015) | Selected | Selected | Selected | ||||
Audit of Information Technology Security | Selected | Selected | Selected | ||||
Audit of Values and Ethics | Selected | ||||||
Management Practices Review of the Manitoba Region | Selected | Selected | Selected | Selected | Selected | ||
Review of AANDC Systems of Record | Selected | Selected | Selected | Selected | Selected | Selected |
2015-2016 Audit Projects | People Management | Financial Management | Integrated Risk, Planning and Performance | IM/IT Management | Assets & Acquired Services | Security Management | Service Management |
---|---|---|---|---|---|---|---|
2015-2016 Projects | |||||||
Audit of the Management Control Framework for Grants and Contributions 2015-2016 (recurring audit) | Selected | Selected | Selected | ||||
Audit of the Education Information System | Selected | Selected | Selected | ||||
OCG Horizontal Internal Audit of Information Management | Selected | Selected | Selected | ||||
Management Practices Review of the Ontario Region | Selected | Selected | Selected | Selected | Selected | ||
Audit of the Income Assistance Program | Selected | Selected | |||||
Audit of Governance and Institutions of Government Programs | Selected | Selected | Selected | Selected | |||
Management Practices Review of the Atlantic Region | Selected | Selected | Selected | Selected | Selected | ||
Management Practices Review of the Saskatchewan Region | Selected | Selected | Selected | Selected | Selected | ||
Audit of AANDC Support to the Specific Claims Process | Selected | ||||||
System Under Development Audit of the Secure Integrated Registration and Certification Unit | Selected | Selected | Selected | Selected | Selected | ||
Audit of Payables at Year-End | Selected | Selected | Selected | ||||
Audit of the Operation Return Home Project | Selected | Selected | Selected | Selected | Selected | ||
Audit of the Additions to Reserve Process | Selected | Selected | |||||
Audit of Contracting | Selected | Selected | Selected | ||||
Audit of the Housing Program | Selected | Selected | Selected | Selected |
Appendix D – 2015-2016 Audit Projects
The detailed audit plan for 2015-2016 is presented below, with each project described in terms of its preliminary objective, preliminary scope and rationale. For all planned audits, the final objective and scope will determined at the end of the planning phase, based on an assessment of risk.
Audit Objective and Scope | Rationale for Conduct |
---|---|
Audit of the Management Control Framework for Grants and Contributions (recurring audit) | Very High |
The ongoing objective of the audit of the management control framework for grants and contributions is to assess the adequacy and effectiveness of the management control framework for grant and contribution programs. As the framework and the Department's programs and their risks evolve, the specific objectives and scope for audit activity in a given year are based upon a current risk assessment conducted during the planning phase. In assessing the adequacy and effectiveness of selected controls, the audit will typically examine their application horizontally, i.e. through a sample of programs and regions. |
Maps to Program Alignment Architecture
|
System Under Development Audit of the Secure Integrated Certification and Registration Unit | Very High |
The preliminary objective of the audit will be to assess the adequacy and effectiveness of the project management framework and controls in place to support the successful completion of the Secure Integrated Certification and Registration Unit project. The preliminary scope of the audit includes an examination of governance, risk management and control practices related to the implementation of Phase I and additionally, the project management practices related to Phase II of the project. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
Effective and successful implementation of Indian Registration System (IRS) and Secure Certificate of Indian Status (SCIS) are important to stakeholders and to AANDC credibility. Accuracy and integrity of IRS data and SCIS cards are key to minimizing false or illegitimate claims for federal funding. In 2010, a Departmental initiative to modernize the IRS was brought into force and is being rolled out in two phases. Phase I will see the integration of Indian registration and card issuance processes through the implementation of common business processes (known as the SIRCU model) and a linkage between the two system applications. Phase II will see the development and implementation of a replacement system for IRS and the SCIS Web Application. Phase II of the project has recently entered stage three of the Department's gating process. |
Management Practices Review of the Ontario Region | Very High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
Audit of AANDC Support to the Specific Claims Process | Very High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of AANDC controls in relation to its obligations to support to the Specific Claims Process. The specific objective and scope of the audit will be determined in the planning phase of the audit on the basis of a risk assessment, and will likely include most of AANDC responsibilities in support of the specific claims processes and Specific Claims Tribunal. The scope of the audit will not include the responsibilities of the Specific Claims Tribunal itself as it is an independent body. |
Maps to Program Alignment Architecture
Settling specific claims is an important priority that both discharges outstanding legal obligations and helps rebuild trust between the Government of Canada and First Nation by addressing longstanding grievances. Given the sensitivity and significance of these negotiations to the Department, it is important to review and assess the management and support of the specific claims process to ensure efficiency and effectiveness. |
Audit of Additions to Reserve Process | Very High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of procedures and controls used to manage the Additions to Reserves (ATR) process, so that ATR submissions are prepared and completed as efficiently as possible, and comply with relevant program authorities, frameworks and Treasury Board and AANDC policy requirements. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
Given that the ATR process is managed by each individual AANDC regional office and that as of December 2012, regional offices now play an even more important role in supporting ATR submissions, it is important that Regions interpret and apply the ATR Policy and related procedures in a consistent manner. |
Audit of Housing Program | Very High |
The preliminary objective of this audit will be to provide assurance that governance, risk management and control frameworks are adequate to provide a reasonable expectation that housing funds are used for the intended purpose and that outcomes will be achieved. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks and will likely include, at a national, the assessment of management practices and controls for providing governance and oversight over the funding of housing activities. And at the regional level, assessment of management and operational practices and controls for the delivery of funding to First Nations in accordance with Headquarters policies and guidelines |
Maps to Program Alignment Architecture
Funding channeled towards the program is significant and material making it a very high area of risk for the department. Assurance is needed to ensure monitoring and auditing practices specific to housing activities are adequate and proper controls are in place to mitigate key program risks and to ensure compliance with Treasury Board, AANDC and other policies and regulations. |
OCG Horizontal Internal Audit of Information Management | Very High |
The preliminary objective of the audit will be to provide assurance that adequate and effective controls over information management is in place and provides relevant, timely and accessible information to support decision making in the Department. The specific objective and scope of the audit will be determined by the OCG, during the planning phase based their assessment of risks. |
Maps to Program Alignment Architecture
|
Management Practices Review of the Atlantic Region | Very High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
Management Practices Review of the Saskatchewan Region | Very High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
Audit of the Education Information System | Very High |
The preliminary objective of the audit will be to determine if the Education Information System (EIS) supports an effective and efficient process to reporting on AANDC's education programs. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture:
Assurance is needed to ensure that EIS supports AANDC's initiatives to improve performance measurement for First Nations students. |
Audit of Income Assistance Program | High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of the controls in place to support the design, delivery, and monitoring of the Income Assistance program, including compliance with relevant program authorities and TB and AANDC policy requirements. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks and will likely include the management practices and controls that ensure compliance with relevant policies, procedures and guidelines. The scope may include a focus on the changes to the program's Management Control Framework related to IA reforms. The scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship and accountability. |
Maps to Program Alignment Architecture
Given the significance of annual expenditures of the Income Assistance Program (>$800M); the sensitivity of the program; and, the complexity of program delivery, considering the continued growth in program expenditures resulting from the absence of employment opportunities, lack of skills training, and lack of capacity to provide case management, the Income Assistance Program presents a high risk for the Department. |
Audit of Contracting | High |
The preliminary objective of this audit will be to provide assurance over the adequacy and effectiveness of the management controls supporting the processing of goods and services contracts and that goods and services are procured in a manner that is in compliance with Treasury Board and departmental policies and procedures and applicable laws and regulations such as the Financial Administration Act. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
It was identified as a high priority audit on the basis that contracting is financially material given the magnitude of goods and services contracts procured and that it can be subject to intense public scrutiny. |
Audit of Operation Return Home Project | High |
The preliminary objective of this audit will be to provide assurance that governance, risk management and control frameworks are adequate to provide a reasonable expectation that funds are used for the intended purpose and that the expected outcomes will be achieved. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
In fiscal year 2013-2014, the Department began reconstruction effort with the affected First Nations. Efforts included diking and flood mitigation measures, land selection and environmental studies, housing repairs and replacement in order to support remediation and recovery efforts in the four First Nation communities. This audit was identified as a high priority given the vast mandate and funding of the project. |
Audit of Payables at Year-End | High |
The preliminary objective of this audit will be to provide assurance that the Department is in compliance with the Treasury Board of Canada Secretariat Policy on Accounts Payable at Year-End by verifying that the liabilities existing at year-end are recorded accurately in the accounts; and that there are no material errors in the recording of contractual payments at year-end. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
A total of $182.2M in payable at year end was created for fiscal year 2013-14. This included payment to external suppliers ($152.8 M) and interdepartmental settlements to other government departments and agencies ($29.4 M).Footnote 2 There has been no recent audit that assessed the Department's payable at year-end process. |
Audit of Governance and Institutions of Government Programs | High |
The preliminary objectives of the audit will be to assess: (i) the adequacy and effectiveness of departmental controls for designing, approving, integrating and reporting on these programs; and, (ii) the appropriateness of the design of region and sector controls for delivering the program(s) in an integrated, efficient and effective manner, and in compliance with program authorities and TB and AANDC policy requirements. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
First Nations Governments Program: This program contributes to basic functions of First Nations Governments. Funds are provided through contributions to facilitate the exercise of core functions of government such as law-making, financial management and administration, and executive leadership. In fiscal year 2013-2014, the Department spent $410M on achieving the program outcomes. This audit was identified as a high priority given the vast mandate and funding of the programs. |
Appendix E – Changes to the Audit Plan
Ongoing Audits
The resource implications of audit projects that began in 2014-2015, but were not completed within that period are identified below as ongoing audits from the 2014-2015 Risk-Based Audit Plan.
2015-2016 Ongoing Audits | Expected Completion Date |
---|---|
Audit of Indian Registration (Qalipu Phase II) | Q1 2015-2016 |
Audit of the Management Control Framework for Grants and Contribution (2014-2015) | Q2 2015-2016 |
Audit of Information Technology Security | Q1 2015-2016 |
Audit of Values and Ethics | Q1 2015-2016 |
Management Practices Review of the Manitoba Region | Q1 2015-2016 |
Review of AANDC Systems of Record | Q1 2015-2016 |
Removed, Deferred or Added Audits
The table below identifies all the changes from the 2014-2015 to 2016-2017 Risk-Based Audit Plan.
Audit Name and Year Planned | Rationale |
---|---|
Audit of the First Nations Child and Family Services Program (2015-2016) | This project is postponed to 2016-2017. |
Audit of Contingent Liabilities (incl. Contaminated Sites) (2015-2016) | This project is postponed to 2017-2018. |
Audit of the Elementary and Secondary Education Programs (2015-2016) | This project is postponed to 2017-2018. |
Audit of HR Staffing and Planning (2015-2016) | This project is postponed to 2017-2018. |
Audit of Performance Measurement and Reporting (2015-2016) | This project is postponed to 2017-2018. |
Management Practices Audit of the Alberta Region (2015-2016) | This project is postponed to 2016-2017. Project changed from an Audit to a Review, as per a new methodology for management practices initiatives. |
Audit of Litigation Management (2015-2016) | Due to ongoing reviews of legal services across the federal government, it would add more value to the department to conduct the audit later. Therefore, it has been postponed to 2016-2017. |
Audit of Aboriginal Governance Institutions and Organizations Programs (2015-2016) | This audit has been replaced by Audit of Governance and Institutions of Government Programs and will be conducted in 2015-16. |
Audit of First Nations Government Programs (2015-2016) | This audit has been replaced by Audit of Governance and Institutions of Government Programs and will be conducted in 2015-16. |
Audit of the Additions to Reserve Process (2016-2017) | Due to very high departmental priority, it was concluded that this audit be performed sooner. Therefore, it has been moved from 2016-17 to 2015-16. |
Audit of Negotiation of Comprehensive Land Claims and Self-Government Agreements (2016-2017) | This project is postponed to 2017-2018. |
Management Practices Audit of the Chief Financial Officer Sector (2016-2017) | As this project is no longer considered a high priority, it is being removed from the Plan. |
Management Practices Audit of the Resolution and Individual Affairs Sector (2016-2017) | As this project is no longer considered a high priority, it is being removed from the Plan. |
Audit of Nutrition North Canada (2016-2017) | Due to the recent completion of an OAG audit on this (Fall 2014), the project will be postponed to 2017-2018. |
Audit of Expenditure Management (2016-2017) | This audit has been replaced by Audit of Payable at Year End and will be conducted in 2015-2016. |
Audit of Program Management of the Canadian High Arctic Research Station (CHARS) (2016-2017) | As CHARS has been transferred to another organization, there is no need to conduct this audit. |
Audit Name and Year Planned | Rationale |
---|---|
Audit of Governance and Institutions of Government Programs (2015-2016) | This audit replaced Audit of Aboriginal Governance Institutions and Organizations Programs and Audit of First Nations Government Programs. |
Audit of Payables at Year-End (2015-2016) | As identified by the Auditor General in its 2013-14 Public Accounts audit, this audit has been added to the plan for 2015-2016. It replaces the Audit of Expenditure Management that was to take place in 2016-2017 (as per the 2014-2015 to 2016-2017 RBAP). |
Audit of the Operation Return Home Project (2015-2016) | Due to high departmental priority, audit has been added to the plan for 2015-2016. |
Audit of Contracting (2015-2016) | An Audit of Contracting was last conduced in 2011-12 and since it is a high priority, it was determined that an audit should be added to the 2015-2016 Plan. |
Audit of the Housing Program (2015-2016) | Due to very high departmental priority, this audit has been added to the 2017-2018 Plan. |
Management Practices Review of the Atlantic Region (2015-2016) | Due to this project being considered a very high priority, it is being added to the 2015-2016 Plan. It will be conducted as a review, not an audit, as per the new approach to management practices initiatives. |
Management Practices Review of the Saskatchewan Region (2015-2016) | Due to this project being considered a very high priority, it is being added to the 2015-2016 Plan. It will be conducted as a review, not an audit, as per the new approach to management practices initiatives. |
Management Practices Review of the Quebec Region (2016-2017) | Due to this project being considered a very high priority, it is being added to the 2016-2017 Plan. It will be conducted as a review, not an audit, as per the new approach to management practices initiatives. |
Management Practices Review of the British Columbia Region (2017-2018) | Due to this project being considered a very high priority, it is being added to the 2017-2018 Plan. It will be conducted as a review, not an audit, as per the new approach to management practices initiatives. |
Management Practices Review of the Yukon Region (2017-2018) | Due to this project being considered a very high priority, it is being added to the 2017-2018 Plan. It will be conducted as a review, not an audit, as per the new approach to management practices initiatives. |
Senior Management Requested Audit(s) (2017-2018) | This placeholder is being added to accommodate senior management requests that may arise in the year. |