RISK-BASED AUDIT PLAN 2011-2014

(Download the report)

Table of Contents

Executive Summary

The Natural Resources Canada (NRCan) three year risk-based audit plan has been prepared in accordance with the applicable requirements of the revised July 2009 Treasury Board Policy on Internal Audit and related directives and guidelines, and the professional standards of the Institute of Internal Auditors (IIA). The risk-based audit plan includes internal audit projects for a 3 year period from 2011-12 to 2013-14.

The Planning Context

Since the adoption of the 2006 Treasury Board Policy on Internal Audit (revised July 2009), the Audit Branch has continued to refine its risk-based planning approach each year with further improvements consistent with Treasury Board guidance to Chief Audit Executives. The Audit Branch uses a similar audit planning approach as the Office of the Comptroller General (OCG).

All potential audit projects were discussed with senior management and the Audit Committee, with particular emphasis on the projects planned for 2011-12 (first year of the three-year Audit PlanFootnote 1), given that future year projects are re-assessed on an annual basis. Continued efforts were made this year to align our planning efforts with the ongoing work in establishing a departmental risk management framework and updating the NRCan 2010-11 Corporate Risk Profile. Also, government and departmental priorities were validated with senior management and the Audit Committee to ensure greater alignment of planned audits to the key and highest priority areas.

A quality review process was applied throughout the planning cycle, to ensure that the Audit Plan:

  • Is risk-based;
  • Covers audit and management priorities;
  • Is reviewed by senior management and the audit committee;
  • Is focused predominantly on the provision of assurance on risk management, control and governance processes;
  • Has a multi-year horizon;
  • Addresses risks and internal audits identified by the Comptroller General as part of government-wide coverage; and
  • Supports annual overview reporting by the Chief Audit Executive on departmental risk management, control and governance processes.

The Planning Process

The starting point for the risk-based selection process is NRCan’s internal audit universe. The audit universe represents a potential range of all audit activities and is comprised of a number of auditable entities. The Audit Branch uses the departmental Program Activity Architecture (PAA) to help assess completeness of the audit universe.

The next stage is to prioritize the audit universe based on a risk assessment. This is a two step process and involves preliminary and final prioritization. This includes management consultations, review and consideration of available departmental risk information, including the Corporate Risk Profile (CRP), the latest Management Accountability Framework (MAF) assessment, strategic review, business planning, the Report on Plans and Priorities (RPP), departmental and government priorities, the most recent tabled financial statements, and other considerations such as previous audit results (both internal and external).

Consideration is given to other factors such as senior management requests; the Departmental Audit Committee (DAC) advice and recommendations; mandated audits such as Office of the Comptroller General’s horizontal directed audits; and, planned audits by other assurance providers.

Finally the draft audit plan is distributed to Departmental Audit Committee for review and recommendation to the Deputy Minister for approval.

The following diagram highlights the four key phases used in the selection process for the development of a robust risk-based audit plan.

The following diagram highlights the four key phases used in the selection process for the development of a robust risk-based audit plan.

Environmental Scanning

  • Government Priorities
  • Departmental Priorities
  • Corporate Risks
  • Strategic Review
  • Business Planning
  • MAF Assessment
  • Consultations with management

Other Considerations

  • Core audit requirements (TB MAF)
  • CAE annual assurance perspective
  • Mandated priorities
  • Central Agency audits (OAG, OCG, PSC)
  • Previous NRCan internal audits
  • Time since last audit
  • Audit Branch capacity

Prioritization

  • Final discussions with senior management
  • Senior management requests
  • Audit Committee requests
  • Focus on first year proposed audit projects

The Planning Results

In total, thirty five new “highest priority” internal audit projects are planned for the next three years. The following table summarizes the number of new internal audit projects selected for each year along with the number of special advisory projects, carry-forward audits from 2010-11 and scheduled Office of the Comptroller General (OCG) horizontal directed audits since OCG audits might involve performing the audit work for the examination phase.

Type of Audit Project 2011-12 2012-13 2013-14
New Internal Audit Projects 11 13 11
Carry-Forward Audits From Prior Year 3 1 1
OCG – Horizontal Directed Audits 2 2 2
TOTAL 16  16  14

The following four tables provide a listing of audit projects being carried forward from 2010-11 and the new “highest priority” internal audit projects for fiscal years 2011-12, 2012-13 and 2013-14.

Carry Forward Audits
2010-11
SAP System (Felix Project Planning & Delivery)
Asset Management – Real Property
Science and Technology Audit Readiness Review
 
2011-12 1. Strategic Review Implementation
2. CANMET - Materials Technology Laboratory (MTL) Relocation
3. Regional Offices – Shared Services Office (SSO) Support Services
4. United Nations Convention on the Law of the Sea (UNCLOS)
5. Electronic Payment System (E-payment)
6. ecoENERGY Technology Initiative (ecoETI)
7. Investments in Forest Industry Transformation (IFIT) Program
8. Information Management (IM)
9. Geo-Mapping for Energy and Minerals (GEM) Initiative
10. Leadership for Environmental Advantage In Forestry (LEAF) Program
11. Non-Competitive Contracting
 
2012-13 12. Governance Structure of the Department
13. Access to Information and Privacy
14. Servers Administration and Security
15. Integrated Business Planning and Reporting
16. Contingent Liabilities Estimates
17. Offshore Transfer Payments
18. ecoENERGY for Renewable Power
19. Policy on Internal Controls (PIC)
20. Polar Continental Shelf Program (PCSP)
21. Economic Action Plan (EAP) - Phase 3
22. Values and Ethics - Conflict of Interest
23. Modernization of Explosives Regulations
24. Risk Management Process and Practices
 
2013-14 25. Legislated Environmental Assessment
26. Port Hope Area Initiative (PHAI)
27. Groundwater Geoscience Program
28. Targeted Geoscience Initiative 4 (TGI4)
29. Climate Change Impacts and Adaptation
30. Felix/SAP Implementation and Rollout (Phase II)
31. Business Continuity and Disaster Recovery Planning
32. Budgeting and Forecasting / Annual Reference Level Update (ARLU)
33. PeopleSoft 8.9
34. Emergency Preparedness
35. Green Mining Initiatives

Continuous Auditing

Other professional and support activities include a wide variety of work such as the implementation of a continuous auditing approach. The Audit Branch has been developing such an approach with the intent to roll-out an effective and sustainable continuous auditing process to support the Internal Audit function, and support management needs regarding the Policy on Internal Controls.

The following table summarizes the continuous auditing projects planned for 2011-12, including one carry-forward project from 2010-11.

Continuous Auditing Carry-forward from 2010-11 – ecoENERGY for Retrofit Homes
Acquisition Cards
Felix Data Conversion
Special Advisory Projects

As an adjunct to the assurance role, the Policy (section 3.7) indicates that internal auditors will also provide advisory services to their organizations. Notwithstanding a clear emphasis on assurance work, the Audit Branch also undertakes advisory services as requested from time to time by senior management. The Branch responds to small requests without formal planning or approval (e.g. request for comments on a new draft departmental policy). Advisory requests that involve significant time and resources are brought to the attention of the DAC and are approved by the Deputy Minister (e.g. request to conduct an advisory review of a selected program area).

Central Agencies Audit Projects for 2011-12

The Department is subject to audits by various external central agencies (e.g. Office of the Comptroller General (OCG), Office of the Auditor General (OAG), Commissioner of the Environment and Sustainable Development (CESD), Public Service Commission (PSC), etc.). The following table provides a listing of external audit projects being carried forward from 2010-11 and proposed planned external audit projects for fiscal year 2011-12.

Office of the Comptroller General (OCG) Horizontal Internal Audit of the Grants and Contributions Management Control Framework – Phase 1
Horizontal Internal Audit of the Effectiveness and Efficiency of Information Management
Horizontal Internal Audit of the Management of Horizontal Initiatives
Office of the Auditor General and Commissioner of the Environment and Sustainable Development (OAG/CESD) Public Accounts
Environmental Science
Study of Environmental Monitoring Systems
Controlling Imports of Hazardous Products
Public Service Commission (PSC) Natural Resources Canada – Entity Staffing

Download the report

Printable Version [PDF, 200 KB]

To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.