RISK-BASED AUDIT PLAN 2008-2011

Annual Plans


(Download the report)

Preface

The Audit Branch has prepared its 2008-11 Risk-Based Audit Plan in accordance with the Treasury Board Secretariat’s requirements. Important enhancements were made to our planning process including the integration with the Treasury Board Secretariat’s Management Accountability Framework and the Office of the Comptroller General’s Core Management Controls. Our risk-based planning process incorporates much of the latest thinking within the federal government’s internal audit community. The enhanced process leverages these concepts and helps to set a foundation for planning through increased transparency, improved methodology and greater flexibility.

I would like to take this opportunity to thank the Office of the Comptroller General, and other government departments we consulted during the preparation of our 2008-11 Risk-Based Audit Plan. I especially want to thank those individuals within the Department who shared their time and insight regarding the development of the 2008-11 Risk-Based Audit Plan. Those contributions helped to formulate an audit plan that will enable the Audit Branch to contribute directly to the effective risk management, sound resource stewardship and good governance within the Department.

Thank you,

Joe Freamo
Chief Audit Executive
Audit Branch
Natural Resources Canada
2nd Floor - 588 Booth Street
Ottawa, Ontario, K1A 0Y7
jfreamo@NRCan.gc.ca
Phone:(613)996-4940

Table of Contents


 

Executive Summary

Natural Resources Canada’s (NRCan) Audit Branch’s 2008-11 Risk-Based Audit Plan (herein referred to as the Audit Plan) has been prepared in accordance with the applicable requirements stipulated in the Treasury Board Secretariat’s (TBS) Internal Audit (IA) policy, directives and guidelines that became effective on April 1, 2006

In preparation for the development of the 2008-11 Audit Plan, the Branch considered opportunities to strengthen its planning approach with a vision of designing a Risk-Based Audit Plan that would be recognized as value added to departmental Senior Management and acknowledged as a lead practice within the federal government’s internal audit community. In this respect, improvements were made in terms of expanding the number of lenses used to define the audit universe, integrating the TBS’ Management Accountability Framework and the Office of the Comptroller General’s (OCG) Core Management Controls, and leveraging risk assessment and prioritization techniques. These enhanced features have resulted in such key benefits as:

  • Improved risk-based methodology;
  • Increased transparency;
  • Enhanced alignment with the OCG`s horizontal audit planning;
  • More cohesive and integrated messaging to the Deputy Minister (DM), the Audit Committee and departmental Senior Management; and,
  • Increased compliance with the TBSIA policy requirements.

In addition, the 2008-11 Audit Plan provides for a longer term vision and foundation that addresses the broader goals and objectives as set out in the IA policy, particularly the provision of holistic assurance regarding departmental governance, risk management and control processes. These improvements also address the interest of both NRCan’s DM and the OCG for the Branch to have a more transparent and methodical approach to the selection of audit projects.

In developing the Audit Plan, the Branch looked to provide coverage of the Department over a three-year planning horizon. It also ensured, following requirements of TBSIA policy and related directives, that the audit plan focuses primarily on the provision of assurance servicesFootnote 1 .

The current three-year planning horizon calls for the delivery of a total of 57 audit projects, as outlined below.

Source of Audit Project

2008-09

2009-10

2010-11

Total

Carry-Forward audits

7

-

-

7

Core program - financial, info. technology/management audits

4

4

4

12

OCG - government wide horizontal audits

4

4

-

8

New audit projects

10

10

8

28

In-reserve auditsFootnote 2

2

-

-

2

Total

27

18Footnote 3

123

57

To facilitate the comprehension of the 2008-11 Audit Plan, audit projects are captured under two broad headings: non-discretionary and discretionary.

  • Non-discretionary audit projects consist of uncompleted engagements from the 2007-08 Audit Plan and a series of what the Branch has deemed to be a core cyclical program of financial and information technology/management audits. They also include directed audit projects contained in the OCG’s 2007-10 Horizontal Audit Plan.
  • Discretionary audit projects are those where the Branch recognizes that there is some latitude or discretion in terms of selection. In exercising its professional judgement, the Branch selected these projects based on a consideration of their relative risk and priority. They were also selected with due consideration given to the Department’s Corporate Risk Profile, Program Activity Architecture and MAF assessment results. These projects were discussed with Senior Management with respect to the coverage of high priority and/or high risk areas. This also encouraged a dialogue on the reasoning behind why projects were selected for inclusion in the Audit Plan.

The Audit and Evaluation Committee (AEC) approved, at its March 18, 2008 meeting, the implementation of the 2008-09 audit projects. It also approved in principle the projects identified for the 2009-10 and 2010-11 Fiscal Years recognizing that audit priorities could change depending on the results generated from the annual risk-based planning exercise. Further to acknowledging the significant enhancements to the Branch’s planning process, the AEC also initiated a motion and approved the risk-based audit planning methodology.

Given that formal approval was granted for the Branch to implement the 2008-09 audit projects, the following table lists the engagements and the quarter of the Fiscal Year in which they are planned to commence.
Audit Project Timing
Server management Q1
NRCan’s TB submission process Q1
Off-the-shelf software licence management Q1
Custom software development Q1
Management of repayable contributions Q1
Perf. mgt. at contribution agreement level Q1
Management of accounts payable Q1
Payroll and benefits Q1
SSO service delivery Q1
GeoConnections program Q1
Public websites management Q1
Contracting information and monitoring * Q1
Transfer payment expenditures Q2
Financial forecasting & Y/E exp. patterns Q2
Human resource planning and analysis * Q2
Information technology security Q3
Physical security Q3
Nova Scotia Nfld. Transfer Q3
Asset management – departmental assets Q3
Corporate risk profiles * Q3
Department TB authorities Q3
Strategic planning Q4
Follow-up of the review of values & ethics Q4
Exp. controls (higher risk payments) * Q4
Information management Q4
HR management – staffing service delivery **
EcoEnergy – small & medium size orgs. **
 

* OCG government-wide audit.
** In-reserve audits – AEC consultation required prior to implementation.

 
Moving Forward

While significant and positive strides have been made regarding its audit planning practices, the Branch recognizes that further improvements remain. The Branch has identified “lessons learned” from the 2008-11 planning exercise. These lessons will be incorporated into future year’s planning efforts. The planning process has been designed with sufficient flexibility to better adapt to future changes in the planning environment (i.e., possible changes to the number of CMCs, the MAF structure, etc.). In addition, refinements to the Branch’s audit engagement planning, examination and reporting practices can be made to further strengthen the degree of compliance with the TBSIA policy requirements. The associated changes will take time to fully implement and will result in modifications to the Branch’s infrastructure and business processes.

 

Introduction

This document represents Natural Resources Canada’s (NRCan) Risk-Based Audit Plan for the period of 2008-11. The plan has been prepared in accordance with the Treasury Board (TB) Policy on Internal Audit and the Institute of Internal Auditors (IIA) Standards. The content of the plan is structured under the following headings:

  • Planning context;
  • Planning process;
  • Audit plan by Fiscal Year; and,
  • Moving forward.
 

Planning Context

Internal Audit (IA) within the Federal Government has been subject to recent directional change. An important element of this government-wide change is expressed through the revitalization of the Office of the Comptroller General (OCG) within the Treasury Board Secretariat (TBS). The OCG’s strategy, vision and approach for raising the contribution of IA are formally articulated in the following suite of authorities applicable to large departments including NRCan:

  • TB Policy on Internal Audit (2006);
  • Directive on Audit Committees;
  • Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General;
  • Guidelines on the responsibilities of Chief Audit Executives; and,
  • Guidelines on Expected Qualifications for Chief Audit Executives.

The above mentioned new policy, directives and guidelines have many features and requirements intended to bolster the internal audit function into a strong and credible regime “… that has the confidence of the government, and contributes directly to effective risk management, sound resource stewardship and good governance, and is repositioned as a key underpinning of governance within departments and agencies and across governmentFootnote 4”.

Key among the requirements of the Policy on Internal Audit is for Departments to have an Audit Plan that addresses the areas of higher risk, including audits identified by the Comptroller General for government-wide or sectoral coverage, and supports an annual opinion from the Chief Audit Executive on departmental risk management, control and governance processes.

The Branch launched its 2008-11 planning process with the objective of ensuring that the Department would be well positioned to meet the requirements of the new IA policy and related directives. It also set out to address a request from the Deputy Minister to refine the audit planning process in order that it become more transparent and methodical in its approach and selection of audit projects.

 

Planning Process

Refinements were made to ensure that the 2008-11 Audit Plan:

  • Is reviewed by the Department’s audit committeeFootnote 5;
  • Is focused primarily on the provision of assurance services;
  • Includes internal audits identified by the OCG as part of government-wide coverage; and,
  • Is designed to eventually support an annual opinion from the Chief Audit Executive on departmental risk management, control and governance processes.

The Branch will continue to promote continuous improvement and will refine its audit planning process during the upcoming years based on lessons learned. The refinements made to date, however, have established a solid foundation that will enable the Branch to meet expectations associated with the new IA policy.

Exhibit I, provides an illustration of the process applied to develop the 2008-11 Audit Plan. A narrative description of the process steps is contained in Appendix A of this document.

EXHIBIT 1 - PROCESS OVERVIEW: 2008-11 RISK BASED AUDIT PLAN

 

Audit Plan by Fiscal Year

To facilitate the Department’s internal decision making process concerning the 2008-11 Audit Plan, the audit projects identified for the coming years were captured under one of two headings; either non-discretionary or discretionary.

Non-discretionary audit projects consist of uncompleted engagements from the 2007-08 Audit Plan and a series of what the Branch has deemed to be a core cyclical program of financial and information technology/management audits. They also include directed audit projects contained in the OCG’s 2007-10 Horizontal Audit Plan.

The discretionary audit projects were selected based on a consideration of their relative risk and priority. They were also selected with due consideration given to the Department’s Corporate Risk Profile, Program Activity Architecture and MAF assessment results. To facilitate an understanding of the reasoning behind which projects were selected for inclusion in the 2008-11 Audit Plan, the Branch wanted to focus Senior Management’s and the AEC’s attention on the projects labelled as “discretionary”. In doing so, the Department was better able to discuss coverage of high priority projects.

The following three tables are used to describe the 2008-11 Audit Plan, one for each of the Fiscal Years covered by the planning period.

Table I: 2008-09 Audit Plan

Audit Project

Preliminary Objective(s)

Preliminary Scope (Sectors)

Timing

Level of Effort
(in Days)

2008-09 Carry-Forward Audit Projects

1. Server Management

Provide assurance that the cost savings and efficiencies across the department identified by SSO are achieved

CMSS/SSO /All

Q1

5

2. NRCan’s Treasury Board Submission Process

Assess the efficiency of the TB submission processes in the department

All

Q1

20

3. Off-the-shelf Software Licence Management

Provide assurance on the controls and accountability processes related to management of off-the-shelf software license management

CMSS / SSO / All

Q1

30

4. Custom Software Development

Provide assurance on the controls and accountability processes related to management of custom software development.

CMSS / SSO / All

Q1

30

5. Management of Repayable Contributions

Provide assurance on compliance with TB Policy and Guidelines

CMSS / SSO / All Regions

Q1

20

6. Performance Management at Contribution Agreement (CA) Level

Provide assurance that accurate and complete CA level performance measurement information is being provided to ADM’s and that this information is used appropriately in the management of programs.

CMSS / EPS / ESS / CFS / MMS

Q1

30

7. Management of Accounts Payable

Provide assurance on the controls and accountability processes related to Accounts Payable and Disbursements.

CMSS / SSO / All

Q1

65

2008-09 Core Financial Audit Projects

8. Payroll and benefits

To provide assurance on the design, efficiency and effectiveness of internal controls and the accuracy and completeness of financial information

All

 

Q1

160

9. Transfer payment expenditures

To assess the design, efficiency and effectiveness of financial controls and the accuracy and completeness of transfer payment information recorded in the department’s financial system
(Note – separate core program exists for operating expenditures).

CMSS / SSO / All

Q2

160

2008-09 Core Information Technology and Information Management Audit Projects

10. IT Security

To assess the practices applied by the department to secure the data recorded in its information systems.

All

Q3

80

11. Information Management

To assess the practices applied by the department to manage its information holdings

All

Q4

80

2008-09 Office of the Comptroller General Government-Wide Horizontal Audits

12. Contracting Information & Monitoring

Assess availability and utilization of management information on contracting attributes and trends; contribution to effective risk management and disclosure.

All

Q1

60

13. Human Resource Planning and Analysis

Assess availability and use of HR management information as a basis for sound planning, including analysis to anticipate emerging trends and issues – as well as indicators of organizational health and integration with Business Plans.

All

Q2

60

14. Corporate Risk Profiles

Assess processes and systems for development and progressive refinement of corporate risk profiles. To consider the interfaces with business planning and performance measurement (i.e. identification of tolerances around particular measures and targets).

All

Q3

70

15. Expenditure Controls (Higher Risk Payments)

Assess design and functioning of controls to flag higher-risk transactions for focused attention and verification.

All

Q4

70

2008-09 New Audit Projects

16. TB Authorities

To assess the extent of Departmental compliance with Treasury Board delegated authorities.

All

Q3

60

17. Geoconnections Program

To asses the: a) management control framework in place for the program and whether it is operating efficiently, economically and effectively; and, b) the extent to which the Department is complying with the terms and conditions of the program.

CMSS / ESS

Q1

160

18. SSO service delivery

To determine the extent to which the implementation of the SSO initiative has achieved its expected benefits and whether service standards are established, tracked and used as the basis of continuous service improvement

CMSS / All

Q1

160

19. Public websites management

To assess the extent of departmental compliance with TBS policy requirements (i.e. CLF)

All

Q1

80

20. Financial forecasting & year-end expenditure patterns

To assess processes in place to support sound management of existing budgets and spending patterns, particularly at year-end.

CMSS / SSO/ All

Q2

160

21. Nova Scotia – Nfld. transfer

To assess the design, efficiency and effectiveness of financial controls related to royalty revenue and transfers and the accuracy and completeness of the information recorded in the department’s financial system.

CMSS / EPS

Q3

40

 

 

 

 

 

22. Physical security

To assess whether appropriate physical safeguards are in place at facilities to provide for the safeguarding of sensitive information and assets, and the safety and security of employees

All

Q3

80

23. Asset management – departmental assets

To assess life-cycle management practices regarding departmental assets (other than real property), including records, valuations, re-capitalization, maintenance and replacement strategies, rationalization and disposal.

CMSS / All

Q3

160

24. Strategic planning

To assess the extent to which the Department has defined and communicated strategic directions and objectives, aligned with its mandate.

All

Q4

160

25. Follow-up of the review of values & ethics

To assess the extent to which the recommendations contained in the 2005 review of Values and Ethics have been implemented.

All

Q4

120

2008-09 In-Reserve Audit Projects

26. HR Management – Staffing Service Delivery

To assess the efficiency, effectiveness and timeliness of departmental staffing practices in meeting client needs.

CMSS / SSO / All

*

*

27. EcoEnergy Retrofit – small & medium size organizations

To asses the: a) management control framework in place for the program and whether it is operating efficiently, economically and effectively; and, b) the extent to which the Department is complying with the terms and conditions of the program.

OEE / CMSS

*

*

* In-reserve audit projects represent engagements that may be carried out in 2008-09, subject to the AEC’s prior approval, in the event capacity becomes available. Information has not been inserted under the “timing” and “Level of Effort” headings as there is no certainty that the engagements will be launched in 2008-09.

Table II: 2009-10 Audit Plan

Audit Project

Preliminary Objective(s)

Preliminary Scope (Sectors)

Timing

Level of Effort
(in Days)

2009-10 Core Financial Audit Project

1. Financial Statement Preparation & Reporting

To assess the processes used to prepare the department’s accrual based financial statements, including the adequacy of the associated note disclosure.

CMSS / SSO / All

Q2

120

2. Revenue, Receivable & Receipts

To provide assurance on the design, efficiency and effectiveness of internal controls and the accuracy and completeness of financial information

All

 

Q3

160

2009-10 Core Information Technology and Information Management Audit Projects

3. IT Security

To assess the practices applied by the department to secure the data recorded in its information systems.

All

Q2

80

4. Information Management

To assess the practices applied by the department to manage its information holdings.

All

Q3

80

2009-10 Office of the Comptroller General Government-Wide Horizontal Audits

5. Business Cases for major investments (risk analysis and plans)

To assess soundness of business cases, including: clarity of assumptions; presentation of costed alternatives; sensitivity analyses for key variables; and, plans for ongoing monitoring and evaluation.

CMSS / All

TBD

80

6. Real property assets (life-cycle management)

The assess management of inventories of real property, including records, valuations, re-capitalization, maintenance/replacement strategies; rationalization and disposal

CMSS / All

TBD

100

7. Financial reporting controls

To assess framework of control in place to assure reliability of financial reports and statements.

CMSS / All

TBD

80

8. Fraud risk and control strategies

To assess measures in place to ensure awareness of potential exposures to fraud; drawing indicators and lessons learned from instances of fraud, and refining pertinent prevention/detection strategies.

CMSS / All

TBD

40

2009-10 New Audit Projects

9. Departmental governance – regime in support of horizontal NRCan initiatives

To assess the extent to which the department’s governance regime actively supports the delivery of major departmental horizontal initiatives and their associated objectives

All sectors

Q1

160

10. Asset management - real property assets

To assess life-cycle management practices regarding real property assets, including records, valuations, re-capitalization, maintenance/replacement strategies, rationalization and disposal.

CMSS / All

Q2

160

11. Departmental policies - financial

To assess the completeness of departmental financial policies and the related practices to ensure that they remain current and are applied.

CMSS / SSO / All

Q3

80

12. Budgeting and expenditure management

To assess the departmental budgeting, forecasting and variance analysis practices.

CMSS / SSO / All

Q4

160

13. Business continuity planning – follow-up of NRCan’s 2006 internal audit of BCP

To assess the extent to which the recommendations included in the audit of NRCan’s Business Continuity Plan (BCP) Program have been implemented by departmental management.

CMSS / All

Q4

40

14. Travel

To assess the level of compliance with departmental and central agency travel policies and directives.

All

Q4

120

15. EcoEnergy for Biofuels Program

To asses the: a) management control framework in place for the program and whether it is operating efficiently, economically and effectively; and, b) the extent to which the Department is complying with the terms and conditions of the program.

CMSS / OEE / Fuel Policy and Program

Q1

160

16. Federal Response to the Mountain Pine Beetle Infestation in BC

CMSS / CFS

Q2

160

17. Expanding Market Opportunities Program

CMSS / CFS / Policy Economic Int’l & Industry Branch

Q3

160

18. EcoEnergy for Building and Houses Program

CMSS / OEE / Building & Housing

Q3

160

Note: The projects contained in the 2009-10 Audit Plan may be subject to change based on the results of the AB’s 2009-12 planning exercise.

Table III: 2010-11 Audit Plan

Audit Project

Preliminary Objective(s)

Preliminary Scope (Sectors)

Timing

Level of Effort
(in Days)

2010-11 Core Financial Audit Projects

1. Accounting for capital assets

To assess whether the Department appropriately and consistently accounts for its capital assets in accordance with prescribed Departmental and Central Agency accounting standards and relevant policies. (>$10K)

CMSS / All

Q1

160

2. Purchases, Payables & Payments

To provide assurance on the design, efficiency and effectiveness of internal controls and the accuracy and completeness of operating expenditure information recorded in the department’s financial system. (Note – separate core program exists for transfer payment expenditures).

All

 

Q3

160

2010-11 Core Information Technology and Information Management Audit Projects

3. IT Security

To assess the practices applied by the department to secure the data recorded in its information systems.

All

Q2

80

4. Information Management

To assess the practices applied by the department to manage its information holdings/

All

Q4

80

2010-11 Office of the Comptroller General Government-Wide Horizontal Audits

To be determined. Not yet specified by the OCG.

 

 

 

 

2010-11 New Audit Projects

5. Departmental governance - IM/IT resources

To assess structures and processes guiding identification of strategic information requirements and investments, as well as management of technical resources.

CMSS / SSO / All

Q1

160

6. Departmental policies – corporate and program management

To assess the completeness of departmental corporate and program management policies and the related practices to ensure they remain current and are applied.

All sectors

Q3

120

7. Operational planning

To assess the extent to which the Department has in place operational plans and objectives aimed at achieving its strategic objectives.

All

Q1

160

8. Departmental project management system

To assess the extent to which a common technical solution is in place to address the department’s project management requirements.

All

Q2

120

9. Geomatics Canada revolving fund

To assess the accuracy and completeness of the financial information reported in the Geomatics Canada revolving fund’s financial statements.

CMSS / ESS

Q1

100

10. Gunnar and Lorado Mines

To asses the: a) management control framework in place for the program and whether it is operating efficiently, economically and effectively; and, b) the extent to which the Department is complying with the terms and conditions of the program.

CMSS / MMS

Q2

160

11. Efficiency and Alternative Energy Program

CMSS / OEE / OERD

Q3

160

12. EcoEnergy Technology Initiative Program

CMSS / OEE R&D / ecoETI R&D

Q4

160

Note: The projects contained in the 2010-11 Audit Plan may be subject to change based on the results of the AB’s 2009-12 planning exercise.

 

Moving Forward

The Audit Branch enhanced its audit planning process and made a number of methodology improvements when preparing the 2008-11 Audit Plan. The refined process responds to the requirements of the TB IA Policy. It also provides a solid foundation and strategy to address broader goals and objectives set out in the IA policy, particularly the provision of holistic assurance regarding departmental governance, risk management and control processes.

While significant and positive strides have been made, the Branch recognizes that further improvements remain. The Branch identified “lessons learned” from the 2008-11 planning exercise. These lessons will be incorporated into the Branch’s vision for future year’s planning efforts. The planning process has been designed with sufficient flexibility to better adapt to future changes in the planning environment (i.e., possible changes to the number of CMCs, the MAF structure, etc.). Strengthening of the Branch’s audit engagement planning, examination and reporting practices will also increase the value of the audit function within the Department in addition to improving the degree of compliance with the IA policy requirements. The associated changes will take time to fully implement and will result in further modifications to the Branch’s infrastructure and business processes.

The Branch’s 2007-08 improvement efforts focused on its planning practices. This was a logical starting point. Initial steps have been taken and a strategy set to support compliance with the IA Policy requirements in a timely fashion considering available resources.

 

Appendix A: 2008-11 Risk-Based Audit Planning Process

The Branch’s 2008-11 Risk-Based Audit Planning Process is illustrated in Exhibit I found on page 3. This appendix provides a narrative description of the process steps depicted in Exhibit I.

Audit Universe – Step #1
Audit Universe Step #1

Risk-based audit planning begins with defining an audit universe. Accordingly, the Branch established a comprehensive appreciation of NRCan and the potential areas of audit. To this end, information was gathered and analyzed using the following nine lensesFootnote 6:

 
  • Organizational units;
  • Program activities;
  • Departmental initiatives;
  • Departmental support functions;
  • Departmental policies, processes and procedures;
  • Financial statements line items;
  • Information technology and management;
  • Corporate risk profile (CRP); and,
  • Management Accountability Framework (MAF) results.
Management Accountability Framework (MAF) – Step #2
Management Accountability Framework (MAF) Step #2

The government’s MAF is structured around 10 key elements that collectively define and establish the expectations for modern public sector management. The potential areas of audit associated with each of the lenses used to define the audit universe (see Step 1 above) were individually mapped to the MAF. As such, the Branch’s risk-based audit planning process is “grounded” from the onset in the MAF. This assists in understanding the extent to which the audit universe provides coverage of the 10 MAF elements. It also helps to increase the relevance of the audit work to be carried out over the course of the planning period as it ensures that a logical relationship can be established between the potential areas of audit and the elements used to assess management’s performance on an annual basis.

Core Management Controls and Identify Projects - Step #3 & #4
Core Management Controls and Identify Projects - Step #3 & #4

The OCG has established 69 CMCsFootnote 7 that provide a foundation for CAEs in planning and providing holistic assurance on departmental governance, risk management and control processes. The CMC framework does not seek to introduce new controls. Rather, it selects key controls that already exist and can reasonably be expected to be in place. The importance and adequacy of each of the 69 CMCs were assessed by the Branch based on a five point rating scale in order to clearly arrange the controls by priority. The Branch focused its attention on the weakest controls for purposes of identifying potential audit projects.

Prioritization – Step #5
Prioritization Step #5

The TB IA Policy is intended to bolster internal audit into a strong and credible regime that “…has the confidence of the government, and contributes directly to effective risk management, sound resource stewardship and good governance”Footnote 8.To contribute toward this goal and to maintain a relevant internal audit function within the Department, the Branch established priorities for purposes of allocating its limited resources. Accordingly, a priority ranking score was assigned to each potential audit project based on a thorough assessment of three factors: likelihood, significance and added value. The priority ranking scores ranged from a low of 4.80 to a high of 14.13 out of a maximum potential score of 15.

Consultations – Steps #6 to #9
Consultations Steps #6 to #9

Consultations provide an opportunity for the Branch to engage departmental senior management during the planning process. A document describing the highFootnote 9 priority potential audit projects was distributed to departmental senior managementFootnote 10 for comment. Suggestions with respect to any other potential audit work concerning departmental programs that was not reflected in the distributed document was also sought. Separate meetings were held with members of the Audit and Evaluation Committee (AEC) to obtain their feedback on the high priority potential audit projects and comments on a proposed audit plan for the 2008-09 Fiscal Year. The Branch considered the feedback received during the consultations when finalizing the substance of the 2008-11 Audit Plan which was tabled in a deck presentation at the March 18, 2008 meeting of the AEC.

Next Steps – Step #10
Next Steps Step #10

The Branch’s risk-based audit planning process is a major undertaking that carries strategic implications. Through the Branch’s vision and continuous improvement practices, actions and lessons learned are identified that serve to enhance and strengthen the application of the Branch’s risk- based audit planning process in future years.

 

Download the report

Printable Version [PDF, 368 KB]

To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.