Audit

Annual Plans - 2005- 2006

Natural Resources Canada (NRCan) Annual Audit Plan 2005- 2006

(Download the report)

Audit and Evaluation Committee (AEC) Approved Annual Audit Plan 2005- 2006

Executive Summary

Why an Annual Plan? This summary presents the NRCan Annual Audit Plan for 2005- 2006. It has been prepared in accordance with pertinent Treasury Board (TB) policies 1 and guidance. Also, performance standards for the professional practice of internal auditing as set by the Institute of Internal Auditors 2 require that the Chief Audit Executive (CAE) establish risk- based plans to determine the priorities of the internal audit activity, consistent with the organization's goals.

Planning Process. Our process for this Annual Plan was strategic and rigorous, involving multi- phased meetings with the six sectors in NRCan, including Assistant Deputy Ministers (ADMs), as well as the Director General of the Shared Services Office, the Chief Scientist, and the DG Communications. The NRCan Audit and Evaluation Committee (AEC) chaired by the Deputy Minister participated directly in selecting the project proposals and approving the Annual Plan.

Nature of NRCan. NRCan is a complex, widely distributed organization, with about 1550 (of 4701) employees located outside the National Capital Region (NCR). It's one of the oldest departments and is made up of six distinct sectors - Earth Sciences Sector (ESS), Energy Policy Sector (EPS), Energy Technology and Program Sector (ETPS), Canadian Forest Service (CFS), Minerals and Metals Sector (MMS), and Corporate Management Sector (CMS). A Shared Services Office (SSO ) has been established during the past year with the objective of making service delivery functions more effective and efficient, while providing continued support to programs and services.

This rich history presents unique challenges with respect to the integration of systems and information sharing. Another major challenge is to manage the large amount of temporary funding ($608.2M 3) from a smaller ($477.4M) permanent A- base level. In this regard, since 1997- 98, NRCan has increased its total budget by 130%, and its temporary funding allocations by 628%.

Approach. Recognizing these complexities and challenges, our plan balances a number of requirements and perspectives. First, while we continue to emphasize strategic issues such as policy and strategic planning, we have also been cognizant of the need for "sound risk analyses of all departmental activities, with the authority to delve into every corner of every portfolio. 4" Second, we have continued to emphasize horizontal perspectives to obtain the most value for our audit resources, and to have more of a presence in regional activities. Third, we have retained a significant emphasis on transfer payment programs and projects through which most of NRCan's outcomes are delivered. Fourth, we have increased our emphasis on core activities funded through the A- Base budget. Finally, we have allocated resources to participate in the Comptroller General initiative "to strengthen the internal audit function across the federal government." 5

Annual Plan. Attached is the Annual Audit Plan of eight audit projects approved by the AEC for 2005- 2006. Also attached is a Back- up List of seven audit projects from which projects will be selected to present to the AEC for approval in the event one or more of the projects on the approved list need to be delayed or cancelled. For example, if an Office of the Auditor General (OAG) audit covers a particular topic, or if some unforeseen circumstance dictates that a priority project be delayed or cancelled, a project will be selected from the Back- up List. Further, a list titled, Audit Professional Standards and Capacity Building identifies internal projects that are necessary to respond to the challenging initiatives of the Comptroller General regarding internal audit. In addition, a chart is presented showing approved priority projects and carry- over projects (i.e. started in 2004- 2005) by Departmental sector. These projects have also been mapped (in the body of the report) to the Management Accountability Framework, (MAF), the TB Risk model and other models.

Key Challenges. There are four major challenges facing the Audit Division in NRCan at this time. First, the recruitment, retention and professional development of internal auditors are critical. We are in the midst of recruiting and expect to be fully staffed by November 2005 with four audit managers, four auditors and one Audit Director. We anticipate that it will take at least 18 months to train all staff to the required standard. We have allocated 10 days training for each auditor this year, and this does not include initial training requirements, which will vary from person to person.

Second, we must respond to the initiatives by the Comptroller General in the Treasury Board Secretariat to strengthen the internal audit function as discussed in the body of the report. In particular, external representation on the AEC, rewriting our audit policy and audit charter, and meeting professional standards will be major milestones. In this regard, we also intend to help to develop Central Agency audit policies and guidelines to help make these policies practical for departments.

Third, to meet professional standards, we must develop professional tools and practices. We are looking for tools to increase our productivity as well as meet the standards, such as an electronic bilingual audit management system to include automated working papers. Such a tool should also permit us to automate the Management Commitment Monitoring system, which we use to track the progress made by management on their action plans developed in response to our audit recommendations.

Fourth, we are working to develop sound risk analysis of all departmental activities that is at both the strategic and the detailed levels for audit planning. This will take some time to accomplish, and, in part, will be in conjunction with our active monitoring activity.

Finally, we have identified that obtaining information across the Department is a major challenge for audit activities, and correspondingly for senior managers. By bringing these information shortfalls to the attention of senior management, we believe that we can help to develop an appropriate plan of action that will be able to drive the information priorities of the Department. In particular, meeting the financial information needs of the managers is a priority.

1. Overarching Audit Risk Assessment of Climate Change Initiatives

Scope

Given the overall value and sensitivity of this major program (budget of Feb 2005 indicates more than $1B over a number of years, but at the same time launches a review of all climate change programs), it is appropriate to conduct 2 or 3 audits in the area. Our approach will be to assign two audit FTEs (Full Time equivalent) (out of 8) to carry out a two- phase audit project.

Phase 1. The first phase will be to complete an audit risk assessment of the Climate Change initiatives as described in the Treasury Board Climate Change Dashboard (attached). Examples of risk factors 6 that will be considered include:

  • Materiality,
  • Reliance on 3rd parties,
  • Significant change e.g. staff turnover and capacity check, new information systems, reorganizations,
  • Legal services (i.e. legal risks), and
  • Financial and contracting risks.

Phase 2. During the second phase of this project, 2 or 3 assurance audits of specific climate change programs will be conducted. The audits will examine the adequacy of internal controls; the management of risk; the propriety of transactions; compliance with the programs' terms and conditions; recipient audits, evaluations and RMAFs/RBAFs (Results- based Management and Accountability Framework/Risk- based Audit Framework) recently completed; compliance with the TB Policy on Transfer Payments (PTP) and Sections 32, 33 and 34 of the FAA; and also assess the economy, efficiency and administrative effectiveness of program operations and delivery systems as encountered during the audits.

Audited in Last 5 Years?

Yes. Since 2000, AEB (Audit and Evaluation Branch) has carried out ten audits or follow- up audits directly related to the Climate Change Initiatives, such as audits of the four sunset measures under the Efficiency and Alternative Energy (EAE) program:

  • the Renewable Energy Deployment Initiative (REDI),
  • the Energy Innovators Plus Program,
  • the EnerGuide for Houses Program, and
  • the Commercial Building Incentive Program.
Auditees

A. Management control framework/accountability/governance and monitoring

  • Centre of Expertise Grants and Contributions,
  • Legal services - legal review,
  • FMB (Financial Management Branch) - process of TB submissions,
  • AEB - audit and evaluation policy, and
  • Sector Management (operations).

B. Compliance

  • Departmental

2. Security of Cabinet Documents

Scope

A recent event elsewhere in the government has indicated that NRCan needs to be absolutely certain that appropriate security is provided to Cabinet level documents. Are the security requirements for these documents clearly articulated in an NRCan policy? Do all those who have responsibility for these documents know and understand the policy? Is the training provided in NRCan adequate in this regard? Has there been any security problems identified in NRCan with respect to these documents? If so, was appropriate action taken?

Audited in Last 5 Years?

Not precisely. But an Audit of Security (in 2000) was conducted as required by TBS (Treasury Board Secretariat) policy to assess NRCan's compliance with the Government of Canada Security Policy (GSP), as well as a Follow- up Audit of Security in March 2003. This audit work examined personnel security, which is relevant to security of cabinet documents.

Auditees

A. Management control framework and policy/accountability/and monitoring

  • SPB (Strategic Policy Branch)

B. Compliance

  • Departmental- wide, and
  • DMO (Deputy Minister's Office.

3. Special Purpose Accounts (SPAs) and Net Voted Revenue

Scope

Are SPAs and Net Voted Revenues managed in NRCan in accordance with relevant TB policies? SPAs and Net Voted Revenue are important to the Department in that they provide revenue, which the Department may use rather than passing the revenue to the Receiver General. We will determine at the scope phase whether it is viable to do both SPAs and Net Voted Revenue with the 100 person days we have allocated to this project.

SPAs. This topic has come to audit attention in several ways during the past year. Recognizing that there are numerous SPAs in NRCan, have appropriate monitoring and reporting systems been developed? We have identified approximately $320M of SPAs in 2004- 2005. TB Policy of 1995 on SPAs states, "Departments should undertake periodic reviews and audits of their SPAs to ensure that they are established and operate within the scope of departmental authorities and in accordance with this policy." SPAs are at risk because when the funds for a specific project or program are recorded in a SPA account, management can carry over the remaining balance to the next fiscal year. The normal 5% limitation does not apply in this regard, which raises the question; do managers use SPAs to allow full carryover?

Net Voted Revenue, excluding Geomatics Canada Revolving Funds ($17.8M in 2004- 2005), was approximately $23M in 2004- 05. TBS Policy on Special Revenue Spending Authorities July 1, 2000 states, "Departments should conduct periodic reviews and audits of their compliance with this policy," and that "Departments with a special respending authority for net voting must establish policies and procedures to ensure that there is a control mechanism in place to ensure that the net dollar amount (expenditures- revenues) approved by parliament is not exceeded.

Audited in Last 5 Years?

Yes. An audit of MMS Planning and Expenditure Management Systems is underway.

Auditees

A. Management control framework/accountability/governance and monitoring

  • FMB,
  • Center of Expertise Gs&Cs (Grants and Contributions), and
  • Sector Management.

B. Compliance

  • Departmental- wide, including the regions.

4. Recipient Audits

Scope

OGDs have found recipient audits to be a high level of risk.Issues include whether recipient audits are carried out consistent with the related TB submission and TB guidelines, inconsistency among the audits that are done, and adequacy of management responses to critical concerns and recommendations. Also, there is an issue of appropriate oversight regarding recipient audits on a departmental basis; particularly regarding recommendations and related management action plans of a long- term nature. This audit would confirm what the situation is in NRCan. Section 8.5 of the PTP calls for audits of recipients when deemed necessary.

Audited in Last 5 Years?

Not directly, but an internal audit of Management of Contribution Programs in 2000 identified weaknesses in external audits of recipients. An audit of the Energy Innovators Plus Program (2001) noted that program management was developing an overall risk- based framework for the audit of program contributions. The audit framework is being prepared in response to Section 8.5 of the PTP approved in June 2000. At the time of the audit, no audits of recipient audits had been carried out, but the following audits made specific recommendations related to recipient audits: Audit of Contributions under the Climate Change Action Fund, Assessment of Class Grants and Contributions 2002, Follow- up to the Audit of Management of Contribution Programs October 2002, Audit of the First Nations Forestry Program October 2003, Follow- up Audit of the Energy Innovators Plus Program November 2003, Audit of Commercial/Institutional Buildings Retrofit Initiative March 2004, Audit of the Commercial Building Incentive Program December 2003, Audit of the EnerGuide for Houses Program January 2004, and Follow- up of the Audit of the Contributions under the Climate Change Action Fund June 2004.

Auditees

A. Management control framework and policy/accountability/governance and monitoring

  • FMB,
  • Center of Expertise Gs&Cs, and
  • Program/Sector Management.

B. Compliance

  • Departmental- wide.

5. Management of Repayable Contributions

Scope

Are contribution funds managed with a clear intent to recover specified amounts (where applicable), and to monitor the agreement appropriately? Is this intention clearly specified in agreements between NRCan and the organizations concerned? Does the culture at NRCan support monitoring contribution agreements and recovering repayables? Are responsibilities with regard to repayable contributions clearly specified for those who have the responsibility to monitor compliance? What is the value of the repayable contributions that are not being reported to the Gs&Cs Centre of Excellence?

Audited in Last 5 Years?

No internal audits completed, but OAG Report 2003, chapter 10, exhibit 10- 3 deals with repayable contributions and identifies one example in NRCan, for which a follow- up audit is underway.

Auditees

A. Management control framework/accountability/governance and monitoring

  • FMB,
  • Center of Expertise Gs&Cs, and
  • Program/Sector Management.

B. Compliance

  • Departmental- wide.

6. Comprehensive IT (Information Technology) Security Audit - Phase 2

Scope

This will be a focused technical IT security audit following on the audit of IT wireless and network defence now underway, and scheduled to be completed June 05. The precise scope of the audit will be developed in conjunction with the departmental IT Security Working Group and senior technical personnel to ensure that it addresses current and relevant security issues. A recognized comprehensive industry standard or model such as COBIT will be used to carry out this audit. The recent (Feb 2005) Auditor General Status Report, Chapter 1, titled "Information Technology Security" underscores the importance of this audit. A relevant quote from this report is:

  • "…However, their (government and agencies) IT systems are vulnerable to breaches in security. The majority of departments do not meet the minimum standards set by the Secretariat for IT Security."
Audited in Last 5 Years?

No internal audits. But OAG Status Report February 2005, Chapter 1 is relevant.

Auditees

A. Management control framework and policy/accountability/governance and monitoring

  • CMS,
  • IMB (Information Management Branch), and
  • SSO.

B. Compliance

  • Departmental- wide.

7. Business Continuity Planning Audit

Scope

This audit will examine whether existing business continuity management planning, systems and processes adequately meet the Department's requirements. What business drivers, processes, business strategies, inventories, recovery alternatives etc. have been identified and implemented to assist in the resumption of critical business operations? Have risks, vulnerabilities, impacts, and likelihood been assessed and considered in the resumption of business services? Have recovery alternatives been considered? Does the Department address IT and non- IT processes and resources? What systems have been identified critical to the functioning of basic services? Both the OAG and TBS have identified this as a priority area. Is there a robust plan, and appropriate enabling arrangements in place, to ensure continuity of critical business systems and business lines?

Audited in Last 5 Years?

No internal audits during this period. But OAG Status Report February 2005, chapter 1, and OAG Status Report 2002, Chapter 3, IT Security, are relevant for the government overall, but neither report commented specifically on NRCan.

Auditees

A. Management control framework and policy

  • CMS,
  • IMB,
  • SSEM (Security, Safety and Emergency Management),
  • IT Security Working Group, and
  • SSO .

8. Telecommunication Mini- Audit(s)

Scope

The audit(s) will examine high- risk telecommunications issues as they relate to policies, procedures, efficiency and delivery of service. Telecommunication issues that may be examined, but not limited to, include:

  • Personal Digital Assistants (PDAs),
  • cellular phones,
  • telephones and
  • other government financed telecommunication devices.

For example, how many phones is a particular office paying for compared to the number of employees at this time. We anticipate that the audit(s) will encompass the Department, and require visits to the regions and major functions.

Audited in Last 5 Years?

No internal audits in this topic area after 2000, but some before that time.

Auditees

A. Management control framework/value- for- money

  • CMS, and
  • Sectors.

Tables

Table 1: Natural Resources Canada (NRCan) Annual Audit Plan 2005-2006 - Audit Proposal Back- up List
Serial Title Description
1. Audit of the Financial Control Framework TB has announced that within 5 years every department must have an external audit of financial reporting. Recently, OAG stated in an email to NRCan that, "NRCan has reached the size that we will need to perform some public accounts work in the Department. …This year, work will be limited to a planning risk assessment. Next year we would anticipate a full audit, starting with IT control assessments in the fall. …" Further, a recent TB presentation noted that, "Effective control framework supports the success of an organization and provides some assurance that the organization will operate effectively and efficiently, that its financial reporting will be reliable and that it will comply with policies and procedures." An internal audit of the financial control framework would help the Department determine how ready it is for an external audit of financial reporting and increased OAG scrutiny. TB has also indicated intent to sponsor a pilot in this area with several departments in 2005- 2006.

The priority of this proposal has increased as a result of the recent interest by the OAG. The following quotes from Chapter 8 to the OAG February 2005 report titled "Managing Government - Financial Information" demonstrate the firm position that the OAG has adopted in this regard:

  • "Strong financial internal controls help protect the integrity of the information used for decision making. They also contribute to the safeguarding of resources, accurate and timely reporting of results, and ensuring compliance with relevant authorities."
  • "Departments and agencies must improve their use of accrual- based financial information so that it becomes more than a year- end exercise that they undertake to comply with directives for preparing the summary financial statements of the Government of Canada. Departments and agencies must also strengthen their financial internal control systems, paying particular attention to electronic security controls, monitoring practices, and the integration of manual and electronic processing controls."
  • "As well, the Treasury Board Secretariat is examining the feasibility of requiring departments to provide financial plans on both a cash and accrual basis for the 2006- 07 Annual Reference Level Update Exercise."
  • "Although the government continued to make progress in advancing the use of improved financial information in departments and agencies and in improving the quality of the systems supporting that information, we are disappointed that more work is still needed to resolve several outstanding issues."

We believe that internal audit work is needed in this area sooner, rather than later.
2. Model Forests Program Although evaluated several times, this major program has not been audited since 1992. The actual value is $40M over 5 years. There are 11 model forest projects. The focus of this assurance audit would be:
  • the adequacy of internal controls;
  • the propriety of transactions;
  • compliance with program's terms and conditions and the TB Policy on Transfer Payments and Sections 32, 33 and 34 of the FAA; and
  • to assess the economy, efficiency and administrative effectiveness of program operations and delivery systems.
3. Occupational Safety & Health Audit Departmental wide OSH Audit. This was raised at an AEC meeting with the rationale that now that we have completed a number of site audits, it would be appropriate to wrap them up into a summary program audit.
4. Audit Baseline Costs & Anticipated Cost Reductions by SSI To audit baseline costs of support services being transferred to SSO , and the budget estimate for SSO next year.; The objective is to confirm the savings from the SSO to be applied against the $20M commitment under the Expenditure Review. Are savings estimates realistic? Is the distinction between SSO projected savings and overall SSI projected savings understood and accepted by senior management?

To determine the anticipated savings, the baseline costs must be determined, and to our knowledge this has not been done, unless the Deloitte and Touche work in this area is considered adequate. Similarly, when costs savings are claimed, Internal Audit could verify this number. An audit could also focus on the cost reduction management aspects of SSO and the SSI. Will SSO and the SSI be successful in achieving committed cost savings? If not, it is likely that the Sectors will have to make up the Expenditure Reductions? A starting point would be the SSO /SSI business case and estimated savings. Has a specific action plan been developed by both the SSI and SSO to achieve the projected savings? If so, is the plan realistic? If not, is it intended to develop such a plan, and who would do so?
5. Budget Priority Setting and Allocation Process in NRCan What is etting process in NRCan? Is the budget prepared on a departmental basis or on a sector basis? Does the budget process consider and respond to identified departmental priorities? How is the budget process used to allocate resources to priorities? Is there an effective budget- forecasting tool in NRCan? Is the budget process the main mechanisms by which resources are allocated? Are budgets reviewed and updated?

Are there mechanisms in place to adjust the budgets when there are shortfalls or surpluses? Is there adequate financial information available to permit the managers concerned to manage their budgets? One sector would like to better understand this mechanism regarding priority setting and resource allocation with respect to clarity, usefulness, flexibility and effectiveness.
6. Program of Energy Research and Development (PERD) This program is $58M a year of A- base funding. NRCan is the lead department on this program. This is considered a high- risk program because the delivery of the program is in partnership with other government departments, who enter into separate agreements with third parties for R&D projects. PERD does not ask federal departments/agencies to standardize the types of partnership agreements. A 1999 risk assessment/audit was critical of strategic planning and project management. Potentially, there is an accountability and reporting issue. No follow- up audit has been initiated since that time.

NRCan is dependent upon OGDs to deliver on particular projects, to do interim reporting and to spend their allocation appropriately. In addition, PERD projects are not included in the GFS Agreement module because Office of Energy Research and Development (OERD) has its own system. As a result, the Centre of Expertise for Gs&Cs does not have information for repayable contributions on PERD.

Note: this project is seen as a continuation of a program of audit of partnerships, which was started in 2004- 2005.
7. Geo Connections This program is scheduled to finish this year, but will request renewal for a 5- year period from 2005- 06 to 2009- 2010 for $60M. So in total, over 10 years GeoConnections is a program valued at $120M. It should be considered for audit because evaluators have identified it as a problematic with respect to governance for some time.

Note: this project is also seen as a continuation of a program of audit of partnerships, which was started in 2004- 2005.

TB = Treasury Board
OAG = Office of the Auditor General
IT = information technology
FAA = Financial Administration Act
OSH = occupational safety and health
AEC = Audit and Evaluation Committee
SSO = Shared Services Office
SSI = Shared Systems Initiative
R&D = Research and Development
OGD = Other Government Department
GFS = Government Financial System
Gs&Cs = Grants and Contributions

Table 2: Natural Resources Canada Annual (NRCan) Audit Plan 2005- 2006 - Audit Professional Standards and Capacity Building
Serial Title Description
1. Audit Capacity Building It is anticipated that in response to the announcements of the Comptroller General that considerable effort will be required to increase the capacity of the internal audit function in NRCan. This will include staffing, revamping of the membership and mandate of the AEC, IT enhancement, standardization of methodology, etc
2. Audit Policy Development Similarly, it is anticipated that the Audit Policy/Audit Charter for NRCan will need to be revised considerably. This will include a number of specific policies some of which will be developed in conjunction with the Audit Centre of Excellence intended to apply across Government. The recent (Nov 2004) OAG report on internal audit emphasized this point.
3. Audit Ad Hoc Contingency Reserve Experience indicates that approximately 20% of the internal audit resource should be unallocated to permit high priority ad hoc (unplanned) projects to be started on short notice, especially with respect to special enquiries.
4. Quality Assurance of Internal Audit Consistent with the IIA Professional Practices Framework, January 2002, there are 2 aspects to consider with regard to quality assurance of internal audit. First, article 1311 calls for ongoing internal assessment of the performance of the internal audit activity, and periodic reviews performed through self- assessment or by other persons within the organization, with knowledge of internal audit practices and the standards. Second, external assessment such as quality assurance reviews should be conducted at least once every five years. Did the recent OAG audit constitute an external QA review? As a start, we will need to have a technical conference with the DG and all staff to develop an action plan for professional standards. For example, we need to improve the quality of our working papers. The recent (Nov 2004) OAG report on internal audit emphasized this point.
5. Selected Program Audit Risk Assessments Develop specific audit plans for highly visible programs such as sustainable development. The notion would be to complete a risk assessment in depth of these programs to identify the high- risk areas to which audit resources should be applied. This is a considerable undertaking for large programs.
6. Participation in Policy Development by the Center of Excellence Working Groups To assist in the development of new policies, participate in working groups initiated by the Centre of Excellence for Internal Audit to develop new policies for internal audit.Two working groups we have already joined in this regard are:
  • Definition of Assurance (and Assurance Services)
  • IT Audit/Horizontal Audits Across Government.
7. Jurisdiction Matters We need to clarify just what we can audit and what we can't with respect to 3rd party organizations providing services or results for money provided by NRCan. For example, do we have jurisdiction with respect to foundations. This was a major issue in the Feb 2005 Auditor General's report. There is a potential for embarrassment and misuse of such funds, and we generally have decided that we have no jurisdiction. It may be that we have to make it our jurisdiction. This topic is not easily resolved issue. It will take considerable effort and relates to many G&Cs. This topic will not be addressed by any other audits underway or under consideration.
8. Audit Planning Preparing the annual audit work plan for approval by the Audit and Evaluation Committee (AEC) is a major activity in the internal audit division. A senior audit manager and the director of audit spend approximately 3 months full- time on this activity with such tasks as meeting ADMs, preparing proposals, scoping project proposals etc. The rest of the Audit Branch is also involved extensively. During the remainder of the year, the audit senior manager concerned works on this file on a part- time basis. In total, it is estimated that ½ FTE is spent on this activity.
9. Professional Services It is anticipated that in response to the Gomery Commission and other related activities from the Centre of Excellence for Internal Audit, the internal audit function in NRCan will be involved in an advisory role to help to implement high- priority activities across the Department. These are expected to be of a financial and contractual nature. It is estimated ¼ FTE will be applied to this activity.
10. Audit Links and Interface Audit links and interface between SSO , corporate directional groups and Sectors, particularly with regard to compliance with authorities/policies issues will need to be developed. Also, links with the Office of Environmental Affairs regarding environmental audits will need to be established.
11. Management Commitment Monitoring System The Internal Audit Division maintains a system to monitor progress made by management with respect to their action plans prepared in response to our audit recommendations. It is our intent to automate this system whereby Sectors could update their progress on- line. We have also decided to include OAG audit recommendations for the past three fiscal years that are specific to NRCan.

AEC = Audit and Evaluation Committee
IT = information technology
OAG = Office of the Auditor General
QA = Quality Assurance
DG = Director General
Gs&C = Grants and Contributions
ADM = Assistant Deputy Minister
FTE = Full Time equivalent

Table 3: Natural Resources Canada Annual (NRCan) Audit Plan 2005- 2006 - AEB Approved Audit Projects & Carry- overs (Started in 2004- 2005) by Sector
Earth Sciences Sector Energy Policy Sector Energy Technology and Programs Canadian Forest Service Sector Minerals & Metals Sector Corporate Management (CMS and SSO )
AEB Follow- up to OAG Chapter 10 Nov 2003

Health & Safety Polar Continental Shelf

 Ethanol Expansion Program See horizontal audits below See horizontal audits below Planning & Expenditure Management Systems See horizontal audits below

Overarching Audit Risk Assessment of Climate Change (CC) Initiatives and Audit(s) of Highest Risk Programs
(2 of 8 Internal Audit FTEs applied to this project)

Security of Cabinet Documents (All *)

Specified Purpose Accounts (SPAs) and
Net Voted Revenue (All)

Recipient Audits (All)

Management of Repayable Contributions (All)

Comprehensive IT Security Audit Phase 2 (All)

Business Continuity Audit Planning (All)

Telecommunication Mini- audits (All)

Management of Regional Real Property (All)

Audit of Governance and Accountability of Partnerships at NRCan (All)

Audit of Information Management (All)

Comprehensive IT Security Audit Phase 1 (All)

AEB = Audit and Evaluation Branch
CMS = Corporate Management Sector
SSO = Shared Services Office
OAG = Office of the Auditor General
FTE = Full Time equivalent
IT = information technology

* "All" indicates that this is a horizontal audit whereby all Sectors are involved, but for which CMS normally has policy responsibilities.

1 Policy on Internal Audit, Appendix B
2IIA Red Book titled, "The Professional Practices Framework," January 2004, p.13
3 Source: Main Estimates 2005- 06
4 Budget 2004
5 News Release: Treasury Board President Announces Next Steps to Strengthen Internal Audit Function Across Government (November 18, 2004).
6 In the body of this report see Tab 11 - Annex A from a document titled "Risk Indicators Found in NRCan Systems," for further explanation of risks that will be considered. The objective of the study on which the document is based was to develop an overall approach to the identification of potential risks embedded in NRCan's programs, projects, activities, organizations, systems or functions that merit audit attention.

Download the report

Printable Version [PDF, 630 KB]

To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.