Audit
Annual Plans - 2006-2007
Natural Resources Canada (NRCan) Annual Audit Plan 2006-2007
- Executive Summary
-
Internal Audit Plan 2006-2007 - Approved by NRCan Audit and
Evaluation Committee (AEC) - March 31, 2006
EXECUTIVE SUMMARY
Why an Annual Plan? This summary presents the NRCan Annual Audit Plan for 2006-2007. It has been prepared in accordance with pertinent Treasury Board (TB) policies 1 and guidance. Performance standards for the professional practice of internal auditing as set by the Institute of Internal Auditors 2 require that the Chief Audit Executive (CAE) establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organization's goals.
Planning Process. Our process for this Annual Plan was strategic and rigorous, involving multi-phased meetings with the six Sectors in NRCan, including Assistant Deputy Ministers (ADMs), as well as other senior managers. We have found that briefings with the sector management committees to be particularly useful fora to exchange ideas. The NRCan Audit and Evaluation Committee (AEC) chaired by the DM (Deputy Minister) participated directly in selecting the project proposals and approving the Annual Plan.
Nature of NRCan. NRCan is a complex, widely distributed organization, with about 1550 (of 4701) employees located outside the National Capital Region (NCR). It's one of the oldest departments and is made up of six distinct sectors Earth Sciences Sector (ESS), Energy Policy Sector (EPS), Energy Technology and Program Sector (ETPS), Canadian Forest Service (CFS), Minerals and Metals Sector (MMS), and Corporate Management Sector (CMS). A Shared Services Office (SS0) has been established with the objective of making service delivery functions more effective and efficient, while providing continued support to programs and services.
This rich history presents unique challenges with respect to the integration of systems and information sharing. Another major challenge is to manage the large amount of temporary funding ($608.2M 3) from a smaller ($477.4M) permanent A-base level. In this regard, since 1997-98, NRCan has increased its total budget by 130%, and its temporary funding allocations by more than 600%.
New Internal Audit Policy. This new policy which became effective April 1, 2006, places particular emphasis on the independence, structure and mandate of the Audit Committee. In practical terms, a great deal of work will be required by the Internal Audit Division to meet the requirements of the new policy, primarily with respect to the implementation of specific policies, accrual financial reporting and participating in the conduct of horizontal, cross-department internal audits led by the Comptroller General.
Strategic Planning. Work has been progressing on the development of a departmental strategic plan. A number of workshops and papers has resulted in the presentation of material to the Departmental Management Committee (DMC) for consideration. We were able to use this material to expedite our planning process this year. Some excerpts from the material that has been developed is included in the full report.
Risk Assessment. Recognizing the importance of the new internal audit policy, we will allocate our resources to support and implement this policy as necessary. However, it is not anticipated that this will be a significant resource factor before fiscal year 2007-08. In addition, we will continue with our audits of climate change initiatives, which were selected on a risk basis in consideration of the results of the recent Climate Change Review. We will also allocate 20% of our resources for ad hoc and special audits, an allocation that has proven appropriate over time. As well, there are several carry-over projects from 2005-06.
Our Plan balances a number of requirements and perspectives. We have emphasized horizontal perspectives to obtain the most value for our limited audit resources, and to have more of a presence in regional activities. We have also retained a significant emphasis on transfer payment programs and projects through which most of NRCan's outcomes are delivered.
More detail on our approach to audit planning is presented in the full report to include consideration of: audits completed by Other Government Departments (OGDs) and national audit organizations (i.e. Auditor General) around the world, and the General Accounting Office (U.S.A.).
Annual Plan. Attached (Annex A) is the Annual Audit Plan of 15 audit projects approved by the AEC for 2006-07. This is followed by a list of Internal Audit Projects Underway from 2005-06 (Annex B). Further, a list (Annex C) titled, Audit Professional Standards and Capacity Building identifies internal projects that are necessary to respond to the new internal audit policy. Finally, a chart (Annex D) is presented showing audits completed in 2005-06, approved projects (2006-07) and carry-over projects (started in 2005-06) by Departmental sector. These projects have also been mapped (in the body of the report) to the Management Accountability Framework, (MAF), the TB Risk model and other models.
Key Challenges. There are several major challenges facing the Audit Division in NRCan at this time. First, the recruitment, retention and professional development of internal auditors are priorities. We have encountered difficulty in finding qualified candidates for one financial auditor position and are looking at alternative recruiting strategies. Our new employees include a new CS 02 who will be primarily responsible for our continuous
monitoring program, a new FI 02 and a new FI 01 who will be involved in audit work associated with accrual reporting, and we intend to hire two new AS 05s who will help to ensure we balance our audit work between financial and non-financial activities. We anticipate that it will take at least 18 months to train all staff to the required standard. We have allocated 10 days training for each auditor this year, and this does not include initial training requirements, which will vary from person to person.
Second, the AEC has approved a measured approach to the implementation of the new internal audit policy. AEC has decided that a new independent departmental audit committee that includes experienced, competent external members 4 should be in place around September 2007. We are also participating in several Comptroller General working groups related to the new policy, including: the Audit Committee Working Group, the Fundamental Controls Working Group, the Audit Software Working Group, the Audit Planning Working Group and the Quality Assurance Working Group.
Third, there are two technical areas flowing from the new policy, which will present challenges audit opinions on internal controls, and accrual reporting. The first, especially for opinions outside of financial statements, will place us in unchartered waters. There are training and technical issues that must be worked through for both internal audit and corporate services. Accrual reporting presents similar challenges that will take time to resolve.
Fourth, the uncertainty regarding the future of most climate change programs in NRCan complicates the planning process for Internal Audit. It is anticipated that decisions by the new Government will be announced by September 2006.
Finally, obtaining required information across the Department is a major challenge for audit activities, and correspondingly for senior managers. By bringing information shortfalls to the attention of senior management, we can help drive the information priorities of the Department. In particular, meeting the financial information needs of the managers is a priority.
INTERNAL AUDIT PLAN 2006-2007 - APPROVED BY NRCAN AUDIT AND EVALUATION COMMITTEE (CAE) - MARCH 31, 2006
Annex A
| Serial | Title | Sector | Scope |
|---|---|---|---|
| 1. | Financial (Accural) Reporting Study |
AEB/CMS | Prepare the Audit Team to carry out audits of financial reporting controls in the new accrual accounting and reporting environment. |
| 2. | Accounts Payable and Disbursements | CMS/All | Provide assurance on the controls and accountability processes related to Accounts Payable and Disbursements |
| 3. | Cleaner Fossil Fuels | ETPS and EPS | Provide assurance on this Climate Change program with respect to risk management, management control framework and governace. |
| 4. | Improved Efficiency of New Commercial Building (combined with CBIP) |
ETPS | Provide assurance on this Climate Change program as per serial 3. |
| 5. | Official Languages | CMS/All/Regions | Provide assurance on compliance with the Official Languages Act and policy. |
| 6. | Follow-up of Audit of Accounting for Costs and Liabilities Related to Contaminated Sites |
CMS/All | Provide assurance regarding the implementation of the management action plan for previous audits. |
| 7. | Horizontal Audit of Transfer Payments |
CMS/All | Provide assurance on the management of transfer payments within NRCan (requested by OAG). |
| 8. | High-Risk Procurement | CMS/SSO | Provide assurance and a value-for-money assessment on the prourement processes for high-risk areas such as Professional Service and procurement outside normal procurement practices. |
| 9. | Occupational Health and Safety - Labs |
All/Regions | Provide assurance on the safety and security of laboratories within NRCan. |
| 10. | Server Management | CMS/SSO /All | Provide assurance that the cost savings and efficiencies across the Department identified by SSO are achieved. |
| 11. | TB Submissions Process | All | Assess the efficiency of the TB Submissions Process in NRCan. |
| 12. | Regional Management Control Frameworks |
CFS and/or ESS/Regions | Provide assurance on the management control framework for several functions including contracting, financial management, asset management, and physical security at regional locations. Sault Ste Mare and Victoria have been tentatively selected. |
| 13. | Review of Management Framework for Third Party Hospitality |
CMS/SSO /All | Provide assurance on the adequacy of the management control framework for third party Hospitality expenditures. |
| 14. | Review of Management Framework for Memberships |
All/Regions | Provide assurance on the adequacy of the management control framework for the cost of Memberships in outside organizations. |
| 15. | Management of Repayable Contributions | CMS/All | Provide assurance that the Department is in compliance with TBS policy and guidelines with respect to the management of repayable contributions. (to be considered a back-up project) |
AEB = Audit and Evaluation Branch
CMS = Corporate Management Sector
ETPS = Energy Technology and Programs Sector
EPS = Energy Policy Sector
CBIP = Commercial Building Incentive Program
OAG = Office of the Auditor General
SSO = Shared Services Office
TB = Treasury Board
CFS = Canadian Forest Service
ESS = Earth Sciences Sector
TBS = Treasury Board Secretariat
Annex B
| Serial | Title | Sector | Scope |
|---|---|---|---|
| 1. | Recipeint Audits | CMS/All | Provide assurance on the management of recipeint audits with respict to compiance with policies/guidelines, adequacy of governance frameworks, and adequacy of support to managers. |
| 2. | Specified Purpose Accounts (SPAs) and Net Voted Revenue (NVR) | CMS/All | Provide assurance on the adequacy of the Governance and Accountability Framework (GAF) in place at NRCan to manage SPAs and NVR. |
| 3. | Voice Telecommunications | CMS/All | Provide assurance on the economy and effectiveness (value-for-money) of the Department's voice telecommunications expenditures. |
| 4. | Federal House in Order (FHIO) Initiative | ETPS | Provide assurance on:
|
| 5. | Business Continuity | CMS/All | Provide assurance on the adequacy of the Department's business continuity management planning, systems and processes. |
| 6. | Commercial Transportation Energy Efficiency and Fuels initiative (CTEEFI) | ETPS | Provide assurance on this initiative with respect to risk management, management control framework and governance. |
| 7. |
IT Security |
CMS | Provide assurance on IT security at NRCan. |
| 8. | Security of Cabinet Documents | All | Provide assurance that appropriate security is provided to Cabinet level documents at NRCan. |
| 9. | Kimberly Diamond Process | MMS | Provide assurance on compliance with the Export and Import of Rough Diamonds Act. |
| 10. | Information Management | CMS | To review and assess the policy and governance structure that supports infomration management within the Department and assess compiance with the TBS Policy on the Management of Government Information, and the National Archives of Canada Act. |
| 11. | Executive Correspondence | All | To identify the reasons for delays in organizational responses to Departmental document requests. |
| 12. | Wind Power Production incentive (WPPI) |
ETPS | Provide assurance on the adequacy of the Governance and Accountability Framework, WPPI program desitn and implementation, and program efficiency. |
CMS = Corporate Management Sector
ETPS = Energy Technology and Programs Sector
FAA = Financial Administration Act
IT = information technology
MMS = Minerals and Metals Sector
TBS = Treasury Board Secretariat
Annex C
| Serial | Title | Description |
|---|---|---|
| 1. | Audit Capacity Building |
It is certain that in response to the new Internal Audit Policy that considerable effort will be required to increase the capacity of the internal audit function in NRCan. This will include staffing (we anticipate 2-3 additional positions to meet the incremental requirements of the new Policy), increased professionalism (Certified Internal Auditor (CIA), professional accounting designations and ACL training), productivity enhancements (common methodology and platform) and a number of other initiatives. |
| 2. | Internal Audit Policy Development | A new Internal Audit Policy is required for NRCan reflecting the new TB Internal Audit Policy. This will be required in the short term, and will likely require regular refinements over the next 2-3 years. |
| 3. | Audit Committee Charter and Terms of Reference |
The new Policy requires that by 2009 all internal audit committees have a majority of members coming from outside the public service, with the remainder coming from outside the department or agency, with the exception of the Deputy Head who may sit on and chair the committee. NRCan is likely to be in the second wave in this regard, that is to have such a committee in place by 2007-08. In the interim, we will need to develop an appropriate charter and terms of reference for the committee in 2006-07. |
| 4. | New Internal Audit Policy Implementation Plan |
The new Internal Audit Policy includes a number of initiatives that will be implemented over the next 3 years. A formal implementation plan will need to be developed specific to NRCan to coordinate these activities within the Department and with the CEIA. |
| 5. | Participation in Activities Coordinated by the Audit Sector of the Comptroller General | To assist in the implementation of new policies, Internal Audit staff will participate in a number of working groups initiated by the Comptroller General to include:
|
| 6. | Audit Manual |
A matter of some priority is the development of an NRCan Internal Audit Manual. We hope to be able to use much of the material that is being shared by OGDs through a Comptroller General initiative. |
| 7. | Continuous Auditing of Major Departmental Information Systems | We have recently engaged a CS 02 who will as a major part of his duties, over time, develop a continuous auditing program of several departmental information systems. There will be further communication on this topic over the next several months. |
| 8. | Quality Assurance of Internal Audit | Consistent with the IIA Professional Practices Framework, January 2002, there are 2 aspects to consider with regard to quality assurance (QA) of internal audit. First, article 1311 calls for ongoing internal assessment of the performance of the internal audit activity, and periodic reviews performed through self-assessment or by other persons within the organization, with knowledge of internal audit practices and the standards. Second, external assessment such as quality assurance reviews should be conducted at least once every five years. QA has been stressed in the new Internal Audit Policy. Good quality audit working papers is a point of particular emphasis. |
| 9. | Audit Management System |
We have procured TeamMate, a well-recognized bilingual audit management system, already used by the Office of the Auditor General (OAG) and a number of OGDs. We will begin by using the electronic working paper module, and the Team Central to permit real-time, on-line entry of responses to the Management Commitment Monitoring system. There will be an initial investment for implementation and training, which should quickly lead to improved productivity. |
| 10. | Audit Planning |
Preparing the annual audit work plan for approval by the AEC is a major activity in the internal audit division. A senior audit manager and the director of internal audit spend approximately 3 months full-time on this activity with such tasks as meeting ADMs, preparing proposals, scoping project proposals etc. The rest of the Audit Branch is also involved extensively. During the remainder of the year, the audit senior manager concerned works on this file on a part-time basis. |
| 11. |
TB Submissions and Risk-Based Audit Frameworks (RBAF) |
This is routine work for the Internal Audit Division and the resources involved can vary from month-to-month. Nevertheless, it is a measurable activity and on occasion can delay the progress of audit projects. |
| 12. | Selected Program Audit Risk Assessments | Development of specific audit plans for highly visible programs such as sustainable development is a considerable undertaking for large programs. The notion would be to complete an in-depth risk assessment of these programs to identify the high-risk areas to which audit resources should be applied. |
| 13. | Professional Services | It is anticipated that in response to the anagement Improvement Agenda (MIA) and activities related to the new Internal Audit Policy that the internal audit function in NRCan will be involved in an advisory role to help to implement high-priority activities across the Department. These are expected to be of a financial and procurement nature. For example, the implementation of a new policy concerning the role of the Chief Financial Officer. |
| 14. | Audit Links and Interface |
Audit links and interface between SSO , corporate directional groups and Sectors, particularly with regard to compliance with authorities/policies issues will need to be further developed. Also, links with the Office of Environmental Affairs regarding environmental audits will need to be established. More recently, the initiatives by the Comptroller General with respect to the Chief Financial Officer notion and the new Internal Audit Policy, will require working closely with the DG FMB to establish protocols and appropriate control frameworks, with an appropriate cyclical review of related fundamental controls. |
ACL = ?
TB = Treasury Board
CEIA = ?
IT = information technology
OGD = Other Government Department
IIA = institute of Inteernal Auditors
AEC = Audit and Evaluation Committee
ADM = Assistant Deputy Minister
SSO = Shared Services Office
DG = Director General
FMB = Financial Management Branch
Annex D
| Earth Sciences Sector (ESS) | Energy Policy Sector (EPS) | Energy Technology and Programs Sector (ETPS) | Canadian Forest Service (CFS) | Minerals and Metals Sector (MMS) | Corporate Management (CMS and SSO ) |
|---|---|---|---|---|---|
| Regional Audit (Victoria) | Wind Power Production Incentive (WPPI) | Federal House in Order (FHIO) Initiative Cleaner Fossils Fuels Improved Efficiency of New Commercial Buildings Ethanol Expansion Program (EEP) |
Regional Audits (Sault Ste Marie and Victoria) | Kimberly Diamond Process Explosives Division RBAF MMS Budgeting and Expenditure Management Systems |
Follow-up Audit of Accounting for Costs & Liabilities Related to Contaminated Sites Financial (Accural) Reporting Study |
| Overarching Audit Risk Assessment of Climate Change Commercial Transportation Energy Efficiency and Fuels Initiative (CTEEFI) |
|||||
| Horizontal Audits | |||||
| Specified Purpose Accounts (SPAs) and Net Voted Revenu Recipient Audits Business Continuity Planning Voice Telecommunications Information Management It Security Executive Correspondence |
Governance and Accountability of Collaborative Arrangements Management of Regional Real Property Official Languages Security of Cabinet Documents Accounts Payable & Disbursement Horizontal Audit of Transfer Payments High Risk Procurement Third-party Hospitality |
Occupational Health & Safety - Polar Continental Shelf project Occupational Health & Safety - Labs Server Management Treasur Board Submissions Membership(s) Use of Electronic Networks Management of Repayable Contributions ** |
|||
* Audits reported in 2005-2006, approved audit projects for 2006-2007 & carry-overs (started in 2005-2006) by sector
** Management of Repayable Contributions is a backup project for 2006-2007
CMS = Corporate Management Sector
SSO = Shared Services Office
RBAF = Risk-Based Audit Frameworks
IT = information technology
1 Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General, April 1, 2006, section 4.2
2IIA Red Book titled, "The Professional Practices Framework," January 2004, p.13
3 Source: Main Estimates 2005-06. Will be revised when 2006-07 data are available. Awaiting Government policy decision on Climate Change.
4TBS Directive on Departmental Audit Committees, effective April 1, 2006, section 2.
Download the report
Printable Version [PDF, 1299 KB]
To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.