- The Planning Context
- The Planning Process
- The Planning Results
- Continuous Auditing Projects
- 2012-13 Advisory/Review Projects
- Central Agencies Audit Projects for 2012-13
The Natural Resources Canada (NRCan) three year risk-based audit plan has been prepared in accordance with the applicable requirements of the revised July 2009 Treasury Board (TB) Policy on Internal Audit and related directives and guidelines, and the professional standards of the Institute of Internal Auditors (IIA). The risk-based audit plan includes internal audit projects for a 3 year period from 2012-13 to 2014-15.
The Planning Context
Since the adoption of the 2006 Treasury Board Policy on Internal Audit (revised July 2009), the Audit Branch has continued to refine its risk-based planning approach each year with further improvements consistent with Treasury Board guidance to Chief Audit Executives (CAE). The Audit Branch uses a similar audit planning approach to the Office of the Comptroller General (OCG).
All potential audit projects were discussed with senior management and the Departmental Audit Committee, with particular emphasis on the projects planned for 2012-13 (first year of the three-year Audit PlanFootnote 1), given that future year projects are re-assessed on an annual basis. Continued efforts were made this year to align planning efforts with the ongoing work in establishing a departmental risk management framework and Corporate Risk Profile. Also, government and departmental priorities were validated with senior management and the Departmental Audit Committee to ensure greater alignment of planned audits to the key and highest priority areas.
A quality review process was applied throughout the planning cycle, to ensure that:
- The audit planning process is aligned with the Department’s strategic objectives.
- The perspectives of the Executive Committee and the Departmental Audit Committee are considered in audit planning. Senior management are involved in the process.
- All programs, projects and activities of the Department are considered for audit, subjected to a risk assessment, and ranked in order of priority.
- Appropriate audit objectives for each audit selected have been established.
- The plan is prepared in a timely manner and distributed to the appropriate levels of management.
- A process for selection of audit projects is documented and includes criteria such as past audit coverage and results, materiality, significance to management, risk based on a standardized methodology, auditability, audit projects not completed from the previous year’s plan, organizational priorities, opportunities for improvement and legislated or other mandated obligations.
The audit plan is focused predominantly on the provision of assurance and supports annual overview reporting by the Chief Audit Executive on departmental risk management, control and governance processes.
The Planning Process
The starting point for the risk-based selection process is NRCan’s internal audit universe. The audit universe represents a potential range of all audit activities and is comprised of a number of auditable entities. The Audit Branch uses the departmental Program Activity Architecture (PAA) as well as NRCan’s inventory of external legislated services to help assess completeness of the audit universe.
The next stage is to prioritize the audit universe based on a risk assessment. This is a two step process and involves preliminary and final prioritization. This includes management consultations, review and consideration of available departmental risk information, including the Corporate Risk Profile (CRP), the latest Management Accountability Framework (MAF) assessment, strategic review, business planning, the Report on Plans and Priorities (RPP), departmental and government priorities, the most recent tabled financial statements, other considerations such as previous audit results (both internal and external) and planned program evaluations.
Consideration is given to other factors such as senior management requests; the Departmental Audit Committee (DAC) advice and recommendations; mandated audits such as Office of the Comptroller General's horizontal directed audits; planned audits by other assurance providers.
Finally the draft audit plan is distributed to Departmental Audit Committee for review and recommendation to the Deputy Minister (DM) for approval.
The following diagram highlights the four key phases used in the selection porcess for the development of a robust risk-based audit plan.
- Government Priorities
- Departmental Priorities
- Corporate Risks
- Strategic and Operating Review
- Business Planning
- MAF Assessment
- Consultations with management
- Core audit requirements (TB MAF)
- CAE annual overview report
- Mandated priorities
- Central Agency audits (e.g OAG, OCG)
- Previous NRCan internal audits
- Time since last audit
- Audit Branch capacity
- Program Evaluations
- Final discussions with senior management
- Senior management requests
- Audit Committee requests
- Focus on first year proposed audit projects
- Evaluation Plan
The Planning Results
In total, twenty six new “highest priority” internal audit projects are planned for the next three years. For each proposed audit project, the plan provides a clear indication of the preliminary objective and scope. An indication of resource requirements, in terms of start and end date to conduct the audits is provided.
The following table summarizes the number of new internal audit projects selected for each year along with the number of special advisory projects, carry-forward audits from 2011-12 and scheduled Office of the Comptroller General (OCG) horizontal directed audits since OCG audits might involve performing the audit work for the examination phase.
|Type of Audit Project||2012-13||2013-14||2014-15|
|New Internal Audit Projects||8||8||10|
|Carry-Forward Audits From Prior Year||3||3||2|
|OCG – Horizontal Directed Audits||1||1||1|
Two audit projects (CANMET Relocation and Real Property Management) were finalized at fiscal year end but their presentation to the Audit Committee could only be performed in 2012-13 due to a reporting time lag. These audit projects are not considered carry-forward audits since they are essentially completed, as they do not require any significant audit work in the new fiscal year.
The following two tables provide a listing of audit projects being carried forward from 2011-12 and the new “highest priority” internal audit projects for fiscal years 2012-13, 2013-14 and 2014-15.
|Carry Forward Audits
|Electronic Payments System|
|Strategic Review Implementation|
|2012 - 2013||2013 - 2014||2014 - 2015|
* The Investments in Forest Industry Transformation (IFIT) audit will be coordinated with the OAG.
Continuous Auditing Projects
The Audit Branch has developed as part of this year’s Audit Plan an approach with the intent to roll-out an effective and sustainable continuous auditing process to support the Internal Audit function, and support management needs regarding the Policy on Internal Controls.
The Audit Branch will apply continuous auditing at NRCan to proactively identify potential control issues and report regularly on an on-going basis on various processes in order to assist management with improving control mechanisms and managing risks. This work will be performed in accordance with the IIA Standards in order to provide reasonable assurance. Continuous auditing will be exercised in a structured approach. This process is linked to the RBAP and leverages existing audit projects.
The following table summarizes the continuous auditing projects planned for the next three-years.
|Audit Risk||Estimated SpendingFootnote 3||Project Name||Fiscal Year|
over 5 years
|1 – ecoEnergy Retrofit Homes Program||x||n/a||n/a|
|2 – Supplier Payments||x||x||x|
|3 – Acquisition Cards||x||x||x|
(contracts > $10,000)
|4 – Contracting||x||x|
|5 – Hospitality and Travel Expenses||x||x|
|6 – Salary Expenses||x|
2012-13 Advisory/Review Projects
As an adjunct to the assurance role, the TB Policy on Internal Audit (section 3.7) indicates that internal auditors will also provide advisory services to their organizations. Notwithstanding a clear emphasis on assurance work, the Audit Branch also undertakes advisory services as requested from time to time by senior management. Examples include interpretation of recipient audit reports, program reviews and consultation on new processes.
Central Agencies Audit Projects for 2012-13
The Department is subject to audits by various external central agencies (e.g. Office of the Comptroller General (OCG), Office of the Auditor General (OAG), Commissioner of the Environment and Sustainable Development (CESD), Public Service Commission (PSC)). The following table provides a listing of external audit projects being carried forward from 2011-12 and proposed planned external audit projects for fiscal year 2012-13.
|Office of the Comptroller General (OCG)||Horizontal Internal Audit of Financial Forecasting  **|
|Office of the Auditor General (OAG)||Audit of Public Accounts 2011-12|
|Performance Audit of Grants and Contribution programs|
|Public Security and Anti-terrorism Initiative Retrospective|
|Study of Cyber Security|
|Commissioner of the Environment and Sustainable Development (CESD)||Audit of Offshore Petroleum Board|
|Audit of Financial Impact of Environmental Risks – Part 1|
|Audit of Financial Impact of Environmental Risks – Part 2|
|Follow-up on Groundwater Mapping Audit|
|Performance Audit of Biodiversity|
|Study of the Federal Support to the Fossil Fuel|
** The Financial Forecasting horizontal audit is aligned with OCG horizontal risk-based audit plan.
At the time of producing this plan, NRCan was not informed of new audit projects from other central agencies such as the Public Service Commission.
The following acronyms are used in this document:
|CAE||Chief Audit Executive|
|CESD||Commissioner of the Environment and Sustainable Development|
|CFS||Canadian Forest Service|
|CMSS||Corporate Management & Services Sector|
|CRP||Corporate Risk Profile|
|DAC:||Departmental Audit Committee|
|ESS||Earth Sciences Sector|
|FMB||Financial Management Branch|
|G&C||Grants and Contributions|
|GFS||Government Financial System|
|IETS||Innovation and Energy Technology Sector|
|IFIT||Investments in Forest Industry Transformation|
|IIA||Institute of Internal Auditors|
|IMB||Information Management Branch|
|MAF||Management Accountability Framework|
|MMS||Minerals and Metals Sector|
|NRCan||Natural Resources Canada|
|OAG||Office of the Auditor General|
|OCG||Office of the Comptroller General|
|PAA||Program Activity Architecture|
|PAPMS||Public Affairs and Portfolio Management Sector|
|PSC||Public Service Commission|
|RBAP||Risk-Based Audit Plan|
|RPP||Report on Plans and Priorities|
|SAP||Systems, Applications, and Products (Software System)|
|SPI||Science & Policy Integration Sector|
|SSO||Shared Services Office|
Download the report
Printable Version [PDF, 200 KB]
To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.