Table of Contents
- Executive Summary
- The Planning Context
- The Planning Process
- The Planning Results
- Continuous Auditing
- Special Advisory Projects
- Central Agencies Audit Projects for 2011-12
The Natural Resources Canada (NRCan) three year risk-based audit plan has been prepared in accordance with the applicable requirements of the revised July 2009 Treasury Board Policy on Internal Audit and related directives and guidelines, and the professional standards of the Institute of Internal Auditors (IIA). The risk-based audit plan includes internal audit projects for a 3 year period from 2011-12 to 2013-14.
The Planning Context
Since the adoption of the 2006 Treasury Board Policy on Internal Audit (revised July 2009), the Audit Branch has continued to refine its risk-based planning approach each year with further improvements consistent with Treasury Board guidance to Chief Audit Executives. The Audit Branch uses a similar audit planning approach as the Office of the Comptroller General (OCG).
All potential audit projects were discussed with senior management and the Audit Committee, with particular emphasis on the projects planned for 2011-12 (first year of the three-year Audit PlanFootnote 1), given that future year projects are re-assessed on an annual basis. Continued efforts were made this year to align our planning efforts with the ongoing work in establishing a departmental risk management framework and updating the NRCan 2010-11 Corporate Risk Profile. Also, government and departmental priorities were validated with senior management and the Audit Committee to ensure greater alignment of planned audits to the key and highest priority areas.
A quality review process was applied throughout the planning cycle, to ensure that the Audit Plan:
- Is risk-based;
- Covers audit and management priorities;
- Is reviewed by senior management and the audit committee;
- Is focused predominantly on the provision of assurance on risk management, control and governance processes;
- Has a multi-year horizon;
- Addresses risks and internal audits identified by the Comptroller General as part of government-wide coverage; and
- Supports annual overview reporting by the Chief Audit Executive on departmental risk management, control and governance processes.
The Planning Process
The starting point for the risk-based selection process is NRCan’s internal audit universe. The audit universe represents a potential range of all audit activities and is comprised of a number of auditable entities. The Audit Branch uses the departmental Program Activity Architecture (PAA) to help assess completeness of the audit universe.
The next stage is to prioritize the audit universe based on a risk assessment. This is a two step process and involves preliminary and final prioritization. This includes management consultations, review and consideration of available departmental risk information, including the Corporate Risk Profile (CRP), the latest Management Accountability Framework (MAF) assessment, strategic review, business planning, the Report on Plans and Priorities (RPP), departmental and government priorities, the most recent tabled financial statements, and other considerations such as previous audit results (both internal and external).
Consideration is given to other factors such as senior management requests; the Departmental Audit Committee (DAC) advice and recommendations; mandated audits such as Office of the Comptroller General’s horizontal directed audits; and, planned audits by other assurance providers.
Finally the draft audit plan is distributed to Departmental Audit Committee for review and recommendation to the Deputy Minister for approval.
The following diagram highlights the four key phases used in the selection process for the development of a robust risk-based audit plan.
- Government Priorities
- Departmental Priorities
- Corporate Risks
- Strategic Review
- Business Planning
- MAF Assessment
- Consultations with management
- Core audit requirements (TB MAF)
- CAE annual assurance perspective
- Mandated priorities
- Central Agency audits (OAG, OCG, PSC)
- Previous NRCan internal audits
- Time since last audit
- Audit Branch capacity
- Final discussions with senior management
- Senior management requests
- Audit Committee requests
- Focus on first year proposed audit projects
The Planning Results
In total, thirty five new “highest priority” internal audit projects are planned for the next three years. The following table summarizes the number of new internal audit projects selected for each year along with the number of special advisory projects, carry-forward audits from 2010-11 and scheduled Office of the Comptroller General (OCG) horizontal directed audits since OCG audits might involve performing the audit work for the examination phase.
|Type of Audit Project||2011-12||2012-13||2013-14|
|New Internal Audit Projects||11||13||11|
|Carry-Forward Audits From Prior Year||3||1||1|
|OCG – Horizontal Directed Audits||2||2||2|
The following four tables provide a listing of audit projects being carried forward from 2010-11 and the new “highest priority” internal audit projects for fiscal years 2011-12, 2012-13 and 2013-14.
|Carry Forward Audits
|SAP System (Felix Project Planning & Delivery)|
|Asset Management – Real Property|
|Science and Technology Audit Readiness Review|
|2011-12||1. Strategic Review Implementation|
|2. CANMET - Materials Technology Laboratory (MTL) Relocation|
|3. Regional Offices – Shared Services Office (SSO) Support Services|
|4. United Nations Convention on the Law of the Sea (UNCLOS)|
|5. Electronic Payment System (E-payment)|
|6. ecoENERGY Technology Initiative (ecoETI)|
|7. Investments in Forest Industry Transformation (IFIT) Program|
|8. Information Management (IM)|
|9. Geo-Mapping for Energy and Minerals (GEM) Initiative|
|10. Leadership for Environmental Advantage In Forestry (LEAF) Program|
|11. Non-Competitive Contracting|
|2012-13||12. Governance Structure of the Department|
|13. Access to Information and Privacy|
|14. Servers Administration and Security|
|15. Integrated Business Planning and Reporting|
|16. Contingent Liabilities Estimates|
|17. Offshore Transfer Payments|
|18. ecoENERGY for Renewable Power|
|19. Policy on Internal Controls (PIC)|
|20. Polar Continental Shelf Program (PCSP)|
|21. Economic Action Plan (EAP) - Phase 3|
|22. Values and Ethics - Conflict of Interest|
|23. Modernization of Explosives Regulations|
|24. Risk Management Process and Practices|
|2013-14||25. Legislated Environmental Assessment|
|26. Port Hope Area Initiative (PHAI)|
|27. Groundwater Geoscience Program|
|28. Targeted Geoscience Initiative 4 (TGI4)|
|29. Climate Change Impacts and Adaptation|
|30. Felix/SAP Implementation and Rollout (Phase II)|
|31. Business Continuity and Disaster Recovery Planning|
|32. Budgeting and Forecasting / Annual Reference Level Update (ARLU)|
|33. PeopleSoft 8.9|
|34. Emergency Preparedness|
|35. Green Mining Initiatives|
Other professional and support activities include a wide variety of work such as the implementation of a continuous auditing approach. The Audit Branch has been developing such an approach with the intent to roll-out an effective and sustainable continuous auditing process to support the Internal Audit function, and support management needs regarding the Policy on Internal Controls.
The following table summarizes the continuous auditing projects planned for 2011-12, including one carry-forward project from 2010-11.
|Continuous Auditing||Carry-forward from 2010-11 – ecoENERGY for Retrofit Homes|
|Felix Data Conversion|
Special Advisory Projects
As an adjunct to the assurance role, the Policy (section 3.7) indicates that internal auditors will also provide advisory services to their organizations. Notwithstanding a clear emphasis on assurance work, the Audit Branch also undertakes advisory services as requested from time to time by senior management. The Branch responds to small requests without formal planning or approval (e.g. request for comments on a new draft departmental policy). Advisory requests that involve significant time and resources are brought to the attention of the DAC and are approved by the Deputy Minister (e.g. request to conduct an advisory review of a selected program area).
Central Agencies Audit Projects for 2011-12
The Department is subject to audits by various external central agencies (e.g. Office of the Comptroller General (OCG), Office of the Auditor General (OAG), Commissioner of the Environment and Sustainable Development (CESD), Public Service Commission (PSC), etc.). The following table provides a listing of external audit projects being carried forward from 2010-11 and proposed planned external audit projects for fiscal year 2011-12.
|Office of the Comptroller General (OCG)||Horizontal Internal Audit of the Grants and Contributions Management Control Framework – Phase 1|
|Horizontal Internal Audit of the Effectiveness and Efficiency of Information Management|
|Horizontal Internal Audit of the Management of Horizontal Initiatives|
|Office of the Auditor General and Commissioner of the Environment and Sustainable Development (OAG/CESD)||Public Accounts|
|Study of Environmental Monitoring Systems|
|Controlling Imports of Hazardous Products|
|Public Service Commission (PSC)||Natural Resources Canada – Entity Staffing|
Download the report
Printable Version [PDF, 200 KB]
To read Adobe Acrobat® files, you will need to download and install the free Acrobat Reader® software available from Adobe Systems Incorporated.