Joint Audit and Evaluation Report – Implementation of the Extractive Sector Transparency Measures Act

Presented to the Departmental Audit Committee (DAC) January 15, 2020

Presented to the Performance Measurement, Evaluation and Experimentation Committee (PMEEC) May 27, 2020

Table of Contents

• Executive Summary
  • Introduction
  • Strengths
  • Areas for Improvement
  • Conclusion and Opinion
  • Statement of Conformance
  • Acknowledgements
• Introduction
  • Objective
  • Considerations
  • Scope
  • Approach and Methodology
  • Criteria and Evaluation Questions
• Findings and Recommendations
  • Relevance
  • Program Design, Planning, and Implementation
  • Implementation of the Compliance Framework
  • Program Outcomes and Performance Monitoring
• Appendix A – Engagement Criteria
• Appendix B – ESTMA Program Logic Model

Executive Summary

Introduction

The Extractive Sector Transparency Measures Act (referred to as the Act / ESTMA) came into force on June 1, 2015 and is intended to support Canada’s international commitment from the 2013 G8 Leaders Summit to deter global corruption in the extractive sector through the promotion of greater transparency and accountability. The Act requires certain businesses (“entities,” as described below) to publicly disclose payments made to government payees, both national and international, in relation to the commercial development of oil, gas and minerals. The Act defines specific reporting obligations, including which entities are required to report, and the types of payments to disclose; the form and frequency of these disclosures, and the manner and period in which the information is to be published, are prescribed in Technical Reporting Specifications. The Act also included a two-year deferral period for reporting payments to Indigenous governments in Canada, which ended June 1, 2017.

For the purposes of the Act, an entity refers to: an entity that is listed on the Canadian stock exchange; and an entity that has a place of business in Canada, does business in Canada, or has assets in Canada that meet at least two of the following conditions in one of their two most recent financial years:

• Has at least $20 million (M) in assets;
• Generated at least $40M in revenue; and/or
• Employs on average at least 250 employees.

The Act defines the categories and value of payments that entities are required to report on, including taxes (excluding consumption and personal income taxes), royalties, fees, production entitlements, bonuses, dividends, infrastructure improvement payments, and any other defined category of payment. All payments with a value of $100,000 or greater in one category, paid within a reporting period, must be reported.

In Canada, the Minister of Natural Resources is responsible for the overall administration and enforcement of the Act. The Strategic Policy and Results Sector (SPRS) within Natural Resources Canada (NRCan) provided strategic policy support during the development of the Act and undertook related stakeholder engagement and consultations to develop the original Guidance and Technical Reporting Specifications, which were posted on the Canada Gazette. On April 1, 2016, SPRS transferred responsibilities related to the Act to the Business Management Services and Data Branch (BMSDB) within the Lands and Minerals Sector (LMS), which continued to design the program to administer and enforce the Act. SPRS continued to take the lead on international and Indigenous engagement with stakeholders until June 1, 2017, when these remaining components were fully transferred to LMS. With the final transfer, BMSDB assumed responsibility for all program components for the administration and enforcement of the Act, including compliance promotion and capacity building, compliance monitoring, and enforcement activities.

The program developed a Compliance Framework (the Framework) in 2017 outlining an overall general approach for the administration and enforcement of the Act. This framework comprised of three components: compliance promotion and capacity building; compliance monitoring; and enforcement. To date, BMSDB has largely focused on implementation of compliance promotion and capacity building through engagement with stakeholders, including industry (mining, oil and gas associations and entities) and other stakeholders (accounting and legal experts, governments and civil society). Outreach activities have focused on raising awareness of the reporting obligations, the potential consequences of non-compliance and providing points of clarification to stakeholders. The program has also developed and implemented an information technology (IT) solution that allows reporting entities to submit required information through a centralized portal. The use of the IT solution for submitting reports became mandatory for all reporting entities on November 1, 2018.

The Joint Audit and Evaluation of the Implementation of the Extractive Sector Transparency Measures Act was included in the Joint Audit and Evaluation Plan for 2018-2021, approved by the Deputy Minister on April 12, 2018.

Strengths

The program developed an approach for the administration of the Act in a timely manner, and an IT solution to facilitate its administration of the Act. The program’s stakeholder engagement and outreach, as well as the provided tools and guidance and processes for substitution of reports for companies with reporting obligations in more than one jurisdiction, were well received by stakeholders.

Areas for Improvement

There is an opportunity for the program to develop and implement a formalized risk-based implementation plan for the compliance monitoring and enforcement components, and to prepare a security plan to address the security control weaknesses and technical vulnerabilities in the Security Assessment and Authorization Report. There is also an opportunity for the program to develop performance measurement indicators to track progress towards intended outcomes.

Conclusion and Opinion

In my opinion, the program has taken significant steps to establish and implement management controls to support the department’s role in the administration of the Act. The program operated efficiently and economically during the implementation of compliance promotion and capacity building activities, and adapted its activity levels to reflect existing resources. The program has not yet developed a formal risk-based implementation plan for compliance monitoring and enforcement activities, which creates a challenge for the program to effectively administer and enforce the Act. It is difficult to know the full extent of industry compliance with the Act due to the hidden nature of corruption and the difficulties in identifying the full reporting population. There is also a need for the program to prepare a security plan to address the IT security control weaknesses and technical vulnerabilities.

Statement of Conformance

In my professional judgement as Chief Audit and Evaluation Executive, the engagement conforms with the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing, the Government of Canada’s Policy on Internal Audit and the Policy on Results, and Canadian Evaluation Society Standards as supported by the results of the Quality Assurance and Improvement Program.

Christian Asselin, CPA, CA, CMA, CFE
Chief Audit and Evaluation Executive
January 15, 2020

Acknowledgements

The engagement team would like to thank those individuals who contributed to this project and, particularly employees who provided insights and comments as part of this engagement.

Introduction

The Extractive Sector Transparency Measures Act (referred to as the Act) came into force on June 1, 2015 and is intended to support Canada’s international commitment from the 2013 G8 Leaders Summit to deter global corruption in the extractive sector through the promotion of greater transparency and accountability. The Act requires certain businesses (“entities,” as described below) to publicly disclose payments made to government payees, both national and international, in relation to the commercial development of oil, gas and minerals. The Act defines specific reporting obligations, including which entities are required to report, and the types of payments to disclose; the form and frequency of these disclosures, and the manner and period in which the information is to be published, are prescribed in the Technical Reporting Specifications. The Act also included a two-year deferral period for reporting payments to Indigenous governments in Canada, which ended June 1, 2017.

For the purposes of the Act, an entity refers to: an entity that is listed on the Canadian stock exchange; and an entity that has a place of business in Canada, does business in Canada, or has assets in Canada that meet at least two of the following conditions in one of their two most recent financial years:

Has at least $20M in assets;
Generated at least $40M in revenue; and/or
Employs on average at least 250 employees.

The Act defines the categories and value of payments that entities are required to report on, including taxes (excluding consumption and personal income taxes), royalties, fees, production entitlements, bonuses, dividends, infrastructure improvement payments and any other defined category of payment. All payments with a value of $100,000 or greater in one category, paid within a reporting period, must be reported.

Other jurisdictions have developed and implemented similar legislation and guidance, including the European Union (EU) and the Government of Quebec. Select member states within the EU have formally adopted the EU Accountability and Transparency Directives, and the Government of Quebec enacted its own legislation in October 2015 titled an Act Respecting Transparency Measures in the Mining, Oil and Gas Industries. Further, while the jurisdictions noted above have adopted legislative bases promoting greater transparency, many others have voluntarily signed on to the Extractive Industry Transparency Initiative (EITI), a global initiative that defines a standard for good governance of oil, gas, and mineral resources.

In Canada, the Minister of Natural Resources is responsible for the overall administration and enforcement of the Act. SPRS within NRCan provided strategic policy support during the development of the Act and undertook related stakeholder engagement and consultations to develop the original Guidance and Technical Reporting Specifications, which were posted on the Canada Gazette. On April 1, 2016, SPRS transferred responsibilities related to the Act to the BMSDB within LMS, which continued to design the program to administer and enforce the Act. SPRS continued to take the lead on international and Indigenous engagement with stakeholders until June 1, 2017, when these remaining components were fully transferred to LMS. With the final transfer, BMSDB assumed responsibility for all program components for the administration and enforcement of the Act, including compliance promotion and capacity building, compliance monitoring, and enforcement activities. Upon assuming responsibility for the program, LMS allocated existing A-base funding to support a program team consisting of four full-time equivalents (FTEs), under the leadership of the Director General of the BMSDB.

The program developed a Compliance Framework (the Framework) in 2017 outlining an overall general approach for the administration and enforcement of the Act. This framework comprised of three components: compliance promotion and capacity building; compliance monitoring; and enforcement. To date, the BMSDB has largely focused on implementation of compliance promotion and capacity building through engagement with stakeholders, including industry (mining, oil and gas associations and entities) and other stakeholders (accounting and legal experts, governments and civil society). Outreach activities have focused on raising awareness of the reporting obligations, the potential consequences of non-compliance and providing points of clarification to stakeholders. The program has also developed and implemented an IT solution that allows reporting entities to submit required information through a centralized portal. The use of the IT solution for submitting reports became mandatory for all reporting entities on November 1, 2018.

The Joint Audit and Evaluation of the Implementation of the Extractive Sector Transparency Measures Act was included in the Joint Audit and Evaluation Plan for 2018-2021, approved by the Deputy Minister on April 12, 2018. The program is part of the Provision of Federal Leadership in the Minerals and Metals Sector (PFL-MMS) Program in NRCan’s Departmental Results Framework.

Objective

The objective of this engagement was to assess the effectiveness of the management controls supporting NRCan’s role in the implementation and administration of the Act. The engagement also examined the effectiveness and efficiency of NRCan’s processes to manage and oversee the requirements placed on extractive entities that are subject to the Act.

Specifically, the engagement assessed:

• Whether resource planning and management oversight mechanisms are in place to effectively administer the Act;
• Whether effective processes are in place to identify and engage with stakeholders on an ongoing basis;
• Whether the program has a formalized framework and business processes in place to support legislative requirements;
• Whether the program has employed and maintained a sustainable IT solution that supports program operations, and is in compliance with departmental and governmental policies;
• The extent to which the program has achieved its expected outcomes (as per the logic model in Appendix B), and identify any unexpected outcomes; and
• The extent to which the program’s design, delivery and performance have contributed to the efficient use of resources.

Considerations

A risk-based approach was used in establishing the objectives, scope, and approach for this joint engagement. The following areas were identified as having significance in the achievement of the Department’s objectives, and were therefore assessed as increased areas of risk for this engagement:

• Effective resource planning to effectively and efficiently manage and administer the Act;
• The maintenance and sustainability of an IT solution for the effective management and delivery of the program;
• A comprehensive understanding of and continued engagement with stakeholders (including industry, Indigenous governments, non-governmental (NGOs) organizations (civil society), and provincial and international counterparts) to facilitate and promote compliance with the Act; and 
• A formalized framework and associated business processes that enable the program to effectively and efficiently implement all components of the Act.

Scope

The scope of the engagement focused on the period from when the Act came into force on June 1, 2015, to the end of June 2019. The scope did not include an examination of the relevance of the Act itself. The team reviewed activities undertaken for the design, planning, and implementation of the program to administer and enforce the Act. These included a review of the processes and outcomes of stakeholder engagement, and exploring lessons learned that may inform the development and hand-over of similar programs in the future.

The scope of the engagement excluded an examination of data accuracy in reports submitted to NRCan under the Act, as reporting entities are accountable for ensuring reportable payments are true, accurate and complete. However, the engagement considered enforcement activities undertaken by the program.

Administration and enforcement of the Act is described within the NRCan Program Information Profile for the PFL-MMS Program, which also includes Kimberly Process activities. However, as the Kimberly Process responds to the Export and Import of Rough Diamonds Act (S.C. 2002, c.25), it was excluded from the scope of the engagement, as were other activities within the PFL-MMS Program that are not related to the administration of the Act.

Consideration was given to the results of previous and concurrent, audit, and evaluation projects on related topics. Most notably, Global Affairs Canada is concurrently conducting a horizontal evaluation of Canada’s Corporate Social Responsibility Strategy: Doing Business the Canadian Way: A Strategy to Advance Corporate Social Responsibility in Canada’s Extractive Sector. NRCan contributes to this overall strategy through various initiatives, including its implementation and administration of ESTMA. The results of this joint engagement will be used to inform and complement the objectives of the Horizontal Evaluation of Canada’s Enhanced Corporate Social Responsibility (CSR) Strategy.

Approach and Methodology

The joint engagement is intended to produce a value-added engagement that limits the duplication of efforts that would be required to conduct separate audit and evaluation projects. The joint engagement was led by Audit and Evaluation Branch’s (AEB) Audit Operations Division, with participation from the Evaluation Division, and oversight by the Chief Audit and Evaluation Executive. The engagement was carried out in a manner that ensures the team’s neutrality and objectivity, as per respective professional requirements and standards, and ensures that observations and conclusions are evidence-based.

The approach and methodology used in this engagement followed the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing (IIA Standards), the Treasury Board (TB) Policy on Internal Audit, the TB Policy on Results and Canadian Evaluation Society standards. These standards and policies required that the project be planned and performed in such a way as to obtain reasonable assurance that engagement objectives are achieved. The engagement included tests considered necessary to provide such assurance. Although there is no Financial Administration Act requirement nor TB funding requirement for an evaluation of the program, the evaluation component was included to support coverage of NRCan Departmental Results Framework programs.

The engagement included the following key tasks:

• Interviews with key personnel and committee representatives;
• Interviews with external program stakeholders, including industry representatives and provincial governments;
• Review of lessons learned during the program hand-over from SPRS to LMS;
• Review of relevant program documents, including program authority documents, guidance, planning, monitoring and reporting information, as well as performance measurement data;
• Review of relevant documents from external sources;
• Review of the IT solution, its implementation and security controls; and
• Testing and analysing documentation from a sample of entities enrolled with the program.

The engagement team conducted joint interviews with program personnel and external stakeholders. In total, the team conducted seven internal interviews, including one with the Legal Services Unit and two with the Chief Information Office and Security Branch, and twelve interviews with external stakeholders. External stakeholders primarily consisted of representatives from legal and accounting firms with whom the program collaborated for the delivery of information sessions, as well as NGOs, industry associations, and the province of Quebec.

External Interviews

	Accounting and Legal Firms	Non-Governmental Organizations	Industry Association	Provinces and Territories	Total
Number of Interviewees	8	2	1	1	12

Text version

External interviews were conducted as follows: 8 accounting and legal firms, 2 non-governmental organizations, 1 industry association, and 1 province and territory.

The conduct phase of this engagement was substantially completed in May 2019.

This report is structured thematically to best present the findings in a coherent way while eliminating duplication of information.

The findings and recommendations are focused on three major themes:

• Program Design, Planning and Implementation;
• Implementation of the Framework; and
• Program Outcomes and Performance Monitoring.

Limitations and Mitigation Measures

Due to the large number of extractive sector companies subject to the Act, the engagement team examined feedback from the program’s 2017 and 2018 stakeholder surveys and conducted interviews with external stakeholders to capture industry views on program performance.

The engagement team did not interview individuals from Indigenous governments or organizations. However, the engagement examined documentation outlining feedback received during SPRS’s Indigenous stakeholder engagement activities, and interviewed legal and accounting firms representing entities reporting payments to Indigenous governments. As this is the first year in which payments to Indigenous governments in Canada will be reported, it is too early to determine the effects of reporting such payments on Indigenous communities and implicated companies.

As the program is part of the Departmental Results Framework’s PFL-MMS Program, it did not have its own performance indicators or logic model. The engagement team assisted the program in developing a program-specific logic model to assess progress towards intended program outcomes (Appendix B).   Furthermore, as the program has yet to fully implement compliance monitoring and enforcement activities the availability of performance data to assess the achievement of ultimate outcomes was limited. It is difficult to know the full extent of industry compliance with the Act due to the hidden nature of corruption and the difficulties in identifying the full reporting population. The scope of the engagement reflects this in its focus on the implementation of the Act to increase transparency. It is also important to note that the implementation of the Act is only one component of a larger overall Government of Canada CSR Strategy (refer to scope statement above).

Criteria and Evaluation Questions

Please refer to Appendix A for the detailed engagement criteria and evaluation questions. The criteria guided the conduct of this engagement and formed the basis for the overall conclusion. The evaluation questions guided the evaluation portion of the work.

Findings and Recommendations

Relevance

The program exists to fulfill NRCan’s requirement to support the Minister of Natural Resources in administering and enforcing the Act. In doing so, the program also fulfills Canada’s 2013 G8 commitment to participate in the fight against corruption through the implementation of transparency measures for the extractive sector. By increasing transparency of payments to governments with a view to deterring corruption, the program is also aligned with Canada’s Enhanced CSR Strategy to strengthen Canada’s extractive sector abroad. Furthermore, the program is aligned with Canada’s National Action Plan on Open Government as the program facilitates public access to information on the extractive sector’s payments to governments, therefore contributing to the public and civil society’s ability to hold governments accountable.

The program also contributes to NRCan’s Core Responsibility of supporting “Globally Competitive Natural Resource Sectors.” The extractive sector is a significant contributor to the Canadian economy; in 2018, activities for the extraction and processing of minerals, oil, and gas accounted for more than 8.5% (over $165B) of Canada’s real Gross Domestic Product. Canada’s global leadership in the implementation of extractive sector transparency measures and the alignment with the CSR Strategy also contributes to advancing the Canadian extractive sector as responsible resource developers. This is particularly important as the Canadian extractive sector had nearly $364B in assets abroad in 2016, with assets located in over 100 countries around the world.

Program Design, Planning, and Implementation

Summary Finding

The program developed the Framework outlining an approach for the administration and enforcement of the Act, which was endorsed by NRCan’s Policy and Science Integration Committee. The Framework has not been reviewed and updated since 2017, and does not reflect changing program needs and risks. The program has established financial planning processes and has defined resourcing requirements to administer the Act, including the maintenance and sustainability of the IT solution. To date, the program has not received additional funding to support its activities, and has yet to begin the enforcement of the Act. The engagement found that, given existing resources, the program operated efficiently and economically in the implementation of compliance promotion and capacity building activities. However, the program adapts its activity levels and intended level of assurance to reflect existing program resources; this was identified as a challenge that could hinder the full implementation of compliance monitoring and enforcement activities.

The program has employed and maintained a sustainable IT solution that supports program operations, and is in compliance with departmental and governmental policies. There is a need for a security plan to address the implementation of the security controls and to address vulnerabilities or areas of risk identified in the Security Assessment and Authorization Report.

Program Design

SPRS began the administration of the Act, including identifying program stakeholders, developing and implementing the initial tools and guidance, and initial stakeholder engagement to promote compliance. In addition, SPRS collaborated with Quebec, the EU, and United States (which at the time had planned to implement similar measures) to ensure practical alignment with the Act, including determining the substitutability of reports.

In late 2015, NRCan transferred the program from SPRS to LMS, as LMS has extensive knowledge of mining and mineral companies in Canada and many of the potential entities fall under LMS’s mandate. SPRS led the transition and knowledge transfer, and provided resources to facilitate the process, including a task team to coordinate the transition. LMS assumed responsibility for the program on April 1, 2016, before the first reports were submitted in the summer of 2017. Internal and external stakeholders interviewed during the engagement indicated that the program transfer appeared seamless.

SPRS remained responsible for international and Indigenous engagement until June 1, 2017, the end of the deferral period for reporting payments to Indigenous governments in Canada. During this time, SPRS engaged more than 130 Indigenous governments and organizations across Canada to hear concerns, clarify misconceptions, and provide information on the Act’s reporting requirements. Thereafter, LMS engaged SPRS on matters pertaining to Indigenous Peoples and international issues on an as-needed basis.

Program Implementation

Following the transfer of the program to LMS, the program further developed its approach for the administration and enforcement of the Act by creating the Framework. The Framework has served as the foundational document guiding the program’s activities following the initial implementation period, and proposed an approach that would be “aligned with the legal requirements of the Act and ensure a reasonable level of assurance at moderate additional cost.”

The Framework established the following program components supporting the administration and enforcement of the Act: compliance promotion and capacity building; compliance monitoring; and enforcement. Each of these components will be discussed in detail in the Implementation of the Compliance Framework section of this report.

The Framework offered a high-level overview of a compliance monitoring approach, including general dates for implementation. The Framework detailed resource requirements that were commensurate with the desired level of assurance – either low, moderate or high. Each option presented an overview of the assurance level, including risks, strengths, assumptions used for analysis, activities and the costs associated with each assurance level. NRCan’s Policy-Science Integration Committee endorsed the Framework’s recommended approach for a moderate level of assurance, which combines complaints-based and risk-based compliance monitoring and is moderate in cost. No additional funding was allocated to support program activities for the implementation of this approach.

With respect to program risk identification and assessment, no formal and structured approach was observed during this engagement. Although the Framework provided an initial overview of the approach to be employed for implementation, it did not provide an identification and assessment of program risks. The risks identified in the Framework were specific to the options proposed for the various levels of assurance. The risk identification is narrow in focus and did not pertain to the implementation of core program components (i.e. compliance promotion and capacity building, compliance monitoring, and enforcement). The Framework has not been reviewed and updated since 2017, and does not reflect changing program needs.

In early 2019, the program developed a Compliance Road Map (the Road Map) that built on the elements in the Framework, captured activities conducted and implemented to date, and provided timelines for planned activities. The Road Map contains a similar implementation overview for key program activities as the Framework; however, it differs from the Framework by recommending an approach for a low level of assurance. The Road Map indicates that the low level of assurance would be temporary as the program seeks longer-term additional funding that would allow the program to increase the level of assurance to moderate. The change from the Framework to the Road Map suggests that the program adapted its activities, as well as the associated level of assurance that could be achieved, in order to reflect operational realities and available resources.

Program Resources

At the outset of implementation, existing internal resources were reallocated to support program activities, and no new funding was established for the program. To date, the program has not received additional funding to support its activities for the administration and enforcement of the Act, and uses existing BMSDB resources to fund day-to-day operations and employee salaries. From April 1, 2016 until June 1, 2017, SPRS transferred $100,000 in operational and maintenance (O&M) funding to LMS to assist with the implementation of program activities. During this time, SPRS assigned one FTE to LMS and provided the associated salary in order to support the program transfer. Program representatives interviewed for this engagement indicated that the assignment of the FTE from SPRS facilitated the implementation of the program in LMS during the first year post-transfer.

The program has defined resource requirements, including required skills and competencies. LMS has allocated existing A-base funding to support a program team consisting of four FTEs. O&M funding has also been allocated as needed to fund program-related activities (e.g. translation, creative services, etc.) and training for employees. While the program has since maintained the same number of FTEs, the positions were reclassified in 2017 to better reflect operational realities. Program documents and interviews with program representatives indicate that the program uses students, assignments, and casual employees to address short-term needs, suggesting that the program is operating at full capacity.

Resource Planning

The engagement found that the program has adapted its activity levels and intended level of assurance to reflect available resources. The program’s financial planning processes to support the management and administration of the Act has been primarily based on resources available to the program rather than planned program activities or the intended level of assurance. The program does not have any formal planning documents representing the necessary funding to achieve all elements of program implementation; the Framework was approved for its approach only but not for associated resource requirements and the Road Map remains a transitory document.

To date, the program has remained within budget for the implementation of compliance promotion and capacity building, and has adapted its activities to reduce travel costs by leveraging collaborations with stakeholders and digital methods for stakeholder engagement and outreach. Given existing resources, it is expected that the program would be unable to operate beyond its current activities in order to achieve a greater level of assurance of compliance with the Act, or to fully implement compliance monitoring and enforcement activities, such as desk audits and site visits. This poses a risk to NRCan’s ability to credibly administer and enforce the Act.

At the end of the conduct phase for this engagement, the program had developed a business case seeking additional resources to support ongoing compliance monitoring activities, as well as to develop and implement processes for the enforcement of the Act. The business case builds upon the Road Map, and outlines the work that the program has accomplished to date, as well as the status of the outputs and activities for the administration of the Act.

The business case provides analysis for various implementation options and the resources required to attain certain levels of assurance, highlighted as either status quo, low, moderate and high assurance. It indicates that the program is currently operating within the status quo level of assurance, with minimal compliance monitoring and enforcement activities due to existing resource levels. However, the engagement team acknowledges that the program is taking steps towards actively planning and budgeting to support implementation of core components of the program.

IT Solution

Since the beginning of the program, there was a recognized need for the creation of an IT solution to facilitate program activities, particularly the management of large volumes of data. The need for an IT system became greater as the manual process of receiving and compiling report data was labour intensive and prone to human error, which put data integrity at risk. Manual processing limited the program’s ability to undertake data and trend analysis, compliance monitoring and enforcement activities. The IT solution was needed to facilitate the program’s management of a large volume of data while having the capacity to exchange program data with partners, including other federal departments and agencies, provinces, and international partners. The program saw this as an essential business requirement to support program implementation.

The program engaged the Chief Information Officer and Security Branch (CIOSB) at NRCan in 2016 to develop and implement an IT solution. The original plan was to implement the enterprise Customer Relationship Management IT solution. However, this solution was not ready at the time, and because the successful delivery of the program was contingent on having an IT solution in place by spring 2017, an interim IT solution had to be implemented with a future plan to migrate to the enterprise Customer Relationship Management software.  The interim IT solution was implemented in two phases over two fiscal years: a back-office system and database for program staff to process and manage enrolment and reporting information in Phase 1; and an external facing web portal (the eServices Portal) for reporting entities to submit annual reports under the Act in Phase 2. The third phase of the IT solution is the migration of the interim solution to an enterprise Customer Relationship Management software; however, no target date or budget for the completion of this phase was available at the time of this engagement.

The NRCan Directive on Security Assessment and Authorization includes the requirements of Government of Canada IT security policy instruments in terms of security assessment, and requires that business owners (in this case the Director General, BMDSB) ensure that a security authorization has been performed prior to allowing operational status of any application under their responsibility. The directive also requires that program managers develop a security plan to address the implementation of selected security controls, required evidence and mitigation measures to address vulnerabilities or areas of risk identified in the Security Assessment and Authorization Report.

A total of 54 security controls were identified to meet the assessed Security Assurance Level for the IT solution. The most recent Security Controls Traceability Matrix indicated that 25 controls were met, 11 were partially met, 6 were not met and 12 were deemed to be non-applicable (i.e. under the responsibility of Shared Services Canada [SSC]). The IT Security Coordinator prepared the Security Assessment and Authorization Report after reviewing the security controls that were evaluated by the business owner (the engagement did not re-perform an assessment of the security controls).

The Security Assessment and Authorization Report for Phase 2 of the implementation of the IT solution was reviewed and approved by the Chief Information Officer and the business owner in June 2018. The report identified that the solution contains security control weaknesses and two technical vulnerabilities that result in a risk for the Department. Despite the vulnerabilities identified, all residual risks were accepted by the business owner and the IT solution was granted an Interim Authority to Operate, expiring May 15, 2019. At the time of the engagement, there was no security plan in place for the IT solution. Based on interviews conducted, no action has been taken to resolve the vulnerabilities, and the Interim Authority to Operate had yet to be extended at the end of the fieldwork.

The IT solution has been in full operation only since November 2018 and it is difficult to fully assess the efficiency and effectiveness of the IT solution before the completion of one-full reporting cycle following its implementation. At the time of the engagement, interviews with internal and external stakeholders indicated that the IT solution could benefit from a few enhancements, but was generally working as intended without any serious problems. The IT solution was implemented in compliance with departmental policies, directives and procedures and operating effectively; however, the solution was implemented prior to significant security controls being put in place. Although the IT solution manages information and data that is publicly available, a security plan is still required to address the risks and vulnerabilities identified in the Security Assessment and Authorization Report. Additionally, the engagement team encourages the program to prepare a plan to migrate the interim IT solution to an enterprise Customer Relationship Management software.

The program requested access to the departmental reserve on two separate occasions to support the development and implementation of the IT solution. In 2017-18, the program requested $694,000 in O&M funding from the departmental reserve, followed by $150,000 for 2018-19. Overall, the IT solution has come in under budget, with total actual spending as of March 2018 at $530,000, and $114,000 were released back to the Departmental Reserve. It is not clear from program documents if the program experienced cost savings in terms of salary and associated operational costs as a result of efficiencies created by the implementation of the IT solution.

Risk and Impact

There is a risk that the program may be unable to provide any assurance of compliance with the Act as a means of effectively administering and enforce the Act without an updated and formalized framework with adequate resource planning and allocation.

There is a risk that operating the IT solution without addressing security control vulnerabilities could compromise integrity and availability of data.

Recommendations

Recommendation 1: It is recommended that the Assistant Deputy Minister, LMS, in conjunction with CIOSB, implement the required IT security controls and address the two technical vulnerabilities identified in the Security Assessment and Authorization Report for the IT solution.

Other findings from this section pertaining to the Framework are addressed in Recommendation 2.

Management Response and Action Plan

Management agrees with Recommendation #1

1. Since completion of the Joint Audit and Evaluation, LMS has undertaken an updated Technical Vulnerability Assessment and Security Assessment and Authorization Report (SAAR). LMS, in conjunction with CIOSB, will implement the required IT security controls and address the two technical vulnerabilities identified in the SAAR for the ESTMA IT solution.

Position Responsible: DG, BMSDB, in conjunction with the NRCan Chief Information Officer

Timing:

1. LMS will work with CIOSB to address the outstanding IT security controls to be included in the next scheduled release of the ESTMA Admin system prior to December 2020.
2. LMS will work with CIOSB and SSC to address the first vulnerability by March 2020.
3. The second vulnerability will be included in the next scheduled release of the ESTMA Admin system prior to December 2020.

Implementation of the Compliance Framework

Summary Finding

The program has established and implemented processes and procedures to identify stakeholders and engage in outreach activities as part of capacity building and compliance promotion in the early stages of administering the Act. The engagement found that these activities raised industry’s awareness of their obligations under the Act. The program continues to engage with stakeholders for the development and refinement of tools and guidance to facilitate entities’ reporting. The engagement found that industry accesses and uses the tools and guidance, and that they seek additional guidance from the program when needed.

It is difficult to know the full extent of industry compliance with the Act due to the hidden nature of corruption and the program’s difficulties in identifying the full reporting population. Further, the program has not undertaken formalized compliance monitoring and enforcement activities, making it difficult to assess the effect of enforcement actions on the degree of industry compliance. Although the program publishes links to entities’ reports under the Act, there is a risk that these reports may not be fully accessible to the public if links are broken.

Capacity Building and Compliance Promotion

Prior to the program transfer from SPRS to LMS, SPRS created a Stakeholder Engagement Working Group, which identified a list of stakeholders and potential entities to support engagement and outreach activities. The program currently maintains a regularly updated general distribution list of more than 1,800 stakeholders and reaches out to organizations it believes may be subject to the Act.

The program utilized various processes and mechanisms to support stakeholder engagement and outreach for compliance promotion and capacity building for entities with potential reporting obligations. These activities consisted of:

• In-person information sessions, and presenting at industry conferences and events;
• Teleconferences and videoconferences;
• A targeted social media strategy;
• The creation of a website containing detailed questions and frequently asked questions;
• The creation of a Stakeholder Advisory Group with the objective of facilitating collaborative dialogue between program officials and stakeholders;
• Stakeholder surveys, issued at the end of the 2017 and 2018 reporting years, to solicit feedback on the reporting process, tools and guidance, and to identify areas where the program could further facilitate compliance; and
• Responding to stakeholder enquiries received by email or phone.

Program outreach and engagement targeted a broad range of stakeholders, including companies involved in the commercial development of oil, gas and minerals, industry associations, legal and accounting firms, private sector firms, Trade Commissioners and civil society to disseminate information on the Act and its reporting obligations. In-person sessions and outreach activities – many of which were held in collaboration with accounting and legal firms to target their extractive sector clientele – took place in Vancouver, Calgary, Winnipeg, Montreal, Toronto and St. John’s. The program also hosted information sessions with industry to discuss key questions and lessons learned about the first year of reporting. Program documents and interviews with external program stakeholders indicated that many stakeholders found these outreach and engagement activities useful, particularly as they provided an opportunity to discuss questions and challenges with the program in-person.

The program intends to continue outreach activities with stakeholders; however, this will be on a smaller scale than the initial outreach activities conducted at the beginning of program implementation. Continued outreach activities include:

• Maintaining a mailing list to be used for providing updates and reminders to stakeholders;
• Conducting regular bilateral meetings with stakeholders via tele/videoconference;
• The potential to conduct a third program survey in 2020; and
• Reconvening the Stakeholder Advisory Group as required.

In addition to outreach activities, the program sought to provide entities with detailed guidance and tools that were clear, easy to follow, and supported entities in complying with the Act. Feedback on guidance and tools was solicited from stakeholders through the Stakeholder Advisory Group and the 2017 and 2018 stakeholder surveys. Concerns raised by stakeholders through these mechanisms were incorporated into the guidance and tools. These changes largely focused on providing additional clarity, concrete examples, and best practices for reporting. The program actively engaged NRCan’s Legal Services Unit to provide advice and commentary on the updated guidance and tools. Significant changes as a result of the feedback received were communicated to stakeholders through email, the Stakeholder Advisory Group, and the program’s website. Interviews with external stakeholders found that industry accesses and uses the tools and guidance to facilitate compliance. Interviewees from legal and accounting firms also indicated that they reference the guidance in their own materials, therefore making the tools and guidance more accessible to industry.

Following the release of updated tools and guidance in 2018, the program’s second stakeholder survey in 2018 showed that 87% of entities that used the new guidance indicated that they were helpful in supporting the reporting process. Regarding the timing of releasing updated guidance, some respondents requested that future iterations be released earlier in the year to give entities more time to align with updated guidance and reporting requirements. Although the updated guidance provided more examples than in the previous version, survey respondents and external stakeholders interviewed for this engagement indicated that more examples would be helpful, particularly in relation to joint operating arrangements, social payments, and in-kind payments. Additional guidance was also requested on payments to Indigenous governments.

Stakeholders have praised the program for its efforts to facilitate reporting. Among the 30 jurisdictions that have enacted similar legislation, Canada is a leader in providing comprehensive tools and guidance to industry to facilitate compliance with legislative requirements. The tools and guidance have garnered international attention, particularly from the EU, as they are the first example of government guidance among implementing jurisdictions.

Many interviewees also identified the program’s engagement, collaboration with stakeholders on the development of tools and guidance, and responsiveness to inquiries as positive factors that contributed to industry awareness of the Act, increased use of the tools and guidance, and overall compliance. In addition, the substitutability of reports with other jurisdictions (i.e. the ability of a report to be used to fulfil the legislative requirements of a different jurisdiction) contributes to lower compliance costs for reporting entities, therefore facilitating their compliance.

Compliance Monitoring

The Framework indicated that compliance monitoring should follow a complaints-based and risk-based approach to increase the level of assurance at moderate costs. It was intended that this approach would maintain Canada’s global leadership position in the implementation of extractive sector transparency measures as it goes beyond the United Kingdom and EU’s complaint-based monitoring approach.

Complaints-based monitoring would be based on the public and civil society reporting issues with reports or entity non-compliance within five years of reports being published. Risk-based monitoring would require the program to develop risk-based monitoring criteria as report data is collected over time. Entities identified as at a “higher risk” of non-compliance could face compliance reviews and potential desk audits or on-site inspections. Program documents indicate that engagement with industry in the first years of reporting would build the necessary capacity and knowledge required to conduct risk-based analysis and monitoring. Data analysis and collaboration with other jurisdictions were also intended to support the development of risk criteria for monitoring. NRCan signed a Memorandum of Understanding with the Government of Quebec in fall 2017 to support coordinated outreach, monitoring, and enforcement activities in order to reduce administrative costs and eliminate duplication of efforts. At the time of the engagement, the program had not initiated any complaints-based or risk-based monitoring activities.

To support the validation of minimum report standards, the program has developed a report validation checklist that aligns to the reporting requirements of the Act. This validation checklist provides reporting entities and program staff with guidance to ensure that basic report criteria are met prior to accepting and publishing a link on the program’s website that redirects to the entity’s report hosted on their own website. The engagement team reviewed a sample of submitted entity reports to determine whether these reports met the minimum standards as defined in the report validation checklist. Generally, submitted reports had been processed according to the checklist, and were published in a timely manner (defined as 30 days or less), with the majority of the reports being published on the program’s website in 7 days or less.

In addition to the report validation checklist, the program developed Standard Operating Procedures to guide their work and ensure that basic enrolment and report processing requirements are met. These Standard Operating Procedures pertain primarily to the manual processing of entity enrolments and report intake. The mandatory use of the eServices Portal, the external facing component of the IT solution, for reporting entities in November 2018 has rendered these manual processing Standard Operating Procedures irrelevant. Recognizing this, the program has developed a Standard Operating Procedure pertaining directly to the processing of eServices Portal requests and reports, and is in the process of developing additional Standard Operating Procedures to guide their efforts. It should be noted that no Standard Operating Procedures have been developed for compliance monitoring and enforcement activities.

Although the program initially planned to identify and track the full reporting population, interviews with program representatives indicated that maintaining a full population of entities potentially subject to the Act was a challenge due to the nature of the industry and the frequency of company bankruptcies, mergers and acquisitions, and a lack of information about private companies in scope of the Act. As a result, it is difficult to determine the extent to which all entities with reporting obligations are aware of reporting requirements and are in compliance with the Act. In the absence of detailed and concrete knowledge of the reporting population, the program developed and maintains a list of publicly traded companies, and actively reaches out to companies that may be subject to the Act, as resources allow. In addition, the program conducts research and media monitoring to help identify other stakeholders and potential entities that may be subject to the Act. This allows the program to gain an understanding of the overall potential reporting population.

As of October 2018, the program had enrolled over 1,400 companies. At that time, over 850 companies had published more than 950 reports (including 32 substituted reports that were prepared and submitted to other jurisdictions), indicating industry compliance with the Act. It should be noted that not all enrolled entities have reportable payments. As the program has not identified the full reporting population, it is currently unknown if more reports should be published. It should be noted that the Act contains significant fines (up to $250,000 per day, per offence) for cases of non-compliance, which act as a significant deterrent for non-compliance. Nevertheless, it is difficult to know the full extent of industry compliance with the Act due to the hidden nature of corruption and the program has experienced difficulties in identifying the full reporting population.

The program has achieved the outcome of making reports under the Act accessible to the public. Entities are required to maintain functional links to their reports on their own websites. The program publishes these links on its website once the reports are validated. However, testing for this engagement showed that some of the links on the program’s website to reports provided are not functional links, which contravenes the requirements of the Act. Publishing links to reports on the program’s website is intended to increase public access to the reports. However, broken links can be a barrier to such access and can affect the program’s ability to meet its intended outcome of making these reports publicly accessible.

Feedback from stakeholder interviewees, including NGOs, indicates that the data in the reports could be more accessible if the reports were published in a different format, or if the program provided additional analysis of the data. To increase the accessibility of the reports for the public, the revised Technical Reporting Specifications, which became legally binding on November 1, 2018, require reporting entities to publish their reports in the machine-readable PDF or XLS format. However, some external stakeholder interviewees noted that reports published in the machine-readable PDF format pose a challenge for conducting analysis with report data as it is less user-friendly than the XLS format. Stakeholders have also suggested in interviews and in program surveys that other models for publishing the reports could increase their accessibility.

Enforcement

The program has held discussions with NRCan’s Legal Services Unit to explore the legal aspects of enforcing the Act, including the burden of proof required for prosecution, the importance of documenting information and tracking correspondence.

Further, the program has considered the recourse options available to NRCan should a reporting entity be suspected of non-compliance with the Act. Ultimately:

• The Minister can designate a person or class of persons for the purpose of verifying compliance with the Act;
• The Minister has authority under the Act to order corrective measures, if an entity is found to be in non-compliance; and
• Every person or entity that fails to comply, is guilty of an offence punishable on summary conviction by the Director of Public Prosecutions and liable to a fine of not more than $250,000 per day, per offence.

During the analysis of documentation of a sample of submitted reports, the engagement team observed that the program has conducted follow-up activities and sent reminders to reporting entities with outstanding reports. However, no processes or procedures for enforcement activities have been established or implemented. Program staff indicated their desire to develop Standard Operating Procedures for the enforcement portion once these program components are concretely defined. Planning documents indicate that the intention was to begin taking corrective measures and to recommend prosecution on an as-needed basis starting in 2018-19. The Framework noted that the program would also create a review committee for appeals of non-compliance, but this was not indicated in the Road Map and it is not clear if this will remain part of the program’s approach for enforcement going forward. Without fully defined and implemented enforcement actions, it is difficult to assess the effect of enforcement actions on the degree of industry compliance.

Despite the program’s follow-up activities with entities, the engagement found that information management practices could be improved. A request for additional information in support of a sample of submitted entity reports revealed that documentation from the early stages of program implementation could not be located. Good information management practices enable the program to document and track correspondence to demonstrate the escalation process for non-compliance, leading up to a potential prosecution. A lack of adequate information management practices may affect program enforcement activities in the future due the burden of proof required to pursue a prosecution. It should be noted that the implementation of the IT solution is intended to strengthen information management practices, as all documentation pertaining to entities is expected to be stored and maintained within the eServices Portal.

Further, implementing enforcement actions is crucial to the program administering and enforcing the Act. If the program is unable to fully implement compliance monitoring and enforcement, it may not fully achieve industry compliance.

Risk and Impact

There is a risk that without a detailed plan and processes for compliance monitoring and enforcement activities, the program may encounter challenges in effectively supporting the Minister of Natural Resources in administering and enforcing the Act. There is also a risk to that without the implementation of compliance monitoring and enforcement activities, NRCan’s ability to credibly administer and enforce the Act will be affected.

Recommendations

Recommendation 2: It is recommended that the Assistant Deputy Minister, LMS, update and formalize the Compliance Framework to support the effective administration and enforcement of the Act, through:

• effective resource planning;
• the identification of program risks;
• the development of detailed processes for compliance monitoring and enforcement activities; and
• improved information management practices.

Management Response and Action Plan

Management agrees with Recommendation #2

1. Since completion of the Joint Audit and Evaluation, LMS has launched a contract with a consultant to support development of detailed processes and procedures for compliance monitoring and enforcement. In parallel, LMS is updating and formalizing the Compliance Framework.
2. Since completion of the Joint Audit and Evaluation, LMS has also undertaken a risk assessment workshop, and is in the process of finalizing a comprehensive program risk assessment to effectively administer and enforce the Act.
3. Since completion of the Joint Audit and Evaluation, LMS has examined leading practices, and has developed a robust Information Management strategy to improve the program’s information management practices, which is expected to be finalized soon.

Position Responsible: DG, BMSDB

Timing:

1. The Compliance Framework, as well as processes and procedures, are expected to be completed by April 2020.
2. Development of a comprehensive program risk assessment is expected to be completed by January 2020.
3. IM strategy will be developed and implemented by January 2020.

Program Outcomes and Performance Monitoring

Summary Finding

The program has ensured that Canada met its international commitments to transparency in the extractive sector. By increasing the transparency of payments to governments through publishing entities’ reports and ensuring industry compliance with the Act, the program is expected to contribute to deterring corruption in the global extractive sector.

Program performance measurement are not formalized, which could lead to gaps in effective program planning as the program moves towards enforcement.

Program Outcomes

By creating and implementing the Act, Canada met its 2013 G8 commitments relating to increasing transparency in the extractive sector. Although identifying the extent to which the program contributed to the deterrence of corruption is challenging due to corruption’s hidden nature, program progress reports indicate that the program has a large global reach, therefore contributing to greater global transparency in the extractive sector. External stakeholders interviewed also noted that the resulting increased level of transparency (i.e. public access to entities’ reports) is expected to deter corruption in the extractive sector.

As of October 2018, the program had published links to over 950 reports reflecting payments to over 1,500 different payees in 125 countries, totalling over $176B. Approximately 565 of the governments that received payments were in Canada, accounting for $20B in payments. This indicates that the program significantly contributes to increasing transparency in the domestic and global extractive sector. External stakeholders interviewed for the engagement have recognized the program for its efforts in positioning Canada as a global leader in extractive sector transparency.

Unintended Outcomes

Program documents and interviews indicate that some stakeholders perceived the guidance to be vague on some areas, leading to the unintentional over- or under-reporting of information in fear of submitting a late or incorrect report. Some stakeholders noted that the program’s responses to technical questions were sometimes vague due to legal jargon, and that converting payments from their accrual accounting systems to the required cash system for reporting was time consuming and costly. The stakeholders also noted that the differing accounting systems could lead to inaccurate data and human error in reporting. Additional research related to the potential unintended outcomes of transparency initiatives writ large were beyond the scope of this engagement.

Performance Monitoring and Reporting

The program does not collect information to support performance indicators as none were identified during program design. Although the program tracks how it has progressed in terms of its activities and outputs, there are areas in the stakeholder engagement trackers in which information is missing or inconsistent. Other areas in which program performance could have been tracked have no available information, such as its engagement with each of the mining, oil, and gas industries. Interviews with program representatives indicated that tracking information by industry was not identified as a business need for the program. Identification of stakeholders by industry may be useful as each had different views on the Act from before it came into force. In addition, while the oil and gas industry operates largely within Canada, the mining industry has significant assets abroad. This indicates that each industry may have differing needs and concerns, but current program documents do not provide information on engagement to address industry-specific issues.

The Framework initially noted that the program would publish performance reporting that shows how the program is administering and enforcing the Act; the Road Map later noted that these would be published beginning in 2018-19. However, while the program created progress reports in 2017 and 2018, the reports have not been made public on the program’s website. The reports provided a high-level overview of the implementation activities conducted to date, and were used to brief senior management about progress on the administration and enforcement of the Act. The publication of progress reports has the potential to increase the public’s access to the reports and the data contained within them as they provide an overview of the content of all entities’ reports, and several external stakeholders interviewed suggested that they would find it beneficial to have access to annual reporting from the program.

Risk and Impact

Without formalized performance measurement and risk identification and assessment mechanisms, there is a risk of program planning gaps occurring as the program moves towards enforcement, which could impede progress towards ensuring industry compliance with the Act. Given external stakeholder feedback on challenges related to the accessibility of entities’ reports, as well as the potential benefit of publicly available annual reporting from the program, opportunities exist to also increase the public accessibility of entities’ reports and program performance information.

Recommendations

Recommendation 3: It is recommended that the Assistant Deputy Minister, LMS, develop performance measurement indicators to track the program’s progress towards its intended outcomes, and explore options for increasing public access to entities’ reports and program performance information.

Management Response and Action Plan

Management agrees with Recommendation #3

1. Since completion of the Joint Audit and Evaluation, LMS has developed draft performance measurement indicators to track the program’s progress towards its intended outcomes, which will be formalized following consultation with subject matter experts.
2. Since completion of the Joint Audit and Evaluation, LMS has been exploring options for increasing public access to ESTMA reports that are published by businesses subject to the Act and assessing the options based on several criteria, including, cost, technical feasibility, compliance with Government of Canada web accessibility requirements, etc.

Position Responsible: DG, BMSDB

Timing:

1. Performance indicators and existing Program Information Profile will be updated by January 2020.
2. Options and proposed strategies for increasing public access to ESTMA will be developed by January 2020.

Appendix A – Engagement Criteria

The criteria were developed from the key controls set out in the TB Secretariat’s Core Management Controls, the TB Policy on Results, and other related instruments. The criteria will guide the fieldwork and will form the basis for the overall engagement conclusion.

The objective of this engagement was to assess the effectiveness of the management controls supporting NRCan’s role in the implementation and administration of the Act. The engagement also examined the effectiveness and efficiency of NRCan’s processes to manage and oversee the requirements placed on extractive entities that are subject to the Act.

The following criteria were used to conduct the engagement:

Sub-Objectives	Criteria
Sub-Objective #1: To determine the relevance of the program and its alignment with government priorities and NRCan strategic outcomes.	1.1 Assessment of the rationale for the program.
	1.2 Assessment of the extent to which the program aligns with federal government priorities and NRCan strategic outcomes.
Sub-Objective #2: To determine whether resource planning and management oversight mechanisms are in place to effectively administer ESTMA.	2.1 Effective financial planning processes support the management and administration of ESTMA, including the maintenance and sustainability of the IT solution.
	2.2 Resourcing requirements to administer ESTMA have been assessed and defined, including required capacity, skills and competencies.
Sub-Objective #3 To determine whether effective processes are in place to identify and engage with stakeholders on an ongoing basis.	3.1 Effective processes and procedures are in place to identify stakeholders and engage in outreach activities in support of program implementation.
	3.2 Guidance, tools and procedures are effectively communicated to relevant stakeholders in support of ESTMA requirements.
Sub-Objective #4 To determine whether the program has a formalized framework and business processes in place to support legislative requirements.	4.1 An effective framework is established and implemented to outline and support core program components.
	4.2 Business processes and standard operating procedures are developed, implemented and operating as intended to enable ESTMA staff to effectively fulfil their duties.
Sub-Objective #5 To determine whether the program has employed and maintained a sustainable information technology solution that supports program operations, and is in compliance with departmental and governmental policies.	5.1 The ESTMA program employs IT solutions to support efficient business operations.
	5.2 The implementation of the ESTMA IT reporting system was completed in accordance with departmental and governmental policies.
	5.3 IT controls are in place and operating effectively to support the production of accurate, reliable, accessible and timely information for the Program, in compliance with departmental and governmental policies.
Sub-Objective #6 To determine the extent to which the program has achieved its expected outcomes (as per the logic model in Appendix B), and identify any unexpected outcomes.	6.1 Assessment of the extent to which the program’s expected outcomes have been achieved. The extent to which the program has been implemented as planned, and the major challenges and lessons learned from the implementation of the program. The extent to which progress has been made towards achieving the intended outcomes of the program: Industry is aware of, and takes action to address, their obligations under the Act; Industry accesses and uses tools and guidance that facilitate compliance; Industry compliance with the Act; The public has access to reports under the Act; and Canada meets international commitments to the transparency of the extractive sector with the goal of deterring corruption. The internal and external factors that influence the achievement of the intended outcomes.
	6.2 Assessment of any unintended outcomes (positive or negative) which may have resulted from the program. The extent to which there have been unintended outcomes (either positive or negative) resulting from the program.
Sub-Objective #7 To determine the extent to which the program’s design, delivery and performance have contributed to the efficient use of resources.	7.1 Assessment of the extent to which the program is achieving its outcomes efficiently, including through the efficient use of resources. The extent to which the program is achieving its outputs and outcomes efficiently and economically.

Appendix B – ESTMA Program Logic Model

ULTIMATE OUTCOME

Canada meets international commitments to the transparency of the extractive sector with the goal of deterring corruption

INTERMEDIATE OUTCOMES

Industry compliance with the Act

The public has access to ESTMA reports

IMMEDIATE OUTCOMES

Industry is aware of, and takes actions to address, their obligations under the Act

Industry accesses and uses tools and guidance that facilitate compliance.

OUTPUTS

Up-to-date list of enrolled entities

Consultation and engagement sessions, meetings, surveys, etc.

Tools, guidance, and information for industry

Public-facing platform linking to entities’ reports

Validated reports

Enforcement actions

ACTIVITIES

Enrol entities

Undertake ongoing stakeholder consultation and engagement

Provide tools and guidance for industry, and respond to stakeholder questions

Review, validate, and publish links to entities’ reports

Conduct basic compliance research and checks, including audits/ inspections as needed

Undertake enforcement actions as needed

Text version

Appendix B shows the logic model for ESTMA.

The logic model starts with the following activities: enrol entities; undertake ongoing stakeholder consultation and engagement; provide tools and guidance for industry, and respond to stakeholder questions; review, validate, and publish links to entities’ reports; conduct basic compliance research and checks, including audits/ inspections as needed; and, undertake enforcement actions as needed.

The outputs are as follows: up-to-date list of enrolled entities; consultation and engagement sessions, meetings, surveys, etc.; tools, guidance, and information for industry; public-facing platform linking to entities’ reports; validated reports; and, enforcement actions.

The immediate outcomes are as follows: industry is aware of, and takes actions to address, their obligations under the Act; and, industry accesses and uses tools and guidance that facilitate compliance.

The intermediate outcomes are as follows: Industry compliance with the Act; and, the public has access to ESTMA reports.

The ultimate outcome is: Canada meets international commitments to the transparency of the extractive sector with the goal of deterring corruption.