Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Internal Audit. Audit of HRIS: A Human Resources Management Enabler"

Transcription

1 Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010

2

3 Table of Contents EXECUTIVE SUMMARY INTRODUCTION BACKGROUND OBJECTIVES SCOPE METHODOLOGY STATEMENT OF ASSURANCE OVERALL ASSESSMENT AUDIT CONCLUSION SCORECARD OBSERVATIONS AND RECOMMENDATIONS SUPPORTING THE ACHIEVEMENT OF HUMAN RESOURCES OBJECTIVES ADEQUATE MANAGEMENT INFORMATION AVAILABLE FROM THE HRIS PROTECTION OF THE CONFIDENTIALITY, INTEGRITY AND AVAILABILITY OF THE DATA RELIABILITY AND INTEGRITY OF DATA FLOWS FROM OTHER SYSTEMS CONCLUSION APPENDIX AUDIT CRITERIA... 24

4

5 Executive Summary Elections Canada s Strategic Plan identifies human resources as a key enabler of its strategic objectives and as one of the four pillars that support the agency s success in ensuring that it continues to earn the confidence of Parliament and Canadians. The Human Resources (HR) Sector at Elections Canada has various systems, tools and processes in place to support the recording, processing and reporting of human resources information: the primary IT system is called the Human Resources Information System (HRIS). The ultimate objective of this system is to support Elections Canada s employees and management by providing timely and relevant information for decision making. To meet the human resources needs of small government organizations, Public Works and Government Services Canada (PWGSC) developed the HRIS as a shared system; it is currently used by over 30 government organizations. PWGSC, in consultation with HRIS user organizations, is responsible for developing, maintaining and updating the core functionality of the HRIS. However, each user organization, including Elections Canada, is solely responsible for hosting its own copy of the HRIS application as well as for maintaining the application and the organization s own data. An audit was conducted to assess how well business processes at Elections Canada enable the HRIS to deliver useful management information. In addition, the audit assessed data integrity, the usefulness and limitations of the HRIS, management reports produced by the system, the control framework, control over interfacing with other systems and HRIS best practices in other organizations. The overarching goal of the audit was to focus less on the technology itself and more on the business processes supporting the ability of the technology to deliver on Elections Canada s human resources objectives. The audit was conducted from April to July The HRIS is a powerful tool for workforce management; still, the federal government is currently considering moving HRIS users to another IT system. Notwithstanding the functional capabilities of the HRIS or any other IT system, the effectiveness of such technology for human resources management is predicated on consistent policies, sound business processes and employee training and awareness at the organizational level. Elections Canada continues to develop its capacity for human resources data management at both the functional level in the HR Sector and the line management level. The current transformation of the HR Sector has involved positive initiatives, such as defining revised roles and responsibilities (including matching the right skills to the right roles) as well as developing data management policies and procedures and an associated awareness campaign targeting line managers. This transformation is also the source of significant change, which will take time to be implemented and become effective. The initiatives are underway and showing good progress, but current weaknesses in the identification, communication, capture and validation of salient human resources data from across the agency limits the reliability and timeliness of information available from the HRIS. Without the clear identification and timely capture of required data from all line managers, the quality of the HRIS reports continues to suffer. Audit of HRIS: A Human Resources Management Enabler 5

6 The audit of the HRIS had four objectives. They are outlined below, along with the key conclusions for each. Audit Objective 1: To assess whether the HRIS is used effectively and efficiently to support the achievement of HR objectives. Needs Moderate Improvement While a human resources strategy and the associated tactical plans to transform human resources are clear and well documented, clearly developed and communicated HR data management policies and procedures are not yet in place to ensure that reliable and timely HR data is fed into the HRIS from across the organization. The development of such policies and procedures would enhance the effectiveness and efficiency of the HRIS in supporting the achievement of Elections Canada s HR objectives. Audit Objective 2: To assess whether the management information available from the HRIS is adequate in meeting Elections Canada s human resources needs. Needs Minor Improvement The HRIS supports over 80 standard human resources reports as well as virtually unlimited custom reporting capabilities. Elections Canada relies heavily on custom reporting because of a wide range of requests for different human resources information from managers within the organization. Procedures for identifying the standard human resources information that is required for management reporting and decision making purposes, and for regularly collecting the data from line managers, have yet to be completed; however, the new Human Resources Dashboard ( Health of Agency report) is a positive first step, allowing for the tracking of key performance data over time. Once standard data are identified, appropriate data quality assurance procedures can be designed, and additional management reports can then be developed to track and report on progress toward objectives. The conclusion is that functionality in terms of generating management information is adequate, but the business processes needed to ensure the reliability and timeliness of the data in the HRIS continue to be a challenge in delivering adequate management information that meets the agency s human resources needs. Audit Objective 3: To assess whether the control framework in place is adequate and effective in protecting the confidentiality, integrity and availability of the data in the HRIS. Satisfactory HRIS roles and responsibilities are clearly documented, understood and implemented, including appropriate segregation of duties and control of logical and physical access to servers and data. This is accomplished through policies and procedures, as well as protocols and controls built into the HRIS application. Elections Canada s IT backup procedures are sufficient to ensure that all HRIS data are available while minimizing any potential data loss. The conclusion is that the control framework in place is adequate and effective in protecting the confidentiality, integrity and availability of the data in the HRIS. Audit of HRIS: A Human Resources Management Enabler 6

7 Audit Objective 4: To assess the reliability and integrity of data flows from other systems on which the HRIS depends. Needs Moderate Improvement Used as a tool to enable human resources management, the HRIS is entirely dependent on timely, accurate and reliable information coming in from across the agency. While the development of data management policies and procedures is underway and showing good progress, the current lack of consistently understood policies and procedures leads to inaccurate information in the HRIS, a lack of alignment between managers or sectors and the HR Sector, and negative perceptions of the usefulness and reliability of the HRIS. The conclusion is that the data currently entering the HRIS are less reliable than what is required to support effective reporting to management and decision making. Recommendations In order to support better human resources data management and more reliable reporting, Elections Canada s priority should be the creation of consistent, standardized policies and business processes to support the accurate, timely and reliable capture of human resources information from across the agency. To that end, the following four recommendations are made: Develop the supporting policies and business processes for the effective identification, communication, capture and validation of human resources data that are salient for organizational management. Develop a formal quality assurance framework relative to HRIS data to support and monitor improved information quality, timeliness and reliability. Develop a comprehensive awareness and education program, focused on achieving a high level of engagement among line managers, to support the implementation, understanding and buy-in of HR data management policies and business processes. Identify a set of standard HRIS reports that supports the day-to-day management needs of line managers and provide them with access to these reports in order to increase knowledge across the organization and minimize requests for custom reports. Audit of HRIS: A Human Resources Management Enabler 7

8 1. Introduction 1.1 Background Elections Canada s Strategic Plan identifies human resources as a key enabler of its strategic objectives and as one of the four pillars that support the agency s success in ensuring that it continues to earn the confidence of Parliament and Canadians. The permanent employee base is supplemented with casual, temporary and contract personnel as well as overtime performed by core staff when the workload peaks in particular, to prepare for and conduct electoral events. The succession of minority governments and significant electoral reforms are placing high demands on Elections Canada s personnel. The Human Resources (HR) Sector at Elections Canada has various systems, tools and processes in place to support the recording, processing and reporting of human resources information. These systems assist Elections Canada s employees and management by providing timely and relevant information for decision making. Elections Canada uses the HRIS as its core IT system to manage its human resources. To meet the human resources needs of small government organizations, Public Works and Government Services Canada (PWGSC) developed the HRIS as a shared system; it is currently used by over 30 government organizations. PWGSC, in consultation with HRIS user organizations, is responsible for developing, maintaining and updating the core functionality of the HRIS. Each user organization, however, including Elections Canada, is solely responsible for hosting its own copy of the HRIS application as well as for maintaining the application and the organization s own data. The HRIS provides all the basic human resources functionality required by small government organizations, including classification, staffing, leave and training, and employee information transactions related to official languages, conflict of interest, appraisals, education, security information, career management, etc. The HRIS is fully bilingual, meets central agency requirements and supports electronic data transfer to other systems so that the information can be used for various management reporting needs. The application also provides standard and custom reporting tools; it interfaces with salary management, spreadsheet and database systems to simplify ad hoc reporting. The HRIS also includes an on-line Help library, the HRIS User Guide and computer-based training for each module. Elections Canada is planning to launch a project to review all of its corporate systems, including the HRIS. This is currently the primary corporate system used to manage the agency s human resources, although the federal government is considering moving HRIS users to another IT system. The timing of this audit is appropriate, given Elections Canada s intention to review its corporate systems. Whether the agency uses HRIS or another IT system, it is important to ensure that the organization has an adequate and effective process for the management of information on its human resources. Audit of HRIS: A Human Resources Management Enabler 8

9 1.2 Objectives The overall objective of this audit is to provide reasonable assurance that the management control framework in place for the HRIS is adequate and effective in supporting Elections Canada s human resources needs. Specifically, this audit will assess: whether the HRIS is used effectively and efficiently to support the achievement of human resources objectives whether the management information available from the HRIS is adequate in meeting Elections Canada s human resources needs whether the control framework in place is adequate and effective in protecting the confidentiality, integrity and availability of the data in the HRIS the reliability and integrity of data flows from other systems on which the HRIS depends 1.3 Scope The audit assessed the processes in place for the management of human resources information captured in the HRIS. In addition, it assessed data integrity, the usefulness and limitations of the HRIS, management reports produced by the system, the control framework, control over interfacing with other systems and HRIS best practices in other organizations. The audit was conducted from April to July Methodology The audit methodology employed for this audit is in compliance with the Institute of Internal Auditors (IIA) Standards for the Professional Practice of Internal Auditing. The methodology included reviewing an extensive set of documentation, including more than 40 separate documents and reports covering the agency s Human Resources Strategy, HRIS policies and procedures, security assessments and sample reports. As well, an extensive series of interviews, including multiple interviews with key stakeholders, was undertaken to ensure that all relevant audit evidence was captured and properly understood. During the fieldwork phase of the audit, 30 separate interviews were conducted with stakeholders from across Elections Canada (including HR Sector managers, IT Directorate personnel and HRIS users), with PWGSC and, for benchmarking purposes, with other similar-sized government organizations that also use the HRIS. The internal audit process involved three main phases planning, conducting and reporting each of which was subject to a quality assurance review. The planning and conducting of the audit were done in conformity with professional standards and legislative and policy frameworks in order to ensure that the audit s findings and conclusions would be appropriate and consistent with the evidence collected. Audit of HRIS: A Human Resources Management Enabler 9

10 2. Statement of Assurance In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time of the audit, against pre-established audit criteria that were agreed with management. The audit opinion is applicable only to the entity examined, as described in the Scope section of this report. Audit of HRIS: A Human Resources Management Enabler 10

11 3. Overall Assessment 3.1 Audit Conclusion This section presents the overall conclusion for each audit objective. Supporting the Achievement of Human Resources Objectives The management process for the data in the HRIS is generally sufficient to support the agency s human resources objectives. The HRIS is a powerful tool for workforce management and is currently used by over 30 government departments and agencies. However, any IT system used to manage information on the human resources of an organization depends on the identification of key data, on quality data and on reports that support decision making. It is therefore important to establish and document appropriate business processes to manage that data. It is equally important to identify key data for decision making and develop an appropriate quality assurance process. Without the clear identification and timely capture of required data from all line managers, the quality of HRIS reports continues to suffer. The HR Sector is currently transforming some of its practices, and the changes are showing good progress. There has been much improvement in the quality and use of human resources information at Elections Canada in the past several years. Data are more consistently and actively used at the senior management level to help make planning and prioritization decisions; the new Human Resources Dashboard ( Health of Agency report) is a good example. However, the business processes in use with respect to the data in the HRIS could be enhanced in order to better support the achievement of Elections Canada s human resources objectives. Adequate Management Information Available from the HRIS The IT system used to manage information on the agency s human resources should provide adequate management information to support decision making. The HRIS supports over 80 standard human resources reports as well as virtually unlimited custom reporting. Elections Canada relies heavily on custom reporting because of a wide range of requests for different human resources information from the agency s managers. To maximize the efficiency of the reports, the first step is to identify key information required by the agency to achieve its objectives. Once this is identified, appropriate business processes and quality assurance procedures can be developed to track and report on the key data. The conclusion is that functionality in terms of generating management information is adequate, but the business processes needed to ensure the reliability and timeliness of the data in the HRIS continue to be a challenge in delivering adequate management information that properly supports planning and decision making regarding human resources. It is therefore important to develop a comprehensive awareness and education program, aimed at producing a high level of engagement among line managers. This will support the implementation and understanding of data management policies and business processes, and it will support having quality information on human resources in HRIS. Audit of HRIS: A Human Resources Management Enabler 11

12 Protection of the Confidentiality, Integrity and Availability of the Data The roles and responsibilities related to the HRIS are clearly documented, understood and implemented, including the appropriate segregation of duties and control of logical and physical access to servers and data. This is accomplished through policies and procedures as well as protocols and controls built into the HRIS application. The conclusion is that the control framework in place is adequate and effective in protecting the confidentiality, integrity and availability of the data in the HRIS. Reliability and Integrity of Data Flows from Other Systems Line managers at Elections Canada are generally aware of their human resources accountabilities and understand the basic human resources processes. However, the understanding of data management procedures varies from manager to manager. As a tool used to enable human resources management, the HRIS is entirely dependent on timely, accurate and reliable data coming in from across the organization. The development of data management policies and procedures for more transactional human resources activities is underway and showing good progress. Nevertheless, the current lack of consistently understood data management policies and procedures supporting a more strategic collection of human resources information leads to inaccurate information in the HRIS and negative perceptions of the usefulness and reliability of the HRIS. The policies and procedures for data entry and validation should also be developed and documented, and they should include an appropriate quality control framework. 3.2 Scorecard The rating and supporting explanation summarize the current status for each audit criterion. Criterion Rating Explanation Recommendation Objective 1 Governance Plans and Objectives HRIS Policies and Procedures Effectiveness and Efficiency of the Use of the HRIS to Support HR Objectives G A strategic HR plan exists ( ) and flows directly from Elections Canada s strategic plan. Identifies HR as a critical strategic enabler. Includes operational plans and objectives that support the HR strategy, including a new HR Sector structure to support the strategic use of HR information to achieve the agency s objectives. Y Progress is underway in the development of policy and procedures. However, better business processes are required to support timely and accurate management information. Need to clarify data management roles and responsibilities. R1 Develop policies and business processes. Audit of HRIS: A Human Resources Management Enabler 12

13 Criterion Rating Explanation Recommendation HRIS Risk Management Objective 2 Availability of HRIS Reports HRIS Performance Measures O While current risks and data quality issues are managed in an ad hoc fashion, there is no formal risk management framework in place to support the effective and efficient use of the HRIS as an HR enabler. Risks related to data quality, timeliness and reliability of data in the HRIS continue to exist and limit the usefulness of reports, but they have not been formally identified or mitigated through a quality assurance process. Adequacy of Management Information Available from the HRIS to Meet HR Needs Y HRIS can produce over 80 standard reports along with customized reports, which should meet the vast majority of standard HR management needs. Other similar organizations are able to leverage HRIS standard and custom reporting for all HR management needs. These organizations use the HRIS in a strategic fashion to directly support their corporate HR vision and HR objectives. Elections Canada is still in the early stages of using strategic reports on HR trends. B There is limited use of performance measures with respect to the HRIS. HRIS staff currently produces a very high volume of customized HR reports, based on management requests. This creates a significant workload that perpetuates a reactive, transactional use of the tool and precludes the development of a more strategic focus. There is no shared or consistent understanding of how standard and custom reports best align with the attainment of HR and agency objectives. The new HR Dashboard ( Health of Agency report) is an important step in the right direction. It identifies key data to track, and it enables their efficient collection, quality assurance and reporting of performance measures. Other HR Reports G Management reports (notably the HR Dashboard) draw relevant information from a range of sources, including Compensation Services. Information is not duplicated. Objective 3 HRIS Roles and Responsibilities Protecting Confidentiality, Integrity and Availability of Data in the HRIS G HRIS roles are clearly defined, implemented and understood through protocols and controls built into the HRIS application. R2 Develop a formal quality assurance framework. R1 Develop policies and business processes. R3 Develop an awareness and education program. R4 Identify and provide a set of standard HRIS reports. Audit of HRIS: A Human Resources Management Enabler 13

14 Criterion Rating Explanation Recommendation Segregation of Duties G Segregation of duties is enforced in such a way that there is little likelihood of overlap or duplication. HRIS Data Security G User access controls in the HRIS are sufficient to provide a reasonable level of data security. Physical access to the HRIS application and data is rigorously controlled through existing IT policies and procedures. All application and database information is backed up according to Elections Canada policies. The risk of data loss for the HRIS system is minimal. Objective 4 Reliability and Integrity of Data Flows from Other Systems on Which the HRIS Depends Employee Training Y While HRIS staff has provided strong day-to-day support and guidance, managers across the agency do not consistently use formalized approaches to HR data management. In interviews, the consistent understanding of HR data management procedures among line managers was uniformly weak. The result is a wide range of approaches by individual managers, leading to inaccurate information in the HRIS and negative perceptions of the usefulness and reliability of the HRIS. Management HR Accountabilities Data Transfer Controls B Managers across EC are generally aware of their HR accountabilities and understand the basic HR processes. Y While processes and checklists for data entry and validation are currently under development, they are not yet complete. Lack of documented business processes and procedures for data entry and validation are a significant source of concern for ensuring the reliability of HRIS data. R3 Develop an awareness and education program. R4 Identify and provide a set of standard HRIS reports. R1 Develop policies and business processes. R3 Develop an awareness and education program. R1 Develop policies and business processes. R2 Develop a formal quality assurance framework. G B Y O R Gr Satisfactory Needs Minor Improvement Needs Moderate Improvement Needs Significant Improvement Unsatisfactory Unknown; Cannot Be Measured Audit of HRIS: A Human Resources Management Enabler 14

15 4. Observations and Recommendations The details of each observation, conclusion and recommendation resulting from the audit process are outlined below. 4.1 Supporting the Achievement of Human Resources Objectives Governance Plans and Objectives Strategic and operational human resources plans are in place. Elections Canada s strategic plan identifies human resources as a key enabler of its strategic objectives and as one of the four pillars that support the agency s success in ensuring that it continues to earn the confidence of Parliament and Canadians. A strategic human resources plan exists and is in effect for the period It flows directly from the agency s strategic plan, identifies human resources as a critical enabler for the broader strategic objectives and includes operational plans and objectives that support the strategy. From a strategic perspective, human resources data are being more consistently and actively used at the senior management level to help inform planning and prioritization; the Human Resources Dashboard ( Health of Agency report) is a good example, providing guidance on the type of data that is key to the improved management of human resources. The new HR Sector structure supports the strategic use of HR information to achieve the objectives of the agency HRIS Policies and Procedures Procedures for human resources data management are still in development. Elections Canada continues to develop its capacity for human resources data management at both the strategic and the tactical levels. Identifying key information that will be used by management is an essential step in properly managing human resources information. Through the implementation of human resources plans over the last several years, there has been marked improvement in the quality and use of human resources information at Elections Canada. The agency is benefiting from enhanced data quality, following initiatives to review and correct the human resources data in the HRIS. However, current business processes with respect to data collection and validation could be enhanced in order to better support Elections Canada s human resources objectives. Appropriate policies and procedures are important to ensure that reliable and timely data is fed into the HRIS from across the agency. While suitable policies and procedures are in place to enable effective use of the HRIS application by the HR Sector, the supporting business processes for the effective and timely identification, collection, capture and validation of information from operational line managers are not yet in place. This situation is compounded by an inconsistent understanding of procedures among line managers and by a lack of buy-in with respect to human resources data management. Audit of HRIS: A Human Resources Management Enabler 15

16 While a process exists for data validation through the manual review of bimonthly and annual reports sent to administrative officers for each sector, this process does not yet provide timely identification of data integrity problems and is entirely dependent on the diligence, knowledge and timely feedback of administrative officers. Recommendation 1. Develop supporting policies and business processes for the effective identification, communication, capture and validation of human resources data that are salient for organizational management. Management Response Responsible Position: Assistant Director, Policy, Planning and Reporting Management agrees with this recommendation. A complete guide, documenting information system data management procedures for the various Human Resources sections, will be developed and distributed to all HR Sector staff. The Quick User Guide for self-service leave will be revised, and the updates will be communicated to employees and managers. Estimated completion date: September 30, HRIS Risk Management No formal risk management framework is in place to support the HRIS. While HRIS staff has informally identified certain risks, such as data validation, and has implemented mitigating activities, such as reviewing reports in order to determine data quality issues, no documentation or procedures yet exist with respect to the formal identification, assessment or management of risks associated with the HRIS. As such, risk management has been ad hoc. For example, although data validation (a form of quality assurance or risk management) is undertaken bimonthly and annually, no formal and ongoing quality assurance mechanism is in place to mitigate data quality risks on a transactional basis. Risks related to the quality, timeliness and reliability of data in the HRIS continue to exist and further limit the usefulness of reports based on data in the HRIS and the ability to use them as management tools. Recommendation 2. Develop a formal quality assurance framework relative to HRIS data to support and monitor improved information quality, timeliness and reliability. Management Response Responsible Position: Assistant Director, Policy, Planning and Reporting Management agrees with this recommendation. Audit of HRIS: A Human Resources Management Enabler 16

17 The current quality assurance framework for HRIS data will be reviewed, documented and reinforced in accordance with the audit team s recommendations. The updated framework will identify the methodology and frequency of quality controls. It will also identify a strategy for communicating to staff lessons learned in order to reduce the rate of error in entering data into the HRIS. Estimated completion date: October 31, Adequate Management Information Available from the HRIS Availability of HRIS Reports HRIS use has been generally limited to transactional activities. The HRIS supports over 80 standard human resources reports as well as virtually unlimited custom reporting capabilities. Functionality in terms of generating management information is adequate. However, it was noted that Elections Canada relies heavily on custom reporting because of a wide range of requests for different human resources information from managers within the organization. Despite the evident HRIS and in-house capability of producing reports (either standard reports or custom reports based on specific criteria) that can support human resources plans and demonstrate alignment with the broad strategic objectives of the agency, the lack of reliable, accurate and timely HRIS information makes management reports largely inadequate for meeting the human resources needs of the organization. A key step in improving the availability of HRIS reports is to identify the salient information required in management reports in order to then be able to collect that information in a timely manner. The agency is just starting to identify key strategic information on its human resources. For example, the recent initiative to produce a Human Resources Dashboard, called the Health of Agency report, which includes information from the HRIS, has been completed and approved. Going forward, the HRIS will be used to generate some of the standard information required for this new report. However, the lack of a consistent vision of the HRIS as a corporate enabler perpetuates the reactive, transactional use of the tool. This precludes the development of a more strategic focus on the identification of necessary human resources management information. The agency should ensure that it periodically reviews the key data it needs for the purposes of reporting on human resources. Recommendation See Recommendation 1 above. Audit of HRIS: A Human Resources Management Enabler 17

18 Other organizations that use the HRIS have demonstrated that the management information available from the system is adequate in meeting their human resources needs. In other similar-sized federal government organizations that were interviewed as part of this audit, the HRIS is being used in a strategic fashion to directly support a corporate human resources vision and the achievement of human resources objectives. For example, other HRIS user organizations regularly produce a set of standard reports for line managers across their organizations. These reports provide managers with timely and accurate information about their staff that allows managers to a) validate the information on an ongoing basis and report any discrepancies to the human resources department, b) better understand the strategic nature of the human resources function and its reliance on accurate, timely data from managers and c) more effectively plan, monitor and adapt to changes in their human resources needs over time. Recommendation 3. Develop a comprehensive awareness and education program, focused on achieving a high level of engagement among line managers, to support the implementation, understanding and buy-in of HR data management policies and business processes. Management Response Responsible Positions: Assistant Director, Policy, Planning and Reporting Assistant Director, Development and Talent Management Management agrees with this recommendation. An awareness and education program will be developed, comprising key messages and elements adapted to the various stakeholders in HRIS data quality assurance, including managers, HR Sector staff, administrative officers, etc. Estimated completion date: October 31, 2011 Recommendation 4. Identify a set of standard HRIS reports that support the day-to-day management needs of line managers and provide them with access to these reports in order to increase knowledge across the organization and minimize requests for custom reports. Management Response Responsible Position: Assistant Director, Policy, Planning and Reporting Management agrees with this recommendation. A new list of standard HRIS reports will be established on the basis of the key information identified by managers during the consultation process on the Human Resources Dashboard. The HRIS will consequently be reprogrammed to facilitate the production of reports for managers in accordance with Elections Canada s planning cycle. Estimated completion date: October 31, 2011 Audit of HRIS: A Human Resources Management Enabler 18

19 4.2.2 HRIS Performance Measures Procedures to identify and collect standard human resources data from all managers on a regular basis have yet to be completed; however, the new Human Resources Dashboard ( Health of Agency report) is a positive first step. It will allow key data, as well as key HR performance data, to be tracked over time. Once more detailed human resources information has been identified, performance measures can then be developed to track implementation and adherence to HR data management policies and procedures. Performance measures and indicators can then be reported on to track progress against HR objectives. As noted above, while suitable policies and procedures are in place to enable effective use of the HRIS application by the HR Sector, there is limited use of performance measures with respect to the HRIS. HRIS staff currently produces a very high volume of custom reports, based on management requests. This creates a significant workload that perpetuates a reactive, transactional use of the tool and precludes the development of a more strategic focus. The tracking of formal performance data on how HRIS staff spends its time would support the business justification for a more strategic focus on the use of the HRIS as a human resources management enabler and for the achievement of human resources objectives Other Human Resources Reports The HR Sector at Elections Canada has various systems, tools and processes in place to support the recording, processing and reporting of human resources related information. Elections Canada uses the HRIS as its core system to manage its human resources; the primary reason is that the HRIS provides all the basic functionality required by small government organizations, including classification, staffing, leave and training, and employee information transactions, including official languages, conflict of interest, appraisals, education, security information, career management, etc. The HRIS also interfaces with salary management, spreadsheet and database systems to simplify ad hoc reporting. While the HRIS is the sole source for the large majority of human resources management reports, some management information requires the HR Sector to access other sources of data. A good example is the new Human Resources Dashboard ( Health of Agency report), which draws relevant information from a range of sources, including Compensation Services. That said, the audit concluded that the HRIS is regarded as the core and primary source of human resources information within Elections Canada and that information held in the HRIS is not duplicated in other systems. This greatly simplifies the collection and use of human resources data across the organization by reducing the risk of data duplication and inconsistency (i.e. similar data being held in multiple locations). Audit of HRIS: A Human Resources Management Enabler 19

20 4.3 Protection of the Confidentiality, Integrity and Availability of the Data HRIS Roles and Responsibilities Policies and procedures to ensure the confidentiality, integrity and availability of HRIS data are in place. HRIS administrative and end-user roles are clearly defined and implemented through protocols and access controls built directly into the HRIS application. These roles and responsibilities were determined and implemented by PWGSC over time through discussions with the various government organizations that use the HRIS application. The standard HRIS administrative roles are clearly defined and described in the available HRIS documentation. Interviews indicated that all stakeholders clearly understand their respective roles and that the system of software controls is effective in delineating the various roles. Furthermore, segregation of duties is enforced by the HRIS application in such a way that there is little likelihood of overlap or duplication of accountabilities. One concrete example is the HRIS self-service application for leave management. Use of the application is fairly high and consistent among Elections Canada s employees. The different roles, responsibilities and access privileges accorded to HRIS administrators, managers and end-users are clear and enforced through controls built directly into the HRIS application. Interviewees indicated a fairly uniform understanding of their accountabilities and basic human resources processes for example, use of the Personnel Services Request (PSR) form and who to contact. In addition, interviews with the IT Directorate determined that its access controls and tools are distinct from HRIS administrators. The IT Directorate has no direct access to HRIS data and cannot make unilateral code changes to the HRIS application without the knowledge of HR Sector management Segregation of Duties The user access controls in the HRIS (including username and password controls) are sufficient to provide a reasonable level of control over the data held in the application. Furthermore, physical access to the HRIS application and data is rigorously controlled through existing policies and procedures related to the IT data centre HRIS Data Security The entire HRIS application and database are physically located and maintained within Elections Canada. PWGSC s Consulting, Information and Shared Services Branch provides helpdesk and debugging support to assist Elections Canada staff with technical issues that may arise. This occasionally requires that Elections Canada forward a depersonalized copy of the database to PWGSC to aid in debugging. That organization has provided Elections Canada with a depersonalization tool that is consistently used to remove any personal information from the database. Copies of the database sent to PWGSC are destroyed once the problem has been resolved. The depersonalization tool is an effective control to ensure that the confidentiality of the database is maintained. Audit of HRIS: A Human Resources Management Enabler 20

21 Furthermore, as discussed above, the procedures for ensuring that any and all IT Directorate involvement with the HRIS application and/or database are clearly understood and followed by staff are in place and understood by all stakeholders. These include ensuring that all activities that affect the HRIS are first approved by the HRIS administrator. Typical activities include updating and upgrading the HRIS application, evergreening the hardware used to run the HRIS application (i.e. keeping it up to date), troubleshooting and resolving HRIS data issues and creating depersonalized copies of the HRIS database (if needed) for PWGSC to help in problem resolution. Additionally, the IT Directorate ensures that all of the agency s application and database information, including the HRIS, is backed up according to Elections Canada s policies. The risk of data loss for the HRIS application is minimal. 4.4 Reliability and Integrity of Data Flows from Other Systems Employee Training Training with respect to human resources data management is limited. Used as a tool to enable human resources management, the HRIS is entirely dependent on timely, accurate and reliable information coming in from across the agency. However, a lack of consistently understood data management policies and procedures for supporting a more strategic collection of human resources information was noted during the audit. Line managers across Elections Canada are the primary source of human resources data coming into the HRIS. The HR Sector depends on line managers (those with staff) to provide accurate and reliable data for capture in the HRIS. Interviewees indicated that training with respect to human resources data management is limited; for the most part, managers learn data management processes and procedures from colleagues and from learning by doing rather than through formalized, consistent approaches to acquiring those skills and their related understanding. Interviewees indicated little to no consistency in the type or frequency of human resources data required by the agency, aside from what the standard PSR form requires. One exception, and a clear success story that Elections Canada can build on, is the advent and use of the HRIS self-service application for leave management. Awareness and use of this on-line component of the HRIS is high and consistent among both managers and staff within Elections Canada. The ability to avail themselves of the functionality at any time, and to do so regardless of whether HR staff is available, were noted as strong incentives for adoption. The fact that leave data are maintained and available on-line for up to two years makes the line managers job of verifying and approving leave requests simple and efficient. It also simplifies the identification of any leave-related discrepancies by employees and/or their managers. This self-service component of the HRIS is a good example of how the clear identification of human resources data requirements and the implementation of efficient processes can support human resources objectives and increase employee buy-in. While HRIS has been established as the primary tool for managing human resources data, interviewees indicated that a wide range of approaches are used by individual managers to maintain and manage their own copies of HR data on staff in their individual areas of responsibility. This information is not consistently shared with the HR Sector (or in-house HRIS Audit of HRIS: A Human Resources Management Enabler 21

22 specialists), and this situation leads to a range of issues: inaccurate information in the HRIS, a lack of alignment between managers and sectors and the HR Sector, and negative perceptions of the usefulness and reliability of the HRIS. In short, managers do not consistently follow human resources data management procedures, nor do they rely on the HRIS as the gold standard for human resources information across the agency. Recommendation See Recommendations 3 and Management of HR Accountabilities Managers across Elections Canada are generally aware of their human resources accountabilities and understand the basic human resources processes. Interviews with a range of managers from different levels and from different organizational units indicated that use of the HRIS self-service application for leave management is fairly high and consistent. Interviewees also indicated a fairly uniform understanding of their human resources accountabilities and basic human resources processes (e.g. use of the PSR form, who to contact); however, interviewees understanding of data management procedures was uniformly weak. Recommendation See Recommendations 1 and Data Transfer Controls Controls are in place to ensure that transfers of human resources related data to the HRIS are complete and accurate. Processes and checklists for data entry and validation are in development but are not complete. The lack of rigorous business processes and procedures for data entry and quality assurance (validation) is a source of concern for the accuracy of the data in the HRIS. Recommendation See Recommendations 1 and 2. Audit of HRIS: A Human Resources Management Enabler 22

23 5. Conclusion Elections Canada s heightened emphasis on the importance of organizational growth and development has become evident in its commitment to fostering a strong, strategic approach to workforce management. This corporate engagement has been exemplified by steps taken to enhance the overall capability of strategic planning in the HR Sector, particularly for those activities pertaining to resource acquisition, re-skilling of existing resources to reflect changing corporate priorities and determining learning and career development requirements that support resource retention. To underpin a more profound understanding of the characteristics and capabilities of the workforce, Elections Canada management must rely on key reports and data. Ideally, these will be generated from accurate, up-to-date workforce information that is primarily resident in the HRIS database, an important human resources management enabler. Given the demonstrated usefulness of such information and associated trend analyses, access to high-quality information is key to supporting sound decision making by management relative to the workforce, not only on a day-to-day basis but also over the longer term. In order to move swiftly toward a high level of confidence in the data derived from the HRIS, it is essential that the HR Sector take steps to enhance all related human resources business processes to ensure accurate and timely data entry; to confirm associated quality assurance activities; and to provide managers with easy access to meaningful, standardized reporting formats. These efforts would be complemented by the implementation of a comprehensive training and communications plan targeted at all managers. This plan would highlight the human resources management enabling processes for capturing accurate and timely information in the HRIS and the benefits particularly in terms of reporting the application provides. Audit of HRIS: A Human Resources Management Enabler 23

24 Appendix Audit Criteria Criteria The HRIS is used effectively and efficiently to support human resources objectives. Governance Plans and Objectives: The organization has operational plans and objectives in place aimed at achieving its strategic human resources objectives. HRIS Policies and Procedures: Suitable policies and procedures for the use of the HRIS to support human resources development and management are established, maintained and communicated. HRIS Risk Management: Management identifies the HRIS-related risks that may preclude the achievement of its objectives, assesses the risks it has identified and formally responds to the risks. The management information available from the HRIS is adequate in meeting Elections Canada s human resources needs. Availability of HRIS Reports: The HRIS has the ability to produce reports that support human resources plans and demonstrate alignment with the broad strategic objectives of the organization. HRIS Performance Measures: Management has identified appropriate performance measures, linked to planned results, for the use of the HRIS. Other HR Reports: Management reports generated from information sources outside the HRIS do not duplicate reports or data available through the HRIS. The control framework in place is adequate and effective in protecting the confidentiality, integrity and availability of the data in the HRIS. HRIS Roles and Responsibilities: The roles, responsibilities and accountabilities related to the HRIS are clearly articulated and understood by stakeholders. Segregation of Duties: There is appropriate segregation of duties. HRIS Data Security: Policies and procedures exist with respect to the use of the HRIS in order to ensure the confidentiality, integrity and availability of data. There is adequate reliability and integrity of data flows from other systems on which the HRIS depends. Employee Training: The organization provides employees with the necessary training, tools, resources and information to support the discharge of their HR data management responsibilities. Management HR Accountabilities: Managers at Elections Canada (not only in the HR Sector) are aware of their human resources accountabilities and understand the basic human resources processes that they are expected to follow with respect to data handling and communication. Data Transfer Controls: Controls are in place to ensure that transfers of human resources related data to the HRIS are complete and accurate. Audit of HRIS: A Human Resources Management Enabler 24

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada Final Audit Report Audit of the Human Resources Management Information System December 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective...

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

EXECUTIVE SUMMARY...5

EXECUTIVE SUMMARY...5 Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Courts Administration Service (CAS) Audit of Internal Controls over Salaries and Employee Benefits

Courts Administration Service (CAS) Audit of Internal Controls over Salaries and Employee Benefits Courts Administration Service (CAS) Audit of Internal Controls over Salaries and Employee Benefits Original signed by March 31, 2015 Mr. Daniel Gosselin Date Chief Administrator Courts Administration Service

More information

Report on. Office of the Superintendent of Financial Institutions. Corporate Services Sector Human Resources Payroll. April 2010

Report on. Office of the Superintendent of Financial Institutions. Corporate Services Sector Human Resources Payroll. April 2010 Report on Office of the Superintendent of Financial Institutions Corporate Services Sector Human Resources Payroll April 2010 Table of Contents 1. Background... 3 2. Audit Objectives, Scope and Approach...

More information

APPENDIX I. Best Practices: Ten design Principles for Performance Management 1 1) Reflect your company's performance values.

APPENDIX I. Best Practices: Ten design Principles for Performance Management 1 1) Reflect your company's performance values. APPENDIX I Best Practices: Ten design Principles for Performance Management 1 1) Reflect your company's performance values. Identify the underlying priorities that should guide decisions about performance.

More information

CARLETON UNIVERSITY POSITION DESCRIPTION. Position Title: Manager, HR Systems Position No.: 298879. Approved by:

CARLETON UNIVERSITY POSITION DESCRIPTION. Position Title: Manager, HR Systems Position No.: 298879. Approved by: CARLETON UNIVERSITY POSITION DESCRIPTION Position Title: Manager, HR Systems Position No.: 298879 Reports to: Department: Assistant Director HR, Talent Programs Human Resources Approved by: (Incumbent/Date)

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

Internal Audit. Audit of the Inventory Control Framework

Internal Audit. Audit of the Inventory Control Framework Internal Audit Audit of the Inventory Control Framework June 2010 Table of Contents EXECUTIVE SUMMARY...4 1. INTRODUCTION...7 1.1 BACKGROUND...7 1.2 OBJECTIVES...7 1.3 SCOPE OF THE AUDIT...7 1.4 METHODOLOGY...8

More information

Audit of NSERC Award Management Information System

Audit of NSERC Award Management Information System Internal Audit Audit Report Audit of NSERC Award Management Information System TABLE OF CONTENTS 1. EXECUTIVE SUMMARY... 2 2. INTRODUCTION... 3 3. AUDIT FINDINGS- BUSINESS PROCESS CONTROLS... 5 4. AUDIT

More information

Roadmap for the Development of a Human Resources Management Information System for the Ukrainian civil service

Roadmap for the Development of a Human Resources Management Information System for the Ukrainian civil service 1 Roadmap for the Development of a Human Resources Management Information System for the Ukrainian civil service Purpose of Presentation 2 To seek input on the draft document Roadmap for a Human Resources

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management OFFICE OF THE PRIVACY COMMISSIONER OF CANADA Audit of Human Resource Management May 13, 2010 Prepared by the Centre for Public Management Inc. TABLE OF CONTENTS 1.0 Executive Summary... 2 2.0 Background...

More information

Final Report. 2013-709 Audit of Vendor Performance and Corrective Measures. September 18, 2014. Office of Audit and Evaluation

Final Report. 2013-709 Audit of Vendor Performance and Corrective Measures. September 18, 2014. Office of Audit and Evaluation 2013-709 Audit of Vendor Performance and Corrective Measures September 18, 2014 Office of Audit and Evaluation TABLE OF CONTENTS MAIN POINTS... i INTRODUCTION... 1 FOCUS OF THE AUDIT... 7 STATEMENT OF

More information

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY

More information

Audit of Human Resources Management Planning

Audit of Human Resources Management Planning N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of Human Resources Management Planning I n t e r n a l A u d i t, N R C O C T O B E R 2 011 1.0 Executive Summary and Conclusion Background

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

PRIVY COUNCIL OFFICE. Audit of Compensation (Pay and Benefits) Final Report

PRIVY COUNCIL OFFICE. Audit of Compensation (Pay and Benefits) Final Report PRIVY COUNCIL OFFICE Audit of Compensation (Pay and Benefits) Audit and Evaluation Division Final Report February 4, 2011 Table of Contents Executive Summary... i Statement of Assurance...iii 1.0 Introduction...

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

State of Minnesota IT Governance Framework

State of Minnesota IT Governance Framework State of Minnesota IT Governance Framework June 2012 Table of Contents Table of Contents... 2 Introduction... 4 IT Governance Overview... 4 Process for Developing the New Framework... 4 Management of the

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement

More information

Audit of Policy on Internal Control Information Technology General Controls (ITGCs) Audit

Audit of Policy on Internal Control Information Technology General Controls (ITGCs) Audit D.2.1D Audit of Policy on Internal Control Information Technology General Controls (ITGCs) Audit Office of the Chief Audit Executive Audit and Assurance Services Directorate March 2015 Cette publication

More information

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

Audit of the Management of Projects within Employment and Social Development Canada

Audit of the Management of Projects within Employment and Social Development Canada Unclassified Internal Audit Services Branch Audit of the Management of Projects within Employment and Social Development Canada February 2014 SP-607-03-14E Internal Audit Services Branch (IASB) You can

More information

III-11 Internal Audit in banks

III-11 Internal Audit in banks III-11 Internal Audit in banks Internal Audit in banks 1 Directive by virtue of section 15 of the State Ordinance on the Supervision of the Credit System on the Internal Audit in banking organizations.

More information

Audit of Mobile Telecommunication Devices

Audit of Mobile Telecommunication Devices Recommended by the Departmental Audit Committee for approval by the President on September 12, 2012 Approved by the CNSC President on November 13, 2012 e-doc: 3927102 Table of Contents Executive Summary...

More information

Industry Services Quality Management System

Industry Services Quality Management System Industry Services Quality Management System Canadian Grain Commission Audit & Evaluation Services Final report March, 2012 Table of contents 1.0 Executive summary...2 Authority for audit... 2 Background...

More information

DISTINGUISHING CHARACTERISTICS:

DISTINGUISHING CHARACTERISTICS: OCCUPATIONAL GROUP: Human Resources CLASS FAMILY: Central Human Resources CLASS FAMILY DESCRIPTION: This family of positions include those positions which are located in the Division of Personnel. They

More information

RESPONSE Department Audits

RESPONSE Department Audits Department Audits COMMUNITY 4 INFORMATION TECHNOLOGY AND FINANCIAL CONTROLS BACKGROUND 4.1 Information technology impacts virtually every program and service administered by the Department of Community

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Water and Wastewater Infrastructure Prepared by: Audit and Assurance Services Branch Project # 12-10 February 2013 TABLE

More information

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services Office of the Superintendent of Financial Institutions Internal Audit on Corporate Services: Security and Administrative Services April 2014 Table of Contents 1. Background... 3 2. Audit Objective, Scope

More information

OFFICE OF THE CITY AUDITOR

OFFICE OF THE CITY AUDITOR CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR Audit of Information Technology Services Department Project No. AU10-012 September 1, 2011 Audit of Information Technology Services Department Executive Summary

More information

JOB DESCRIPTION HUMAN RESOURCES GENERALIST

JOB DESCRIPTION HUMAN RESOURCES GENERALIST JOB DESCRIPTION HUMAN RESOURCES GENERALIST 1 Human Resources Generalist I. POSITION DESCRIPTION: The Human Resources Generalist manages the day-to-day operations of the Human Resource Department. The HR

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

4 Testing General and Automated Controls

4 Testing General and Automated Controls 4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report

Aboriginal Affairs and Northern Development Canada. Internal Audit Report Aboriginal Affairs and Northern Development Canada Internal Audit Report Management Practices Audit of the Human Resources and Workplace Services Branch Prepared by: Audit and Assurance Services Branch

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

The Financial Planning Analysis and Reporting System (FPARS) Project: Implementation Status Update

The Financial Planning Analysis and Reporting System (FPARS) Project: Implementation Status Update STAFF REPORT ACTION REQUIRED The Financial Planning Analysis and Reporting System (FPARS) Project: Implementation Status Update Date: March 24, 2014 To: From: Wards: Reference Number: Government Management

More information

658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us

658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us Legislative Report Consolidation of Information Technology Systems and Services January 19, 2012 658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us PROVIDING THE LEADERSHIP AND SERVICES THAT IMPROVE

More information

Audit of Contracting Processes

Audit of Contracting Processes Audit of Contracting Processes Recommended by the Audit Committee for approval by the President on Approved by the President on June 5, 2013 1 Table of Contents Executive Summary....1 1. Introduction...3

More information

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4

More information

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg. Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1

More information

HR WSQ Qualifications. Certified HR Professional Programmes

HR WSQ Qualifications. Certified HR Professional Programmes Human Resource WSQ HR WSQ Qualifications WSQ ADVANCED CERTIFICATE IN HUMAN RESOURCES 4 core + 4 Elective Units CORE UNITS Analyse and present research information (Level 3) Ensure compliance with relevant

More information

Core Monitoring Guide

Core Monitoring Guide Core Monitoring Guide April 2005 eta UNITED STATES DEPARTMENT OF LABOR EMPLOYMENT AND TRAINING ADMINISTRATION Core Monitoring Guide April 2005 United States Department of Labor Employment and Training

More information

Audit of IT Asset Management Report

Audit of IT Asset Management Report Audit of IT Asset Management Report Recommended by the Departmental Audit Committee for approval by the President on Approved by the President on September 4, 2012 e-doc : 3854899 1 Table of Contents EXECUTIVE

More information

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office. GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers

More information

Innovation and Technology Department

Innovation and Technology Department PERFORMANCE AUDIT Innovation and Technology Department IT Inventory Asset Management January 11, 2016 Office of the City Manager Internal Audit Division Cheryl Johannes, Internal Audit Manager PERFORMANCE

More information

EMS Example Example EMS Audit Procedure

EMS Example Example EMS Audit Procedure EMS Example Example EMS Audit Procedure EMS Audit Procedures must be developed and documented with goals which: Ensure that the procedures incorporated into the EMS are being followed; Determine if the

More information

Monitor and evaluate performance of HR information system

Monitor and evaluate performance of HR information system Monitor and evaluate performance of HR information system Overview An implemented human resource system requires regular reviews audits and evaluation. There are numerous motivations for an organisation

More information

BUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors

BUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors BUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors Insights, tools and resources to help you Accelerate Your Growth, Scale Your Business and Elevate

More information

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5. Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5

More information

Final Report. Audit of the Project Management Framework. December 2014

Final Report. Audit of the Project Management Framework. December 2014 Final Report Audit of the Project Management Framework December 2014 Audit of the Project Management Framework Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit

More information

DENVER PUBLIC SCHOOLS. EduStat Case Study. Denver Public Schools: Making Meaning of Data to Enable School Leaders to Make Human Capital Decisions

DENVER PUBLIC SCHOOLS. EduStat Case Study. Denver Public Schools: Making Meaning of Data to Enable School Leaders to Make Human Capital Decisions DENVER PUBLIC SCHOOLS EduStat Case Study Denver Public Schools: Making Meaning of Data to Enable School Leaders to Make Human Capital Decisions Nicole Wolden and Erin McMahon 7/19/2013. Title: Making Meaning

More information

Indian and Northern Affairs Canada. Internal Audit Report. Audit of the PeopleSoft System. Prepared by: Audit and Assurance Services Branch

Indian and Northern Affairs Canada. Internal Audit Report. Audit of the PeopleSoft System. Prepared by: Audit and Assurance Services Branch Indian and Northern Affairs Canada Internal Audit Report Audit of the PeopleSoft System Prepared by: Audit and Assurance Services Branch Project #09-07 June 2010 CIDM#3067736 Table of contents List of

More information

PRACTICE ADVISORIES FOR INTERNAL AUDIT

PRACTICE ADVISORIES FOR INTERNAL AUDIT Société Française de Réalisation, d'etudes et de Conseil Economics and Public Management Department PRACTICE ADVISORIES FOR INTERNAL AUDIT Tehnical Assistance to the Ministry of Finance for Development

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report Data Analysis: The Cornerstone of Effective Internal Auditing A CaseWare Analytics Research Report Contents Why Data Analysis Step 1: Foundation - Fix Any Cracks First Step 2: Risk - Where to Look Step

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

Assessing Your Business Analytics Initiatives

Assessing Your Business Analytics Initiatives Assessing Your Business Analytics Initiatives Eight Metrics That Matter WHITE PAPER SAS White Paper Table of Contents Introduction.... 1 The Metrics... 1 Business Analytics Benchmark Study.... 3 Overall

More information

BOARD OF DIRECTORS MANDATE

BOARD OF DIRECTORS MANDATE BOARD OF DIRECTORS MANDATE Board approved: May 7, 2014 This mandate provides the terms of reference for the Boards of Directors (each a Board ) of each of Economical Mutual Insurance Company ( Economical

More information

Sound Transit Internal Audit Report - No. 2014-3

Sound Transit Internal Audit Report - No. 2014-3 Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management

More information

Payroll Operations and Information Management and Payroll Services Alliance Management Office Annual Report. November 2007

Payroll Operations and Information Management and Payroll Services Alliance Management Office Annual Report. November 2007 Payroll Operations and Information Management and Payroll Services Alliance Management Office Annual Report November 2007 1. Initiative Overview 2. Status Update 3. Appendix A: Contract Objectives 4. Appendix

More information

Audit of Occupational Safety and Health (OSH)

Audit of Occupational Safety and Health (OSH) National Research Council Canada Audit of Occupational Safety and Health (OSH) Internal Audit, NRC SEPTEMBER 2010 1.0 Executive Summary and Conclusion Background This report presents the findings of the

More information

John Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No.

John Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No. John Keel, CPA State Auditor An Audit Report on The Dam Safety Program at the Commission on Environmental Quality Report No. 08-032 An Audit Report on The Dam Safety Program at the Commission on Environmental

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

September 2005 Report No. 06-009

September 2005 Report No. 06-009 An Audit Report on The Health and Human Services Commission s Consolidation of Administrative Support Functions Report No. 06-009 John Keel, CPA State Auditor An Audit Report on The Health and Human Services

More information

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality... Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City

More information

Module 17: EMS Audits

Module 17: EMS Audits Module 17: EMS Audits Guidance...17-2 Figure 17-1: Linkages Among EMS Audits, Corrective Action and Management Reviews...17-5 Tools and Forms...17-7 Tool 17-1: EMS Auditing Worksheet...17-7 Tool 17-2:

More information

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012 Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012 Distribution: To: President & CEO Senior Vice President & Chief Financial Officer Senior Vice President, Human Resources & Communications

More information

September 2015. IFAC Member Compliance Program Strategy, 2016 2018

September 2015. IFAC Member Compliance Program Strategy, 2016 2018 September 2015 IFAC Member Compliance Program Strategy, 2016 2018 This Strategy is issued by the International Federation of Accountants (IFAC ) with the advice and oversight of the Compliance Advisory

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT.

INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT. INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT July 2010 PREPARED BY THE INTERNAL AUDIT BRANCH (IAB) Project No:

More information

Audit of Departmental Performance Measurement

Audit of Departmental Performance Measurement Audit of Departmental Performance Measurement WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch February 2012 Table of Contents 1.0 Executive Summary 1 2.0 Statement of Assurance 1 3.0

More information

1. CORPORATE SUPPORT SERVICES DEPARTMENT - HUMAN RESOURCES DIVISION

1. CORPORATE SUPPORT SERVICES DEPARTMENT - HUMAN RESOURCES DIVISION 1. CORPORATE SUPPORT SERVICES DEPARTMENT - HUMAN RESOURCES DIVISION (i) CHIEF MANAGER - COMPENSATION AND BENEFITS, AND HR ADMINISTRATION (Grade KRA 7 ) JOB DESCRIPTION FORM Date: Kenya Revenue Authority

More information

PRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report

PRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act. PRIVY COUNCIL OFFICE Audit of Information Technology (IT) Security Audit

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

Corporate Data Quality Policy

Corporate Data Quality Policy Appendix A Corporate Data Quality Policy Right first time Author: Head of Policy Date: November 2008 Contents 1. INTRODUCTION...3 2. STATEMENT OF MANAGEMENT INTENT...3 3. POLICY AIM...3 4. DEFINITION OF

More information

Human Resources Management Program Standard

Human Resources Management Program Standard Human Resources Management Program Standard The approved program standard for Human Resources Management program of instruction leading to an Ontario College Graduate Certificate delivered by Ontario Colleges

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

The IIA Global Internal Audit Competency Framework

The IIA Global Internal Audit Competency Framework About The IIA Global Internal Audit Competency Framework The IIA Global Internal Audit Competency Framework (the Framework) is a tool that defines the competencies needed to meet the requirements of the

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports GAO United States Government Accountability Office Report to the Committee on Armed Services, U.S. Senate December 2011 DEFENSE CONTRACT AUDITS Actions Needed to Improve DCAA's Access to and Use of Defense

More information

REE Position Management and Workforce/Succession Planning Checklist

REE Position Management and Workforce/Succession Planning Checklist Appendix A REE Position Management and Workforce/Succession Planning Checklist Agency: Division /Office: Position Number: Date: Supervisor: Vacancy Announcement (if Recruit): Position Title/Series/Grade:

More information

Internal Oversight Division. Internal Audit Strategy 2015-2017

Internal Oversight Division. Internal Audit Strategy 2015-2017 Internal Oversight Division Internal Audit Strategy 2015-2017 Date: June 4, 2015 page 2 TABLE OF CONTENTS LIST OF ACRONYMS 3 1. BACKGROUND 4 2. PURPOSE 4 3. VISION STATEMENT 5 4. MISSION STATEMENT 5 5.

More information

Infrastructure Engineer

Infrastructure Engineer Infrastructure Engineer It s About You Do you have a passion for all types of computer hardware, software, communication and network technology? Do you like to be hands-on and directly involved in improving

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

Information Technology Services Project Management Office Operations Guide

Information Technology Services Project Management Office Operations Guide Information Technology Services Project Management Office Operations Guide Revised 3/31/2015 Table of Contents ABOUT US... 4 WORKFLOW... 5 PROJECT LIFECYCLE... 6 PROJECT INITIATION... 6 PROJECT PLANNING...

More information