Audit of the Test of Design of Entity-Level Controls

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Audit of the Test of Design of Entity-Level Controls"

Transcription

1 Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011

2 Table of Contents 1.0 Executive Summary...2 Introduction... 2 Audit Objective... 3 Conclusion... 3 Statement of Assurance... 4 Summary of Recommendations and Management Action Plans Audit Report...8 Background... 8 Audit Objective... 9 Audit Scope... 9 Audit Criteria... 9 Approach and Methodology Findings and Recommendations...12 Appendix A: Entity Level Control Assessment Summary..19 Canadian Grain Commission 1 Entity Level Controls 2011

3 1.0 Executive summary Introduction 1.1 The mission of the Internal Audit function of Audit and Evaluation Services is to provide independent and objective assurance services designed to add value and improve the Canadian Grain Commission s operations. Internal Audit helps the Canadian Grain Commission accomplish its objectives by bringing a systematic, disciplined approach to assess and improve the effectiveness of risk management, control and governance processes. 1.2 The audit of entity-level controls was included as part of the Audit and Evaluation Services risk-based Audit Plan. The Commission approved the plan following a recommendation by the Departmental Audit Committee in May The audit was conducted as a joint effort with Finance from November 2010 to March It consisted of documenting and reviewing the test of design of entity-level controls in place at the Canadian Grain Commission. 1.4 The Treasury Board Policy on Internal Control which took effect on April 1, 2009 was introduced to ensure that risks relating to the reliability of financial reporting are adequately managed through a risk-based system of internal controls over financial reporting. Under the Policy on Internal Control, organizations are required to document and assess 3 levels of controls, one being entity-level controls. 1.5 As stated in the Policy on Internal Control Diagnostic Tool for Departments and Agencies, entity-level controls are those controls that are pervasive across a department. They include the tone from the top including the organization s culture, values and ethics, governance, transparency and accountability mechanisms as well as the activities and tools put in place across the organization to raise staff awareness, ensure clear understanding of roles and responsibilities and solid capacities and abilities in managing risks well. 1.6 The implementation of the Policy on Internal Control does not require an assessment of all entity-level controls within an organization. Rather, it requires an assessment of key entity-level controls. For purposes of this report, key entity-level controls are those controls that best demonstrate a commitment to overall good governance by Executive Management at the Canadian Grain Commission in ensuring organizational objectives are met. 1.7 In addition to the requirement under the Policy on Internal Control, Audit and Evaluation Services undertook the documentation and assessment of entity-level controls jointly with Finance as part of the Audit Plan for purposes of obtaining a sound understanding of the internal controls in place to ensure that Executive Management expectations pertaining to the entire organization are carried out. Canadian Grain Commission 2 Entity Level Controls 2011

4 1.8 This report contains only those observations, findings, and recommendations associated with the review of the test of design of the Canadian Grain Commission s key entity-level controls. Audit objective 1.9 The objective of the audit is to document and assess the design of the entity-level controls in place at the Canadian Grain Commission in order to provide assurance of their adequacy and to provide recommendations to improve noted deficiencies, if appropriate. Conclusion 1.10 Several entity-level controls exist and have been effectively designed to promote management excellence, good governance and public service management throughout the Canadian Grain Commission. Some of the key highlights noted include: Executive Management and the Commissioners promote and encourage open communication throughout the Canadian Grain Commission and effectively provide information to employees, industry stakeholders and other interested parties. Executive Management is committed to being effective leaders and modelling behaviours which employees are expected to demonstrate. There are 2 levels of governance: the Executive Management Committee and the Commission. Open communication between the Executive Management Committee and the Commission ensures that priorities remain realistic and that organizational objectives are achieved as intended. The Executive Management Committee, the Commissioners and the Departmental Audit Committee are committed to directing the organization in achieving its operational and strategic objectives The following report contains opportunities for improvement that were identified during the audit, including: Further developments in tracking and monitoring of People Planning and the Personal Development and Achievement Program in order to strengthen the Canadian Grain Commission s ability to maintain a sufficient and representative workforce with the appropriate mix of skills. Further efforts to implement new policies, procedures and processes and to update existing ones in order to strengthen the Canadian Grain Commission s ability to carry out its mandate, programs and activities. Further refinements and enhancements to the Integrated Risk Management Program in order to ensure that risks are well managed throughout the organization. Canadian Grain Commission 3 Entity Level Controls 2011

5 Future training to educate employees on roles and responsibilities in order to ensure that effective Internal Controls over Financial Reporting are in place. Executive Management has indicated that all recommendations contained in this report will be implemented. Additional details are contained in this report. Statement of assurance 1.12 In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusion provided in this report. The conclusion is based on a comparison of the conditions as they existed at the time, as described in the Audit Scope, against pre-established audit criteria that were agreed with management. The audit was conducted in accordance with the Treasury Board Policy on Internal Audit and the International Standards for the Professional Practice of Internal Auditing as established by the Institute of Internal Auditors (IIA). Summary of recommendations and management action plans 1.13 The following is a summary of recommendations contained in this report with management s action plans to address the topics identified: Recommendation reference numbers Recommendations 3.10 We recommend that the Executive Management Committee and the Commissioners establish a formal terms of reference document to specify what information is to be communicated to the Commissioners, the Chief Operating Officer or the Executive Management Committee. The document should include the timing of such communication We recommend that management implement and approve a formal process to ensure that divisional people plans are reviewed on a quarterly basis. A quarterly review would ensure that identified gaps are addressed and re-prioritized as necessary in securing human resources to achieve the Canadian Grain Commission s organizational objectives. Management action plans The Executive Management Committee has drafted and approved an Executive Management Committee terms of reference. The Commission terms of reference will be drafted by March 31, Respondent: Chief Operating Officer A process has been drafted for the quarterly monitoring of people plans. Human Resources has developed a template and instructions to assist in the quarterly monitoring of divisional people plans. Divisions have submitted progress reports of their people plans for the first quarter of for review by Human Resources. A summary of this review was prepared for and discussed with the Executive Management Committee in August Canadian Grain Commission 4 Entity Level Controls 2011

6 3.12 We recommend that management implement a performance cycle for each Canadian Grain Commission division to enhance the ability to formally track and monitor the Performance Development and Achievement Program process. In addition, Human Resources should implement a process to ensure that those individuals receiving Personal Development and Achievement Program training are in fact completing Personal Development and Achievement Plans in a timely manner. Divisions will continue to track their people plans on a quarterly basis. A review of quarterly monitoring will be conducted to identify ways to better consolidate monitoring mechanisms with other aspects of the Canadian Grain Commission integrated planning process by March 31, Respondent: Director, Human Resources Human Resources will draft measures and indicators that can be used to monitor the quantitative and qualitative aspects of the effectiveness of Personal Development and Achievement Program implementation. Measures will include those required for all divisions and those recommended by divisional management. This will include reviewing measures in the Public Service Management Dashboard. Human Resources will also consult with Employee Services and the administration officers group on mechanisms to monitor and track this information efficiently within divisions. Measures, and the corresponding monitoring plan, will be presented to the Executive Management Committee for approval by March 31, Human Resources will meet with each divisional management team to develop a plan to select and monitor the Personal Development and Achievement Program measures by June 30, This will also include determining the performance cycle for employees within each division. Human Resources will develop a process and an accountability mechanism as part of the Personal Development and Achievement Program training, to assist individuals in completing their Personal Development and Achievement Program in a timely manner, by June 30, Human Resources will review reports from the Personal Development and Achievement Program monitoring and tracking system within three months of the training to confirm that participants have initiated their Personal Development and Achievement Program. Follow-up will occur for those that have not implemented Personal Development and Achievement Canadian Grain Commission 5 Entity Level Controls 2011

7 Program. Respondent: Director, Human Resources 3.18 We recommend, in continuing to refine the Integrated Risk Management process: a. The Integrated Risk Management sub-group of the Integrated Planning Working Group and other key stakeholders be educated on how to assess residual risk as it relates to the annual environmental scan and other risks identified. b. Management develop a timeline to implement the future plan of assessing residual risk for each of the 8 risk areas identified as part of the Canadian Grain Commission s corporate risk profile. c. Management develop an action plan to determine the position or Canadian Grain Commission unit that will be accountable for coordinating and monitoring Integrated Risk Management on a long-term basis We recommend that management develop an action plan to place greater focus on integrating the operational planning phase of the Canadian Grain Commission's annual planning cycle. This will ensure the resources required for day-to-day delivery of program activities (which are essential in achieving the Canadian Grain Commission's mandate) are planned and monitored throughout the year. a. An option to educate Commissioners, Executive Management and other key stakeholders on the nature of residual risk will be developed by March 31, b. The identification of risk owners for each of the 8 risk areas in the Corporate Risk Profile will by completed by June 30, Subsequent to the educational session, executive management and risk owners will be expected to apply information from the learning session in order to assess the residual risk for each of the 8 areas of the corporate risk profile. Completion of residual risk assessment is anticipated by March 31, c. A succession plan is in place for the Corporate Development Advisor within Corporate Services. The Corporate Development Advisor is accountable for coordinating and monitoring Integrated Risk Management on a long-term basis. Respondent: Director, Corporate Services Corporate Planner and Project Manager and Integrated Planning Working Group to: Identify and engage leaders for key Canadian Grain Commission operational planning processes by September 30, 2011 Develop an integrated operational planning calendar that reflects current operational planning processes by December 31, 2011 Research best practices in integrated operational planning at other government departments by March 31, 2012 Present a multi-year plan to the Executive Management Committee proposing enhancements to operational planning timelines, processes and tools by April 30, 2012 and commence implementation of the plan during the fiscal year Canadian Grain Commission 6 Entity Level Controls 2011

8 Respondent: Director, Corporate Services 3.24 We recommend that management establish a process for ensuring that policies, procedures and other information necessary in carrying out Canadian Grain Commission s mandate, programs and activities be regularly reviewed and updated as required. This will ensure that employees have the most accurate and up-todate information available. Policies and procedures that are currently under development or being re-written should be closely monitored and promptly communicated to employees upon completion We recommend that management develop a plan to ensure that process owners and control owners for internal controls over financial reporting receive proper training so that they are aware of their roles and responsibilities in ensuring that internal controls over financial reporting are appropriately designed and continue to operate effectively. This training should be provided to other employees as required. An overview of the majority of policies and procedures has been incorporated into an easy-to-use tracking chart. This will be presented to the Executive Management Committee on October 6, Divisional directors will assign their leads to establish regular reviews. Divisions will be responsible for tracking updates. Policy changes will go to the Executive Management Committee as specified in the Executive Management Committee terms of reference. The web site will be updated by Multimedia Services and Communications until the web content management system is in place and then leads will update their own information. Respondent: Director, Corporate Services Financial risk assessment will be performed to determine key business processes required for purposes of documenting internal controls over financial reporting. Identification of process and control owners for all key business processes will be completed by March Training will be provided once process and control owners (and other employees as applicable) have been identified. This training will ensure that they are aware of their roles and responsibilities in ensuring that Internal Controls over Financial Reporting are appropriately designed and continue to operate effectively. Training will occur throughout the project and may occur in various forms including, newsletter articles, s, presentations or formal training sessions. Respondent: Chief Financial Officer Canadian Grain Commission 7 Entity Level Controls 2011

9 2.0 Audit report Background 2.1 The Treasury Board Policy on Internal Control, which took effect on April 1, 2009, was introduced to ensure that risks relating to the reliability of financial reporting are adequately managed through a risk-based system of internal controls over Financial Reporting. Under the Policy on Internal Control, organizations are required to document and assess 3 levels of controls, one being entity-level controls. 2.2 As stated in the Policy on Internal Control: Diagnostic Tool for Departments and Agencies, entity-level controls are those controls that are pervasive across a department. They include the tone from the top including the organization s culture, values and ethics, governance, transparency and accountability mechanisms as well as the activities and tools put in place across the organization to raise staff awareness, ensure clear understanding of roles and responsibilities and solid capacities and abilities in managing risks well. 2.3 As the first phase of implementing the Policy on Internal Control and conducting the audit, Finance and Audit and Evaluation Services jointly undertook documentation of the Canadian Grain Commission s entity-level controls. They used the most commonly-used framework for assessing and documenting entity-level controls. The Commission of Sponsoring Organizations developed this framework. 2.4 The Committee of Sponsoring Organizations of the Treadway Commission is a privatesector organization chartered to research and report on improving the quality of financial reporting through values and ethics, internal controls and good organizational governance. In 1992 the Committee of Sponsoring Organizations developed the Internal Controls - Integrated Framework, which is still widely used in assessing entity-level controls to this day. 2.5 As part of the Internal Controls - Integrated Framework, the Committee of Sponsoring Organizations defined the following 5 broad categories. These categories, which were considered in the documentation and assessment of the Canadian Grain Commission s entity-level controls, are: Control Environment Risk Assessment Control Activities Information and Communication Monitoring A definition for each category has been provided throughout the body of the report. Each category is further broken down into a varying number of sub-categories. For example, the Monitoring Category includes 3 separate sub-categories: Ongoing Monitoring, Canadian Grain Commission 8 Entity Level Controls 2011

10 Separate Evaluations and Reporting Deficiencies. Refer to Appendix A for further details. 2.6 Entity-level controls are considered similar to the components of the Management Accountability Framework. Similar to entity-level controls, the Management Accountability Framework outlines the Treasury Board s expectations for good public service management. It is structured around 10 key sub-categories, essential in ensuring an organization is well-managed. 2.7 Given that the Canadian Grain Commission is considered to be a small agency, it is assessed for Management Accountability Framework purposes by the Treasury Board Secretariat every third year. During the fiscal year , the Canadian Grain Commission was required to participate in the Management Accountability Framework Round VIII assessment. The timing of the assessment was beneficial as documentation prepared by the Canadian Grain Commission for Management Accountability Framework VIII could be used for certain sub-categories of the Commission of Sponsoring Organizations Internal Controls - Integrated Framework. Audit objective 2.8 The objective of the audit is to document and assess the design of the entity-level controls in place at the Canadian Grain Commission in order to provide assurance of their adequacy and to provide recommendations to improve noted deficiencies, if appropriate. Audit scope 2.9 The Policy on Internal Control came into effect April 1, While the Policy on Internal Control requires the documentation and assessment of all 3 levels of controls (entitylevel controls, information technology general controls and process level controls), the scope of the audit has been limited to the documentation and assessment of the design of entity-level controls Collection of evidence to support the key entity-level controls from various sources include: documentation submitted for Management Accountability Framework VIII; interviews with Commissioners, Executive Management and selected employees; documentation obtained from selected employees; and information posted on StaffNet, the Canadian Grain Commission s internal web site The scope of the audit explicitly excluded the test of operating effectiveness of entitylevel controls in place at the Canadian Grain Commission. Note that the test of operating effectiveness would provide assurance that the controls continue to operate as intended over a period of time. Test of design provides assurance that controls are appropriately designed to mitigate the risks they are intended to address. Audit criteria 2.12 Each of the sub-categories within the 5 Committee of Sponsoring Organizations categories described above is further broken down into a series of statements. The Canadian Grain Commission 9 Entity Level Controls 2011

11 statements can be directly linked to an identified key entity-level control. There are a total of 82 statements within the Committee of Sponsoring Organizations framework The Audit Criteria for the assessment of entity-level controls can be simply summarized as the existence and design effectiveness of key entity-level controls for each of the 82 statements identified as part of the Committee of Sponsoring Organizations Framework. Approach and methodology 2.14 The audit included interviews and examination of relevant communications, reports and other documentation related to entity-level controls The detailed examination phase was conducted from November 2010 to March It focused on identifying and assessing the design effectiveness of key entity-level controls. Procedures performed during the examination phase included: o o o o Reviewing Management Accountability Framework VIII information and submissions to determine which Management Accountability Framework documentation could be matched to the Committee of Sponsoring Organizations Internal Controls - Integrated Framework. Assessing information gaps resulting from the inability to directly link Management Accountability Framework VIII to the Committee of Sponsoring Organizations Internal Controls - Integrated Framework and determining what further evidence would be required. Developing an entity level control matrix to assess key controls in place for each of the 82 statements that make up each of the sub-categories within the 5 broad categories of the Committee of Sponsoring Organizations Internal Controls - Integrated Framework. Interviewing Executive Management, the Commissioners and other selected employees to: Obtain an understanding of Management s attitude towards controls at the entity level on a collective basis Corroborate that the entity-level controls identified through review of Management Accountability Framework VIII documentation are key controls according to Management Provide management with the opportunity to identify what they consider to be the Canadian Grain Commission s key entity-level controls which may not have been covered as part of Management Accountability Framework VIII 2.16 As a result of the information reviewed and testing conducted during the audit, findings and potential recommendations were developed to allow for strengthening of the Canadian Grain Commission s entity-level controls. These were reviewed with the Chief Operating Officer and Chief Financial Officer. Management Action Plans were obtained from Canadian Grain Commission management and incorporated into this report. A Final Canadian Grain Commission 10 Entity Level Controls 2011

12 Internal Audit Report was prepared to encompass management s commitments for improvement. The Final Report was reviewed on February 13, 2012 by the Departmental Audit Committee, who recommended approval by the Chief Commissioner. The Chief Commissioner subsequently approved this report. Canadian Grain Commission 11 Entity Level Controls 2011

13 3.0 Findings and recommendations Overall entity-level control assessment Findings: 3.1 As previously noted, Canadian Grain Commission entity-level controls were assessed based on the Committee of Sponsoring Organizations Internal Controls - Integrated Framework based on 5 broad categories. Overall entity-level control ratings for each of the categories were determined to be as follows: Committee of Sponsoring Organizations Category Control environment Risk assessment Control activities Information and communication Monitoring Rating Acceptable Acceptable Opportunity for improvement Acceptable Opportunity for improvement Refer to Entity-level control summary table in Appendix A for further details. 3.2 While certain categories received an overall rating of Opportunity for improvement or Acceptable, individual Committee of Sponsoring Organizations sub-categories within each of the 5 categories warrant further discussion. These are described further in each of 5 category sections below. The sub-categories within each of the 5 categories have been bolded for purposes of linking to the results in Appendix A. It should be noted that the following only provides a summary of findings and does not include a description of all key entity-level controls identified through the assessment process. Control Environment Findings: 3.3The control environment is influenced by management s operating style and the communication and promotion of values and ethics throughout the organization which are important factors in designing, administering and monitoring all control components of an organization. 3.4 Management s philosophy and operating style Canadian Grain Commission Management s philosophy and operating style, including overall governance (e.g. the Commission, the Executive Management Committee and Departmental Audit Committee), indicates that the principles of management excellence are applied throughout the organization. The Executive Management Committee, the Commission and the Departmental Audit Committee set an appropriate tone from the top in guiding the Canadian Grain Commission in achieving its operational and strategic objectives. The challenge that could present itself is that there are 2 levels of Canadian Grain Commission 12 Entity Level Controls 2011

14 governance: the Executive Management Committee and the Commission. Open communication between the Executive Management Committee and the Commission ensures that priorities remain realistic and that organizational objectives are achieved as intended. However, there is currently no formal guidance on what information should be presented to the Commissioners, the Chief Operating Officer or the Executive Management Committee. Such guidance would be beneficial in educating new Commissioners and new members of the Executive Management Committee or those in acting assignments. 3.5 Assignment of authority and responsibility Assignment of authority and responsibility is clearly communicated throughout the organization. Open communication is encouraged and the Executive Management Committee is committed to being effective leaders and modelling behaviors which employees are expected to demonstrate. The Executive Management Committee Charter demonstrates that the Executive Management Committee is committed to the current and future direction of the organization. 3.6 Organizational structure A clear and effective organizational structure that is linked to the Canadian Grain Commission's Program Activity Architecture is in place and has been communicated to employees and stakeholders via the Canadian Grain Commission web site. While effective organizational structures are known and in place, the documentation has not been updated on the Canadian Grain Commission s web site. For example, the Chief Financial Officer and the Chief Audit Executive report directly to the Chief Commissioner. However, the web site has not be updated to reflect this. Management has indicated that refinements will be reflected in an updated Governance Structure to be submitted to Treasury Board during the fiscal year. 3.7 Integrity and ethical values Management openly communicates the importance of integrity and ethical values principles. These principles have been integrated into the organization s programs and activities. The Canadian Grain Commission has been developing an organizational Values and Ethics Code throughout All government departments are required to have their own code that is consistent with the new Treasury Board code scheduled for completion by March 31, However, approval of the Treasury Board code has been delayed. It is now scheduled for release in April The Canadian Grain Commission is planning to publish its Values and Ethics Code shortly after the publication of the Treasury Board's. In addition, an internal policy on formal disclosure procedures to report known or suspected wrongdoing is currently under development. 3.8 Commitment to competence Executive Management s commitment to competence is demonstrated through a current project to develop competency frameworks for numerous positions at the Canadian Grain Commission. In addition, the Canadian Grain Commission has developed a competency dictionary to assist management in determining competencies required to perform a specific position s responsibilities. 3 core competencies required for Canadian Grain Commission 13 Entity Level Controls 2011

15 appointment have been identified: Effective Interactive Communication, Adaptability and Being a Team-Player. Management has also indicated that commitment to competence is achieved through the People Planning process. However, there are some concerns that deficiencies exist in the monitoring and tracking of the Canadian Grain Commissionwide people plan and divisional people plans. Monitoring and tracking ensures that gaps are being addressed throughout the year. People planning is considered during Canadian Grain Commission s integrated planning phase. However, input into integrated planning related to people planning is only relevant and meaningful for the delivery of the Canadian Grain Commission s mandate, if people plans continue to be reviewed and revised on an on-going basis. Discussions with Human Resources indicate that there are plans to formalize the process wherein divisional teams would meet with Human Resources on a quarterly basis to go over divisional people plans, perform a variance analysis and re-prioritize where necessary. Significant variances would then be tabled at the Executive Management Committee. 3.9 Human resources policies and practices Several Human Resource policies and practices exist and have been communicated to employees. They include, but are not limited to, the People Management Framework, Canadian Grain Commission training requirements, and the Informal Conflict Management System. In addition, the Canadian Grain Commission has developed the Performance Development and Achievement Program. However, a more comprehensive tracking process to monitor implementation is required. Currently the performance cycle is not aligned with the Canadian Grain Commission s fiscal year end. Human Resources rely on each Canadian Grain Commission division to collect information about how many employees within the division have completed their Performance and Learning Agreement regardless of the cycle. While directors and their direct reports have completed their Performance and Learning Agreements, approximately 60% of Canadian Grain Commission employees (particularly in the regions) have not had the opportunity to fully participate in the program. The organization continues to roll out Personal Development and Achievement Program training to educate employees on how to link their personal performance objectives with the strategic outcome of the Canadian Grain Commission. Recommendations: 3.10 We recommend that the Executive Management Committee and the Commissioners establish a formal Terms of Reference document to specify what information is to be communicated to the Commissioners, the Chief Operating Officer or the Executive Management Committee including the timing of such communication We recommend that management implement and approve a formal process to ensure that Divisional People Plans are reviewed on a quarterly basis to ensure that gaps identified are addressed and re-prioritized as necessary in securing human resources to achieve the Canadian Grain Commission s organizational objectives We recommend that management implement a performance cycle for each division to enhance the ability to formally track and monitor the Performance Development and Achievement Program process. In addition, Human Resources should implement a process to ensure that those individuals receiving Personal Development and Canadian Grain Commission 14 Entity Level Controls 2011

16 Achievement Program training are in fact completing Personal Development and Achievement plans in a timely manner. Risk Assessment Findings: 3.13 Every organization faces a variety of risks from external and internal sources that must be assessed at entity-wide and activity levels throughout its operation. Management s approach to managing organizational risk is an essential factor in ensuring the sustainability of an organization Entity-wide objectives Entity-Wide objectives have been established and communicated to employees and industry stake-holders through the Canadian Grain Commission s mandate, vision, values and strategic outcome as well as through the Departmental Report on Plans and Priorities and the Departmental Performance Report. The Canadian Grain Commission s plans and priorities are consistent with the Canadian Grain Commission's mandate and the strategic direction of the organization. Significant efforts have been placed on strategic planning over the past few years. However, less emphasis has been placed on operational planning. Management is aware of this issue and has decided to focus more on operational planning. Plans include closer monitoring of Key Performance Indicators related to program activities on a quarterly basis and the identification of additional quantitative program activity Key Performance Indicators Activity-level objectives Performance against targets of Activity-level Objectives are reported to the Executive Management Committee through a quarterly tracking tool that captures results information and challenges and lessons learned related to each of the organization s program activities. This tool also captures results, challenges and lessons learned related to the Canadian Grain Commission s strategic priorities. Strategic priorities are identified as part of the annual Strategic Planning Process Risks and change management The Canadian Grain Commission has taken action to address risks and change management affecting the organization. A corporate risk profile exists. The Integrated Risk Management project, started in 2010, resulted in input to the strategic planning process. The identified risks have been linked to the organizational Program Activity Architecture and have been considered as part of the Report on Plans and Priorities. Likelihood and impact were considered as part of the risk assessment process; however, residual risk has not been ranked. Currently, the Integrated Risk Management project remains a work in progress with future plans to enhance the process as follows: Identify the level of residual risk for each of the 8 risk areas identified in the Canadian Grain Commission s Corporate Risk Profile The Corporate Risk Profile to be revised, completed and Canadian Grain Commission staff notified of its completion Canadian Grain Commission 15 Entity Level Controls 2011

17 Risk management training for staff to be undertaken by the Canadian Grain Commission within the next 2 years While the Integrated Risk Management project and working group continues to be led by the Corporate Development Advisor, currently there is no formal plan in place to transition the coordination and ongoing monitoring of Integrated Risk Management upon the upcoming retirement of the Corporate Development Advisor. Given that risk management is an essential component in effectively managing an organization, responsibility for such a function should be assigned at all times The Policy and Planning Group is responsible for coordinating and preparing the Canadian Grain Commission s annual environmental scan which identifies potential and emerging threats, opportunities and risks that need to be considered by the Canadian Grain Commission. Risks identified as part of the environmental scan are not necessarily ranked based on likelihood and impact to the organization. Going forward, the plan is to integrate the Integrated Risk Management and Integrated Planning Working Groups for purposes of the planning process. This would enhance the identification of key risks which are identified as part of the environmental scan. Recommendation: 3.18 We recommend that in continuing to refine the Integrated Risk Management process: a. The Integrated Risk Management sub-group of the Integrated Planning Working Group and other key stakeholders be educated on how to assess residual risk as it relates to the annual environmental scan and other risks identified. b. Management develop a timeline to implement the future plan of assessing residual risk for each of the eight risk areas identified as part of the Canadian Grain Commission s corporate risk profile. c. Management develops an action plan to determine the position(s) or Canadian Grain Commission unit(s) that will be responsible or accountable for coordinating and monitoring Integrated Risk Management on a long-term basis We recommend that management develop an action plan to place greater focus on integrating the operational planning phase of the Canadian Grain Commission's annual planning cycle. This will ensure the resources required for the day-to-day delivery of program activities (which are essential in achieving the Canadian Grain Commission's mandate) are planned and monitored throughout the year. Control Activities Findings: 3.20 Control activities Control activities are policies and procedures for implementing management directives. Control activities cover a wide spectrum and include but are not limited to delegated Canadian Grain Commission 16 Entity Level Controls 2011

18 authorities, verifications, security of assets, segregation of duties and information systems Several policies and procedures for the program activities within the Canadian Grain Commission s Program Activity Architecture have been established and communicated. Examples of such policies and procedures include: Industry Services QMS/ISO 9001:2008 Financial Management Licensing Compliance Audits People Management Health and Safety Information Technology 3.22 Several policies and procedures necessary for the Canadian Grain Commission to carry out its mandate are currently in place. However, there are also policies and procedures that require further development to ensure that the Canadian Grain Commission continues to operate as effectively and efficiently as possible. Management is currently aware of the need to update certain policies and procedures including: Business Continuity and Information Technology Disaster Recovery Plan Grain Research Laboratory ISO Accreditation Grain Research Laboratory overall program policies and procedures Information Technology and Non-Information Technology Asset Management Information Management 3.23 In addition, there is currently no working group or process in place to regularly review and update financial policies and procedures or other organizational policies and procedures. Such policies and procedures are reviewed regularly, but on an ad hoc basis. It is the responsibility of each divisional unit to ensure information is kept current. Discussions with management suggest that StaffNet needs to be reviewed and updated to ensure that the most recent policies and procedures are being communicated to staff. Recommendation: 3.24 We recommend that management establish a process for ensuring that policies, procedures and other information necessary in carrying out Canadian Grain Commission s mandate, programs and activities be regularly reviewed and updated as required to ensure that employees have the most accurate and up-to-date information available. Policies and procedures that are currently under development or being rewritten should be closely monitored and promptly communicated to employees upon completion. Information and Communication Findings: 3.25 Information and communication Canadian Grain Commission 17 Entity Level Controls 2011

19 An organization needs information and communication at all levels to run the day-to-day operations, and move towards achievement of its objectives Canadian Grain Commission management proactively communicates financial and nonfinancial information to employees, key stakeholders and other interested parties on a timely basis. This is seen through the Report on Plans and Priorities, Departmental Performance Report, the delivery of Odyssey and Leadership sessions to employees, employee newsletters and announcements and consultation and communication with external parties The Canadian Grain Commission has developed a 5-year global communications plan that addresses both external and internal communications which has been approved by the Executive Management Committee. While the plan s contents remain a work in progress, the Canadian Grain Commission web site provides a variety of information for producers and other industry stakeholders including information about grain quality, quantity and research, statistical information, legislation and policies and user fees The Canadian Grain Commission has developed several forms and procedures that support the customer service and service improvement components of ISO 9001:2008. The Canadian Grain Commission has also established a number of client feedback committees that involve participation of several key stakeholders including grain producers, producer groups, industry associations and grain companies The Canadian Grain Commission currently has an Information Management committee that includes representatives from Statistics, Communications, Information Technology and Administration to ensure the development of all information components are aligned with the Records Information Management project. The Records Information Management project is ongoing and is in stage 4 of the 5-stage project Information Technology Systems strategic and operational plans have been developed and approved by the Executive Management Committee. The plans include actions to ensure that records, data and information are properly secured and that controls are in place to prevent unauthorized access. Given that these plans are relatively new, there is currently no formal process for ensuring that operational and strategic initiatives are being met. Management is aware of the issue and will be developing a strategy to track progress of Information Technology Systems operational and strategic plans going forward Given the size of the Canadian Grain Commission, resource constraints need to be considered when allocating financial and human resources to information and communication management which could in turn result in a lack of integration of information systems throughout the organization; however management is committed to providing resources to information and communication management where feasible given these resource constraints. Monitoring Findings: Canadian Grain Commission 18 Entity Level Controls 2011

20 3.32 Control systems, policies and procedures tend to change over time and thus monitoring ensures that organizations continue to operate effectively in light of such changes Separate evaluations Separate evaluations of organizational effectiveness are provided through various sources including internal audit, central agency audits (e.g. Public Service Commission), external audit (financial statements), Management Accountability Framework assessments and, in the future, program evaluation. Management Action Plans are identified in response to recommendations provided by internal audit and other external parties. Discussion with the Executive Management Committee and the Commissioners provided consistent messaging that before recommendations are agreed to and an action plan is formulated, management must ensure the recommendations are practical for the organization. Resource constraints including time, employees and funding need to be considered when determining the best way to address issues that were identified Reporting deficiencies The Committee of Sponsoring Organizations sub-category Reporting Deficiencies focuses on ensuring there are proper mechanisms in place to identify internal control or reporting deficiencies. It also ensures that appropriate follow-up actions are taken by management to address any noted deficiencies. There are several controls in place to identify reporting deficiencies. For example, financial results are presented to the Commission and the Executive Management Committee for approval on a monthly basis. The Departmental Audit Committee reviews and recommends financial statements for approval on a quarterly basis. In addition, all members of the Executive Management Committee are actively involved in the budgeting process. Re-profiling requirements made during the year are approved by the Executive Management Committee and the Commission Ongoing monitoring From an ongoing monitoring perspective, it should be noted that internal controls over financial reporting do exist. However, these have not been formally documented. Under the Policy on Internal Control the Canadian Grain Commission has yet to fully implement a process to ensure control documentation and processes relevant for internal controls over financial reporting to remain current and up-to-date. The Canadian Grain Commission has developed a multi-year action plan in order to comply with the Policy on Internal Control. The new Statement of Management Responsibility and its annex were completed by the Canadian Grain Commission within the required timelines for the fiscal year In addition, a Policy on Internal Control Steering Committee has been established and will be meeting on an ongoing basis to determine the next steps of the project, including risk assessment, scoping and control documentation. Given that the Canadian Grain Commission is only in the initial phases of the Policy on Internal Control project, training related to the ongoing monitoring of internal controls over financial reporting has not been provided. Issues relating to the project will be addressed by the Policy on Internal Control Steering Committee as the 3-year phased-in approach continues to evolve. Recommendation: 3.36 We recommend that management develop a plan to ensure that proper training is provided to educate owners of the Internal Controls over Financial Reporting process and control owners (and other employees as required) so that they are aware of their Canadian Grain Commission 19 Entity Level Controls 2011

21 roles and responsibilities in ensuring that internal controls over financial reporting are appropriately designed and continue to operate effectively. We express our appreciation to the Executive Management Committee and the Commissioners for their assistance during the course of the audit. This audit has been reviewed with: Gordon Miles, Chief Operating Officer Cheryl Blahey, Chief Financial Officer Audit & Evaluation Services Contact Brian Brown, Chief Audit Executive Canadian Grain Commission 20 Entity Level Controls 2011

22 Appendix A: Canadian Grain Commission - Entity-level control assessment summary Compliant (3) Partially compliant (3) Non compliant (3) Weighted rating (3) CE (Control Environment) (1) 88% A Integrity and ethical values 50% 50% 0% 75% B Commitment to competence 50% 50% 0% 75% C The Commission, the Executive Management Committee and Department Audit Committee 89% 11% 0% 94% D Management s philosophy and operating Style 80% 20% 0% 90% E Organizational structure 67% 33% 0% 83% F Assignment of authority and responsibility 100% 0% 0% 100% G Human Resources policies and practices 100% 0% 0% 100% RA (Risk assessment) (1) 76% A Entity-wide objectives 75% 25% 0% 88% B Activity-level objectives 86% 14% 0% 93% C Risks 50% 50% 0% 75% D Managing change 0% 100% 0% 50% CA (Control activities) (1) 50% A - Control activities 0% 100% 0% 50% IC (Information and communication) (1) 80% A Information 50% 50% 0% 75% B Communication 71% 29% 0% 86% MON (Monitoring) (1) 67% A Ongoing monitoring 22% 57% 11% 51% B Separate evaluations 0% 100% 0% 50% C Reporting deficiencies 100% 0% 0% 100% Assessment rating the Committee of Sponsoring Organizations Statements (2) % Compliant 49 60% Partially compliant 32 39% Non-compliant 1 1% Total % Note 1: CE, RA, CA IC and MON represent the 5 Committee of Sponsoring Organizations Categories within the Committee of Sponsoring Organizations Internal Controls-Integrated Framework. Each of the Committee of Sponsoring Organizations Categories is further broken down into the sub-categories noted above. Note 2: Each of the sub-categories noted within the Committee of Sponsoring Organizations Internal Controls-Integrated Framework has a varying series of statements that can be directly linked to a key ELC for a total of 82 statements. 32 instances of partial compliance were noted which indicates that while not fully compliant with 29 of the Committee of Sponsoring Organizations statements; actions are currently underway to achieving full compliance in the future. The one instance of non-compliance relates to training on Internal Controls over Financial Reporting not yet provided to employees and will be addressed as the Policy on Internal Controls project continues to evolve. Canadian Grain Commission 21 Entity Level Controls 2011

Audit of the Policy on Internal Control Implementation

Audit of the Policy on Internal Control Implementation Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF

More information

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY

More information

Status Report of the Auditor General of Canada to the House of Commons

Status Report of the Auditor General of Canada to the House of Commons 2011 Status Report of the Auditor General of Canada to the House of Commons Chapter 1 Financial Management and Control and Risk Management Office of the Auditor General of Canada The 2011 Status Report

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services

Office of the Superintendent of Financial Institutions. Internal Audit on Corporate Services: Security and Administrative Services Office of the Superintendent of Financial Institutions Internal Audit on Corporate Services: Security and Administrative Services April 2014 Table of Contents 1. Background... 3 2. Audit Objective, Scope

More information

Documents and Policies Pertaining to Corporate Governance

Documents and Policies Pertaining to Corporate Governance Documents and Policies Pertaining to Corporate Governance 3.1 Charter of the Board of Directors IMPORTANT NOTE Chapter 1, Dream, Mission, Vision and Values of the CGI Group Inc. Fundamental Texts constitutes

More information

Internal Audit Manual

Internal Audit Manual Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors

More information

Internal control over financial reporting Statement, assessment summary and action plan. For the fiscal year ending March 31, 2012

Internal control over financial reporting Statement, assessment summary and action plan. For the fiscal year ending March 31, 2012 Internal control over financial reporting Statement, assessment summary and action plan For the fiscal year ending March 31, 2012 Summary of the assessment of effectiveness of the system of internal control

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

Industry Services Quality Management System

Industry Services Quality Management System Industry Services Quality Management System Canadian Grain Commission Audit & Evaluation Services Final report March, 2012 Table of contents 1.0 Executive summary...2 Authority for audit... 2 Background...

More information

Module 6 Documenting Processes and Controls

Module 6 Documenting Processes and Controls A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors

More information

Public Sector Pension Investment Board

Public Sector Pension Investment Board Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT.

INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT. INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT July 2010 PREPARED BY THE INTERNAL AUDIT BRANCH (IAB) Project No:

More information

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office. GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers

More information

Audit of Human Resources Management Planning

Audit of Human Resources Management Planning N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of Human Resources Management Planning I n t e r n a l A u d i t, N R C O C T O B E R 2 011 1.0 Executive Summary and Conclusion Background

More information

Audit of Financial Management Governance. Audit Report

Audit of Financial Management Governance. Audit Report Audit of Financial Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 2 What we examined... 2 Why it is important... 2 What we found... 2 Background... 4 Objective...

More information

EXECUTIVE SUMMARY...5

EXECUTIVE SUMMARY...5 Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9

More information

Internal Audit of the Sport Canada Hosting Program

Internal Audit of the Sport Canada Hosting Program Internal Audit of the Sport Canada Hosting Program Office of the Chief Audit and Evaluation Executive November 2009 Table of Contents Executive Summary...i 1. Introduction and Context...1 1.1 Authority

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Statement of Management Responsibility Including Internal Control Over Financial Reporting

Statement of Management Responsibility Including Internal Control Over Financial Reporting Statement of Management Responsibility Including Internal Control Over Financial Reporting Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March

More information

REPORT 2016/066 INTERNAL AUDIT DIVISION. Audit of management of technical cooperation projects in the Economic Commission for Africa

REPORT 2016/066 INTERNAL AUDIT DIVISION. Audit of management of technical cooperation projects in the Economic Commission for Africa INTERNAL AUDIT DIVISION REPORT 2016/066 Audit of management of technical cooperation projects in the Economic Commission for Africa Overall results relating to the effective management of technical cooperation

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Social Sciences and Humanities Research Council of Canada

Social Sciences and Humanities Research Council of Canada Social Sciences and Humanities Research Council of Canada Annex to the Statement of Management Responsibility including Internal Control over Financial Reporting (Unaudited) Fiscal year 2014-15 Table of

More information

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette

More information

Financial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN. CR_2215 Attachment 1

Financial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN. CR_2215 Attachment 1 CR_2215 Attachment 1 Financial Services FINANCIAL SERVICES & UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN Acting Branch Manager: Stacey Padbury Table of Contents INTRODUCTION Our

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

J u n e 2 0 1 0. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

J u n e 2 0 1 0. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a Audit of Risk Management I n t e r n a l A u d i t, N R C J u n e 2 0 1 0 June 2010 i 1.0 Executive Summary and Conclusion Background This audit

More information

NASA Financial Management Requirements Volume 9, Chapter 4 April 2005 CHAPTER 4 RISK ASSESSMENTS

NASA Financial Management Requirements Volume 9, Chapter 4 April 2005 CHAPTER 4 RISK ASSESSMENTS CHAPTER 4 RISK ASSESSMENTS 0401 GENERAL 040101. Purpose. This chapter provides detailed guidance on National Aeronautics and Space Administration s (NASA) financial management internal control program

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

October 20, 2015. Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division

October 20, 2015. Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division Internal Audit Annual Report Fiscal Year 2015 October 20, 2015 Honorable Greg Abbott, Governor Members of the Legislative Budget Board Members of the Sunset Advisory Commission Mr. John Keel, CPA, State

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Audit of Occupational Safety and Health (OSH)

Audit of Occupational Safety and Health (OSH) National Research Council Canada Audit of Occupational Safety and Health (OSH) Internal Audit, NRC SEPTEMBER 2010 1.0 Executive Summary and Conclusion Background This report presents the findings of the

More information

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation

More information

Audit of Mobile Telecommunication Devices

Audit of Mobile Telecommunication Devices Recommended by the Departmental Audit Committee for approval by the President on September 12, 2012 Approved by the CNSC President on November 13, 2012 e-doc: 3927102 Table of Contents Executive Summary...

More information

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate

More information

INTERNAL AUDIT MANUAL

INTERNAL AUDIT MANUAL དང ལ ར ས ལ ན ཁག Internal Audit Manual INTERNAL AUDIT MANUAL Royal Government of Bhutan 2014 i i ii ii Internal Audit Manual དང ལ ར ས ལ ན ཁག ROYAL GOVERNMNET OF BHUTAN MINISTRY OF FINANCE TASHICHHO DZONG

More information

COSO Internal Control Integrated Framework (2013)

COSO Internal Control Integrated Framework (2013) COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Courts Administration Service (CAS) Audit of Integrated Risk Management

Courts Administration Service (CAS) Audit of Integrated Risk Management Courts Administration Service (CAS) Audit of Integrated Risk Management Original signed by JULY 21, 2015 MR. DANIEL GOSSELIN CHIEF ADMINISTRATOR DATE TABLE OF CONTENTS 1 EXECUTIVE SUMMARY... 3 1.1 Background...

More information

Canada Media Fund/Fonds des médias du Canada

Canada Media Fund/Fonds des médias du Canada Canada Media Fund/Fonds des médias du Canada Statement of Corporate Governance Principles I. Introduction The Corporation s mandate is to champion the creation of successful, innovative Canadian content

More information

ONTARIO'S DRINKING WATER QUALITY MANAGEMENT STANDARD

ONTARIO'S DRINKING WATER QUALITY MANAGEMENT STANDARD July 2007 ONTARIO'S DRINKING WATER QUALITY MANAGEMENT STANDARD POCKET GUIDE PIBS 6278e The Drinking Water Quality Management Standard (DWQMS) was developed in partnership between the Ministry of the Environment

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document. 2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

Performance Measures for Internal Auditing

Performance Measures for Internal Auditing Performance Measures for Internal Auditing A simple question someone may ask is Why measure performance? An even simpler response would be that what gets measured gets done. McMaster University s discussion

More information

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015 FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria

More information

Internal Auditing: Assurance, Insight, and Objectivity

Internal Auditing: Assurance, Insight, and Objectivity Internal Auditing: Assurance, Insight, and Objectivity WHAT IS INTERNAL AUDITING? INTERNAL AUDITING business people all around the world are familiar with the term. But do they understand the value it

More information

Final Report. Audit of the Project Management Framework. December 2014

Final Report. Audit of the Project Management Framework. December 2014 Final Report Audit of the Project Management Framework December 2014 Audit of the Project Management Framework Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit

More information

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch.

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch. Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Water and Wastewater Infrastructure Prepared by: Audit and Assurance Services Branch Project # 12-10 February 2013 TABLE

More information

PRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report

PRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act. PRIVY COUNCIL OFFICE Audit of Information Technology (IT) Security Audit

More information

Audit of IT Asset Management Report

Audit of IT Asset Management Report Audit of IT Asset Management Report Recommended by the Departmental Audit Committee for approval by the President on Approved by the President on September 4, 2012 e-doc : 3854899 1 Table of Contents EXECUTIVE

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]

[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting

More information

Audit of Community Futures Program

Audit of Community Futures Program Audit of Community Futures Program WESTERN ECONOMIC DIVERSIFICATION CANADA Audit, Evaluation & Disclosure Branch April 2009 Table of Contents 1.0 EXECUTIVE SUMMARY 1 2.0 STATEMENT OF ASSURANCE 2 3. 0 INTRODUCTION

More information

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student

More information

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS

Table of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of

More information

Periodic risk assessment by internal audit

Periodic risk assessment by internal audit Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an

More information

Aegon Global Compliance

Aegon Global Compliance Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group

More information

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER KING III CORPORATE GOVERNANCE REGISTER CHAPTER 1: ETHICAL LEADERSHIP AND CORPORATE CITIZENSHIP NON 1.1. The board should provide effective leadership based on an ethical foundation 1.2. The board should

More information

Audit of the Financial Management Control Framework - Revenue

Audit of the Financial Management Control Framework - Revenue N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of the Financial Management Control Framework - Revenue I n t e r n a l A u d i t, N R C N O V E M B E R 2011 1.0 Executive Summary and

More information

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452 Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,

More information

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Internal Audit. Audit of HRIS: A Human Resources Management Enabler Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION The Customer Account Data Engine 2 Systems Development Guidelines; However, Process Improvements Are Needed to Address Inconsistencies September 30, Year

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Audit of Financial Reporting Controls

Audit of Financial Reporting Controls Audit of Financial Reporting Controls WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch February 2012 Table of Contents 1.0 Executive Summary 1 2.0 Statement of Assurance 1 3.0 Introduction

More information

An overview of COSO s 2013 Internal Control-Integrated Framework

An overview of COSO s 2013 Internal Control-Integrated Framework An overview of COSO s 2013 Internal Control-Integrated Framework Prepared by: Sara Lord, Partner, National Professional Standards Group, McGladrey LLP sara.lord@mcgladrey.com May 2013 Introduction In 1992,

More information

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada

Final Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada Final Audit Report Audit of the Human Resources Management Information System December 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective...

More information

Department of Audit and Compliance. Quality Self-Assessment

Department of Audit and Compliance. Quality Self-Assessment Department of Audit and Compliance Quality Self-Assessment November 2014 CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK...

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

Internal Audit Manual

Internal Audit Manual COMPTROLLER OF ACCOUNTS Ministry of Finance Government of the Republic of Trinidad Tobago Internal Audit Manual Prepared by the Financial Management Branch, Treasury Division, Ministry of Finance TABLE

More information

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010 Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall

More information

Financial Management Framework >> Overview Diagram

Financial Management Framework >> Overview Diagram June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document

More information

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE: PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE: Project Name Project Management Plan Document Information Document Title Version Author Owner Project Management Plan Amendment History

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Export Development Canada

Export Development Canada Export Development Canada Special Examination Report 2009 Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Office of the Auditor

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

A Risk-Based Audit Strategy November 2006 Internal Audit Department

A Risk-Based Audit Strategy November 2006 Internal Audit Department Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

BUILDING A CROWN CORPORATION DIRECTOR PROFILE

BUILDING A CROWN CORPORATION DIRECTOR PROFILE BUILDING A CROWN CORPORATION DIRECTOR PROFILE Prepared by: Management Priorities and Senior Personnel Secretariat Privy Council Office In collaboration with: Renaud Foster Management Consultants June 2001

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City

More information

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes

More information

Audit of Monitoring and Payments

Audit of Monitoring and Payments Audit of Monitoring and Payments WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch June 2011 Table of Contents 1.0 Executive Summary 1 Findings 1 2.0 Statement of Assurance 2 3.0 Introduction

More information

ACCREDITATION MANUAL FOR GOVERNING BOARDS

ACCREDITATION MANUAL FOR GOVERNING BOARDS ACCREDITATION MANUAL FOR GOVERNING BOARDS A Publication of the Accrediting Commission for Community and Junior Colleges Western Association of Schools and Colleges May 2012 Edition ACCJC/WASC 10 Commercial

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

Audit Plan Update. Percentage of Total Budgeted Hours. Adjusted Budgeted Hours. Actual YTD. Audit & MAS 8,066 8,366 38% 7,085.0 46% 2012 Carry Over

Audit Plan Update. Percentage of Total Budgeted Hours. Adjusted Budgeted Hours. Actual YTD. Audit & MAS 8,066 8,366 38% 7,085.0 46% 2012 Carry Over AUDIT COMMITTEE UPDATE DECEMBER 13, 2013 EXECUTIVE SUMMARY Office of the Internal Auditor Update Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit

More information