Audit of the Test of Design of Entity-Level Controls
|
|
- Meryl Darleen Harris
- 8 years ago
- Views:
Transcription
1 Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011
2 Table of Contents 1.0 Executive Summary...2 Introduction... 2 Audit Objective... 3 Conclusion... 3 Statement of Assurance... 4 Summary of Recommendations and Management Action Plans Audit Report...8 Background... 8 Audit Objective... 9 Audit Scope... 9 Audit Criteria... 9 Approach and Methodology Findings and Recommendations...12 Appendix A: Entity Level Control Assessment Summary..19 Canadian Grain Commission 1 Entity Level Controls 2011
3 1.0 Executive summary Introduction 1.1 The mission of the Internal Audit function of Audit and Evaluation Services is to provide independent and objective assurance services designed to add value and improve the Canadian Grain Commission s operations. Internal Audit helps the Canadian Grain Commission accomplish its objectives by bringing a systematic, disciplined approach to assess and improve the effectiveness of risk management, control and governance processes. 1.2 The audit of entity-level controls was included as part of the Audit and Evaluation Services risk-based Audit Plan. The Commission approved the plan following a recommendation by the Departmental Audit Committee in May The audit was conducted as a joint effort with Finance from November 2010 to March It consisted of documenting and reviewing the test of design of entity-level controls in place at the Canadian Grain Commission. 1.4 The Treasury Board Policy on Internal Control which took effect on April 1, 2009 was introduced to ensure that risks relating to the reliability of financial reporting are adequately managed through a risk-based system of internal controls over financial reporting. Under the Policy on Internal Control, organizations are required to document and assess 3 levels of controls, one being entity-level controls. 1.5 As stated in the Policy on Internal Control Diagnostic Tool for Departments and Agencies, entity-level controls are those controls that are pervasive across a department. They include the tone from the top including the organization s culture, values and ethics, governance, transparency and accountability mechanisms as well as the activities and tools put in place across the organization to raise staff awareness, ensure clear understanding of roles and responsibilities and solid capacities and abilities in managing risks well. 1.6 The implementation of the Policy on Internal Control does not require an assessment of all entity-level controls within an organization. Rather, it requires an assessment of key entity-level controls. For purposes of this report, key entity-level controls are those controls that best demonstrate a commitment to overall good governance by Executive Management at the Canadian Grain Commission in ensuring organizational objectives are met. 1.7 In addition to the requirement under the Policy on Internal Control, Audit and Evaluation Services undertook the documentation and assessment of entity-level controls jointly with Finance as part of the Audit Plan for purposes of obtaining a sound understanding of the internal controls in place to ensure that Executive Management expectations pertaining to the entire organization are carried out. Canadian Grain Commission 2 Entity Level Controls 2011
4 1.8 This report contains only those observations, findings, and recommendations associated with the review of the test of design of the Canadian Grain Commission s key entity-level controls. Audit objective 1.9 The objective of the audit is to document and assess the design of the entity-level controls in place at the Canadian Grain Commission in order to provide assurance of their adequacy and to provide recommendations to improve noted deficiencies, if appropriate. Conclusion 1.10 Several entity-level controls exist and have been effectively designed to promote management excellence, good governance and public service management throughout the Canadian Grain Commission. Some of the key highlights noted include: Executive Management and the Commissioners promote and encourage open communication throughout the Canadian Grain Commission and effectively provide information to employees, industry stakeholders and other interested parties. Executive Management is committed to being effective leaders and modelling behaviours which employees are expected to demonstrate. There are 2 levels of governance: the Executive Management Committee and the Commission. Open communication between the Executive Management Committee and the Commission ensures that priorities remain realistic and that organizational objectives are achieved as intended. The Executive Management Committee, the Commissioners and the Departmental Audit Committee are committed to directing the organization in achieving its operational and strategic objectives The following report contains opportunities for improvement that were identified during the audit, including: Further developments in tracking and monitoring of People Planning and the Personal Development and Achievement Program in order to strengthen the Canadian Grain Commission s ability to maintain a sufficient and representative workforce with the appropriate mix of skills. Further efforts to implement new policies, procedures and processes and to update existing ones in order to strengthen the Canadian Grain Commission s ability to carry out its mandate, programs and activities. Further refinements and enhancements to the Integrated Risk Management Program in order to ensure that risks are well managed throughout the organization. Canadian Grain Commission 3 Entity Level Controls 2011
5 Future training to educate employees on roles and responsibilities in order to ensure that effective Internal Controls over Financial Reporting are in place. Executive Management has indicated that all recommendations contained in this report will be implemented. Additional details are contained in this report. Statement of assurance 1.12 In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusion provided in this report. The conclusion is based on a comparison of the conditions as they existed at the time, as described in the Audit Scope, against pre-established audit criteria that were agreed with management. The audit was conducted in accordance with the Treasury Board Policy on Internal Audit and the International Standards for the Professional Practice of Internal Auditing as established by the Institute of Internal Auditors (IIA). Summary of recommendations and management action plans 1.13 The following is a summary of recommendations contained in this report with management s action plans to address the topics identified: Recommendation reference numbers Recommendations 3.10 We recommend that the Executive Management Committee and the Commissioners establish a formal terms of reference document to specify what information is to be communicated to the Commissioners, the Chief Operating Officer or the Executive Management Committee. The document should include the timing of such communication We recommend that management implement and approve a formal process to ensure that divisional people plans are reviewed on a quarterly basis. A quarterly review would ensure that identified gaps are addressed and re-prioritized as necessary in securing human resources to achieve the Canadian Grain Commission s organizational objectives. Management action plans The Executive Management Committee has drafted and approved an Executive Management Committee terms of reference. The Commission terms of reference will be drafted by March 31, Respondent: Chief Operating Officer A process has been drafted for the quarterly monitoring of people plans. Human Resources has developed a template and instructions to assist in the quarterly monitoring of divisional people plans. Divisions have submitted progress reports of their people plans for the first quarter of for review by Human Resources. A summary of this review was prepared for and discussed with the Executive Management Committee in August Canadian Grain Commission 4 Entity Level Controls 2011
6 3.12 We recommend that management implement a performance cycle for each Canadian Grain Commission division to enhance the ability to formally track and monitor the Performance Development and Achievement Program process. In addition, Human Resources should implement a process to ensure that those individuals receiving Personal Development and Achievement Program training are in fact completing Personal Development and Achievement Plans in a timely manner. Divisions will continue to track their people plans on a quarterly basis. A review of quarterly monitoring will be conducted to identify ways to better consolidate monitoring mechanisms with other aspects of the Canadian Grain Commission integrated planning process by March 31, Respondent: Director, Human Resources Human Resources will draft measures and indicators that can be used to monitor the quantitative and qualitative aspects of the effectiveness of Personal Development and Achievement Program implementation. Measures will include those required for all divisions and those recommended by divisional management. This will include reviewing measures in the Public Service Management Dashboard. Human Resources will also consult with Employee Services and the administration officers group on mechanisms to monitor and track this information efficiently within divisions. Measures, and the corresponding monitoring plan, will be presented to the Executive Management Committee for approval by March 31, Human Resources will meet with each divisional management team to develop a plan to select and monitor the Personal Development and Achievement Program measures by June 30, This will also include determining the performance cycle for employees within each division. Human Resources will develop a process and an accountability mechanism as part of the Personal Development and Achievement Program training, to assist individuals in completing their Personal Development and Achievement Program in a timely manner, by June 30, Human Resources will review reports from the Personal Development and Achievement Program monitoring and tracking system within three months of the training to confirm that participants have initiated their Personal Development and Achievement Program. Follow-up will occur for those that have not implemented Personal Development and Achievement Canadian Grain Commission 5 Entity Level Controls 2011
7 Program. Respondent: Director, Human Resources 3.18 We recommend, in continuing to refine the Integrated Risk Management process: a. The Integrated Risk Management sub-group of the Integrated Planning Working Group and other key stakeholders be educated on how to assess residual risk as it relates to the annual environmental scan and other risks identified. b. Management develop a timeline to implement the future plan of assessing residual risk for each of the 8 risk areas identified as part of the Canadian Grain Commission s corporate risk profile. c. Management develop an action plan to determine the position or Canadian Grain Commission unit that will be accountable for coordinating and monitoring Integrated Risk Management on a long-term basis We recommend that management develop an action plan to place greater focus on integrating the operational planning phase of the Canadian Grain Commission's annual planning cycle. This will ensure the resources required for day-to-day delivery of program activities (which are essential in achieving the Canadian Grain Commission's mandate) are planned and monitored throughout the year. a. An option to educate Commissioners, Executive Management and other key stakeholders on the nature of residual risk will be developed by March 31, b. The identification of risk owners for each of the 8 risk areas in the Corporate Risk Profile will by completed by June 30, Subsequent to the educational session, executive management and risk owners will be expected to apply information from the learning session in order to assess the residual risk for each of the 8 areas of the corporate risk profile. Completion of residual risk assessment is anticipated by March 31, c. A succession plan is in place for the Corporate Development Advisor within Corporate Services. The Corporate Development Advisor is accountable for coordinating and monitoring Integrated Risk Management on a long-term basis. Respondent: Director, Corporate Services Corporate Planner and Project Manager and Integrated Planning Working Group to: Identify and engage leaders for key Canadian Grain Commission operational planning processes by September 30, 2011 Develop an integrated operational planning calendar that reflects current operational planning processes by December 31, 2011 Research best practices in integrated operational planning at other government departments by March 31, 2012 Present a multi-year plan to the Executive Management Committee proposing enhancements to operational planning timelines, processes and tools by April 30, 2012 and commence implementation of the plan during the fiscal year Canadian Grain Commission 6 Entity Level Controls 2011
8 Respondent: Director, Corporate Services 3.24 We recommend that management establish a process for ensuring that policies, procedures and other information necessary in carrying out Canadian Grain Commission s mandate, programs and activities be regularly reviewed and updated as required. This will ensure that employees have the most accurate and up-todate information available. Policies and procedures that are currently under development or being re-written should be closely monitored and promptly communicated to employees upon completion We recommend that management develop a plan to ensure that process owners and control owners for internal controls over financial reporting receive proper training so that they are aware of their roles and responsibilities in ensuring that internal controls over financial reporting are appropriately designed and continue to operate effectively. This training should be provided to other employees as required. An overview of the majority of policies and procedures has been incorporated into an easy-to-use tracking chart. This will be presented to the Executive Management Committee on October 6, Divisional directors will assign their leads to establish regular reviews. Divisions will be responsible for tracking updates. Policy changes will go to the Executive Management Committee as specified in the Executive Management Committee terms of reference. The web site will be updated by Multimedia Services and Communications until the web content management system is in place and then leads will update their own information. Respondent: Director, Corporate Services Financial risk assessment will be performed to determine key business processes required for purposes of documenting internal controls over financial reporting. Identification of process and control owners for all key business processes will be completed by March Training will be provided once process and control owners (and other employees as applicable) have been identified. This training will ensure that they are aware of their roles and responsibilities in ensuring that Internal Controls over Financial Reporting are appropriately designed and continue to operate effectively. Training will occur throughout the project and may occur in various forms including, newsletter articles, s, presentations or formal training sessions. Respondent: Chief Financial Officer Canadian Grain Commission 7 Entity Level Controls 2011
9 2.0 Audit report Background 2.1 The Treasury Board Policy on Internal Control, which took effect on April 1, 2009, was introduced to ensure that risks relating to the reliability of financial reporting are adequately managed through a risk-based system of internal controls over Financial Reporting. Under the Policy on Internal Control, organizations are required to document and assess 3 levels of controls, one being entity-level controls. 2.2 As stated in the Policy on Internal Control: Diagnostic Tool for Departments and Agencies, entity-level controls are those controls that are pervasive across a department. They include the tone from the top including the organization s culture, values and ethics, governance, transparency and accountability mechanisms as well as the activities and tools put in place across the organization to raise staff awareness, ensure clear understanding of roles and responsibilities and solid capacities and abilities in managing risks well. 2.3 As the first phase of implementing the Policy on Internal Control and conducting the audit, Finance and Audit and Evaluation Services jointly undertook documentation of the Canadian Grain Commission s entity-level controls. They used the most commonly-used framework for assessing and documenting entity-level controls. The Commission of Sponsoring Organizations developed this framework. 2.4 The Committee of Sponsoring Organizations of the Treadway Commission is a privatesector organization chartered to research and report on improving the quality of financial reporting through values and ethics, internal controls and good organizational governance. In 1992 the Committee of Sponsoring Organizations developed the Internal Controls - Integrated Framework, which is still widely used in assessing entity-level controls to this day. 2.5 As part of the Internal Controls - Integrated Framework, the Committee of Sponsoring Organizations defined the following 5 broad categories. These categories, which were considered in the documentation and assessment of the Canadian Grain Commission s entity-level controls, are: Control Environment Risk Assessment Control Activities Information and Communication Monitoring A definition for each category has been provided throughout the body of the report. Each category is further broken down into a varying number of sub-categories. For example, the Monitoring Category includes 3 separate sub-categories: Ongoing Monitoring, Canadian Grain Commission 8 Entity Level Controls 2011
10 Separate Evaluations and Reporting Deficiencies. Refer to Appendix A for further details. 2.6 Entity-level controls are considered similar to the components of the Management Accountability Framework. Similar to entity-level controls, the Management Accountability Framework outlines the Treasury Board s expectations for good public service management. It is structured around 10 key sub-categories, essential in ensuring an organization is well-managed. 2.7 Given that the Canadian Grain Commission is considered to be a small agency, it is assessed for Management Accountability Framework purposes by the Treasury Board Secretariat every third year. During the fiscal year , the Canadian Grain Commission was required to participate in the Management Accountability Framework Round VIII assessment. The timing of the assessment was beneficial as documentation prepared by the Canadian Grain Commission for Management Accountability Framework VIII could be used for certain sub-categories of the Commission of Sponsoring Organizations Internal Controls - Integrated Framework. Audit objective 2.8 The objective of the audit is to document and assess the design of the entity-level controls in place at the Canadian Grain Commission in order to provide assurance of their adequacy and to provide recommendations to improve noted deficiencies, if appropriate. Audit scope 2.9 The Policy on Internal Control came into effect April 1, While the Policy on Internal Control requires the documentation and assessment of all 3 levels of controls (entitylevel controls, information technology general controls and process level controls), the scope of the audit has been limited to the documentation and assessment of the design of entity-level controls Collection of evidence to support the key entity-level controls from various sources include: documentation submitted for Management Accountability Framework VIII; interviews with Commissioners, Executive Management and selected employees; documentation obtained from selected employees; and information posted on StaffNet, the Canadian Grain Commission s internal web site The scope of the audit explicitly excluded the test of operating effectiveness of entitylevel controls in place at the Canadian Grain Commission. Note that the test of operating effectiveness would provide assurance that the controls continue to operate as intended over a period of time. Test of design provides assurance that controls are appropriately designed to mitigate the risks they are intended to address. Audit criteria 2.12 Each of the sub-categories within the 5 Committee of Sponsoring Organizations categories described above is further broken down into a series of statements. The Canadian Grain Commission 9 Entity Level Controls 2011
11 statements can be directly linked to an identified key entity-level control. There are a total of 82 statements within the Committee of Sponsoring Organizations framework The Audit Criteria for the assessment of entity-level controls can be simply summarized as the existence and design effectiveness of key entity-level controls for each of the 82 statements identified as part of the Committee of Sponsoring Organizations Framework. Approach and methodology 2.14 The audit included interviews and examination of relevant communications, reports and other documentation related to entity-level controls The detailed examination phase was conducted from November 2010 to March It focused on identifying and assessing the design effectiveness of key entity-level controls. Procedures performed during the examination phase included: o o o o Reviewing Management Accountability Framework VIII information and submissions to determine which Management Accountability Framework documentation could be matched to the Committee of Sponsoring Organizations Internal Controls - Integrated Framework. Assessing information gaps resulting from the inability to directly link Management Accountability Framework VIII to the Committee of Sponsoring Organizations Internal Controls - Integrated Framework and determining what further evidence would be required. Developing an entity level control matrix to assess key controls in place for each of the 82 statements that make up each of the sub-categories within the 5 broad categories of the Committee of Sponsoring Organizations Internal Controls - Integrated Framework. Interviewing Executive Management, the Commissioners and other selected employees to: Obtain an understanding of Management s attitude towards controls at the entity level on a collective basis Corroborate that the entity-level controls identified through review of Management Accountability Framework VIII documentation are key controls according to Management Provide management with the opportunity to identify what they consider to be the Canadian Grain Commission s key entity-level controls which may not have been covered as part of Management Accountability Framework VIII 2.16 As a result of the information reviewed and testing conducted during the audit, findings and potential recommendations were developed to allow for strengthening of the Canadian Grain Commission s entity-level controls. These were reviewed with the Chief Operating Officer and Chief Financial Officer. Management Action Plans were obtained from Canadian Grain Commission management and incorporated into this report. A Final Canadian Grain Commission 10 Entity Level Controls 2011
12 Internal Audit Report was prepared to encompass management s commitments for improvement. The Final Report was reviewed on February 13, 2012 by the Departmental Audit Committee, who recommended approval by the Chief Commissioner. The Chief Commissioner subsequently approved this report. Canadian Grain Commission 11 Entity Level Controls 2011
13 3.0 Findings and recommendations Overall entity-level control assessment Findings: 3.1 As previously noted, Canadian Grain Commission entity-level controls were assessed based on the Committee of Sponsoring Organizations Internal Controls - Integrated Framework based on 5 broad categories. Overall entity-level control ratings for each of the categories were determined to be as follows: Committee of Sponsoring Organizations Category Control environment Risk assessment Control activities Information and communication Monitoring Rating Acceptable Acceptable Opportunity for improvement Acceptable Opportunity for improvement Refer to Entity-level control summary table in Appendix A for further details. 3.2 While certain categories received an overall rating of Opportunity for improvement or Acceptable, individual Committee of Sponsoring Organizations sub-categories within each of the 5 categories warrant further discussion. These are described further in each of 5 category sections below. The sub-categories within each of the 5 categories have been bolded for purposes of linking to the results in Appendix A. It should be noted that the following only provides a summary of findings and does not include a description of all key entity-level controls identified through the assessment process. Control Environment Findings: 3.3The control environment is influenced by management s operating style and the communication and promotion of values and ethics throughout the organization which are important factors in designing, administering and monitoring all control components of an organization. 3.4 Management s philosophy and operating style Canadian Grain Commission Management s philosophy and operating style, including overall governance (e.g. the Commission, the Executive Management Committee and Departmental Audit Committee), indicates that the principles of management excellence are applied throughout the organization. The Executive Management Committee, the Commission and the Departmental Audit Committee set an appropriate tone from the top in guiding the Canadian Grain Commission in achieving its operational and strategic objectives. The challenge that could present itself is that there are 2 levels of Canadian Grain Commission 12 Entity Level Controls 2011
14 governance: the Executive Management Committee and the Commission. Open communication between the Executive Management Committee and the Commission ensures that priorities remain realistic and that organizational objectives are achieved as intended. However, there is currently no formal guidance on what information should be presented to the Commissioners, the Chief Operating Officer or the Executive Management Committee. Such guidance would be beneficial in educating new Commissioners and new members of the Executive Management Committee or those in acting assignments. 3.5 Assignment of authority and responsibility Assignment of authority and responsibility is clearly communicated throughout the organization. Open communication is encouraged and the Executive Management Committee is committed to being effective leaders and modelling behaviors which employees are expected to demonstrate. The Executive Management Committee Charter demonstrates that the Executive Management Committee is committed to the current and future direction of the organization. 3.6 Organizational structure A clear and effective organizational structure that is linked to the Canadian Grain Commission's Program Activity Architecture is in place and has been communicated to employees and stakeholders via the Canadian Grain Commission web site. While effective organizational structures are known and in place, the documentation has not been updated on the Canadian Grain Commission s web site. For example, the Chief Financial Officer and the Chief Audit Executive report directly to the Chief Commissioner. However, the web site has not be updated to reflect this. Management has indicated that refinements will be reflected in an updated Governance Structure to be submitted to Treasury Board during the fiscal year. 3.7 Integrity and ethical values Management openly communicates the importance of integrity and ethical values principles. These principles have been integrated into the organization s programs and activities. The Canadian Grain Commission has been developing an organizational Values and Ethics Code throughout All government departments are required to have their own code that is consistent with the new Treasury Board code scheduled for completion by March 31, However, approval of the Treasury Board code has been delayed. It is now scheduled for release in April The Canadian Grain Commission is planning to publish its Values and Ethics Code shortly after the publication of the Treasury Board's. In addition, an internal policy on formal disclosure procedures to report known or suspected wrongdoing is currently under development. 3.8 Commitment to competence Executive Management s commitment to competence is demonstrated through a current project to develop competency frameworks for numerous positions at the Canadian Grain Commission. In addition, the Canadian Grain Commission has developed a competency dictionary to assist management in determining competencies required to perform a specific position s responsibilities. 3 core competencies required for Canadian Grain Commission 13 Entity Level Controls 2011
15 appointment have been identified: Effective Interactive Communication, Adaptability and Being a Team-Player. Management has also indicated that commitment to competence is achieved through the People Planning process. However, there are some concerns that deficiencies exist in the monitoring and tracking of the Canadian Grain Commissionwide people plan and divisional people plans. Monitoring and tracking ensures that gaps are being addressed throughout the year. People planning is considered during Canadian Grain Commission s integrated planning phase. However, input into integrated planning related to people planning is only relevant and meaningful for the delivery of the Canadian Grain Commission s mandate, if people plans continue to be reviewed and revised on an on-going basis. Discussions with Human Resources indicate that there are plans to formalize the process wherein divisional teams would meet with Human Resources on a quarterly basis to go over divisional people plans, perform a variance analysis and re-prioritize where necessary. Significant variances would then be tabled at the Executive Management Committee. 3.9 Human resources policies and practices Several Human Resource policies and practices exist and have been communicated to employees. They include, but are not limited to, the People Management Framework, Canadian Grain Commission training requirements, and the Informal Conflict Management System. In addition, the Canadian Grain Commission has developed the Performance Development and Achievement Program. However, a more comprehensive tracking process to monitor implementation is required. Currently the performance cycle is not aligned with the Canadian Grain Commission s fiscal year end. Human Resources rely on each Canadian Grain Commission division to collect information about how many employees within the division have completed their Performance and Learning Agreement regardless of the cycle. While directors and their direct reports have completed their Performance and Learning Agreements, approximately 60% of Canadian Grain Commission employees (particularly in the regions) have not had the opportunity to fully participate in the program. The organization continues to roll out Personal Development and Achievement Program training to educate employees on how to link their personal performance objectives with the strategic outcome of the Canadian Grain Commission. Recommendations: 3.10 We recommend that the Executive Management Committee and the Commissioners establish a formal Terms of Reference document to specify what information is to be communicated to the Commissioners, the Chief Operating Officer or the Executive Management Committee including the timing of such communication We recommend that management implement and approve a formal process to ensure that Divisional People Plans are reviewed on a quarterly basis to ensure that gaps identified are addressed and re-prioritized as necessary in securing human resources to achieve the Canadian Grain Commission s organizational objectives We recommend that management implement a performance cycle for each division to enhance the ability to formally track and monitor the Performance Development and Achievement Program process. In addition, Human Resources should implement a process to ensure that those individuals receiving Personal Development and Canadian Grain Commission 14 Entity Level Controls 2011
16 Achievement Program training are in fact completing Personal Development and Achievement plans in a timely manner. Risk Assessment Findings: 3.13 Every organization faces a variety of risks from external and internal sources that must be assessed at entity-wide and activity levels throughout its operation. Management s approach to managing organizational risk is an essential factor in ensuring the sustainability of an organization Entity-wide objectives Entity-Wide objectives have been established and communicated to employees and industry stake-holders through the Canadian Grain Commission s mandate, vision, values and strategic outcome as well as through the Departmental Report on Plans and Priorities and the Departmental Performance Report. The Canadian Grain Commission s plans and priorities are consistent with the Canadian Grain Commission's mandate and the strategic direction of the organization. Significant efforts have been placed on strategic planning over the past few years. However, less emphasis has been placed on operational planning. Management is aware of this issue and has decided to focus more on operational planning. Plans include closer monitoring of Key Performance Indicators related to program activities on a quarterly basis and the identification of additional quantitative program activity Key Performance Indicators Activity-level objectives Performance against targets of Activity-level Objectives are reported to the Executive Management Committee through a quarterly tracking tool that captures results information and challenges and lessons learned related to each of the organization s program activities. This tool also captures results, challenges and lessons learned related to the Canadian Grain Commission s strategic priorities. Strategic priorities are identified as part of the annual Strategic Planning Process Risks and change management The Canadian Grain Commission has taken action to address risks and change management affecting the organization. A corporate risk profile exists. The Integrated Risk Management project, started in 2010, resulted in input to the strategic planning process. The identified risks have been linked to the organizational Program Activity Architecture and have been considered as part of the Report on Plans and Priorities. Likelihood and impact were considered as part of the risk assessment process; however, residual risk has not been ranked. Currently, the Integrated Risk Management project remains a work in progress with future plans to enhance the process as follows: Identify the level of residual risk for each of the 8 risk areas identified in the Canadian Grain Commission s Corporate Risk Profile The Corporate Risk Profile to be revised, completed and Canadian Grain Commission staff notified of its completion Canadian Grain Commission 15 Entity Level Controls 2011
17 Risk management training for staff to be undertaken by the Canadian Grain Commission within the next 2 years While the Integrated Risk Management project and working group continues to be led by the Corporate Development Advisor, currently there is no formal plan in place to transition the coordination and ongoing monitoring of Integrated Risk Management upon the upcoming retirement of the Corporate Development Advisor. Given that risk management is an essential component in effectively managing an organization, responsibility for such a function should be assigned at all times The Policy and Planning Group is responsible for coordinating and preparing the Canadian Grain Commission s annual environmental scan which identifies potential and emerging threats, opportunities and risks that need to be considered by the Canadian Grain Commission. Risks identified as part of the environmental scan are not necessarily ranked based on likelihood and impact to the organization. Going forward, the plan is to integrate the Integrated Risk Management and Integrated Planning Working Groups for purposes of the planning process. This would enhance the identification of key risks which are identified as part of the environmental scan. Recommendation: 3.18 We recommend that in continuing to refine the Integrated Risk Management process: a. The Integrated Risk Management sub-group of the Integrated Planning Working Group and other key stakeholders be educated on how to assess residual risk as it relates to the annual environmental scan and other risks identified. b. Management develop a timeline to implement the future plan of assessing residual risk for each of the eight risk areas identified as part of the Canadian Grain Commission s corporate risk profile. c. Management develops an action plan to determine the position(s) or Canadian Grain Commission unit(s) that will be responsible or accountable for coordinating and monitoring Integrated Risk Management on a long-term basis We recommend that management develop an action plan to place greater focus on integrating the operational planning phase of the Canadian Grain Commission's annual planning cycle. This will ensure the resources required for the day-to-day delivery of program activities (which are essential in achieving the Canadian Grain Commission's mandate) are planned and monitored throughout the year. Control Activities Findings: 3.20 Control activities Control activities are policies and procedures for implementing management directives. Control activities cover a wide spectrum and include but are not limited to delegated Canadian Grain Commission 16 Entity Level Controls 2011
18 authorities, verifications, security of assets, segregation of duties and information systems Several policies and procedures for the program activities within the Canadian Grain Commission s Program Activity Architecture have been established and communicated. Examples of such policies and procedures include: Industry Services QMS/ISO 9001:2008 Financial Management Licensing Compliance Audits People Management Health and Safety Information Technology 3.22 Several policies and procedures necessary for the Canadian Grain Commission to carry out its mandate are currently in place. However, there are also policies and procedures that require further development to ensure that the Canadian Grain Commission continues to operate as effectively and efficiently as possible. Management is currently aware of the need to update certain policies and procedures including: Business Continuity and Information Technology Disaster Recovery Plan Grain Research Laboratory ISO Accreditation Grain Research Laboratory overall program policies and procedures Information Technology and Non-Information Technology Asset Management Information Management 3.23 In addition, there is currently no working group or process in place to regularly review and update financial policies and procedures or other organizational policies and procedures. Such policies and procedures are reviewed regularly, but on an ad hoc basis. It is the responsibility of each divisional unit to ensure information is kept current. Discussions with management suggest that StaffNet needs to be reviewed and updated to ensure that the most recent policies and procedures are being communicated to staff. Recommendation: 3.24 We recommend that management establish a process for ensuring that policies, procedures and other information necessary in carrying out Canadian Grain Commission s mandate, programs and activities be regularly reviewed and updated as required to ensure that employees have the most accurate and up-to-date information available. Policies and procedures that are currently under development or being rewritten should be closely monitored and promptly communicated to employees upon completion. Information and Communication Findings: 3.25 Information and communication Canadian Grain Commission 17 Entity Level Controls 2011
19 An organization needs information and communication at all levels to run the day-to-day operations, and move towards achievement of its objectives Canadian Grain Commission management proactively communicates financial and nonfinancial information to employees, key stakeholders and other interested parties on a timely basis. This is seen through the Report on Plans and Priorities, Departmental Performance Report, the delivery of Odyssey and Leadership sessions to employees, employee newsletters and announcements and consultation and communication with external parties The Canadian Grain Commission has developed a 5-year global communications plan that addresses both external and internal communications which has been approved by the Executive Management Committee. While the plan s contents remain a work in progress, the Canadian Grain Commission web site provides a variety of information for producers and other industry stakeholders including information about grain quality, quantity and research, statistical information, legislation and policies and user fees The Canadian Grain Commission has developed several forms and procedures that support the customer service and service improvement components of ISO 9001:2008. The Canadian Grain Commission has also established a number of client feedback committees that involve participation of several key stakeholders including grain producers, producer groups, industry associations and grain companies The Canadian Grain Commission currently has an Information Management committee that includes representatives from Statistics, Communications, Information Technology and Administration to ensure the development of all information components are aligned with the Records Information Management project. The Records Information Management project is ongoing and is in stage 4 of the 5-stage project Information Technology Systems strategic and operational plans have been developed and approved by the Executive Management Committee. The plans include actions to ensure that records, data and information are properly secured and that controls are in place to prevent unauthorized access. Given that these plans are relatively new, there is currently no formal process for ensuring that operational and strategic initiatives are being met. Management is aware of the issue and will be developing a strategy to track progress of Information Technology Systems operational and strategic plans going forward Given the size of the Canadian Grain Commission, resource constraints need to be considered when allocating financial and human resources to information and communication management which could in turn result in a lack of integration of information systems throughout the organization; however management is committed to providing resources to information and communication management where feasible given these resource constraints. Monitoring Findings: Canadian Grain Commission 18 Entity Level Controls 2011
20 3.32 Control systems, policies and procedures tend to change over time and thus monitoring ensures that organizations continue to operate effectively in light of such changes Separate evaluations Separate evaluations of organizational effectiveness are provided through various sources including internal audit, central agency audits (e.g. Public Service Commission), external audit (financial statements), Management Accountability Framework assessments and, in the future, program evaluation. Management Action Plans are identified in response to recommendations provided by internal audit and other external parties. Discussion with the Executive Management Committee and the Commissioners provided consistent messaging that before recommendations are agreed to and an action plan is formulated, management must ensure the recommendations are practical for the organization. Resource constraints including time, employees and funding need to be considered when determining the best way to address issues that were identified Reporting deficiencies The Committee of Sponsoring Organizations sub-category Reporting Deficiencies focuses on ensuring there are proper mechanisms in place to identify internal control or reporting deficiencies. It also ensures that appropriate follow-up actions are taken by management to address any noted deficiencies. There are several controls in place to identify reporting deficiencies. For example, financial results are presented to the Commission and the Executive Management Committee for approval on a monthly basis. The Departmental Audit Committee reviews and recommends financial statements for approval on a quarterly basis. In addition, all members of the Executive Management Committee are actively involved in the budgeting process. Re-profiling requirements made during the year are approved by the Executive Management Committee and the Commission Ongoing monitoring From an ongoing monitoring perspective, it should be noted that internal controls over financial reporting do exist. However, these have not been formally documented. Under the Policy on Internal Control the Canadian Grain Commission has yet to fully implement a process to ensure control documentation and processes relevant for internal controls over financial reporting to remain current and up-to-date. The Canadian Grain Commission has developed a multi-year action plan in order to comply with the Policy on Internal Control. The new Statement of Management Responsibility and its annex were completed by the Canadian Grain Commission within the required timelines for the fiscal year In addition, a Policy on Internal Control Steering Committee has been established and will be meeting on an ongoing basis to determine the next steps of the project, including risk assessment, scoping and control documentation. Given that the Canadian Grain Commission is only in the initial phases of the Policy on Internal Control project, training related to the ongoing monitoring of internal controls over financial reporting has not been provided. Issues relating to the project will be addressed by the Policy on Internal Control Steering Committee as the 3-year phased-in approach continues to evolve. Recommendation: 3.36 We recommend that management develop a plan to ensure that proper training is provided to educate owners of the Internal Controls over Financial Reporting process and control owners (and other employees as required) so that they are aware of their Canadian Grain Commission 19 Entity Level Controls 2011
21 roles and responsibilities in ensuring that internal controls over financial reporting are appropriately designed and continue to operate effectively. We express our appreciation to the Executive Management Committee and the Commissioners for their assistance during the course of the audit. This audit has been reviewed with: Gordon Miles, Chief Operating Officer Cheryl Blahey, Chief Financial Officer Audit & Evaluation Services Contact Brian Brown, Chief Audit Executive Canadian Grain Commission 20 Entity Level Controls 2011
22 Appendix A: Canadian Grain Commission - Entity-level control assessment summary Compliant (3) Partially compliant (3) Non compliant (3) Weighted rating (3) CE (Control Environment) (1) 88% A Integrity and ethical values 50% 50% 0% 75% B Commitment to competence 50% 50% 0% 75% C The Commission, the Executive Management Committee and Department Audit Committee 89% 11% 0% 94% D Management s philosophy and operating Style 80% 20% 0% 90% E Organizational structure 67% 33% 0% 83% F Assignment of authority and responsibility 100% 0% 0% 100% G Human Resources policies and practices 100% 0% 0% 100% RA (Risk assessment) (1) 76% A Entity-wide objectives 75% 25% 0% 88% B Activity-level objectives 86% 14% 0% 93% C Risks 50% 50% 0% 75% D Managing change 0% 100% 0% 50% CA (Control activities) (1) 50% A - Control activities 0% 100% 0% 50% IC (Information and communication) (1) 80% A Information 50% 50% 0% 75% B Communication 71% 29% 0% 86% MON (Monitoring) (1) 67% A Ongoing monitoring 22% 57% 11% 51% B Separate evaluations 0% 100% 0% 50% C Reporting deficiencies 100% 0% 0% 100% Assessment rating the Committee of Sponsoring Organizations Statements (2) % Compliant 49 60% Partially compliant 32 39% Non-compliant 1 1% Total % Note 1: CE, RA, CA IC and MON represent the 5 Committee of Sponsoring Organizations Categories within the Committee of Sponsoring Organizations Internal Controls-Integrated Framework. Each of the Committee of Sponsoring Organizations Categories is further broken down into the sub-categories noted above. Note 2: Each of the sub-categories noted within the Committee of Sponsoring Organizations Internal Controls-Integrated Framework has a varying series of statements that can be directly linked to a key ELC for a total of 82 statements. 32 instances of partial compliance were noted which indicates that while not fully compliant with 29 of the Committee of Sponsoring Organizations statements; actions are currently underway to achieving full compliance in the future. The one instance of non-compliance relates to training on Internal Controls over Financial Reporting not yet provided to employees and will be addressed as the Policy on Internal Controls project continues to evolve. Canadian Grain Commission 21 Entity Level Controls 2011
Audit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationAUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL
AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY
More informationAdministrative Guidelines on the Internal Control Framework and Internal Audit Standards
Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page
More informationDocuments and Policies Pertaining to Corporate Governance
Documents and Policies Pertaining to Corporate Governance 3.1 Charter of the Board of Directors IMPORTANT NOTE Chapter 1, Dream, Mission, Vision and Values of the CGI Group Inc. Fundamental Texts constitutes
More informationStatus Report of the Auditor General of Canada to the House of Commons
2011 Status Report of the Auditor General of Canada to the House of Commons Chapter 1 Financial Management and Control and Risk Management Office of the Auditor General of Canada The 2011 Status Report
More informationInternal Audit Manual
Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors
More informationPublic Sector Pension Investment Board
Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationEXECUTIVE SUMMARY...5
Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9
More informationAudit of Financial Management Governance. Audit Report
Audit of Financial Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 2 What we examined... 2 Why it is important... 2 What we found... 2 Background... 4 Objective...
More informationHow To Maintain An Effective System Of Internal Control Over Financial Reporting
Internal control over financial reporting Statement, assessment summary and action plan For the fiscal year ending March 31, 2012 Summary of the assessment of effectiveness of the system of internal control
More informationIndustry Services Quality Management System
Industry Services Quality Management System Canadian Grain Commission Audit & Evaluation Services Final report March, 2012 Table of contents 1.0 Executive summary...2 Authority for audit... 2 Background...
More informationInternal Audit of the Sport Canada Hosting Program
Internal Audit of the Sport Canada Hosting Program Office of the Chief Audit and Evaluation Executive November 2009 Table of Contents Executive Summary...i 1. Introduction and Context...1 1.1 Authority
More informationINTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT.
INTERNAL AUDIT REPORT ON THE FINANCIAL MANAGEMENT CONTROL FRAMEWORK FOR INITIATIVES RELATED TO CANADA S ECONOMIC ACTION PLAN (EAP) REPORT July 2010 PREPARED BY THE INTERNAL AUDIT BRANCH (IAB) Project No:
More informationStandards for the Professional Practice of Internal Auditing
Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,
More informationFinancial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN. CR_2215 Attachment 1
CR_2215 Attachment 1 Financial Services FINANCIAL SERVICES & UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN Acting Branch Manager: Stacey Padbury Table of Contents INTRODUCTION Our
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;
More informationREPORT 2016/066 INTERNAL AUDIT DIVISION. Audit of management of technical cooperation projects in the Economic Commission for Africa
INTERNAL AUDIT DIVISION REPORT 2016/066 Audit of management of technical cooperation projects in the Economic Commission for Africa Overall results relating to the effective management of technical cooperation
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationGAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
More informationModule 6 Documenting Processes and Controls
A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors
More informationINTERNAL AUDIT MANUAL
དང ལ ར ས ལ ན ཁག Internal Audit Manual INTERNAL AUDIT MANUAL Royal Government of Bhutan 2014 i i ii ii Internal Audit Manual དང ལ ར ས ལ ན ཁག ROYAL GOVERNMNET OF BHUTAN MINISTRY OF FINANCE TASHICHHO DZONG
More informationOctober 20, 2015. Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division
Internal Audit Annual Report Fiscal Year 2015 October 20, 2015 Honorable Greg Abbott, Governor Members of the Legislative Budget Board Members of the Sunset Advisory Commission Mr. John Keel, CPA, State
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationPhase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls
Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette
More informationNSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division
AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationStatement of Management Responsibility Including Internal Control Over Financial Reporting
Statement of Management Responsibility Including Internal Control Over Financial Reporting Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationInternal Audit Quality Assessment. Presented To: World Intellectual Property Organization
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
More informationJ u n e 2 0 1 0. N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.
N a t i o n a l R e s e a r c h C o u n c i l C a n a d a Audit of Risk Management I n t e r n a l A u d i t, N R C J u n e 2 0 1 0 June 2010 i 1.0 Executive Summary and Conclusion Background This audit
More informationSocial Sciences and Humanities Research Council of Canada
Social Sciences and Humanities Research Council of Canada Annex to the Statement of Management Responsibility including Internal Control over Financial Reporting (Unaudited) Fiscal year 2014-15 Table of
More informationAudit of Human Resources Management Planning
N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of Human Resources Management Planning I n t e r n a l A u d i t, N R C O C T O B E R 2 011 1.0 Executive Summary and Conclusion Background
More informationFinal Report. Audit of the Project Management Framework. December 2014
Final Report Audit of the Project Management Framework December 2014 Audit of the Project Management Framework Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit
More informationNASA Financial Management Requirements Volume 9, Chapter 4 April 2005 CHAPTER 4 RISK ASSESSMENTS
CHAPTER 4 RISK ASSESSMENTS 0401 GENERAL 040101. Purpose. This chapter provides detailed guidance on National Aeronautics and Space Administration s (NASA) financial management internal control program
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationAudit of Community Futures Program
Audit of Community Futures Program WESTERN ECONOMIC DIVERSIFICATION CANADA Audit, Evaluation & Disclosure Branch April 2009 Table of Contents 1.0 EXECUTIVE SUMMARY 1 2.0 STATEMENT OF ASSURANCE 2 3. 0 INTRODUCTION
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationSECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
More informationCanada Media Fund/Fonds des médias du Canada
Canada Media Fund/Fonds des médias du Canada Statement of Corporate Governance Principles I. Introduction The Corporation s mandate is to champion the creation of successful, innovative Canadian content
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION The Customer Account Data Engine 2 Systems Development Guidelines; However, Process Improvements Are Needed to Address Inconsistencies September 30, Year
More informationFinal Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada
Final Audit Report Audit of the Human Resources Management Information System December 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective...
More informationGuideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010
Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationAudit of Mobile Telecommunication Devices
Recommended by the Departmental Audit Committee for approval by the President on September 12, 2012 Approved by the CNSC President on November 13, 2012 e-doc: 3927102 Table of Contents Executive Summary...
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report. Prepared by: Audit and Assurance Services Branch.
Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Water and Wastewater Infrastructure Prepared by: Audit and Assurance Services Branch Project # 12-10 February 2013 TABLE
More informationAudit of Occupational Safety and Health (OSH)
National Research Council Canada Audit of Occupational Safety and Health (OSH) Internal Audit, NRC SEPTEMBER 2010 1.0 Executive Summary and Conclusion Background This report presents the findings of the
More informationR000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.
2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...
More informationInternal Auditing: Assurance, Insight, and Objectivity
Internal Auditing: Assurance, Insight, and Objectivity WHAT IS INTERNAL AUDITING? INTERNAL AUDITING business people all around the world are familiar with the term. But do they understand the value it
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.
Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014
More informationONTARIO'S DRINKING WATER QUALITY MANAGEMENT STANDARD
July 2007 ONTARIO'S DRINKING WATER QUALITY MANAGEMENT STANDARD POCKET GUIDE PIBS 6278e The Drinking Water Quality Management Standard (DWQMS) was developed in partnership between the Ministry of the Environment
More informationDepartment of Audit and Compliance. Quality Self-Assessment
Department of Audit and Compliance Quality Self-Assessment November 2014 CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK...
More informationCourts Administration Service (CAS) Audit of Integrated Risk Management
Courts Administration Service (CAS) Audit of Integrated Risk Management Original signed by JULY 21, 2015 MR. DANIEL GOSSELIN CHIEF ADMINISTRATOR DATE TABLE OF CONTENTS 1 EXECUTIVE SUMMARY... 3 1.1 Background...
More informationPerformance Measures for Internal Auditing
Performance Measures for Internal Auditing A simple question someone may ask is Why measure performance? An even simpler response would be that what gets measured gets done. McMaster University s discussion
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationTable of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS
SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose
More informationTECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER
Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of
More informationDevelop Project Charter. Develop Project Management Plan
Develop Charter Develop Charter is the process of developing documentation that formally authorizes a project or a phase. The documentation includes initial requirements that satisfy stakeholder needs
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationExport Development Canada
Export Development Canada Special Examination Report 2009 Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Office of the Auditor
More informationAudit of Financial Reporting Controls
Audit of Financial Reporting Controls WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch February 2012 Table of Contents 1.0 Executive Summary 1 2.0 Statement of Assurance 1 3.0 Introduction
More informationUNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL
UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL Evaluation and Inspection Services Memorandum May 5, 2009 TO: FROM: SUBJECT: James Manning Acting Chief Operating Officer Federal Student
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationPROJECT MANAGEMENT FRAMEWORK
PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to
More informationInternal Audit. Audit of HRIS: A Human Resources Management Enabler
Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationPractice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE
Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE March 2012 Table of Contents Executive Summary... 1 Introduction... 1 Risk Management and Assurance (Assurance Services)... 1 Assurance Framework...
More informationInternal Audit Manual
COMPTROLLER OF ACCOUNTS Ministry of Finance Government of the Republic of Trinidad Tobago Internal Audit Manual Prepared by the Financial Management Branch, Treasury Division, Ministry of Finance TABLE
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Economic Development Programs. Prepared by:
Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Economic Development Programs Prepared by: Audit and Assurance Services Branch Project No. 13-44 February 2014 TABLE OF
More informationAudit of IT Asset Management Report
Audit of IT Asset Management Report Recommended by the Departmental Audit Committee for approval by the President on Approved by the President on September 4, 2012 e-doc : 3854899 1 Table of Contents EXECUTIVE
More informationMecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452
Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,
More informationPRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report
An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act. PRIVY COUNCIL OFFICE Audit of Information Technology (IT) Security Audit
More informationFinancial Management Framework >> Overview Diagram
June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document
More informationAudit of Monitoring and Payments
Audit of Monitoring and Payments WESTERN ECONOMIC DIVERSIFICATION CANADA Audit & Evaluation Branch June 2011 Table of Contents 1.0 Executive Summary 1 Findings 1 2.0 Statement of Assurance 2 3.0 Introduction
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationDRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial
DRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial Institutions Regulation Sector Approvals & Precedents Group Office of the Chief
More informationFMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015
FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria
More informationINTERNAL AUDIT CHARTER AND TERMS OF REFERENCE
INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationKING III CORPORATE GOVERNANCE COMPLIANCE REGISTER
KING III CORPORATE GOVERNANCE REGISTER CHAPTER 1: ETHICAL LEADERSHIP AND CORPORATE CITIZENSHIP NON 1.1. The board should provide effective leadership based on an ethical foundation 1.2. The board should
More informationPROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:
PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE: Project Name Project Management Plan Document Information Document Title Version Author Owner Project Management Plan Amendment History
More informationPeriodic risk assessment by internal audit
Periodic risk assessment by internal audit I Introduction The Good Practice Internal Audit Manual Template, developed by the Internal Audit CoP of Pempal, defines the importance and the impact that an
More informationImplementing an Integrated City-wide Risk Management Framework
AUDITOR GENERAL S REPORT ACTION REQUIRED Implementing an Integrated City-wide Risk Management Framework Date: June 11, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY
More informationAudit of Construction Contracts
National Research Council Canada Audit of Construction Contracts Internal Audit, NRC January 2009 TABLE OF CONTENTS 1.0 Executive Summary... 1 2.0 Introduction... 6 2.1 Background and context... 6 2.2
More informationGovernance, Risk and Compliance Charter
Governance, Risk and Compliance Charter Charter Owner Director GRC Charter Approver Board of Management Effective date November 15 th, 2013 Date of issue Version Name Title 15 Nov 2013 1.0 Fokko Kool Group
More informationPractice guide. quality assurance and IMProVeMeNt PrograM
Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...
More informationRegulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))
Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationSafety Management Program
Corrective Action Plan (CAP) Safety Management Program Submitted by TransCanada PipeLines Limited and its National Energy Board Regulated Subsidiaries to address non-compliant findings in the National
More informationAudit of Accounts Receivable
WESTERN ECONOMIC DIVERSIFICATION CANADA Audit and Evaluation Branch October 2009 Table of Contents 1.0 EXECUTIVE SUMMARY 1 Statement of Assurance 2 2. 0 INTRODUCTION 3 Background 3 Audit Objectives 3 Key
More informationCOMPLIANCE CHARTER 1
COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More information