Risk-Based Audit Plan 2016-2017 to 2018-2019
Date: February 2016
PDF Version (341 Kb, 34 Pages)
Table of contents
- Introduction
- Risk-Based Audit Planning Approach
- The Three Year Risk-Based Audit Plan
- Resource Considerations
- Appendix A – INAC Audit Universe
- Appendix B – Linkage of 2016-2017 Audits to the Corporate Risk Profile
- Appendix C – Linkage of 2016-2017 Audits to MAF elements
- Appendix D – 2016-2017 Audit Projects
- Appendix E – Changes to the Audit Plan
Introduction
The Treasury Board Policy on Internal Audit seeks to contribute to the improvement of public sector management by ensuring a strong, credible, effective and sustainable internal audit function within departments as well as government-wide. In response to this requirement, Indigenous and Northern Affairs Canada (INAC) has developed this three-year Risk-Based Audit Plan. This plan details the assurance services that Audit and Assurance Services Branch will provide, independent of line management, to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.
Purpose
The Audit and Assurance Services Branch (AASB) of INAC has prepared this document for the Deputy Minister to outline the 2016-2017 to 2018-2019 Risk-Based Audit Plan for INAC. The plan is designed to support the allocation of audit resources to those areas that represent the most significant risks to the achievement of INAC's objectives and to respond to the requirements of the Treasury Board Policy on Internal Audit (April 1, 2012). In considering the appropriateness of the plan, the Deputy Minister is advised by an independent, departmental Audit Committee, comprised of five external members.
Document Organization
| Introduction | This section provides an overview of the role of the internal audit function and Treasury Board expectations with respect to audit in order to provide the reader with the context for the Plan. |
|---|---|
| Risk-Based Audit Planning Approach | This section describes the process followed to develop the Plan. |
| The Three-Year Risk-Based Audit Plan | This section details the comprehensive plan for the 2016-2017 to 2018-2019 fiscal years, including a summary of activities over three years. |
| Resource Considerations | This section details the resource considerations required to execute the Plan. |
| Appendices | This section provides various detailed tables to further describe the Plan. |
The Role and Scope of Internal Audit
Internal audit plays a vital role in governance and accountability. Without a strong, objective and independent assurance function, the effectiveness of the overall governance framework of an organization is severely weakened. With an effective internal audit function, there is greater confidence that the decisions being taken are informed by appropriate information on governance, risk management and control. Internal audit's systematic and disciplined approach adds value and improves an organization's operations.
Through the Federal Accountability Act (2006) and Action Plan, the Government of Canada committed to strengthen auditing and accountability within Departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility and by enhancing the internal audit function.
The role of INAC's internal audit function is to ensure that, in conjunction with advice from the Audit Committee, the Deputy Minister is provided with independent assurance regarding the effectiveness of the Department's risk management, control and governance processes. The internal audit function fulfils this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the Department's risk management, control and governance processes.
The scope of work of the internal audit function is to assess if INAC's network of risk management, control, and governance processes (as designed and represented by management) is adequate and functioning such that:
- Risks are appropriately identified and managed;
- Financial, managerial, and operational information is accurate, reliable, and timely;
- Compliance with policies, standards, procedures and applicable laws and regulations is achieved;
- Resources are acquired economically, used effectively and adequately protected;
- Programs, plans and objectives are achieved;
- Quality and continuous improvement are fostered in the Department's control processes; and,
- Legislative or regulatory issues affecting the Department are recognized and addressed properly.
When opportunities for improving management control, governance or resource stewardship are identified in audits, they are communicated to the suitable level of management so that appropriate action can be taken.
The internal audit function plays an important role in supporting departmental operations. It provides assurance on all the important aspects of the risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive advice and recommendations. In this way, internal audit contributes to enhanced accountability and performance.
Treasury Board Policy Requirements
INAC is subject to the Treasury Board Policy on Internal Audit. This policy states that the internal audit function in the Government of Canada "…is a professional, independent and objective appraisal function that uses a disciplined, evidence-based approach to assess and improve the effectiveness of risk management, control and governance processes".
The Policy on Internal Audit requires the Deputy Minister to approve a multi-year risk-based audit plan that considers departmental areas of high risk and significance, as well as Government-wide audits led by the Comptroller General. The Treasury Board Directive on Internal Auditing in the Government of Canada (April 1, 2012) requires that the Chief Audit Executive "…establish and update at least annually a multi-year plan of internal audit engagements based on a risk assessment and which is focused predominantly on the provision of assurance services". The Directive also requires that the Audit Committee "…review and recommend for approval a multi-year risk-based internal audit plan".
The Treasury Board specifies that "the Government of Canada has adopted the Institute of Internal Auditors' (IIA) International Professional Practices Framework and that all federal departments are required to meet the IIA Standards in undertaking their internal auditing responsibilities, unless the Standards are in conflict with the Treasury Board Policy on Internal Audit or any related directives or standards, in which case the Policy, Directive or Standards will prevail".
The Chief Audit Executive's Annual Report to the Deputy Minister and the Audit Committee
A requirement of the Directive on Internal Auditing in the Government of Canada is that the Chief Audit Executive must annually prepare a written report to the Deputy Minister and the Audit Committee that includes sections on:
- "Internal audit's independence, proficiency, performance and results relative to its plan, including resource utilization, lessons learned and influences on future years' plans;
- The results of the Quality Assurance and Improvement Program including internal audit's conformance with the Internal Auditing Standards for the Government of Canada;
- The results of the follow-up on the implementation of management action plans; and,
- An overview of the aggregate findings following the execution of the risk-based audit plan, including the actions taken by management to address key findings."
The Chief Audit Executive's annual report and other inputs, such as the Chief Financial Officer's Statement of Management Responsibility including Internal Control over Financial Reporting, and reports of other assurance agencies, provide departmental senior management and the Comptroller General with assurance on the Department's risk management, controls and governance processes.
Risk-Based Audit Planning Approach
To meet the requirement of the Directive on Internal Auditing in the Government of Canada for the establishment, and at least annual update, of a multi-year plan of internal audit, the Audit and Assurance Services Branch’s assessment of INAC’s areas of risk was reviewed and updated to ensure that audit resources continue to be targeted to areas of highest risk and significance.
Conduct and Timing of an Internal Audit
Once approved, the Risk-Based Audit Plan provides AASB with the Deputy Minister's direction on what specific audits should be undertaken in the coming year. Each audit consists of the following phases:
The Planning Phase is undertaken to gain an understanding of the objectives, activities, key risks and controls of the area subject to audit. The audit objectives and scope are finalized and audit criteria are established.
During the Conduct Phase, auditors carry out the audit program to ascertain whether each audit criterion is satisfied. Auditors conduct interviews, review documentation, perform analysis, observe activities and employ other techniques to obtain sufficient, relevant and reliable information to reach conclusions and support preliminary findings. Findings are reviewed with management to validate accuracy.
During the Reporting Phase, the draft audit report is prepared outlining background and context, and the auditor's findings, conclusions and recommendations. Management presenting a Management Responseand Action Plan outlining their response to the findings as well as the corrective action planned to mitigate the identified control gaps.
In the Follow-up Phase, action is taken to ensure that the required measures have indeed been implemented.
The audit may last three (3) to twelve (12) months depending on the size and complexity of the area subject to audit as well as the specific scope and objectives of the engagement.
In establishing priorities for the Risk-Based Audit Plan, AASB employed a risk-based approach. As a first step in updating the Risk-Based Audit Plan, AASB reviewed the audit universe to confirm that the existing auditable unitsFootnote 1 were still valid. The audit universe is a collection of all auditable units. The auditable units generally correspond to the programs and sub-programs identified in INAC's Program Alignment Architecture (PAA) and to the major organizational units of the Department (Appendix A presents the entire INAC audit universe). In total, there are 40 program units and 34 internal services units.
AASB then reviewed departmental priorities, business conditions and risks as identified in a wide variety of sources, including, but not limited to, corporate, sector and program risk profiles, corporate and sector business plans, past audit, evaluation and review reports, and last year's risk-based planning exercise. The purpose of this review was to determine if the risk ratings as determined in last year's process continue to be valid. Based on this determination, changes were made to more accurately reflect the current risk of each auditable unit. The distribution of auditable units by rank is displayed in Figure 1.
Figure 1 - Auditable Units Priority Rankings
Description of Figure 1 - Auditable Units Priority Rankings
The chart illustrates the final priority rankings for each auditable unit of INAC's audit universe. The priority rankings are as follows:
- Very High: 20% or 15 auditable units
- High: 37% or 27 auditable units
- Moderate: 23% or 17 auditable units
- Low: 15% or 11 auditable units
- Not rated: 5% or 4 auditable units
This process became the basis for the development of an initial listing of potential audit projects over the three-year horizon of the Plan. To develop the Plan, the auditable units assigned a Very High and High risk rating and which were deemed worthy of attention were preliminarily assigned audits within the three years of the Plan. Once the audit priorities were determined, the timing of each audit was reviewed, taking into account the following planning considerations:
- The Plan should be a body of work that can be reasonably achieved with AASB's current staff complement and operating budget;
- Auditable units rated very high and high risk and for which it was determined that audit work is a priority should be audited once in the three-year cycle, resources permitting;
- Auditable units assessed as medium risk should only be considered for audit if all very high and high risk units are covered or if they represent an INAC management priority;
- Adequate coverage of corporate risks identified in the corporate risk profile should be obtained;
- The Risk-Based Audit Plan should ensure sufficient coverage of departmental risk management, control and governance processes;
- The timing of activities should take into account program evaluations, OAG, OCG and other central agency audits and any other considerations such as program renewals, so as not to place an unreasonable burden on any entity and to avoid duplication of effort; and,
- A reasonable allocation of effort should be included to conduct follow-up reviews and audit procedures to assess the adequacy of management actions in addressing past audit recommendations.
After making adjustments to take into consideration feedback received from senior management, the Plan was then presented to Audit Committee members for their review and recommendation for approval by the Deputy Minister. The implementation of the Risk-Based Audit Plan will be monitored on a regular basis throughout the year and proposed changes will be reviewed and formally recommended for the Deputy Minister's approval by the Audit Committee. An update of the Plan will be presented at the mid-year meeting of the Audit Committee to confirm that it still provides appropriate coverage over the departmental priorities and highest risks.
The Three Year Risk-Based Audit Plan
This section presents an overview of the INAC 2016-2017 to 2018-2019 Risk-Based Audit Plan.
Audit Coverage
INAC's Risk-Based Audit Plan 2016-2017 to 2018-2019 addresses areas of highest priority.
This section describes how the Plan addresses areas of higher risk and significance. As detailed in Appendix A, there is coverage of all Very High and High audible units; for which it was determined that audit work is a priority during the three year period. The Corporate Risk Profile is management's point in time reflection of the most significant risks that threaten achievement of INAC's objectives. AASB seeks to ensure that all of these risks are covered in the planned audits. The chart to the right summarizes the number of 2016-2017 audits that will address one or more of the corporate risks. Appendix B presents the specific linkages of audits to corporate risks.
Coverage of Corporate Risks
Description of Coverage of Corporate Risks
The graph illustrates the extent to which INAC corporate risks are covered by the new and ongoing audit projects in 2016-2017. Please note that individual projects may cover one or more risk area. The coverage is as follows:
- Environmental: 1
- Legal: 6
- External Partnership: 12
- Indigenous Relationship: 14
- Government Partnership: 10
- Implementation: 16
- Information for Decision Making: 18
- HR Capacity and Capabilities: 6
In support of the Chief Audit Executive’s annual report to the Deputy Minister and the Audit Committee, the Plan endeavours to address all elements of Treasury Board’s Management Accountability Framework (MAF). The chart to the right summarizes the extent to which the elements of this framework are covered in the planned audits for 2016-2017. Appendix C describes these linkages in greater detail.
Coverage of MAF/ Core Management Control Elements
Description of Coverage of MAF/ Core Management Control Elements
The graph illustrates the extent to which the elements of the Treasury Board’s Management Accountability Framework are covered by the number of planned audit projects for 2016-2017 in each Management Area. The coverage is as follows:
- People Management : 5
- Financial Management: 14
- Integrated Risk, Planning and Performance: 18
- IM/IT Management: 1
- Assets and Acquired Services: 5
- Security Management: 1
- Service Management: 15
2016-2017 to 2018-2019 Risk-Based Audit Plan
Table 1 outlines the number of planned internal audits, reviews, and OCG audits for each of the three years of the Plan.
| 2015-16 Ongoing | 2016-2017 | 2017-2018 | 2018-2019 | |
|---|---|---|---|---|
| Audits | 6 | 12 | 12 | 12 |
| Management Practices Reviews | 0 | 3 | 3 | 3 |
| OCG Horizontal Internal Audits | 0 | 1 | 1 | 0 |
| Total (including management requests) | 6 | 16 | 16 | 15 |
Table 2 below presents the planned audits for 2016-2017 and identifies the audit priority assigned to each and the fiscal quarter in which each is expected to begin and in which the results are expected to be presented to the Audit Committee (denoted as "AC" in the table). The detailed audit plan for 2016-2017, including project objective, scope and rationale, is presented in Appendix D.
Table 3 below lists the proposed audits for 2017-2018 and 2018-2019 and their respective audit priority rankings. The audit plans for 2017-2018 and 2018-2019 are tentative and the selection and timing of audits will be revisited during next year's annual planning exercise.
| Priority | 2015-16 (ongoing) |
2016-17 (Year 1) |
|||||
|---|---|---|---|---|---|---|---|
| Q3 | Q4 | Q1 | Q2 | Q3 | Q4 | ||
| Ongoing (Projects commenced in 2015-16 to be completed in 2016-17) * | |||||||
| 1. System Under Development Audit of the Secure Integrated Registration and Certification Unit (SIRCU) [95 % to complete]) | Very High | AC | |||||
| 2. Audit of the On-Reserve Housing Program [25% to complete] | Very High | AC | |||||
| 3. Audit of INAC Support to the Specific Claims Process [75% to complete] | Very High | AC | |||||
| 4. Audit of the Management Control Framework for Grants and Contributions 2015-2016 [60% to complete] | Very High | AC | |||||
| 5. Audit of Acquisition Cards, Travel and Hospitality [70% to complete] | High | AC | |||||
| 6. Audit of Values and Ethics [5% to complete] | High | AC | |||||
| 2016-2017 | |||||||
| 1. Audit of the Urban Aboriginal Strategy Program | High | AC | |||||
| 2. Audit of Performance Measurement and Reporting | High | AC | |||||
| 3. Audit of HR Staffing and Planning | High | AC | |||||
| 4. Audit of the Emergency Management Assistance Program | Very High | AC | |||||
| 5. Audit of Expenditure Management | High | AC | |||||
| 6. Audit of the First Nations Child and Family Services Program | Very High | AC | |||||
| 7. Audit of the Implementation of Modern Treaty Obligations | Very High | AC | |||||
| 8. Follow-up Audit of Infrastructure on Reserves | High | AC | |||||
| 9. Management Practices Review of the Quebec Region | Very High | AC | |||||
| 10. Management Practices Review of the Alberta Region | Very High | AC | |||||
| 11. Management Practices Review of the British Columbia Region | High | AC | |||||
| 12. Audit of the Additions to Reserve Process | High | ** | |||||
| 13. Audit of the Elementary and Secondary Education Program | Very High | ** | |||||
| 14. Audit of the Management Control Framework for Grants and Contributions 2016-2017 (conducted annually) | Very High | ** | |||||
| 15. OCG Horizontal Internal Audit of Costing Information for Decision Making | High | ** | |||||
| 16. Senior Management Requested Audit(s) | High | ** | |||||
| ** To be determined | |||||||
| Priority | |
|---|---|
| 2017-2018 | |
| 1. Audit of the Management Control Framework for Grants and Contributions 2017-2018 (annual) | Very High |
| 2. Audit of the Indian Registration System | Very High |
| 3. Audit of Contingent Liabilities | Very High |
| 4. Audit of the Water and Wastewater Infrastructure Program | Very High |
| 5. Management Practices Review of the Yukon Region | High |
| 6. Management Practices Review of the Nunavut Region | High |
| 7. Management Practices Review of the Northwest Territories Region | High |
| 8. Audit of the Education Facilities Program | High |
| 9. Audit of Lands Management (incl. Lands Registry System) | High |
| 10. Audit of Litigation Management | High |
| 11. OCG Horizontal Internal Audit of Information Technology Security (Phase II) | High |
| 12. Audit of the Family Violence Prevention Program | High |
| 13. Audit of Post-Secondary Education Program | High |
| 14. Audit of Economic Development Programs | High |
| 15. Audit of IM/IT Governance | High |
| 16. Senior Management Requested Audit(s) | High |
| 2018-2019 | |
| 1. Audit of the Management Control Framework for Grants and Contributions 2018-2019 (annual) | Very High |
| 2. Audit of Contaminated Sites Program | Very High |
| 3. Audit of INAC Support to the Specific Claims Process | Very High |
| 4. Audit of the On-Reserve Housing Program | Very High |
| 5. Audit of the Income Assistance Program | Very High |
| 6. Audit of Negotiation of Comprehension Land Claims and Self Government Agreements | Very High |
| 7. Follow up Audit of the Education Information System | Very High |
| 8. Management Practices Review of the Chief Financial Officer Sector | Very High |
| 9. Management Practices Review of the Resolution and Individual Affairs Sector | Very High |
| 10. Management Practices Review of the Northern Affairs Organization | High |
| 11. Audit of Nutrition North Canada | High |
| 12. Audit of Capacity Development | High |
| 13. Audit of Métis Relations and Rights Management, and Non-Status Indian Relations Program | High |
| 14. Audit of Occupational Health and Safety | High |
| 15. Senior Management Requested Audit(s) | High |
Changes to the Plan
INAC's Risk Based Audit Plan is updated annually with adjustments during the year, if necessary. This year's audit plan is an evolution of the 2015-2016 to 2017-2018 Plan and, as such, includes six (6) on-going audits that will be completed in 2016-2017. Other projects have been cancelled or deferred as a result of changing business priorities and conditions, details of these changes can be found in Appendix E.
Challenges to Achieving Fulfillment of the Three-Year Plan
INAC programs and services are delivered in a complex policy and political environment that is constantly evolving and shifting from a legalistic approach to a policy-based approach that is more focused on reconciliation, partnerships, and the sustainable development of Aboriginal communities. Two risk factors that were identified in the 2015-2016 Corporate Risk Profile are of particular importance to the successful implementation of the Risk-Based Audit Plan. These are: (1) the risk related to the availability of timely, pertinent, consistent, and accurate information; and, (2) the risk related to the need to attract, recruit and retain sufficiently qualified, experienced and representative employees. Given this context, the Plan allows flexibility to respond to emerging risks and policy or program changes. If these risks or changes emerge and suggest higher priority audit activity, the Plan will be adjusted so that internal audit can undertake appropriate responses.
To support the need for flexibility, AASB has adopted an approach whereby internal resources are supplemented with qualified contractors. Considering the cross-government shortage of qualified auditors, this approach not only allows AASB to access required capacity and skills but also facilitates transfer of knowledge and skills to internal resources, thereby building internal capacity. The establishment of the Professional Audit Support Services Supply Arrangement (PASS) by AASB has contributed to more efficient contracting and has helped to overcome some of these challenges.
Resource Considerations
This section presents the resource requirements of all internal audit activities planned for 2016-2017. Projects undertaken will depend on the availability of financial and human resources. The estimated resource requirements for small, medium, and large projects have been updated to reflect current forecasts and are consistent with the results of historical project cost analysis for the last three fiscal years (2013-14 to 2015-16). This approach has proven to be the most accurate basis for forecasting costs, as specific requirements can only be determined once audit planning has been completed.
The Audit and Assurance Services Branch's assurance activities represent 92% (91% for INAC-led and 1% for OCG-led) of branch resource requirements. Other internal audit activities, including monitoring of action plans from past audits, annual audit planning, Quality Assurance and Improvement, reporting, learning and development, and liaison with OAG and other external assurance providers represents 9%.
Resource Requirements
While the level of effort and cost will vary from project to project, it is our professional opinion that the current level of resourcing is adequate to achieve the Plan.
Appendix A – INAC Audit Universe
| Departmental Program Auditable Units (11) | Planned Audit(s) |
|---|---|
| Contaminated Sites | Audit of Contingent Liabilities (2017-2018) Audit of Contaminated Sites Program (2018-2019) |
| First Nations Child and Family Services | Audit of the First Nations Child and Family Services Program (2016-2017) |
| Elementary and Secondary Education | Audit of the Elementary and Secondary Education Program (2016-2017) |
| Specific Claims | Audit of INAC Support to the Specific Claims Process (Carry Forward from 2015-2016) Audit of INAC Support to the Specific Claims Process (2018-2019) |
| Registration and Membership | System under Development Audit of the Secure Integrated Registration and Certification Unit (Carry Forward from 2015-2016) Audit of the Indian Registration System (2017-2018) |
| On-Reserve Housing | Audit of the On-Reserve Housing Program (Carry Forward from 2015-2016) Audit of the On-Reserve Housing Program (2018-2019) |
| Emergency Management Assistance | Audit of the Emergency Management Assistance Program (2016-2017) |
| Income Assistance | Audit of the Income Assistance Program (2018-2019) |
| Management and Implementation of Agreements and Treaties | Audit of the Implementation of Modern Treaty Obligations (2016-2017) |
| Negotiations of Claims and Self-Government Agreements | Audit of Negotiation of Comprehensive Land Claims and Self Government Agreements (2018-2019) |
| Water and Wastewater Infrastructure | Audit of the Water and Wastewater Infrastructure Program (2017-2018) |
| Internal Services Auditable Units (4) | Planned Audit(s) |
| Grants and Contributions Controls | Audit of the Management Control Framework for Grants and Contributions (Carry Forward from 2015) Audit of the Management Control Framework for Grants and Contributions (2016-2017) Audit of the Management Control Framework for Grants and Contributions (2017-2018) Audit of the Management Control Framework for Grants and Contributions (2018-2019) |
| Liabilities | Audit of Contingent Liabilities (2017-2018) Audit of the Contaminated Sites Program (2018-2019) |
| Information Management | Audit of the Indian Registration System (2017-2018) |
| Information Technology | Audit of the Indian Registration System (2017-2018) Follow-up Audit of the Education Information System (2018-2019) |
| Departmental Program Auditable Units (15) | Planned Audit(s) |
|---|---|
| Education Facilities | Audit of the Education Facilities Program (2017-2018) |
| Other Community Infrastructure and Activities | Follow-up Audit of Infrastructure on Reserves (2016-2017) |
| Post-Secondary Education | Audit of Post-Secondary Education Program (2017-2018) |
| First Nations Governments | Audit of Capacity Development (2018-2019) |
| Aboriginal Governance Institutions and Organizations | Audit of Capacity Development (2018-2019) |
| Administration of Reserve Land | Audit of the Additions to Reserve Process (Carry Forward from 2015-2016) Audit of Lands Management (incl. Lands Registry System) (2017-2018) |
| Contaminated Sites (On-Reserve) | Audit of Contaminated Sites Program (2018-2019) |
| Family Violence Prevention | Audit of the Family Violence Prevention Program (2017-2018) |
| Independent Assessment Process | None |
| Consultation and Accommodation | None |
| Métis Relations and Rights Management, and Non-Status Indian Relations | Audit of Métis Relations and Rights Management, and Non-Status Indian Relations Program (2018-2019) |
| Nutrition North | Audit of Nutrition North Canada (2018-2019) |
| Assisted Living | None |
| Lands and Economic Development Services | Audit of Economic Development Programs (2017-2018) |
| Urban Aboriginal Participation | Audit of the Urban Aboriginal Strategy Program (2016-2017) |
| Internal Services Auditable Units (12) | Planned Audit(s) |
| Expenditure Management | Audit of Acquisition Cards, Travel and Hospitality (Carry Forward from 2015-2016) Audit of Expenditure Management (2016-2017) |
| Litigation Management | Audit of Litigation Management (2017-2018) |
| IM/IT Security | OCG Horizontal Internal Audit of Information Technology Security Phase II (2017-2018) |
| Organizational Design and Classification | None |
| Strategic and Business Planning | OCG Horizontal Internal Audit of Costing Information for Decision Making (2016-2017) |
| Communications | None |
| ATIP Management | None |
| Values and Ethics | Audit of Values and Ethics (Carry Forward from 2015-2016) |
| Performance Measurement and Reporting | Audit of Performance Measurement and Reporting (2016-2017) |
| IM/IT Governance | Audit of IM/IT Governance (2017-2018) |
| HR Staffing and Planning | Audit of HR Staffing and Planning (2016-2017) |
| Occupational Health and Safety | Audit of Occupational Health and Safety (2018-2019) |
| Departmental Program Auditable Units (7) | Internal Services Auditable Units (10) |
|---|---|
| Political Development and Intergovernmental Relations | Assets and Property Management |
| Petroleum and Minerals | Financial Planning and Budgeting |
| Science Initiatives | External Reporting |
| Investment in Economic Opportunities | Loans and Accounts Receivable |
| Land and Water Management | Strategic Policy Development |
| Business Capital and Support Services | Corporate Security |
| Reconciliation | Learning and Development |
| Continuity of Operations | |
| Labour Relations | |
| Revenues |
| Departmental Program Auditable Units (7) | Internal Services Auditable Units (4) |
|---|---|
| National Child Benefit | Compensation and Benefits (Payroll) – Departmentally Managed |
| Strategic Partnerships | Official Languages |
| Climate Change Adaptation | Accommodations |
| Northern Contaminants | Library and Information Centre |
| Estates | |
| Renewable Energy and Energy Efficiency | |
| Business Opportunities |
| Departmental Program Auditable Units (0) | Internal Services Auditable Units (4) |
|---|---|
| Departmental Audit and Evaluation | |
| Complaints and Allegations | |
| Legal Services | |
| Risk Management |
Appendix B – Linkage of 2016-2017 Audits to the Corporate Risk Profile
| 2016-2017 Audit Projects | HR Capacity and Capabilities | Information for Decision Making | Implementation | Government Partnership | Indigenous Relationship | External Partnership | Legal | Environmental |
|---|---|---|---|---|---|---|---|---|
| Ongoing | ||||||||
| System Under Development Audit of the Secure Integrated Registration and Certification Unit (SIRCU) | Selected | Selected | Selected | Selected | ||||
| Audit of the On-Reserve Housing Program | Selected | Selected | Selected | Selected | Selected | |||
| Audit of INAC Support to the Specific Claims Process | Selected | Selected | Selected | Selected | ||||
| Audit of the Management Control Framework for Grants and Contributions 2015-2016 | Selected | Selected | Selected | |||||
| Audit of Acquisition Cards, Travel and Hospitality | Selected | Selected | ||||||
| Audit of Values and Ethics | Selected | Selected | ||||||
| 2016-2017 Projects | ||||||||
| Audit of the First Nations Child and Family Services Program | Selected | Selected | Selected | Selected | Selected | Selected | ||
| Audit of the Management Control Framework for Grants and Contributions 2016-2017 | Selected | Selected | Selected | |||||
| Audit of the Elementary and Secondary Education Program | Selected | Selected | Selected | Selected | Selected | |||
| Audit of the Emergency Management Assistance Program | Selected | Selected | Selected | Selected | Selected | Selected | Selected | |
| Audit of the Implementation of Modern Treaty Obligations | Selected | Selected | Selected | Selected | Selected | Selected | ||
| Audit of Expenditure Management | Selected | |||||||
| Management Practices Review of the Quebec Region | Selected | Selected | Selected | Selected | Selected | |||
| Management Practices Review of the Alberta Region | Selected | Selected | Selected | Selected | Selected | |||
| Management Practices Review of the British Columbia Region | Selected | Selected | Selected | Selected | Selected | |||
| Follow-up Audit of Infrastructure on Reserves | Selected | Selected | Selected | Selected | ||||
| Audit of the Additions to Reserve Process | Selected | Selected | Selected | Selected | ||||
| OCG Horizontal Internal Audit of Costing Information for Decision Making | Selected | Selected | ||||||
| Audit of the Urban Aboriginal Strategy Program | Selected | Selected | Selected | Selected | Selected | |||
| Audit of Performance Measurement and Reporting | Selected | Selected | ||||||
| Audit of HR Staffing and Planning | Selected | Selected | Selected | |||||
| Senior Management Requested Audit(s) | ||||||||
Appendix C - Linkage of 2016-2017 Audits to MAF Elements
| 2016-2017 Audit Projects | Service Management | Security Management | Assets and Acquired Services | IM/IT Management | Integrated Risk, Planning and Performance | Financial Management | People Management |
|---|---|---|---|---|---|---|---|
| Ongoing | |||||||
| System Under Development Audit of the Secure Integrated Registration and Certification Unit (SIRCU) | Selected | Selected | Selected | Selected | Selected | ||
| Audit of the On-Reserve Housing Program | Selected | Selected | Selected | Selected | |||
| Audit of INAC Support to the Specific Claims Process | Selected | ||||||
| Audit of the Management Control Framework for Grants and Contributions 2015-2016 | Selected | Selected | Selected | ||||
| Audit of Acquisition Cards, Travel and Hospitality | Selected | ||||||
| Audit of Values and Ethics | Selected | ||||||
| 2016-2017 Projects | |||||||
| Audit of the First Nations Child and Family Services Program | Selected | Selected | Selected | ||||
| Audit of the Management Control Framework for Grants and Contributions 2016-2017 | Selected | Selected | Selected | ||||
| Audit of the Elementary and Secondary Education Program | Selected | Selected | Selected | ||||
| Audit of the Emergency Management Assistance Program | Selected | Selected | Selected | ||||
| Audit of the Implementation of Modern Treaty Obligations | Selected | Selected | |||||
| Audit of Expenditure Management | Selected | Selected | |||||
| Management Practices Review of the Quebec Region | Selected | Selected | Selected | Selected | Selected | ||
| Management Practices Review of the Alberta Region | Selected | Selected | Selected | Selected | Selected | ||
| Management Practices Review of the British Columbia Region | Selected | Selected | Selected | Selected | Selected | ||
| Follow-up Audit of Infrastructure on Reserves | Selected | Selected | Selected | Selected | |||
| Audit of the Additions to Reserve Process | Selected | Selected | |||||
| OCG Horizontal Internal Audit of Costing Information for Decision Making | Selected | Selected | |||||
| Audit of the Urban Aboriginal Strategy Program | Selected | Selected | |||||
| Audit of Performance Measurement and Reporting | Selected | Selected | |||||
| Audit of HR Staffing and Planning | Selected | Selected | |||||
| Senior Management Requested Audit(s) | |||||||
Appendix D – 2016-2017 Audit Projects
The detailed audit plan for 2016-2017 is presented below, with each project described in terms of its preliminary objective, preliminary scope and rationale. For all planned audits, the final objective and scope will determined at the end of the planning phase, based on an assessment of risk.
| Audit Objective and Scope | Rationale for Conduct |
|---|---|
| Audit of the Management Control Framework for Grants and Contributions 2016-2017 (conducted annually) | Very High |
The ongoing objective of the audit of the management control framework for grants and contributions is to assess the adequacy and effectiveness of the management control framework for grant and contribution programs. As the framework and the Department’s programs and their risks evolve, the specific objectives and scope for audit activity in a given year are based upon a current risk assessment conducted during the planning phase. In assessing the adequacy and effectiveness of selected controls, the audit will typically examine their application horizontally, i.e. through a sample of programs and regions. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Grants and contributions are the primary transfer payment vehicles through which INAC programming is delivered. In addition to being financially material (over $6 billion annually), INAC continues to implement a strengthened Management Control Framework for Grants and Contributions to achieve the expected improvements reflected in the Policy on Transfer Payments, e.g. risk-based program frameworks, recipient agreements and recipient auditing, reduced reporting burden on recipients. The 2014-2015 audit concluded that while the General Assessment (GA) tool is being used across the department, there are inconsistencies in the processes established to develop, review and approve GAs and GA scores are not consistently impacting the level of administrative requirements imposed on recipients. The 2013-2014 audit concluded that the Department does not take a horizontal view to designing, approving, or implementing program control frameworks; the data collected from recipients is not being used to its full potential and risk-based approaches are not being employed to target attention at areas of greatest need. |
| Audit of the First Nations Child and Family Services Program | Very High |
The preliminary objective of this audit is to assess the adequacy and effectiveness of the controls supporting the implementation of the prevention-focused approach within the First Nations Child and Family Services (FNCFS) Program. The new prevention model has been implemented in First Nations communities in six provinces, covering 68% of the First Nations children in Canada. The scope of the audit will include the management controls that support the implementation, delivery and monitoring of prevention-focused FNCFS programming in the INAC regions where implementation has occurred. The type of audit testing performed in each of the regions will be determined during the planning phase. The proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship, and accountability related to the FNCFS program. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
The First Nations Child and Family Services (FNCFS) Program assists First Nations in providing access to culturally sensitive child and family services in their communities, and ensures that the services provided to First Nations children and their families on-reserve is reasonably comparable to those available to other provincial residents in similar circumstances. Programming is material (over $660 million), highly visible and extremely sensitive. The delivery model is complex and includes a variety of third party partners, participants and agreements. The shift to the Prevention Focused Approach has resulted in significant new investments by the department and a change in programming focus. An audit of this approach in 2012 found that while business plans were required by all Agencies to receive funding, they often lacked consistently documented performance measurement targets and an overall approach to performance measurement of EPFA was lacking. The audit also noted concerns related to governance and oversight of the program. |
| Audit of the Elementary and Secondary Education Program | Very High |
The preliminary objective of the audit will be to assess the adequacy and effectiveness of the management control framework of the K-12 Program and that regional controls for administering recipient contributions are effective at ensuring compliance with applicable authorities and policy frameworks including those of both INAC and the Government of Canada. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks, and will include select management practices and controls that ensure compliance with relevant legislation, regulations, guidelines and policies. The scope of the audit may include program design, redesign and approvals, program implementation and program monitoring and reporting. A sample of regions will be included in the audit to provide assurance regarding regional controls for administering recipient contributions, e.g. evaluation and documentation of recipient and project eligibility, development of funding agreements and recipient monitoring and reporting. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Elementary and Secondary Education programming is material ($1.4B) and significant in terms of its importance to the achievement of strategic outcomes. It is important to stakeholders (FN people, communities, government) that service and outcomes improve and is a Government of Canada priority. Improvements are complex due, in part, to program renewal initiatives and challenges in meeting provincial/territorial standards. While the National Panel on Education recommended significant structural, funding, and legislative changes, efforts to reform education programs have not been successful to date. The last audit of these programs occurred in 2010. |
| Audit of the Emergency Management Assistance Program | Very High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of management controls supporting the implementation of the department's legislative responsibilities related to emergency management assistance and the control processes for administering emergency management assistance grants and contributions, including compliance with relevant program authorities and TB and INAC policy requirements. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks, and will include select management practices and controls that ensure compliance with relevant legislation, regulations, guidelines and policies. The scope will likely include an examination of the roles and responsibilities of the parties involved as well as a review of the appropriateness of the funding mechanisms used by the department to achieve program objectives. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Emergency management is a provincial/territorial responsibility; however, under the Emergency Management Act (EMA), each federal minister is responsible for identifying risks that are within or related to their area of responsibility and developing appropriate emergency management plans in respect of those risks. INAC works with provincial and territorial governments to ensure First Nations have access to comparable emergency assistance services available to other residents in their respective jurisdiction. The provinces are responsible for emergency management within their areas of jurisdiction and therefore have the expertise and capacity to deliver these services on behalf of INAC. Provinces are reimbursed for the provision of services to First Nations as outlined in existing federal provincial agreements. This program area is highly sensitive and of increasing importance due to the increase in natural disasters and related costs. Programming is very complex from a funding perspective due to multiple parties’ involved and complicated funding criteria. The Audit conducted in 2013 found that insufficient performance information was collected to support effective program design and decision-making, and that a more strategic approach to risk identification was required. Both internal and external audits have found weaknesses in defining the roles and responsibilities between the federal and provincial governments and First Nations. |
| Audit of the Implementation of Modern Treaty Obligations | Very High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of controls in place to support the Whole-of-Government Approach to the implementation of modern treaties. The specific objective and scope will be determined during the planning phase based on an assessment of risks and will be dependent upon the stage of implementation of the new program control framework. The scope will likely include an examination and assessment of the adequacy of the design of the program’s management control framework to ensure effective and efficient implementation of Modern Treaties and compliance with the new Cabinet Directive on the Federal Approach to Modern Treaty Implementation. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Implementation of Modern Treaties is very material ($740M) and successful implementation of modern treaty obligations requires a high degree of knowledge and relevant skill sets. There is significant downstream risk associated with estimation of costs for implementation and implementation itself. There is potential for very high legal risk if Canada fails to meet its treaty obligations, which could impact ongoing negotiations. High dependency risk exists because of the Department's lead in coordinating OGDs. In July, 2015, a Whole-of-Government Approach to the implementation of modern treaties and self-government agreements was announced and is being implemented to improve departments' and agencies' awareness of, and accountability for, their responsibilities under these important agreements. The Audit of the Implementation of Modern Treaties (2013-14) found that there were significant improvements in establishing foundational elements to manage and coordinate the federal responsibilities as outlined within the specific CLCAs/SGAs, however some areas for improvement were also required to better monitor and report on results and manage regional caucuses. The OAG has identified concerns regarding implementation. |
| Management Practices Review of the Quebec Region | Very High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Following the completion of the first round of Management Practices Reviews (MPRs), the Deputy Minister and the Audit Committee recommended that a summary report be prepared to highlight the strengths and weaknesses of the MPR process and to make a recommendation on whether the management practices review initiative should be continued. As a result of the analysis, a second round of management practices engagements, using a revised approach, was recommended by the Audit Committee and later approved by the Deputy Minister. As of November 2014, MPAs for all sectors and regions using the revised approach have been completed. In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
| Management Practices Review of the Alberta Region | Very High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Following the completion of the first round of Management Practices Reviews (MPRs), the Deputy Minister and the Audit Committee recommended that a summary report be prepared to highlight the strengths and weaknesses of the MPR process and to make a recommendation on whether the management practices review initiative should be continued. As a result of the analysis, a second round of management practices engagements, using a revised approach, was recommended by the Audit Committee and later approved by the Deputy Minister. As of November 2014, MPAs for all sectors and regions using the revised approach have been completed. In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
| Management Practices Review of the British Columbia Region | High |
The review will consist of assessing management practices and assisting in identification of challenges experienced by the Region. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. The specific objective and scope of the review will be determined during the planning phase based on an assessment of risks. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Following the completion of the first round of Management Practices Reviews (MPRs), the Deputy Minister and the Audit Committee recommended that a summary report be prepared to highlight the strengths and weaknesses of the MPR process and to make a recommendation on whether the management practices review initiative should be continued. As a result of the analysis, a second round of management practices engagements, using a revised approach, was recommended by the Audit Committee and later approved by the Deputy Minister. As of November 2014, MPAs for all sectors and regions using the revised approach have been completed. In consideration of starting a third round of management practices initiatives, AASB was asked by the Deputy Minister to propose a new approach, one that considers value-added, practical solutions to identified areas of improvement. In this new approach, AASB will focus its attention to the areas of highest need in terms of identified weaknesses in previous audits, reviews and other engagements. In addition, the review team will work with management in identifying options to appropriately and pragmatically delineate functions, roles, governance structures, and processes, as well as vetting these options for the "best fit" and developing a high-level implementation plan to manage these challenges. |
| Audit of Expenditure Management | High |
The preliminary objective of this audit will be to provide assurance regarding the adequacy and effectiveness of management controls supporting the management of departmental expenditures and that expenditures are processed in compliance with applicable Treasury Board and INAC policies and procedures and relevant regulations included in the Financial Administration Act. The specific objective and scope will be determined during the planning phase based on an assessment of risks and may include an examination of the effectiveness of controls over processing of expenditures implemented in the regional accounting and procurement hubs. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
INAC expenditures (excluding Grants, Contributions and Salaries) are financially material, amounting to over $700M on an annual basis and management of expenditures are an ongoing priority for the department. In recent years there has been increased public scrutiny in the areas of contracting, purchasing of goods and services, travel and hospitality and this has been a focus of studies and reports by the House of Commons Committee on Public Accounts and the Auditor General of Canada. Additionally, this is area of significant change as a result of the adoption of SAP, impacting financial management, procurement and material management department-wide, as well as the decentralization of accounting and procurement functions to regional hubs. |
| Follow-up Audit of Infrastructure on Reserves | High |
The 2014-15 Audit of On-Reserve Infrastructure (excluding Water and Waste Water) found that there were adequate and effective governance, risk management and internal controls in place to support the Department’s achievement of on-reserve community infrastructure objectives. Opportunities for improvement were noted to strengthen management controls in the following areas: the CFM program Management Control Framework, project monitoring, funding methodology and the Integrated Capital Management System. The 2016-17 audit will follow-up on and assess the implementation of the Management Action Plans identified in the 2014-15 Audit of On-Reserve Infrastructure (excluding Water and Waste Water). |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Funding for education facilities, housing and other infrastructure projects is significant (approximately $730M budgeted for 2013-2014). Capital funding is susceptible to reallocation by FN to cover their social program commitments or to maintain debts related to housing. As a result infrastructure projects are not made a priority and proper maintenance to the existing infrastructure is often not sustained, leading to premature obsolescence and potential environmental impacts. |
| Audit of the Additions to Reserve Process | High |
The preliminary objective of this audit will be to assess the adequacy and effectiveness of procedures and controls used to manage the Additions to Reserves (ATR) process, so that ATR submissions are prepared and completed as efficiently as possible, and comply with relevant program authorities, frameworks and Treasury Board and INAC policy requirements. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks. The scope will likely include an assessment of the effectiveness of governance and control processes for implementing and monitoring program activities in place at both Headquarters as well as at a sample of Regions. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
The Additions to Reserves Process is complex and can involve multiple considerations, including environmental, litigation, and communication issues. In June 2012, significant proposed changes to the ATR process, related to the Government of Canada's Deficit Reduction Action Plan, were announced. These changes include; the elimination of the Headquarters role in the ATR quality review process; the increased responsibility for quality review and control in Regional Offices; and the creation of regional support centres aimed at providing technical support. Given that the ATR process is managed by each individual INAC regional office and that as of December 2012, regional offices now play an even more important role in supporting ATR submissions, it is important that Regions interpret and apply the ATR Policy and related procedures in a consistent manner. |
| OCG Horizontal Internal Audit of Costing Information for Decision Making | High |
This preliminary objective of the audit will be to assess whether departments have implemented costing practices in line with the TBS Guide to Costing and related policy instruments. It will also look at aspects of the Chief Financial Officer attestation requirements. The scope of the audit will include key costing practices and processes in place within and across departments. Costing information for Cabinet decision making could be an area of focus. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
|
| Audit of the Urban Aboriginal Strategy Program | High |
The objective of the audit will be to assess the adequacy and effectiveness of the management control framework of the Urban Aboriginal Strategy Program and that controls for administering recipient contributions are effective at ensuring compliance with applicable authorities and policy frameworks including those of both INAC and the Government of Canada. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks, and will include select management practices and controls that ensure compliance with relevant guidelines and policies. The scope of the audit may include program design, redesign and approvals, program implementation and program monitoring and reporting. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
The Urban Aboriginal Strategy was developed to better support the participation of urban Aboriginal people in the Canadian economy, and recognizes the crucial role played by urban Aboriginal organizations across Canada in accomplishing this. In 2014, the department announced a consolidated and streamlined Urban Aboriginal Strategy with two components, the Urban Partnerships Program and the Community Capacity Support Program. While the programs are of moderate materiality, they are of significant importance to Urban Aboriginals as off-reserve Aboriginal people constitute the fastest growing segment of Canadian society. There is a high degree of dependence as the programs are delivered by both Aboriginal and non-Aboriginal recipients. |
| Audit of Performance Measurement and Reporting | High |
The preliminary objective of the audit is to provide assurance that departmental performance measurement and reporting frameworks are adequate and effective to appropriately monitor, measure, evaluate and report on the performance of departmental programs and services. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks, and may include select management practices and controls that ensure compliance with relevant Treasury Board and departmental policies, directives and guidelines including ensuring that performance measurement and reporting is consistent with and supports the department's MRRS. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
This is an area of significant interest and concern to both Central Agencies and the Department. Significant work has been done in recent years to improve the INAC MRRS including rationalization of Departmental Authorities, and changes to the PMF and Program Performance Measurement Strategies. While national and regional performance measurement strategies are in development to refocus on results, many are not yet fully defined and agreed upon. As well, Recipient reporting requirements are not always well aligned with program performance measures. Evaluation completed a review of Performance Measurement in recent years that identified significant gaps which are systematically being addressed. As well, the OCG Horizontal Internal Audit of Compliance with the Policy on Management, Resources and Results Structures (2013) found that INAC should improve MRRS performance measures in support of planning and decision-making. While INAC had created Performance Measurement Frameworks (PMFs) and is collecting performance data, departmental performance measurement processes did not provide the information needed to assess how programs are achieving their expected results. |
| Audit of Human Resource Staffing and Planning | High |
The preliminary objective of the audit is to assess the adequacy and effectiveness of the departments’ human resource planning framework to support INAC’s staffing and recruitment needs. The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks, and may include key management practices and controls that ensure the effective integration of business and human resource plans and that staffing and recruitment strategies and plans are appropriate to meet human resource needs and are compliant with relevant Treasury Board and departmental policies, directives and guidelines. |
Maps to Program Alignment Architecture
Maps to Corporate Risk Profile
Human Resource Planning is an area of high complexity in terms of identifying future requirements, establishing plans to address them, and implementing resourcing strategies and Human Resource Capacity has been identified as an ongoing area of high risk for the department. A number of ongoing issues have impacted the department’s ability to attract and retain qualified resources and there are concerns with the length of time required to hire new staff and the complexity of the processes. Recent and projected departure rates have created a loss in corporate knowledge. There has not been an audit since 2008-09 however a Management Practices Audit of this area (Nov 2013) noted the need for a formal process to report performance against service standards, to solicit feedback from clients and to report results to management. |
Appendix E – Changes to the Audit Plan
Ongoing Audits
The resource implications of audit projects that began in 2015-2016, but were not completed within that period are identified below as ongoing audits from the 2015-2016 Risk-Based Audit Plan.
| 2016-2017 Ongoing Audits | Expected Completion Date |
|---|---|
| System Under Development Audit of the Secure Integrated Registration and Certification Unit (SIRCU) | Q2 2016-2017 |
| Audit of the On-Reserve Housing Program | Q1 2016-2017 |
| Audit of INAC Support to the Specific Claims Process | Q1 2016-2017 |
| Audit of the Management Control Framework for Grants and Contributions 2015-2016 | Q2 2016-2017 |
| Audit of Acquisition Cards, Travel, and Hospitality | Q1 2016-2017 |
| Audit of Values and Ethics | Q1 2016-2017 |
Removed, Deferred or Added Audit
The table below identifies all the changes from the 2015-2016 to 2017-2018 Risk-Based Audit Plan.
| Audit Name and Year Planned | Rationale |
|---|---|
| Audit of the Additions to Reserve Process (2015-2016) | This audit is postponed to 2016-2017 to ensure maximum value. |
| Audit of the Indian Registration System (2016-2017) | This audit is postponed to 2017-2018. |
| Audit of the Water and Wastewater Infrastructure Program (2016-2017) | This audit is postponed to 2017-2018. |
| Audit of the Education Facilities Program (2016-2017) | This audit is postponed to 2017-2018 as the Follow-up Audit of Infrastructure on Reserves is being conducted in 2016-2017. |
| Audit of Lands Management (incl. Lands Registry System) (2016-2017) | This audit is postponed to 2017-2018. |
| Audit of Economic Development Programs (2016-2017) | This audit is postponed to 2017-2018. |
| Audit of IM/IT Governance (2016-2017) | This audit is postponed to 2017-2018. |
| Audit of Métis Relations and Rights Management, and Non-Status Indian Relations Program (2017-2018) | This audit is postponed to 2018-2019. |
| Audit of Negotiation of Comprehension Land Claims and Self Government Agreements (2017-2018) | This audit is postponed to 2018-2019. |
| Audit of Nutrition North Canada (2017-2018) | This audit is postponed to 2018-2019. |
| Audit of Occupational Health and Safety (2017-2018) | This audit is postponed to 2018-2019. |
| Audit of Contaminated Sites Program (2017-2018) | This audit is postponed to 2018-2019. |
| Audit of Performance Measurement and Reporting (2017-2018) | Due to this audit being considered a high priority, it was accelerated to 2016-2017. |
| Audit of HR Staffing and Planning (2017-2018) | Due to this audit being considered a high priority, it was accelerated to 2016-2017. |
| Management Practices Review of the British Columbia Region (2017-2018) | Due to this audit being considered a high priority, it was accelerated to 2016-2017. |
| Audit of the Elementary and Secondary Education Program (2017-2018) | Due to this audit being considered a very high priority, it was accelerated to 2016-2017. |
| Audit of Corporate Business Planning (2016-2017) | As this project is no longer considered a high priority, it was removed from the plan. |
| Audit of Consultation and Accommodation (2017-2018) | As this project is no longer considered a high priority, it was removed from the plan. |
| Audit of Information Technology (2017-2018) | This audit has been removed from the plan and replaced by the OCG Horizontal Internal Audit of Information Technology Security (Phase II) in 2017-2018. |
| Audit Name and Year Planned | Rationale |
|---|---|
| Audit of Expenditure Management (2016-2017) | Due to this audit being considered a very high priority, it is being added to the Plan for 2016-2017. |
| Follow-up Audit of Infrastructure on Reserves (2016-2017) | This audit was added due to the postponement of the Office of the Auditor General audit of infrastructure on reserves. |
| Senior Management Requested Audit(s) (2016-2017) | This audit is being added to accommodate senior management requests that may arise during the year. |
| Management Practices Review of the Nunavut Region (2017-2018) | Due to this audit being considered a very high priority, it is being added to the Plan for 2017-2018. |
| Management Practices Review of the Northwest Territories Region (2017-2018) | Due to this audit being considered a very high priority, it is being added to the Plan for 2017-2018. |
| Audit of Litigation Management (2017-2018) | Due to this audit being considered a high priority, it is being added to the Plan for 2017-2018. |
| Audit of the Family Violence Prevention Program (2017-2018) | Due to this audit being considered a very high priority, it is being added to the Plan for 2017-2018. |
| Audit of Post-Secondary Education Program (2017-2018) | Due to this audit being considered a very high priority, it is being added to the Plan for 2017-2018. |