ARCHIVED - Risk-based Audit Plan 2008-2009 to 2010-2011

Notice

This website will change as a result of the dissolution of Indigenous and Northern Affairs Canada, and the creation of Indigenous Services Canada and the eventual creation of Crown-Indigenous Relations and Northern Affairs Canada. During this transformation, you may also wish to consult the updated Indigenous and Northern Affairs home page.

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Date: June 27, 2008

PDF Version (311 Kb, 33 Pages)




This document represents the three-year Risk-based Audit Plan of Indian and Northern Affairs Canada for 2008-2011.

The plan was reviewed by the Audit and Evaluation Committee (AEC) at its April 25, 2008 meeting and, upon the recommendation of the Committee, subsequently approved by the Deputy Minister.

On June 1, 2008 the former Indian Residential Schools Resolution Canada (IRSRC) department became part of Indian and Northern Affairs Canada. As a consequence, the Audit and Evaluation Committee at its June 27, 2008 meeting approved the Chief Audit and Evaluation Executive's recommendations with respect to incorporating appropriate Resolution Sector (IRS) audit coverage into this Risk-based Audit Plan.

In preparing the 2009-2012 Audit Plan, a complete identification and risk assessment of Resolution Sector auditable units will be completed.

The plan focuses primarily on the provision of assurance services to Indian and Northern Affairs Canada's AEC and Deputy Minister while ensuring that appropriate audit attention is directed to addressing areas of government-wide interest, such as fundamental controls and financial reporting, as directed by the Office of the Comptroller General (OCG).

The plan is intended to support an annual opinion from the Chief Audit and Evaluation Executive (CAEE) on departmental governance, risk management and control processes.

Table of Contents


Introduction

Background

The Audit and Assurance Services Branch within Indian and Northern Affairs Canada (INAC) is engaged in achieving full compliance by April 1, 2009 with Treasury Board's (TB) Internal Audit Policy.

The 2006 Internal Audit Policy places considerable emphasis on:

This second three-year audit plan is a fundamental element of the new mandate, providing a strong and credible audit regime that contributes to effective risk management, sound resource stewardship and good governance in the delivery of Indian and Northern Affairs Canada's programs and activities.

Scope of the Internal Audit Function

The internal audit function plays an important role in supporting departmental operations. It provides assurance on all important aspects of risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive insight and recommendations for the strengthening of operations. In this way, internal audit contributes to enhanced accountability and performance.

The Government of Canada's standards for the professional practice of internal audit stipulate that the role of internal audit is to provide assurance that the system of internal control is adequate and effective to manage risk at a level that is acceptable to management. In this way, the internal audit function will provide the Deputy Minister and the Audit and Evaluation Committee with confidence that the risks to their objectives are being managed effectively. The internal audit function has a vital role to play in supporting the principles of modern comptrollership.

Internal control is defined broadly and encompasses those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support the achievement of the organizational objectives.

The scope of the internal audit function is broad and includes those systems of internal control that are in place to achieve the following objectives:

Risk-based Audit Planning

In preparing this second three year audit plan within the context of the 2006 Treasury Board Internal Audit Policy, the Audit and Assurance Services Branch employed the same risk-based planning methodology as developed for the 2007-2010 Plan. The methodology is described below and is consistent with professional standards for the development of risk-based audit plans.

The methodology consists of:

  1. Identification of Auditable Units based upon an analysis and grouping of INAC's potential audit universe of programs, corporate functions, and authorities. A list of the auditable units is included as Appendix A.
  2. Risk Assessment of each auditable unit in terms of its significance, complexity, and sensitivity, using a scale of 1 to 5 for each factor where 1 is low risk and 5 is high risk. Those auditable units marked with an asterisk in Appendix A are not currently ranked as having sufficient risk to be included in the Three Year Plan.
  3. Recommendation of Audit Projects that would be most appropriate to address the highest risk areas on a priority basis.

While employing the same methodology to ensure consistency over time, care was taken to:

In the case of auditable units for which there has been little or no recent relevant audit or evaluation activity, the Branch will continue to undertake preliminary surveys as a first step in the audit process to identify the management control framework as well as potential risks that would be suitable for audit attention.

The Branch will also continue the practice of recommending a small number of audit projects that examine key issues or risks from a horizontal or cross boundary perspective.

Consultations with INAC Management

Consultations were held with the senior management of all sectors in INAC to explain and verify the identification of auditable units and to present the recommended audit projects that affect their sector or their interests as corporate managers.

The Three-Year Audit Plan

Based on the results of the risk-based prioritization of auditable units, a formal three-year audit plan has been developed, taking into consideration the known planned activities of external parties. The Three-Year Audit Plan (Table 1) sets out the recommended projects over the period from 2008-2009 to 2010-2011.

Prior to each subsequent fiscal year, the risk assessment of auditable units and the identification of projects will be updated to ensure that audit attention continues to be devoted to those areas of greatest risk that are suitable for examination.

The audit plan for 2008-2009 is presented in Table 2 with each project described in terms of its nature, its objective, its estimated timeframe, and its rationale. Regional coverage for each project will be determined as part of the planning phase.

The status of audit projects which began in 2007-2008 but have not been substantively completed is identified as carried forward in Table 3. Projects from the 2007-2008 Audit Plan which had not begun, e.g. due to unavailability of suitable contractors or contracting vehicles, and which are still considered as high priority have been included in the 2008-2009 Plan in Table 2.

Return to Table of Contents


Table 1 - Three-Year Audit Plan

Auditable Unit Risk Profile 2008-2009 Audit Project 2009-2010 Audit Project 2010-2011 Audit Project
Departmental Programs
Self Government/Claims High risk: significant materiality including contingent liabilities, highly complex to negotiate and implement, highly sensitive due to time and resources invested, new specific claims process to be implemented. Preliminary Survey for Audit of Self Government, including Comprehensive Claims Audit of Specific Claims Audits
(Scope TBD)
Band Support Funding Moderate risk: significant materiality, moderately complex, potentially sensitive if funding misused Audit of Band Support Funding    
Capacity Development High risk: moderate relative materiality (>$100 million) but significant impact on INAC's agenda and highly complex due to numerous initiatives; sensitive to public if results not evident Audit of Capacity Development (Carry Forward from the 2007-2008 Plan)    
Capital Facilities and Maintenance High risk: major materiality (approaching $1 billion) with significant infusion, highly complex delivery model, sensitive to beneficiaries and public     Audit (Scope TBD)
Economic Development High risk: moderate relative materiality with significant challenges of refocusing programming, inherently highly complex to pick "winners" in multi-jurisdiction environment, moderate sensitivity if failures highlighted Preliminary Survey for Audit of Economic Development – Non Proposal Driven Audit (Scope TBD) Audit of Proposal Driven Programming
Office of the Federal Interlocutor (OFI) and Urban Aboriginal Strategy (UAS) Moderate risk: lower relative materiality, however, highly complex due to challenges of mandate, expanded Urban Aboriginal Strategy and central agency interest. Internal audit in 2007-08 found controls essentially in place. UAS contributions excluded from 07-08 Audit Scope     Audits of OFI Contribution Programs (focusing on Urban Aboriginal Strategy)
Emergency Low risk: normally low materiality, some complexity in implementing appropriate responses, low sensitivity unless responses mismanaged   Audit of Emergency  
Natural Resources and Environmental Management Moderate risk: lower relative materiality with potentially increased significance due to contingent liabilities, complex because of competing demands – environment vs. development, public sensitivity if environment threatened Preliminary Survey for Audit of Natural Resources and Environmental Management Audit
(Scope TBD)
 
Child and Family Services High risk: significant materiality, highly sensitive to beneficiaries and public, complex and challenging delivery models; OAG audited in 2007-08     Audit of Child and Family Services (Enhanced Prevention Focused Approach)
Income Assistance High risk: major materiality, highly sensitive to public – living conditions and potential for abuse; decentralized and devolved delivery; program being revitalized (e.g. active measures) and Preliminary Survey in 07-08 identified need for strengthened control framework   Audit of Income Assistance  
Elementary and Secondary Schools and Other Education High risk: major materiality (> $1 billion), sensitive to beneficiaries and public, challenge to meet standards and improve results, renewal underway, e.g. enhanced accountability Audit of Elementary and Secondary Schools and Other Education    
Post Secondary Education High risk: significant materiality, more complex delivery than elementary/secondary education, sensitive to beneficiaries (demand) and public Audit of Post Secondary Education (Carry Forward from the 2007-2008 Plan)    
Family Violence and Other Social Services Low risk: moderate materiality, some complexity due to number of authorities, little specific sensitivity   Audit of Family Violence and Other Social Services  
Registration and Membership High risk: low direct materiality but highly significant in terms of potential impacts, complex to determine eligibility, highly sensitive in the event of fraud or abuse, roll out of new CIS-IRS System Under Development Audit of CIS-IRS System Under Development Audit of CIS-IRS, continued  
Grants and Contributions Horizontal Departmental Controls High risk: highest materiality and significance representing approximately 85% of INAC budget, highly complex and sensitive (variety of authorities and delivery mechanisms) Audit of Intervention Policy and Quality Assurance (Carry Forward from the 2007-2008 Plan)

Recipient Audit Framework
Horizontal Departmental Audit – (Scope TBD) Horizontal Departmental Audit – (Scope TBD)
Corporate Functions
Financial Planning and Budgeting High risk: significant since no basis in place for the preparation of budgeted allocations, complex in a decentralized organization, highly sensitive once basis of allocation established and resulting competition for resources.   Audit of Financial Planning and Budgeting  
Financial Forecasting Moderate risk: potentially significant particularly at year-end, complex in a decentralized organization, little sensitivity.     Audit of Forecasting
External Reporting – Financial Statements Audit Readiness (including: Public Accounts, Audited Financial Statements, DPR/RPP, Proactive Disclosure, Contingent Liabilities) High risk: high degree of sensitivity because OAG and TBS are interested, highly complex because of decentralized organization and tight timeframes. Audit of Liabilities Audit (Scope TBD) Audit (Scope TBD)
Delegation of Financial Authority Low risk: low significance since currently in reporting phase under OCG horizontal audit. Activity is of little complexity although enforcement can be somewhat challenging. Limited sensitivity as primarily an internal to government issue.     Audit of Delegation of Financial Authority
Expenditure Management High risk: highly significant due to potential weakness of internal controls, highly complex because of decentralized organization, highly sensitive due to nature of some expenditures (e.g. hospitality). Audit of Expenditure Management Monitoring Audits of Travel and Hospitality

Audit of Procurement and Contracting
 
Fraud Risk and Control Strategies Moderate risk: moderate significance and complexity although included in OCG's horizontal audit, highly sensitive due to media attention.   Audit of Fraud Risk and Control Strategies Audit of Assets and Property Management
Assets and Property Management Moderate risk: moderate significance due to INAC's challenge in documenting its own assets; moderate complexity as policies and procedures exist governing expected practices; somewhat sensitive if existence of some assets cannot be determined.      
Revenues High risk: area may have significance if revenues not maximized; can be complex if numerous sources of revenue and need to ensure proper receipt and credit; not normally sensitive unless failure to collect revenues owed becomes a public issue. Audit of Revenue Management    
Trust Accounts High risk: significant custodial responsibility with high degree of sensitivity among First Nations; moderately complex to track and manage accounts. Preliminary Survey for Audit of Trust Accounts Audit
(Scope TBD)
 
Loans, Loan Guarantees and Accounts Receivable Moderate risk: function can be quite significant if large dollar value of loans and accounts receivable not actively managed to ensure timely receipt; moderate complexity in determining estimates on allocation; moderate sensitivity if INAC not seen as managing funds well.   Audit of Loans, Loan Guarantees and Accounts Receivable  
Human Resource Planning and Resourcing High Risk - Significant in that INAC is facing serious workforce shortages and competition for skilled workers in some areas; coupled with challenges in capacity issues in human resources; can be quite complex in terms of identifying future requirements, establishing plans to address them, and implementing resourcing strategies in a complex and controlled environment; initiatives are underway however, still at an early stage; can be sensitive with respect to Aboriginal recruitment. Audit of Staffing and Payroll for Non-Advertised Appointments and Acting Appointments Audit of Human Resource Planning, Resourcing and Leadership Development Audit of Advertised Appointments
Organizational Design and Classification Low Risk - Activity relates indirectly to achievement of INAC's objectives; moderate complexity to achieve most effective structures and appropriate levels; classification modernization underway with conversions to generic job descriptions for various groups such as the EC group; capacity issues for Classification Advisors; little sensitivity as primarily an internal issue.     Audit of Organizational Design and Classification
Learning and Development Medium Risk - Can be significant if next generation of managers/leaders not adequately trained; activity not complex on its own but some complexity introduced because of challenges in obtaining commitment and ensuring learning occurs; little sensitivity as an internal activity; employees may be dissatisfied if opportunities not made equitably available.     Audit of Training and Development
Security Moderate Risk – potentially significant to achievement of INAC business objectives if employees and assets not adequately safeguarded; can be complex to keep abreast of threats and in the conduct of threat risk assessments; highly sensitive if major threats or security violations occur.   Audit of Personnel and Physical Security Audit of IT Security
IM/IT Governance High risk: highly significant because of potential impacts on program delivery and corporate services; highly challenging for senior management to establish a governance regime that can set priorities and meet competing demands; sensitive if needs not met   Audit of IM/IT Governance  
IM/IT Applications Moderate risk: potential for significant impact if corporate or program systems not reliable or effective; system development can be quite complex; sensitivity usually moderate Post-Implementation Audit of First Nations and Inuit Transfer Payment System

Preliminary Survey for Audit of PeopleSoft (may be System Under Development in nature)
Audit of Systems Under Development or Application in Place – Enterprise Data Warehouse, Specific Claims Data Base Audit of Systems Under Development or Application in Place – Financial Systems
Information Management Moderate Risk – potentially significant in terms of achieving efficient and effective information management to support program and service delivery; complex to implement consistently across a large decentralized organization; not normally sensitive unless breaches occur. Audit of Information Management (CIDM focus)    
Strategic Policy and Planning Fairly high risk: function can be significant in terms of determining and achieving INAC policies and programs; highly complex in terms of identifying, obtaining, and effectively utilizing required inputs; relatively low sensitivity unless proposals generate discussion. Preliminary Survey for Audit of Strategic Policy and Planning Audit
(Scope TBD)
 
Official Languages Low Risk - Activity relates indirectly to achievement of INAC's objectives; little complexity to adopt existing policies yet practice can result in lapses in a large organization; moderate sensitivity, especially among Francophone community.     Audit of Official Languages
Entity Level Controls High risk: entity level controls with potentially significant indirect impacts across INAC; highly complex to inculcate across a large decentralized organization, failure can result in high sensitivity; directly linked to Internal Audit Policy requirements      
Complaints and Allegations Moderate risk: moderate complexity to determine facts and appropriate course of action; significant in terms of INAC's integrity and responsiveness   Post Implementation Audit of Forensic Audit Policy and Revised Complaints and Allegation Policy  
Continuity of Operations Normally, activity relates only indirectly to achievement of INAC objectives; complexity revolves around challenge of maintaining plans current; sensitivity low except in the case of a major failure     Audit
(Scope TBD)
Communications Moderate risk: indirectly significant to achievement of INAC objectives; complex to communicate consistent messages across a large decentralized organization and with numerous stakeholders; sensitive when attention focused on INAC   Preliminary Survey For Audit of Internal and External Communications Audit of Communications
(Scope TBD)
Management Practices
Regions Potential disconnects between strategic direction and program implementation in highly decentralized organization Management Practices Reviews – B.C., SASK, ONT, QUE, NWT, NUNAVUT Audit of Management Practices
(Scope TBD)
Audit of Management Practices
(Scope TBD)
Headquarters Sectors Sectors are key to providing effective policy framework and direction to regions and for setting the tone at the top Management Practices Reviews, LTS, NA, AED, SEPRO, TAG Audit of Management Practices – Remaining Sectors/Key Branches Audit of Management Practices
(Scope TBD)

Return to Table of Contents


Table 2 - Audit Projects for 2008-2009

Audit Project Audit Objective Timeframe Rationale
Audits
Audit of Capacity Development (Carry Forward from the 2007-2008 Plan) Provide assurance that Capacity Development programs and authorities are being implemented in a well controlled and coordinated manner and in accordance with approved authorities and terms and conditions. Spring 2008
  • Capacity of First Nations a critical element in implementing INAC's change agenda
  • Complexity arises from the number of different programs and initiatives
  • Significant cumulative resources
Grants and Contributions – Horizontal Departmental Controls – Audit of the Intervention Policy and Quality Assurance (Carry Forward from the 2007-2008 Plan) Provide assurance to senior management that:
  • appropriate quality assurance policies and procedures … are efficiently and effectively implemented
  • risks to the achievement of program objectives are effectively mitigated
  • the Intervention Policy is implemented and followed as appropriate
  • the management control framework for the implementation of the Intervention Policy is adequate to ensure that public funds are used for the intended purpose
  • regular assessments are undertaken of third party manager performance and corrective action is taken where required.
Spring 2008
  • Highest risk area comprising approximately 85% of expenditures with high degrees of reputational and public awareness sensitivity and complex inter-relationships and delivery mechanisms
  • Annual audit activity to focus on horizontal assessment of key controls to contribute to a holistic opinion
  • Recent audit and management practices review work has identified concerns related to the audit scope areas
Audit of Post Secondary Education (Carry Forward from the 2007-2008 Plan) Provide assurance as to the adequacy and effectiveness of the management control framework of the program and of controls for managing related contribution agreements. Spring 2008
  • Investment of resources exceeds $300 million
  • Complex due to wide range of post secondary options
  • Majority of program delivered directly by First Nations or their administering organizations
Financial Audit of Settlement Allotment Provide Assurance that expenditures recorded were for valid purposes Spring 2008
  • TB audit requirement of IRSRC
Audit of Staffing and Payroll for Non-Advertised Appointments and Acting Appointments Provide assurance that core values and principles are being respected and that policies are being complied with. Spring 2008
  • High risks associated with these types of appointments and the establishment of appropriate pay and benefits
Audit of Band Support Funding Provide assurance on the adequacy and appropriateness of the management control framework Summer 2008
  • Significant resource investment with a moderate degree of complexity (transfer to First Nations)
  • Sensitive in that potential exists for misuse of funding
  • Follow-up on previous audits may not have been sufficiently diligent
  • Authority expiring in March 2010 for Band Support Funding
Audit of Expenditure Management Monitoring Provide assurance on the adequacy and effectiveness of departmental controls for monitoring and managing expenditures on a risk-informed basis, including both transfer payments and operational expenditures. Fall 2008
  • Very significant as covers all of the department's expenditures and directly impacts the speed of funding flow to First Nations and individuals, e.g. Catholic and No-Prejudice top-ups and Common Experience Payments
  • TB Policy requires departments to perform risk-based monitoring of expenditures to enable pos-payment verification to the extent possible
Audit of Information Management (CIDM focus) Provide assurance that information is created, stored and managed in accordance with government policy and standards Fall 2008
  • Survey of IM/IT Applications identified CIDM as a major risk area
Post-Implementation Audit of First Nations and Inuit Transfer Payment System Provide assurance that the system has been implemented as intended, is fulfilling its objectives, and has appropriate controls. Fall 2008
  • System under Development Audit in 2006-07 recommended a post-implementation audit
  • Key system supporting expenditure of billions of dollars of grant and contribution funding
Audit of Elementary and Secondary Schools and Other Education Provide assurance as to the adequacy and effectiveness of the management control framework of the program and of controls for managing related contribution agreements. Winter 2009
  • Significant level of materiality (> $1 billion)
  • Sensitive to beneficiaries and public
  • Challenges to meet standards and improve results.
  • Renewal currently underway
Audit of Liabilities Provide assurance on the adequacy and effectiveness of controls for accurately quantifying and reporting liabilities and contingent liabilities. Winter 2009
  • The department's claim and environmental liabilities are collectively very material (>$10 billion)
  • Contingent liabilities are inherently difficult and complex to estimate
  • Very little internal audit work has been completed in this area
Audit of Revenue Management Provide assurance that INAC revenues are adequately identified, recorded and received Winter 2009
  • Function can be quite significant if revenues due are not received in a timely manner
  • An important component of Financial Readiness
System Under Development Audit of CIS-IRS Provide assurance that implementation of the new Certificate of Indian Status card includes appropriate controls as recommended by earlier audit and Threat Risk Assessment studies Dependent Upon Project Status
  • Security over card issuance is highly sensitive due to potential benefits associated with the card, e.g. transborder travel, health, tax
  • Roll-out of new card may require significant shift in roles and responsibilities
Preliminary Surveys
Preliminary Survey for Audit of Self Government, including Comprehensive Claims Document the sector's programs, activities and risks and recommend objectives and priorities for future audits of claims and self government (survey to exclude specific claims as this process already covered) Spring 2008
  • Claims and self government activities are significant  to the achievement of the department's objectives and are financially material
  • No recent audits have been completed by AES
Preliminary Survey for Audit of Trust Accounts Document the sector's programs, activities and risks and recommend objectives and priorities for a future audit(s) of trust accounts Spring 2008
  • Management of trust accounts is a sensitive activity to First Nations
  • AES has little knowledge of departmental processes for managing trust accounts and needs to identify areas of risk and key control points to support scoping of a future audit
Preliminary Survey for Audit of Economic Development – Non Proposal Driven Identify associated risks, determine whether the management control framework is adequate to mitigate them, and recommend whether additional audit work is required. Spring 2008
  • New Aboriginal Economic Development Framework under development; audit could inform on a timely basis
  • Audit of Community Economic Development has identified potential weaknesses in management control framework related to proposal driven funding
Preliminary Survey for Audit of Natural Resources and Environment Management Prepare the Audit and Assurance Services Branch to carry out audits of the numerous programs, authorities and responsibilities related to Natural Resources and Environmental Management Summer 2008
  • Significance increased beyond dollar value in light of potentially large contingent liabilities for contaminated sites
  • Some complexity because of competing demands between development (oil and gas, mining) and protection of environment and traditional practices and variety of authorities
  • Although public unlikely aware of specific initiatives, environment is currently very sensitive
Preliminary Survey for Audit of PeopleSoft Determine whether the existing management control framework is adequate to support upgrading or whether additional audit attention is required. Summer 2008
  • Survey of IM/IT Applications identified People Soft as a major risk area
  • Given intention to implement an upgrade, project may take the form of a system under development audit
Preliminary Survey for Audit of Strategic Policy and Planning Identify the mandates and scope of Strategic Policy and Planning, determine associated risks, and document the management control framework Fall 2008
  • Preliminary survey required to identify risks, document management control framework, and recommend whether audit work can and should be meaningfully conducted.
Other Initiatives
Forensic Audit Policy Implement a Forensic Audit Policy framework that supports accountability for use of public funds Spring 2008
  • Audit and Evaluation Committee accepted reports and draft policy at the February 2008 meeting and recommended development of full framework of policy and procedures
Update of the Corporate Risk Profile Facilitate a process that will result in an updated Corporate Risk Profile and a framework for improved integration of risk management across INAC Spring 2008
  • Treasury Board Management Accountability Framework Assessment noted that Corporate Risk Profile has not been updated since 2005
Values and Ethics – An Organizational Risk Assessment Identify and assess the impacts of contribution funding associated values and ethics risks in terms of management controls and make recommendations to address gaps Spring 2008
  • Report on Review of Entity Level Controls (a component of Financial Readiness project) identified as a higher risk area that relationships between regions and HQ and regions and aboriginal people create a complexity that dilutes and compromises the accountability and objectivity of departmental staff
Recipient Audit Framework Develop an approach to implementing recipient audit in INAC in conjunction with other federal funders Ongoing
  • Strengthened "Right to Audit" clause being implemented July 1, 2008 to improve compliance with Policy on Transfer Payments
  • Risk-based Framework required to determine which recipients to be audited
  • In support of the Blue Ribbon Panel, INAC will take the lead in inviting other funders to reduce audit burden by undertaking joint audits
Management Practices Reviews (LTS, TAG, AED, SEPRO, NAP, BC, SK, ON, PQ, NWT, NUNAVUT) Review the management practices of INAC's Regions and Sectors to identify best practices and control weaknesses in the specific areas within scope Throughout 2008-09
  • Will serve to inform risk-based resource allocation of the internal audit function for future audits of departmental management practices, in support of the CAEE's annual holistic opinion on the adequacy of risk, management control, and governance processes.
  • Scope of the reviews to include strategic and operational planning, risk management, human resources management, co-ordination of programs and activities, active monitoring, results-based performance measurement and reporting, management of contribution programs, and financial management.

Return to Table of Contents


Table 3 – Carry Forward from the 2007-2008 Plan1

Audit Project Audit Objective Status as of April 30 Rationale Resource Requirements
Follow-up of Aboriginal Business Canada Provide assurance regarding the implementation of the management action plan Planning Phase
  • Project delayed due to lack of availability of a suitable contractor
  • $25,000
Capital Facilities and Maintenance Provide assurance on the adequacy and appropriateness of the management control framework Fieldwork
(80% Complete)
  • Project slightly delayed due to challenges in scheduling fieldwork
  • $50,000
Community Economic Development Provide assurance to senior management that:
  • appropriate policy, procedures and tools are developed
  • funding requests are assessed in a timely, fair and transparent manner
  • formal agreements are established
  • project activities are monitored
  • program activities are monitored
Reporting
  • At the September 28, 2007 meeting, the Audit Committee accepted the Terms of Reference for this national audit which has been added to the Plan to address senior management concerns identified through management practices reviews and monitoring
  • $30,000

Performance of the Audit Engagements

The Audit and Assurance Services Branch will carry out the approved 2008-2009 audit engagements on a systematic basis. Having laid a solid foundation with the implementation of the 2007-2008 Plan and the establishment of a limited number of firms pre-qualified to provide audit services on a priority and timely basis, the Audit and Assurance Services Branch is well positioned to initiate and complete projects on a timely basis.

Audits will be carried out in accordance with the Professional Standards for Internal Audit as outlined in the TB Policy on Internal Audit.

Modification to the Plan

The risk-based audit plan will be updated, where justified on the basis of risk and urgency, as departmental and governmental risks evolve. Modifications to the plan will be presented at AEC meetings and submitted to the Deputy Minister for approval. As part of its ongoing monitoring of implementation of management action plans, the Audit and Assurance Services Branch may decide to conduct formal audit follow-up activity.

The Audit and Assurance Services Branch will also continue to monitor the scope and timing of external audits (e.g. OAG, OCG, Public Service Commission, Office of the Commissioner of Official Languages) in order to optimize coverage and minimize duplication of effort.

Level of Activity and Direct Resource Requirements

The Three-Year Plan identifies that approximately 20 audit projects will be carried out on an annual basis. While the level of audit effort will vary from project to project, it is the Audit and Assurance Services Branch's professional opinion that this level of activity is the minimum necessary to provide adequate and meaningful risk-based coverage of the programs and corporate functions of INAC and to meet the requirements of the Treasury Board Policy. Appendix B illustrates how the audit projects proposed for 2008-2009 will provide coverage of the Management Accountability Framework elements.

The Branch has been advised that this level of activity is commensurate with that required and undertaken in other government departments of similar size.

For purposes of identifying initial resource requirements, the Audit and Assurance Services Branch has assumed, based on experience, that its average portfolio of twenty audit projects will normally be comprised of 4-5 large projects at an expected cost of $250,000 each (in contract dollar terms), 6-8 medium size projects with an expected cost of $150,000 each, and 6-8 small projects with an expected cost of $75,000 each. These assumptions result in an annual requirement for a budget equivalent to approximately $3,000,000 in contract funds (exclusive of the costs of forensic and recipient audits). Due to delays in implementing the 2007-2008 Plan the Branch is carrying-forward a number of projects. To avoid a one-time shortfall, recommended audit average has been adjusted over the three years of the Plan. Appendix C details the anticipated costs of audit projects in 2008-2009.

Return to Table of Contents


Infrastructure and Non-Core Resource Requirements

In addition to the resource requirements for the carrying out of audit projects, the Audit and Assurance Services Branch also faces significant demands on its existing resource base to:

Challenges to Achievement of the Audit Plan

The Audit and Assurance Services Branch recognizes that its recommended Plan continues to be very ambitious, but believes that it is essential to achieving full compliance with the Internal Audit Policy by April 1, 2009.

The extent to which the Branch is able to achieve full implementation of the Plan is dependent, however, on a number of factors:

The Audit and Assurance Services Branch will continue to provide an update to the Audit Committee at each of its meetings on the progress it is making in implementing the Plan and the challenges it is facing in so doing.

Appendix A – Auditable Units

Departmental Programs

  1. Self Government/Claims
  2. Band Support Funding
  3. Capacity Development
  4. Capital Facilities and Maintenance
  5. Economic Development
  6. Office of the Federal Interlocutor and Urban Aboriginal Strategy
  7. Emergency
  8. Natural Resources and Environmental Management
  9. Child and Family Services
  10. Income Assistance
  11. Elementary and Secondary Schools and Other Education
  12. Post Secondary Schools
  13. Youth Employment Strategy*
  14. Family Violence and Other Social Services
  15. Registration and Membership
  16. Northern Air Stage Funding Subsidy (Food Mail)*

Corporate Functions

Financial Management

  1. Financial Planning and Budgeting
  2. Forecasting (Management Variance Reporting)
  3. External Reporting
    1. Public Accounts
    2. Audited Financial Statements
    3. DPR/RPP
    4. Proactive Disclosure
    5. Contingent Liabilities
  4. Delegation of Financial Authority
  5. Expenditure Management
    1. Procurement and Acquisition Cards
    2. Contracting
    3. Travel and Expenditure Claims
    4. Hospitality
    5. Memberships
    6. Compliance Monitoring
    7. Settled Claims
  6. Fraud Risk and Control Strategies
  7. Assets and Property Management
  8. Revenues
  9. Trust Accounts
  10. Loans, Loan Guarantees, and Accounts Receivable

Human Resources Management and Services

  1. Planning and Resourcing
    1. Human Resource Planning
    2. Corporate Resourcing and Aboriginal and other Resourcing
    3. Executive Resourcing
    4. Staffing
  2. Organizational Design and Classification
  3. Compensation and Benefits (Payroll)
  4. Learning and Development
  5. Labour Relations*
  6. Occupational Health and Safety*
  7. Accommodations*

Security

  1. Physical
  2. Personnel
  3. IM/IT
Return to Table of Contents


Information Management and Technology

  1. IM/IT Governance
  2. IM/IT Applications
  3. Information Management
  4. Library and Information Centre*
  5. Aboriginal Connectivity*

Corporate Governance

  1. Strategic Policy and Planning
    1. Research
      1. Aboriginal Peoples Survey
      2. Legislation
  2. ATIP*
  3. Official Languages
  4. Entity Level Controls
    1. Risk Management
      1. Follow-up of Audit and Evaluation Recommendations
      2. Policies and Practices
      3. Corporate Risk Profile
      4. Intervention Policy
      5. Business Planning (OAG in reserve for 08-09)
    2. Values and Ethics
      1. Staff Ombudsman
      2. Integrity
      3. Roles and Responsibilities
      4. Delegation of Authorities
      5. Governance Structure
  5. Complaints and Allegations
  6. Continuity of Operations
    1. Crises
    2. Emergencies
  7. Communications
    1. Internal
    2. External
  8. Legal Services and Litigation Management*
  9. Corporate Secretary*
  10. Departmental Audit and Evaluation
  11. Sustainable Development

Management Practices

  1. Regions
    1. British Columbia Region
    2. Alberta Region
    3. Saskatchewan Region
    4. Manitoba Region
    5. Ontario Region
    6. Quebec Region
    7. Atlantic Region
    8. Yukon Region
    9. NWT Region
    10. Nunavut Region
  2. Sectors
    1. Treaties and Aboriginal Government (formerly Claims and Indian Government) Sector
    2. Socio-Economic Policy and Regional Operations Sector
    3. Aboriginal Economic Development Sector
    4. Lands and Trust Services Sector
    5. Northern Affairs Sector
    6. Resolution Sector (formerly Indian Residential Schools Resolution Canada)
Return to Table of Contents


Appendix B – Coverage of MAF Elements

  1 Public Service Values 2 Governance and
Strategic Directions
3
Policy and
Programs
4
Results and
Performance
5
Learning, Innovation
and Change Management
6 Risk Management 7 People 8 Stewardship 9 Citizen-
focused
Service
10 Accountability
Carry-forward from 2007-
2008 (ongoing)
Follow
-up of
Aboriginal Business Canada
  x       x   x    
Capital Facilities and
Maintenance
  x x x   x   x    
Community Economic Development   x x x   x   x    
                     
2008-2009
  Audits
Audit of
Capacity Development (Carry Forward from the
2007-2008 Plan)
  X X X   X   X X X
Grants and
Contributions – Horizontal Departmental Controls – Audit of the
Intervention Policy and
Quality Assurance (Carry Forward from the
2007-2008 Plan)
  X X     X   X X X
Audit of
Post Secondary Education (Carry Forward from the
2007-2008 Plan)
  x x x   x   x x x
Financial Audit of
Settlement Allotment
    x     x   x   x
Audit of
Staffing and
Payroll for
Non-
Advertised Appointments and
Acting Appointments
          x x x    
Audit of
Band Support Funding
  x x x   x   x   x
Audit of
Expenditure Management Monitoring
          x   x    
Audit of
Information Management (CIDM
focus)
          x   x    
Post-
Implementation Audit of
First Nations and
Inuit Transfer Payment System
      X X x   x    
Audit of Elementary and
Secondary Schools and
Other Education
  x x x   x   x   x
Audit of Liabilities           x   x    
Audit of Revenue Management           x   x    
System Under Development
Audit of CIS-IRS
        x x   x    
                     
Preliminary Surveys
Preliminary Survey for
Audit of Self
Government, including Comprehensive Claims
  x x x   x   x   x
Preliminary Survey for the
Audit of Trust Accounts
          x   x   x
Preliminary Survey for
Audit of Economic Development
– Non
Proposal Driven
  x x x   x   x   x
Preliminary Survey
for Audit of Natural Resources and
Environment Management
  x x x   x   x   x
Preliminary Survey for Audit of PeopleSoft         x x x x    
Preliminary Survey for Audit of Strategic Policy and Planning   x x x x x   x x  
Other Initiatives
Forensic Audit Policy           x   x    
Update of the Corporate Risk Profile x x     x x   x    
Values and Ethics – An Organizational Risk Assessment x x     x x x x    
Recipient Audit Framework           x   x   x
Management Practices Reviews
(LTS, TAG, AED, SEPRO, NAP, BC, SK,
ON, PQ, NWT, NUNAVUT)
x x x x x x x x x x

Return to Table of Contents


Appendix C – Contract Dollar Requirements for 2008-2009

2008-2009 Audit Activities Contract Dollars
Audits  
Audit of Capacity Development (Carry Forward from the 07-08 Plan) $ 250,000
Grants and Contributions – Horizontal Departmental Controls – Audit of the Intervention Policy and Quality Assurance (Carry Forward from the 07-08 Plan) $ 250,000
Audit of Post Secondary Education (Carry Forward from the 07-08 Plan) $ 150,000
Financial Audit of Settlement Allotment $ 75,000
Audit of Staffing and Payroll for Non-Advertised Appointments and Acting Appointments $ 250,000
Audit of Band Support Funding $ 150,000
Audit of Expenditure Management Monitoring $ 150,000
Audit of Information Management (CIDM focus) $ 75,000
Post-Implementation Audit of First Nations and Inuit Transfer Payment System $ 150,000
Audit of Elementary and Secondary Schools and Other Education $ 150,000
Audit of Liabilities $ 150,000
Audit of Revenue Management $ 75,000
System Under Development Audit of CIS-IRS $ 75,000
Preliminary Surveys  
Preliminary Survey for Audit of Self Government, including Comprehensive Claims $ 25,000
Preliminary Survey for the Audit of Trust Accounts $ 25,000
Preliminary Survey for Audit of Economic Development – Non Proposal Driven $ 25,000
Preliminary Survey for Audit of Natural Resources and Environment Management $ 50,000
Preliminary Survey for Audit of People Soft $ 25,000
Preliminary Survey for Audit of Strategic Policy and Planning $ 25,000
Other Initiatives  
Forensic Audit Policy $ 25,000
Update of the Corporate Risk Profile $ 100,000
Values and Ethics – An Organizational Risk Assessment $ 25,000
Recipient Audit Framework $ 25,000
Management Practices Reviews (LTS, TAG, AED, SEPRO, NAP, BC, SK, ON, PQ, NWT, NUNAVUT) $ 700,000
Total Requirements $ 3,000,000
Contingency $ 233,861
Current Contract Allocation $ 3,233,861

 

1. This Table excludes projects from the 2007-2008 Plan for which little audit activity was conducted during 2007-2008. Those audits are included in the 2008-2009 Plan (identified as Carried Forward) or have been recommended to the Audit and Evaluation Committee for replacement by other audit activity. (return to source paragraph)

Return to Table of Contents
 
 
Date modified: