Risk-Based Audit Plan 2007-2008 to 2009-2010

Author: (Audit and Evaluation Sector)

PDF Version   (694 Kb, 30 pages)

 


Table of Contents

Introduction

Background

The Audit and Assurance Services Branch within Indian and Northern Affairs Canada (INAC) is engaged in implementing a new mandate for internal audit as defined in the Treasury Board's (TB) Internal Audit Policy that came into force April 1, 2006, with full implementation to be completed by April 1, 2009.

The 2006 Internal Audit Policy places considerable emphasis on:

  • increasing the independence of the internal audit function

  • strengthening and further professionalizing the internal audit function

  • providing a consistent, comprehensive government-wide approach to the way internal audit activities are planned and conducted and

  • enhancing the oversight, monitoring and reporting role of the internal audit function.

The Government of Canada's Federal Accountability Act (Bill C-2) reinforces this new mandate by enacting measures that are meant to strengthen accountability and increase transparency and oversight in government operations. The Act includes specific measures to strengthen auditing and accountability within departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility, and by bolstering the internal audit function within departments. This three-year audit plan is a fundamental element of the new mandate, providing a strong and credible audit regime that contributes to effective risk management, sound resource stewardship and good governance in the delivery of Indian and Northern Affairs Canada's programs and activities.

Scope of the Internal Audit Function

The internal audit function plays an important role in supporting departmental operations. It provides assurance on all important aspects of risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive insight and recommendations for the strengthening of operations. In this way, internal audit contributes to enhanced accountability and performance.

The Government of Canada's standards for the professional practice of internal audit stipulate that the role of internal audit is to provide assurance that the system of internal control is adequate and effective to manage risk at a level that is acceptable to management. In this way, the internal audit function will provide the Deputy Minister and the Audit and Evaluation Committee with confidence that the risks to their objectives are being managed effectively. The internal audit function has a vital role to play in supporting the principles of modern comptrollership.

Internal control is defined broadly and encompasses those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support the achievement of the organizational objectives.

The scope of the internal audit function is broad and includes those systems of internal control that are in place to achieve the following objectives:

  • compliance with legislation, regulations, policies and procedures
  • economy and efficiency of operations
  • safeguarding of assets
  • reliability and integrity of financial and operational information
  • achievement of operational objectives.


Risk-based Audit Planning Methodology

The methodology employed in the development of the three-year internal audit plan is described below and is consistent with professional standards for the development of risk-based audit plans.

Identification of Auditable Units

The Audit and Assurance Services Branch identified a number of auditable units based upon an analysis and grouping of INAC's potential audit universe of programs, corporate functions, and authorities. A list of the auditable units is included as Appendix A.

Risk Assessment

Recognizing that the most effective processes for risk assessment for internal audit purposes are ultimately based on sound professional judgment, the Audit and Assurance Services Branch adopted a framework that assesses the risks associated with each auditable unit in terms of its significance, complexity, and sensitivity, using a scale of 1 to 5 for each factor where 1 is low risk and 5 is high risk. A total score of 12 – 15 would indicate a high risk auditable unit, 8 – 11 a moderate risk auditable unit, and 3 – 7 a low risk auditable unit. This approach to risk assessment is highly consistent with approaches proposed by the Office of the Comptroller General to identify its possible cross-government audit priorities and by the Blue Ribbon Panel on Grants and Contributions to identify which recipients should be subject to audit.

In completing its initial identification of the risks associated with the auditable units, the Audit and Assurance Services Branch relied on information contained in:

  • previous audit or evaluation reports (including those of the Auditor General of Canada)

  • reports or summaries of previous corporate level risk assessments

  • records of early 2007 meetings between senior INAC and Office of the Auditor General officials in the context of their One Pass Plan exercise

  • Treasury Board Submissions, including Results based Management and Accountability Frameworks (RMAFs) and Risk-Based Audit Frameworks (RBAFs)

  • statistical results and narrative reports from the conduct of Grant and Contribution Control Self Assessment Sessions at headquarters and in two regions between April and May, 2007

  • assessments provided by the Office of the Comptroller General as to common government objectives and risks

  • audit plans prepared by other government departments (particularly as they related to corporate functions or to contribution programs

  • other related reports or documents.

As one component in validating the Audit and Assurance Services Branch's assessment of risks, the Audit and Evaluation Sector convened a small working group of senior executives with no direct responsibility for program delivery. The members of the group were asked to individually identify the highest risk areas they perceived for INAC in terms of three categories – fundamental controls (based on the Management Accountability Framework elements), funding authorities, and elements of INAC's Program Activity Architecture. The compiled results confirmed that the Audit and Assurance Services Branch's assessment of risks was well founded and that its resulting proposed projects were well aligned. Appendices B1, C1 and D1 display the results of the assessments, while appendices B2, C2 and D2 identify the high and medium risks in each category in terms of how they are addressed in the first year of the Three-Year Audit Plan.

Recommended Audit Projects

Following the assessment of auditable units, the Audit and Assurance Services Branch considered the nature and type of audit project that would be most appropriate to address the highest risk areas on a priority basis.

In some cases, related audit work had recently been completed or initiated. In these instances, the branch considered whether coverage was likely to be sufficient or whether additional work would be required over the term of the Three-Year Audit Plan. As a result, audit work in some priority areas may be deferred, while in others it may be seemingly repeated or expanded, e.g. in the case where the scope of a recent audit may have been too limited to provide assurance over the entire auditable unit.

In the case of auditable units for which there has been little or no recent relevant audit or evaluation activity, the branch has identified a preliminary survey as a first step in the audit process to identify the management control framework as well as potential risks that would be suitable for audit attention.

As a result of a synthesis of risks previously identified through a variety of sources, it was recognized that there was an opportunity to introduce a small number of audit projects that would examine key issues or risks from a horizontal or cross boundary perspective.

Finally, through its review of Treasury Board Submissions and related RMAFs and RBAFs, the Audit and Assurance Services Branch identified two instances where INAC had committed to Treasury Board to do an audit. Although these projects have been identified in the Plan, it is the Branch's intention to initiate discussions with Treasury Board Secretariat (TBS) to determine whether it is necessary to complete these audits within the time frame indicated, since they did not arise as high risks in the Branch's risk assessment.

Since the Audit and Evaluation Sector formally assumed a responsibility to review INAC's RMAFs and RBAFs, it has paid particular attention to ensuring that audit commitments are not made which undermine the Treasury Board's own policy that internal audit activity be based on risk assessments which are conducted at least annually.

Consultations with INAC Management

Consultations were held with the senior management of all sectors in INAC to explain and verify the identification of auditable units and to present the recommended audit projects that affect their sector or their interests as corporate managers.



The Three Year Audit Plan

Based on the results of the risk-based prioritization of auditable units, a formal three-year audit plan has been developed, taking into consideration the known planned activities of external parties. The Three-Year Audit Plan (Table 1) sets out the recommended projects over the period from 2007-2008 to 2009-2010.

Prior to each subsequent fiscal year, the risk assessment of auditable units and the identification of projects will be updated to ensure that audit attention is devoted to those areas of greatest risk that are suitable for examination.

The audit plan for 2007-2008 is presented in Table 2 with each project described in terms of its nature, its objective, its estimated timeframe, and its rationale.

Table 1

Auditable Unit Risk Profile 2007-2008 Audit Project 2008-2009 Audit Project 2009-2010 Audit Project
Capital Facilities and Maintenance High risk: major materiality (approaching $1 billion) with significant infusion, highly complex delivery model, sensitive to beneficiaries and public Audit of Capital Facilities and Maintenance    
Income Assistance High risk: major materiality ($3/4 billion range), highly sensitive to public – living conditions and potential for abuse, decentralized and devolved delivery Audit of Income Assistance   Audit of Income Assistance
Child and Family Services High risk: significant materiality ($1/2 billion range), highly sensitive to beneficiaries and public, complex and challenging delivery models Follow-up Audit of Child and Family Services    
Family Violence and Other Social Services Low risk: moderate materiality (>$80 million), some complexity due to number of authorities, little specific sensitivity     Audit of Family Violence and Other Social Services
Post Secondary Education High risk: significant materiality (>$250 million), more complex delivery than elementary/secondary education, sensitive to beneficiaries (demand) and public Audit of Post Secondary Education    
Elementary and Secondary Schools High risk: major materiality (> $1 billion), sensitive to beneficiaries and public, challenge to meet standards and improve results, renewal underway   Audit of Elementary and Secondary Schools  
Other Education Low risk: moderate materiality (>$100 million), complexity only due to number of specific purpose authorities, low sensitivity     Audit of Other Education
Registration and Membership High risk: low direct materiality but highly significant in terms of potential impacts, complex to determine eligibility, highly sensitive in the event of fraud or abuse Audit of Registration and Membership    
Natural Resources and Environmental Management Moderate risk: lower relative materiality (approx. $50 million) with potentially increased significance due to contingent liabilities, complex because of competing demands – environment vs. development, public sensitivity if environment threatened Audit of Healthy Northern Communities - Knowledge and Adaptation Audit of Natural Resources and Environmental Management  
Economic Development Moderate risk: moderate relative materiality (greater than $200 million) with significant challenges of integrating Industry Canada programming, inherently highly complex to pick "winners" in multi-jurisdiction environment, limited sensitivity unless failures highlighted Follow-up Audit on the Industry Canada 2006 Audit of Aboriginal Business Canada   Audit of Economic Development
Self Government/Claims High risk: significant materiality (approaching $400 million), highly complex to negotiate and implement, highly sensitive due to time and resources invested Preliminary Survey of Specific Claims Audit of Specific Claims  
Self Government/Claims As above Audit of the Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement Audit of Self Government, including Comprehensive Claims - Preliminary Survey Audits (Scope TBD)
Band Support Funding Moderate risk: significant materiality (>$300 million), moderately complex, potentially sensitive if funding misused   Audit of Band Support Funding  
Office of the Federal Interlocutor (OFI) High risk: lower relative materiality (approaching $30 million), however, highly sensitive and complex due to challenges of mandate, expanded Urban Aboriginal Strategy and central agency interest Audit of the OFI Management Control Framework for Contribution Programs and Operations Audits of OFI Contribution Programs (Urban Aboriginal Strategy, Powley, OFI) (as required)  
Northern Air Stage Funding Subsidy (Food Mail) Low risk: low relative materiality, some complexity due to pressure for change, some sensitivity because of OAG interest   Audit of Northern Air Stage Funding Subsidy  
Emergency Low risk: normally low materiality, some complexity in implementing appropriate responses, low sensitivity unless mismanaged     Audit of Emergency
Capacity Development High risk: moderate relative materiality (>$100 million) but significant impact on INAC's agenda and highly complex due to numerous initiatives; sensitive to public if results not evident Audit of Capacity Development    
Grants and Contributions Departmental Controls High risk: highest materiality and significance representing approximately 85% of INAC budget, highly complex and sensitive (variety of authorities and delivery mechanisms) Horizontal Departmental Audit – (Scope TBD) Horizontal Departmental Audit – (Scope TBD) Horizontal Departmental Audit – (Scope TBD)
External Reporting (Financial Statements Audit Readiness) Moderate risk: moderate significance and sensitivity although OAG and TBS are interested, highly complex because of decentralized organization and tight timeframes Audit of Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts) and Payroll (4 related auditable units) Audit of Revenues, Loans and Accounts Receivable, and Flow Through Funding (3 auditable units)  
External Reporting (Financial Statements Audit Readiness) As above Entity Level Controls Preliminary Survey for Audit of External Reporting Audit (Scope TBD) Audit (Scope TBD)
Financial Planning, Budgeting and Forecasting Moderate risk: potentially significant if reliable information not available consistently, complex in a decentralized organization, little sensitivity     Horizontal Departmental Audit of Financial Planning, Budgeting and Forecasting
Procurement/Contracting Moderate risk: significant support to achievement of INAC objectives, moderately complex to respect principles and policies, little sensitivity unless mismanaged     Audit of Procurement/ Contracting
Travel and Hospitality Low risk: support to achievement of INAC objectives, not complex, however, can be sensitive if abuse suspected     Audit of Travel and Hospitality
Information Management/Information Technology (IM/IT) Policy, Planning and Management (HR) High risk: highly significant because of potential impacts on program delivery and corporate services, highly complex to establish governance that can set priorities and meet competing demands, sensitive if needs not met Preliminary Survey (with IM/IT Applications) Audit (Scope TBD) Audit (Scope TBD)
IM/IT Applications Development and Support Moderate risk: potential for significant impact if corporate or program systems not reliable or effective, system development can be quite complex, sensitivity usually moderate Preliminary Survey (with IM/IT Policy, Planning and Management) Post-Implementation Audit of First Nations and Inuit Transfer Payment System Audit of System Under Development or Application in Place – (TBD) Audit of System Under Development or Application in Place – (TBD)
Documentation and Records Management Moderate risk: potential significance in terms of efficiency and effectiveness of INAC, complex to implement consistently across a large decentralized organization, not normally sensitive unless breaches occur   Audit of Documentation and Records Management  
IT Security Moderate risk: potentially significant if security breached, quite complex to keep abreast of threats, little sensitivity unless breach occurs     Audit of IT Security
Human Resource Planning and Resourcing High risk: major issue facing INAC, highly complex to identify and match future needs to resource availability, potentially significant impact if resources not available when needed Horizontal Departmental Audit of HR Planning and Resourcing    
Training and Development Moderate risk: significant impact in terms of implementing programs as intended across large, decentralized organization, complex to ensure that learning occurs, little sensitivity   Horizontal Departmental Audit of Training and Development  
Organizational Design and Classification Low risk: indirectly supports INAC objectives, moderately complex to achieve best structure, little sensitivity     Audit of Organizational Design and Classification
Complaints and Allegations Moderate risk: moderate complexity to determine facts and appropriate course of action; significant in terms of INAC's integrity and responsiveness Special Study    
Regional Headquarters (TBD) Potential disconnects between strategic direction and program implementation in highly decentralized organization Audits (Scope TBD) Audits (Scope TBD) Audits (Scope TBD)
Risk Management, Strategic Policy and Planning, and Values and Ethics (3 auditable units) High risk: entity level controls with potentially significant indirect impacts across INAC, highly complex to inculcate across a large decentralized organization, failure can result in high sensitivity, directly linked to Internal Audit Policy requirements   Audit of Entity Controls - Risk Management, Strategic Policy and Planning, and Values and Ethics  
Communications Moderate risk: indirectly significant to achievement of INAC objectives, complex to communicate consistent messages across a large decentralized organization and with numerous stakeholders, sensitive when attention focused on INAC   Preliminary Survey of Internal and External Communications Audit
Compliance Monitoring Moderate risk: moderate significance in ensuring compliance, moderate complexity due to need for judgment in application, little sensitivity     Audit of Compliance Monitoring
Legal Services and Litigation Management High risk: highly significant impact and cost for INAC, highly complex litigation in litigious environment, costs sensitive to public   Audits (TBC)  

Table 2 – Audit Projects for 2007-08

Audit Project Audit Objective Timeframe Rationale
Audits
Income Assistance Provide assurance on the adequacy and appropriateness of the management control framework Planning Underway Due for Treasury Board renewal by March 31, 2008
Registration and Membership Provide assurance that internal controls over the modernized Indian Registry System and the issuance of Certificate of Indian Status cards are adequate and effective Spring 2007
  • Security over card issuance is highly sensitive due to potential misuse (inappropriate access to benefits)
  • Complex delivery model with additional challenge of introducing change
  • High degree of indirect materiality and importance
The Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement Provide assurance to TBS that the Agreement is being implemented in accordance with approved authorities Summer 2007 A commitment was made to TBS for an audit in 2007-2008
Office of the Federal Interlocutor's Management Control Framework for Contribution Programs and Operations Provide assurance to TBS that management control frameworks for utilization of O&M and contribution funds are appropriate Summer 2007 A commitment was made to TBS for an audit in 2007-08 prior to renewal by March 31, 2008
Grants and Contributions – Departmental Controls Provide assurance on the controls over selected components of the Program and Recipient cycles Summer 2007
  • Highest risk area comprising approximately 85% of expenditures with high degrees of reputational and public awareness sensitivity and complex inter-relationships and delivery mechanisms
  • AES project completed June 2007 to identify and validate audit criteria
  • Annual audit activity to focus on horizontal assessment of key controls to contribute to a holistic opinion
Capital Facilities and Maintenance Provide assurance on the adequacy and appropriateness of the management control framework Fall 2007
  • Resources invested represent one of INAC's largest program areas
  • Can have significant impacts in terms of quality of life for First Nations
  • Delivered in a very complex and sensitive environment
  • Resource s are expected to be significantly increased with the First Nations Infrastructure Fund
  • Recent audit coverage has not provided a holistic perspective
Post Secondary Education Provide assurance on the adequacy and appropriateness of the management control framework Fall 2007
  • Investment of resources exceeds 250 million
  • Delivery quite complex considering wide range of post-secondary options
  • Sensitivity arises from potential inability to meet demand
Capacity Development Provide assurance that capacity development programs and authorities are being implemented in a coordinated manner and in accordance with approved authorities and terms and conditions Fall 2007
  • Capacity of First Nations a critical element in implementing INAC's change agenda
  • Complexity arises from a number of different programs or initiatives
  • Significant cumulative resources
Healthy Northern Communities – Knowledge and Adaptation Provide assurance that the initiative was implemented in accordance with approved authorities Fall 2007
  • INAC 2006-07 Audit Plan identified an audit in 2009-10
  • Program management requested that audit work be advanced to 2007-08
Contingent Liabilities, Environmental Liabilities, Special Purpose Accounts (Trusts) and Payroll (4 related auditable units) Provide assurance on the controls governing selected high risk areas Fall 2007 Support to financial statements readiness for audit by March 31, 2009
Regional Headquarters Provide assurance on the management control framework, including financial management, human resource management, and program delivery Fall 2007
  • Challenged to deploy a limited staff to manage a large number of programs
  • Significant core and non-core budgets over large geographic areas
  • High degree of autonomy and provincial contexts result in a variety of approaches to national programs
  • Questions raised as to the most effective utilization of limited resources
  • Opportunity to identify best practices in resource deployment, e.g. risk-based activities
Human Resource Planning and Resourcing Provide assurance that INAC has in place the appropriate policies and practices to ensure that it can meet its human resource requirements Winter 2007
  • Major issue facing the federal public service
  • Critical to the success of INAC's change agenda
Preliminary Surveys
Specific Claims Provide assurance on the adequacy and appropriateness of the Specific Claims Branch's management control framework Completed
  • Audit of Specific Claims – Preliminary Survey completed in June 2007
  • Further work recommended only in 2008-09
IM/IT Policy, Planning and Management and IM/IT Applications Development and Support Prepare the Audit and Assurance Services Branch to carry out audits in the IM/IT area that will provide assurance over IM/IT investments Summer 2007
  • Limited previous audit activity in a corporate function with significant resource investment
  • Documentation of the management control framework
  • Identification of systems in place or under development which should be subject to audit
Entity Level Controls for Audit of External Reporting (Financial Statements Audit Readiness) Prepare the Audit and Assurance Services Branch to carry out audits of financial reporting controls Fall 2007
  • Support to financial statements readiness for audit by March 31, 2009
  • A program of audits of key controls must be established starting with entity level controls
  • Identification of priorities for audit activity including those notionally identified for 2008-09 (i.e. Risk Management, Strategic Policy and Planning and Values and Ethics)
Follow-up Audits
Child and Family Services Provide assurance regarding the implementation of the management action plan Fall 2007
  • Follow-up required on the basis of recommendations resulting from recent audit
  • Central agencies have a particular interest in Child and Family Services
Aboriginal Business Canada Provide assurance regarding the implementation of the management action plan Winter 2007
  • Follow-up required on the basis of recommendations resulting from recent audit
  • Recent transition to INAC with a significant change agenda
Other Initiatives
Special Study of Complaints and Allegations Assess whether policies and procedures are sufficiently clear and appropriately respected to mitigate potential risks. Underway
  • Increasing demand from First Nations for audits
  • Assurance required that an effective framework is in place to capture, assess, and act upon complaints and allegations, whether external or internal

Performance of the Audit Engagements

The Audit and Assurance Services Branch will carry out the approved 2007-2008 audit engagements on a systematic basis. A small number of audit projects has already been initiated, with the concurrence of, or at the request of, the Deputy Minister.

Audits will be carried out in accordance with the Professional Standards for Internal Audit as outlined in the TB Policy on Internal Audit.

Ever-greening of the Plan

The risk-based audit plan will be updated, where justified on the basis of risk and urgency, as departmental and related environmental risks change. This "ever-green" approach will enable the Audit and Assurance Services Branch to ensure that internal audit activity remains relevant and effective. Modifications to the plan will be presented at AEC meetings and submitted to the Deputy Minister for approval.

The Audit and Assurance Services Branch will also continue to monitor the scope and timing of external audits (e.g. OAG, OCG, Public Service Commission, Office of the Commissioner of Official Languages) in order to optimize coverage and minimize duplication of effort.

Level of Activity and Direct Resource Requirements

The Three-Year Plan identifies that some seventeen audit projects will be carried out on an annual basis. While the level of audit effort will vary from project to project, it is the Audit and Assurance Services Branch's professional opinion that this level of activity is the minimum necessary to provide adequate and meaningful risk-based coverage of the programs and corporate functions of INAC and to meet the requirements of the Treasury Board Policy.

The Branch has been advised that this level of activity is commensurate with that required and undertaken in other government departments of similar size.

Apart from variations in the objectives and scope of audit projects, the cost of carrying out individual audit projects will also vary considerably depending on:

  • whether internal or external contract resources are employed
  • whether contract work is done through large nationally recognized professional organizations or through mid-size locally based firms
  • whether the engagement requires general audit skills or a high degree of expertise and
  • whether or not travel is required.

For purposes of identifying initial resource requirements, the Audit and Assurance Services Branch has assumed, based on experience, that its average portfolio of seventeen audit projects will normally be comprised of 3-5 large projects at an expected cost of $250,000 each (in contract dollar terms), 5-7 medium size projects with an expected cost of $150,000 each, and 6-8 small projects with an expected cost of $75,000 each. These assumptions result in an annual requirement for a budget equivalent to $2,500,000 in contract funds. Appendix E details the anticipated costs of audit projects in the Three-Year Plan.

Based on these assumptions, the Audit and Assurance Services Branch foresees a potential shortfall of $900,000 in 2007-2008.

Infrastructure and Non-Core Resource Requirements

In addition to the resource requirements for the carrying out of audit projects, the Audit and Assurance Services Branch also faces significant demands on its existing resource base to:

  • serve as the Departmental liaison with the Office of the Auditor General and the Commissioner for the Environment and Sustainable Development
  • represent INAC in the planning, conduct and reporting of forensic audits (unfunded responsibility of increasing importance)
  • provide advice, guidance and challenge on the performance of risk assessments and related mitigation strategies and on the preparation of Risk-Based Audit Frameworks and related Treasury Board submissions (unfunded responsibility recently assumed)
  • support the establishment and operation of an independent Audit Committee as required by the Internal Audit Policy, e.g. an Audit Committee Charter and an Internal Audit Mandate
  • formalize and inculcate a set of professional standards and practices (e.g. Audit Manual, Code of Ethics, Quality Assurance) that will enhance the capacity of the Branch to add value.

Challenges to Achievement of the Audit Plan

The Audit and Assurance Services Branch recognizes that its recommended Plan is very ambitious, especially in terms of its approval late in the first quarter of the fiscal year, but believes that it is an essential first step in achieving full compliance with the Internal Audit Policy by April 1, 2009.

The extent to which the Branch is able to achieve full implementation of the Plan is dependent, however, on a number of factors:

  • the Branch must be largely successful by the end of the second quarter in its current efforts to staff five approved audit manager positions

  • the Branch must be able to engage competent audit managers on a temporary help contractual basis pending staffing of permanent positions

  • the Branch must be able to limit the extent to which its resources are detracted into non-core, non-funded activities

  • the Branch may have to respond to OCG (yet to be determined) requirements for government-wide audit activity or for providing holistic opinions

  • the Branch may have to respond to emerging INAC or government-wide priorities or issues and
  • the Branch may need additional contract dollars (as noted above).

The Audit and Assurance Services Branch will provide an update to the Audit Committee at each of its meetings on the progress it is making in implementing the Plan and the challenges it is facing in so doing.

Appendix A – Auditable Units

Departmental Programs

1. Self Government/Claims
2. Band Support Funding
3. Capacity Development
4. Capital Facilities and Maintenance
5. Economic Development
6. Federal Interlocutor
7. Emergency
8. Natural Resources and Environmental Management
9. Child and Family Services
10. Income Assistance
11. Elementary and Secondary Schools
12. Post Secondary Schools
13. Other Education
14. Youth Employment Strategy
15. Family Violence and Other Social Services
16. Registration and Membership
17. Food Mail

Corporate Functions
Financial and Asset Management
1. Financial Planning, Budgeting and Forecasting
2. External Reporting (Financial Statements Audit Readiness)
a. Controls over Financial Reporting
b. Accrual Accounting
c. Public Accounts
d. DPR/RPP
3. Contingent Liabilities
4. Environmental Liabilities
5. Special Purpose Accounts (Trusts)

6. Proactive Disclosure

7. Revenues
8. Travel and Hospitality
9. Loans and Accounts Receivable
10. Delegation of Financial Authority
a. Policies
b. Compliance
11. Flow Through Funding –
a. NAP
b. Non-INAC
12. Compliance Monitoring
a. Financial
b. Horizontal
13. Fixed Asset, Property and Materiel Management
a. Physical Security
b. Materiel Management
14. Procurement/Contracting
a. Acquisition Cards
15. Memberships

Human Resources Management and Services
1. Planning and Resourcing
a. Staffing
b. Security Screening
2. Organizational Design and Classification
3. Compensation and Benefits (Payroll)
4. Training and Development
5. Labour Relations
6. Occupational Health and Safety
 
Information Management and Technology
1. Policy, Planning and Management
2. Applications Development and Support
a. Current Systems
i. Program Systems
ii. Management Support Systems (e.g. Financial, HR, Materiel)
iii. Workplace Systems
b. Systems under Development
d. Data Services
e. Telecommunications
4. Documentation and Records Management
a. Information Security
5. Library and Information Centre
6. Aboriginal Connectivity
Corporate Governance
1. Strategic Policy and Planning
a. Research
i. Aboriginal Peoples Survey
ii. Legislation
2. ATIP
3. Official Languages
4. Values and Ethics
a. Staff Ombudsman
5. Complaints and Allegations
6. Continuity of Operations
a. Crises
b. Emergencies
7. Communications
a. Internal
b. External
8. Legal Services and Litigation Management
9. Corporate Secretary
10. Departmental Audit and Evaluation
11. Sustainable Development
a. Contaminated Sites
12. Risk Management
a. Follow-up of Audit and Evaluation Recommendations
b. Policies and Practices
c. Corporate Risk Profile
d. Intervention Policy
Regional Management

1. B. C. Region
2. Alberta Region
3. Saskatchewan Region
4. Manitoba Region
5. Ontario Region
6. Quebec Region
7. Atlantic Region
8. Yukon Region
9. NWT Region
10. Nunavut Region
 

Appendix B1 – Core Controls – Oversight Priorities

Appendix B1 – Core Controls - Oversight Priorities

Appendix B2 – Coverage of Core Controls – Oversight Priorities by Recommended Audit Projects

Table - Appendix B2

Appendix C1 – PAA – Oversight Priorities

Appendix C1 - PAA - Oversight Priorities

Appendix C2 – Coverage of PAA – Oversight Priorities by 2007-08 Recommended Audit Projects

Table Appendix C2

Appendix D1 – Authorities – Oversight Priorities

Appendix D1 - Authorities - Oversight Priorities

Appendix D2 – Coverage of Authorities – Oversight Priorities by 2007-08 Recommended Audit Projects

Table Appendix D2

Appendix E – Resource Requirements for the Three-Year Audit Plan

2007-08 Audit Projects 2007-08 Contract Dollars 2008-09 Audit Projects 2008-09 Contract Dollars 2009-10 Audit Projects 2009-10 Contract Dollars
Audit of Capital Facilities and Maintenance $250,000 Audit of Specific Claims Audit of Self Government including Comprehensive Claims (PS) $250,000 Audit of Income Assistance $250,000
Audit of Income Assistance $75,000 Audit of the Office of the Federal Interlocutor's Contribution Programs $75,000 Audit of Economic Development $250,000
Follow-up Audit of First Nations Child and Family Services $150,000 Audit of Grants and Contributions – Departmental Controls (Scope TBD) $250,000 Audit of Self Government/Claims (Scope TBD) $250,000
Audit of Registration and Membership $150,000 Audit in Support of External Reporting (Scope TBD) $250,000 Audit of Grants and Contributions – Departmental Controls (Scope TBD) $250,000
Audit of Post Secondary Education $150,000 Post-Implementation audit of FNITP and Audit of System Under Development or Application in Place – TBD $250,000 Audit in Support of External Reporting (Scope TBD) $250,000
Audit of Capacity Development $250,000 Audits of Regional Headquarters $250,000 Audit of System Under Development or Application in Place – TBD $150,000
Follow-up Audit on the IC 2006 Audit of Aboriginal Business Canada $75,000 Audit of Elementary and Secondary Schools $250,000 Audits of Regional Headquarters $250,000
Preliminary Survey of Specific Claims $75,000 Audit of Band Support Funding $150,000 Audit of Other Education $75,000
Audit of the Implementation of the Yukon Northern Affairs Program Devolution Transfer Agreement $150,000 Audit of Natural Resources and Environmental Management $150,000 Audit of Emergency $75,000
Audit of the Office of the Federal Interlocutor's Management Control Framework $75,000 Audit of Northern Air Stage Funding Subsidy $75,000 Audit of Family Violence and other Social Services $150,000
Audit of Grants and Contributions – Departmental Controls $250,000 Audit of Entity Controls – Risk Management, Strategic Policy and Planning, and Values and Ethics $150,000 Audit of Communication (Scope TBD) $75,000
External Reporting – Financial Readiness – Preliminary Survey $100,000 Audit of Documentation and Records Management $150,000 Audit of Financial Planning, Budgeting and Forecasting $150,000
Audit of Contingent Liabilities, Special Purpose Accounts (Trusts) and Payroll $150,000 Preliminary Survey of Internal and External Communications $75,000 Audit of Procurement/Contracting $150,000
IM/IT Policy, Planning and Management and Applications Development and Support – Preliminary Survey $150,000 Audit of Revenues, Loans and Accounts Receivable, and Flow Through Funding $150,000 Audit of Compliance Monitoring $75,000
Audit of Human Resources Planning and Resourcing $150,000 Audit of Training and Development $150,000 Audit of Travel and Hospitality $150,000
Complaints and Allegations – Special Study $75,000 Audit of Legal Services and Litigation Management – Preliminary Survey $150,000 Audit of IT Security $150,000
Audits of Regional Headquarters $150,000     Audit of Organization Design and Classification $150,000
Audit of Healthy Northern Communities – Knowledge and Adaptation $75,000        
Total Requirement $2,500,000   $2,700,000   $2,750,000
Current Contract Allocation $1,350,000   $1,350,000   $1,350,000
Convertible from Salary (Staffing Delays) $250,000   $0   $0
Shortfall $900,000   $1,350,000   $1,400,000