ARCHIVED - Risk-Based Audit Plan 2010-2011 to 2012-2013

Notice

This website will change as a result of the dissolution of Indigenous and Northern Affairs Canada, the creation of Indigenous Services Canada and the eventual creation of Crown-Indigenous Relations and Northern Affairs Canada. During this transformation, you may also wish to consult the updated Indigenous and Northern Affairs home page.

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Date: April 1, 2010

PDF Version (450 Kb, 31 Pages)

 

Table of contents

Introduction

Through the Federal Accountability Act (2006) and Action Plan, the Government of Canada committed to strengthen auditing and accountability within departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility, and by bolstering the internal audit function, with particular reference to the role of the Chief Audit Executive and the establishment of external Audit Committees.

The Treasury Board Policy on Internal Audit (2009) seeks to support strong and accountable public sector management by ensuring effective internal auditing. In response to this requirement, INAC has developed this three-year Risk-based Audit Plan. This plan details the assurance services that Audit and Assurance Services Branch will provide independent of line management to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.

Purpose

This document was prepared by Indian and Northern Affairs Canada Audit and Assurance Services Branch (AASB) and outlines the Risk-Based Audit Plan 2010-2011 to 2012-2013 for Indian and Northern Affairs Canada (INAC). The plan has been designed to support the allocation of audit resources to those areas that represent the most significant priorities to INAC and to respond to requirements of the Treasury Board Policy on Internal Audit (2009).

Document Organization

 
Introduction

This section provides an overview of the role of the internal audit function and Treasury Board's expectations with respect to audit to provide the reader with the context for this plan.

Risk-Based Audit Planning Approach

This section describes the process followed to build this plan.

The Three-Year Risk-Based Audit Plan

This section details the comprehensive plan for 2010-2011 to 2012-2013 including a summary of the activities over three years.

Resource Considerations

This section details the resource considerations required to execute the audit plan.

Appendices

This section provides various detailed tables to further desctibe the plan.

 

 

The Role and Scope of Internal Audit

Internal audit plays a vital function in governance and accountability. Without a strong objective and independent assurance function, the effectiveness of the overall governance framework of the organization is severely weakened. With it, there is greater confidence that the decisions being taken by executive managers and line managers are informed by appropriate information on risk and control. Internal audit's systematic and disciplined approach adds value and improves an organization's operations.

The role of the internal audit function, in conjunction with the Audit Committee, is to ensure that the Deputy Minister and the Comptroller General, are provided with added assurance, independent from line management, on the department's risk management, control and accountability processes. The internal audit function fulfills this role by bringing a systematic, disciplined approach to assess and improve the effectiveness of the department's risk management, control, and governance processes.

The scope of work of the internal audit function is to determine whether the INAC network of risk management, control, and governance processes (as designed and represented by management) is adequate and functioning in a manner to ensure:

When opportunities for improving management control, governance, or resource stewardship are identified during audits, they are communicated to the appropriate level of management so that appropriate action can be taken.

The internal audit function plays an important role in supporting departmental operations. It provides assurance on all important aspects of the risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive advice and recommendations. In this way, internal audit contributes to enhanced accountability and performance and sound management in general.

Treasury Board Policy Requirements

INAC is subject to the Treasury Board Policy on Internal Audit (2009). This policy states that the internal audit function in the Government of Canada is a professional, independent appraisal function that provides objective, substantiated conclusions as to how well an organization's risk management, control and governance processes are designed and working.

The Policy on Internal Audit (2009) further clarifies that the focus of internal audit is on all management systems, processes and practices, including the integrity of financial and non-financial information. The policy requires that the Deputy Minister consider and approve a risk-based audit plan that addresses areas of highest risk and significance, including audits identified by the Comptroller General as part of government-wide or sectorial coverage. The Audit Committee is required to review the risk-based audit plan and advise the Deputy Minister on its adequacy.

Recent changes to the Internal Audit Policy have removed the requirement that the Chief Audit Executive provide an annual holistic opinion. However, the Internal Audit Policy (2009) now requires the audit plan to be designed to "perform risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the department." The Treasury Board Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General further directs that the risk-based audit plan focus predominantly on the provision of assurance services.

The Government of Canada has adopted the Institute of Internal Auditors' (IIA) Professional Practices Framework, including the International Standards for the Professional Practice of Internal Auditing (IIA Standards) for internal auditing in the Government. AASB strives to conduct its work and to manage contracted work in accordance with these standards.

Strategy for Assurance Reporting on Risk Management, Control & Governance Processes

One of the cornerstones of the Policy on Internal Audit (2009) is the requirement that the Chief Audit Executive must provide annual assurance overview reporting on departmental risk management, control, and governance processes. In support of annual reporting for these three elements, the audit plan must achieve sufficient coverage of the Treasury Board's Management Accountability Framework (MAF) and Core Management Controls Framework. Together, these frameworks describe departmental risk management, control, and governance processes for an effectively controlled and accountable department.

The Chief Audit Executive provides annual assurance reporting and, together with other inputs such as the Chief Financial Officer's Statement on Internal Control and information gleaned from other assurance providers, they collectively provide departmental Senior management and the Comptroller General with assurance on the state of the Department's risk management, controls and governance processes.

External Relationships

  1. Office of the Auditor General

    The relationship between the Department and the Office of the Auditor General is one of openness and cooperation. The CAE has the mandate to coordinate the activities of the Office of the Auditor General within the Department. To ensure both a fair and balanced assessment of the issues audited by the OAG and a unified approach and single source of reference for the Department, the CAE coordinates, on behalf of the Deputy Minister, the process of validating audit findings and draft reports up to and including the final report and the INAC management response and follow up processes.

  2. Office of the Comptroller General

    Audits are conducted on a horizontal across-government basis from time to time by the OCG. These are factored in to the plan on an annual basis or as they are announced by the OCG.

  3. Other external organizations conduct audits which are supported by the AASB, for instance, the Public Service Commission and the Office of the Privacy Commissioner conducted audits in 2009-10.
 

 

Risk Based Audit Planning Approach

Employing an annual audit planning approach that is consistent with Treasury Board requirements provides assurance that internal audit activities are properly targeted on areas of highest risk and significance to the departmental mandate. The planning process also serves to ensure appropriate allocation of resources necessary to provide the Deputy Head with the necessary assurance on the areas of greatest importance.

In establishing priorities for the audit plan, AES analyzes all departmental program activities and internal services (see INAC Audit Universe in Appendix A) to assess risk and significance to the achievement of the INAC mandate. These assessments drive the preliminary audit priorities that are presented to Regions and Sectors to obtain input on the value and pertinence of the proposed audits. Moreover, each Region and Sector votes on whether they would like to be included in each proposed audit. This positive feedback is indicative of the perceived value of internal audit to regions and sectors in identifying opportunities to improve programs and management. Consistent with requirements of Treasury Board, the INAC risk-based approach to annual audit planning ensures appropriate allocation of resources necessary to provide the Deputy Head with assurance on areas of greatest importance and concern.

Assessments of significance and risk for each auditable unitsFootnote 1 were based on information gathered through extensive review of corporate documents such as the departmental risk profiles, departmental plans and priorities, performance reports, results of past audits, evaluations and reviews, and results from last year's risk-based planning exercise. Risk level considers the degree to which the activity is exposed to risk factors (e.g. change, complexity and sensitivity) and the impact of specific risk exposures (e.g. legal, program delivery, financial, health and environmental). Significance is based on the relative importance of the program activity or internal service to the achievement of the department's overall objectives. Significance includes materiality of the entity and its intrinsic importance to the department. The methodology employed for the assessment of risk is aligned to identified departmental corporate risk tolerances, as defined in the INAC corporate risk assessment scales.

The selection of audits for the three-year plan is not driven solely by AES prioritization and input from regions sectors, but includes the following planning considerations:

 

 

The Three Year Risk-Based Audit Plan

This section presents an overview of INAC's Three Year Risk-based Audit Plan. As described in detail earlier in the Risk-based Audit Planning Approach section, the INAC internal audit priorities for the upcoming three years are based on a set of planning considerations and AASB's assessments of risk and significance for each auditable unit.

Audit Unit Priority Rankings

Audit Unit Priority Rankings
Audit Unit Priority Rankings

The chart illustrates the final priority rankings for each auditable unit of INAC's audit universe. The priority rankings are as follows:

 

The INAC Audit Universe (Appendix A) encompasses all significant activities performed by INAC in support of its mandate and serves as the basis from which audit priorities were selected. It is comprised of program activities, internal services, and operating agencies, and serves as the basis from which audit priorities were selected. In prioritizing the INAC audit universe, AASB performed extensive review of corporate documents and completed three prioritization workshops. The distribution of the final priority ranking of these units is illustrated in the figure to the right.

Audit Coverage

Treasury Board expects that internal audit activities provide coverage of areas of significance and risk. An appropriate breadth and depth of coverage supports the governance responsibilities of the Deputy Head, CAE, CFO and Audit Committee.

Audit coverage is generally framed against accountability and control frameworks, in the government of Canada this includes the Treasury Board Management Accountability Framework and the OCG Core Controls Framework.

This section describes how the plan achieves sufficient breadth and depth of audit coverage of areas of highest significance and risk to departmental mandate. Appropriate coverage also permits the CAE to provide an annual assurance statement to the Deputy Minister and Comptroller General.

Coverage of Auditable Units
Description of Coverage of Auditable Units

The chart illustrates the Risk-Based Audit Plan's coverage of auditable units. In determining the coverage of auditable units, priority was given to auditable units that received a final priority ranking of "Very High" or "High". The coverage of auditable units is as follows:

 

The chart summarizes the audit coverage over the three years of the plan. As noted above, there is complete coverage through audits and management practices reviews of all very high and high ranked auditable units. The coverage of moderate priority ranked auditable units is 45% while coverage of low priority auditable units is 0%. (prioritization considers both risk and significance)

Audit Coverage of Corporate Risks
Description of Audit Coverage of Corporate Risks

The graph illustrates the extent to which INAC corporate risks are covered by the new planned audits in 2010-2011. The coverage is as follows:

 

The graph summarizes the number of audits in the first year (2010-2011) and the links to the corporate risks. Appendix B describes the corporate risks and the links to planned first year audits. Note that the chart includes only planned new 2010-2011 audits and does not include ongoing audits and management practices reviews, which will provide additional assurance coverage of corporate risks.

Management Accountability Framework Elements
Description of MAF Elements

The graph illustrates the extent to which MAF elements are covered by all planned and on-going projects in 2010-2011. The coverage is as follows:

 

The graph summarizes the extent of MAF elements and OCG Core Management Controls included in the planned audits in 2010-2011, including both new and ongoing audits. Appendix C details MAF/Core Management Control coverage by individual audit. It demonstrates that every element is covered by at least one audit or management practices review. Note that the chart includes ongoing and new 2010-2011 audits and management practices reviews, which will provide additional assurance coverage of MAF elements.

2010-2011 to 2012-2013 Audit Plan

Table 1 below presents a three-year view of the audit plan that sets out the recommended projects over the period from 2010-2011 to 2012-2013. This table is grouped by departmental programs and internal service. For each auditable unit, the final priority ranking, and pastFootnote 2, current and planned audits are outlined. Each of the planned audits for the auditable unit is listed over the three-year period.

At the end of the three-year plan, audits and reviews of all high risk and significant ranked auditable units will have been started allowing INAC to achieve coverage required by the Policy on Internal Audit (2009).

Table 1: 2010-2011 to 2012-2013 Plan
Auditable Units Priority Previous Audits 2009-2010 Ongoing 2010-2011 2011-2012 2012-2013
Departmental Programs
Capital Facilities and Maintenance Very High Audit of Capital Facilities and Maintenance (08-09) Audit of Housing

Audit of Infrastructure
   
Child and Family Services Very High Audit of Child & Family Services (06-07)

OAG Audit of Child & Family Services (07-08)
    Audit of Child and Family Services  
Income Assistance Very High Preliminary Survey for Audit of Income Assistance (07-08)     Audit of Income Assistance  
Specific Claims Very High Preliminary Survey for Specific Claims (07-08)     Audit of Specific Claims  
Elementary and Secondary Schools and Other Education Very High Audit of Elementary and Secondary Schools and Other Education (08-09)   Review of the Education Information System   Audit of Elementary Schools
Secure Card of Indian Status Very High System Under Development Audit of SCIS (08-09)

Threat Risk Assessment of Physical Facilities (08-09)

Threat Risk Assessment (07-08)
Audit of SCIS System Security    
Self-Government and Comprehensive Claims Very High Preliminary Survey for Audit of Self Government including Comprehensive Claims (08–09)     Audit of Funding for Implementation

Audit of Negotiation Loans
 
Contaminated Sites and Environmental Management Very High       Audit of Environmental Management  
Indian Registry System High     System Under Development Audit of IRS    
Capacity Development High Audit of Capacity Development (08-09)       Audit of Lands Management
Economic Development High Preliminary Survey of Community Economic Development Funding (08-09)

Preliminary Survey for Audit of Economic Development - Non Proposal Driven (08-09)

Audit of Economic Development – Non Proposal Driven (09-10)
      Audit of Economic Development
Emergency High       Audit of INAC Emergency Response Capability  
Indian Government Support High Audit of Band Support Funding (08 -09)   Audit of Band Classification   Audit of Indian Government Support
Natural Resources (includes IOGC) High Preliminary Survey for Audit of Natural Resources and Environment Management (08-09)       Audit of Natural Resources
Post-Secondary Education Moderate Audit of Post Secondary Education (08-09)       Audit of Post-Secondary Education
Family Violence and Other Social Services Moderate     Audit of Family Violence Prevention Program    
Internal Services
Grants and Contributions Controls Very High Audit of Quality of the Quality Management Program (2008-09)

Grants and Contributions Horizontal Audit in 09-10
Grants and Contributions Horizontal Audit Grants and Contributions – Implementation of Policy on Transfer Payments Grants and Contributions Horizontal Audit
Compensation and Benefits Very High Audit of Staffing and Payroll for Non-Advertised Appointments and Acting Appointments (08-09) Audit of Payroll    
Expenditure Management High Audit of Expenditure Management Monitoring (08-09)

Financial Management Practices Nunavut – OAG Report (09)
    Audits of Travel, Taxis, Hospitality, Conferences and Acquisition Cards

Audit of Contracting
 
Organizational Design and Classification High Audit of Staffing and Classification - Manitoba (08-09)

Horizontal Internal Audit: Delegation of Financial Authorities in Large Departments and Agencies (OCG)
  Audit of the Delegation of Authorities, Organizational Design and Classification    
Planning and Resourcing High Audit of Staffing and Payroll for Non-Advertised Appointments and Acting Appointments (08-09)

Audit of Staffing and Classification - Manitoba (08-09)

Human Resource Capacity – Nunavut  - OAG Report (March 10)
      Audit of Human Resource Planning

Audit of Advertised Appointments
Litigation Management High     Preliminary Survey of Litigation Management    
Communications and Consultation High       Audit of Consultation and Accommodation  
IM/IT Applications High Preliminary Survey for Audit of PeopleSoft (08-09)

Preliminary Survey for IM/IT Applications (07-08 )

System under Development Audit of FNITP (06-07 )

Horizontal Internal Audit of Large Departments and Agencies: Contracting Information Systems and Monitoring (OCG)
Post-Implementation Audit of First Nations Inuit Transfer Payment System
Audit of PeopleSoft
Audit of OASIS

Audit of Data Warehouse
 
IM/IT Security High Preliminary Survey of IM/IT systems (07-08)

Audit of IT Security (MITS) (07-08)
      Audit of IT Security (MITS)
IM/IT Governance High Preliminary Survey of IM/IT Policy, Planning and Management and Applications Development and Support (07-08)   Audit of IM/IT Governance    
Audit of Regional IM/IT Expenditures and Management Control
Financial Planning and Budgeting Moderate       Audit of Financial Planning and Budgeting  
Trust Accounts Moderate Preliminary Survey for Audit of Trust Accounts (08-09) Audit of Trust Accounts    
External Reporting Moderate Audit of Liabilities (08-09)        Audit of External Financial Reporting
Occupational Health and Safety Moderate Audit of Occupational Health and Safety (08-09)       Audit of Occupational Health and Safety
Learning and Development Moderate         Audit of Learning and Development
Continuity of Operations Moderate     Audit of Business Continuity Planning (Continuity of Operations)    
Strategic Policy and Planning Moderate Preliminary Survey for Audit of Strategic Policy and Planning (08-09)       Audit of Integrated Planning

Audit of Strategic Policy & Planning
Performance Measurement and Reporting Moderate       Audit of Performance Measurement and Reporting  
Management Practices
Management Practices Review     1 Management Practices Reviews (TBD) 6 Management Practices Reviews (TBD) 5 Management Practices Reviews (TBD) 7 Management Practices Reviews (TBD)
 

The more detailed audit plan for 2010-2011 is presented below in Appendix D. All audits will be conducted with a high level of assurance. Appendix E shows an alternative calendar view of the first year.

Changes to the Plan

The audit plan is an evergreen document and is updated annually. This year's audit plan is a continuation of the 2009-2010 to 2011-2012 Plan in that it includes ongoing audits and carry-forward audits that have been delayed or reprioritized to reflect current business conditions. Details of these changes can be found in Appendix F.

Challenges to Achieving the Three Year Plan

Canada's shifting social, economic, and political landscape strongly influences INAC priorities, performance and programs.  Two factors complicating operations in the INAC context, as identified in the Corporate Risk Profile, are challenges related to the availability of timely, pertinent, consistent, and accurate information and attracting, recruiting, and retaining sufficiently qualified, experienced, and representative human resources. INAC also faces additional pressures related to implementing Canada's Economic Action Plan and an increasing need for reliable information on program performance and outcomes. Given this context, the plan was crafted to allow flexibility to respond to changes and new risks. The plan has a reserve to address unplanned but emerging INAC or government-wide priorities and allow INAC to support OCG General Requirements for government-wide audit activity.

AASB is in a rebuilding phase designed to strengthen its internal staff capacity and capability. The audit community faces a shortage of qualified staff especially in areas of particular expertise. Therefore, AASB has adopted a team-based approach where internal resources are supplemented with qualified contractors. This approach not only allows AASB to access required capability from the external community, it also facilitates transfer of knowledge and skills to internal resources thereby building the capacity of the organization. To enable this team approach, AASB requires access to efficient contracting vehicles and efficient contracting services.

AASB will further mitigate these challenges by ensuring that senior management closely monitors progress against the three-year plan and takes timely action to resolve any issues or make adjustments. AASB will continue to provide an update to the Audit Committee at each of its meetings on the progress it is making in implementing the plan, any challenges it is facing in doing so, and the actions being taken to manage these challenges.

 

 

Resource Considerations

The projects undertaken will be dependent on the availability of financial and human resources. This section presents the resource requirements of all internal audit activities planned for 2010-2011. The estimated resource requirements for small, medium, and large projects have been updated to reflect current forecasts and remain aligned the results of historical project cost analysis presented to Audit Committee in 2009-2010. While on the surface, forecasts based on estimated size of a project may seem to be unreliable; this approach has proven to be the most accurate basis of forecasting cost. In short, virtually all INAC program activities and internal services operate under challenging business conditions that can only be reasonably understood upon completion of audit planning. Prior to planning an audit, it is not practicable to forecast resource requirements for each project precisely.

Resources
Description of Resources

The chart illustrates the resource requirements for all internal audit activities planned for 2010-2011. The resource requirements are as follows:

 

Together, the two major activities of INAC's AASB are audit work and management practices reviews. These activities consume over 80% of the Branch resource requirements. Other internal audit activities including monitoring of action plans from past audits, administration, annual audit planning, quality assurance and improvement, reporting, learning and development, and liaison with OAG and other external assurance providers represents 8%. The remainder is allocated to management assurance requests and emerging priorities.

The Three-Year Plan identifies that approximately 12 to 18 audit projects will be carried out on an annual basis. This number has decreased slightly from earlier Plans to reflect experience as well as the capacity of the organization and its partners.

Resource Requirements

Based on the cost assumptions and the planned audits for 2010-2011, the resource requirements are summarized in Table 2 below. Appendix G details the cost assumptions that form the basis of this analysis. The dollar and staff resource requirements presented are aligned with current budget forecasts and requests currently in consideration.

Note that sectors and regions have identified coordinators to work with audits staff and that while audits are underway staff in the audited entities devote time and energy to assist the auditors While the level of effort and costs will vary from project to project, it is AASB's professional opinion that this level of resourcing is adequate to achieve the plan.

Table 2: Resource Requirements
Audits, Surveys and Reviews To Complete in 2010-2011 FTE Contract Dollars FTEs Travel & Other Total
Audit of Housing (underway) 67% 1.10 $151,000 $88,000 $23,000 $262,000
Audit of Infrastructure (underway) 67% 1.10 $151,000 $88,000 $23,000 $262,000
Audit of Regional IM/IT Expenditures and Management Control (underway) 50% 0.88 $113,000 $66,000 $17,000 $196,000
Audit of Trust Accounts (underway) 33% 0.58 $74,000 $43,000 $0 $117,000
Grants and Contributions Horizontal Audit (underway) 67% 1.10 $151,000 $88,000 $23,000 $262,000
Post-Implementation Audit of First Nations Inuit Transfer Payment System (underway) 50% 0.88 $113,000 $66,000 $17,000 $196,000
Audit of PeopleSoft (underway) 50% 0.88 $113,000 $66,000 $17,000 $196,000
Audit of Payroll (underway) 50% 0.88 $113,000 $66,000 $17,000 $196,000
Audit of SCIS System Security (underway) 67% 1.10 $151,000 $88,000 $23,000 $262,000
System Under Development Audit of IRS (equivalent to two large audits) 200% 3.50 $450,000 $263,000 $68,000 $781,000
Audit of Family Violence Prevention Program 100% 1.50 $150,000 $113,000 $23,000 $286,000
Audit of IM/IT Governance 100% 1.75 $225,000 $131,000 $34,000 $390,000
Review of the Education Information System 80% 1.20 $120,000 $90,000 $18,000 $228,000
Audit of Band Classification 90% 1.58 $203,000 $118,000 $30,000 $351,000
Audit of the Delegation of Authorities, Organizational Design and Classification 90% 1.58 $203,000 $118,000 $30,000 $351,000
Audit of Business Continuity Planning 90% 1.58 $203,000 $118,000 $30,000 $351,000
Preliminary Survey of Litigation Management 90% 0.20 $23,000 $17,000 $3,000 $43,000
Management Practices Reviews (6 reviews)   1.67 $467,000 $127,000 $44,000 $638,000
OCG Directed Internal Audits 100% 2.00 $300,000 $150,000 $24,000 $474,000
Subtotal Internal Audits   25.0 3,474,000 1,904,000 464,000 5,842,000
Monitoring of action plans from past audits 100% 0.50 $0 $38,000 $0 $38,000
Audit Committee Secretariat 100% 0.50 $0 $38,000 $0 $38,000
Annual Risk-Based Audit Planning 100% 0.50 $0 $38,000 $0 $38,000
Quality Assurance & Improvement Program 100% 0.50 $0 $38,000 $0 $38,000
Annual Report of the CAE 100% 0.25 $0 $19,000 $0 $19,000
Learning & Development 100% 2.31 $0 $173,000 $17,000 $190,000
Liaison with OAG 100% 3.00 $0 $225,000 $0 $225,000
Administration 100% 0.50 $0 $38,000 $0 $38,000
Subtotal Other Audit Activities   8.0 $0 $607,000 $17,000 $624,000
Management Requests and Emerging Priorities 100%   $877,000 $0 $0 $877,000
 Grand Total   33.0 $4,351,000 $2,511,000 $481,000 $7,343,000
 

 

Appendix A – Audit Universe

Auditable Units Planned Audit Ranking
Departmental Programs
Elementary and Secondary Schools and Other Education Review of the Education Information System Very High
Audit of Elementary Schools  
Capital Facilities and Maintenance Audit of Housing (ongoing) Very High
Audit of Infrastructure (ongoing)  
Secure Card of Indian Status Audit of SCIS System Security (ongoing) Very High
Specific Claims Audit of Specific Claims Very High
Contaminated Sites & Environmental Management Audit of Environmental Management Very High
Income Assistance Audit of Income Assistance Very High
Self-Government & Comprehensive Claims Audit of Funding for Implementation Very High
Audit of Negotiation Loans  
Child and Family Services Audit of Child and Family Services (Enhanced Prevention Focus and Follow-up) Very High
Indian Government Support Audit of Band Classification High
Audit of Indian Government Support  
Indian Registry System System Under Development Audit of IRS High
Emergency Audit of INAC Emergency Response Capability High
Natural Resources Audit of Natural Resources High
Capacity Development Audit of Lands Management High
Economic Development Audit of Economic Development High
Family Violence and Other Social Services Audit of Family Violence Prevention Program Moderate
Post-Secondary Education Audit of Post-Secondary Education Moderate
Office of the Federal Interlocutor and Urban Aboriginal Strategy Moderate
Northern Air Stage Funding Subsidy (Food Mail) Moderate
 
Auditable Units Planned Audit Ranking
Internal Services
Grants and Contributions Controls Grants and Contributions Horizontal Audit (ongoing) Very High
Grants and Contributions – Implementation of Policy on Transfer Payments  
Grants and Contributions Horizontal Audit  
Compensation and Benefits Audit of Payroll (ongoing) Very High
Litigation Management Preliminary Survey of Litigation Management High
Communications and Consultation Audit of Consultation and Accommodation High
Expenditure Management Audits of Travel, Taxis, Hospitality, Conferences and Acquisition Cards High
Audit of Contracting  
Organizational Design and Classification Audit of the Delegation of Authorities, Organizational Design and Classification High
Planning and Resourcing Audit of Human Resource Planning High
Audit of Advertised Appointments  
IM/IT Applications Post-Implementation Audit of First Nations Inuit Transfer Payment System (ongoing) High
Audit of PeopleSoft (ongoing)  
Audit of OASIS  
Audit of Data Warehouse  
IM/IT Governance Audit of Regional IM/IT Expenditures and Management Control (ongoing) High
Audit of IM/IT Governance  
IM/IT Security Audit of IT Security (MITS) High
Continuity of Operations Audit of Business Continuity Planning (Continuity of Operations) Moderate
Strategic Policy & Planning Audit of Integrated Planning Moderate
Audit of Strategic Policy and Planning  
Trust Accounts Audit of Trust Accounts (ongoing) Moderate
Revenues Audit of Revenue Management Moderate
Financial Planning and Budgeting Audit of Financial Planning and Budgeting Moderate
Audit of Forecasting  
External Reporting Audit of External Financial Reporting Moderate
Assets and Property Management Audit of Assets and Property Management Moderate
Learning and Development Audit of Learning and Development Moderate
Occupational Health and Safety Follow-up Audit of Occupational Health and Safety Moderate
Performance Measurement and Reporting Audit of Performance Measurement and Reporting Moderate
Risk Management Moderate
Complaints and Allegations Moderate
ATIP Management Moderate
Values and Ethics Moderate
Loans and Accounts Receivable Moderate
Labour Relations Moderate
Information Management Moderate
Corporate Security Moderate
Official Languages Low
Accommodations Low
Library and Information Centre Low
Audit and Evaluation n/a
 

 

Appendix B – Linkage of 2010-2011 Audits to the Corporate Risk Profile

2010-2011 Audit Projects Information for Decision Making HR Capacity and Capabilities Program Alignment Legal Management Practices Aboriginal Relationship Government Partnership Implemen-
tation
System Under Development Audit of IRS                
Audit of the Delegation of Authorities, Organizational Design and Classification Yes Yes     Yes      
Audit of IM/IT Governance Yes       Yes      
Review of the Education Information System Yes Yes Yes   Yes Yes Yes  
Preliminary Survey of Litigation Management                
Audit of Band Classification   Yes Yes   Yes Yes Yes  
Audit of Family Violence Prevention Program     Yes   Yes Yes    
Audit of Business Continuity Planning (Continuity of Operations)       Yes   Yes Yes  
 

 

Appendix C – Linkage of 2010-2011 Audits to MAF elements

2010-2011 Audit Projects Public Service Values Governance and Strategic Direction Policy and Programs Results and Performance Learning, Innovation and Change Management Risk Management People Stewardship Citizen Focused Service Accountability
Ongoing
Audit of Trust Accounts           Selected   Selected   Selected
 Audit of PeopleSoft         Selected Selected Selected Selected   Selected
Audit of Payroll           Selected Selected Selected    
Post-Implementation Audit of First Nations Inuit Transfer Payment System       Selected Selected Selected   Selected Selected  
Audit of Housing     Selected Selected   Selected   Selected Selected Selected
Audit of Infrastructure     Selected Selected   Selected   Selected Selected Selected
Audit of SCIS System Security   Selected Selected Selected Selected Selected   Selected Selected Selected
Grants and Contributions Horizontal Audit     Selected Selected   Selected   Selected Selected Selected
Audit of Regional IM/IT Expenditures and Management Control   Selected       Selected Selected Selected    
New
Review of the Education Information System   Selected Selected Selected   Selected       Selected
System Under Development Audit of IRS   Selected       Selected   Selected   Selected
Audit of Band Classification   Selected           Selected   Selected
Audit of the Delegation of Authorities, Organizational Design and Classification   Selected       Selected   Selected   Selected
Audit of Business Continuity Planning   Selected   Selected   Selected   Selected   Selected
Audit of Family Violence Prevention Program     Selected Selected   Selected   Selected   Selected
Audit of IM/IT Governance   Selected       Selected   Selected   Selected
Preliminary Survey of Litigation Management   Selected Selected     Selected   Selected    
Management Practices Reviews
Adjudication Secretariat Management Practices Review (ongoing) Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
Atlantic Region Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
Follow-up LED Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
HRWSB Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
Manitoba Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
Ontario Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
Alberta Management Practices Review Selected Selected Selected Selected Selected Selected Selected Selected Selected Selected
 

 

Appendix D – 2010-2011 Audit Projects

The more detailed audit plan for 2010-2011 is presented below with each project described in terms of its objective and scope, its estimated timeframe, and its rationale.

Audit Objective and Scope Rationale for Conduct
Review of the Education Information System Very High

The objective of the review is to assess the strength of the management control framework related to the Education Information System (EIS), which is currently under development. The review will support INAC efforts to ensure that the EIS will fully meet program requirements, including successful implementation and sustainable operations.

The scope of the review will include the management practices and controls that ensure the design, plans and progress to date related to the EIS are on track to deliver a system that securely and reliably administers a comprehensive national education information resource for school/institution-based learning. Thus, the proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship, and accountability related to the EIS.

The specific regions, if any, to be included within the scope of this review will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: The People
  • Activity: Education
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Program Alignment
  • Management Practice

INAC supports the work of its First Nation and Inuit partners to help ensure that First Nation learners achieve educational performance comparable to those of the broader Canadian population. Education programming is material (over $1 billion), highly visible and significant. Complexity exists, in part, due to recent program renewal initiatives and challenges in meeting provincial/territorial standards. The need to effectively utilize education programming resources and clearly demonstrate results is very important to the credibility of the department.

INAC has received a recent influx of funding to enhance the Education-related control framework and performance measurement system, and one of the initiatives funded is development of the EIS. The Chief Information Officer has requested that AASB conduct a review of this new education information system currently under development (planned implementation for 2011).

System Under Development Audit of IRS High

The objective of the audit is to provide reasonable assurance that the project to modernize the Indian Registry System (IRS) is on track to deliver a system, processes and controls that will securely and reliably administer the registration of Status Indians in Canada.

The scope of this audit will include the management practices and controls that ensure the design, plans and progress to date related to the IRS are on track to deliver a system that fully and effectively fulfils INAC responsibilities related to administering and maintaining the Indian Register. Thus, the proposed scope will include MAF and Core Management Control elements that ensure effective governance, risk management, stewardship, and accountability related to the IRS as well as key system–related elements required by Treasury Board's Policy on Information Management.

Maps to Program Activity Architecture
  • Strategic Outcome:  The People
  • Activity: Managing Individual Affairs
  • Sub-Activity: Registration and Membership
Maps to Corporate Risk Profile
  • Legal
  • Government Partnership

Section 5 of the Indian Act mandates the department to maintain the Indian Register that is a listing of all persons registered as Indians within the meaning of the Indian Act as well as members for Departmentally controlled band lists. A key programming responsibility is the Registration and Membership Program, the objective of which is to maintain the Indian Register that lists all of the persons eligible to be registered as Indians within the meaning of the Indian Act.

Thus, the IRS is highly sensitive and critical, with significant control and security issues. Successful implementation of the system is of critical importance to both INAC and First Nations stakeholders. A System Under Development Audit will ensure the adequacy and appropriateness of the design, plans, and status to date.

Audit of the Delegation of Authorities, Organizational Design and Classification High

The objective of the audit is twofold: to provide reasonable assurance that INAC's organizational design, classification, and delegation of authorities are properly aligned to meet the department's requirements; and to provide reasonable assurance on the adequacy and effectiveness of the management framework related to delegation of authorities.

With respect to delegation of authorities, the scope of this audit will encompass the MAF and Core Management Controls that ensure departmental personnel are supported by effective HR management, to instil public service values; to have access to sufficient policy and procedural direction; and to have access to sufficient training and learning supports.

The specific regions to be included within the scope of this audit will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: Internal Services
  • Activity: Government and Management Support
  • Sub-Activity: Resource Management Services
Maps to Corporate Risk Profile
  • HR Capacity and Capabilities
  • Management Practices
Recently completed engagements have identified several issues related to the delegation of authority and appropriateness of organizational design.
Audit of IM/IT Governance High

The objective of this audit is to provide assurance over the effectiveness of the management control framework that has been established and implemented to align IT strategy to business strategy.

The focus of this audit will be on Core Management Controls related to governance, stewardship and accountability and Treasury Board requirements related to investment planning.

The specific regions to be included within the scope of this audit will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: Internal Services
  • Activity: Resource Management Services
  • Sub-activity: Information Technology
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Management Practices
Given departmental funding pressures and the importance of IM/IT systems to program delivery, it is imperative that the department ensure IM/IT function is adequately governed and that decisions are being effectively made.
Preliminary Survey of Litigation Management High
The objective of the preliminary survey is to document the sector's activities and risks and recommend objectives and priorities for a future audit(s) of litigation management.

Although the survey will be exploratory, the scope will focus on management control framework elements required to ensure risk-based, efficient, and effective litigation management that well supports INAC priorities and mandate.

Maps to Program Activity Architecture
  • Strategic Outcome: Internal Services
  • Activity: Governance and Management Support
  • Sub-Activity: Legal
Maps to Corporate Risk Profile
  • Legal
  • Management Practices
  • Aboriginal Relationship
  • Government Partnership
It has been over a decade since litigation management was subject to any audit activity. It is an important programming area, with huge impacts on departmental operations and Aboriginal Relationship. This survey will foster knowledge of litigation management processes, including extent to which litigation management is aligned with departmental priorities.
Audit of Band Classification High

The objective of the audit is to provide reasonable assurance on the effectiveness and appropriateness of the management control framework and internal controls established by INAC to determine and assign Band Classification.

The scope of the audit will focus on the adequacy and appropriateness of the criteria and factors used by INAC to classify Bands, as well as on the extent to which the criteria and factors are operationally applied.

The specific regions to be included within the scope of this audit will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: The Government
  • Activity: Governance and Institutions of Government
  • Sub-Activity: First Nation Governments
Maps to Corporate Risk Profile
  • HR Capacity and Capabilities
  • Program Alignment
  • Management Practices
  • Aboriginal Relationship
Band classification affects funding levels for recipients. The authority for Band Support Funding will be renewed in 2010 providing the opportunity to review robustness of Band Classification.
Audit of Family Violence Prevention Program Moderate

The objective of the audit is to provide assurance that the program demonstrates operational effectiveness, efficiency, and economy. The audit will provide assurance that eligible recipients and activities are approved for funding consistent with the financial need and expected benefits or results; that formal agreements containing appropriating performance and reporting requirements are established with recipients; and that activities are monitored to ensure compliance with the program terms and conditions and with the funding agreement.

The specific regions to be included within the scope of this audit will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: The People
  • Activity: Social Development
  • Sub-Activity: Family Violence Prevention
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Program Alignment
  • Management Practices
  • Government Partnership

The Family Violence Prevention Program aims to reduce family violence and create a more secure family environment for children on-reserve, by providing abuse prevention and protection services for children and their families.

The Family Violence Prevention Program is linked to government priorities of improving the quality of life; prevention is an important and strategic aspect of programming. Authorities for Family Violence Prevention must be renewed by year 2012.

Audit of Business Continuity Planning Moderate

The objective of the audit is to provide assurance on the adequacy and appropriateness of the management control framework and internal controls established for maintaining and operationalizing the Department's Business Continuity Plan.

The specific regions to be included within the scope of this audit will be determined during the Planning Phase.

Maps to Program Activity Architecture
  • Strategic Outcome: Internal Services
  • Activity: Governance and Management Support
  • Sub-Activity: Management and Oversight
Maps to Corporate Risk Profile
  • Legal
  • Management Practices
  • Government Partnership
Business Continuity Planning relates only indirectly to achievement of INAC objectives. Its complexity arises from challenge in maintaining and ensuring plans are current. It is an important management requirement and should be audited every cycle.
 

 

Appendix E - 2010-2011 Audit Calendar

The table below illustrates the planned timeframe for each planned engagement in 2010-2011. Note that reports and action plans will be posted 90 days after Deputy Minister approval. The letters "AC" indicate the quarter in which the audit report and management action plan are anticipated to be presented to the Audit Committee.

Audit Name Q4 2009/10 Q1 2010/11 Q2 2010/11 Q3 2010/11 Q4 2010/11 Q1 2011/12 Q2 2011/12
Ongoing
Audit of Housing       AC      
Audit of Infrastructure       AC      
Audit of Regional IM/IT Expenditures and Management Control   AC          
Audit of Trust Accounts     AC        
Grants and Contributions Horizontal Audit       AC      
Post-Implementation Audit of First Nations Inuit Transfer Payment System     AC        
Audit of PeopleSoft     AC        
Audit of Payroll     AC        
Audit of SCIS System Security     AC        
New
System Under Development Audit of IRS         AC    
Audit of the Delegation of Authorities, Organizational Design and Classification             AC
Audit of IM/IT Governance       AC      
Review of the Education Information System           AC  
Preliminary Survey of Litigation Management           AC  
Audit of Band Classification             AC
Audit of Family Violence Prevention Program       AC      
Audit of Business Continuity Planning           AC  
OCG Directed Audits (2) TBD            
Other Audit Activities
Monitoring of Action Plans from Past Audits              
Administration              
Audit Committee Secretariat              
Annual Risk-Based Audit Planning              
Quality Assurance and Improvement Program              
Annual Report of the CAE              
Learning and Development              
Liaison with OAG              
Management Requests and Emerging Priorities              
 

 

Appendix F – Changes to the Audit Plan

Ongoing Audits

The resource implications of audit projects that began in 2009-2010 but were not completed within that period are identified below as on-going audits from the 2009-2010 Plan. With the tabling of this revised audit plan in advance of the new fiscal year, it is expected that the extent of carry-over from 2010-11 engagements to 2011-12 will be minimal.

2009-2010 Ongoing Audit Projects
2009-2010 Ongoing Audits Expected Completion Date
Audit of Housing (1/3 complete) Q3 2010-2011
Audit of Infrastructure (1/3 complete) Q3 2010-2011
Grants and Contributions Horizontal Audit (1/3 complete) Q3 2010-2011
Audit of Regional IM/IT Expenditures and Management Control (1/2 complete) Q1 2010-2011
Audit of Payroll (1/2 complete) Q2 2010-2011
Post-Implementation Audit of First Nations Inuit Transfer Payment System (1/2 complete) Q2 2010-2011
Audit of PeopleSoft (1/2 complete) Q2 2010-2011
Audit of Trust Accounts(2/3 complete) Q2 2010-2011
Audit of SCIS Security System (1/3 complete) Q2 2010-2011
 

Removed or Carry-Forward Audits

In light of last year's activities and the results of this year's risk assessment and prioritization exercise, the table below identifies any engagements that were planned that were not completed. A complete analysis of all the changes from the 2009-2010 to 2011-2012 was completed.

Removed or Carry-Forward Audits
Audit Name Rationale
Audit of Income Assistance This audit was carried forward from last year's plan to 2011-2012 to allow business to adopt strengthened framework.
Audit of Family Violence This audit was carried forward from last year's plan to 2010-2011 due to capacity constraints.
Preliminary Survey of Assets and Property Management This preliminary survey was removed because it is has limited value.
Audit of Revenue Management This preliminary survey identified the auditable unit as a low risk so the audit was removed.
Audit of Delegation of Authorities, Organizational Design and Classification This audit was carried forward from last year's plan to 2011-2012 due to capacity constraints.
Litigation Management Preliminary Survey This audit was carried forward from last year's plan to 2010-2011 due to capacity constraints.
Audit of IM/IT Governance This audit was carried forward from last year's plan to 2010-2011 due to capacity constraints.
Preliminary Survey for Audit of Internal and External Communication This preliminary survey was removed because it is has limited value.
Preliminary Survey of OASIS This preliminary survey was removed because it is has limited value.
Audit of Personnel and Physical Security This audit was accelerated as per request by ADM, HRWSB.
Follow-up Audit of Capital Facilities and Maintenance This audit was removed as it is to be considered under Audit of Housing and Audit of Infrastructure.
Follow-up Audit of Economic Development This audit has limited value because an audit of Economic Development will be conducted in 2012-2013, and was removed.
Audit of Other Education This audit was combined with Audit of Special Education and renamed Audit of Elementary Schools.
Preliminary Survey of Assets and Property Management This preliminary survey was removed because it is has limited value.
GroupWise Preliminary Survey and Audit An audit of the email application considered of limited value and was removed.
Follow-up Audit of Information Management (CIDM focus) This audit was removed to allow sufficient time to formulate and implement management action plan.
Audit of Official Languages This auditable unit was identified as low priority and audit was removed.
Preliminary Survey for Audit of Internal and External Communication This preliminary survey was removed because it is has limited value.
Audit of Aboriginal Resourcing This audit was removed as it is to be considered under the Audit of Advertised Appointments
Audit of Strategic Policy or Planning This audit was deferred to 2012-2013 since department has not completed a strategic plan and is not foreseeable in the near future.
Audit of Registration and Membership This audit was removed and replaced with Systems Under Development Audit of IRS.
Audit of Governance Structure This audit was removed as it is largely covered in Audit of the Delegation of Authorities, Organizational Design and Classification.
 

 

Appendix G - Cost Assumptions

For purposes of identifying initial resource requirements, AASB has assumed, based on experience, that its average portfolio will be comprised of large, medium, and small audit engagements and management practices reviews. The anticipated direct and indirect costs of these projects in 2010-2011 are detailed below.

Table 6: Cost Assumptions
Cost Factors Large Audit Medium Small Audit Preliminary Survey Management Practices Review Notes
Contract Dollars  $225,000.00  $150,000.00  $75,000.00  $25,000.00  $70,000.00  
FTEs  2.00  1.50  1.00  0.25  0.50  
FTE Costs  $150,000.00  $112,500.00  $75,000.00  $18,750.00  $37,500.00 Based on 75,000 per FTE
Travel and Other  $33,750.00  $22,500.00  $11,250.00  $3,750.00  $10,500.00 Based on 15% of contract cost
Indirect Costs  $408,750.00  $285,000.00  $161,250.00  $47,500.00  $118,000.00  
Total  $225,000.00  $150,000.00  $75,000.00  $25,000.00  $70,000.00  
 

 
 
 
Date modified: