Risk-Based Audit Plan 2014-2015 to 2016-2017

Date : February 2014

PDF Version (470 Kb, 34 Pages)

 

Table of Contents

Introduction

The Treasury Board Policy on Internal Audit seeks to contribute to the improvement of public sector management by ensuring a strong, credible, effective and sustainable internal audit function within departments as well as government-wide. In response to this requirement, Aboriginal Affairs and Northern Development Canada (AANDC) has developed this three-year Risk-Based Audit Plan. This plan details the assurance services that Audit and Assurance Services Branch will provide, independent of line management, to sustain a strong, credible internal audit regime that contributes directly to sound risk management, control and governance.

Purpose

The Audit and Assurance Services Branch (AASB) of AANDC has prepared this document for the Deputy Minister to outline the 2014-2015 to 2016-2017 Risk-Based Audit Plan for Aboriginal Affairs and Northern Development Canada (AANDC). The plan is designed to support the allocation of audit resources to those areas that represent the most significant risks to the achievement of AANDC’s objectives and to respond to the requirements of the Treasury Board Policy on Internal Audit (April 1, 2012). In considering the appropriateness of the plan, the Deputy Minister is advised by an independent, departmental Audit Committee comprised of five external members.

Document Organization


Introduction
This section provides an overview of the role of the internal audit function and Treasury Board expectations with respect to audit in order to provide the reader with the context for the Plan.
Risk-Based Audit Planning Approach This section describes the process followed to develop the Plan.

The Three-Year Risk Based Audit Plan
This section details the comprehensive plan for the 2014-2015 to 2016-2017 fiscal years, including a summary of activities over three years.
Resource Considerations This section details the resource considerations required to execute the Plan.
Appendices This section provides various detailed tables to further describe the Plan.
 

The Role and Scope of Internal Audit

Internal audit plays a vital role in governance and accountability. Without a strong, objective and independent assurance function, the effectiveness of the overall governance framework of an organization is severely weakened. With an effective internal audit function, there is greater confidence that the decisions being taken are informed by appropriate information on governance, risk and control. Internal audit's systematic and disciplined approach adds value and improves an organization's operations.

Through the Federal Accountability Act (2006) and Action Plan, the Government of Canada committed to strengthen auditing and accountability within Departments by clarifying the managerial responsibilities of deputy heads within the framework of ministerial responsibility and by enhancing the internal audit function.

The role of AANDC's internal audit function is to ensure that, in conjunction with advice from the Audit Committee, the Deputy Minister is provided with independent assurance regarding the effectiveness of the Department's risk management, control and governance processes. The internal audit function fulfils this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the Department's risk management, control and governance processes.

The scope of work of the internal audit function is to assess if AANDC's network of risk management, control, and governance processes (as designed and represented by management) is adequate and functioning such that:

  • Risks are appropriately identified and managed;
  • Financial, managerial, and operational information is accurate, reliable, and timely;
  • Compliance with policies, standards, procedures and applicable laws and regulations is achieved;
  • Resources are acquired economically, used effectively and adequately protected;
  • Programs, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in the Department's control processes; and,
  • Legislative or regulatory issues affecting the Department are recognized and addressed properly.

When opportunities for improving management control, governance or resource stewardship are identified in audits, they are communicated to the suitable level of management so that appropriate action can be taken.

The internal audit function plays an important role in supporting departmental operations. It provides assurance on all the important aspects of the risk management strategy and practices, management control frameworks and practices, and governance. Where control weaknesses exist and where the achievement of objectives is at risk, internal audit plays a role in providing constructive advice and recommendations. In this way, internal audit contributes to enhanced accountability and performance.

Treasury Board Policy Requirements

AANDC is subject to the Treasury Board Policy on Internal Audit. This policy states that the internal audit function in the Government of Canada "…is a professional, independent and objective appraisal function that uses a disciplined, evidence-based approach to assess and improve the effectiveness of risk management, control and governance processes".

The Policy on Internal Audit requires the Deputy Minister to approve a multi-year risk-based audit plan that considers departmental areas of high risk and significance, as well as Government-wide audits led by the Comptroller General. The Treasury Board Directive on Internal Auditing in the Government of Canada (April 1, 2012) requires that the Chief Audit Executive "…establish and update at least annually a multi-year plan of internal audit engagements based on a risk assessment and which is focused predominantly on the provision of assurance services". The Directive also requires that the Audit Committee "…review and recommend for approval a multi-year risk-based internal audit plan".

The Treasury Board specifies that "the Government of Canada has adopted the Institute of Internal Auditors'(IIA) International Professional Practices Framework and that all federal departments are required to meet the IIA Standards in undertaking their internal auditing responsibilities, unless the Standards are in conflict with the Treasury Board Policy on Internal Audit or any related directives or standards, in which case the Policy, Directive or Standards will prevail".

The Chief Audit Executive's Annual Written Report to the Deputy Minister and the Audit Committee

A requirement of the Directive on Internal Auditing in the Government of Canada is that the Chief Audit Executive must annually prepare a written report to the Deputy Minister and the Audit Committee that includes sections on:

  • "Internal audit's independence, proficiency, performance and results relative to its plan, including resource utilization, lessons learned and influences on future years' plans;
  • The results of the Quality Assurance and Improvement Program including internal audit's conformance with the Internal Auditing Standards for the Government of Canada;
  • The results of the follow-up on the implementation of management action plans; and,
  • An overview of the aggregate findings following the execution of the risk-based audit plan, including the actions taken by management to address key findings."

Collectively, the Chief Audit Executive's annual report and other inputs, such as the Chief Financial Officer's Statement of Management Responsibility including Internal Control over Financial Reporting, and reports of other assurance agencies, provide departmental senior management and the Comptroller General with assurance on the state of the Department's risk management, controls and governance processes.

 

 

Risk-Based Audit Planning Approach

To meet the requirement of the Directive on Internal Auditing in the Government of Canada for the establishment, and at least annual update, of a multi-year plan of internal audit, the Audit and Assurance Services Branch's assessment of AANDC's areas of risk was reviewed and updated to ensure that audit resources continue to be targeted to areas of highest risk and significance.

In establishing priorities for the Risk-Based Audit Plan, AASB employs a structured, risk-based approach.

Conduct and Timing of an Internal Audit
Once approved, the Risk-Based Audit Plan provides AASB with the Deputy Minister's direction on what specific audits should be undertaken in the coming year. Each audit consists of the following phases:
The Planning Phase is undertaken to gain an understanding of the objectives, activities, key risks and controls of the area subject to audit. The audit objectives and scope are finalized and audit criteria are established.
During the Conduct Phase, auditors carry out the audit program to ascertain whether each audit criterion is satisfied. Auditors conduct interviews, review documentation, perform analysis, observe activities and employ other techniques to obtain sufficient, relevant and reliable information to reach conclusions and support preliminary findings. Findings are reviewed with management to validate accuracy.
During the Reporting Phase, the draft audit report is prepared outlining background and context, and the auditor's findings, conclusions and recommendations. Management presenting a Management Response and Action Plan outlining their response to the findings as well as the corrective action planned to mitigate the identified control gaps.
In the Follow-up Phase, action is taken to ensure that the required measures have indeed been implemented.
The audit may last three (3) to twelve (12) months depending on the size and complexity of the area subject to audit as well as the specific scope and objectives of the engagement.

As a first step in updating the RBAP, AASB reviewed the audit universe to confirm that the existing auditable unitsFootnote 1 were still valid. The audit universe is a collection of all auditable units. The auditable units generally correspond to the programs and sub-programs identified in AANDC Program Alignment Architecture (PAA) and to the major organizational units of the Department (Appendix A presents the entire AANDC Audit Universe). AASB updated the audit universe to reflect changes to the 2014-2015 PAA and current and planned resources allocations associated with the auditable units. In total, there are 42 program units and 34 internal services units.

AASB then reviewed departmental priorities, business conditions and risks as identified in a wide variety of sources, including, but not limited to, corporate, sector and program risk profiles, corporate and sector business plans, Management Accountability Framework assessments, performance reports, past audit, evaluation and review reports, and last year's risk-based planning exercise.

To better understand the risks and challenges associated with each auditable unit, three consultative workshops were held with members of the Directors General Implementation and Operations Committee 2. Participants' input was received on the current business conditions, issues and the risks associated with activities related to each PAA and Internal Services sub-program.

Following the update of the audit universe, review of documentation, and consultative workshops, AASB held a planning and prioritization workshop with Audit and Evaluation Sector (AES) representatives (Audit and Assurance, Risk Management, Evaluation and Performance Measurement and Review, and Assessment and Investigation Services). During this workshop information gathered to date was shared with AES participants who were then asked to examine each auditable unit and offer their perspective on each unit's level of inherent risk, legal risk and significance.

Inherent risk level is defined as the degree of risk to which the entity is exposed, considering current and anticipated business conditions and the presence and potential impact of specific risk exposures. Legal risk considers the level of exposure to legal issues that may affect the activities of the Department. Significance considers the relative importance of the program activity or internal service to the achievement of the Department’s overall objectives. Significance includes materiality of the entity and its intrinsic importance.

 
 
Auditable Units Priority Rankings
Text description of Figure 1

The chart illustrates the final priority rankings for each auditable unit of AANDC's audit universe. The priority rankings are as follows:

  • Very High: 18% or 14 auditable units
  • High: 41% or 31 auditable units
  • Moderate: 25% or 19 auditable units
  • Low: 11% or 8 auditable units
  • Not rated: 5% or 4 auditable units
 

Using the AANDC corporate risk assessment scales, where one is low risk and five is very high risk, participants provided their assessment of risk for each auditable unit, through voting on the inherent risk, legal risk and significance. Exceptions to this were in the areas of internal audit, evaluation, risk management and complaints and allegations. As these functions fall within the responsibility of the Chief Audit and Evaluation Executive, there would be the appearance of a lack of independence and objectivity should AES assess risks in those areas, or plan to audit those functions.Footnote 2 Should it come to the attention of senior management that any of these functions constitute a high risk to AANDC, and should therefore be subject to an audit, arrangements would be made for external firms to conduct the work under the direction of a senior ADM or the Audit Committee.

For the purposes of the risk assessment, a weighting of 50% was allocated to Inherent Risk (including 20% to Legal Risk) and 50% was attributed to Significance to arrive at a risk score for each auditable unit assessed. A risk priority score was then assigned to each of the assessed auditable units in the audit universe. As a final pass, all entities were further categorized as Very High, High, Moderate or Low priority based on their risk scores. The distribution of auditable units by rank is displayed in Figure 1.

The products of this workshop became the basis for the development of an initial listing of potential audit projects over the three-year horizon of the Plan. To develop the preliminary plan, the auditable units assigned a Very High and High risk rating were deemed worthy of attention and preliminarily assigned audits within the three years of the RBAP. This preliminary RBAP was then shared with Assistant Deputy Ministers and internal service heads to provide an opportunity to gain their perspective on the recommended listing of potential projects and their scheduling.

AASB also consulted with the Office of the Comptroller General (OCG) and the Office of the Auditor General (OAG) to obtain their input on the identified risk levels and on the identification and timing of potential audits, particularly with respect to their planned audit activities.

Additionally, AASB consulted Health Canada, Shared Services Canada and Employment and Social Development Canada to discuss the potential for coordinated or joint audits on higher risk areas of common interest.

Finally, AASB reviewed the identified risks and potential projects with members of the Audit Committee.

Following consultations, AASB developed a three-year Risk-Based Audit Plan (RBAP) taking into account the following planning considerations:

The Chief Audit and Evaluation Executive reviewed and approved the proposed Plan and presented it to Audit Committee members for their review and recommendation for approval by the Deputy Minister.

The implementation of the RBAP will be monitored on a regular basis throughout the year and proposed changes will be reviewed and formally recommended for the Deputy Minister’s approval by the Audit Committee. An update of the Plan will be presented at the mid-year meeting of the Audit Committee to confirm that it still provides appropriate coverage over the departmental priorities and highest risks.

 

 

The Three Year Risk-Based Audit Plan

This section presents an overview of the AANDC 2014-2015 to 2016-2017 Risk-Based Audit Plan.

Audit Coverage

AANDC's Risk-Based Audit Plan 2014-2015 to 2016-2017 addresses areas of higher risk and significance

This section describes how the plan addresses areas of higher risk and significance. As detailed in Appendix A, there is complete coverage of all Very High and High risk audible units. The Corporate Risk Profile is management's point in time reflection of the most significant risks that threaten achievement of AANDC's objectives and AASB seeks to ensure that all of these risks are covered in the planned audits. The chart to the right summarizes the number of 2014-2015 audits that will address one or more of the corporate risks. Every corporate risk is covered by at least three assurance engagements (audits). Appendix B presents the specific linkages of audits to risks.

Coverage of Corporate Risks
Text description of Figure 2

The graph illustrates the extent to which AANDC corporate risks are covered by the new and ongoing audits and preliminary surveys in 2014-2015. Please note that individual projects may cover one or more risk area. The coverage is as follows:

  • Environmental: 3
  • Legal: 10
  • External Partnership: 6
  • Aboriginal Relationship: 15
  • Government Partnership: 11
  • Resource Alignment: 16
  • Implementation: 17
  • Information for Decision Making Risk: 21
  • HR Capacity and Capabilities: 14
 

In support of the Chief Audit and Evaluation Executive's annual report to the Deputy Minister and the Audit Committee, the audit plan endeavours to address all elements of the Treasury Board's Management Accountability Framework (MAF). The chart to the right summarizes the extent to which the elements of this framework are covered in the planned audits for 2014-2015. Appendix C describes these linkages in greater detail.

Coverage of MAF/ Core Management Control Elements (2014-2015)
Text description of Figure 3

The graph illustrates the extent to which the elements of the Treasury Board's Management Accountability Framework are covered by the number of planned audit projects for 2014-2015 in each Management Area.

  • Values and Ethics: 3
  • Managing for Results: 17
  • Governance and Planning: 21
  • Citizen-focused Service: 14
  • Internal Audit: 0
  • Evaluation: 0
  • Financial Management and Control: 13
  • Management of Security: 2
  • Integrated Risk Management: 17
  • People Management: 6
  • Procurement: 4
  • Information Management: 3
  • Information Technology: 3
  • Asset Management: 1
  • Investment Planning & Management of Projects: 6
 

As noted in the Risk-Based Audit Planning Approach section, internal audit and evaluation are not subject to audit by AANDC's internal audit function as the auditor's independence and objectivity could be considered to be compromised.

2014-2015 to 2016-2017 Risk-Based Audit Plan

Table 1 below outlines the number of planned program or functional audits, Management Practices Audits, and OCG audits for each of the three years of the Plan.

Table 1:
  2013-14
Ongoing
2014-2015 2015-2016 2016-2017
Audits 4 15 13 14
Management Practices Audits 0 2 3 2
OCG Horizontal Internal Audits 0 1 1 1**
Total 4 18 17 17

** To be determined

Table 2 below presents the planned audits for 2014-2015 and identifies the audit priority assigned to them and the fiscal quarters in which they are expected to begin and in which the results are expected to be presented to the Audit Committee (denoted as "AC" in the table).

Table 3 below lists the proposed audits for 2015-2016 and 2016-2017 and their respective audit priority rankings. The audit plans for 2015-2016 and 2016-2017 are tentative and the selection and timing of audits will be revisited during next year's annual planning exercise.

TABLE 2 - 2014-2015 Audit Plan 2013-14
(ongoing)
2013-14
(Year 1)
  Priority Q3 Q4 Q1 Q2 Q3 Q4
Ongoing (projects commenced in 2013-14 to be completed in 2014-15)*
1. Audit of the Management Control Framework for Grants and Contributions (recurring audit) Very High   AC  
2. Review of Negotiation of Comprehensive Land Claims and Self-Government Agreements Very High   AC  
3. System Under Development Audit of the Integrated Financial Management System (SAP&GCIMS) Very High   AC  
4. Audit of Delegation of Authorities, Organization Design and Classification High   AC  
2014-15 Projects
1. Audit of ATIP Management High   AC   
2. Management Practices Audit of the Communications Branch High   AC   
3. Audit of Indian Registration (Qalipu Phase II) Very High     AC  
4. Audit of Internal Controls Over Financial Reporting Very High     AC  
5. Audit of Consultation and Accommodation High     AC  
6. Audit of Northern Oil and Gas High     AC  
7. Audit of On-Reserve Infrastructure (excluding Water and Wastewater) Very High       AC  
8. Audit of the Northern Contaminated Sites Program Very High       AC  
9. Audit of AANDC Support to the Independent Assessment Process High       AC  
10. Audit of Métis and Non-Status Indian Relations and Métis Rights Management High       AC  
11. Management Practices Audit of the Lands and Economic Development Sector High       AC  
12. Audit of Litigation Management High         AC
13. Audit of the National Child Benefit Reinvestment and Assisted Living Programs High         AC
14. Audit of Occupational Health and Safety High         AC
15. Audit of the Post-Secondary Education Programs High         AC
16. Audit of the Management Control Framework for Grants and Contributions (recurring audit) Very High         *
17. System Under Development Audit of the Secure Integrated Registration and Certification Unit Very High         *
18. OCG Horizontal Internal Audit of Information Technology Security High         *

*Note: These audits will be completed and presented to the Audit Committee in Q1 2015-2016.

 
TABLE 3 - 2015-2016 to 2016-2017 Audit Plan Priority
2015-2016 Projects
1. Audit of the Management Control Framework for Grants and Contributions (recurring audit) Very High
2. Audit of the First Nations Child and Family Services Program Very High
3. Financial Audit of Contingent Liabilities (incl. Contaminated Sites) Very High
4. Audit of the Elementary and Secondary Education Programs Very High
5. Audit of the Education Information System Very High
6. OCG Horizontal Internal Audit of Information Management Very High
7. Audit of the Emergency Management Assistance Program Very High
8. Management Practices Audit of the Manitoba Region Very High
9. Management Practices Audit of the Ontario Region Very High
10. Audit of the Income Assistance Program High
11. Audit of First Nations Government Programs High
12. Audit of HR Staffing and Planning High
13. Audit of Aboriginal Governance Institutions and Organizations Programs High
14. Audit of Performance Measurement and Reporting High
15. Audit of Values and Ethics High
16. Audit of AANDC Support to the Specific Claims Process High
17. Management Practices Audit of the Alberta Region High
2016-2017 Projects
1. Audit of Additions to Reserves Process Very High
2. Audit of Lands Management (incl. Lands Registry System) Very High
3. Audit of the Management Control Framework for Grants and Contributions (recurring audit) Very High
4. Audit of Water and Wastewater Infrastructure Very High
5. Audit of Negotiation of Comprehensive Land Claims and Self-Government Agreements Very High
6. Audit of the Implementation of Modern Treaty Obligations Very High
7. Audit of the Indian Registration System Very High
8. Management Practices Audit of the Chief Financial Officer Sector Very High
9. Management Practices Audit of the Resolution and Individual Affairs Sector Very High
10. Audit of Economic Development Programs High
11. Audit of Expenditure Management High
12. Audit of IM/IT Governance High
13. Audit of Nutrition North Canada High
14. Audit of Program Management of the Canadian High Arctic Research Station High
15. Audit of Corporate Business Planning High
16. Audit of the Urban Aboriginal Strategy High
17. OCG Horizontal Internal Audit (to be determined) High
 

The detailed audit plan for 2014-2015, including project objective, scope and rationale, is presented in Appendix D. Consistent with the requirements of the Internal Auditing Standards of the Government of Canada, all audits will be designed to achieve a high level of assurance.

Changes to the Plan

As noted previously, AANDC’s RBAP is updated annually with adjustments during the year, if necessary. This year’s audit plan is an evolution of the 2013-2014 to 2015-2016 Plan and, as such, includes four on-going audits that will be completed in 2014-15 and other projects that have been cancelled or deferred as a result of changing business priorities and conditions. Details of these changes can be found in Appendix E.

Challenges to Achieving Fulfillment of the Three-Year Plan

AANDC programs and services are delivered in a complex policy and political environment that is constantly evolving and shifting from a legalistic approach to a policy-based approach that is more focused on reconciliation, partnerships, and the sustainable development of Aboriginal communities. Two risk factors that were identified in the 2013-2014 Corporate Risk Profile are of particular importance to the successful implementation of the Risk-Based Audit Plan. These are: (1) the risk related to the availability of timely, pertinent, consistent, and accurate information; and, (2) the risk related to the need to attract, recruit and retain sufficiently qualified, experienced and representative employees. Given this context, the Plan allows flexibility to respond to emerging risks and policy or program changes. If these risks or changes emerge and suggest higher priority audit activity, the Plan will be adjusted so that internal audit can undertake appropriate responses.

To support the need for flexibility, AASB has adopted an approach whereby internal resources are supplemented with qualified contractors. Considering the cross-government shortage of qualified auditors, this approach not only allows AASB to access required capacity and skills but also facilitates transfer of knowledge and skills to internal resources, thereby building internal capacity. The establishment of the Professional Audit Support Services Supply Arrangement (PASS) by AASB in 2012-2013 has contributed to more efficient contracting and has helped to overcome some of these challenges. AANDC’s implementation of the Government of Canada’s Deficit Reduction Action Plan (DRAP) will likely continue to impair AASB’s ability to obtain timely access to departmental managers and staff over the planning period.

 

 

Resource Considerations

This section presents the resource requirements of all internal audit activities planned for 2014-2015. Projects undertaken will depend on the availability of financial and human resources. The estimated resource requirements for small, medium, and large projects have been updated to reflect current forecasts and are consistent with the results of historical project cost analysis for the last three fiscal years (2011-12 to 2013-14). This approach has proven to be the most accurate basis for forecasting costs, as specific requirements can only be determined once audit planning has been completed.

The Audit and Assurance Services Branch’s assurance activities represent 91% (90% for AANDC-led and 1% for OCG-led) of branch resource requirements. Other internal audit activities, including monitoring of action plans from past audits, annual audit planning, Quality Assurance and Improvement, reporting, learning and development, and liaison with OAG and other external assurance providers represents 9%.

The Plan identifies an average of 17 audit projects to be carried out on an annual basis.

 

 

Appendix A - AANDC Audit Universe

Very High Risk Auditable Units and Related Audit Activity 2014-2017
Departmental Program Auditable Units (10) Planned Audit(s)*
Administration of Reserve Land Audit of Lands Management (incl. Lands Registry System) (2016-2017)
Audit of Additions to Reserve Process (2016-2017)
Elementary and Secondary Education Audit of the Education Information System (2015-2016)
Audit of the Elementary and Secondary Education Programs (2015-2016)
Emergency Management Assistance Audit of the Emergency Management Assistance Program (2015-2016)
First Nations Child and Family Services Audit of the First Nations Child and Family Services Program (2015-2016)
Housing Audit of On-Reserve Infrastructure (excluding Water and Wastewater) (2014-2015)
Management and Implementation of Agreements and Treaties Audit of the Implementation of Modern Treaty Obligations (2016-2017)
Negotiations of Claims and Self-Government Review of Negotiation of Comprehensive Land Claims and Self-Government Agreements (2014-2015) (Carry Forward)
Audit of Negotiation of Comprehensive Land Claims and Self Government Agreements (2016-2017)
Northern Contaminated Sites Audit of Northern Contaminated Sites Program (2014-2015)
Financial Audit of Contingent Liabilities (including Contaminated Sites) (2015-2016)
Registration and Membership Audit of Indian Registration (Qalipu Phase II) (2014-2015)
System under Development Audit of the Secure Integrated Registration and Certification Unit (2014-2015)
Audit of the Indian Registration System (2016-2017)
Water and Wastewater Infrastructure Audit of Water and Wastewater Infrastructure (2016-2017)
Internal Services Auditable Units (4) Planned Audit(s)*
Grants and Contributions Controls Audit of the Management Control Framework for Grants and Contributions (2013-2014) (Carry Forward)
Audit of the Management Control Framework for Grants and Contributions (2014-2015)
Audit of the Management Control Framework for Grants and Contributions (2015-2016)
Audit of the Management Control Framework for Grants and Contributions (2016-2017)
Information Management System Under Development Audit of the Integrated Financial and Management System (SAP & GCIMS) (2014-2015) (Carry Forward)
Audit of the Education Information System (2015-2016)
OCG horizontal Internal Audit of Information Management (2015-2016)
Audit of the Indian Registration System (2016-2017)
Information Technology System Under Development Audit of the Integrated Financial and Management System (SAP & GCIMS) (2014-2015) (Carry Forward)
OCG Audit of Information Technology Security (2014-2015)
Audit of the Education Information System (2015-2016)
Audit of the Indian Registration System (2016-2017)
Liabilities Audit of Internal Controls Over Financial Reporting (2014-2015)
Financial Audit of Contingent Liabilities (including Contaminated Sites) (2015-2016)

* Very High Risk Auditable Units will be subject to audit coverage (in whole or in part) at least once every three years.

* Very High Risk Auditable Units will be subject to audit coverage at least once every three years.

 
HIGH RISK AUDITABLE UNITS AND RELATED AUDIT ACTIVITY 2014-2017
Departmental Program Auditable Units (19) Planned Audit(s)*
Aboriginal Governance Institutions and Organizations Audit of Aboriginal Governance Institutions and Organizations Programs (2015-2016)
Assisted Living Audit of the Assisted Living and National Child Benefit Reinvestment Program (2014-2015)
Consultation and Engagement Audit of Consultation and Accommodation (2014-2015)
Contaminated Sites Financial Audit of Contingent Liabilities (including Contaminated Sites) (2015-2016)
Education Facilities Audit of On-Reserve Infrastructure (excluding Water and Wastewater) (2014-2015)
First Nations Governments Audit of First Nations Government Programs (2015-2016)
Income Assistance Audit of the Income Assistance Program (2015-2016)
Independent Assessment Process Audit of AANDC Support to the Independent Assessment Process (2014-2015)
Investment in Economic Opportunities Audit of Economic Development Programs (2016-2017)
Lands and Economic Development Services Audit of Economic Development Programs (2016-2017)
Métis and Non-Status Indian Relations and Métis Rights Management Audit of Métis and Non-Status Indian Relations and Métis Rights Management (2014-2015)
National Child Benefit Reinvestment Audit of the Assisted Living and National Child Benefit Reinvestment Programs (2014-2015)
Nutrition North Audit of Nutrition North Canada (2016-2017)
Other Community Infrastructure and Activities Audit of On-Reserve Infrastructure (excluding Water and Wastewater) (2014-2015)
Petroleum and Minerals Audit of Northern Oil and Gas (2014-2015)
Post-Secondary Education Audit of the Post-Secondary Education Programs (2014-2015)
Science Initiatives Audit of Program Management of the Canadian High Arctic Research Station (2016-2017)
Specific Claims Audit of AANDC Support to the Specific Claims Process (2015-2016)
Urban Aboriginal Participation Audit of the Urban Aboriginal Strategy (2016-2017)
Internal Services Auditable Units (12) Planned Audit(s)
ATIP Management Audit of ATIP Management (2014-2015)
Communications Management Practices Audit of the Communications Branch (2014-2015)
Expenditure Management Audit of Expenditure Management (2016-2017)
HR Staffing and Planning Audit of HR Staffing and Planning (2015-2016)
IM/IT Governance System Under Development Audit of the Integrated Financial Management System (SAP & GCIMS) (2014-2015) (Carry Forward)
Audit of IM/IT Governance (2016-2017)
Audit of the Indian Registration System (2016-2017)
IM/IT Security OCG Horizontal Internal Audit of Information Technology Security (2014-2015)
Litigation Management Audit of Litigation Management (2014-2015)
Occupational Health and Safety Audit of Occupational Health and Safety (2014-2015)
Organizational Design and Classification Audit of Delegation of Authorities, Organization Design and Classification (2014-2015) (Carry Forward)
Performance Measurement and Reporting Audit of Performance Measurement and Reporting (2015-2016)
Strategic and Business Planning Audit of Corporate Business Planning (2016-2017)
Values and Ethics Audit of Values and Ethics (2015-2016)

* High Risk Auditable Units will be subject to audit coverage at least once every three years.

 
MODERATE RISK AUDITABLE UNITS 2014-2015 TO 2016-2017
Departmental Program Auditable Units (9) Internal Services Auditable Units (10)
Business Capital and Support Services Accommodations
Climate Change Adaptation Compensation and Benefits
Family Violence Prevention Continuity of Operations
Northern Contaminants Corporate Security
Northern Land and Water Management External Reporting
Political Development and Intergovernmental Relations Financial Planning and Budgeting
Reconciliation Labour Relations
Strategic Partnerships Learning and Development
Support to the Truth and Reconciliation Commission Loans and Accounts Receivable
  Strategic Policy Development
 
LOW RISK AUDITABLE UNITS 2014-2015 TO 2016-2017
Departmental Program Auditable Units (4) Internal Services Auditable Units (4)
Business Opportunities Assets and Property Management
Common Experience Payments Library and Information Centre
Estates Official Languages
Renewable Energy and Energy Efficiency Revenues
 
NOT RATED AUDITABLE UNITS 2014-2015 TO 2016-2017
Departmental Program Auditable Units (0) Internal Services Auditable Units (4)
  Audit and Evaluation
  Complaints and Allegations
  Legal Services
  Risk Management
 
 

 

Appendix B - Linkage of 2014-2017 Audits to the Corporate Risk Profile


2014-2015 Audit Projects
HR Capacity and Capabilities Information for Decision Making Implementation Resource Alignment Government Partnership Aboriginal Relationship External Partnership Legal Environmental
Ongoing
Audit of Management Control Framework for Grants and Contributions (2013-2014)   Selected Selected Selected Selected Selected Selected    
Review of Negotiation of Comprehensive Land Claims and Self-Government Agreements   Selected Selected Selected Selected Selected Selected Selected  
System Under Development Audit of the Integrated Financial Management System (SAP&GCIMS) Selected Selected Selected Selected Selected        
Audit of Delegation of Authorities, Organization Design and Classification Selected Selected     Selected        
2014-2015 Projects
Audit of Management Control Framework for Grants and Contributions (recurring audit)   Selected Selected Selected Selected Selected Selected    
Audit of Northern Contaminated Sites Program Selected Selected Selected Selected Selected Selected   Selected Selected
Audit of the Internal Controls Over Financial Reporting Selected Selected              
Audit of Indian Registration (Qalipu Phase II) Selected Selected Selected Selected   Selected   Selected  
Systems Under Development of the Secure Integrated Registration and Certification Unit Selected Selected Selected Selected   Selected   Selected  
Audit of On-Reserve Infrastructure (excluding Water and Wastewater)   Selected Selected Selected   Selected      
Audit of AANDC Support to the Independent Assessment Process Selected Selected Selected Selected Selected Selected   Selected  
Audit of Northern Oil and Gas   Selected Selected Selected Selected Selected Selected   Selected
Audit of Consultation and Accommodation Selected Selected Selected Selected Selected Selected   Selected  
Audit of Litigation Management Selected Selected Selected Selected Selected Selected   Selected  
Audit of Occupational Health and Safety Selected Selected Selected Selected Selected     Selected Selected
Audit of ATIP Management Selected Selected Selected         Selected  
Audit of the Post-Secondary Education Programs Selected Selected Selected Selected Selected Selected Selected Selected  
Audit of the National Child Benefit Reinvestment and Assisted Living Programs Selected Selected Selected Selected Selected Selected Selected    
Audit of Métis and Non-Status Indian Relations and Métis Rights Management Selected Selected Selected Selected Selected Selected   Selected  
Management Practices Audit of the Communications Branch Selected Selected Selected Selected          
Management Practices Audit of the Lands and Economic Development Sector Selected Selected Selected Selected          
OCG Horizontal Internal Audit of Information Technology Security Selected Selected Selected Selected Selected        
 
 

 

Appendix C - Linkage of 2014-2015 Audits to MAF Elements

2014-2015 Audit Projects

Note (1) - These two areas of MAF are the responsibility of the CAEE therefore,
they were not considered
Value
and
Ethics
Managing
for
Results
Governance
and
Planning
Citizen-focused
Service
Internal
Audit (1)
Evaluation (1) Financial
Management
and Control
Management
of Security
Integrated
Risk
Management
People
Management
Procurement Information
Management
Information
Technology
Asset
Management
Investment
Planning
and
Management
of Projects
Ongoing
Audit of the Management Control Framework for Grants and Contributions (2013-2014)   Selected Selected       Selected   Selected            
Review of Negotiation of Comprehensive Land Claims and Self-Government Agreements   Selected Selected Selected     Selected     Selected          
System Under Development Audit of the Integrated Financial Management System (SAP & GCIMS)     Selected       Selected Selected Selected   Selected Selected Selected   Selected
Audit of Delegation of Authorities, Organization Design and Classification Selected Selected Selected Selected         Selected Selected         Selected
2014-2015 Projects
Audit of the Management Control Framework for Grants and Contributions   Selected Selected       Selected   Selected            
Audit of the Northern Contaminated Sites Program   Selected Selected       Selected   Selected Selected Selected       Selected
Audit of Internal Controls Over Financial Reporting   Selected Selected       Selected   Selected     Selected Selected    
Audit of Indian Registration (Qalipu Phase II)     Selected Selected     Selected   Selected     Selected     Selected
Systems Under Development of the Secure Integrated Registration and Certification Unit   Selected Selected Selected         Selected     Selected Selected   Selected
Audit of On-Reserve Infrastructure (excluding Water and Wastewater)   Selected Selected Selected     Selected   Selected         Selected Selected
Audit of AANDC Support to the Independent Assessment Process   Selected Selected Selected         Selected            
Audit of Northern Oil and Gas   Selected Selected Selected     Selected   Selected            
Audit of Consultation and Accommodation     Selected Selected         Selected Selected          
Audit of Litigation Management   Selected Selected Selected         Selected            
Audit of Occupational Health and Safety   Selected Selected             Selected          
Audit of ATIP Management   Selected Selected Selected               Selected      
Audit of the Post Secondary Education Program   Selected Selected Selected     Selected   Selected     Selected Selected   Selected
Audit of National Child Benefit Reinvestment and Assisted Living Programs   Selected Selected Selected     Selected   Selected            
Audit of Métis and Non-Status Indian Relations and Métis Rights Management     Selected Selected Selected         Selected          
Management Practices Audit of the Communications Branch   Selected Selected Selected Selected     Selected   Selected Selected Selected      
Management Practices Audit of the Lands and Economic Development Sector   Selected Selected Selected Selected     Selected   Selected Selected Selected      
OCG Horizontal Internal Audit of Information Technology Security                 Selected Selected     Selected Selected  
 
 

 

Appendix D – 2014-2015 Audit Projects

The detailed audit plan for 2014-2015 is presented below, with each project described in terms of its preliminary objective, preliminary scope and rationale. For all planned audits, the final objective and scope will determined at the end of the planning phase, based on an assessment of risk.

Audit Objective and Scope Rationale for Conduct
Audit of the Management Control Framework for Grants and Contributions (recurring audit) Very High
The ongoing objective of the audit of the management control framework for grants and contributions is to assess the adequacy and effectiveness of the management control framework for grant and contribution programs. As the framework and the Department's programs and their risks evolve, the specific objectives and scope for audit activity in a given year are based upon a current risk assessment conducted during the planning phase.

In assessing the adequacy and effectiveness of selected controls, the audit will typically examine their application horizontally, i.e. through a sample of programs and regions.
Maps to Program Alignment Architecture
  • Strategic Outcome: Internal Services
  • Activity: Grants and Contributions
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationships
  • External Partnership
Grants and contributions are the primary transfer payment vehicles through which AANDC programming is delivered. In addition to being financially material (over $6 billion annually), AANDC continues to implement a strengthened Management Control Framework for Grants and Contributions to achieve the expected improvements reflected in the Policy on Transfer Payments, e.g. risk-based program frameworks, recipient agreements and recipient auditing, reduced reporting burden on recipients. The 2012-2014 audit found that while regions were using eligible funding approaches to flow funding to recipients, the level of recipient risk was not always considered in the establishment/ selection of funding approaches and compliance activities.
Audit of the Northern Contaminated Sites Program Very High
The preliminary objective of this audit is to determine the adequacy and effectiveness of the management controls established in relation to the objectives of the Department in regard to Northern contaminated sites. The preliminary scope for the audit includes the management practices and controls for identifying, assessing and remediating contaminated sites north of 60° as well as those to ensure compliance with relevant legislation, regulations, guidelines and policies.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.

The Financial Audit of Contingent Liabilities (2014-2015) will provide assurance on the estimation practices of determining contingent liabilities related to the contaminated sites.
Maps to Program Alignment Architecture
  • Strategic Outcome: The North
  • Activities: Contaminated Sites
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Aboriginal Relationship
  • Legal
  • Environmental
Northern contaminated sites are important in that they may pose significant immediate or long-term hazard to human health and/or the environment and represent large actual or contingent liabilities for the Department. The remediation of Giant and Faro mines alone represents significant long-term environmental, financial and human health and safety risks. The remediation of these contaminated sites is funded 80% by Federal Contaminated Sites Action Plan (FCSAP), which sunsets in 2020, leaving questions about long-term funding. The 2012-2013 AANDC internal audit on environmental management and contaminated sites south of 60° noted significant weaknesses in project management practices related to the Giant Mine. There are increased reporting requirements for contingent liabilities related to contaminated sites; a Financial Audit of Contingent Liabilities is also planned for 2013-2014.
Audit of Internal Controls over Financial Reporting Very High
The preliminary objective of this audit is to assess the Department's readiness to achieve operating effectiveness of Internal Controls over Financial Reporting (ICFR) and to sustain a financial statement audit. The preliminary scope of the audit includes an examination of processes and mechanisms in place for selected key steps within the Treasury Board Policy on Internal Control implementation process and progress towards compliance with the Policy.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: Internal Services
  • Activity: External Reporting, Liabilities
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
Recent government initiatives such as the development and implementation of Treasury Board's Policy on Internal Control and Policy on Financial Resource Management, Information and Reporting are aimed at strengthening public sector financial management and reporting, as well as internal controls.

The Department's contingent and other liabilities are very material in financial terms, reporting requirements related to contingent liabilities are changing and the OAG recently identified weaknesses in this area during their Audit of Internal Controls over Financial Reporting.
Audit of Indian Registration (Qalipu Phase II) Very High
The preliminary objective of this audit is to provide assurance that the controls related to Phase II of the Qalipu Mi'kmaq Band enrollment process are sufficient to ensure the accuracy of eligibility assessments and the integrity of information captured in the Indian Registration System (IRS). The preliminary scope of the audit includes the Phase II processes and controls designed to assess the eligibility of the applicant to become a founding member of the Qalipu Mi'Kmaq Band and to ensure that registration information is accurately entered into the IRS.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The People
  • Activity: Registration and Membership
Maps to Corporate Risk Profile
  • HR Capacity
  • Implementation
  • Aboriginal Relationship
  • Legal
Accuracy and integrity of Indian Registration data is key to minimizing false or illegitimate claims for federal funding.

In 1989, the Federation of Newfoundland Indians, representing approximately 7,800 members from the nine Mi'kmaq communities across the island, along with Chiefs of six affiliated groups began a Federal Court Action seeking eligibility for registration under the Indian Act and in June 2008, the Agreement for Recognition of the Qualipu Mi'kmaq Band was signed. By November 30, 2009, close to 26,000 applications for membership had been received and by November 30, 2012 the number of applications for Band membership had grown to 101,000.

Phase II of the enrollment process, designed to assess the eligibility of the applicant to become a founding member, is currently underway and will be completed by August 2015.
System Under Development Audit of the Secure Integrated Certification and Registration Unit Very High
The preliminary objective of the audit is to assess the adequacy and effectiveness of the project management framework and controls in place to support the successful completion of the Secure Integrated Certification and Registration Unit project. The preliminary scope of the audit includes an examination of governance, risk management and control practices related to the implementation of Phase I and additionally, the project management practices related to Phase II of the project.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The People
  • Activities: Registration and Membership
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Aboriginal Relationship
Effective and successful implementation of Indian Registration System (IRS) and Secure Certificate of Indian Status (SCIS) are important to stakeholders and to AANDC credibility. Accuracy and integrity of IRS data and SCIS cards are key to minimizing false or illegitimate claims for federal funding.

In 2010, a Departmental initiative to modernize the IRS was brought into force and is being rolled out in two phases. Phase I will see the integration of Indian registration and card issuance processes through the implementation of common business processes (known as the SIRCU model) and a linkage between the two system applications. Phase II will see the development and implementation of a replacement system for IRS and the SCIS Web Application. Phase II of the project has recently entered stage three of the Department's gating process.
Audit of On-Reserve Infrastructure (excluding Water and Wastewater) Very High
The preliminary objective of this audit is to assess the adequacy and effectiveness of controls in place to support funding decisions for on-reserve infrastructure projects (including education facilitates, housing and other community infrastructure projects. Water and Wastewater infrastructure will not be in the scope as it subject to a separate audit.). The preliminary scope of the audit includes an assessment of the adequacy of the design of the management control framework to ensure that funding for infrastructure projects are spent in an effective, efficient and timely manner. The preliminary scope also includes an examination of a sample of infrastructure project plans and spending, as well as a series of O&M payments for maintenance of existing infrastructure.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The Land and the Economy
  • Activity: Education Facilities; Housing; Other Community Infrastructure and Activities
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Aboriginal Relationship
Funding for education facilities, housing and other infrastructure projects is significant (approximately $730M budgeted for 2013-2014). Capital funding is susceptible to reallocation by FN to cover their social program commitments or to maintain debts related to housing. As a result infrastructure projects are not made a priority and proper maintenance to the existing infrastructure is often not sustained, leading to premature obsolescence and potential environmental impacts.
Audit of AANDC Support to the Independent Assessment Process High
The preliminary objective of this audit is to provide assurance over the adequacy, efficiency and effectiveness of the management controls of both AANDC and in particular, the Indian Residential Schools Adjudication Secretariat in meeting their obligations to support the Independent Assessment Process (IAP). The preliminary scope of the audit includes the responsibilities of the Secretariat to support the IAP and the Chief Adjudicator. The preliminary scope does not include those aspects of the independent alternative dispute resolution processes within the IAP that are administered under the direction of the Chief Adjudicator nor will it include any assessment of decisions made by the independent adjudicators.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The People
  • Activity: Independent Assessment Process
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
This program represents a significant financial obligation to the Department with $660M in claims payments budgeted for the next fiscal year. There are delivery risks as the volumes of claims significantly exceed original forecasts. Capacity is strained to process these in a timely manner and failure to do so could result in non-compliance with the IRS Settlement Agreement.
Audit of Northern Oil and Gas High
The preliminary objective of the audit is to determine whether AANDC is fulfilling its obligations with respect to the regulation and administration of oil and gas resources in the north in an efficient, effective, and controlled manner. The preliminary scope of the audit includes an assessment of the adequacy and effectiveness of the governance, risk management, and internal controls in place to support the effective and efficient execution of AANDC's responsibilities in managing oil and gas resources in the north.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The North
  • Activity: Petroleum and Minerals
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • External Partnership
  • Legal
  • Environmental
Management of Northern Oil and Gas is very complex and important to the economic development of the North. The initiatives underway in the North (e.g. Beaufort Drilling and Mackenzie Pipeline) are very large with very significant potential environmental impacts and AANDC is now the lead for the McKenzie project. Some areas of responsibility will be devolved to the Northwest Territories effective April 1, 2014, however, AANDC remains responsible for Nunavut.
Audit of Consultation and Accommodation Very High
The preliminary objective of the audit is to determine whether AANDC's management control framework for consultation and accommodation is sufficient to ensure that the Department is fulfilling its legal "Duty to Consult." The preliminary scope of the audit includes both the support given by the Consultation and Accommodation unit to internal and external stakeholders, as well as the Department's implementation of consultation requirements with Aboriginal people and communities.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The Government
  • Activity: Consultation and Accommodation
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • Legal
There are significant legal ramifications and liabilities that result from a failure to properly consult Aboriginal people and communities, or from an expectation that more extensive consultation was required. There are increasing demands on the part of First Nations for engagement and recent court cases have ruled against AANDC on the grounds that sufficient consultation on program changes have not taken place.
Audit of Litigation Management High
The preliminary objective of the audit will be to assess the adequacy and effectiveness of controls in place to support the efficient and effective, management of litigation files within AANDC and with AANDC's interactions with the Department of Justice. The preliminary scope of the audit includes an examination of the governance, risk management and control practices in place to ensure that the Department's objectives with respect to Litigation Management are met.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: Internal Services
  • Activity: Litigation Management
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • Legal
Litigation is a highly complex area with a high degree of sensitivity and visibility, with significant impacts on departmental decisions and Aboriginal relationships. While the number of active litigation files has decreased, the profile on these files and the cost to defend has increased. The Preliminary Survey of Litigation Management (2011-2012) found significant issues that led the Litigation Management and Resolution Branch to initiate a review to address these issues.
Audit of Occupational Health and Safety High
The preliminary objective of the audit is to provide assurance on the adequacy of AANDC's Management Control Framework over Occupational Health and Safety (OHS) and on the adequacy and effectiveness of controls for ensuring compliance with relevant legislation, regulations, guidelines and policies. The preliminary scope of the audit includes an examination of management's awareness of and compliance with the relevant policies and legislation and the adequacy of the Department's oversight and monitoring regime for OHS.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: Internal Services
  • Activity: Occupational Health and Safety
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Resource Alignment
  • Legal
  • Environmental
Occupational Health and Safety is an inherently high risk area due to the implications if incidents occur and potential for criminal charges for non-compliance
Audit of ATIP Management High
The preliminary objective of the audit is to assess the adequacy and effectiveness of controls in place to support the processing of requests related to Access to Information and Privacy (ATIP). The preliminary scope of the audit includes those activities under the Department's responsibility that are related to access to information including the efficiency and effectiveness of control practices and compliance with relevant legislation, policies and procedures.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: Internal Services
  • Activity: ATIP Management
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Legal
Access to information is a sensitive area due to possible reputational risks to the Department and the media exposure related to the release of sensitive information. AANDC has a high volume of ATIP requests and there are known process and efficiency issues.
Audit of the Post-Secondary Education Programs High
The preliminary objective of the audit is to assess the adequacy and effectiveness of the management control framework of the Department's Post-Secondary Education Programs, particularly as it pertains to recent reform initiatives, and that regional controls for administering recipient contributions are effective at ensuring compliance with applicable authorities and policy frameworks. The preliminary scope of the audit includes program design, redesign and approvals, program implementation and program monitoring and reporting.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The People
  • Activity: Post-Secondary Education
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • External Partnership
  • Legal
Post-Secondary Education Programs are very important to both First Nations and the Department in terms of their support to capacity development and self-sufficiency. The programs are significant from a materiality perspective and audits performed in 2009 and 2011 identified systemic concerns related to unexpended funds and funds not being used for their intended purposes. Program guidelines were strengthened in 2012-2013 and program reform initiatives were launched in 2013.
Audit of the National Child Benefit Reinvestment and Assisted Living Programs High
The preliminary objective of the audit is to assess the adequacy and effectiveness of the controls in place to support the design, delivery, and monitoring of the National Child Benefit Reinvestment (NCNR) and Assisted Living (AL) programs, including compliance with relevant program authorities and Treasury Board and AANDC policy requirements. The preliminary scope of the audit includes a focus on the recent changes to the program's Management Control Framework to ensure effective governance, stewardship and accountability, both at the headquarters and regional levels.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic The People
  • Activity: National Child Benefit Reinvestment; Assisted Living
Maps to Corporate Risk Profile
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • External Partnership
Both the National Child Benefit Reinvestment (NCBR) and Assisted Living (AL) programs are social programs that have undergone recent reform. NCBR is complex, with a component that is implemented by HRSDC. AL services a particularly vulnerable population. Payments made for both services are susceptible to possible misappropriation.
Audit of Métis and Non-Status Indian Relations and Métis Rights Management High
The preliminary objective of the audit is to determine whether AANDC is proactively implementing ways to enhance Métis and Non-Status Indian organizations to build legitimate, stable and democratic methods of representing their members and building capacity and expansion of partnerships with federal and provincial governments and the private sector. The preliminary scope of the audit includes both the work performed by this program sub-activity unit in encouraging verifiable membership systems and the Department's planning and readiness to address possible issues related to the future Supreme Court ruling.

The specific objective and scope of the audit will be determined during the planning phase based on an assessment of risks.
Maps to Program Alignment Architecture
  • Strategic Outcome: The Government
  • Activity: Métis and Non-Status Indian Relations and Métis Rights Management
Maps to Corporate Risk Profile
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
  • Government Partnership
  • Aboriginal Relationship
  • Legal
A recent federal court ruling, which has been appealed to the Supreme Court, will potentially include 600,000 Métis and Non-Status Indians to federal jurisdiction. The impact of this decision is uncertain, yet increases the implementation risks of providing programming to a larger pool of recipients.
Management Practices Audit of the Communications Branch High
The preliminary objective of the audit is to assess the adequacy and effectiveness of selected management practices in regions and sectors of the Department.

The scope of the audit will be determined on the basis of risk, as identified through Control Self-Assessment workshops, review of previous audit and review findings, review of priorities, and consideration of other relevant information.
Maps to Program Alignment Architecture:
  • Strategic Outcome: N/A
  • Activity: N/A
Maps to Corporate Risk Profile:
  • HR Capacity
  • Information for Decision Making,
  • Implementation
  • Resource Alignment
Following the first round of Management Practices Reviews between 2007 and 2010, the Audit and Evaluation Sector prepared a summary report highlighting the strengths and weaknesses of the process. The report led to the initiation of a round of Management Practices Audits (MPAs) beginning in 2011-2012. The MPA approach is more targeted towards a higher level of assurance by taking a two phase approach: a Control Self-Assessment followed by an audit of selected management practices determined on the basis of the auditor's risk assessment. During the 2013-2014 fiscal year the final MPAs of the regions were completed, and in 2014-2015 the remaining sectors will undergo a MPA thereby completing a full round of Management Practice Audits for all AANDC Regions and Sectors.
Management Practices Audits of the Lands and Economic Development Sector High
The preliminary objective of the audit is to assess the adequacy and effectiveness of selected management practices in regions and sectors of the Department.

The scope of the audit will be determined on the basis of risk, as identified through Control Self-Assessment workshops, review of previous audit and review findings, review of priorities, and consideration of other relevant information.
Maps to Program Alignment Architecture: Maps to Corporate Risk Profile:
  • HR Capacity
  • Information for Decision Making
  • Implementation
  • Resource Alignment
Following the first round of Management Practices Reviews between 2007 and 2010, the Audit and Evaluation Sector prepared a summary report highlighting the strengths and weaknesses of the process. The report led to the initiation of a round of Management Practices Audits (MPAs) beginning in 2011-2012. The MPA approach is more targeted towards a higher level of assurance by taking a two phase approach: a Control Self-Assessment followed by an audit of selected management practices determined on the basis of the auditor's risk assessment. During the 2013-2014 fiscal year the final MPAs of the regions were completed, and in 2014-2015 the remaining sectors will undergo a MPA thereby completing a full round of Management Practice Audits for all AANDC Regions and Sectors.
OCG Horizontal Internal Audit of Information Technology Security High
The preliminary objective of the audit is to assess compliance with selected elements of the Policy on Management of Information Technology and the Policy on Government Security (including the Operational Security Standard Management of Information Technology Security (MITS)).

The scope of the audit will likely include key practices and processes in place for managing IT security and the level of technical and operational safeguards that exist within and across departments.
Maps to Program Alignment Architecture:
  • Strategic Outcome: Internal Services
  • Activity: IM/IT Security
Maps to Corporate Risk Profile:
  • Information for Decision Making
  • Implementation
The OCG has identified Information Management as a priority for audit across a representative sample of large and small government departments.
 
 

 

Appendix E – Changes to the Audit Plan

Ongoing Audits

The resource implications of audit projects that began in 2013-2014, but were not completed within that period are identified below as ongoing audits from the 2013-2014 Risk-Based Audit Plan.

2014-2015 Ongoing Audits Expected Completion Date
Audit of the Management Control Framework for Grants and Contributions (2013-2014) Q1 2014-2015
Review of Negotiation of Comprehensive Land Claims and Self-Government Agreements Q1 2014-2015
System Under Development Audit of the Integrated Financial Management System (SAP & GCIMS) Q1 2014-2015
Audit of Delegation of Authorities, Organization Design and Classification Q1 2014-2015
 

Removed, Deferred or Added Audits

The table below identifies all the changes from the 2013-2014 to 2015-2016 Risk-Based Audit Plan.

Removed or Deferred Audits
Audit Name and Year Planned Rationale
Follow-up Audit of the Education Information System (2014-2015) This audit has been deferred from 2014-2015 to 2015-2016 to coincide with the Audit of the Elementary and Secondary Education Programs.
Audit of Elementary and Secondary Education (2014-2015) This audit has been deferred from 2014-2015 to 2015-2016 in order to give time for the current education reforms to be implemented.
Post Implementation Audit of DRAP Initiatives (2014-2015) This audit has been removed as it is no longer considered a very high or high priority.
Audit of IM/IT Security (2014-2015) This audit has been removed as the OCG Horizontal Internal Audit of Information Technology Security is planned for 2014-2015 and will provide audit coverage in the area. AANDC has volunteered to participate in the audit.
Follow-up Audit of Water and Wastewater (2015-2016) This audit has been deferred from 2015-2016 to 2016-2017 to allow program reforms to be implemented and was renamed the Audit of Water and Wastewater.
Audit of Information Management (2015-2016) This audit has been removed as the OCG Audit of Information Management is planned for 2015-2016 and will provide audit coverage in the area. AANDC has elected to participate in the audit.
Follow-up Audit of Lands management (incl. Lands Registry System) (2015-2016) This audit has been deferred from 2015-2016 to 2016-2017 to allow for the scheduling of higher priority audits at this time.
Audit of Additions to Reserve This audit has been deferred from 2015-2016 to 2016-2017 to allow for the scheduling of higher priority audits at this time.
 
Additions
Audit Name and Year Planned Rationale
Audit of Internal Controls Over Financial Reporting (2014-2015) This audit has been added to address risks associated with recent audit findings in this area.
Audit of Indian Registration (Qalipu Phase II) (2014-2015) This audit has been added in 2014-2015 as a result of risks identified in this program area (at the request of management).
Systems Under Development Audit of the Secure Integrated Registration and Certification Unit (2014-2015) This audit has been added in 2014-2015 as a result of risks identified in this program area (at the request of management).
Audit of Consultation and Accommodation (2014-2015) This audit has been added to address risks related to consultation with First Nations.
Audit of ATIP Management (2014-2015) This audit has been added to address risks related to the management of ATIP.
Audit of Métis and Non-Status Indian Relations and Métis Rights Management (2014-2015) This audit has been added to address risks related to this area, including the consideration of a recent court ruling related to Métis and Non-Status Indians rights.
Management Practices Audit of the Communications Branch (2014-2015) This area has been identified as a high risk during the 2014-2015 RBAP risk assessment process.
Management Practice Audit of the Lands and Economic Development Sector (2014-2015) This area has been identified as a high risk during the 2014-2015 RBAP risk assessment process.
OCG Horizontal Internal Audit of Information Technology Security (2014-2015) The OCG is conducting an Audit of Information Technology Security and AANDC has volunteered to participate.
Financial Audit of Contingent Liabilities (including Contaminated Sites) (2015-2016) This audit has been added as contingent liabilities are materially significant to the Department and prior assurance work has identified significant issues.
OCG Horizontal Internal Audit of Information Management (2015-2016) The OCG is conducting a Horizontal Internal Audit of Information Management and AANDC has volunteered to participate.
Audit of the Emergency Management Assistance Program (2015-2016) This area has been identified as very high risk during the 2014-2015 RBAP risk assessment.
Audit of First Nations Government Programs (2015-2016) This audit has been added to address risks associated with the growing importance of First Nations Government Programs and to address issues identified in previous audits.
Audit of Human Resources Staffing and Planning (2015-2016) This area has been identified as a high risk during the 2014-2015 RBAP risk assessment.
Audit of Aboriginal Governance Institutions and Organizations Programs (2015-2016) This audit has been added to address risks associated with the growing importance of Aboriginal Institutions and Organizations and to address issues identified in previous audits.
Audit of Performance Measurement and Reporting (2015-2016) This area has been identified as a high risk during the 2014-2015 RBAP risk assessment.
 
 
 
Date modified: