Common menu bar
Breadcrumb
Risk-based Audit Plan 2009-2012
Annual Refresh and Proposed Audits for 2010-2012
(PDF Version, 1.6 MB) *
Preface from the Chief Audit Executive
Management Accountability and Core Controls
Audit Accomplishments 2009-2010
Recommended Audits for 2010-2011
Recommendation to DFAIT Audit Committee 2011-2012
Recommendation to DFAIT Audit Committee
Appendix A: OPERATIONAL PLAN FOR 2010-2011
Appendix B: Audit Plan for 2009-2010
Appendix C: Audit Plan for 2010-2011
Appendix D : Audit Plan for 2011-2012
Appendix E: AUDIT PLAN MAF AND CORE CONTROL COVERAGE
Appendix F: AUDIT UNIVERSE MAPPED TO DFAIT PROGRAM ACTIVITY
Appendix G: DFAIT CORPORATE RISK PROFILE 2010-2011
Preface from the Chief Audit Executive
I am pleased to present an update to our three-year Risk Based Audit Plan.
This document has been developed by the Office of the Chief Audit Executive with partners, in careful accordance with the requirements of Treasury Board Secretariat and the Office of the Comptroller General. We have consulted widely, particularly with senior management of our Department and the Offices of the Auditor General and Comptroller General.
This review has given us the opportunity to refresh our audit plan, in keeping with changing risks and priorities. The document provides an assessment of what has been accomplished in DFAIT’s audit program in 2009-2010. It also offers an objective assessment of DFAIT’s audit requirements, and our capacity to complete the remaining two years of our Risk-based Audit Plan.
Our challenge in 2009-2010 was to balance planned internal audit activities with urgent audit assignments related to our decision to undertake the Financial Resource Management Risk Assessment.
It is important to note that this assessment led to the identification of additional priority audit projects to be completed in 2009-2010, which were considered critical to the Department.
I am confident that our recommendations for planned internal audits in the next two business years support stronger financial management and emphasize effective risk management and stewardship of resources.
One of the key requirements of the Treasury Board Policy on Internal Audit is for the Chief Audit Executive to provide an annual overview assurance report on the state of departmental risk management, control and governance processes. The results of our audit work to date, and our recommendations for future audits as described in this refreshed Plan, will be central to my assurance report.
I have appreciated the wide co-operation and joint effort in the planning and implementation of our three year audit program for the Department of Foreign Affairs and International Trade.
Yves Vaillancourt
Chief Audit Executive
Foreign Affairs and International Trade
Executive Summary
This document describes the risk-based planning and selection of the Department of Foreign Affairs and International Trade’s (DFAIT) internal audits for the period of 2010 to 2012. This updated version of the Risk-based Audit plan has been prepared in accordance with the applicable requirements of the 2009 Treasury Board Policy on Internal Audit, its directives and guidelines.
The Audit Plan was prepared following an analysis of the DFAIT audit universe, a review of significant audit findings resulting from past audit reports, interviews with senior management of the Department, and a final ranking exercise which took into consideration materiality, risk, relevance and value-added criteria.
Selection of audit projects for 2010-2011 also took into consideration “in reserve” audits (re: audit engagements not undertaken in 2009-2010) as well as coverage of audit subject matters by external auditors such as the Public Service Commission, the Office of the Comptroller General and Office of the Auditor General. Finally, over the course of the year, senior management suggested specific management issues which they sensed merited audit attention, such as the Delivery of Corporate Services at DFAIT headquarters and Strategic Use of Travel. These suggestions were also considered in developing our Audit Plan.
The Departmental Audit Committee considered the selection of these projects at a meeting held in February 2010. Their recommendations are incorporated in this Plan. Once formal approval has been granted by the Deputy Ministers, the Office of the Chief Audit Executive will move to complete approved audits for 2010-2011.
1. Overview of Planning
a) Audit Universe
Audit entities defined as management business processes were presented in the original 2009-2012 Risk-based Audit Plan. For the purposes of this refresh exercise we have considered these audit subjects and their initial risk analysis. Additional audit subjects have been identified in our refresh, resulting in an updated audit universe. All audit subjects were reviewed, and their risk assessed, in selecting and recommending audit projects for 2010-2011 and 2011-2012.
b) Management Accountability and Core Controls
Our review and analysis of risk has resulted in a recommendation of six audits in 2010-11 and five audits in 2011-2012. We have also reviewed how these new projects will increase our knowledge of DFAIT and provide adequate coverage of the department’s operational processes. The results of our review of past audit findings, coupled with an assessment of how the proposed audits cover key core management controls is presented in Annex E.
The audit work we conducted in 2009-2010 concentrated on stewardship, more specifically on gaining a better understanding of DFAIT’s risks related to financial management. The recommended audits for 2010-2011 continue our review of the Department’s resource management and its progress in implementing the management actions flowing from the Financial Management Project.
As well, the audits of the Management of Real Property and Non-IT Assets further our understanding of the accounting by DFAIT of these expenditures including the processes for their recording, valuation, use and disposal.
Given the planned audits by external auditors, an assessment of DFAIT’s management of staffing will provide important information on the “people” core management control. Finally, understanding of the management of Grants and Contributions will be gained from TB-directed audits.
c) Consultations
In preparing its plan for 2010-2011, Internal Audit considered:
- Audits which would assist in implementing Year 2 of the recommendations of the Financial Resource Management Risk Assessment and Audit of Resource Allocation.
- Views of DFAIT senior management of risk through interviews across the Department at HQ and missions.
- Views, as well as planned audits, of external auditors and other providers of assurance. In 2010-2011, the resources of the CAE will work with external auditors in an assessment of DFAIT’s internal management of staffing (with PSC), internal audit (with OAG), contracting temporary help (with PSC), as well as delivery of a mandate related to water management (with the Commissioner for Sustainable Development). DFAIT may also be asked to take part in an OCG-led audit of Business Case Development.
Assessment of risk by peer Executives responsible for oversight in the areas of inspection, investigations and evaluations at DFAIT.
d) Risk Assessment
The assessment of risk in this review has benefited from the CAE’s increased knowledge of DFAIT’s programs. This has been achieved through audits we have conducted in the first year of the Plan, the further development of DFAIT’s Corporate Risk Profile, and the role of the CAE in reviewing the Department’s changing priorities.
The final ranking of recommended audit projects for 2010-2011 and 2011-2012 was achieved following:
- A review by Internal Audit, of the initial risk assessment presented in the 2009-2012 Risk-Based Audit Plan, to validate risk information against any changes in DFAIT’s program structure and priorities. This exercise emphasized the need to continue audit work that contributes to strengthening the Department’s resource management regime.
An assessment of areas of significance (for the entity/topic examined). Consideration was given to audit projects which examine those areas of the department where there is greater financial significance or considerable resources have been directed, and which support directly and substantially departmental objectives and priorities.
2. AUDIT ACCOMPLISHMENTS IN 2009-2010
Much was accomplished by DFAIT’s Internal Audit work in 2009-2010. Completing the Financial Resource Management Risk Assessment was central to our support of effective risk management and sound resource stewardship of the Department. Our contribution to this critical area was further strengthened through audits in such areas as Resource Allocation, Expenditure Controls, Headquarters Growth and a Progress Report on Implementation of Strategic Review Reductions.
For good reason the audit program we implemented in 2009-2010 was not entirely in keeping with the originally approved Risk-based Audit Plan. Figure 1 illustrates what was originally planned, and what was completed. It also indicates the consequence of necessary changes, in particular audits that required re-scheduling to 2010-2011, and 2011-12.
Ten audit projects had been approved for 2009-2010. Based on available funding, the Office of the Chief Audit Executive decided to proceed with 7 of the 10: departmental governance structures, resource allocation, expenditure controls for high risk payments, information for decision making, real property, systems governance and systems management. The first three in italics were completed and reported on. Due to a shift in Departmental priorities, and budget reductions for Internal Audit, the remaining audits to be completed in 2009-2010 were moved to 2010-2011 to be reconsidered following a refresh exercise.
Figure 1: Risk-based Audit Plan
| 1 | Audits planned in 2009-2010 | 2 | RBAP/Directed Audits completed in 2009-2010 | ||
|---|---|---|---|---|---|
| RBAP 09-10 | Departmental Governance Structures | RBAP 09-10 | Departmental Governance Structures | ||
| RBAP 09-10 | Resource Allocation | RBAP 09-10 | Resource Allocation | ||
| RBAP 09-10 | Expenditure Controls for high risk payments | RBAP 09-10 | Expenditure Controls for high risk payments | ||
| Not Completed Move to 2010-11 | RBAP 09-10 | Information for Decision-Making | Note: Management Directed Audit 2009-2010 | Financial Resource Management Risk Assessment | |
| RBAP 09-10 | Real Property | Note 3 Opinion | |||
| RBAP 09-10 | Systems Management | Headquarters Growth | |||
| RBAP 09-10 | Systems Governance | Implementation of Strategic Review Reductions of 2007 | |||
RBAP 09-10 | TB Decisions and MCs | RBAP 09-10 | Partially covered under the Financial Res. Management Risk Assessment | ||
| RBAP 09-10 | IT Asset Management | Covered by OCG Horizontal Audits: | IT Asset Management | ||
| RBAP 09-10 | Risk Management | Corporate Risk Profile |
In 2009-2010, DFAIT faced serious matters concerning its budget and financial administration. There were further challenges in preparing for the presentation of DFAIT’s Financial Statements.
Senior management requested, and the CAE agreed, that the four audit projects below be completed as a priority:
- An analysis of Note 3, supporting work to approve the Department’s Financial Statements;
- Effective coordination between the External Review on Budgeting and Forecasting (which led to the Financial Resource Management Risk Assessment) and the conduct of an internal audit of Resource Allocation.
- An audit opinion on growth at DFAIT’s headquarters
- An audit of progress in the implementation of the 2007 Strategic Review Reductions.
During the review of the Financial Statements, requests of senior management and the DAC for supporting details of Financial Statement line items could often not be answered in a timely fashion. As a result, a reconciliation of Note 3 was completed. Also, a lack of information on departmental charges which drove DFAIT’s spending in 2008-09 was compounded with a sudden short fall in DFAIT’s operating budget at mid-year.
Internal Audit was asked to undertake a Financial Resource Management Risk Assessment to provide early analysis of the reliability of the Department’s forecast. Other audit tasks were completed in the early Winter to further the Department’s overall understanding of the root causes of the budgetary shortfall and recommend financial management practices to prevent this situation from recurring.
As the above-noted audits examined in depth DFAIT’s management of its finances, three additional audits planned for 2009-2010 were covered by other assurance providers:
- Audit of Risk Management was completed through DFAIT being included in the OCG Horizontal Audit of Corporate Risk Profiles. The OCG reported in March 2010 on the results for the Department.
- Information Technology Asset Management was also covered with OCG including DFAIT in its Horizontal Audit of IT Asset Management. The OCG will report in September 2010 on this matter to the Government of Canada Audit Committee.
- Treasury Board Submissions and MCs was covered as part of work initiated under the Financial Resource Management Rick Assessment. The resulting management action plan addresses improved coordination and management of this function.
As well, a mandatory audit of the management of grants and contributions of the Global Partnership Program was initiated in the fourth quarter of 2009-2010, and should be completed in the first quarter of 2010-2011. It is important to note that although the 10 audits originally scheduled for 2009-2010 were not all completed as planned, 10 audits were completed as described.
3. Recommended Audits for 2010-2011
For reasons explained, some audits scheduled for 2009-2010 were not undertaken. These were moved to 2010-2011 for review under the refresh exercise.
The original Risk-based Audit Plan lists a further eleven audits for consideration in 2010-2011. Suggestions from senior management added a further two audits to be considered in our refresh exercise for 2010-2011. These are the Delivery of Corporate Services at Headquarters and Strategic use of Travel.
Our refresh exercise for 2010-2011 therefore considered eighteen audit subjects. The review and priority ranking exercise considered first the need to complete a program of audit which supplemented the work of the Financial Resource Management Risk Assessment and further our knowledge of significant DFAIT program components such as Real Property and non-IT assets. The review also included an analysis of materiality, risk, and key factors such as sun-setting provisions for the review of some transfer payment programs at DFAIT. The latter part of our analysis involved consultations with senior management in DFAIT, and partners outside of the Department.
Our recommendation, after this review and assessment of priorities, is that six audits go forward in 2010-2011 with one audit held in reserve. The remaining twelve audits will be reconsidered in the 2011-12 planning exercise. Appendix C provides further detail on these audits.
Figure 2: lists the six audits, as well as one in reserve project, that will be undertaken in 2010-2011 using Internal Audit resources.
Figure 2 – Audits planned in 2010-11
| 1 | Audits as per requests and RBAP | 2 | Mandatory Audits carried out in 2010-11 | |
|---|---|---|---|---|
| RBAP 09-10 | Real Property | TB Directed | Afghanistan Contracting Special Authorities | |
| RBAP 09-10 | Information for Decision-Making in Reserve | TB Directed | Gs and Cs Academic Relations Program | |
| Management Directed | Audit of Delivery of Corporate Services at HQ | TB Directed | Global Commerce Support Program | |
| Follow up Audit of Resource Management | TB Directed | MOU Standards Council Pts of Service Enquiry | ||
| Audit of Travel | DFAIT Directed | G8/G20 Summits | ||
| RBAP 10-11 | Asset Management Non-It | |||
| RBAP 10-11 | Financial Management Controls | Audits carried out by External Auditors- DFAIT was selected to take part | ||
| For consideration in 2011-12 Refresh | RBAP 11-12 | Business Continuity | PSC-led | Audit of Staffing at DFAIT |
| RBAP 09-10 | Systems Management | PSC-led | Study of temporary help professional services and staffing in govt | |
| RBAP 09-10 | Systems Governance | OCG-led | Business Case Development | |
| For Consideration in the 2011-2012 Refresh Exercise | RBAP 10-11 | Environmental Monitoring | OAG-led | Internal Audit |
| Physical Security | OAG-led | Water Management | ||
| Strategic Planning | ||||
| Operational Planning | ||||
| HR Performance Management | ||||
| HR Compensation and Benefits | ||||
| Program Mgt Framework | ||||
| Information Mgt Life-Cycle | ||||
These are:
- Six planned audits resulting from our risk based analysis, and scheduled in the Audit Plan.
- Five funded audits required by Treasury Board.
- Five external audits conducted by other agencies, which involve DFAIT and require some audit coordination and support.
As noted above, the choice and priority of audits planned for 2010-11 has been heavily influenced by the findings of our Financial Resource Management Risk Assessment, and other audit work, completed in 2009-10. It is management’s view that action taken in 2009-10 to strengthen financial management be further supported with audits that inform on DFAIT’s financial position in the short and longer term and report on the reliability of financial and non-financial information used for decision-making.
The proposed internal audits for 2010-2011 consist of the first six projects noted below, with the remaining audit held in reserve.
| Audit | Scope and Objectives | Quarter |
|---|---|---|
| Resource Management | This Follow Up Audit will map progress by DFAIT in implementing its management response to the Financial Risk Assessment and Audit of Resource Allocation. | 1st Quarter |
| Delivery of Corporate Services | This audit will assess whether delivery of corporate services at DFAIT is aligned with Strategic Review Reduction decisions as well as Transformation objectives. | 1st Quarter |
| Non-IT Asset Management | This audit will assess the controls in place over the identification, recording, control and disposal of non-IT assets within the Department, in compliance with appropriate policies and procedures. | 2nd Quarter |
| Real Property | This audit is intended to assess operational and management processes in the area of Real Property. The effectiveness of the planning process in aligning real property decisions with departmental priorities will be reviewed. | 3rd Quarter |
| Travel | This audit will review the extent to which DFAIT’s management framework governing the administration of travel is effectively structured and operating effectively. | 4th Quarter |
| Information for decision-making | In reserve: This audit is intended to examine the controls in place to ensure that information, knowledge and corporate records are available to support decision-making. | |
| Financial Reporting Controls | In reserve: This audit will assess the effectiveness of controls over the financial reporting process within the Department as well as from the Department to Central Agencies and Parliament. |
4. Recommended Audits for 2011-2012
Determination of the internal audits that the Office of the CAE will undertake in 2011-2012 is based on the same refresh and ranking exercise described in Section 3 of this document.
| Risk-based Audit Plan 2011-12 Planned Audits | Risk-based Audit Plan 2011-2012 | Legal Management | TB Directed Audits Unknown at this time |
| Procurement (& contracting) | |||
| Platform Management | External Audits by OAG, OCG and others Unknown at this time | ||
| HR Planning | |||
| Management of Transfer Payments | |||
| Revenue Controls (in reserve) | |||
| For consideration in refresh of 2011-12 | Business Continuity | ||
| Value and Ethics | |||
| Treasury Mgt – Banking Foreign Exchange | |||
| Stakeholder Relations | |||
| Policy Management Framework | |||
| HR Staffing | |||
| Program Management Framework |
At this early stage, the proposed Audit Plan for 2011-2012 consists of five audits identified in Figure 3 (see green audit topics). The Revenue Controls audit is held in reserve. We will conduct an additional review of materiality, risk, and other factors toward the end of 2010-2011 to ensure that the final year of DFAIT’s Risk-based Audit Plan is current and in keeping with highest priority needs.
Figure 3 also lists the remaining audit topics, which had originally been listed in the Audit Plan. These will be reconsidered in the refresh exercise of 2011-12.
A description of the planned audits for 2011-12 is provided in the table that follows:
| Audits 2011-2012 | Scope and Objectives |
|---|---|
Legal Management | This audit would include an assessment of the effectiveness of the provision of legal services within the department to support the delivery of departmental programs and activities. |
| Procurement & Contracting | This audit would assess the management control framework for contracting activities in the department and determine the level of compliance with applicable government policies. |
| Platform Management | This audit would assess the capacity of and controls over the management and operation of the delivery of common administrative services to missions and headquarters. |
| HR Planning | This audit would assess the effectiveness of management controls in place for HR planning within the department, adequacy of supporting HR information, as well as, compliance with policies and directives. |
| Management of Transfer Payments | This audit will conduct an assessment of the management of transfer payments (Gs and Cs and other transfer payments) at DFAIT to ensure that appropriate policies, practices and internal management controls are applied. |
| Revenue Controls | This audit would examine the effectiveness of controls over the identification, recording, accounting and collection of revenue by the department. |
Our information on planned audits by external auditors (such as the OAG and Comptroller General) as well Treasury Board directed work in 2011-2012 is incomplete at this time.
Also, at this early stage we do not foresee DFAIT undertaking any mandatory audits during this period. We will add these elements of audit work to our planning for 2011-2012 as information comes available.
5. Recommendation to the DFAIT Audit Committee
It is requested that the Departmental Audit Committee review the Draft Audit Plan and recommend to the Deputy Minister implementation of the projects as presented and costed for 2010-2011. Should audit priorities change over the course of 2010-2011, following management directions, Internal Audit will return to the Departmental Audit Committee to inform them of recommended changes.
To note: An Operational Plan for audits selected in 2010-11 is presented at Appendix A. At Appendix B, we present the 2009-2010 risked-based audits as well as results following the first year of implementing the Plan. Appendices C (2010-2011) and D (2011-2012) list and provide consideration for audits to be completed in those years as well as considerations for those audits held in reserve.
Appendix A: Operational Plan for 2010-2011
Operational Plan 2010 - 2011
| Audit | Start Q | Auditor Weeks Forecast | Salary Costs | Consultant Costs - Audit | Consultant Days (Approximate) | Potential Travel Required |
|---|---|---|---|---|---|---|
| Risk-Based Plan Audits | ||||||
| Corporate Service Delivery at Headquarters | 1 | 60 | $90,000 | $43,000 | 60.0 | $0 |
| Non-IT Asset Management | 2 | 113 | $188,271 | $61,000 | 92.0 | with RP |
| Real Property | 3 | 46 | $72,692 | $155,000 | 155.0 | $20,000 |
| 2009-2010 Financial Statements | 2 | 2 | $4,000 | $15,000 | 15.0 | $0 |
| Financial Management Controls | 1 | 95 | $142,500 | $85,000 | 75.0 | $0 |
| Travel - Strategic Use | 4 | 56 | $91,538 | $0 | 0.0 | $0 |
| Information for Decision-Making | 0 | $0 | $0 | 0.0 | $0 | |
| Follow-Up on Resource Allocation | 2 | 7 | $10,500 | $0 | 0.0 | $0 |
| Follow-Up on Resource Allocation | 4 | 5 | $7,500 | $0 | 0.0 | $0 |
| Sub-Total Risk-Based Plan Audits | 384 | $607,001 | $359,000 | 397.0 | $20,000 | |
| Other Assurance Work | ||||||
| IA Follow-Up (AB) | 8 | $16,000 | $0 | 0.0 | No | |
| TB Submission Input & Tracking (AG) | 5 | $10,000 | $0 | 0.0 | No | |
| Continuous Auditing | 3 | $6,000 | $20,000 | 20.0 | No | |
| Sub-Total Other Assurance Work | 16 | $32,000 | $20,000 | 20.0 | ||
| Total | 400 | 639,001 | 379,000 | 417 | $20,000 | |
| Departmental Audit Work (New Requests from Senior Management or Required Based Upon Treasury Board Submission -- Cost Recovered) | ||||||
| Global Partnership Program | 1 | 27 | $40,500 | $45,000 | 45.0 | No |
| Audit of G-20 Financial Information | 3 | 2 | $3,000 | $36,200 | 40.0 | No |
| Audit of G-8 Financial Information | 3 | 1 | $1,500 | $27,700 | 30.0 | No |
| Global Commerce Support Program | 4 | 3 | $4,500 | $42,500 | 50.0 | Yes |
| Afghanistan Contracting - Special Authorities | 4 | 3 | $7,000 | $25,000 | 25.0 | Yes |
| Standards Council - Enquiry Points Service | 4 | 1 | $2,000 | $7,000 | 7.0 | No |
| Audit of In Aid of Academinc Relations | 1 | 2 | $4,000 | $103,000 | 103.0 | No |
| Cost Recovered Total | 39 | $62,500 | $286,400 | 300.0 | ||
| Office of the Comptroller General (OCG) Horizontal Audits | ||||||
| Business Case Development (only if selected) | 10 | $15,000 | $0 | 0.0 | No | |
| Sub-Total OCG | 10 | $15,000 | $0 | 0 | $0 | |
| Total | 449 | $716,501 | $665,400 | 717 | $20,000 | |
Appendix B: Audit Plan for 2009-2010
| Project | Audit Scope and Objectives | Status/Considerations |
|---|---|---|
| Risk-Based Audit Plan Activities | ||
| Dept’al Governance Structures | DAC approved a preliminary survey for an audit of Governance in 2008-09. It was delayed, but completed in 2009-10. The report reviewed the clarity and alignment of Departmental Governance roles and responsibilities, authorities and accountabilities, as well as the effectiveness of mechanisms to ensure coherence of the Department's management decisions. | Completed. The survey was undertaken, and a report was tabled with DAC and Deputy Ministers. It was concluded that the report and recommendations were sufficiently thorough and useful so as to not require further audit. |
| Resource Allocation | This audit was intended to focus on the budgeting processes within the Department, including the controls in place over the allocation of resources. | Completed. The Deputy Ministers requested that the scope of this audit be considerably expanded, to constitute an extensive external review of DFAIT's resources. Deloitte was contracted, and their report was reviewed by DAC and submitted to Deputy Ministers. |
| Expenditure Controls | Examine the degree of compliance with financial management legislation, policies and directives concerning the mgmt and control of DFAIT expenditures, with a focus on high-risk payments. | Completed. |
| TB Subs/ MCs | Included within the scope and objectives of the report on Departmental Governance Structures (above) | Partially covered under DFAIT’s Financial Resource Management Risk Assessment |
| Risk Mgt. | DFAIT was selected to participate in the Office of the Comptroller General's horizontal audit of Corporate Risk Profiles to assess the extent to which they are adequate and effective to: 1)support their development and progressive refinement; 2)respond to changing risk environment; 3) establish interfaces with business plans and performance management. | Partially completed. DFAIT was included in the Horizontal Audit of Corporate Risk Profiles of the OCG |
| Asset Mgt. – IT | This audit was intended to assess the controls in place over the identification, recording, control and disposal of information technology assets within the Department and compliance with appropriate policies and directives. | Partially completed. DFAIT was included in the Horizontal Audit of IT Asset Management of the OCG |
| Real Property | This audit is intended to assess operational and management processes and related controls over two key areas: the effectiveness of the planning process in aligning real property decisions with departmental priorities, and; the health and safety of employees in compliance with existing authorities. | Moved to year 2010-11. |
| Info Mgt., Support for Decision Making | This audit is intended to examine the controls in place to ensure that corporate records, information and knowledge are available to support decision-making. | Moved to year 2010-11. |
| Systems Mgt. | This audit is intended to examine the information technology management control framework. The audit will address systems development, implementation, operation and maintenance, integration, change management, telecommunications, and network management. | Moved to year 2010-11. However, consultations and review indicate this is not a priority audit for 2010-11. Move to 2011-12 for reconsideration. |
| Systems Governance | This audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments. | Moved to year 2010-11. However, consultations and review indicate this is not a priority audit for 2010-11. Move to 2011-12 for reconsideration. |
Appendix C: Audit Plan for 2010-2011
| Project | Audit Scope and Objectives | Status/Considerations |
|---|---|---|
| Risk-Based Audit Plan Activities | ||
| Real Property | This audit is intended to assess operational and management processes and related controls over two key areas: the effectiveness of the planning process in aligning real property decisions with departmental priorities, and; the health and safety of employees in compliance with existing authorities. | Originally planned in 2009-10. Will be completed in 2010-11. |
| Asset Management (non-IT) | This audit will assess the controls in place over the identification, recording, control and disposal of non IT assets within the Department in compliance with appropriate policies and procedures. | Planned for 2010-11. Will be completed in 2010-11. |
| Financial Reporting Controls | This audit will assess the effectiveness of controls over the financial reporting process within the Department as well from the Department to central agencies and parliament. | Audit will map DFAIT’s progress, throughout 2010-11, of implementing key recommendations of the Financial Resource Management Risk Assessment which concern the development of financial reporting controls. |
| Info Mgt., Support for Decision Making | This audit is intended to examine the controls in place to ensure that corporate records, information and knowledge are available to support decision-making. | Originally planned for 2009-10. Is in reserve for 2010-11. |
Appendix C: Audit Plan for 2010-2011
| Managment Directed Audits | |
|---|---|
| Audit of Delivery of Corporate Services at HQ | Assess whether delivery of corporate services at DFAIT is aligned with Strategic Review Reductions as well as Transformation objectives. |
| Audit of Travel | Extent to which DFAIT’s mgt. framework governing the administration of travel is effectively structure and operating effectively. As well, controls established ensure compliance with applicable policies and directives. |
| Resource Management | This Follow Up Audit will map progress by DFAIT in implementing its management response to the Financial Risk Assessment and Audit of Resource Allocation. |
Appendix C: Audit Plan for 2010-2011
| Treasury Board Directed Activities | |
|---|---|
| Contracting Auth. Afghanistan | Audit of compliance with special contracting authority. |
| Gs & Cs Academic Relations | Audit of the Terms and Conditions. |
| Global Commerce Support Program | Early implementation review of the new program to be completed as per Treasury Board Submission. |
| MOU Points of Service | Audit of MOU with Standards Council of Canada. |
| G8 and G20 Summits | Audit of compliance with the financial terms and conditions. |
Appendix C: Audit Plan for 2010-2011
| Project | Audit Scope and Objectives | Status/Considerations | ||
|---|---|---|---|---|
| Audits that will not get done in 2010-11. All held for reconsideration in 2011-12. | ||||
| Systems Mgt. | This audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments. | Was to be initiated in 2009-10 and moved to 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| Systems Governance | This audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments. | Was to be initiated in 2009-10 and moved to 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| Environmental Monitoring | This audit will examine the effectiveness of the Department's Environmental Management System (EMS) in supporting the management of environmental issues in relation to the Department's physical operations. | Was to be initiated in 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| Security (Physical) | This audit will examine DFAIT's controls over physical security within the Department to ensure the safety of personnel and to safeguard information and assets. It will also assess the degree of compliance with relevant aspects of Government Security Policy. | MC to Cabinet is being prepared. Once departmental response and actions have been announced, determine if audit is warranted. | ||
| Management of Transfer Payments | Assessment of transfer payments (Gs & Cs) and other transfer payments to ensure that appropriate policies, practices and internal management controls are aligned. | Moved to 2011-12. Align with sunsetting measures of Gs & Cs. | ||
| Strategic Planning | Audit of strategic planning framework. It will include an assessment of the ways and means DFAIT uses to align its programs with the strategic outcomes and the PAA. | Was to be initiated in 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| Operational Planning | This audit was intended to review the operational planning processes within DFAIT in order to ensure alignment of the operational plans with strategic plans. | Was to be initiated in 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| HR Performance Mgt | This audit will assess the adequacy and effectiveness of management processes and controls in place for the management of employee performance within the Department as well as compliance with policies and directives. | Move to 2011-2012. | ||
| HR Compensation & Benefits | This audit will assess the management of, and control in place for, compensation and benefits activities being delivered in the Department, as well as the degree of compliance with related policies and directives. | Move to 2011-2012 | ||
| Program Development Framework | This audit will examine core controls related to the methodology and processes in place to plan, develop, approve and implement departmental programs. | Was to be initiated in 2010-11. Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12. | ||
| Information Mgt. Lifecycle | This audit will analyse the controls in place over the creation, retention, retrieval and disposal of information within the Department, as well as compliance with legislation, policies and directives (including Access to Information and Privacy policies). | Some elements of this audit may be incorporated in the Audit of Information for Decision-Making. | ||
Appendix D: Audit Plan for 2011-2012
| Project | Audit Scope and Objectives | Status/Considerations | ||
|---|---|---|---|---|
| Risk-Based Audit Plan Activities | ||||
Legal Mgt. | Assess effectiveness of provision of legal services within Dept to support delivery of programs/activities. | Planned in 2011-12. | ||
| Procurement (including contracting) | Assess management control framework for contracting activities and determine the level of compliance with applicable government policies. | Planned in 2011-12. | ||
| Policy Mgt. Framework | Examine core controls related to the methodology and processes in place to plan, develop, approve, implement and monitor departmental policies. | Reconsider for next three-year audit planning cycle. | ||
| Business Continuity | Assess the adequacy of the management framework in place to support business continuity planning and monitoring as well as compliance with legislated requirements. | Reconsider in 2011-12. | ||
| Stakeholder Relations | Examine effectiveness of the ways and means that Platform mgmt relates to dept'al clients, setting SLAs and delivery cost effective service. | Only audit featured in RBAP which allows a review of some core controls related to Citizen-service Delivery. | ||
| Program Mgt. – Performance Mgt. | Examine controls in place to ensure that the results of programs and activities are appropriately monitored and measured. | Reconsider for next three-year audit planning cycle. | ||
| Platform Mgt.- Framework & Capacity | Assess the capacity of and controls over the management and operation of the delivery of common administrative services to missions and HQ. | Planned in 2011-12. | ||
| Values & Ethics | Audit will confirm that the Dept's procedures and policies for promoting values and ethics are part of the management control framework. | In reserve 2011-12. | ||
| Treasury Mgt. (Banking & Foreign Exchange) | Audit of the Treasury management function at DFAIT | Will use audit program developed by Treasury Board to complete this audit. | ||
| HR Staffing | Assurance to senior management that the Department is taking the necessary steps to ensure compliance with Public Service Employment Act. | Already covered by the PSC Audit of Staffing. Use results of PSC Audit to scope HR Planning Audit. | ||
| HR Planning | Assess effectiveness of mgt controls in place for HR planning within the Dept, adequacy of supporting HR info, & compliance with policies & directives. | Planned in 2011-12. | ||
| Revenue Controls | Examine effectiveness of controls over the identification, recording, accounting and collection of revenue by the DFAIT. | Planned in 2011-12. | ||
Appendix E - Audit Plan MAF and Core Control Coverage
MAF : Resulting coverage 2010-11 Audits
| Public Service Values | |||||
|---|---|---|---|---|---|
| Governance and Strategic Directions | OCG Business Cases for Investments | Policy and Programs | People | Citizen-focused Service | Results and Performance |
| CESD Water Management | PSC Audit of Staffing | ||||
| Audit of Real Property | PSC Study : Temp Help & Staffing | ||||
| Gs & Cs : Academic Ret. Program | |||||
| Global Commerce Program | |||||
| MOU: Standards Council | |||||
| Information for Decision-Making | Risk Management | Stewardship | Accountability | ||
| OAG – Internal Audit | Delivery of Corporate Services | ||||
| Follow-up: Resource Management | |||||
| Audit of Travel | |||||
| Non-IT Asset Management | |||||
| G8/G20 Summit | |||||
| Auth. to contract. Afgh. Task Force | |||||
| Audit Financial Reporting Controls | |||||
| Learning Innovation and Change Management | |||||
Appendix F – Audit Universe Mapped to DFAIT Program Activity
| Audit Universe | Int’l Policy Advice & Integration | Diplomacy & Advocacy | Int’l Commerce | Consular Affairs | Passport Canada | Int’l Platform: Support at HQ | Int’l Platform: Support at Missions | Internal Services | Total | |
|---|---|---|---|---|---|---|---|---|---|---|
| Business Process | Audit Subject | |||||||||
| Budget Allocation | $120.3M | $991.9M | $88.3M | $54.5M | $344.2M | $349.8M | $449.6M | $114.5M | $2,513M | |
| Governance | 1. Dept’al Governance Structures | Year 1 | ||||||||
| 2. TB Submissions/MCs | Year 1 | |||||||||
| 3. Risk Mgt. | Year 1 | |||||||||
| 4. Values & Ethics | Year 3 | |||||||||
| Dept’al Planning & Resource Allocation | 5. Strategic Planning | NGD | ||||||||
| 6. Operational Planning | NGD | |||||||||
| 7. Resource Allocation | Year 1 | |||||||||
| 8. Corporate Service Delivery | Year 2 | |||||||||
| Policy Development | 9. Policy Mgt. Framework | NGD | NGD | NGD | NGD | |||||
| 10. Environmental Monitoring | NGD | |||||||||
| Program Management | 11. Program Mgt. Framework & Capacity | NGD | ||||||||
| 12. Performance Mgt. | NGD | |||||||||
| 13. Mgt. of Transfer Payments | Year 3 | |||||||||
| Platform Management | 14. Mgt. Framework & Capacity | Year 3 | Year 3 | |||||||
| 15. Stakeholder Relations | NGD | NGD | ||||||||
| 16. Legal Management | Year 3 | |||||||||
| Financial Management | 17. Expenditure Controls | Year 1 | ||||||||
| 18. Revenue Controls | Year 3 | |||||||||
| 19. Reporting Controls | Year 2 | |||||||||
| 20. Treasury Mgt. | Year 3 | |||||||||
| 21. Procurement | Year 3 | |||||||||
| 22. Travel | Year 2 | |||||||||
| Information Management | 23. Support for decision-making | Year 2 | Year 2 | |||||||
| 24. Lifecycle | Year 2 | Year 2 | ||||||||
| Asset Management | 25. IT | NGD | NGD | |||||||
| 26. Non-IM/IT | Year 2 | Year 2 | ||||||||
| 27. Real Property | Year 2 | Year 2 | ||||||||
| Human Resources | 28. Planning | Year 3 | ||||||||
| 29. Performance Mgt. | NGD | |||||||||
| 30. Compensation & Benefits | NGD | |||||||||
| 31. Staffing | NGD | |||||||||
| IT Management | 32. Systems Governance | NGD | ||||||||
| 33. Systems Management | NGD | NGD | ||||||||
| Business Continuity | 34. Business Continuity | Year 3 | ||||||||
| 35. Security (Physical) | NGD | NGD | ||||||||
| Note: NGD – Will not get done. Should additional resources be provided in 2011-12, this audit subject will be included for consideration in the 2011-12 RBAP refresh exercise. | ||||||||||
Appendix G - DFAIT Corporate Risk Profile 2010-2011
| Risk | Risk Statement |
|---|---|
| 1. Domestic and international economic and political conditions | Domestic and international instability will likely affect DFAIT’s ability to attract and retain foreign investment into Canada and its ability to facilitate the success of Canadian businesses abroad. Foreign trade and financial protectionism as well as rapidly evolving economic policies and regulatory frameworks will likely impair access to international capital, contracts and trade opportunities and may result in non-compliance with international obligations, possible litigation, and the relocation of Canadian businesses and loss of local jobs… Volatile global economies will also likely lead to more domestic and international political uncertainties that could influence policy initiatives and program delivery… |
| 2. Human and knowledge Capital | DFAIT will likely continue to face significant challenges in recruitment and retention of qualified and experienced personnel in the wide range of key occupational groups relating to its rotational and non-rotational personnel as well as high-performing locally engaged (LES) staff with corporate memory…. |
| 3. Service to Canadian Citizens Abroad and Protection of Government Personnel, Interests and Assets | The physical security of Government of Canada-deployed personnel may be threatened due to increased exposure of embassy worksites to loss through fire, earthquake, flood or hostile action…. |
| 4. Adequacy and Integrity of Human Resources, Financial and Information Management Systems for Decision Making and Reporting | Inconsistent collection and maintenance of corporate memory, inadequate interoperability among departmental financial, information and HR systems, duplicate systems and data standards, and lack of data integrity could impede the improvement of business processes, resource planning, reporting and decision making….. |
| 5. Alignment of Resources to Priorities and Change Management | The Department faces a number of governance and transition challenges in moving forward with the implementation of major resource alignment initiatives….. |
| 6. Internal and External Communications | Organizational dispersion (e.g. more than 300 points of service around the world) and increased complexity of communication coordination and technology across global locations could weaken cohesion and timely, transparent delivery of the departmental message to target audiences….. |
| 7. Litigation, Treaty or Trade Dispute and resulting liability | |
| 8. Internal and External dependencies and alignment with partners: other government departments (OGDs) and foreign governments | |
| 9. Resource Alignment to Priorities | |
| 10. Potential for Surprise | |
| 11. Business Continuity |
*If you require a plug-in or a third-party software to view this file, please visit the alternative formats section of our help page.
