Foreign Affairs, Trade and Development Canada
Symbol of the Government of Canada

Foreign Affairs, Trade and Development Canada

international.gc.ca

Risk-based Audit Plan 2009-2012

Annual Refresh and Proposed Audits for 2010-2012

(PDF Version, 1.6 MB) *

Preface from the Chief Audit Executive

Executive Summary

Overview of Planning

Audit Universe

Management Accountability and Core Controls

Consultations

Risk Assessment

Audit Accomplishments 2009-2010

Recommended Audits for 2010-2011

Recommendation to DFAIT Audit Committee 2011-2012

Recommendation to DFAIT Audit Committee

Appendix A: OPERATIONAL PLAN FOR 2010-2011

Appendix B: Audit Plan for 2009-2010

Appendix C: Audit Plan for 2010-2011

Appendix D : Audit Plan for 2011-2012

Appendix E: AUDIT PLAN MAF AND CORE CONTROL COVERAGE

Appendix F: AUDIT UNIVERSE MAPPED TO DFAIT PROGRAM ACTIVITY

Appendix G: DFAIT CORPORATE RISK PROFILE 2010-2011

Preface from the Chief Audit Executive

I am pleased to present an update to our three-year Risk Based Audit Plan.

This document has been developed by the Office of the Chief Audit Executive with partners, in careful accordance with the requirements of Treasury Board Secretariat and the Office of the Comptroller General. We have consulted widely, particularly with senior management of our Department and the Offices of the Auditor General and Comptroller General.

This review has given us the opportunity to refresh our audit plan, in keeping with changing risks and priorities. The document provides an assessment of what has been accomplished in DFAIT’s audit program in 2009-2010. It also offers an objective assessment of DFAIT’s audit requirements, and our capacity to complete the remaining two years of our Risk-based Audit Plan.

Our challenge in 2009-2010 was to balance planned internal audit activities with urgent audit assignments related to our decision to undertake the Financial Resource Management Risk Assessment.

It is important to note that this assessment led to the identification of additional priority audit projects to be completed in 2009-2010, which were considered critical to the Department.

I am confident that our recommendations for planned internal audits in the next two business years support stronger financial management and emphasize effective risk management and stewardship of resources.

One of the key requirements of the Treasury Board Policy on Internal Audit is for the Chief Audit Executive to provide an annual overview assurance report on the state of departmental risk management, control and governance processes. The results of our audit work to date, and our recommendations for future audits as described in this refreshed Plan, will be central to my assurance report.

I have appreciated the wide co-operation and joint effort in the planning and implementation of our three year audit program for the Department of Foreign Affairs and International Trade.

Yves Vaillancourt
Chief Audit Executive
Foreign Affairs and International Trade

Executive Summary

This document describes the risk-based planning and selection of the Department of Foreign Affairs and International Trade’s (DFAIT) internal audits for the period of 2010 to 2012. This updated version of the Risk-based Audit plan has been prepared in accordance with the applicable requirements of the 2009 Treasury Board Policy on Internal Audit, its directives and guidelines.

The Audit Plan was prepared following an analysis of the DFAIT audit universe, a review of significant audit findings resulting from past audit reports, interviews with senior management of the Department, and a final ranking exercise which took into consideration materiality, risk, relevance and value-added criteria.

Selection of audit projects for 2010-2011 also took into consideration “in reserve” audits (re: audit engagements not undertaken in 2009-2010) as well as coverage of audit subject matters by external auditors such as the Public Service Commission, the Office of the Comptroller General and Office of the Auditor General. Finally, over the course of the year, senior management suggested specific management issues which they sensed merited audit attention, such as the Delivery of Corporate Services at DFAIT headquarters and Strategic Use of Travel. These suggestions were also considered in developing our Audit Plan.

The Departmental Audit Committee considered the selection of these projects at a meeting held in February 2010. Their recommendations are incorporated in this Plan. Once formal approval has been granted by the Deputy Ministers, the Office of the Chief Audit Executive will move to complete approved audits for 2010-2011.

1. Overview of Planning

a) Audit Universe

Audit entities defined as management business processes were presented in the original 2009-2012 Risk-based Audit Plan. For the purposes of this refresh exercise we have considered these audit subjects and their initial risk analysis. Additional audit subjects have been identified in our refresh, resulting in an updated audit universe. All audit subjects were reviewed, and their risk assessed, in selecting and recommending audit projects for 2010-2011 and 2011-2012.

b) Management Accountability and Core Controls

Our review and analysis of risk has resulted in a recommendation of six audits in 2010-11 and five audits in 2011-2012. We have also reviewed how these new projects will increase our knowledge of DFAIT and provide adequate coverage of the department’s operational processes. The results of our review of past audit findings, coupled with an assessment of how the proposed audits cover key core management controls is presented in Annex E.

The audit work we conducted in 2009-2010 concentrated on stewardship, more specifically on gaining a better understanding of DFAIT’s risks related to financial management. The recommended audits for 2010-2011 continue our review of the Department’s resource management and its progress in implementing the management actions flowing from the Financial Management Project.

As well, the audits of the Management of Real Property and Non-IT Assets further our understanding of the accounting by DFAIT of these expenditures including the processes for their recording, valuation, use and disposal.

Given the planned audits by external auditors, an assessment of DFAIT’s management of staffing will provide important information on the “people” core management control. Finally, understanding of the management of Grants and Contributions will be gained from TB-directed audits.

c) Consultations

In preparing its plan for 2010-2011, Internal Audit considered:

  • Audits which would assist in implementing Year 2 of the recommendations of the Financial Resource Management Risk Assessment and Audit of Resource Allocation.
  • Views of DFAIT senior management of risk through interviews across the Department at HQ and missions.
  • Views, as well as planned audits, of external auditors and other providers of assurance. In 2010-2011, the resources of the CAE will work with external auditors in an assessment of DFAIT’s internal management of staffing (with PSC), internal audit (with OAG), contracting temporary help (with PSC), as well as delivery of a mandate related to water management (with the Commissioner for Sustainable Development). DFAIT may also be asked to take part in an OCG-led audit of Business Case Development.
  • Assessment of risk by peer Executives responsible for oversight in the areas of inspection, investigations and evaluations at DFAIT.

d) Risk Assessment

The assessment of risk in this review has benefited from the CAE’s increased knowledge of DFAIT’s programs. This has been achieved through audits we have conducted in the first year of the Plan, the further development of DFAIT’s Corporate Risk Profile, and the role of the CAE in reviewing the Department’s changing priorities.

The final ranking of recommended audit projects for 2010-2011 and 2011-2012 was achieved following:

  • A review by Internal Audit, of the initial risk assessment presented in the 2009-2012 Risk-Based Audit Plan, to validate risk information against any changes in DFAIT’s program structure and priorities. This exercise emphasized the need to continue audit work that contributes to strengthening the Department’s resource management regime.
  • An assessment of areas of significance (for the entity/topic examined). Consideration was given to audit projects which examine those areas of the department where there is greater financial significance or considerable resources have been directed, and which support directly and substantially departmental objectives and priorities.

2. AUDIT ACCOMPLISHMENTS IN 2009-2010

Much was accomplished by DFAIT’s Internal Audit work in 2009-2010. Completing the Financial Resource Management Risk Assessment was central to our support of effective risk management and sound resource stewardship of the Department. Our contribution to this critical area was further strengthened through audits in such areas as Resource Allocation, Expenditure Controls, Headquarters Growth and a Progress Report on Implementation of Strategic Review Reductions.

For good reason the audit program we implemented in 2009-2010 was not entirely in keeping with the originally approved Risk-based Audit Plan. Figure 1 illustrates what was originally planned, and what was completed. It also indicates the consequence of necessary changes, in particular audits that required re-scheduling to 2010-2011, and 2011-12.

Ten audit projects had been approved for 2009-2010. Based on available funding, the Office of the Chief Audit Executive decided to proceed with 7 of the 10: departmental governance structures, resource allocation, expenditure controls for high risk payments, information for decision making, real property, systems governance and systems management. The first three in italics were completed and reported on. Due to a shift in Departmental priorities, and budget reductions for Internal Audit, the remaining audits to be completed in 2009-2010 were moved to 2010-2011 to be reconsidered following a refresh exercise.

Figure 1: Risk-based Audit Plan

 1Audits planned in 2009-20102RBAP/Directed Audits completed in 2009-2010 
RBAP 09-10Departmental Governance StructuresRBAP 09-10Departmental Governance Structures  
RBAP 09-10Resource AllocationRBAP 09-10Resource Allocation  
RBAP 09-10Expenditure Controls for high risk paymentsRBAP 09-10Expenditure Controls for high risk payments  
Not Completed Move to 2010-11

RBAP 09-10

Information for Decision-MakingNote: Management Directed Audit 2009-2010Financial Resource Management Risk Assessment 
 RBAP 09-10Real PropertyNote 3 Opinion
 RBAP 09-10Systems ManagementHeadquarters Growth
RBAP 09-10Systems GovernanceImplementation of Strategic Review Reductions of 2007 
  

RBAP 09-10

TB Decisions and MCsRBAP 09-10Partially covered under the Financial Res. Management Risk Assessment
 RBAP 09-10IT Asset ManagementCovered by OCG Horizontal Audits:IT Asset Management
 RBAP 09-10

Risk Management

Corporate Risk Profile

In 2009-2010, DFAIT faced serious matters concerning its budget and financial administration. There were further challenges in preparing for the presentation of DFAIT’s Financial Statements.

Senior management requested, and the CAE agreed, that the four audit projects below be completed as a priority:

  • An analysis of Note 3, supporting work to approve the Department’s Financial Statements;
  • Effective coordination between the External Review on Budgeting and Forecasting (which led to the Financial Resource Management Risk Assessment) and the conduct of an internal audit of Resource Allocation.
  • An audit opinion on growth at DFAIT’s headquarters
  • An audit of progress in the implementation of the 2007 Strategic Review Reductions.

During the review of the Financial Statements, requests of senior management and the DAC for supporting details of Financial Statement line items could often not be answered in a timely fashion. As a result, a reconciliation of Note 3 was completed. Also, a lack of information on departmental charges which drove DFAIT’s spending in 2008-09 was compounded with a sudden short fall in DFAIT’s operating budget at mid-year.

Internal Audit was asked to undertake a Financial Resource Management Risk Assessment to provide early analysis of the reliability of the Department’s forecast. Other audit tasks were completed in the early Winter to further the Department’s overall understanding of the root causes of the budgetary shortfall and recommend financial management practices to prevent this situation from recurring.

As the above-noted audits examined in depth DFAIT’s management of its finances, three additional audits planned for 2009-2010 were covered by other assurance providers:

  • Audit of Risk Management was completed through DFAIT being included in the OCG Horizontal Audit of Corporate Risk Profiles. The OCG reported in March 2010 on the results for the Department.
  • Information Technology Asset Management was also covered with OCG including DFAIT in its Horizontal Audit of IT Asset Management.  The OCG will report in September 2010 on this matter to the Government of Canada Audit Committee.
  • Treasury Board Submissions and MCs was covered as part of work initiated under the Financial Resource Management Rick Assessment. The resulting management action plan addresses improved coordination and management of this function.

As well, a mandatory audit of the management of grants and contributions of the Global Partnership Program was initiated in the fourth quarter of 2009-2010, and should be completed in the first quarter of 2010-2011. It is important to note that although the 10 audits originally scheduled for 2009-2010 were not all completed as planned, 10 audits were completed as described.

3. Recommended Audits for 2010-2011

For reasons explained, some audits scheduled for 2009-2010 were not undertaken. These were moved to 2010-2011 for review under the refresh exercise.

The original Risk-based Audit Plan lists a further eleven audits for consideration in 2010-2011. Suggestions from senior management added a further two audits to be considered in our refresh exercise for 2010-2011. These are the Delivery of Corporate Services at Headquarters and Strategic use of Travel.

Our refresh exercise for 2010-2011 therefore considered eighteen audit subjects. The review and priority ranking exercise considered first the need to complete a program of audit which supplemented the work of the Financial Resource Management Risk Assessment and further our knowledge of significant DFAIT program components such as Real Property and non-IT assets. The review also included an analysis of materiality, risk, and key factors such as sun-setting provisions for the review of some transfer payment programs at DFAIT. The latter part of our analysis involved consultations with senior management in DFAIT, and partners outside of the Department.

Our recommendation, after this review and assessment of priorities, is that six audits go forward in 2010-2011 with one audit held in reserve. The remaining twelve audits will be reconsidered in the 2011-12 planning exercise. Appendix C provides further detail on these audits.

Figure 2: lists the six audits, as well as one in reserve project, that will be undertaken in 2010-2011 using Internal Audit resources.

Figure 2 – Audits planned in 2010-11

 1Audits as per requests and RBAP2Mandatory Audits carried out in 2010-11
 RBAP 09-10Real PropertyTB DirectedAfghanistan Contracting Special Authorities
 RBAP 09-10Information for Decision-Making in ReserveTB DirectedGs and Cs Academic Relations Program
 Management DirectedAudit of Delivery of Corporate Services at HQTB DirectedGlobal Commerce Support Program
 Follow up Audit of Resource ManagementTB DirectedMOU Standards Council Pts of Service Enquiry
 Audit of TravelDFAIT DirectedG8/G20 Summits
 RBAP 10-11Asset Management Non-It 
 RBAP 10-11Financial Management ControlsAudits carried out by External Auditors- DFAIT was selected to take part
For consideration in  2011-12 RefreshRBAP 11-12Business ContinuityPSC-ledAudit of Staffing at DFAIT
RBAP 09-10Systems ManagementPSC-ledStudy of temporary help professional services and staffing in govt
RBAP 09-10Systems GovernanceOCG-ledBusiness Case Development
For Consideration in the 2011-2012 Refresh ExerciseRBAP 10-11Environmental MonitoringOAG-ledInternal Audit
Physical SecurityOAG-ledWater Management
Strategic Planning 
Operational Planning
HR Performance Management
HR Compensation and Benefits
Program Mgt Framework
Information Mgt Life-Cycle

These are:

  • Six planned audits resulting from our risk based analysis, and scheduled in the Audit Plan.
  • Five funded audits required by Treasury Board.
  • Five external audits conducted by other agencies, which involve DFAIT and require some audit coordination and support.

As noted above, the choice and priority of audits planned for 2010-11 has been heavily influenced by the findings of our Financial Resource Management Risk Assessment, and other audit work, completed in 2009-10. It is management’s view that action taken in 2009-10 to strengthen financial management be further supported with audits that inform on DFAIT’s financial position in the short and longer term and report on the reliability of financial and non-financial information used for decision-making.

The proposed internal audits for 2010-2011 consist of the first six projects noted below, with the remaining audit held in reserve.

AuditScope and ObjectivesQuarter
Resource ManagementThis Follow Up Audit will map progress by DFAIT in implementing its management response to the Financial Risk Assessment and Audit of Resource Allocation. 1st Quarter
Delivery of Corporate ServicesThis audit will assess whether delivery of corporate services at DFAIT is aligned with Strategic Review Reduction decisions as well as Transformation objectives.1st Quarter
Non-IT Asset ManagementThis audit will assess the controls in place over the identification, recording, control and disposal of non-IT assets within the Department, in compliance with appropriate policies and procedures.2nd Quarter
Real PropertyThis audit is intended to assess operational and management processes in the area of Real Property. The effectiveness of the planning process in aligning real property decisions with departmental priorities will be reviewed.3rd Quarter
TravelThis audit will review the extent to which DFAIT’s management framework governing the administration of travel is effectively structured and operating effectively.4th Quarter
Information for decision-makingIn reserve: This audit is intended to examine the controls in place to ensure that information, knowledge and corporate records are available to support decision-making. 
Financial Reporting ControlsIn reserve: This audit will assess the effectiveness of controls over the financial reporting process within the Department as well as from the Department to Central Agencies and Parliament. 

4. Recommended Audits for 2011-2012

Determination of the internal audits that the Office of the CAE will undertake in 2011-2012 is based on the same refresh and ranking exercise described in Section 3 of this document.

Figure 3 – Planned Audits to be carried out in 2011-12
Risk-based Audit Plan 2011-12  Planned AuditsRisk-based Audit Plan 2011-2012Legal ManagementTB Directed Audits Unknown at this time
Procurement (& contracting)
Platform ManagementExternal Audits by OAG, OCG and others  Unknown at this time
HR Planning
Management of Transfer Payments
Revenue Controls  (in reserve)
For consideration in refresh of 2011-12Business Continuity 
Value and Ethics
Treasury Mgt – Banking
Foreign Exchange
Stakeholder Relations
Policy Management Framework
HR Staffing
Program Management Framework

At this early stage, the proposed Audit Plan for 2011-2012 consists of five audits identified in Figure 3 (see green audit topics). The Revenue Controls audit is held in reserve. We will conduct an additional review of materiality, risk, and other factors toward the end of 2010-2011 to ensure that the final year of DFAIT’s Risk-based Audit Plan is current and in keeping with highest priority needs.

Figure 3 also lists the remaining audit topics, which had originally been listed in the Audit Plan. These will be reconsidered in the refresh exercise of 2011-12.

A description of the planned audits for 2011-12 is provided in the table that follows:

Audits 2011-2012Scope and Objectives

Legal Management

This audit would include an assessment of the effectiveness of the provision of legal services within the department to support the delivery of departmental programs and activities.
Procurement & ContractingThis audit would assess the management control framework for contracting activities in the department and determine the level of compliance with applicable government policies.
Platform ManagementThis audit would assess the capacity of and controls over the management and operation of the delivery of common administrative services to missions and headquarters.
HR PlanningThis audit would assess the effectiveness of management controls in place for HR planning within the department, adequacy of supporting HR information, as well as, compliance with policies and directives.
Management of Transfer PaymentsThis audit will conduct an assessment of the management of transfer payments (Gs and Cs and other transfer payments) at DFAIT to ensure that appropriate policies, practices and internal management controls are applied.
Revenue ControlsThis audit would examine the effectiveness of controls over the identification, recording, accounting and collection of revenue by the department.

Our information on planned audits by external auditors (such as the OAG and Comptroller General) as well Treasury Board directed work in 2011-2012 is incomplete at this time.

Also, at this early stage we do not foresee DFAIT undertaking any mandatory audits during this period. We will add these elements of audit work to our planning for 2011-2012 as information comes available.

5. Recommendation to the DFAIT Audit Committee

It is requested that the Departmental Audit Committee review the Draft Audit Plan and recommend to the Deputy Minister implementation of the projects as presented and costed for 2010-2011. Should audit priorities change over the course of 2010-2011, following management directions, Internal Audit will return to the Departmental Audit Committee to inform them of recommended changes.

To note: An Operational Plan for audits selected in 2010-11 is presented at Appendix A. At Appendix B, we present the 2009-2010 risked-based audits as well as results following the first year of implementing the Plan. Appendices C (2010-2011) and D (2011-2012) list and provide consideration for audits to be completed in those years as well as considerations for those audits held in reserve.

Appendix A: Operational Plan for 2010-2011

Operational Plan 2010 - 2011

AuditStart QAuditor Weeks ForecastSalary CostsConsultant Costs - AuditConsultant Days (Approximate)Potential Travel Required
Risk-Based Plan Audits
Corporate Service Delivery at Headquarters160$90,000$43,00060.0$0
Non-IT Asset Management2113$188,271$61,00092.0with RP
Real Property346$72,692$155,000155.0 $20,000
2009-2010 Financial Statements22$4,000$15,00015.0$0
Financial Management Controls195$142,500$85,00075.0$0
Travel - Strategic Use456$91,538$00.0$0
Information for Decision-Making 0$0$00.0$0
Follow-Up on Resource Allocation27$10,500$00.0$0
Follow-Up on Resource Allocation45$7,500$00.0$0
Sub-Total Risk-Based Plan Audits 384$607,001$359,000397.0 $20,000
Other Assurance Work
IA Follow-Up (AB) 8$16,000$00.0No
TB Submission Input & Tracking (AG) 5$10,000$00.0No
Continuous Auditing 3$6,000$20,00020.0No
Sub-Total Other Assurance Work 16$32,000$20,00020.0 
Total 400639,001379,000417$20,000
Departmental Audit Work (New Requests from Senior Management or Required Based Upon Treasury Board Submission -- Cost Recovered) 
Global Partnership Program127$40,500$45,00045.0No
Audit of G-20 Financial Information32$3,000$36,20040.0No
Audit of G-8 Financial Information31$1,500$27,70030.0No
Global Commerce Support Program43$4,500$42,50050.0Yes
Afghanistan Contracting - Special Authorities43$7,000$25,00025.0Yes
Standards Council - Enquiry Points Service41$2,000$7,0007.0No
Audit of In Aid of Academinc Relations12$4,000$103,000103.0No
Cost Recovered Total 39$62,500$286,400300.0 
Office of the Comptroller General (OCG) Horizontal Audits
Business Case Development (only if selected) 10$15,000$00.0No
Sub-Total OCG 10$15,000$00$0
Total 449$716,501$665,400717$20,000

Appendix B: Audit Plan for 2009-2010

ProjectAudit Scope and ObjectivesStatus/Considerations
Risk-Based Audit Plan Activities
Dept’al Governance StructuresDAC approved a preliminary survey for an audit of Governance in 2008-09.  It was delayed, but completed in 2009-10.  The report reviewed the clarity and alignment of Departmental Governance roles and responsibilities, authorities and accountabilities, as well as the effectiveness of mechanisms to ensure coherence of the Department's management decisions.Completed. The survey was undertaken, and a report was tabled with DAC and Deputy Ministers.  It was concluded that the report and recommendations were sufficiently thorough and useful so as to not require further audit.
Resource AllocationThis audit was intended to focus on the budgeting processes within the Department, including the controls in place over the allocation of resources.Completed.  The Deputy Ministers requested that the scope of this audit be considerably expanded, to constitute an extensive external review of DFAIT's resources. Deloitte was contracted, and their report was reviewed by DAC and submitted to Deputy Ministers.
Expenditure ControlsExamine the degree of compliance with financial management legislation, policies and directives concerning the mgmt and control of DFAIT expenditures, with a focus on high-risk payments.Completed.
TB Subs/ MCsIncluded within the scope and objectives of the report on Departmental Governance Structures (above)Partially covered under DFAIT’s Financial Resource Management Risk Assessment
Risk Mgt.DFAIT was selected to participate in the Office of the Comptroller General's horizontal audit of Corporate Risk Profiles to assess the extent to which they are adequate and effective to: 1)support their development and progressive refinement; 2)respond to changing risk environment; 3) establish interfaces with business plans and performance management.Partially completed.  DFAIT was included in the Horizontal Audit of Corporate Risk Profiles of the OCG
Asset Mgt. – ITThis audit was intended to assess the controls in place over the identification, recording, control and disposal of information technology assets within the Department and compliance with appropriate policies and directives.Partially completed.  DFAIT was included in the Horizontal Audit of IT Asset Management of the OCG
Real PropertyThis audit is intended to assess operational and management processes and related controls over two key areas: the effectiveness of the planning process in aligning real property decisions with departmental priorities, and; the health and safety of employees in compliance with existing authorities.Moved to year 2010-11.
Info Mgt., Support for Decision MakingThis audit is intended to examine the controls in place to ensure that corporate records, information and knowledge are available to support decision-making.Moved to year 2010-11.
Systems Mgt.This audit is intended to examine the information technology management control framework. The audit will address systems development, implementation, operation and maintenance, integration, change management, telecommunications, and network management.Moved to year 2010-11. However, consultations and review indicate this is not a priority audit for 2010-11.  Move to 2011-12 for reconsideration.
Systems GovernanceThis audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments.Moved to year 2010-11. However, consultations and review indicate this is not a priority audit for 2010-11.  Move to 2011-12 for reconsideration.

Appendix C: Audit Plan for 2010-2011

ProjectAudit Scope and ObjectivesStatus/Considerations
Risk-Based Audit Plan Activities
Real PropertyThis audit is intended to assess operational and management processes and related controls over two key areas: the effectiveness of the planning process in aligning real property decisions with departmental priorities, and; the health and safety of employees in compliance with existing authorities.Originally planned in 2009-10. Will be completed in 2010-11.
Asset Management (non-IT)This audit will assess the controls in place over the identification, recording, control and disposal of non IT assets within the Department in compliance with appropriate policies and procedures.Planned for 2010-11. Will be completed in 2010-11.
Financial Reporting ControlsThis audit will assess the effectiveness of controls over the financial reporting process within the Department as well from the Department to central agencies and parliament.Audit will map DFAIT’s progress, throughout 2010-11, of implementing key recommendations of the Financial Resource Management Risk Assessment which concern the development of financial reporting controls.
Info Mgt., Support for Decision MakingThis audit is intended to examine the controls in place to ensure that corporate records, information and knowledge are available to support decision-making.Originally planned for 2009-10. Is in reserve for 2010-11.

Appendix C: Audit Plan for 2010-2011

Managment Directed Audits
Audit of Delivery of Corporate Services at HQAssess whether delivery of corporate services at DFAIT is aligned with Strategic Review Reductions as well as Transformation objectives.
Audit of TravelExtent to which DFAIT’s mgt. framework governing the administration of travel is effectively structure and operating effectively. As well, controls established ensure compliance with applicable policies and directives.
Resource ManagementThis Follow Up Audit will map progress by DFAIT in implementing its management response to the Financial Risk Assessment and Audit of Resource Allocation.

Appendix C: Audit Plan for 2010-2011

Treasury Board Directed Activities
Contracting Auth. AfghanistanAudit of compliance with special contracting authority.
Gs & Cs Academic RelationsAudit of the Terms and Conditions.
Global Commerce Support ProgramEarly implementation review of the new program to be completed as per Treasury Board Submission.
MOU Points of ServiceAudit of MOU with Standards Council of Canada.
G8 and G20 SummitsAudit of compliance with the financial terms and conditions.

Appendix C: Audit Plan for 2010-2011

ProjectAudit Scope and ObjectivesStatus/Considerations
Audits that will not get done in 2010-11. All held for reconsideration in 2011-12.
Systems Mgt.This audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments.Was to be initiated in 2009-10 and moved to 2010-11.  Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
Systems GovernanceThis audit will examine and assess the Department's information technology governance practices, the related impact on investments in technology solutions, and the management of those investments.Was to be initiated in 2009-10 and moved to 2010-11.  Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
Environmental MonitoringThis audit will examine the effectiveness of the Department's Environmental Management System (EMS) in supporting the management of environmental issues in relation to the Department's physical operations.Was to be initiated in 2010-11.   Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
Security (Physical)This audit will examine DFAIT's controls over physical security within the Department to ensure the safety of personnel and to safeguard information and assets.  It will also assess the degree of compliance with relevant aspects of Government Security Policy.MC to Cabinet is being prepared. Once departmental response and actions have been announced, determine if audit is warranted.
Management of Transfer PaymentsAssessment of transfer payments (Gs & Cs) and other transfer payments to ensure that appropriate policies, practices and internal management controls are aligned. Moved to 2011-12. Align with sunsetting measures of Gs & Cs.
Strategic PlanningAudit of strategic planning framework.  It will include an assessment of the ways and means DFAIT uses to align its programs with the strategic outcomes and the PAA.Was to be initiated in 2010-11.   Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
Operational PlanningThis audit was intended to review the operational planning processes within DFAIT in order to ensure alignment of the operational plans with strategic plans.Was to be initiated in 2010-11.   Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
HR Performance MgtThis audit will assess the adequacy and effectiveness of management processes and controls in place for the management of employee performance within the Department as well as compliance with policies and directives.Move to 2011-2012.
HR Compensation & BenefitsThis audit will assess the management of, and control in place for, compensation and benefits activities being delivered in the Department, as well as the degree of compliance with related policies and directives.  Move to 2011-2012
Program Development FrameworkThis audit will examine core controls related to the methodology and processes in place to plan, develop, approve and implement departmental programs.Was to be initiated in 2010-11.   Given 2010-11 priorities, this audit will not get done - move to reconsider in 2011-12.
Information Mgt. LifecycleThis audit will analyse the controls in place over the creation, retention, retrieval and disposal of information within the Department, as well as compliance with legislation, policies and directives (including Access to Information and Privacy policies).Some elements of this audit may be incorporated in the Audit of Information for Decision-Making.

Appendix D: Audit Plan for 2011-2012

ProjectAudit Scope and ObjectivesStatus/Considerations
Risk-Based Audit Plan Activities

Legal Mgt.

Assess effectiveness of provision of legal services within Dept to support delivery of programs/activities.Planned in 2011-12.
Procurement (including contracting)Assess management control framework for contracting activities and determine the level of compliance with applicable government policies.Planned in 2011-12.
Policy Mgt. FrameworkExamine core controls related to the methodology and processes in place to plan, develop, approve, implement and monitor departmental policies.Reconsider for next three-year audit planning cycle.
Business ContinuityAssess the adequacy of the management framework in place to support business continuity planning and monitoring as well as compliance with legislated requirements.Reconsider in 2011-12.
Stakeholder RelationsExamine effectiveness of the ways and means that Platform mgmt relates to dept'al clients, setting SLAs and delivery cost effective service.Only audit featured in RBAP which allows a review of some core controls related to Citizen-service Delivery.
Program Mgt. – Performance Mgt.Examine controls in place to ensure that the results of programs and activities are appropriately monitored and measured.Reconsider for next three-year audit planning cycle. 
Platform Mgt.- Framework & CapacityAssess the capacity of and controls over the management and operation of the delivery of common administrative services to missions and HQ.Planned in 2011-12.
Values & EthicsAudit will confirm that the Dept's procedures and policies for promoting values and ethics are part of the management control framework. In reserve 2011-12.
Treasury Mgt. (Banking & Foreign Exchange)Audit of the Treasury management function at DFAITWill use audit program developed by Treasury Board to complete this audit.
HR StaffingAssurance to senior management that the Department is taking the necessary steps to ensure compliance with Public Service Employment Act.Already covered by the PSC Audit of Staffing.  Use results of PSC Audit to scope HR Planning Audit.
HR PlanningAssess effectiveness of mgt controls in place for HR planning within the Dept, adequacy of supporting HR info, & compliance with policies & directives.Planned in 2011-12.
Revenue ControlsExamine effectiveness of controls over the identification, recording, accounting and collection of revenue by the DFAIT.Planned in 2011-12.

Appendix E - Audit Plan MAF and Core Control Coverage

MAF : Resulting coverage 2010-11 Audits

Public Service Values
Governance and Strategic DirectionsOCG Business Cases for InvestmentsPolicy and ProgramsPeopleCitizen-focused ServiceResults and Performance
CESD Water ManagementPSC Audit of Staffing 
Audit of Real PropertyPSC Study : Temp Help & Staffing
Gs & Cs : Academic Ret. Program 
Global Commerce Program
MOU: Standards Council
   
Information for Decision-MakingRisk ManagementStewardshipAccountability
OAG – Internal AuditDelivery of Corporate Services 
Follow-up: Resource Management
Audit of Travel
Non-IT Asset Management
G8/G20 Summit
Auth. to contract. Afgh. Task Force
Audit Financial Reporting Controls
Learning Innovation and Change Management

Appendix F – Audit Universe Mapped to DFAIT Program Activity

Audit UniverseInt’l Policy Advice & IntegrationDiplomacy & AdvocacyInt’l CommerceConsular AffairsPassport CanadaInt’l Platform: Support at HQInt’l Platform: Support at MissionsInternal ServicesTotal
Business ProcessAudit Subject         
 Budget Allocation$120.3M$991.9M$88.3M$54.5M$344.2M$349.8M$449.6M$114.5M$2,513M
Governance1. Dept’al Governance Structures       Year 1 
2. TB Submissions/MCs       Year 1 
3. Risk Mgt.       Year 1 
4. Values & Ethics       Year 3 
Dept’al Planning & Resource Allocation5. Strategic Planning       NGD 
6. Operational Planning       NGD 
7. Resource Allocation       Year 1 
8. Corporate Service Delivery       Year 2 
Policy Development9. Policy Mgt. FrameworkNGDNGDNGD    NGD 
10. Environmental MonitoringNGD        
Program Management11. Program Mgt. Framework & CapacityNGD        
12. Performance Mgt.       NGD 
13. Mgt. of Transfer Payments       Year 3 
Platform Management14. Mgt. Framework & Capacity     Year 3Year 3  
15. Stakeholder Relations     NGDNGD  
16. Legal Management       Year 3 
Financial Management17. Expenditure Controls       Year 1 
18. Revenue Controls       Year 3 
19. Reporting Controls       Year 2 
20. Treasury Mgt.       Year 3 
21. Procurement       Year 3 
22. Travel       Year 2 
Information Management23. Support for decision-making     Year 2Year 2  
24. Lifecycle     Year 2Year 2  
Asset Management25. IT     NGDNGD  
26. Non-IM/IT     Year 2Year 2  
27. Real Property     Year 2Year 2  
Human Resources28. Planning       Year 3 
29. Performance Mgt.       NGD 
30. Compensation & Benefits       NGD 
31. Staffing       NGD 
IT Management32. Systems Governance     NGD   
33. Systems Management     NGDNGD  
Business Continuity34. Business Continuity   Year 3     
35. Security (Physical)     NGDNGD  
Note: NGD – Will not get done. Should additional resources be provided in 2011-12, this audit subject will be included for consideration in the 2011-12 RBAP refresh exercise.

Appendix G - DFAIT Corporate Risk Profile 2010-2011

RiskRisk Statement
1. Domestic and international economic and political conditionsDomestic and international instability will likely affect DFAIT’s ability to attract and retain foreign investment into Canada and its ability to facilitate the success of Canadian businesses abroad. Foreign trade and financial protectionism as well as rapidly evolving economic policies and regulatory frameworks will likely impair access to international capital, contracts and trade opportunities and may result in non-compliance with international obligations, possible litigation, and the relocation of Canadian businesses and loss of local jobs… Volatile global economies will also likely lead to more domestic and international political uncertainties that could influence policy initiatives and program delivery… 
2. Human and knowledge CapitalDFAIT will likely continue to face significant challenges in recruitment and retention of qualified and experienced personnel in the wide range of key occupational groups relating to its rotational and non-rotational personnel as well as high-performing locally engaged (LES) staff with corporate memory….
3. Service to Canadian Citizens Abroad and Protection of Government Personnel, Interests and AssetsThe physical security of Government of Canada-deployed personnel may be threatened due to increased exposure of embassy worksites to loss through fire, earthquake, flood or hostile action….
4. Adequacy and Integrity of Human Resources, Financial and Information Management Systems for Decision Making and ReportingInconsistent collection and maintenance of corporate memory, inadequate interoperability among departmental financial, information and HR systems, duplicate systems and data standards, and lack of data integrity could impede the improvement of business processes, resource planning, reporting and decision making…..
5. Alignment of Resources to Priorities and Change ManagementThe Department faces a number of governance and transition challenges in moving forward with the implementation of major resource alignment initiatives…..
6. Internal and External CommunicationsOrganizational dispersion (e.g. more than 300 points of service around the world) and increased complexity of communication coordination and technology across global locations could weaken cohesion and timely, transparent delivery of the departmental message to target audiences…..
7. Litigation, Treaty or Trade Dispute and resulting liability 
8. Internal and External dependencies and alignment with partners: other government departments (OGDs) and foreign governments 
9. Resource Alignment to Priorities 
10. Potential for Surprise 
11. Business Continuity 
 

*If you require a plug-in or a third-party software to view this file, please visit the alternative formats section of our help page.

Footer

Date Modified:
2013-01-21