Audit committee 2011–2012 annual report Office of The Information Commissioner of Canada

Purpose

The external members of the Office of the Information Commissioner’s (OIC) Audit Committee prepared this report for the Information Commissioner as a summary of the Committee’s work from April 2011 to March 2012.

The report is also a vehicle for the external Committee members to present their thoughts on areas for improvement, based on the Committee’s assessments and deliberations over the year.

Committee role and membership

Independent from OIC management, the Audit Committee plays an advisory role for the Information Commissioner. Committee members provide objective advice and recommendations regarding the sufficiency, quality and results of assurance activities related to the OIC’s risk management, control and governance frameworks and processes.

The Committee has three members, two of whom are external to the federal government. The external members are John McCrea and Dyane Adam, who serves as chair. They were appointed in October 2008 and together have a breadth of knowledge and experience, particularly in managing the offices of Agents of Parliament. Information Commissioner Suzanne Legault is the third member of the Committee.

The OIC’s Acting Chief Financial Officer/Director General of Corporate Services, a member of the audit team and a senior representative of the Office of the Auditor General attended all meetings during the year.

(See the Audit Committee Charter, which sets out the Committee’s responsibilities and operations, and the Directive on Departmental Audit Committees for more information.)

Meetings

The Audit Committee met four times between April 1, 2011, and March 31, 2012, and held one conference call. Approved minutes of each meeting can be found on the OIC’s website.

Summary of activities

The Committee’s activities fall under seven categories, and are summarized below. Note, however, that these areas of responsibility are linked in many ways, which Committee members take into account when carrying out their assessments and providing advice.

Values and ethics

The Committee reviews any measures OIC management takes to exemplify and promote public service values and to ensure compliance with laws, regulations, policies and standards of ethical conduct.

During the May 2011 meeting, Committee members received a briefing on human resources management at the OIC. This included reviewing the work done to update the code of value and ethics, based on employee input to the values during the strategic planning process.

Committee members were also told about the mandatory workshops employees would attend in February and March 2012 on ensuring a harassment-free workplace.

Risk management

Risk assessments and mitigation strategies constitute an ongoing focus of the Committee’s work.

For example, the Committee met with representatives from the Office of the Auditor General to discuss the OIC’s risk of fraud and error, in anticipation of the audit of the OIC’s annual financial statements. In particular, members considered the risk of error related to payroll, since salaries make up 85 percent of the OIC’s total expenses. It is the view of Committee members, however, that the risks are low, given the OIC’s experienced finance team, and the quality and extent of the documentation management provided to the Committee over the year.

Committee members discussed cost containment measures and the government’s Deficit Reduction Action Plan throughout the year. Officials, in turn, kept the Committee informed of the steps the OIC was taking to address those financial pressures while still meeting operational needs.

Management control framework

The activities and discussions pertaining to the management control framework, which is linked to all other areas of responsibility, were numerous and are ongoing.

The Committee was kept informed of, for example, initiatives at the OIC to strengthen and improve controls related to corporate security, finance and procurement, as well as the budget, including the risks and costs that will arise from the unforeseen relocation of the OIC’s offices in 2013. Committee members noted the OIC’s successful management of its limited resources.

At the August 2011 meeting, Committee members reviewed and commented on a summary of the results of the assessment of the system of internal control for financial reporting, and of the actions the OIC took in response to any significant issues. This summary was attached to the Statement of Management Responsibility Including Internal Control over Financial Reporting, as per the Policy on Internal Control.

Internal audit function

The OIC has chosen to implement the Policy on Internal Audit while maintaining its independence from government, as proposed by the Working Group of Officers of Parliament.

At their meetings in 2011–2012, Committee members focused much of their time on the internal audit function, closely monitoring and challenging its performance to ensure that it was providing the necessary independent and objective assurance and guidance. The Committee asked the OIC’s audit group to present an update when completing significant steps of any internal audit.

  • At the February 2012 meeting, the Committee reviewed and approved the internal audit charter, and did its periodic review of the Audit Committee Charter (approving it with no changes).
  • Over the course of several meetings, Committee members reviewed the progress and results of the internal audit of the OIC’s Complaints, Resolution and Compliance (CRC) branch.
  • During the August 2011 meeting, Committee members reviewed the Letter to Management and Report from the Auditor on the CRC audit. The committee recommended the reports for approval as well as the corresponding management action plan addressing the recommendations. The November 2011 meeting featured a comprehensive presentation on CRC’s plan for addressing the root causes of persistent performance and timeliness issues associated with complex and refusal cases.
  • The Committee also followed up on the status of management actions stemming from the earlier audit of the Intake and Early Resolution Unit.
  • At the February 2012 meeting, the Committee heard about the OIC’s annual update of the Risk-Based Audit Plan. Members will be briefed on the status of the update at the May 2012 meeting.

The Committee will continue monitoring the work of the internal audit function as part of its responsibilities.

Audits conducted by Public Service Commission and the Office of  the Comptroller General

The Committee was informed in May 2011 that, for the third consecutive year, the Public Service Commission (PSC) had provided positive feedback on the OIC’s Departmental Staffing Accountability Report.

However, the results of the PSC’s preliminary staffing audit in the fall of 2011 were not positive. Committee members discussed these initial observations at the February 2012 meeting in light of their own concerns about human resources management at the OIC and agreed on a course of action to take in response. The report on the full staffing audit will be available in the fall of 2012.

At the Committee’s request, the OIC carried out a self-assessment against the findings and recommendations of the Office of the Comptroller General’s 2011 horizontal audits of small departments and agencies. The results of the assessment were presented during the November 2011 meeting. The Committee Chair recommended that the OIC conduct these self-assessments on an ongoing basis. Doing so would provide added assurance to the Commissioner about the adequacy of the OIC’s frameworks and processes would feed into the risk assessment process and would preempt the need for audits of the same nature within the organization.

Audit of financial statements and quarterly financial reporting

Committee members reviewed and recommended for approval the OIC’s financial statements for the year ended March 31, 2011. The Office of the Auditor General (OAG) presented an audit report with an unmodified opinion, finding no significant deficiencies in internal controls and requiring no significant adjustments. Committee members noted that this reflected the marked improvement the OIC has made in financial management in recent years.

The OAG auditors highlighted the collaboration of OIC management, which resulted in a “smooth audit” and a faster than planned process.

The Committee commented on the quarterly financial reports the OIC prepared in accordance with the new Treasury Board Accounting Standard 1.3. Members were pleased with the quality of the financial reports.

Reports to Parliament

At various meetings, the Committee reviewed and discussed several reports and accountability instruments, including the following:

  • 2010−2011 Departmental Performance Report
  • 2012−2013 Report on Plans and Priorities
  • 2010–2014 Strategic Plan

During the course of their review of the various reports and plans, Committee members expressed concern about the OIC’s performance indicators and strategic outcomes. Officials reported that the OIC has been working with Treasury Board Secretariat for several years to amend the Management Resources and Results Structure as well as the Performance Measurement Framework. Committee members said they appreciated the quality and conciseness of the OIC’s reports, including the new Integrated Operational Plan, which the Committee reviewed and approved, but strongly recommended that, for all reports, the indicators better reflect the organization’s current context.

Overall assessment of risk management, control and accountability

Based on its reviews and discussions throughout 2011–2012, the Committee is reasonably assured that the OIC’s risk management, control and governance processes are generally functioning well. However, as noted above in sub-section 4.5, there are concerns about the staffing process that is currently being audited by the PSC.

The Committee appreciates the due diligence the OIC has exercised in the development of sound processes and practices, and is encouraged that management strives for constant improvement.

Committee effectiveness

Now in the fourth year of their mandate, the Committee’s external members are pleased with the Committee’s ongoing development and maturity in its advisory role. The Committee has established itself as an integral part of the OIC’s governance system. Despite the pressures of competing priorities and the multitasking typical of small organizations, the commitment and engagement of senior officials and functional analysts have been invaluable in helping the Committee fulfill its mandate.

Forward planning

The Committee is scheduled to meet four times during 2012–2013. Its goal is to continue to provide advice that reflects core public sector principles, takes into account the independence of Agents of Parliament, and encompasses innovative and creative perspectives. In addition, it will ensure a smooth transition during the process of renewing its membership.

Appendix : Audit Committee calendar of activities, 2011−2012
May 4, 2011 Aug. 3, 2011 Nov. 1, 2011 Feb. 2, 2012 Mar 23, 2012
1. Organizational Matters
Audit Committee Charter A  
Annual Forward Calendar A  
Audit Committee Annual Report A
2. Key Responsibilities
Values and Ethics
Risk Management, Control Framework, Follow-up R R R R R
Reports of Wrong-Doing As reported
Financial Statements & Public Accounts Reporting R    
OAG Financial Statements Audit Plan I   I
OAG Financial Statements Audit Report & Management Action Plan R
Other OAG or Central Agency Audit Reports and Management Action Plans As audits planned (I) and action plans developed (R)
Internal Audit Charter R A
Risk-Based Audit Plan R
Internal Audit Reports, Management Action Plans, Follow-ups R    
Report on Plans and Priorities R   A
Departmental Performance Report R
In-camera Meetings I I I I I
3. Other Responsibilities
Parliamentary Activities – Annual Calendar I I I I I

Legend
A – Approval / Action required
R – Review / Recommend for approval
I – Information / Discussion