2020-2021 Chief Audit Executive Annual Report

November 3, 2021

Chief Audit Executive – France Labine

Secretary of Audit and Evaluation Committee (AEC) for four quarterly meetings

May 21, 2020
October 13, 2020
November 26, 2020
February 18, 2021

Policy on Internal Audit

As per the Policy on Internal Audit, the CAE confirms the following:

She has not been assigned any management or operational responsibilities that may compromise her independence* and objectivity with respect to her internal audit responsibilities.
She has unrestricted access to the AEC.
She has unrestricted access to all records, databases, workplaces and employees to carry out the risk-based audit plan.
She has unimpaired ability to carry out his responsibilities, including reporting issues to the Commissioner, to the AEC and, as appropriate, to the Comptroller General of Canada.

* Due to the size of the organization the CAE is also combining other corporate services functions such as security and finance and will use external auditor’s or evaluator’s to perform key QA, audits and assessments.

Chief Audit Executive Report

Provides assurance of:

Proper oversight of public resources.
Oversight informed by a professional and objective internal audit function.
Guidance that is independent of management.
Responsible stewardship to Canadians.

Audits, Reviews, Assessments

2019-20 Financial Statements

Office of the Auditor General (OAG)
Completed and approved in October 2020

2019-20 payroll-related internal controls assessment

Performed by third party – contractor to obtain assurance that adequate payroll controls are in place and functioning effectively within OIC.
Walkthroughs of detailed processes were prepared and provided by OIC to serve as the basis for the work undertaken.
The high level outcome provided useful recommendations to enhance the documentation which are currently in progress.
Detailed report (received summer 2021) with OIC management response will be tabled at a future meeting.

Threat Risk Assessment (TRA) and Threat Vulnerability Assessment (TVA)

Final update provided at the May 2020 AEC meeting.

Important items Reviewed by the AEC

Risk-based Audit and Evaluation Plan – Review Schedule
OAG Financial Audit and key controls
Regular Budgets and Financial Results
IM/IT Threat Risk Assessment (TRA) and Threat Vulnerability Assessment (TVA)
Strategic Plan and OIC Direction (focus EDI and Mental Health)
Governance Structure
- Innovation (new sub committee approach)
- Beyond 2020 (focus on the return to the office and hybrid mode)
- Occupational Health, Safety and Mental Health Committees (focus violence and harassment)
- Web and social Media Committee (change of name to reflect better the enhance mandate)
- Keep weekly SMC meeting to approve HR and Budget Items

Important items Reviewed by the AEC

Departmental Plan (DP) and Departmental Results Report (DPR)
Departmental Security and Business Continuity Plans
Integrated Planning Process (HR plan, quarterly financial reviews and multi-year investment plans)
Enhanced Corporate Services Capacity
Investigation inventory, processes and performance
Litigation files
Parliamentary Activities and Communications

Change to the calendar for the RBAEP
2021-22 and 2022-23 IN PROGRESS	Evaluation of Investigations	Complaints Resolution and Compliance	Scope: The Investigations program. Objective: Address, as per the TB Policy on Results, the relevance and performance of the investigations program. The evaluation should consider the evolving nature of investigations through an analysis of the portfolio of complaints (e.g. source, targeted institution, complaint type), as well as the new context in which the program is operating (e.g. C-58 legislative changes). Rationale: High evaluation requirement, 4.2 Impact and 3.6 Probability. Given unprecedented circumstances of COVID-19, the OIC has experienced procurement delays; however there may be an opportunity to develop/improve plans to ensure both a smooth transition and an adoption of more efficient processes. Therefore, an evaluation rescheduled to 2021-22 and 2022-23 would be more beneficial and valuable, as it will produce better results. Considering that, the Investigations program is the key program at the OIC, an evaluation of this activity is recommended every 5 years.
2021-22	Performance and Talent Management Review	Human Resources (HR)	Scope: A review of OIC HR practices Objective: Not an in-depth audit, but a review of the following OIC HR practices i) effectiveness of employee performance evaluation; ii) effectiveness of Talent Management program, iii) employee turnover, and iv) exit interviews. Rationale: High audit requirement, 3.3 Impact and 3.4 Probability. During the interviews of Management and the Strategic Planning meeting, the need to recruit high performing employees in several key positions was identified as a high priority. Given unprecedented circumstances of COVID-19, there may be an opportunity to develop/improve plans to ensure both a smooth transition and an adoption of more efficient processes. A review postponed to 2021-22 would be more beneficial and valuable, as it will produce better results.
2022-23	Audit of Information Management and Physical Security	Corporate Services	Scope: Management practices and assessment of controls related to information management. Objective: Assess the operational effectiveness of information management practices and compliance with recommendations made in the RHEA audit, notably as they relate to the retention and disposition of sensitive and restricted documents. Rationale: High audit requirement, 3.2 Impact and 2.3 Probability. Considering the sensitivity of the information retained by the OIC, and the reputational risk to the OIC in the case of improper management of private or restricted information, an audit of this activity is highly recommended but for 2022-23 instead of 2021-22. This change is due to the pandemic situation and the derogation in effect in the IM Security.