2020-2021 Chief Audit Executive Annual Report
November 3, 2021
Chief Audit Executive – France Labine
Secretary of Audit and Evaluation Committee (AEC) for four quarterly meetings
- May 21, 2020
- October 13, 2020
- November 26, 2020
- February 18, 2021
Policy on Internal Audit
As per the Policy on Internal Audit, the CAE confirms the following:
- She has not been assigned any management or operational responsibilities that may compromise her independence* and objectivity with respect to her internal audit responsibilities.
- She has unrestricted access to the AEC.
- She has unrestricted access to all records, databases, workplaces and employees to carry out the risk-based audit plan.
- She has unimpaired ability to carry out his responsibilities, including reporting issues to the Commissioner, to the AEC and, as appropriate, to the Comptroller General of Canada.
* Due to the size of the organization the CAE is also combining other corporate services functions such as security and finance and will use external auditor’s or evaluator’s to perform key QA, audits and assessments.
Chief Audit Executive Report
Provides assurance of:
- Proper oversight of public resources.
- Oversight informed by a professional and objective internal audit function.
- Guidance that is independent of management.
- Responsible stewardship to Canadians.
Audits, Reviews, Assessments
2019-20 Financial Statements
- Office of the Auditor General (OAG)
- Completed and approved in October 2020
2019-20 payroll-related internal controls assessment
- Performed by third party – contractor to obtain assurance that adequate payroll controls are in place and functioning effectively within OIC.
- Walkthroughs of detailed processes were prepared and provided by OIC to serve as the basis for the work undertaken.
- The high level outcome provided useful recommendations to enhance the documentation which are currently in progress.
- Detailed report (received summer 2021) with OIC management response will be tabled at a future meeting.
Threat Risk Assessment (TRA) and Threat Vulnerability Assessment (TVA)
- Final update provided at the May 2020 AEC meeting.
Important items Reviewed by the AEC
- Risk-based Audit and Evaluation Plan – Review Schedule
- OAG Financial Audit and key controls
- Regular Budgets and Financial Results
- IM/IT Threat Risk Assessment (TRA) and Threat Vulnerability Assessment (TVA)
- Strategic Plan and OIC Direction (focus EDI and Mental Health)
- Governance Structure
- Innovation (new sub committee approach)
- Beyond 2020 (focus on the return to the office and hybrid mode)
- Occupational Health, Safety and Mental Health Committees (focus violence and harassment)
- Web and social Media Committee (change of name to reflect better the enhance mandate)
- Keep weekly SMC meeting to approve HR and Budget Items
Important items Reviewed by the AEC
- Departmental Plan (DP) and Departmental Results Report (DPR)
- Departmental Security and Business Continuity Plans
- Integrated Planning Process (HR plan, quarterly financial reviews and multi-year investment plans)
- Enhanced Corporate Services Capacity
- Investigation inventory, processes and performance
- Litigation files
- Parliamentary Activities and Communications
Evaluation of Investigations
Complaints Resolution and Compliance
Scope: The Investigations program.
Objective: Address, as per the TB Policy on Results, the relevance and performance of the investigations program. The evaluation should consider the evolving nature of investigations through an analysis of the portfolio of complaints (e.g. source, targeted institution, complaint type), as well as the new context in which the program is operating (e.g. C-58 legislative changes).
Rationale: High evaluation requirement, 4.2 Impact and 3.6 Probability. Given unprecedented circumstances of COVID-19, the OIC has experienced procurement delays; however there may be an opportunity to develop/improve plans to ensure both a smooth transition and an adoption of more efficient processes. Therefore, an evaluation rescheduled to 2021-22 and 2022-23 would be more beneficial and valuable, as it will produce better results. Considering that, the Investigations program is the key program at the OIC, an evaluation of this activity is recommended every 5 years.
Performance and Talent Management Review
Human Resources (HR)
Scope: A review of OIC HR practices
Objective: Not an in-depth audit, but a review of the following OIC HR practices i) effectiveness of employee performance evaluation; ii) effectiveness of Talent Management program, iii) employee turnover, and iv) exit interviews.
Rationale: High audit requirement, 3.3 Impact and 3.4 Probability. During the interviews of Management and the Strategic Planning meeting, the need to recruit high performing employees in several key positions was identified as a high priority. Given unprecedented circumstances of COVID-19, there may be an opportunity to develop/improve plans to ensure both a smooth transition and an adoption of more efficient processes. A review postponed to 2021-22 would be more beneficial and valuable, as it will produce better results.
Audit of Information Management and Physical Security
Scope: Management practices and assessment of controls related to information management.
Objective: Assess the operational effectiveness of information management practices and compliance with recommendations made in the RHEA audit, notably as they relate to the retention and disposition of sensitive and restricted documents.
Rationale: High audit requirement, 3.2 Impact and 2.3 Probability. Considering the sensitivity of the information retained by the OIC, and the reputational risk to the OIC in the case of improper management of private or restricted information, an audit of this activity is highly recommended but for 2022-23 instead of 2021-22. This change is due to the pandemic situation and the derogation in effect in the IM Security.