2012-2013 Audit and Evaluation Committee Annual Report

Office of the Information Commissioner

1. Purpose

The external members of the Office of the Information Commissioner’s (OIC) Audit Committee prepared this report for the Information Commissioner as a summary of the Committee’s work from April 2012 to March 2013.

The report is also a vehicle for the external Committee members to present their thoughts on areas for improvement, based on the Committee’s assessments and deliberations over the year.

2. Committee role and membership

Independent from OIC management, the Audit Committee plays an advisory role to the Information Commissioner. Committee members provide objective advice and recommendations regarding the sufficiency, quality and results of assurance activities related to the OIC’s risk management, control and governance frameworks and processes.

The Committee has three members, two of whom are external to the federal government. The external members are John McCrea and Dyane Adam, who serves as chair. They were appointed in October 2008 and together have a breadth of knowledge and experience, particularly in managing offices of Agents of Parliament. This was Mr. McCrea last year as an external member. He was replaced by Mr. Bernard Bougie who joined the Committee in February 2013. Information Commissioner Suzanne Legault is the third member of the Committee.

The OIC’s Chief Financial Officer/Director General of Corporate Services and a senior representative of the Office of the Auditor General attended all meetings during the year.

(See the Audit Committee Charter, which sets out the Committee’s responsibilities and operations, and the Directive on Departmental Audit Committees for more information.)

3. Meetings

The Audit Committee met only twice between April 1, 2012, and March 31, 2013, while they are suppose to meet four times per year. This is explained by the fact that there were many changes during 2012-2013:

• Change in the composition of the members in the Audit Committee
• Change in the Internal Auditors that forced the readjustment of the Internal Audit Plan. The Committee was not satisfied with the internal auditor’s work and decided to end the contract with them. Another firm was then hired.

Approved minutes of each meeting can be found on the OIC’s website - Audit Committee minutes.

4. Summary of activities

The Committee’s activities fall under eight categories, and are summarized below. Note, however, that these areas of responsibility are linked in many ways, which Committee members take into account when carrying out their assessments and providing advice.

4.1 Values and ethics

The Committee reviews any measures OIC management takes to exemplify and promote public service values and to ensure compliance with laws, regulations, policies and standards of ethical conduct.

During the May 2012 meeting, Committee members received a briefing on activities done at the OIC that are in line with the result of the survey, including the mandatory workshops employees attended in February and March 2012 on ensuring a harassment-free workplace.

4.2 Risk management

Risk assessments and mitigation strategies constitute an ongoing focus of the Committee’s work.

The Committee met with representatives from the Office of the Auditor General (OAG) to discuss the OIC’s risk of fraud and error, in anticipation of the audit of the OIC’s annual financial statements. This is done in compliance with standard practice of the OAG.

The Acting Assistant Commissioner, Complaints Resolution and Compliance (CRC) presented the risk profile of the "Efficiency and Quality of Complaints Resolution" at the OIC. The major risk identified is the consistency in ensuring efficient investigations and quality resolution of complaints. The Committee members were pleased with the results of the past year and the improvement made to the CRC branch.

The Director Information Management/Information Technology (IM/IT) presented an overview of the risk management of the Information Management activities. The main risk is ensuring the department is in compliance with the various evolving policies, guidelines and directives from TBS, while ensuring that IM is serving the need of all the clients at the OIC. Director IM/IT also discussed with the audit committee (AC) members on the relocation and its challenge. The OIC will aim at reducing its footprint and take advantage of the new technology by becoming device independent; keeping in mind that the Office deals with protected information.

4.3 Management control framework

Activities and discussions pertaining to the management control framework, which is linked to all other areas of responsibility, were numerous and are ongoing.

As a result of recent TBS policy changes and amendment process for FY13-14, an update was provided to the Committee concerning the Management, Resources and Results Structure.

4.4 Internal audit function

The Committee was provided with an update on the changes made to the TBS Policy on Internal Audit and related directives.

At the May 2012 meeting, the Audit Committee Annual reports for 2010-11 and for 2011-12 were approved by the Audit Committee. At the August 2012 meeting, the Chief Audit Executive Draft Report, which covers 2008 to 2012, was circulated. Audit Committee members were satisfied with the approach that was used.

The Committee will continue monitoring the work of the internal audit function as part of its responsibilities.

4.5 Support to Audits Conducted by OAG or Other Organizations

AC members were presented with the results from the 2011 OAG Annual Audit. The OAG Principal congratulated the OIC financial team for their collaboration, which resulted in a smooth audit. The OAG Principal also highlighted the remarkable improvement in the quality of the financial statements.

The Director IM/IT presented the committee with an analysis of the OCG horizontal audit of the Electronic Recordkeeping in SDA, and an assessment of Information Management (IM) at the OIC. The OIC has accomplished a significant amount of work since 2008 and is moving forward to full compliance with the Recordkeeping (RK) policy by the target date of 2014. The AC members asked to be able to follow up on the progress made at the various steps of the project.

4.6 Follow-up on Management Action Plans

At each meeting, members were provided with the minutes and an update for the action items from previous meetings.

4.7 Financial Statements and Public Accounts Reporting

Committee members reviewed and recommended for approval the OIC’s Financial Statements for the year ended March 31, 2012. The financial statements were done in accordance with the new model as per the revised Treasury Board Accounting Standard 1.2. The Office of the Auditor General (OAG) presented an audit report with an unmodified opinion, finding no significant deficiencies in internal controls and requiring no significant adjustments. Committee members noted that this reflected the marked improvement the OIC has made in financial management in recent years.

The Committee commented on the quarterly financial reports the OIC prepared for the quarter ended June 30, 2012. Committee members were advised that instructions were expected from the Office of the Comptroller General regarding the presentation of elements related to budget reductions. Members were satisfied with the report as it was presented.

4.8 Risk and Accountability Reporting

At various meetings, the Committee reviewed and discussed several reports and accountability instruments, including the following:

• 2011−2012 Departmental Performance Report
• 2010–2014 Strategic Plan

5. Overall assessment of risk management, control and accountability

Based on its reviews and discussions throughout 2012–2013, the Committee is reasonably assured that the OIC’s risk management, control and governance processes are generally functioning well.

The Committee appreciates the due diligence the OIC has exercised in the development of sound processes and practices, and is encouraged that management strives for constant improvement.

6. Committee effectiveness

The Committee’s external members are pleased with the Committee’s ongoing development and maturity in its advisory role. The Committee has established itself as an integral part of the OIC’s governance system. Despite the pressures of competing priorities and the multitasking typical of small organizations, the commitment and engagement of senior officials and functional analysts have been invaluable in helping the Committee fulfill its mandate.

7. Forward planning

The Committee is scheduled to have four meetings during 2013-2014. Its goal is to continue to provide advice that reflects core public sector principles, takes into account the independence of Agents of Parliament, and encompasses innovative and creative perspectives. In addition, it will ensure a smooth transition during the process of renewing its scheduled membership.

Appendix A: Audit Committee calendar of activities, 2012-2013

Legend

• A – Approval / Action required
• R – Review / Recommend for approval
• I – Information / Discussion