2014-2015 Audit and Evaluation Committee Annual Report

Office of the Information Commissioner of Canada

 

1. Purpose

The external members of the Office of the Information Commissioner’s (OIC) Audit and Evaluation Committee (Committee) prepared this report for the Information Commissioner as a summary of the Committee’s work from April 2014 to March 2015.

The report is also a vehicle for the external Committee members to present their thoughts on areas for improvement, based on the Committee’s assessments and deliberations over the year.

2. Committee role and membership

Independent from OIC management, the Audit Committee plays an advisory role to the Information Commissioner. Committee members provide objective advice and recommendations regarding the sufficiency, quality and results of assurance activities related to the OIC’s risk management, control and governance frameworks and processes.

The Committee has three members, two of whom are external to the federal government. The external members are Bernard Bougie and Dyane Adam, who serves as chair. Mrs. Adam was appointed in October 2008 and M. Bougie joined the Committee in February 2013. Together, they have a breadth of knowledge and experience, in the areas of audit, internal controls and risk-management in both the public and private sectors. M. Bougie left the committee in March 2015.^Footnote1 Information Commissioner Suzanne Legault is the third member of the Committee.

The OIC’s Chief Financial Officer/Director General of Corporate Services and a senior representative of the Office of the Auditor General attended all meetings during the year.

The Committee is also mindful that the Office of the Comptroller General (OCG) continues to develop and update internal audit practices in the federal government: to the extent feasible, while respecting the need to guard the independence of OIC, the Committee conforms to OCG preference. See the  Audit and Evaluation Committee Charter, which sets out the Committee’s responsibilities and operations, and the Directive on Internal Auditing in the Government of Canada.

3. Meetings

The Audit and Evaluation Committee met three times in person and one time by teleconference between April 1, 2014, and March 31, 2015. In camera sessions involving only the Commissioner and the external committee members were held at every committee meeting.

Approved minutes of each meeting can be found on the OIC website – Record of meeting .

4. Summary of activities

The Committee’s activities fall under eight categories, and are summarized below. Note, however, that these areas of responsibility are linked in many ways, which Committee members take into account when carrying out their assessments and providing advice.

4.1 Values and ethics

The Committee reviews any measures OIC management takes to exemplify and promote public service values and to ensure compliance with laws, regulations, policies and standards of ethical conduct.

During the August 2014 meeting, Committee members discussed the OIC’s Code of Values and Ethics.

4.2 Risk management

Risk assessments and mitigation strategies constitute an ongoing focus of the Committee’s work.

The Committee met with representatives from the Office of the Auditor General (OAG) to discuss the OIC’s risk of fraud and error, in anticipation of the audit of the OIC’s annual financial statements. This is done in compliance with standard practice of the OAG.

The Assistant Commissioner, Complaints Resolution and Compliance (CRC) regularly presents an updated risk profile of the Efficiency and Quality of Complaints Resolution at the committee meetings. The major risk identified is the consistency in insuring efficient investigations and quality resolution of complaints.

During fiscal year 2014–2015, the members were constantly concerned about the limited budget and the fact that OIC had no financial flexibility, and no contingencies funds. Members considered this as a major risk for the organization, which has also been reported in clear terms in the OIC’s performance reports. The Director Financial Services, Security and Administration kept the members informed by presenting frequent budget updates at the meetings. For their part, the members kept this as a recurring discussion item.

The Integrated Risk-Based Internal Audit and Evaluation Plan was reviewed at the May meeting.

4.3 Management control framework

Activities and discussions pertaining to the management control framework, which is linked to all other areas of responsibility, were numerous and are ongoing.

The members were informed of the new performance management pilot project for the investigators at the May meeting and this item was then discussed at every other meetings. The evaluation of the Complaint Resolution Process was discussed on numerous occasions during 2014–2015.

4.4 Internal audit function

The members reviewed the Audit and Evaluation Committee Charter at the November 2014 meeting.

M. Bernard Bougie presented its 2013–2014 annual report as the Chief Audit Executive. It was approved by the Audit Committee members. Since February 2013, OIC has opted to have one independent member of its Audit Committee to assume the responsabilities of the CAE. ^Footnote2

The Committee is monitoring the work of the internal audit function as part of its responsibilities.

4.5 Supports to Audits Conducted by OAG or Other Organizations

AEC members were presented with the results from the 2013–2014 OAG Annual Financial Audit. The Committee recognized the OAG Principal and her team for their professionalism.

4.6 Follow-up on Management Action Plans

At each meeting, members were provided with the minutes and an update of the action items from previous meetings. The human resources area was the object of a Public Service Audit in 2011; an HR Internal Controls Review – Action Plan was then created. The committee members have been kept abreast of its follow-ups and results; by the November meeting, all of the measures had been implemented.

4.7 Financial Statements and Public Accounts Reporting

The OAG 2013–2014 financial audit results were communicated at the August 2014 meeting. Members were satisfied with the FSSA team’s hard work related to the audit and preparation of the financial statements.

Committee members reviewed and recommended for approval the OIC’s Financial Statements for the year ended March 31, 2014. The Office of the Auditor General (OAG) presented an audit report with an unmodified opinion, finding no significant deficiencies in internal controls and requiring no significant adjustments. OIC has always received an annual financial statement audit report with an unmodified opinion from the OAG, since they started auditing the OIC in fiscal 2003-2004.

The OAG Financial Statement Audit Plan for 2014–2015 was presented at the January 2014 meeting.  

4.8 Risk and Accountability Reporting

At various meetings, the Committee reviewed and discussed several reports and accountability instruments, including the following:

• 2013–2014  Departmental Performance Report
• 2015–2016 Report on Plans and Priorities
• 2014–2018 Risk-Based Audit and Evaluation Plan

5. Overall assessment of risk management, control and governance

Based on its reviews and discussions throughout 2014–2015, the Committee is reasonably assured that the OIC’s risk management, control and governance processes are generally functioning well.

The Committee appreciates the due diligence the OIC has exercised in the development of sound processes and practices, and is encouraged that management strives for constant improvement.

6. Committee effectiveness

The Committee’s external members are pleased with the Committee’s ongoing development and maturity in its advisory role. Members were provided with relevant and transparent information to enable the Committee to discharge its mandate. Members were pleased with the professionalism of staff, their candour concerning the challenges they face and willingness to implement suggestions.

The Committee has established itself as an integral part of the OIC’s governance system. Despite the pressures of competing priorities and the multitasking typical of small organizations, the commitment and engagement of senior officials and functional analysts have been invaluable in helping the Committee fulfill its mandate. Based on observations over the past year the Committee concludes that OIC appears to have a systematic and rational approach to addressing its mandate, to monitoring results and to reporting publicly.

7. Forward planning

The Committee is scheduled to meet four times during 2015–2016. Its goal are to continue to provide advice that reflects core public sector principles, take into account the independence of Agents of Parliament, and encompass innovative and creative perspectives.

The members have a few focuses for the next year:

• Continue to monitor the financial situation of the OIC; and
• Hold more discussions on values and ethics and examine how management targets efforts to foster strong values and ethics at the OIC.

Appendix A: Audit Committee calendar of activities, 2014–2015

	May 28,      2014	August 7, 2014	November 5, 2014	January 21 janvier, 2015 (Teleconference)
1. Organizational Matters
Audit and Evaluation Committee Charter			I
Annual Forward Calendar		R	A
Audit Committee Annual Report	A
2. Key Responsibilities
Values and Ethics		R
Risk Management, Control Framework, Follow-up	R		R
Report on inventory of complaints	I	I	I	I
Report of Wrong-Doing	As Reported
Financial Statements		A
OAG Financial Statement Audit Plan				I
OAG Financial Statement Audit Report & Management Action Plan		R
Other OAG/Central Agency Audit Reports (incl. OCG Horizontal Audits), OIC Self-Assessments/Action Plans	As Audits are Planned (I) and Action Plans Developed (R)
Risk-Based Audit/Evaluation Plan	R
Internal Audit Report, Management Action Plan, Follow-ups	I
Report on Plans and Priorities				R
Departmental Performance Report		R
CAE’s quarterly and annual reports	I	A	I	I
In-camera meetings	I	I	I	I
3. Business Context, Planning and Implementation
Strategic Plan	I
Integrated Operational Plan	I
4. Other Issues
Parliamentary Activities – Annual Calendar	I	I	I	I

Legend

A – Approval / Action required

R – Review / Recommend for approval

I – Information / Discussion