Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Parks Canada 2009-2010 Internal Audit Plan

Parks Canada Cover Image

Date Approved
April 16, 2009

Office Of Internal Audit And Evaluation

Table of Contents

Executive Summary

1. Introduction

2. Parks Canada Agency

3. Internal Audit Function

a) Applicable Policies and Professional Standards
b) Mission and Services Offered
c) Governance
d) Office of Internal Audit and Evaluation (OIAE)

4. The Audit Universe and Planning Considerations

a) Status of Projects in 2008-2009 Plan
b) Agency's Corporate Risk Profile
c) Agency Renewal
d) Prior Risk Assessments and Current Management Priorities
e) Follow-up Audits
f) Considerations Arising from TB Submissions, RBAFs and Budget 2009
g) OCG/TBS Directed Work
h) Work of Other Assurance Providers

5. Planned Projects

Extent and Limitations of Coverage

Appendices

1. Assumptions in the Calculation Of Audit Capacity
2. Audit Universe and Ratings of Risk
3. Parks Canada Corporate Risk Profile

List of Tables

Table 1: Program Activities
Table 2: Planned Internal Audit Spending for 2009-2010
Table 3: Past Coverage of MAF Universe by Internal Audit and Other Assurance Providers
Table 4: MAF Universe and Scheduled Audit Projects for 2009-2010 and 2010-2011
Table 5: Internal Audit Project Scheduling for 2009-2010

Executive Summary

The 2009-2010 Parks Canada Internal Audit Plan outlines the mandate, organizational structure and resources for Internal Audit at Parks Canada, the strategy and process employed in developing the Plan and details of individual internal audit projects for the FY 2009-2010, together with the associated resource allocation. The Internal Audit Committee of the Agency discussed and recommended the plan to the CEO for approval. The CEO approved the plan on April 16, 2009.

The Office of Internal Audit and Evaluation (OIAE) at Parks Canada adheres to the government's policies and standards for internal audit. Currently, the audit function consists of an executive level director and six internal auditors. Given this resource base, the Office will have the capacity, in 2009-2010 to conduct between five and six risk-based internal audit engagements (i.e., an average or typical engagement is 1,200 hours of effort), as well as addressing other non-risk based work (i.e., provision of advice, coordination, follow-up and participation in TBS directed audit work).

The universe used for audit planning is a modified version of the government's Management Accountability Framework (MAF). A risk assessment of elements of the universe is incorporated in the planning process, as are several other considerations. For the 2009-2010 fiscal year assurance audit work will focus on information management, compensation (i.e., pay and benefits), business continuity planning, and several audits related to basic financial or administrative controls at the business unit level, as well as controls for parts of the revenue management process. Some review level work will be done on the Agency's recently introduced corporate risk profile and processes for identifying risk. Additional work will be undertaken, or continue, to develop descriptions of the governance, risks and controls related to key processes such as human resources policies and planning, and use of collaborative delivery arrangements.

While internal audit work over the next few years will cover several significant elements of the audit universe it is not sufficient to address all areas of risk or support a holistic opinion on the overall state of governance, risk management and controls in the Agency. As noted in previous plans, it is estimated that an additional three internal auditors would be necessary to more fully comply with Internal Audit Policy and the Internal Audit Professional Practice Standards adopted by the government.

1. Introduction

The 2009-2010 Parks Canada Internal Audit plan outlines the mandate, organizational structure and resources for internal audit at Parks Canada, the considerations employed in developing the Plan and details of individual internal audit projects for the FY 2009-2010, together with the associated resource allocation. Project schedules for some audit work in 2010-2011 for internal audit are also shown.

The plan was prepared in conformity with requirements of the Treasury Board Policy on Internal Audit, as well as Parks Canada's Internal Audit Charter (www.pc.gc.ca/docs/pc/rpts/rve-par/index_e.asp )

Risk assessment is an important component of multi-year internal audit planning. Parks Canada's approach to risk assessment for this cycle is described in more detail below. Additional factors considered in planning include:

  • Projects identified in previous planning cycles and those carried over from the previous year;
  • Follow-up of management commitments arising from previous internal and external audit work;
  • Requirements of the Office of the Comptroller General (OCG). Treasury Board submissions and related Risk-Based Audit Frameworks (RBAFs);
  • Work plans of other assurance providers such as the Auditor General, and the Commissioner of the Environment and Sustainable Development;
  • Senior management priorities.

The ultimate audit objective is to conduct sufficient audit work to support an annual expression of a holistic opinion on the overall adequacy and effectiveness of Agency governance, risk management and control processes and to provide coverage of high-risk areas.

2. Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

“Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations.”

Parks Canada delivers on its mandate through five major program activities shown in Table 1.

Table 1: Program Activities

Heritage Places Establishment Including the establishment to date of a system of 42 national parks, 3 national marine conservation areas, and the designation of 925 persons, places and events of national historic significance to Canada (e.g., of which 157 national historic sites are administered by the Agency) as well as supporting designation of other heritage places or structures (e.g., federal heritage buildings, heritage rivers, heritage railway, gravesites of prime ministers).
Heritage Resources Conservation Including the maintenance and restoration of ecological integrity in national parks, ensuring the commemorative integrity of national historic sites managed or influenced by Parks Canada; the protection and management of cultural resources under the administration of Parks Canada; and, the ecologically sustainable use of national marine conservation areas. Conservation also includes fulfilling legal responsibilities assigned to Parks Canada by the Species at Risk Act and the Canadian Environmental Assessment Act.
Public Appreciation and Understanding Activities aimed at reaching Canadians at home, at leisure, at school and in their communities through relevant and effective communication and public outreach education initiatives as well as by engaging many stakeholders and partners in the development and implementation of the Agency's future direction to increase Canadians' understanding, appreciation, support and engagement with respect to the natural and historical heritage of Parks Canada administered places.
Visitor Experience Activities aimed at increasing awareness of Parks Canada, supporting visit planning and traveling to and welcoming and orientation upon arrival, provision of recreational and interpretive infrastructure and activities (i.e., campgrounds, infrastructure, hiking trails) activities to ensure visitor safety and the ongoing post-visit relationship.
Town-Site and Throughway Infrastructure Managing, operating and providing municipal services to five townsite communities within Canada's national parks (i.e., provision of safe drinking water, snow removal, garbage pick-up and disposal, sewage treatment, road and street maintenance, and fire services to support residents and visitors). It also involves the operation of provincial and inter-provincial highways and waterways that connect communities and pass through national parks and national historic sites.

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

National parks and national historic sites are organized into thirty-two geographically based field units. About 80% of Parks Canada's work force is based in the field where most of its program expenditures take place. The work of field units is supported by Service Centres located in Halifax, Quebec City, Cornwall/Ottawa and Winnipeg (with small branch offices in Calgary and Vancouver). The Service Centres comprise about 10% of the work force and provide technical and professional services to field units (e.g., science, research, design services). National office, with less than 10% of the employee base, consists of five directorates (National Parks, National Historic Sites, Strategy and Plans, Human Resources and External Relations and Visitor Experience) who provide legislative, operational policy, planning, program direction, financial management, and human resources functions and services.

3. Internal Audit Function

a) Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2006), and associated directives, standards and guidelines. In 2008-2009 a new charter for the function was approved consistent with the policy and directions of the government.

b) Mission and Services Offered

The Agency's Internal Audit Charter defines the mission of the function to:

Provide independent and objective assurance and consulting services designed to add value and improve the Agency's operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization's risks are managed effectively and that its' goals and objectives will be achieved efficiently and economically;
  • Investigations of possible fraud or wrong doing;
  • Consulting and advice related to RBAFs, development of policies and management controls.

Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation six months after the final approval of the audit reports by the Chief Executive Officer. Managers are requested, by e-mail from the CEO, to complete a template that provides a status report on outstanding recommendations in their area of responsibility. The template is returned directly to the Chief Audit and Evaluation Executive, and is tabled and discussed at the Agency's audit committee.

Since 2007-2008, performance agreements for the senior management group also include, where relevant, targets and commitments to implement specific management responses from finance and administrative audits related to their areas of responsibility.

c) Governance

In 2008-2009, Parks Canada implemented its independent audit committee consistent with the TB Internal Audit Policy requirement. The committee is composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[1] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal Audit Function and Products: the Agency's Internal Audit Charter; the adequacy of resources of the internal audit activities; the risk assessment and the Internal Audit Plan; the performance of the internal audit function; the appointment and performance appraisal of the CAE; internal audit reports and management action plans including following up to ensure action plans are implemented.
  • External Audit and Review: management support to the Office of the Auditor General and central agencies doing audit work in the Agency; the nature of the audit work; the reports and recommendations produced; and comments and advice on matters of the Agency's risk, control, and governance; and government-wide initiatives to improve management practices.
  • Financial Statements and Public Accounts Reporting: the Agency's financial statements including all significant accounting estimates and judgments, significant adjustments and management letters resulting from external audit, and findings and recommendations relating to the internal controls in place for financial statement reporting.
  • Risk Management: the corporate risk profile and Agency's risk management arrangements.
  • Agency Accountability Reporting: the Agency's Report on Plans and Priorities/Corporate Plan (RPP), the Agency's Annual Performance Report (DPR) and other significant accountability reports
  • Values and Ethics: the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies, and standards of ethical conduct.
  • Management Control Framework: the Agency's internal control arrangements, including the adequacy of management-led audits.

The committee is also responsible for preparing an Annual Report summarizing it's activities including an assessment of the system of internal controls and significant concerns and recommendations related to risk management, controls, and accountability. It also provides an assessment of the capacity and performance of the internal audit function. The first annual report will be prepared in April 2009.

d) Office of Internal Audit and Evaluation (OIAE)

The organizational chart for the internal audit function in the Office is shown below.

organizational chart for the internal audit function in the Office

Planned spending for 2009-2010 is shown in Table 2.

Table 2: Planned Internal Audit Spending for 2009-2010

  CAEE Office Internal Audit Total
FTEs 1 6 7
Salary 20,500 451,000 471,500
Benefits 4,100 90,200 94,300
Accommodations 2,795 58,630 61,425
Sub Total 27,395 599,830 627,225
O&M For Staff Support 10,000 39,000  
O&M for Professional Services   153,500  
Auditor Training and Certification Funds   30,000  
Audit Committee Funds 135,000    
Sub Total O&M 145,000 222,500 367,500
Grand Total 172,395 822,330 994,725
CAEE Office FTEs includes .5 of the FTE for the Chief Audit and Evaluation Executive and for the Executive Assistant. It only includes the salary, and associated benefit/accommodations for the Executive Assistant position, as the salary for the CAEE is administered centrally for all executive level employees in the Agency. The table does not include carry forward amounts from 2008-2009, which were not known at the time of the plan. Some carry forward is expected and will be used to support addition audit project work.

The budget includes $336K provided by TB for internal audit to support implementation of the 2006 policy (i.e., $135K to support the independent audit committee, $30K for auditor training and certification, and $171K for salary/EBP/accommodations/O&M).

Given these resources, it was estimated that the OIAE would have the capacity to conduct approximately five to six risk-based internal audit engagements (i.e., an average or typical engagement is 1,200 hours of effort). The actual number of audit projects undertaken in any one year may differ from these estimates to the extent that estimates of actual project hours differ from average project hours. Details of the calculations involved in these estimates are shown in Appendix 1, along with allocation of hours to non-risk based work including central agency directed audits, special projects and consulting, advice and coordination.

Professional Development: The TB Guidelines on Expected Qualifications for Chief Audit Executives suggest that Chief Audit Executives obtain a Certified Internal Auditor (CIA) designation by March 2009. Currently, the CAEE and the Head of Internal Audit are actively pursuing this designation. The Office has made provisions in staff training plans to support certification for all interested internal audit staff.

4. The Audit Universe and Planning Considerations

The audit planning process begins with the development of a universe of all auditable entities in the organization. Parks' Canada audit universe developed for the 2007-2008 and 2008-2009 planning cycles is based on a modified version of the Treasury Board Management Accountability Framework (MAF). This universe differs from the TBS MAF in several respects. Table 3 shows the universe with links to OCG guide to auditors on core controls and to recent internal audits and relevant work by external assurance providers.

In November 2008 the Internal Audit Group began work on a revised and more elaborate audit universe based on specifying in detail sub elements within each MAF element and using existing documents and management input to develop brief descriptions of the key governance, risk management and control concerns within each sub-element. The process is a modified version of the audit planning process developed by Natural Resources Canada. A complete description of the revised universe is expected to take several months and will not be completed in time to influence the 2009-2010 planning cycle. For the upcoming year, the results of the last two risk rating processes where incorporated into planning considerations along with the other factors reviewed below.

Table 3: Past Coverage of MAF Universe by Internal Audit and Other Assurance Providers

MAF
Major Elements
Sub-Elements Core Management Controls Internal Audits January
2005 to March 2009
Work of External
Assurance Providers
Public Service Values Values Based Leadership, values and ethics are established, understood, communicated, effective and monitored PSV-1 to 5 Audit Of Values And Ethics Control Framework
(December 2009)
 
Governance and Strategic Direction Corporate Performance Framework (Consistency of strategic objective and PAA with mandate, clarity and measurability of outcomes, alignment of PAA with outcomes) G-3   OAG Annual Report on Sustainable Development Strategies
OAG Annual Review of Performance Report
Effective Corporate Management Structures (e.g., Ex. Board, Finance and HR Committees, Min Roundtable, other governance mechanisms) G-1, 2, 5, 6    
Organizational Structure and Accountability, Authority, Responsibility - Clear, Communicated And Understood AC-1 to 3    
Management Planning And Public Consultation (Integration with corporate planning, enables effective allocation of resources, alignment of activities to outcomes, clarity of results and management of accountabilities) G-4, 5    
Business Planning: Integration with corporate and management planning, resource allocation to achieve results, clarity of results, adequate financial and non-financial information). G-4 Description of Planning and Budgeting Control Framework
(March 2009)
 
Collaborative Arrangements And Managing With Others (Engagement of Third Parties in Delivery of Mandate) AC-4    
  Analysis to support policy and program design: Quality, adequacy, soundness of analysis, resourcing, approach for monitoring PP-1 to 3    
Results and Performance Performance/
results:
at the organizational/
program level tracked/monitored against expectations, reported, corrective action taken
RP 1 to 3   OAG Annual Review of Performance Report
Learning, Innovation and Change Management Management of change, knowledge and talent management, developing employee skills and rewards and sanctions PPL-6, LICM-1-4    
Risk Management Risk Management Policies And Practices (Risk management process and risk mitigation strategies established, Informs the Corporate Plan, Formally Articulated) RM-1 to 8    
People Sustainable HR Policies And HR Planning, aligned, integrated with other planning PPL-1, 7    
Classification, Recruitment, Hiring and Promotion, Design and Fairness PPL-2, 3 Staffing Audit
(September 2007)
 
Occupational Health And Safety     OAG Chapter 3 Safety of Drinking Water: Federal Responsibilities
(February 2009)
Individual Performance Linked to business performance, assessment of individual performance, performance linked to staff evaluations PPL-5 RP-4    
Internal Communications PPL-8    
Official Languages (Internal And External Service Delivery)      
Labour Relations/Conflict Resolution      
Stewardship Information Management And Privacy (Governance, management of information; Administration/
Compliance Privacy Act and ATIP)
     
Systems under development ST-21 IT/IM Systems Description and Risk Assessment for Internal Audit
(March 2009)
 
Systems and information continuity ST-19  
System application controls/security ST-11  
New System Integration/
Connectivity
   
Asset Management ST-8, 9 Audit of Fleet Vehicle/Vessel Management (March 2009)  
Project Management      
Realty Services (Land Management)      
Security and Business Continuity      
Transfer Payments      
Pay And Benefits Administration   Pay & Benefits Audit
(August 2006)
 
Financial Planning and Budgeting (Budgets linked to objectives, clear process, timely allocation, challenge to assumptions, monitoring forecasts ST-1 to 4 27 Audits of Key Financial and Administrative Controls at Business Units Annual Auditor General Audit of Agency Financial Statements
Financial Management Policies (Established, communicated, compliance, monitored) ST-5, 6
Transaction Processing (Recording is accurate, timely, information is maintained, safeguarded, backed-up, adequate segregation of duties) ST-10, 12, 13
Monitoring (Verification of assets and records, analysis of variance, comparison of results achieved against expectations, reallocation of resources) ST-14, 16, 17, 20
Reporting (Financial information reviewed, approved, communicated internally and externally) ST-18, 20 Fire Management Emergency Funds
(March 2009)
Contract Management ST-22
Other Expenditures (Hospitality, Travel, Taxis, Vehicle Rentals, AMEX, Conferences, Memberships)  
Revenue From Fees i.e., entry, camping, recreational services   Audit of Revenue
(March 2009)
OAG Audit of Managing User Fees in Government
Other Revenue: Staff housing, Business Licenses, Other Rights and Privileges      

a) Status of Projects in 2008-2009 Plan

Five planned assurance audits were completed in 2008-2009 including:

  • Audit of Values And Ethics Control Framework January 2008
  • Audit of Fleet Vehicle/Vessel Management
  • Audit of Revenue Management: Originally planned to cover all revenue generated by the Agency, the audit was divided into two parts with the first phase covering revenue from entry and recreational fees completed as planned in 2008-2009. A second audit on other kinds of fees (e.g. business licences) will be conducted in 2009-2010.
  • Audit of Fire Management Emergency Funds
  • Follow up Audit of Key Financial and Administrative Controls in Western Quebec FU.

In addition two descriptions and surveys where completed providing the basic background to conduct future assurance work:

  • IM/IT Systems Description and Risk Assessment for Internal Audit (i.e., combined the IT/IS and IM and Privacy projects in 2008-2009 plan into one assessment)
  • National Level Planning and Resource Allocation Control Framework (i.e., originally titled National Level Finance and Administrative Control Framework this project was reduced in scope to focus on a description of core planning processes and links to budgeting and allocation of funds in the Agency).

Two planned projects will continue from 2008-2009, one of which was scheduled to take place over more than one fiscal year.

  • A description and framework for Sustainable HR Policies and HR Planning originally scheduled for tabling in September 2009 is still on track.
  • A description and survey of Collaborative Arrangements and Managing with Others was postponed from 2008-2009 due to difficulties in obtaining a meaningful description of the universe of such arrangements and the reallocation of resources to move forward the new audit universe project.

One unplanned assurance audit was begun in 2008-2009

  • Audit of Information Management and Privacy was added to the plan in 2008-2009 as a result of the completed IM/IT system description and survey noted above. A consultant was engaged for the project in January 2009 and it is scheduled to finish September 2009.

b) Agency's Corporate Risk Profile

In 2008-2009 the Agency developed its first corporate risk profile (see Appendix 3 for details). The five major risk areas were:

  • Public and/or Aboriginal support may be insufficient to advance the Agency's mandate and program priorities.
  • The Agency's service offer (i.e., competitive position) may not be attractive or of interest to Canadians
  • Job market pressures may make it difficult to recruit and retain qualified employees and impair ability to deliver on program
  • Failure to capture and manage information hinder the ability to effectively manage all program areas and meet legal requirements.
  • Governance Operational imperatives may overtake the corporate agenda, hindering the ability to provide strategic direction and/or make strategic decisions

Some of these risk areas cut across many of the program activities (i.e., recruiting and retaining qualified staff, information management, keeping a focus on the Agency's strategic directions). Others relate to specific programs particularly the Public Appreciation and Understanding, and Visitor Experience programs.

c) Agency Renewal

In December 2007 the Chief Administrative Officer of the Agency began, with the support of a seconded team, a full time project to focus and coordinate the Agency's efforts directed toward change management and renewal of Agency programs. This renewal responds a number of external drivers for change as organizational imperatives such as the need to implement a new way of providing law enforcement services. The external drivers include: changing demographics (e.g., an aging more multicultural Canadian population), changing technology, continuing loss of biodiversity and built heritage, changes in patterns of how people spend their leisure time, and increased national and international competition for tourist visits. Visitation at many national parks (i.e., outside of the Mountain Parks and NMCAs) and historic sites has decreased by close to 20% over the past five years. Agency renewal is essential to ensure that Parks Canada continues to be relevant to Canadians and can effectively deliver its mandate into its second century.

The foundation for the Agency Renewal is the development of a case for change and a new Vision Statement. Phase 1 of the Renewal communications was launched in January 2009 and marks the formal start of engaging employees in the renewal process. Phase 2 will include launch of a Renewed Parks Canada brand and associated activities designed to increase Canadians awareness, understanding, product differentiation, and positive images of the products and services offered. Branding is related to the Public Understanding and Appreciation and the Visitor Experience program activities but has wider implications with all program activity areas. These two program activities are also under going a major realignment of the functional structures (i.e., positions) with completion targeted for April 2010. To support this realignment, affecting 3000 employees, the Agency is concurrently developing new roles and responsibility statements, accountabilities management tools and training to strengthen capacity in these 2 functional areas. In addition, the Agency is in the initial stages of renewing the national historic sites program to make the program more responsive to the needs of Canadians.

The Resource Conservation Program is affected by the introduction of a new mechanism for law enforcement in response to Canada Appeals Office (now known as the Occupational Health and Safety Tribunal Canada) Direction on Law Enforcement in Canada's National Parks (May 2007) and the Government of Canada announcement to arm up to 100 law enforcement personnel in Parks Canada (May 2008). The new program will be staffed and operating by April 2009 and already has an approved RBAF. At the same time the Agency is undertaking renewal of the resource conservation function (i.e., roles, responsibilities, accountabilities and investments related to all aspect of resource conservation at the national office, service centre and field level.). A complimentary initiative is the development of a more coherent approach to prevention programming (i.e., preventing incidents before they occur and resolve incidents when they do occur safely and effectively). This program is being developed concurrently and in coordination with the new law program and will involve training a possible 3,500 employees.

In some cases these change priorities are well advanced (e.g., the law enforcement program that includes an approved RBAF and audit commitments) while in others the change effort is only beginning (e.g., renewal of the NHS program).

These initiatives and change efforts link to the audit universe in a number of ways including the general area of Learning, Innovation and Change Management, and several aspects of people management including human resources planning, classification, recruitment, hiring and promotion, occupational health and safety and internal communications. The OIAE has consulted with management on these initiatives and taken them into account in planning.

d) Prior Risk Assessments and Current Management Priorities

In previous planning cycles universe elements were rated by groups of managements on various criteria to arrive at an overall score of audit worthiness or risk (see Appendix 3 for the details of the universe and past ratings). The following were consistently identified as areas of potential audit focus.

  • Risk Management Policies and Practices
  • Asset Management
  • Collaborative Arrangements and Managing With Others
  • Information Management and Privacy
  • Aspects of Information Technology and Systems particularly systems under development
  • Management of Change, Knowledge and Talent Management
  • Security and Business Continuity
  • Sustainable HR Policies and HR Planning

The management rating process was not repeated for the 2009-2010 Plan given the changes in the universe that are currently being worked through. Senior management and the audit committee were consulted on the draft plan to ensure their views were taken into account in identifying risks and timing of audit projects.

e) Follow-up Audits

In some cases, specific follow-up audits of particular business units are scheduled following the approval of the original audit and management responses. One follow-up audit is planned for 2009-2010 (i.e., a follow-up of August 2006 Audit of Pay and Benefits which will also incorporate the description and survey work on overtime started as part of the 2007-2008 audit plan).

f) Considerations Arising from TB Submissions, RBAFs and Budget 2009

TB approval of funding to the Agency to support the Quebec 400th anniversary celebrations included a requirement to audit the use of the funds (i.e., $24M) part way through the project and again after completion of the project in 2008. The first audit was approved in October 2007. A second audit is planned for 2009-2010.

The Agency also has specific commitments to audit construction contracts for twining the TransCanada highway as of June 1, 2011. Funding for these projects was received from the Asia Pacific Gateway and Corridor Initiative and the Gateway and Boarder Crossing Fund. Additional funding for twinning the remaining portions of highway was announced in Budget 2009 (i.e., $130M) and will have similar provisions.

Budget 2009 also provided the Agency with $75M for infrastructure projects related to the visitor experience program and an additional $75M for addressing concerns related to built cultural heritage including $8M to new funding for the NHS Cost-Share Program. Both of these amounts are provided over two years. At the program level the impacts of these new resources will be addressed through evaluation work. However, the internal audit function will develop a risk-based program of construction projects audits in 2009-2010 to provide more systematic on-going oversight of this activity (i.e., capital spending in 2007-2008 totalled $97.8M or 15% of the Agency's total expenditures for the year).

There are also some general commitments in several RBAFs or Treasury Board decisions to conduct audit work as and when viewed as necessary in the risk based audit planning process. Examples include a general commitment to consider recipient based audits as part of the approved RBAF for Advancing Conservation Interests in the Northwest Territories; a general commitment to consider audits of either the program framework or individual projects in the approved funding for assessing contaminated sites; and a general commitment to do risk based audits of the contributions under the Agency's General Class Contribution Program Authority.

g) OCG/TBS Directed Work

TB Internal Audit Policy provides for the Office of the Comptroller General to conduct horizontal audits of government activities. Internal audit groups are expected to provide support to these audits. Currently, the OCG is in the planning stages of horizontal audit on Corporate Risk Profiles which aims to assess the extent to which departments and agencies have effective processes in place to identify and prioritize the risks having the most impact on the achievement of their objectives and the extent to which risk profiles are linked with business plans and performance measures. As of the planning date, it is not known if the Agency will be included in the scope of this audit.

h) Work of Other Assurance Providers

The Offices of the Auditor General and the Commissioner of the Environment and Sustainable Development have conducted or plan to conduct several audits that are of relevance to internal audit and evaluation planning in the Agency. Relevant recent chapters include:

  • Safety of Drinking Water: Federal Responsibilities (tabled Feb 2009)
  • Sustainable Development Strategies (tabled Dec 2008)

Additional audits in 2009-2010 that include Parks Canada within their scope include:

  • Canadian Environmental Assessment Act (to be tabled Nov 2009)

The Office of the Auditor General also conducts review level assurance work each year on the fairness and reliability of the performance information in the Agency's Annual Performance Report and audits the accrual financial statements that appear in the report. The OIAE has taken this assurance work into account in planning its priorities.

5. Planned Projects

Table 4 shows the modified MAF universe, the OCG draft list of core controls and, the proposed areas for audit assurance work (i.e., highlighted in green) and for descriptions and surveys that serve as background for planning audits (i.e., in yellow) for the next three fiscal years. Audit resources are not fully committed for the 2010-2011 and 2011-2012 years pending the outcome of the new planning process reviewed above.

The 2009-2010 Audit Plan includes one modification from the projects shown in the 2008-2009 plan. This is the decision to delay until 2010-2011 planned work on management of change, knowledge and talent management given the on-going work on Agency renewal.

Table 5 provides more details on planned projects for 2009-2010. The initial follow up on Pay and Benefits has been modified to include overtime based on the description of this element that was done in 2008. The project will now require more audit work than a regular follow up.

A new cycle of financial and administrative control audits is also starting in 2009 and will be carry on for the next eight fiscal years.

Extent and Limitations of Coverage

Proposed internal audit coverage of the elements of the MAF universe is sufficient to cover several areas of higher risk identified based on various inputs as well as providing some, but not complete coverage, of the draft list of core management controls identified by the Office of the Comptroller General.

Proposed audit assurance work for 2009-2010 will cover information management, compensation, business continuity, construction projects, financial and administrative controls related to revenue (i.e., other than entry fees) and several audits related to basic financial or administrative controls at the business unit level. Major areas such as corporate management, organizational and accountability structures; collaborative arrangements and managing with others; and sustainable HR policies and planning will have their governance, controls and risk management processes described and documented to prepare for future audit work.

In year two of the planning cycle a program of human resources related audits at the business unit level will be implemented consistent with the direction from the internal audit committee following the national audit of staffing. Specific audit work resulting from the development of the IT/IS audit universe and risk assessment will also begin. Some review level work will be done on the Agency's risk identification process and corporate risk profile. Not all internal audit resources are currently committed for years two and three of the planning cycle.

While internal audit work over the next few years will cover several significant elements of the audit universe it is not sufficient to address all areas of risk or support a holistic opinion on the overall state of governance, risk management and controls in the Agency. As noted in previous plans, it is estimated that an additional three internal auditors would be necessary to more fully comply with Internal Audit Policy and the Internal Audit Professional Practice Standards adopted by the government.

Table 4: MAF Universe and Scheduled Audit Projects for 2009-2010 and 2010-2011

Rated Elements Core Controls 2009-2010 2010-2011 2011-2012
Values and Ethics Values Based Leadership PSV-1 to 5      
Governance Corporate Performance Framework G-3      
Effective Corporate Management Structures G-1, 2, 5, 6      
Organizational Structure and Accountability, AC-1 to 3    
Management Planning and Public Consultation G-4, 5      
Business Planning G-4      
Collaborative Arrangements and Managing With Others AC-4 Description and Survey    
Policies and Programs Analysis to support policy and program design PP-1 to 3   Law Enforcement Program  
Performance and Results Performance/
results
RP 1 to 3      
Management of Change Management of change, knowledge and talent management PPL-6, LICM-1-4      
Risk Management Risk Management Policies and Practices RM-1 to 8   Review Level Work  
People Sustainable HR Policies and HR Planning PPL-1, 7 Description and survey    
Classification, Recruitment, Hiring and Promotion PPL-2, 3   HR Cycle
  • Nfld West & Labrador
  • Eastern Ontario
  • Coastal BC
  • Southwest NWT
  • Northern Prairies
  • Highway SC
HR Cycle
  • Nfld Est
  • Central Ontario
  • Gwaii Hsanas
  • Saskatchewan S.
  • Hot Springs Ent.
Internal Communication PPL-8  
Individual Performance PPL-5 RP-4  
Official Languages (Internal And External Service Delivery)    
Occupational Health and Safety        
Labour Relations/
Conflict Resolution
       
Stewardship Information Management and Privacy   Audit    
Systems under development ST-21      
Systems and information continuity ST-19     ICE
System application controls/security ST-11   Audit Campground Reservation System & Point of sales  
New System Integration/
Connectivity
       
Asset Management ST-8, 9 Description and Assurance Audits for
Construction projects
   
Project Management   Quebec 400th anniversary Twinning TransCanada Highway  
Realty Services (Land Management)        
Security and Business Continuity   Audit    
Transfer Payments        
Pay and Benefits Administration   Follow-up of Pay and Benefits Audit (including overtime)    
Financial Planning and Budgeting ST-1 to 4 Financial and Administrative Control Audits
  • S&P Directorate
  • ERVE Directorate
  • Jasper FU
  • Quebec FU
  • Quebec Service Center
Financial and Administrative Control Audits
  • PEI
  • Northern Ontatio
  • Western Arctic
  • Quebec FU
  • Waterton Lakes
  • Atlantic SC
  • CEO’s Office
Financial and Administrative Control Audits
  • NHS Directorate
  • KYLL
  • Riding Mountain
  • Yukon
  • Southwest Ontario
  • Saguenay-St-Laurent
Financial Management Policies ST-5, 6
Transaction Processing ST-10, 12, 13
Financial Monitoring ST-14, 16-17, 20
Financial Reporting ST-18, 20
Contract Management ST-22
Other Expenditures (Hospitality, Travel, Taxis, Vehicle Rentals, AMEX, Conferences, Memberships)  
Fees i.e., entry, camping, backcountry use and camping        
Other Revenue (recreation fees, rights & privileges, licence fees)   Audit    
Other Revenue (rentals and concessions)   Audit

Table 5: Internal Audit Project Scheduling for 2009-2010

Projects Planned or Actual Dates Resources Required*
2008-2009
Topic Type Description Carry For-
ward from
2007-
08
Start
Date
Comple-
tion of the field-
work
Comple-
tion of
Report
Tabling at Audit Commit-
tee
Appro-
ximate hours
O&M
Collaborative Arrangements and Managing with Others Description and survey Document the types and range of the collaborative arrangements within the Agency and associated risks in controls to assist in planning future audit work Y Feb 09 Nov 09 Jan 10 March 10 800  
Sustainable HR Policies And HR Planning Description and Survey Document HR policies, plans and processes assess alignment with strategic plan and business plans, mechanisms for assessing compliance and renewing policies and plans. Y Jan 09 Nov 09 Jan 10 March 10 800  
Information Management and Privacy Assurance Parks Canada's ability to meet its strategic and operational goals relies upon effective access to quality information to support decision-making processes and maintenance and preservation of its documentary heritage. Therefore the Agency must have in place thechnology and processes to ensure that the right information is available to the right people, at the right time and place, through the right processes. N Feb 09 June 09 Aug 09 Sept 09 1200 $150K
Business Continuity Plan Assurance Assess the efficiency and effectiveness of the Agency's Business Continuity Plan. This work is a requirement of the MAF assessment process. N Oct 09 Jan 10 Feb 10 March 10 600  
Follow up of Pay and Benefit Audit (including overtime) Assurance Follow up on progress in implementing management action plan committed in the previous audit project conducted in 2006. As overtime has been incorporated in the project, more audit work will be performed compare to a regular follow up. N April 09 Sept 09 Dec 09 March 10 1200 $25K
Financial and Administrative Controls Assurance Audits related to contracting, travel claims, account payable, revenue, inventory…              
Strategy and Plans Directorate N Sept 09 Dec 09 Jan 10 March 10 600  
External Relations and Visitor Experience Directorate N Oct 09 Jan 10 Feb 10 March 10 600  
Jasper Field Unit N June 09 Augt 09 Oct 09 Dec 09 600 $25K
Quebec Field Unit N June 09 Aug 09 Oct 09 Dec 09 600 $25K
Quebec Service Centre N June 09 Aug 09 Oct 09 Dec 09 600 $5K
Construction Projects Assurance
(Overall Process & Governance)
Assess the overall project management, governance and contract allocation processes. N May 09 Sept 09 Nov 09 Dec 09 400 $10K
Construction Projects Assurance
(Financial Compliance)
Audit construction projects selected from the universe to asses the compliance in regards to the business case and the statement of work. N July 09 Nov 09 Jan 10 March 10 1200 $25K
Espace 400e Assurance Parks Canada received $24 million to commemorate the 400th Anniversary of Québec City. The project included the creation of a new component of Parks' network of discovery centers. The TB Submission requires that an audit be conducted at the end of the project to ensure proper usage of the money. N July 09 Nov 09 Jan 10 March 10 600 $5K
Revenue Management Assurance (Phase 2)
Based on its findings of previous field unit level finance and administrative audits it is proposed to conduct a national level audit of revenue management focusing on risks related to cash management and segregation of duties to ensure the completeness and accuracy of data.
Y May 09 Sept 09 Dec 09 March 10 1200 $25K
* Approximate hours reflect required effort within the fiscal year. Projects that extend beyond a fiscal year will require more effort than shown in the table. Staff or consultants may perform the work. O&M required includes costs of professional services and/or costs of staff travel.

Appendices

1. Assumptions in the Calculation Of Audit Capacity
2. Audit Universe and Ratings of Risk
3. Parks Canada Corporate Risk Profile

1. Assumptions in the Calculation Of Audit Capacity


  1. Hours Available for Work Per FTE Hours Available
    52 week/year * 5day week *7.5 hour/days 1950.0
    Average days holiday (20 days) -150.0
    Average days sick (5 days) - 37.5
    Average days training (5 days) - 37.5
    Total Work Time Available 1725.0*
    * Equivalent to 230 working days

  2. Hours Available for Audit Work: On average it is assumed that one hour per working day is allocated to breaks (i.e., 230 hours per auditor), leaving 1,495 hours of actual working time. It is further assumed that approximately 20% of the actual working time per auditor (i.e., 299 hours per year) is allocated to unit administration, including planning, meetings, supporting internal systems, support to the audit committee, human resources issues, follow-up on the status of previous audit recommendations, etc. The remaining time is allocated to audit work in point c, and to risk based audit work.

  3. Types of Audit Work: Available work hours are allocated to the following tasks:

    OCG Directed Audit Requirements
    • The Comptroller General requires up to 20% of internal audit resources be available to participate in government wide horizontal audits each year. These audits are based on government-wide risk analysis and may not be risk-based audit priorities for the Agency.
    • This category does not include audit work required as part of TB submissions or RMAF/RBAF commitments, which is treated as part of the risk-based project work.

    Special Requests
    • Periodic special requests by management outside the approved audit plan are typical. Examples include audits related to potential fraud or wrongdoing.

    Consulting/Advice/Coordination
    • Consulting and providing advice related to audit, controls is a normal part of the activities of the OIAE. Frequently, the OIAE has also taken a lead role in coordinating the work related to Auditor General performance audits and follow-ups.

  4. O&M Dollars Available for Contracting: Additional capacity can be purchased from contracted professionals based on available O&M budgets. An average per diem of $1,200 per day or $160 per hour is used for this calculation. For 2009-2010, the O&M budget for professional services is $153.5K.

  5. The resource consumption of the average audit project: The average number of hours consumed by an audit project is affected by many factors, including its scope and complexity as well as the skills of the personnel performing the work. Based on a review of prior experience with contracted projects and estimates of internal staff time devoted to projects typical values of 1,200 hours per internal audit project were identified.

A significant exception to this general project average is Parks Canada's cycle of standardized financial and administrative audits where each audit involves from 250 to 450 hours depending on whether new areas are being audited necessitating development of new audit programs. Therefore, between 3 and 6 of these audits are equivalent to one typical internal audit as defined above.

A) Resources CAEE Office Internal Audit Total
FTEs 1 6 7
Hours Available for Work (Less vacation, sick and training days, and 1 hour per working day for breaks leaving 1,495 hours per FTE) 1,495 8,970 10,465
Professional Service Hours Purchased (O&M for professional Services/$160 per hour)   959 959
Total Hours Available 1,495 9,926 11,421
B) Demands      
Administration i.e., (75% of CAEE, 100% of Admin. Assistant and 25% of other staff hours are allocated for activities such as planning, meetings, work on internal systems, support to the audit committee, human resources, quality control, follow-up on previous recommendations, etc.). -1,346 -1,794 -3,140
OCG Directed Audits (10% of one FTE) -10 -150 -160
Special Requests (.25% of one FTE) -15 -374 -389
Consulting/Advice/Coordination (40% of one FTE) -125 -598 -723
Residual Hours for Risk Based Projects -1 7,010 7,010
C) Project Capacity      
Number of Typical Projects (1,200 hours per project)     5.8

2. Audit Universe and Ratings of Risk

The Agency's modified MAF universe differs from the TBS MAF in that the elements effectiveness of extra organizational contribution; quality and use of evaluation, and effectiveness of the internal audit function are not rated. Other elements such as quality of analysis in TB submissions, quality of reporting to Parliament, workplace is fair, enabling, healthy, safe, productive, principled, sustainable and adaptable, are modified in various ways to make them more applicable to the Agency's context. Client Focused Service has been integrated into the program activity Visitor Experience and is not treated as part of the MAF universe.

In 2008, 21 managers from various areas including the Office of Internal Audit and Evaluation rated the elements on four criteria. These ratings were combined to create an average score per respondent for each element in the universe ranging from –2 to +2 (i.e., not all participants rated every element). The ratings determined in this way reflect the views and experiences of the responding managers and may differ if more or different groups of managers had responded. The scores are averages and do not reflect the degree of variability within and between groups of respondents. The eight areas with the lowest scores (i.e., lower scores indicated more need for potential audit work) are shown in red while the eight areas with the highest scores are shown in green.

Number Major
MAF Element
Element in MAF 6 TBS Assess-
ment
Rated Elements Core Manage-
ment Controls
2008
Average Rating
(-2 to +2)
1 Public Service Values 1 Values Based Leadership, values and ethics are established, understood, communicated, effective and monitored PSV-1 to 5 0.62
2 Governance 2 Corporate Performance Framework (Consistency of strategic objective and PAA with mandate, clarity and measurability of outcomes, alignment of PAA with outcomes) G-3 1.20
3 3 Effective Corporate Management Structures (e.g., Ex. Board, Finance and HR Committees, Min Roundtable, other governance mechanisms) G-1, 2, 5, 6 0.85
4 3 Organizational Structure and Accountability, Authority, Responsibility - Clear, Communicated And Understood AC-1 to 3 0.58
5 3 Management Planning And Public Consultation (Integration with corporate planning, enables effective allocation of resources, alignment of activities to outcomes, clarity of results and management of accountabilities) G-4, 5 0.35
6 3 Business Planning: Integration with corporate and management planning, resource allocation to achieve results, clarity of results, adequate financial and non-financial information). G-4 0.85
7 3 Collaborative Arrangements And Managing With Others (Engagement of Third Parties in Delivery of Mandate) AC-4 -0.27
8 Policy and Programs 5 Analysis to support policy and program design: Quality, adequacy, soundness of analysis, resourcing, approach for monitoring PP-1 to 3 0.24
9 Results and Performance 7 Performance/results: at the organizational/program level tracked/monitored against expectations, reported, corrective action taken RP 1 to 3 0.69
10 Change Management 8 Management of change, knowledge and talent management, developing employee skills and rewards and sanctions PPL-6, LICM-1-4 -0.07
11 Risk Management 9 Risk Management Policies And Practices (Risk management process and risk mitigation strategies established, Informs the Corporate Plan, Formally Articulated) RM-1 to 8 -.078
12 People 10, 11, 21 Sustainable HR Policies And HR Planning, aligned, integrated with other planning PPL-1, 7 0.12
13 Classification, Recruitment, Hiring and Promotion, Design and Fairness PPL-2, 3 0.74
14 Occupational Health And Safety   1.33
15 Individual Performance Linked to business performance, assessment of individual performance, performance linked to staff evaluations PPL-5 RP-4 0.89
16 Internal Communications PPL-8 0.79
17 Official Languages (Internal And External Service Delivery)   1.03
18 Labour Relations/Conflict Resolution   1.22
19 Stewardship 12 Information Management And Privacy (Governance, management of information; Administration/Compliance Privacy Act and ATIP)   -0.27
20 13 Systems under development ST-21 -.003
21 Systems and information continuity ST-19 0.63
22 System application controls/security ST-11 0.33
23 New System Integration/Connectivity   -0.14
24 14 Asset Management ST-8, 9 -0.48
25 15 Project Management   -.010
26 14 Realty Services (Land Management)   .0.23
27 19 Security and Business Continuity   0.14
28   Transfer Payments   1.21
29   Pay And Benefits Administration   1.04
30 17 Financial Planning and Budgeting (Budgets linked to objectives, clear process, timely allocation, challenge to assumptions, monitoring forecasts ST-1 to 4 0.66
31 Financial Management Policies (Established, communicated, compliance, monitored) ST-5, 6 1.21
32 Transaction Processing (Recording is accurate, timely, information is maintained, safeguarded, backed-up, adequate segregation of duties) ST-10, 12, 13 1.13
33 Monitoring (Verification of assets and records, analysis of variance, comparison of results achieved against expectations, reallocation of resources) ST-14, 16, 17, 20 0.57
34 Reporting (Financial information reviewed, approved, communicated internally and externally) ST-18, 20 1.08
35 16 Contract Management ST-22  
36   Other Expenditures (Hospitality, Travel, Taxis, Vehicle Rentals, AMEX, Conferences, Memberships)    
37   Revenue From Fees i.e., entry, camping, recreational services   1.00
38   Other Revenue: Staff housing, Business Licenses, Other Rights and Privileges   0.77

3. Parks Canada Corporate Risk Profile

Risk Category and
Label
Description Rele-
vant PAs
Mitigation OIAE Work
Public Public support Support from local communities, stakeholders, NGOs, and the Canadian public may not exist or be insufficient to advance Parks Canada's programs. 1-5 Risk being mitigated in current business plans. Evaluation Framework For Public Appreciation and Understanding
Inter-governmental collaboration Need for collaboration with other federal departments, provinces, territories, and municipalities may lead to delays and ultimately impede implementation of Parks Canada's programs. 1-5   Audit Framework Collaborative Arrangements and Managing with Others
Aboriginal support Support from Aboriginal peoples may diminish and become insufficient to advance Parks Canada's programs. 1-5 Guide to formalized Aboriginal advisory relationships; Improved linkages with other federal departments for policy.
Socio-economic Exploration and development pressures Exploration in oil, natural gas and mining, as well as development pressures, may limit opportunities for NP, NMCA establishment, NHS commemoration, and conservation and presentation of heritage places. 1, 2, 4   Evaluation Framework National Parks Conservation
Economic conditions Economic conditions across the country and internationally may hinder the ability to sustain Parks Canada's operational environment. 4 and 5    
Competitive position Parks Canada's service offer may not be attractive or of interest to Canadians in comparison to other parks and cultural attractions and/or leisure activities. 4 National Marketing and Communication Plan; Branding Identity; National Awareness Campaign; National Historic Sites Renewal. Evaluation Frameworks for the Public Appreciation and Understanding Program and the Visitor Experience Program
Job market pressures Failure to recruit and retain qualified employees may lead to challenges in delivery of all programs and support functions. 1-5 and ISD Agency diversity program; Agency succession approach Audit Framework HR Planning and Policies
Techno-
logical
Adoption of technology Use of information technology in Parks Canada's service offer may not meet employee, visitor and outreach expectations. 2-4    
Environ-
mental
Climat change Climate change may threaten or destroy cultural resources, ecosystem elements and/or assets and affect Parks Canada's service offer. 1, 2 and 4   Evaluation Framework National Parks Conservation
Biodiversity loss Biodiversity loss may threaten or destroy ecosystem elements and affect Parks Canada's service offer. 1,2 and 4  
Disasters Disasters may impair or destroy critical infrastructure and/or assets of national historic significance. 1, 2, 4 and 5   Audit Business Continuity Planning
Parks Canada's Business Operations Information management Failure to capture and manage pertinent data and information may hinder the ability to effectively manage all program areas and meet legal requirements. 1-5 and ISD Records Disposition Authority; Enterprise Information Committee; Information Management and ATIP and Privacy Awareness training, Phase 1. Audit of Information Management
Governance Operational imperatives may overtake the corporate agenda, hindering the ability to provide strategic direction and/or make strategic decisions. 1-5 and ISD Accountability for results; Alignment of planning and reporting Audit Framework Planning and Budgeting Framework
Labour relations Failure to negotiate a collective agreement may hinder the delivery of Parks Canada's programs 1-5 and ISD    
Emergency responsiveness Parks Canada may be perceived as responding inadequately to emergencies. 4-5   Audit Business Continuity Planning
PA-1: Heritage Places Establishment, PA-2: Heritage Resources Conservation, PA-3: Public Appreciation and Understanding, PA-4: Visitor Experience, PA-5: Town-Site and Throughway Infrastructure, ISD: Internal Service Delivery

[1] Originally chaired by CEO, the committee modified its terms of reference in December 2008. The chair and vice-chair of the committee are now external members.