Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Multi-Year Internal Audit Plan - 2012-13 to 2014-15

Office of Internal Audit and Evaluation Parks Canada
September 27 2012

Recommended for Approval by Parks Canada Audit Committee: September 27, 2012
Date approved by CEO: October 26, 2012

Table of Contents

Executive Summary

The Parks Canada 2012–2013 Multi-Year Internal Audit plan outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit projects and activities for the next three years.

Parks Canada’s Office of Internal Audit and Evaluation (OIAE) adheres to the government’s policy, directive and standards for internal audit. The audit function consists of the Chief Audit and Evaluation Executive (CAEE) and eight auditor positions.

The audit universe (i.e., all the individual “auditable entities” that may be subjected to IA activity) consists of 30 entities based on a modified version of the Agency’s Program Activity Architecture (PAA), including internal services. Audits entities are described and prioritized based on considerations of significance, public visibility and risk. In principle, audit activities should focus on the entities with the highest priority scores, as determined by a yearly review, for the three year period of the plan.

For this planning cycle, we did not attempt a comprehensive review of audit entities and associated priorities given the nature and scope of changes impacting on the Agency’s operations as a result of Budget 2012 and other fiscal restraint measures in the Agency. Fiscal restraint and resulting reorganization of many organizational structures and processes also limited the capacity of management to engage in meaningful audit planning as well as limiting their capacity to respond to new audit recommendations.

As a result, senior management and the Agency’s audit committee requested that the audit function concentrating its efforts in the short term on completing audit engagements in progress and assisting the Agency through the transition by focusing on consultation, analysis and advice for the 2012–2013 fiscal year rather than launch new assurance based audits.

Therefore, for 2012–2013 the function will complete six assurance engagements carried over from the 2011–2012 fiscal year. It will also undertake three consulting engagements identified through consultations with senior management. In addition, the function will devote significant effort to five internal projects including updating the audit universe that will serve to improve audit practice in future years.

The schedule of audit engagements for years 2013–2014 and 2014–2015 consists of five or six assurance engagements for each year based on historic information. It should be viewed as tentative and is likely to change as the work to update the audit universe and priority ratings over the next several months is completed.

Over the course of the three years in this planning cycle audit activities, both consulting and assurance services, continue to provide coverage of the seven highest audit priority areas and several of the moderate priority areas.

Introduction

Under the TB Policy on Internal Audi the Chief Audit Executive is required to establish a multi-year audit plan, based on an annual comprehensive assessment of risks, which sets out the priorities of the internal audit function, consistent with the organization’s strategic and operational objectives.

The 2012–2013 Parks Canada Internal Audit plan outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit activities for the next three years.

Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

“Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations.”

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

Fiscal Restraint in the Agency

Parks Canada’s Budget as announced in the Economic Action Plan 2012 was reduced by $29.2M. In addition, as announced in Budget 2010, the Agency must absorb approximately $15 million in salary increases between April 2010 and March 2013. Like other operational organizations, the Agency must also absorb inflationary increases within its existing budget. As a result of these various pressures the Agency is taking several measures to reduce costs including:

  • The consolidation and streamlining of service centres and National Office into one decentralized and significantly reduced structure focused on policy guidance and service to the field operations of Parks Canada.
  • Aligning the seasonality of the workforce across functions to reflect changed work requirements in the areas of visitor services, resource conservation, and asset management. This will result in changes to the operating season of some parks and sites.
  • Focusing recreational boating service at canals Parks Canada to align the length of the season, hours of operation, and personal service at locks on canals with the periods of highest requirements. The Agency is also introducing new management units that are 100% dedicated to canals.
  • Moving to self-guided visitor activities at 31 national historic sites while maintaining guided activities at the majority of the national historic sites.
  • Limiting social science research work to focus on corporate reporting needs and otherwise making use of existing external market research done by other organizations (i.e., continue to report on requirements of the federal government management accountability framework, including monitoring public appreciation and client satisfaction).
  • Consolidation of the Agency’s national collection (i.e., historic and archaeological objects and collections) and conservation laboratories in the National Capital Region over the next one to three years.[1]

As a result of these various reductions and constraints 638 positions have been eliminated in the Agency and 1051 positions are “affected”. The majority of the affected positions will not be eliminated but represent a reduction in work period.

Other changes in include the elimination of the requirement for the Office of the Auditor General of Canada to review the performance information in the annual DPR and to audit the Agency’s accrual financial statements, as well as changes to length the time between production of management plans and reports for national parks and national historic sites.

The scope and scale of the changes in the Agency affects virtually every aspect of the way the Agency delivers its programs and services although it does not change the overall mandate and priorities. The nature and extent of the changes in turn has significant implications of audit planning and the conduct of audit activities in both the short and long term as outlined below.

Internal Audit Function

Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2012), and the associated directive and standards. In June 2012 a revised audit charter for the function was approved consistent with the policy and directions of the government.

Mandate and Services Offered

The mandate of the function is to:

Provide independent and objective assurance and consulting services designed to add value and improve the Agency’s operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices.

In this context the function provides the CEO and audit committee with assurance that:

  • Risks are appropriately identified and managed
  • Governance arrangements are in place to support strategic direction, monitoring and accountability
  • Significant financial, managerial and operating information is accurate, reliable and timely
  • Activities and actions are in compliance with applicable laws, regulations policies, standards, and procedures
  • Resources are acquired economically, used efficiently and adequately protected
  • Programs, plans and objectives are achieved
  • Quality and continuous improvement are fostered in the Agency’s control processes
  • Significant legislative or regulatory issues impacting the Agency are recognized and addressed properly.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization’s risks are managed effectively, that its’ goals and objectives will be achieved efficiently and economically and that rules, regulations and policies are followed;
  • Investigations of possible fraud or wrong doing;
  • Consulting, analysis and advice related to policies, programs, risks, systems and controls.

Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation four months after the final approval of the audit reports by the Chief Executive Officer; and every six months afterwards until recommendations are fully addressed. Managers are requested, by e-mail from the CEO, to complete a template that provides a status report on outstanding recommendations in their area of responsibility. The template is returned to the Chief Audit and Evaluation Executive. A summary of progress made in implementing action plan is presented and commented at the Audit Committee. Follow up on management responses is a standing item on the Committee’s agenda.

Governance

The CAEE reports directly and exclusively to the Chief Executive Office (i.e., deputy head) of the Agency. Consistent with TB Policy on Internal Audit, oversight of the function is provided by an independent audit committee composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[2] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal audit function and products;
  • External audit and review;
  • Financial statements and public accounts reporting;
  • Risk management;
  • Agency accountability reporting;
  • Values and ethics;
  • Management control framework.

Organizational Structure and Resources

The organizational chart and the budget 2012–2013 budget are shown below.

The organizational chart for 2012-2013
Long Description

The function currently consists of eight funded positions, one of which has been identified as affected due to fiscal restraint. A final decision on the status of this position had not been taken at the time of planning. The effective staff complement for 2012–2013 will be approximately 6.5 FTEs due to two auditors being on parental leave for parts of the year, and one auditor leaving the Agency at the end of August. Staffing processes for the latter position have been initiated but it is not certain when the position will be filled.

The salary budget in the table represents forecasted expenditures for the existing staff for the period they are expected to be available as well as estimated salary expenditures for AC members. The O&M budget represents the funds available which were not all allocated to specific projects or activities at the time of planning. For comparison purposes, we have indicated expenditures for the last fiscal year (2011-12).

  CAEE Office** Audit Committee Audit Total 2012-13 estimate
2011-12 actual 2012-13 estimate 2011-12 actual 2012-13 estimate 2011-12 actual 2012-13 estimate
Total 32,710 43,500 110,525 98,000 852,055 908,600 1,050,100
Salaries* 26,140 27,500 94,300 80,000 580,128 556,600 664,100
O&M Staff Support 6,570 16,000 16,225 18,000 32,505 50,000 84,000
O&M Professional Services and Travel         239,422 302,000 302,000
  • * Staff salaries do not include benefits and accommodations costs (i.e., about 33% of the salary budget). 
  • ** CAEE Office includes only includes half the salary of the Executive Assistant to the CAE. The salary for the CAEE is administered centrally for all executive level employees in the Agency.

Detailed assumptions and calculations of estimated time budgets for the function are shown in Appendix A.

Audit Planning Methodology and Considerations

Audit planning involves: Appendix B provides more details on the steps outlined below:

  • Identification of the audit universe (i.e., the individual “auditable entities” that may be subjected to IA activity). The Agency’s audit universe is its Program Activity Architecture (PAA), including the internal services with some adjustments and modifications to amalgamated sub-activities where it makes sense and to add a few programs[3] where there are existing audit commitments that are not part of the PAA structure. The universe currently consists of 30 entities.

  • Describing, documenting and prioritizing each audit entity to determine which entities will be audit priorities for the three year planning cycle. A description of each entity is prepared with basic information (purpose, budget, expenditures, governance framework, owner, partners, stakeholders, supporting information systems, and financial coding etc). Priority ratings for audit based on ratings of the significance, public visibility and risk exposure of each entity. The ratings are combined and classified based on ranges of scores as very high, high, moderate and low audit priority.

    Appendices B, C, D and E provide more details the planning process, some of the inputs to the ratings (i.e., Corporate Risk Profile, past audit and evaluation cover and the resulting priority ratings for the entities in the universe). The most current priority rating of the elements of the audit universe were developed in February and March 2011 for the 2011–2012 Internal Audit Plan.
  • Scheduling of entities for audit taking into account prioritization of audit entities as well as other factors such as:
    • External commitments to conduct an audit (i.e., typically in the context of special funding approved by TB for new programs or initiatives);
    • Past or planned coverage by other assurance providers (OAG/CESD, other Agents of Parliament, the OCG, and program evaluation within the Agency);
    • Management priorities and audit committee recommendations;
    • Availability of audit resources (i.e., human resources and O&M funds).

Current Planning Period

A preliminary audit planning phase for 2012–2013 was undertaken in January and February 2012. Meetings and discussions were held with 17 directors and managers from seven directorates to confirm the continued relevance and appropriateness, at that time, of the already identified projects for the FY 2012–2013. This process did not attempt a comprehensive review of risks for all elements in the universe given the uncertainty about how things might change.

Although the overall impact of Budget 2012 on the Agency was announced on March 29th, the implications on organizational structures and reductions in positions, programs and seasons of operation have only gradually been clarified over the course of the spring and summer with many details yet to be confirmed.

Given this continued uncertainty the existing audit universe and associated priority ratings do not necessarily provide a reasonable guide for future audit planning. At the same time, managements’ capacity to engage in meaningful discussions of new organizational structures and risks for purposes of audit planning was limited, as was their capacity to respond to new audit recommendations. As a result, senior management and the Agency’s audit committee requested that the audit function concentrating its efforts in the short term on completing audit engagements in progress and assisting the Agency through the transition by focusing on consultation, analysis and advice for the 2012–2013 fiscal year rather than launch new assurance based audits. Subsequent consultations with senior management in May and June 2012 therefore focused on where the function could add most value during the year through consulting engagements, as well as projects and activities that could serve to improve the audit function overtime.

Consulting Projects and Auditor Objectivity

Under IIA standards "consulting services" are defined as "activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s risk management, control, and governance processes without the internal auditor assuming management responsibility.” Consulting projects present specific risks for internal auditors including threats to their future objectivity and the creation of a false impression that assurance is being provided when it is not.

In defining our consulting projects for 2012–2013 we were mindful of these issues and sought to mitigate the risks in several ways. Our consulting work focuses on identifying, documenting, and describing needs, processes, procedures, or systems along with relevant TB or Agency policies, directives, and guidelines. We also examine practices in other organizations where relevant. In the context of the consulting engagements we facilitate discussion and provide coaching related to the concepts of governance, risk management and controls and may identify situations where action is required to address identified issues or weakness. We present options for management’s consideration. We will not have a decision making role on which strategies, processes or actions management adopts with respect to issues and options that we identify. We will not write new policies, directives, and will not design, install or be responsible for the operation of new controls, systems or processes. If necessary, we will refrain conducting assurance work related to our consultation projects for one year after the completion of the engagement consistent with the IIA International Professional Practices Framework Work.

Planned Projects for Next Three Years

The table below provides a summary overview of the planned projects (i.e., assurance audits and consulting engagements) against the elements of the universe. This is followed by more detailed tables including descriptions and costing of project for each of the next three years.

For 2012–2013 the function will complete six assurance engagements carried over from the 2011–2012 fiscal year. It will also undertake three consulting engagements identified through consultations with senior management. In addition, the function will devote significant effort to five internal projects including updating the audit universe that will serve to improve audit practice in future years.

The schedule of audit engagements for years 2013–2014 and 2014–2015 should be viewed as tentative and is likely to change as the work to update the audit universe and priority ratings over the next several months is completed. It is anticipated that this process will be completed for the 2013–2014 planning cycle.

Summary Audit Plan by Program Activity Architecture
PA Entity Audit Priority 2012–2013 2013–2014 2014–2015
Establishment of Heritage Places National Park Establishment and Expansion Moderate      
National Marine Conservation Area Establishment Low      
National Historic Site Designations Low      
Other Heritage Places Designations Low      
Heritage Resource Conservation National Parks Conservation Moderate      
Species at Risk Low      
National Marine Conservation Areas Sustainability Low      
National Historic Sites Conservation Low      
Other Heritage Places Conservation Low      
National Historic Sites Cost-Sharing Moderate      
Public Appreciation and Understanding Public Outreach Education and External Communications Moderate   Agency Branding And Corporate Identity Program  
Stakeholder and Partner Engagement Moderate Consulting Project Partnering Agreements    
Visitor Experience Market Research and Promotion Moderate      
Interpretation Low      
Visitor Service Offer Moderate      
Visitor Safety High   Visitor Safety Program  
Townsite and Throughway Management Townsite Management Moderate      
Through Highway Management High Audit Twinning of the TCH    
Through Waterway Management High      
Internal Services Governance and Management Support
Management and Oversight High (as of June 2012) Consulting Project: Core Management Information Needs   Investment Plan

Project Management
Internal Communication Moderate      
Legal Low      
Resource Management Services
Human Resources Management Moderate   Information in PeopleSoft Supporting Centralized Pay Audit Of Official Languages
Financial Management High Audit Financial Management Framework

Audit Management of Revenue from Rentals and Concessions

Consulting Project: Financial Processes (PIC)
  Compliance With Policy On Internal Controls
Information Management High     Management Control Framework For IM
Information Technology High Performance Audit of GIS   Point of Sale (POS) System
Other Administrative Services (security, business continuity). Moderate   Business Continuity And Emergency Preparedness  
Asset Management Services
Real Property High   Management Of Staff Housing  
Material Low      
Acquisition Moderate Audit of Procurement Processes

Audit Acquisition Card Process
   


Year 1: 2012–2013 Projects and Resources
Section A: Carry Forward from Previous Year
Project Objectives and Scope Rational
1. Audit of the Twinning Trans Canada Highway Project High Audit Priority Maps to Corporate Risks: Maps to MAF:

Governance and strategic direction

Public service value

Client-focused service

Risk management

Stewardship

Results and performance

The objective of the audit is to provide assurance that management control framework is adequate to ensure compliance with TBS and Parks’ financial and contracting policies and practices.

The scope of the audit involves the review of contracts awarding process under the Gateways and Border Crossings Funds as well as Budget 2009; and the examination of Parks’ expenditures related to TCH Twinning project.

The Trans Canada Highway (TCH) passes through Banff National Park for a distance of 82 km. Over a period of 5 year, an amount of $130M was granted to Parks Canada by the government for the project.

Some limited audit work was performed in 2009–2010 when reviewing the contracting processes for EAP funded projects. 

This project was completed in spring 2012 and is expected to be tabled at the Audit Committee in September.

Planned expenditures in 2012–2013 are approximately $4K

2. Financial Management Framework High Audit Priority Maps to Corporate Risks: Maps to MAF:

Risk Management

The audit will focus on the adequacy of the overall governance and control framework for financial management in the Agency.

The focus will be on adequacy of financial management structure, overall budgeting, integration of key framework documents (e.g., PAA, chart of accounts), adequacy of central guidance documents, and overall monitoring and reporting processes in the context of the TB Policy on Financial Management Governance.

This audit scope does not include assessing compliance with TB Policy on Internal Control.

The Treasury Board Secretariat (TBS) of Canada approved the Policy on Financial Management Governance effective April 1, 2009. The Policy establishes a framework specific to roles and responsibilities for financial management governance for departments and agencies.

Inadequate financial management governance can lead to inconsistencies in operations, inefficient and ineffective use of funds, failure to comply with relevant authorities and obligations and waste of effort and resources. Overall governance of the function will be critical to address these risks as the Agency moves toward full implementation of the TB financial policy suite. 

The project is expected to be completed by the end of September. The report should be tabled at the Audit Committee in January 2013.

Planned expenditures in 2012–2013 are approximately $7K

3. Audit of Revenue Management (rentals, concessions and other revenues) High Audit Priority Maps to Corporate Risks: Maps to MAF:

Stewardship

People (Accountability)

Results and performance

Client-focused service

Risk management

The audit is intended to provide assurance that the control framework for this type of revenue is adequate and revenue is complete and accurately accounted for, and that revenue management practices comply with PCA policies and directives.

The scope of the audit will involve the description of processes for collecting revenue from 9 specific revenue accounts identified in Parks chart of accounts.

The Agency had total revenues of $110 in 2009–2010 accounting for 18% of its total budget. In 2008, the function began a series of audits of revenue management focusing first on revenue from entry and visitor services (i.e., approximately 60% of the annual revenue). Revenue from the use of land, buildings or easements by third party (leases & rents) and other revenue, the focus of this audit, represent about 24% of the total.

Leases type will determine if rate revision will take place every 10 years or every 2 years. Adjustments may be substantial as they are not frequent. There is a risk of revenue lost if the Agency does not make the adjustments when scheduled.

Companies that provide commercial activities (concessions) on Parks’ sites pay fees according to predetermined criteria (i.e., most often based on profits generated by the entity). Controls must be in place to ensure appropriate revenue is collected. 

The project was completed in fall 2011 and is expected to be tabled at the Audit Committee in November 2012.

Planned expenditures in 2012–2013 are approximately $2K

4. Performance Audit of the Geographic Information System (GIS) High Audit Priority Maps to Corporate Risks:

Information management
Maps to MAF:

Governance and strategic directions

Client-focused service

Stewardship – general information technology

Results and performance

Risk management

The objective of this audit is to provide independent opinion that GIS activities in PCA are conducted in ways that ensure funds are used efficiently, effectively and economically. The audit focuses on the: 

  • appropriateness of the governance structure
  • adequacy of management practices and tools to ensure efficiency and economy;
  • extent to which GIS effectively supports the Agency’s mandate, objectives and priorities.

Parks Canada has been using GIS and other geomatics technology to improve decision-making since the late 1970s largely as a tool for natural resource management. 

Executive Management Committee recently directed that Geomatics systems be designed to serve all functions within the Agency. As Geomatics grows from servicing one specific functional area to servicing the entire Agency, outputs must meet priority requirements and work must be done efficiently. The key to that is ensuring that PCA has an effective accountability framework (governance structure) in place for Geomatics.

The project was completed in February 2012 and is expected for tabling at the Audit Committee in September.

Planned expenditures in 2012–2013 are approximately $6.5K

5. Horizontal Audit of Procurement Processes Moderate Audit Priority Maps to Corporate Risks: Maps to MAF:

Stewardship

The audit will aim to provide senior management with an overall assurance that the acquisition process within the Agency respects Parks and TBS’ rules and policies.

In 2010–2011, the Agency spent more than $200M on acquisition of goods, services and construction. Over $170 M were open bidding, (which include construction) and traditional competitive process. Past audit work at the business unit level over several years identified moderate to significant control weakness in 28% of the audited entities for use of acquisition cards.

This project was completed during summer 2012 and is expected to be tabled at the Audit Committee in November.

Planned expenditures in 2012–2013 are approximately $6.5K

6. Audit of Acquisition Card process Moderate Audit Priority Maps to Corporate Risks: Maps to MAF:

Procurement

Asset Management

The audit will aim to provide senior management with an overall assurance that the acquisition card processes within the Agency respects Parks and TBS’ rules and policies.

A horizontal audit of acquisition processes scheduled in 2011–2012 initially covered all acquisition processes used within the Agency. A preliminary assessment revealed that the scope of the work was too broad and therefore has been split in two specific projects. The audit of acquisition card processes is one of the two.

Past cyclical audit work at the business unit level over several years identified moderate to significant control weakness in 28% of the audited entities for use of acquisition cards.

This project started in January 2012 and is expected to be completed by mi-October. The report should be tabled at the Audit Committee in January 2013.

Planned expenditures in 2012–2013 are approximately $8.5K



Section B: Consulting Projects for 2012–2013
Project Objectives and Scope Rational
7. Partnering Agreements Moderate Audit Priority Maps to Corporate Risks:

Aboriginal Support

Inter-governmental Collaboration

Partnering Instruments
Maps to MAF:

Risk management

Citizen-focused Service

The consulting engagement will focus on identifying:

  • the universe of partnering agreements and how partners are identified and distinguished from stakeholders;
  • details of situations in which partnering agreements involve the exchange of funds either or both from the Agency to a partner or from a partner to the Agency;
  • actual and potential instruments (contracts, contributions, reality instruments, others) used to effect transfers of funds with partners and the policy constraints and flexibilities available to achieve partnering objectives;
  • Whether new tools or authorities are required to achieve the Agency’s objectives; and if so, what these would be.

The Agency has made engaging partners and stakeholders a key part of its strategy and seeks their active involvement in Agency direction, management, program delivery, and program support. 

Existing partnering authorities and related instruments were identified as a key risk in the Agency’s 2012–2013 Corporate Risk profile. They are thought to limit Parks Canada’s ability to fully leverage partnering opportunities, resulting in reduced reach and lost opportunities to grow the base of support for Parks Canada’s administered places.

The Agency developed a partnering policy and framework and various guides and tools in 2009 as well as setting up a stakeholder and partner engagement registry. Partnering arrangements are formalized through MOUs and partnering agreements. Where the exchange of funds are involved these arrangements must interact with and take account of other TB and Agency policy and directives related to contracting, transfer payments, and reality related transactions. Achieving the right balance between partnering objectives and processes and the other financial tools of the government has been challenging. 

The OIAE,will review documentation, and consult with the External Relations and Visitor Experience Directorate and other internal service provides in the Agency (e.g., finance, contracting, reality services) as well as others involved in partnering throughout government to address the focal questions outlined in the engagement scope. 

The project is expected to be completed by March 31, 2013.

Planned O&M expenditures in 2012–2013 are approximately $2K

8. Identification of Core Management Information Needs High Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF:

Risk Management

The consulting engagement will focus on identifying the core management information needs for decision-making and accountability purposes at the level of the executive management committee, within the PCX community in general and within the middle management cadre. 

This consulting engagement is a shared project between the internal audit and evaluation functions in the Agency.

Senior management frequently notes that information required for decision making and accountability purposes is not available or requires considerable manual manipulation to produce responses to requests. 

The lack of readily available information and ad hoc analysis drawing on a number of formal and informal information systems to address decision making and accountability requirements can result in conflicting data and interpretations depending on how requests are worded and the assumptions used in producing the information, delays in decision making, and poorly informed decision making. 

A first step in addressing this issue is to clearly identify what are the core information needs of management at various levels of the organization (i.e., financial, HR, program activities, outputs, and results). 

To address this issue, the OIAE,will conduct a series of structure interviews and surveys with various levels of management to identify their core information needs and provide analysis and results to the Agency’s Executive Management Committee. Once information needs are identified management will be responsible for developing processes and systems to support timely production of the required information. 

The project is expected to be completed by December 31, 2012.

Planned expenditures in 2012–2013 are approximately $2K.

9. Documenting Financial Processes and Controls (Policy Internal Control) High Audit Priority Maps to Corporate Risks:
Maps to MAF:

Risk management

Financial Management and Control

The consulting engagement will focus on describing and documenting selected key business processes and financial controls as required under the TB Policy on Internal Control.

As part of its obligations under the TB Policy on Internal Control the Agency must document its financial and administrative processes and controls and use this as basis for annual reporting on the state of internal controls (design and operating effectiveness) and as a baseline for improving control weakness. In its 2010/11 Annex to the Statement of Management Responsibility including Internal Controls over Financial Reporting the Agency committed to completing the documentation stage of its key controls related to finance reporting. 

The OIAE, will review documentation (TBS work on common business processes, internal Agency work) to describe and map selected key business processes and controls working in concert with the Office of CFO. The work will draw on past audit results as well as facilitated discussions with processes experts to map the existing processes, deviations from the expected process, and points where controls may be require strengthening or could be relaxed.

The project is expected to be completed by March 31, 2013.

Planned expenditures in 2012–2013 are approximately $15K.



Section C: Internal Projects
Project Objectives and Scope Rational
10. Update Audit Universe and Priority Ratings The current audit universe consists of 30 auditable entities. Many of these entities are complex and can be sub-divided into discrete auditable components (e.g., HR is an entity but has sub components in classification, pay, recruitment and staffing, employment equity, official languages, occupational health and safety). Updating the audit universe and priority rating system for 2012–2013 will focusing on developing descriptions and priority assessments at the sub component level of the universe (i.e., likely 60 or more auditable entities) to support audit planning in the future. 
11. Analysis of Past Audit Recommendations and Management Responses The function has committed in the past to conducting analysis of patterns of audit recommendations over time, management acceptance of the recommendations and delays in completion of management actions plans to inform audit planning, and help support overall assurance reporting. 
12. Analysis in Support of Continuous Auditing The function has been gradually building its infrastructure to conduct continuous auditing in the Agency. The TBS developed data extra tools was implemented at PCA in March 2010 with data extraction and reliability tests carried out between April and Nov 2010. A script (program) to analysis Account Payable information was tested from September to December 2010. In May 2012, we extracted for the first time a complete FY of data (i.e., 2011–2012) and started review of the baseline characteristics of the population of transactions, users and other parameters of the data structure. We are identifying areas were the tool provides insight on audit and control issues to service as the basis for a presentation to Executive Management Committee Fall 2012 followed by a presentation to Audit Committee. 
13. Practice Inspection A practice inspection, consistent with TB and IAA standards has been scheduled for 2012–2013. The function is as September 2012 mostly completed its internal assessment against the practice assessment guide prepared by the Office of Comptroller General (Internal Audit Sector). It is expected that a third party will be contracted to conduct an independent verification of the self assessment by December 2012 and the assessment report with recommendations, if relevant, we’ll be available by February 2013. 
14. TeamMate Implementation The Office of Internal Audit & Evaluation is planning the implementation of TeamMate Audit Software during 2012–2013. Several weeks of effort is anticipated to install and configure the software for use starting late in FY 2012–2013


Project Name Size Hours O & M ($)  Total ($)[4]
YTD Estimate Total 2012–2013
1. Audit of the Twinning Trans Canada Highway Project Small 100 65 165 4,000. 10,600.
2. Financial Management Framework Large 600 230 830 7,000. 40,200.
3. Audit Management of Revenue (rentals, concessions) Medium 15 65 80 2, 000. 5,200.
4. Performance Audit of the Geographic Information System (GIS) Large 200 65 265 6,500. 17,100.
5. Horizontal Audit of Procurement Processes Medium 200 65 265 6,500. 17,100.
6. Acquisition card process Small 410 230 640 8,500. 34,100.
Sub Total Assurance   1525 720 2245 34,500. 124,200.
Consulting Projects
7. Partnering Agreements Medium 210 1090 1300 2,000. 54,000.
8. Core Management Information Needs Small 70 605 675 2,000. 29,000.
9. Documenting Financial Processes and Controls (Policy Internal Control) Medium 20 1280 1300 15,000. 67,000.
Sub Total Consulting   300 2975 3275 19,000. 150,000.
Internal Projects
10. Administration       3000   175,000.[5]
11. Analysis of Recommendations and Management Responses       375   15,000.
12. TeamMate Implementation       230   9,200.
Sub Total Administration       3605   199,200.
Others
13. OCG Directed Audits       150   6,000.
14. Special request       375   15,000.
Total       9650   494,500.


Year 2: 2013–2014
Project Objectives and Scope Rational
1. Agency Branding and Corporate Identity Program Moderate Audit Priority Maps to Corporate Risks:

Competitive Position
Maps to MAF

Citizen-focused service

People Management

Managing for Results

The audit will review the management control framework (governance, roles and responsibilities, communication, risks and controls) in place to create a corporate identity and brand for the Agency.

As part of its overall strategy for renewal to ensure that its products and programs remain relevant to Canadians, the Agency has devoted considerable effort to standardization and commercialization of its corporate image and brand, i.e. how it wants to be seen.

The definition of identity and branding takes into account the look and feel of the Agency’s communication products and images. This may affect the signage, media campaigns and products, as well as various public events and celebrations. The lack of consistency in defining the brand identity and a weak corporate identity undermine the efforts of the Agency that seeks to increase its visibility to strengthen its competitive position and generate a sense of commitment to Canadians to their natural and historical treasures.

The project should begin in fall 2013 with a completion in the next fiscal year.

Planned expenditures in 2013–2014 are approximately $5K

2. Visitor Safety Program High Audit Priority Maps to Corporate Risks:

Public Support

Maps to MAF

Risk management

Citizen-focused Service

Management of Security

The audit will review the management control framework (governance, roles and responsibility, communication, risk management and controls) in place to support the Visitor Safety Program and provide assurance that practices comply with Agency guidelines for public safety.

The functional national leadership for the Visitor Safety program has been assigned to the Visitor Experience Branch in the External Relations and Visitor Experience Directorate. The leadership for the implementation of the Visitor Safety program nevertheless will remain with the Resource Conservation function.

The main objective of the Visitor Safety Program is to promote experiences remain safe for visitors on all our sites throughout the country.

Planned expenditures in 2013–2014 are approximately $10K

3. Information in PeopleSoft To Support Centralized Pay Moderate Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF

Risk management

People Management

The objective of the audit is to provide assurance that information provided by Parks Canada into the centralized federal pay environment, through the new PeopleSoft version, reflects PCA HR reality.

In April 2006, a Treasury Board Directive on Corporate and Administrative Systems Investment recognized the PeopleSoft Government of Canada Human Resources Management System (GC HRMS), version 8.9, as the target system environment for human resources (HR) systems for federal government organizations.

With the decision to centralize all federal pay processing, the updated PeopleSoft system become the source of key information related to pay. Controls over the access to, and completeness, accuracy, and reliability of information transferred by Parks in the system will become increasingly important for ensuring efficient and effective pay administration. 

The project is expected to be completed no later than March 2014.

Planned expenditures in 2013–2014 are approximately $9K

4. Business Continuity and Emergency Preparedness Moderate Audit Priority Maps to Corporate Risks:

Environmental Forces

Asset Management
Maps to MAF

Risk management

Management of Security

Citizen-focused service

The audit will review the management control framework (governance, existence and efficiency) for business continuity plan and emergency preparedness, established by the Agency to protect employees, visitors and property, and ensure continuity of essential services in case of natural disaster or man-made disaster.

Under TB Policy on Government Security and Directive on Departmental Security Management departments and agencies are required to develop a departmental security plan including establishing business continuity and emergency preparedness plan to ensure the continued availability of services and associated assets. Deputy heads are responsible for ensuring periodic reviews of the plan to assess its effectiveness and appropriateness over time, the existence of period review is one element of security assessed under the TBS MAF process.

The Park Canada management structure is decentralized; review of business continuity plans from National Office and field units will be used to provide assurance to senior management on the extent of the implementation of the Business Continuity Planning Program Directive of the Agency. The scope of the audit will also include the emergency preparedness plans for dams’ safety.

Project is scheduled for summer 2013 and the report should be presented to the Audit Committee in winter 2014.

Planned expenditures in 2013–2014 are approximately $9K

5. Management of Parks’ Staff Housing High Audit Priority Maps to Corporate Risks:

Assets Management

Information Management
Maps to MAF

Risk management

People Management

Asset Management

The audit will provide assurance that the management control framework (governance, roles and responsibilities, communication, risks and controls) for the Agency’s staff housing program is adequate and that practices comply with policies in place.

Parks Canada provides staff housing in some areas where accommodations may not be easily available or affordable and/or for some seasonal employees for whom it would be unreasonable to require them to pay their own accommodations. The size of the Agency’s staff housing park (Crown-owned or leased dwelling units across the country) is not known with certainty although it was estimated around 700 units in 2005. 

Employees living in a unit of the state must pay a rent payable to the PCA. The basic factors of rent for government housing are determined by an assessment of the value of the house and the rental market in different localities so that the rents are comparable with those of private dwellings in the same markets.

A lack of compliance with rules may generate inequities between employees and result in loss of revenue for the Agency.

The audit will determine if the control framework in place is adequate and suitable for:

  • collecting revenue efficiently, effectively and equitably;
  • maintaining facilities to protect health and safety of Parks’ employees;
  • calculating taxable benefits for employees and
  • complying with existing policies and directives (Isolated Posts and Government Housing Directive from National Joint Council, Isolated Posts Policy, Application of charges for living accommodations)

Project is scheduled for spring 2013 and the report should be tabled at the Audit Committee in winter of 2014.

Planned expenditures in 2013–2014 are approximately $29K



Project Name Size Hours O & M ($) Total ($)
2013-14 2014-15
Total   5700 62,000. 6,500. 296,500.
1. Agency Branding and Corporate Identity Program Medium 1200 5,000. 6,500. 59,500.
2. Visitor Safety Program Medium 1200 10,000.   58,000.
3. Information in PeopleSoft Supporting Centralized Pay Medium 1200 9,000.   57,000.
4. Business Continuity And Emergency Preparedness Small 900 9,000.   45,000.
5. Management of Staff Housing Medium 1200 29,000.   77,000.


Year 3: 2014–2015
Project Objectives and Scope Rational
1. Investment Plan High Audit Priority Maps to Corporate Risks:

Asset Management
Maps to MAF

Investment Planning and Management of Projects

The audit will examine the implementation of PCA’ Investment Planning cycle, the project approval process and the related delegation of authority.

The Policy on Investment Planning approved by Treasury Board in 2007 requires that all departments and agencies have in place by April 1st 2012, systems and processes necessary to comply with the policy.

The policy aims to maximize resources and ensure proper stewardship through effective investment planning, so that resources for assets and services acquired, new or existing, are affected in a diligent and rational, without exceeding the reference levels of ministries.

Planned expenditures in 2014–2015 are approximately $5K

2. Project Management High Audit Priority Maps to Corporate Risks:

Information Management

Asset Management
Maps to MAF

Investment Planning and Management of Projects

Procurement

The audit will review the control framework (governance, roles and responsibilities, communication, risk management and controls) developed by the Agency to support project management.

The Policy on the Management of Projects approved by Treasury Board in 2007 requires that all departments and agencies have in place by April 1st 2012, systems and processes necessary to comply with the policy.

The objective of the policy is to ensure that the appropriate systems, processes and controls for managing projects are in place and support the achievement of program outcomes while limiting the risk to stakeholders and taxpayers.

Planned expenditures in 2014–2015 are approximately $15K

3. Compliance with Policy on Internal Controls High Audit Priority Maps to Corporate Risks: Maps to MAF

Risk management

Financial Management and Control

The audit will focus on the implementation of the TB Policy on Financial Management Controls within the Agency.

Amongst TB Policy on Internal Control and supporting directives requirements, Deputy Heads are responsible for conducting periodic audits and reviews to ensure effective implementation of the Policy. The Chief Financial Officer (CFO) has to sign annually the Statement of Management Responsibility Including Internal Control Over Financial Reporting. The CFO recognizes the execution of an annual assessment of the internal control system over financial reporting that is based on risk to determine its on-going effectiveness. This requirement has increased gradually over a period of three years between 2009 and 2012.

The Agency has to document its financial and associated administrative processes and controls and develops plans for addressing weaknesses in controls. 

Planned expenditures in 2014–2015 are approximately $19K

4. Management Control Framework for Information Management High Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF

Managing for Results

Risk Management

The audit will review the current control framework (governance, roles and responsibilities, communication, risk and control) of information management and the effectiveness of mechanisms that allow the Agency to use the information in its decision-making.

The ability to adequately manage information is an operational risks identified in the Agency Corporate Risk Profile for 2012–2013. The fact of not having an adequate framework in place for IM usually results in inefficiency, duplication and loss of critical organizational resources. An audit conducted in 2009 determined that the control framework of IM was deficient and recommended that significant improvements be made to reduce the risk of non-compliance with laws and policies.

As the amount of information to be managed continues to grow exponentially (i.e., estimated at over 16 billion pages of text in 2008) and information remains a valuable resource for the conduct of its activities; the audit will aim to provide assurance that the IM is based on operational needs and available resources, and is integrated into the management of information technology (IT). The audit also should ensure that the means put in place since 2009 are adequate to effectively fill the gaps identified then.

The 2009 TBS Directive on Recordkeeping that relies on three main laws are: Financial Administration Act, the Library and Archives of Canada Act and the Access to Information Act serve as reference in developing the criteria of the audit program

The project should start in the summer of 2014 and is expected to last approximately 10 months. Therefore, the conduct of the audit will overlap two fiscal years.

Planned expenditures in 2014–2015 are approximately $5K

5. Point of Sale (POS) System High Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF

Financial Management and Control

The audit is intended to provide assurance that the control framework (governance, roles and responsibility, communication, risks management and controls) supports an appropriate recognition of revenues to ensure accuracy and completeness of data, and that practices meet the directives and policies of the Agency and TBS.

A national audit of operation revenue performed in 2009 revealed a gap in revenue management and reconciliation of financial data. Various steps have been taken to rectify the situation including the acquisition of a new POS system. A pilot project with the new system took place during the 2011–2012 season which was positive. The system is expected to be fully operational for the 2012–2013 season.

The system will provide information timely, accessible and reliable with reporting tools and an interface to the Agency financial system (STAR), helping to make informed business decisions.

The Directive on Revenue Comptrollership for User Fees will be used to standardize financial processes and will serve as reference in developing the criteria of the audit program.

The POS system is designed to facilitate integration of data from most sites from computers connected to the financial system by an automated process, semi-automated or manual. POS will record financial data and non-financial data such as information about visitors.

Planned expenditures in 2014–2015 are approximately $25K

6. Official Languages Moderate Audit Priority Maps to Corporate Risks:

Workforce Management
Maps to MAF

People Management

The audit will focus on the Agency’s responsibilities under the Official Languages Act with respect to identifying, maintaining and staffing bilingual positions, and providing a work environment conductive to the use of both official languages. 

This audit excludes compliance with the Official Languages ​​Act regarding the services offered to the public.

The Agency as a federal entity wishes to have a skilled workforce representative of Canada. Besides the need to provide public services in both official languages ​​in designated areas, it must create a work environment conducive for employees to work in both official languages.

The Agency must have a process of staffing, training and setting language requirements of positions that meets the needs and the maintenance of language skills over time, given the mandate of the Agency , the public it serves and the location of its offices.

The Commissioner of Official Languages ​​conducted an audit in 2011 that targeted services to the public by Parks Canada. This aspect will be excluded from this audit.

The project should begin in late winter 2015 for completion in the next fiscal year.

Planned expenditures in 2014–2015 are approximately $5K



Project Name Size Hours O & M ($) Total ($)
2014–2015 2015-16
Total   7800 93,000. 4,000 409,000.
1. Investment Plan Medium 1200 5,000.   53,000.
2. Project Management Medium 1200 15,000.   63,000.
3. Compliance with Policy On Internal Control Large 1500 19,000.   79,000.
4. Management Control Framework for Information Management Large 1500 24,000.   84,000.
5. Point of Sale (POS) System Large 1500 25,000.   85,000.
6. Audit of Official Languages Small 900 5,000. 4,000. 45,000.

Appendix A. Time Budget of Audit Function

A: Available Time

  1. Staff Hours of Work Time

      Hours Available
    Total Work Time Available 1,484
    52 week/year * 5day week * 7.5 hour/days 1950
    Average days holiday (28 days) -210
    Average days sick (5 days) -37.5
    Average days training (15 days) -112.5
    Break Time (1/2 hour per day) -106
    * Equivalent to 212, 7.5 hour working days working days


  2. Contractor Hours of Work: Additional capacity can be purchased from contracted professionals based on available O&M budgets. An average per diem of $1,200 per day or $160 per hour is used for this calculation. For 2012–2013, the O&M budget for professional services and travel is estimated to be $55 000. (as per budget table in text) or approximately 344 hours of work.

B: Types of Work

The work to be done is divided into five general categories.

1. Unit Administration
Includes activities such as planning, meetings, work on internal systems, and support to the audit committee, human resources activities, quality control, and follow-up on previous recommendations. It is assumed that 75% of CAEE, 100% of Admin. Assistant, 75% of Head of Internal Audit and Auditor III Quality, 50% of Auditor I Quality, 25% of Auditor III Operations and 15% of other staff hours are allocated for this activity.
2. OCG Directed Audit Requirements
The Comptroller General requires up to 20% of internal audit resources be available to participate in government wide horizontal audits each year. These audits are based on government-wide risk analysis and may not be risk-based audit priorities for the Agency. This category does not include audit work required as part of TB submissions or RMAF/RBAF commitments, which is treated as part of the risk-based project work. (Assumption is 10% of an FTE)
3. Special Requests
Periodic special requests by management outside the approved audit plan are typical. Examples include audits related to potential fraud or wrongdoing. (Assumption is 25% of a FTE)
4. Consulting/Advice/Coordination
Consulting and providing advice related to audit, controls are a normal part of the activities of the OIAE. Frequently, the OIAE has also taken a lead role in coordinating the work related to Auditor General’s performance audits and follow-ups. (Assumption is 75% of three FTEs)
5. Assurance Audit Work
Risk base audits or audits of core financial and administrative controls.

C: Time Budget

  CAEE Office Internal Audit Total
A) Available Time
FTEs 1 6.5 7.5
Staff Hours Available for Work (i.e., 1,484 hours per FTE) 1,484 9,646 11,130
Professional Service Hours Purchased*   344 344
Total Hours Available 1,484 9,990 11,474
B) Allocation of Time
Administration -1,298 -3605 -4,903
OCG Directed Audits -10 -150 -160
 Special Requests -15 -374 -389
Carry forward- Assurance Audit Projects   -2245 -2,245
Consulting/Advice/Coordination -125 -3272 -3,397
Professional Services Hours Committed   -344 -344
Residual Hours for Risk Based Projects 36   36
* Only what is known or planned as of the date of the plan

Appendix B. Steps in Audit Planning

1. Audit Universe

The Agency’s PAA consists of five programs with 23 sub-activities and a sixth stream of internal services with 14 sub-activities. Based on consultation with management and past experience these adjustments and modifications were made to amalgamated sub-activities where it makes sense and to add a few programs[6] where there are existing audit commitments that are not part of the PAA structure. This resulted in a universe of 30 auditable entities. In the course of this work we noted that many of these entities (e.g., national parks conservation, human resources management) are complex and can farther divided into several sub-elements so that in principle the universe may expand over time 70 or more entities.

2. Describing and documenting Audit Entities

A description of each audit entity is prepared with basic information (purpose, budget, expenditures, governance framework, owner, partners, stakeholders, supporting information systems, and financial coding etc). Additional information is gathered to then rate the entity on three dimensions adapted from the OCG Practice Guidebook --- Internal Audit Planning for Departments and Agencies (2006):

  • Significance reflects the overall importance of the entity to Agency, the scope of its reach, the dollar value (materiality) associated with it and/or impact of the entity on stakeholders;
  • Public Visibility reflects the extent and entity is routinely subject to scrutiny by the general public, stakeholder groups and the media;
  • Risk Exposure takes account of the number, nature and types of risk to which an entity is exposed and the severity and breath of possible consequences.

Sources of information for both describing and prioritizing entities included:

  • The Agency’s PAA descriptions and Chart of Accounts;
  • Corporate Plans and reports and the Agency Corporate Risk Profile (see version in appendix C);
  • Descriptions on the programs and activities on the Agency Intranet and Internet, and from entity specific plans and reports;
  • Past audit and evaluation frameworks and reports;
  • Audits and reviews by external assurance providers (i.e., OAG, OCG);
  • Interviews and discussions with management.

3. Prioritization of Audit Entities

Prioritization consists of assigning a significance, public visibility and risk exposure score to each entity (i.e., each with a five point scale ranging from 1 very low significance, visibility or exposure to 5 very high significance, visibility or exposure), and then combining the scores (i.e., weighted 30% for significance, 20% for visibility and 50% for risk exposure) to create a final priority score for each entity.

Level Range Description
Very High 4.26 – 5.00 Entities considered to be highly important from an audit standpoint and should be subject to internal audit activity. Where possible, audits of these priorities should be conducted early in the planning cycle to permit the generation of assurance in a timely fashion.
High 3.51. – 4.25 Entities considered as an important audit priority and should be audited in the planning cycle, but not necessarily in the first year of the plan.
Moderate 2.51 – 3.50 Audit resources may be expended; however these areas are only of moderate audit priority during this planning cycle.
Low 0.00 – 2.50 Little to no justification for audit resources to be expended in these areas during this planning cycle.

Appendix C. Corporate Risk Profile

Risk Category and Label Description Risk Owner
Public
Aboriginal Support Support from Aboriginal Peoples may diminish and become insufficient to advance Parks Canada’s programs. Director, Aboriginal Affairs Secretariat
Inter-governmental Collaboration Resource capacity in other federal departments, provinces, territories, and municipalities may be insufficient to fully collaborate on Parks Canada’s program priorities. VP, Protected Area Establishment and Conservation
VP, Heritage Conservation
Partnering Instruments Existing partnering instruments may limit Parks Canada’s ability to fully leverage partnering opportunities, resulting in its inability to extend its reach and to grow the base of support for Parks Canada’s administered places. VP, External Relations and Visitor Experience
Public Support Support from local communities, stakeholders, NGOs, and the Canadian public may not exist or be insufficient to advance Parks Canada’s programs. VP, External Relations and Visitor Experience
Socio-Economic
Competitive Position Parks Canada’s profile, service and experience offer may be less attractive or of less interest to Canadians in comparison to other parks and cultural attractions and/or leisure activities. VP, External Relations and Visitor Experience
Development Pressures Development pressures may limit opportunities for NP/NMCA establishment, NHS commemoration, maintenance of EI and CI, and development of connection to place. VP, Protected Area Establishment and Conservation
VP, Heritage Conservation
Environmental Forces
Disasters Disasters may impair or destroy critical infrastructure and/or assets of national historic significance, or lead to serious injury or loss of life. Chief Administrative Officer
Environmental Forces The Agency’s ability to maintain or improve overall EI in national parks and meet legal requirements related to species at risk may be hindered by environmental forces, such as climate change, biodiversity loss, and exotic/invasive species. VP, Protected Area Establishment and Conservation
Parks Canada’s Business Operations
Asset Management Aging infrastructure and inadequate level of recapitalization and maintenance could result in failure of assets and/or significant impairment of built cultural resources, which could compromise public safety, hinder Parks Canada's ability to deliver on its mandate and damage the Agency's reputation. Chief Administrative Officer
Information Management Failure to identify, capture, manage, share and report pertinent data and information may hinder the ability to effectively manage all program areas and meet legal requirements. Chief Administrative Officer
Recruitment and Retention Failure to recruit and retain competent employees may lead to challenges in delivery of all programs and support functions. Chief Human Resources Officer

Appendix D. Risk Taxonomy

Risk Domain Definition Risk Area Risk Area Definition
A. Strategic Loss or damage caused by external conditions or events which may negatively affect the government's policy or program position, asset base or other decisions. 1. Transformation The risks associated with the government's inability to make needed program, policy or other changes to adapt to, or efficiently meet emerging or evolving needs.
2. Alignment and Priority Setting The risks associated with the misalignment of activities, priorities and financial resources.
3. Public Opinion The risks associated with a shift of public opinion.
4. Economic The risks associated with major disruptions in the Canadian or world economy.
B. Operational Loss or damage caused by failures in people, processes or internal systems. 1. Human Resources The risks associated with maintaining a sufficient and representative workforce with the appropriate experience and skill-mix.
2. Third Party The risks associated with the failure on the part of third parties on which the Government depends.
3. Knowledge Capital The risks associated with loss or failure to manage information, including intellectual property, organizational or operational information, and personal information of Canadians.
4. Capital Infrastructure The risks associated with deteriorating or damaged capital infrastructure including hard assets (e.g., buildings, vessels, scientific equipment), but excluding IT infrastructure.
5. Information System Infrastructure The risks associated with failure or incapacity of information technology.
6. Legal and Compliance The risks associated with violation of laws, regulations, international treaties / agreements and policies.
7. Internal Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by internal personnel for personal gain.
8. External Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by a partner or the public for personal gain.
C. Hazard Loss or damage caused by natural, accidental or pre-meditated actions 1. Natural Hazards The risks associated with natural, e.g., biological or climatic hazards.
2. Human Actions - Intentional The risks associated with chemical, nuclear or other hazards, resulting from deliberate actions.
3. Human Actions - Unintentional The risks associated with chemical, nuclear or other hazards, resulting from accidents.

Appendix E. Priority Ratings of the Audit Universe

  PA Number Entity Risk Significance Public Visibility Priority
1. 6.2.3 Information Management 4.4 4.7 1.9 4.0
2. 6.2.2 Financial Management 4.2 4.1 2.9 3.9
3. 6.2.4 Information Technology 4.4 4.4 1.7 3.9
4. 5.2 Through Highway Management 4.1 3.4 3.1 3.7
5. 5.3 Through Waterway Management 3.9 3.4 3.5 3.7
6. 4.3.1 Visitor Safety 3.6 3.2 4.0 3.6
7. 6.3.1 Real Property 4.1 3.7 1.9 3.5
8. 3.1 Public Outreach Education and External Communications 3.0 4.3 3.2 3.4
9. 6.1.1 Management and Oversight 2.5 4.4 2.1 3.4
10. 3.2 Stakeholder and Partner Engagement 3.2 3.2 2.6 3.1
11. 4.3, 4.5, 4.7 Visitor Service Offer 3.2 3.5 2.2 3.1
12. 6.2.5 Other Administrative Services (security, business continuity)       3.0
13. 6.1.2 Internal Communications       3.0
14. 2.4.1 National Historic Sites Cost-Sharing Contribution Program       3.0
15. 2.1 National Parks Conservation 2.8 3.2 3.4 3.0
16. 6.2.1 Human Resources Management Services 2.8 4.1 1.2 2.9
17. 4.1 Market Research and Promotion 2.5 3.8 2.3 2.9
18. 6.3.2 Acquisition 3.1 3.1 1.9 2.9
19. 1.1 National Park Establishment and Expansion 2.8 2.3 3.7 2.8
20. 5.1 Townsite Management 2.8 2.3 2.5 2.6
21. 6.1.3 Legal 1.8 3.6 1.9 2.4
22. 2.3 National Historic Sites Conservation 1.9 2.3 2.2 2.1
23. 4.2, 4.4, 4.6 Interpretation 1.5 2.9 1.2 1.9
24. 2.1.1 Species at Risk 1.9 1.3 2.7 1.9
25. 6.3.3 Material 1.7 1.8 1.0 1.6
26. 2.2 National Marine Conservation Areas Sustainability 1.4 1.5 1.5 1.5
27. 1.2 National Marine Conservation Area Establishment 1.4 1.3 1.3 1.3
28. 1.3 National Historic Site Designations 1.1 1.1 1.5 1.2
29. 2.4 Other Heritage Places Conservation 1.4 0.9 1.0 1.1
30. 1.4 Other Heritage Places Designations 0.7 0.8 1.3 0.8

Appendix F. Audit Plan and Past Coverage by Priority Ratings

PA Number Entity Priority 2012–2013 2013–2014 2014–2015 Recent Audit Coverage Evaluation Coverage
6.2.3 Information Management 4     Management Control Framework For IM Audit Of Information Management (2008)  
6.2.2 Financial Management 3.9 Financial Management Framework

Audit Management of Revenue -Rentals and Concessions (2012)

Consulting Project: Financial Processes (PIC)
  Compliance With Policy On Internal Controls 32 Finance And Administrative Audits (6 directorates and 26 field units) between April 2005 and March 2012

Audit Of Revenue Management (Entry And Camping) (2008)
 
6.2.4 Information Technology 3.9 Performance Audit of the GIS   Point of Sale (POS) System    
5.2 Through Highway Management 3.7 Audit Of The Twinning Of The TCH (2012)       Evaluation (Dec. 2010)
5.3 Through Waterway Management 3.7         Evaluation (2011)
4.3.1 Visitor Safety 3.6   Visitor Safety Program      
6.3.1 Real Property 3.5   Management Of Staff Housing     Evaluation Of Asset Management Program (2009)
3.1 Public Outreach Education and External Commu-
nications
3.4   Agency Branding and Corporate Identity Program      
6.1.1 Management and Oversight 3.4 Consulting Project: Core Management Information Needs   Investment Plan

Project Management
Audit Of Values And Ethics Management (2007)

OCG Audit Of Corporate Risk Profiles (2009)

OCG Audit of Compliance with the MRRS Policy (2012)
 
3.2 Stakeholder and Partner Engagement 3.1 Consulting Project Partnering Agreements        
4.3, 4.5, 4.7 Visitor Service Offer 3.1         Evaluation 2011
6.1.2 Internal Commu-
nication
3.0          
2.4.1 National Historic Sites Cost-Sharing 3.0       Audit Of The Management Of The Cost-Sharing Contribution Program (2011)  
6.2.5 Other Administrative Services (security, business continuity) 3.0   Business Continuity And Emergency Preparedness      
2.1 National Parks Conservation 3.0       CESD Study Of Environmental Monitoring Systems (2011)

Audit Of Law Enforcement Program-Arming Initiative (2011)

CESD Audit of National Parks (starting in 2012)
Evaluation of Resource Conservation in National Parks 2012
4.1 Market Research and Promotion 2.9         Some Coverage In VSO Eval 2011
6.2.1 Human Resources Management Services 2.9   Audit Information in PeopleSoft to Support Centralized Pay Audit Of Official Languages Audit Of Pay And Benefits (2009)

Audit Of Staffing (2006)

Independent 5 Year Review Of Human Resources Regime (2010) 

HR Process In Coastal BC (2011)

OCOL Audit Of Delivery of Bilingual Services to Visitors by Parks Canada (2012)
 
6.3.2 Acquisition 2.9 Horizontal Audit of Procurement Processes

Acquisition Card process
    (Covered In Finance And Admin. Audit Cycle)  
1.1 National Park Esta-
blishment and Expansion
2.8         Evaluation 2012
5.1 Townsite Management 2.6          
6.1.3 Legal 2.4          
2.3 National Historic Sites Conservation 2.1          
2.1.1 Species at Risk 1.9       CESD Audit of SARA (starting 2012) Interde-
partmental Evaluation (2012)
4.2, 4.4, 4.6 Interpretation 1.9          
6.3.3 Material 1.6          
2.2 National Marine Conservation Areas Sustainability 1.5       CESD Audit of Marine Protected Areas (2012)  
1.2 National Marine Conservation Area Esta-
blishment
1.3          
1.3 National Historic Site Designations 1.2          
2.4 Other Heritage Places Conservation 1.1          
1.4 Other Heritage Places Designations 0.8          

  • [1] Collection facilities and/or conservation laboratories are currently maintained in Winnipeg, Ottawa, Cornwall, Quebec and Halifax.
  • [2] The terms of reference for the committee were updated in June 2012.
  • [3] These are the Law Enforcement Program and the General Class Contribution Program.
  • [4] The total amount represents the cost for salary and expenses associated with the various projects for the current fiscal year.
  • [5] Includes updating of the universe, continuous auditing and practice inspection (including professional fees).
  • [6] These are the law enforcement program and the General Class Contribution Program.