Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Multi-Year Internal Audit Plan - 2013-14 to 2015-16

Table of Contents

July 2013
Office of Internal Audit and Evaluation Parks Canada

Recommended for Approval by Parks Canada Audit Committee: August 23, 2013
Date approved by CEO: September 26, 2013

Executive Summary

The Parks Canada Multi-Year Internal Audit Plan 2013-14 to 2015-16 outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit projects and activities for the next three years.

Parks Canada’s Office of Internal Audit and Evaluation (OIAE) adheres to the government’s policy, directive and standards for internal audit. The audit function consists of the Chief Audit and Evaluation Executive (CAEE) and seven auditor positions.

The audit universe (i.e., the individual programs, processes or systems that may be subjected to IA activity) consists of 30 entities based on a modified version of the Agency’s Program Alignment Architecture (PAA), including internal services. Audits entities are described and prioritized based on considerations of significance, public visibility and risk. In principle, audit activities should focus on the entities with the highest priority scores, as determined by a yearly review, for the three year period of the plan.

For this planning cycle, we reviewed planned audit priorities and scheduled projects as laid out in the 2012–2013 audit plan and made several adjustments both to priority and scheduling of projects. During the year the audit universe and priority ratings for entities will be updated to take account of the significant changes impacting on the Agency as a result of fiscal constraints arising from Budget 2012 and other measures to support sustainable Agency operations.

For 2013–2014 the function will:

  1. Undertake four assurance audit engagements
  2. Complete three consulting engagements
  3. Continue to implement three internal projects

Four to seven audits are planned for each of the second two years of the plan. Completion of this work will result in coverage of entities currently rated as high audit priorities and several other entities rated as moderate priorities. Scheduling of projects in later years should be viewed as tentative pending the update of the audit universe and priority ratings over the next several months.

Introduction

The Parks Canada Multi-Year Internal Audit plan 2013–2014 to 2015–2016, consistent with the TB Policy on Internal Audit, outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit activities for the next three years.

Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

“Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations.”

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

Internal Audit Function

Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2012), and the associated directive and standards. In June 2012, a revised audit charter for the function was approved.

Mandate and Services Offered

The mandate of the function is to:

“Provide independent and objective assurance and consulting services designed to add value and improve the Agency’s operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices.”

In this context, the function provides the CEO and audit committee with assurance that:

  • Risks are appropriately identified and managed;
  • Governance arrangements are in place to support strategic direction, monitoring and accountability;
  • Significant financial, managerial and operating information is accurate, reliable and timely;
  • Activities and actions are in compliance with applicable laws, regulations policies, standards, and procedures;
  • Resources are acquired economically, used efficiently and adequately protected;
  • Programs, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in the Agency’s control processes;
  • Significant legislative or regulatory issues impacting the Agency are recognized and addressed properly.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization’s risks are managed effectively, that its’ goals and objectives will be achieved efficiently and economically and that rules, regulations and policies are followed;
  • Investigations of possible fraud or wrong doing;
  • Consulting, analysis and advice related to policies, programs, risks, systems and controls.

Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation four months after the final approval of the audit report by the Chief Executive Officer; and every six months afterwards until recommendations are fully addressed. A summary of progress made in implementing action plan is a standing item on the Audit Committee’s agenda.

Governance

The CAEE reports directly and exclusively to the Chief Executive Office (i.e., deputy head) of the Agency. Consistent with TB Policy on Internal Audit, oversight of the function is provided by an independent audit committee composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[1] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal audit function and products;
  • External audit and review;
  • Financial statements and public accounts reporting;
  • Risk management;
  • Agency accountability reporting;
  • Values and ethics;
  • Management control framework.

Organizational Structure and Resources

The organizational chart for the function is shown at the right. The function currently consists of seven funded positions. The effective staff complement for 2013–2014 is an estimated 4.9 FTEs due to one auditor being on parental leave for part of the year, one on sick leave and a junior audit position not staffed at the time of the planning. Staffing processes for the latter position have been initiated but it is not certain when the position will be filled.

Budget for audit in the Agency includes

  1. Part of the salary and O&M costs for Executive Assistant to the CAEE, typically about $34K per year[2]
  2. Salary and operating costs of the audit committee, typically about $100K per year of which 80% to 85% covers salaries (i.e., costs in 2012–2013 were $114.2K of which 86% was salary).
  3. Costs of the audit function (i.e., the salary and expenditures for the seven auditor positions).

The available budget for the audit function is in 2013–2014, along with actual expenditures in 2012–2013 and forecasted expenditures in 2013–2014 are shown in the table below.

  Available Budget Expenditures Forecasted Expenditures as % of Available Budget
2012–2013 2013–2014
Actual Forecast
836,000 595,021 587,000 70%
Salaries 607,000 509,171 460,000 76%
Project Costs 229,000 50,900 37,000 55%
Non Project O&M 34,950 90,000

The time budget for the function in 2013–2014 is estimated to be 7,300 hours (i.e., the available work time for 4.9 FTEs minus vacation, sick leave and training time). For 2013–2014 approximately 46% of the time is allocated to assurance audit work, 38% to administration, 11% to consulting work and 9% to other work.[3] Details of expenditure and time allocation for specific projects are shown below with the project descriptions.

Audit Planning Methodology and Considerations

Audit planning is based on a listing of auditable entities (i.e., the programs, process or activities that may be subject to audit) call the audit universe. In the Agency the audit universe is based on the Program Alignment Architecture (PAA) including internal services, with some adjustments and modifications to amalgamate sub-activities where it makes sense and to add a few programs that are not part of the PAA structure.[4] Currently the universe consists of 30 entities. Each entity is described, documented and assigned a priority rating. Priority ratings are based on an assessment of the significance, public visibility and risk exposure of the entity. The ratings are combined and classified based on ranges of scores as very high, high, moderate and low audit priority. Appendices A, B, C and D provide more details on the planning process, some of the inputs to the ratings (i.e., Corporate Risk Profile, past audit and evaluation coverage).

In addition to audit priority ratings the function takes account of several additional factors in planning audits including external commitments to conduct an audit (i.e., typically in the context of special funding approved by TB for new programs or initiatives); past or planned coverage by other assurance providers (OAG/CESD, other Agents of Parliament, the OCG, and program evaluation within the Agency); management priorities and audit committee recommendations; and the availability of audit resources .

Planned Projects for the Next Three Years

The current audit universe and priority ratings were developed two years ago in March 2011 for the 2011–2012 Internal Audit Plan. Due to the significant impacts of Budget 2012 on the Agency the universe and priority ratings were not updated for the Multi-Year Internal Audit Plan 2012–2013 to 2014–2015. Instead, planning was informed by consultations with senior management and the audit committee.

For this planning cycle, some updating of descriptive information about audit entities was undertaken in March and April 2013. Individual interviews (n=9) were conducted with members of Executive Management Committee in May 2013 to confirm the continued relevance, appropriateness and timing of the already proposed audits as laid out in the Multi-Year Internal Audit Plan 2012–2013 to 2014–2015. This resulted in various adjustments reflected in the three year plan outlined in the Table below.

The schedule of audit engagements for the second two years of the plan should be viewed as tentative and is likely to change as the work to update the universe and priority ratings over the next several months is completed.

In 2013–2014 the function will:

  1. Undertake four assurance audit engagements
  2. Complete three consulting engagements
  3. Continue to implement three internal projects.

Details of planned projects for the next three years are presented below.

Summary of Audit Plans by Risk Ratings of Audit Entities
PA Number Entity Priority 2013–2014 2014–2015 2015–2016
6.2.3 Information Management 4     Management Control Framework For IM
6.2.2 Financial Management 3.9 2 Audits of Key Financial and Administrative Processes (sites to be confirmed)

OCG Audit of Financial Forecasting

Consulting Project: Work Place

Consulting Project: Financial Processes (PIC)
Compliance With Policy On Internal Controls

Revenue Controls on Through Waterways
6.2.4 Information Technology 3.9 SSC IT Security and Disaster Recovery Controls Assessment Point of Sale (POS) System
5.2 Through Highway Management 3.7    
5.3 Through Waterway Management 3.7    
4.3.1 Visitor Safety 3.6     Visitor Safety Program
6.3.1 Real Property 3.5 Management Of Staff Housing   Realty Data Quality and Management of Obligations
3.1 Public Outreach Education and External Communications 3.4     Agency Branding And Corporate Identity Program
6.1.1 Management and Oversight 3.4   Investment Plan

Project Management
3.2 Stakeholder and Partner Engagement 3.1 Consulting Project Partnering Agreements  
4.3, 4.5, 4.7 Visitor Service Offer 3.1    
6.1.2 Internal Communication 3.0    
2.4.1 National Historic Sites Cost-Sharing 3.0    
6.2.5 Other Administrative Services (security, business continuity) 3.0   Business Continuity And Emergency Preparedness
2.1 National Parks Conservation 3.0    
4.1 Market Research and Promotion 2.9    
6.2.1 Human Resources Management Services 2.9 Pay Transformation Planning and Capacity   Audit Of Official Languages
6.3.2 Acquisition 2.9    
1.1 National Park Establishment and Expansion 2.8    
5.1 Townsite Management 2.6    
6.1.3 Legal 2.4    
2.3 National Historic Sites Conservation 2.1    
2.1.1 Species at Risk 1.9    
4.2, 4.4, 4.6 Interpretation 1.9    
6.3.3 Material 1.6    
2.2 National Marine Conservation Areas Sustainability 1.5    
1.2 National Marine Conservation Area Establishment 1.3    
1.3 National Historic Site Designations 1.2    
2.4 Other Heritage Places Conservation 1.1    
1.4 Other Heritage Places Designations 0.8    

Year 1: 2013–2014

Section A: Assurance Work
Objectives Scope/Rational
1. Audit of the Management of Staff Housing

The audit aims to provide assurance to senior management that Parks’ staff housing initiative is an efficient tool to support organizational objectives by ensuring optimization of value for money while in compliance with applicable policies and directives.
High Audit Priority Maps to Corporate Risks:

Assets
Maps to MAF:

Risk management

Stewardship

Asset Management

People Management
Staff housing is provided as a benefit to attract staff where accommodations are not easily available or affordable and/or for some seasonal employees for whom it would be unreasonable to require them to acquire their own accommodations.

The audit scope will focus on 1) the reasonableness of maintain staff housing at particular locations 2) fairness and equity in assigning staff housing 3) the adequacy of the housing stock 4) compliance with policy and procedures with respect to setting fees (rent) and collecting revenues.

Project is scheduled for summer 2013 and the report should be tabled at the Audit Committee in spring of 2014.

Planned expenditures in 2013–2014 are approximately $22K.
2. Pay Transformation Planning and Capacity

The audit will assess the adequacy of plans, processes and resources to complete the pay transformation project by its target date of April 2015.
High Audit Priority Maps to Corporate Risks: Maps to MAF:

Risk Management
In 2010, the Government of Canada made the decision to centralize pay processing in Miramichi, N.B. As a result data in the Agency’s PeopleSoft system will become the key source of information to support pay transactions. The Agency’s will begin transferring pay accounts (i.e., 133 accounts) in October 2013, with the objective of transferring 10% of its accounts by March 2015. The remaining 90% of accounts will be transferred as a group in early 2015–2016.

Project is scheduled for fall 2013 and the report should be tabled at the Audit Committee in fall of 2014.

Planned expenditures 2013–2014 are approximately $1K.
3. Two Audits of Key Financial and Administrative Processes (sites to be confirmed)

To provide continuous assurance to senior management that, in general, financial and administrative practices respect policies and directives.
High Audit Priority Maps to Corporate Risks: Maps to MAF:

Stewardship

Results and performance

Financial Management
In a format similar to our original cycle of audits conducted between 2002 and 2011, theses audits will assess selected key transactional processes. Sites or units to be audited will be determined based on analysis conducted prior to selection. More targeted in term of topics to be covered, it is expected that this type of audits will not exceed two to three conducted annually.

The 2 audits projects for this year are expected to be completed by March 2014, and tabled at the Audit Committee in May 2014.

Planned expenditures in 2013–2014 are approximately $7K for each audit.


Section B: Consulting Projects
Objectives Scope/Rational
4. Partnering Agreements

The objective of the project is to provide analysis of the authorities and limitations of fund transfer instruments used in supporting of partnering arrangements with third parties.
The Agency developed a partnering engagement framework in 2009. The means by which the Agency could either receive or transfer funds to third parties in the context of a partnering agreement has been identified as a key barrier to achieving the full benefits of partnering (see for example, the Agency’s 2012–2013 Corporate Risk profile). The scope of the work involves identification and analysis of the authorities and instruments that can be used for funds transfers (i.e., contracts, contributions, revenue agreements, sponsorships, special purpose funds, and reality arrangements) in support of partnering.

The project is expected to be completed by July 2013.
5. Documenting Financial Processes and Controls

The objective is to describe and document selected key business processes and financial controls as required under the TB Policy on Internal Control.
In 2012–2013 the function developed, in concert with the Office of CFO, descriptions of two business processes (i.e., interdepartmental settlements, and procurement to pay) to support the Agency’s work in describing its financial business processes. In 2013–2014 the function has committed to continue to support the OCFO in this work. The number of processes to be described is contingent on the OCFO completing the design for selected processes.

Timing is contingent on the scope of the identified work.
6. Work Place

The objective is to document current locations of work and the potential impacts of changes to the definition as proposed by management.
Under Agency Travel Policy Appendix E, the definition of location of work is determined by Level 3 Managers. As a result there are wide variations across the country in how work location is defined and when employees are deemed to be on travel status. The scope of the project involves inventorying the work locations as they currently exist in the Agency and documenting the potential impacts of management proposed changes to how work locations are defined.

The project is expected to be completed in January 2014


Section C: Other Work
Objectives Scope/Rational
7. OCG Audit of Financial Forecasting The objective is to assess whether departments are forecasting financial information appropriately to inform decision making. The scope includes the collective suite of management processes that are in place during the fiscal year ending March 31, 2013 to support departmental efforts to effectively forecast, as well as comply with the related requirements of the Policy on Financial Resource Management, Information and Reporting and the Policy on Financial Management Governance. Field work is conducted by the OIAE to support OCG Reporting.

The project is expected to be completed by August 2013 and the report to be tabled in April 2014.
8. Shared Services Canada IT Security and Disaster Recovery Controls Assessment The scope includes a review and documentation of the security and disaster recovery controls related to IT infrastructure and operating systems, applications, user access and business continuity planning. The project is jointly carried out by the Office of Audit and Evaluation at SSC and the Office of Internal Audit and Evaluation at Parks Canada based on an IT Security and Disaster Recovery Controls Assessment Framework created by SSC.

The project is expected to be completed by fall 2013.


Section D: Internal Projects
Objectives Scope/Rational
9. Update Audit Universe and Priority Ratings The function will engage management to confirm and update its descriptions of audit entities and subcomponents of audit entities and document information necessary to establish priority ratings at the sub component level of the universe (i.e., likely 60 or more auditable entities) to support audit planning in the future.
10. Analysis in Support of Continuous Auditing The function will focus on identifying key processes and questions that can be addressed through continuous auditing and on writing scripts to extract relevant data from the financial system. This will involve consultations with TBS experts and other audit functions as well the use of consultants. The analysis will be used to create a framework for standardizing the use of continuous auditing in the function.

The project will continue until March 2014 when progress will be assessed.
11. Team Mate Implementation The Team Mate audit software was acquired through PWGSC in 2013–2014. Initial configuration and implementation of the system is expected to take place in fall 2013. We expect this will require three months of full time work by one auditor.


Project Resources Size Hours O & M ($)  Total ($)[5]
YTD Estimate for 2013–2014 2013–2014
Overall Total   540 5,125[*] 92,000 297,000
Management of Staff Housing Large 110 1,400 22,000 78,000
Pay Transformation Planning and Capacity Large 115 1,200 1,000 49,000
Key Financial and Administrative processes (site TBD) Small   400 7,000 23,000
Key Financial and Administrative processes (site TBD) Small   400 7,000 23,000
Sub Total Assurance     3,400 37,000 173,000
Partnering Agreements   275 275   11,000
Documenting Financial Processes and Controls 40 200   8,000
Work Place     300   12,000
Sub Total Consulting     775   31,000
OCG Audit of Financial Forecasting 200 8,000
SSC IT Security and Disaster Recovery Controls Assessment 50 2,000
Sub Total Other Work 250   10,000
Audit Universe Update 150 6,000
Continuous Auditing   250 20,000 30,000
Team Mate Implementation   300 35,000 47,000
Sub Total Internal Projects     700 55,000 83,000
[*] An additional 2,250 hours of audit work time is estimated to be available for other administration (i.e., planning, meetings, human resources actions, liaison, etc).

Year 2: 2014–2015

Preliminary Objectives Preliminary Scope/Rational
1. Investment Planning

The audit will assess the adequacy of Investment planning governance, risk identification and management, and controls for ensuring follow through on investment decisions.
High Audit Priority Maps to Corporate Risks:

Asset Management
Maps to MAF:

Investment Planning and Management of Projects
The scope will include the processes in place to implement the TB Policy on Investment Planning -- Assets and Acquired Services including the efficiency and effectiveness of the investment planning regime.
2. Project Management

The audit will assess the framework (governance, roles and responsibilities, communication, risk management and controls) developed by the Agency to support project management.
High Audit Priority Maps to Corporate Risks:

Information Management

Asset Management
Maps to MAF:

Investment Planning and Management of Projects

Procurement
The scope of will include processes in place to implement the TB Policy on the Management of Projects including verifying the existence and adequacy of systems, processes and controls for managing projects , to support the achievement of project and program outcomes while limiting the risk to stakeholders and taxpayers.
3. Point of Sale (POS) System

The audit will assess the adequacy of the control framework (governance, roles and responsibility, risks management and controls) supporting data collection through POS (i.e., revenue and social science data).
High Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF:

Financial Management and Control
A new common point of sale system was implemented across most of the Agency’s operations in 2012–2013. The scope will include a review of processes and procedures to ensure completeness, timeliness, and accuracy of the data collected.
4. Business Continuity and Emergency Preparedness

The audit will assess compliance with the framework (governance, existence and efficiency) for business continuity plan and emergency preparedness, established by the Agency.
Moderate Audit Priority Maps to Corporate Risks:

Environmental Forces

Asset Management
Maps to MAF:

Risk management

Management of Security

Citizen-focused service
The scope will include processes in place to implement the TB Policy on Government Security and the Directive on Departmental Security Management including practices leading to security and business continuity and emergency preparedness plans.


Project Resources Size Hours O & M ($) Total ($)
2014–2015 2015–2016
Total   4,800 54,000   246,000
Investment Plan Medium 1,200 5,000   53,000
Project Management Medium 1,200 15,000   63,000
Point of Sale (POS) System Large 1,500 25,000   85,000
Business Continuity and Emergency Preparedness Small 900 9,000   45,000

Year 3: 2015–2016

Preliminary Objectives Preliminary Scope/Rational
1. Management Control Framework for Information Management

The audit will assess the current control framework (governance, roles and responsibilities, risk and control) for information management.
High Audit Priority Maps to Corporate Risks:

Information Management
Maps to MAF:

Managing for Results

Risk Management
The scope will include process for the implementation of the TB Policy on Information Management and the Directive on Information Management Roles and Responsibilities including ensuring that governance structures, mechanisms and resources are in place to support the continuous and effective management of information.
2. Official Languages

The audit will assess the Agency’s responsibilities under the Official Languages Act with respect to identifying, maintaining and staffing bilingual positions, and providing a work environment conductive to the use of both official languages.
Moderate Audit Priority Maps to Corporate Risks:

Workforce Management
Maps to MAF:

People Management
The scope will include a review of processes for determining language requirements for positions, and that staffing and training practices work effectively to ensure language requirements are meet.
3. Visitor Safety Program

The audit will assess the framework (governance, roles and responsibility, communication, risk management and controls) in place to support the Visitor Safety Program
High Audit Priority Maps to Corporate Risks:

Public Support
Maps to MAF:

Risk management

Citizen-focused Service

Management of Security
The scope will include a review of the national policy/direction setting role of the Visitor Experience Branch in the External Relations and Visitor Experience Directorate for the visitor safety program and the implementation of the program at the field level by resource conservation managers.
4. Agency Branding and Corporate Identity Program

The audit will assess the framework (governance, roles and responsibilities, risks and controls) in place to create a corporate identity and brand for the Agency.
Moderate Audit Priority Maps to Corporate Risks:

Competitive Position
Maps to MAF:

Citizen-focused service

People Management

Managing for Results
The scope will include compliance with TB Federal Identity Program Policy and the Agencies directions with respect to its brand identify (i.e., design standards, use of symbols etc).
5. Compliance with Policy on Internal Controls

The audit will assess the implementation of the TB Policy on Financial Management Controls within the Agency.
High Audit Priority Maps to Corporate Risks: Maps to MAF:

Risk management

Financial Management and Control
The scope will include reviewing the processes and practice in place to ensure compliance with the TB Policy on Internal Control which aims to ensure the effectiveness of the Agency’s system of internal control over financial reporting.
6. Audit of Revenue – Canals

The audit will assess the adequacy of the framework over revenue collection for canals to ensure accuracy and completeness of data.
High Audit Priority Maps to Corporate Risks: Maps to MAF:

Stewardship

People (Accountability)

Results and performance

Client-focused service

Risk management
The scope will include a review of processes and procedures for ensuring accuracy and complete accounting of all revenue derived from canal operations.
7. Realty Data and Obligations Management

The audit will assess the quality of the existing realty data and the active management of realty obligations as set out in various realty instruments.
High Audit Priority Maps to Corporate Risks: Maps to MAF:

Stewardship
The scope include the control and oversight regime in place to monitor adherence to the TB Policy on Management of Real Property and the Reporting Standard on Real Property with respect to land management and obligations related to land use (i.e., an estimated 8,500 land-use documents, ranging from leases to concessions to utility agreements).


Project Resources Size Hours O & M ($) Total ($)
2015–2016 2016–2017
Total 8,700 78,000 8,000 426,000
1. Management Control Framework for Information Management Large 1,500 5,000 4,000 65,000
2. Official Languages Small 900 5,000 4,000 41,000
3. Visitor Safety Program Medium 1,200 10,000   58,000
4. Agency Branding and Corporate Identity Program Medium 1,200 11,500   59,500
5. Compliance with Policy on Internal Controls Large 1,500 19,000   79,000
6. Revenue Controls on Through Waterways Small 900 7,500   43,500
7. Realty Data Quality and Management of Obligations Large 1,500 20,000   80,000

Appendix A. Steps in Audit Planning

1. Audit Universe

The Agency’s PAA consists of five programs with 23 sub-activities and a sixth stream of internal services with 14 sub-activities. Based on consultation with management and past experience these adjustments and modifications were made to amalgamated sub-activities where it makes sense and to add a few programs[6] where there are existing audit commitments that are not part of the PAA structure. This resulted in a universe of 30 auditable entities. In the course of this work we noted that many of these entities (e.g., national parks conservation, human resources management) are complex and can farther divided into several sub-elements so that in principle the universe may expand over time to 70 or more entities.

2. Describing and documenting Audit Entities

A description of each audit entity is prepared with basic information (purpose, budget, expenditures, governance framework, owner, partners, stakeholders, supporting information systems, and financial coding etc). Additional information is gathered to then rate the entity on three dimensions adapted from the OCG Practice Guidebook --- Internal Audit Planning for Departments and Agencies (2006):

  • Significance reflects the overall importance of the entity to Agency, the scope of its reach, the dollar value (materiality) associated with it and/or impact of the entity on stakeholders;
  • Public Visibility reflects the extent to which an entity is routinely subject to scrutiny by the general public, stakeholder groups and the media;
  • Risk Exposure takes account of the number, nature and types of risk to which an entity is exposed and the severity and breath of possible consequences.

3. Prioritization of Audit Entities

Prioritization consists of assigning a significance, public visibility and risk exposure score to each entity (i.e., each with a five point scale ranging from 1 very low significance, visibility or exposure to 5 very high significance, visibility or exposure), and then combining the scores (i.e., weighted 30% for significance, 20% for visibility and 50% for risk exposure) to create a final priority score for each entity.

Level Range Description
Very High 4.26 – 5.00 Entities considered to be highly important from an audit standpoint and should be subject to internal audit activity. Where possible, audits of these priorities should be conducted early in the planning cycle to permit the generation of assurance in a timely fashion.
High 3.51. – 4.25 Entities considered as an important audit priority and should be audited in the planning cycle, but not necessarily in the first year of the plan.
Moderate 2.51 – 3.50 Audit resources may be expended; however these areas are only of moderate audit priority during this planning cycle.
Low 0.00 – 2.50 Little to no justification for audit resources to be expended in these areas during this planning cycle.

Appendix B. Corporate Risk Profile 2013–2014

Risk Category and Label Risk Statement Risk Owner
Public
Aboriginal Support Support from Aboriginal Peoples may diminish and become insufficient to advance Parks Canada’s programs. Director, Aboriginal Affairs Secretariat
Inter-governmental Collaboration Cooperation and support from other federal departments, provinces, territories, and municipalities, may be insufficient to advance Parks Canada’s programs. VP, Protected Area Establishment and Conservation

VP, Heritage Conservation and Commemoration
Partnering Instruments Existing partnering authorities and related instruments may limit Parks Canada’s ability to fully leverage partnering opportunities, resulting in its inability to extend its reach and to grow the base of support for Parks Canada’s administered places. VP, External Relations and Visitor Experience
Public Support Support from local communities, stakeholders, NGOs, and the Canadian public may not exist or be insufficient to advance Parks Canada’s programs. VP, External Relations and Visitor Experience
Socio-Economic
Competitive Position Parks Canada’s programs, service and experience offer may be less attractive or of less interest to Canadians, compared to alternative leisure activities and interests, as a result of the growing diversity, urbanization and changing tastes of the Canadian population and of resource erosion due to inflation.. VP, External Relations and Visitor Experience
Development Pressures Development pressures may limit opportunities for establishment of National Parks and National Marine Conservation Areas, as well as impact commemorative integrity at Parks Canada’s National Historic Sites in urban areas. VP, Protected Area Establishment and Conservation

VP, Heritage Conservation and Commemoration
Environmental
Natural Disasters Natural disasters may impair or destroy critical infrastructure and/or assets of national historic significance, or lead to significant unforeseen expenses and potentially, serious injury or loss of life and the permanent loss of assets of national historic significance. Chief Administrative Officer, VP Eastern Canada, VP Western and Northern Canada
Environmental Forces The Agency’s ability to maintain or improve overall EI in NPs and meet legal requirements related to species at risk may be hindered by environmental forces, such as biodiversity loss, exotic/invasive species, as well as climate change, and shoreline erosion, which also pose a risk to maintaining commemorative integrity at NHSs. VP, Protected Area Establishment and Conservation

VP, Heritage Conservation and Commemoration
Parks Canada’s Business Operations
Asset Management Aging infrastructure, inadequate level of recapitalization and maintenance, and inflationary impacts, particularly for high risk contemporary assets and critical built heritage assets, could result in compromised public safety, loss of irreplaceable heritage, and damage to the Agency's reputation. Chief Administrative Officer
Information Management Failure to identify, capture, manage, share and report pertinent data and information and knowledge may hinder the ability to effectively manage all program areas and meet legal requirements. Chief Administrative Officer
Workforce Management The Agency’s ability to sustain a sufficient and representative workforce with the appropriate competencies within the current fiscal and demographic realities could lead to challenges in delivery of all programs and support functions. Chief Human Resources Officer

Appendix C. Risk Taxonomy

Risk Domain Definition Risk Area Risk Area Definition
A. Strategic Loss or damage caused by external conditions or events which may negatively affect the government's policy or program position, asset base or other decisions. 1. Transformation The risks associated with the government's inability to make needed program, policy or other changes to adapt to, or efficiently meet emerging or evolving needs.
2. Alignment and Priority Setting The risks associated with the misalignment of activities, priorities and financial resources.
3. Public Opinion The risks associated with a shift of public opinion.
4. Economic The risks associated with major disruptions in the Canadian or world economy.
B. Operational Loss or damage caused by failures in people, processes or internal systems. 1. Human Resources The risks associated with maintaining a sufficient and representative workforce with the appropriate experience and skill-mix.
2. Third Party The risks associated with the failure on the part of third parties on which the Government depends.
3. Knowledge Capital The risks associated with loss or failure to manage information, including intellectual property, organizational or operational information, and personal information of Canadians.
4. Capital Infrastructure The risks associated with deteriorating or damaged capital infrastructure including hard assets (e.g., buildings, vessels, scientific equipment), but excluding IT infrastructure.
5. Information System Infrastructure The risks associated with failure or incapacity of information technology.
6. Legal and Compliance The risks associated with violation of laws, regulations, international treaties / agreements and policies.
7. Internal Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by internal personnel for personal gain.
8. External Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by a partner or the public for personal gain.
C. Hazard Loss or damage caused by natural, accidental or pre-meditated actions 1. Natural Hazards The risks associated with natural, e.g., biological or climatic hazards.
2. Human Actions - Intentional The risks associated with chemical, nuclear or other hazards, resulting from deliberate actions.
3. Human Actions - Unintentional The risks associated with chemical, nuclear or other hazards, resulting from accidents.

Appendix D. Past Coverage by Priority Ratings

PA Number Entity Priority Audits Evaluation Coverage
6.2.3 Information Management 4 Audit Of Information Management (2009)
6.2.2 Financial Management 3.9 10 Finance And Administrative Audits (6 directorates and 26 field units) between April 2007 and March 2013.

Audit Of Revenue Management -Entry And Camping (2008)

Audit Management of Revenue -Rentals and Concessions (2012)
6.2.4 Information Technology 3.9 Performance Audit of the GIS
5.2 Through Highway Management 3.7 Audit Of The Twinning Of The TCH (2012) Evaluation (Dec. 2010)
5.3 Through Waterway Management 3.7 Evaluation (2010 and 2012)
4.3.1 Visitor Safety 3.6
6.3.1 Real Property 3.5 Evaluation (2009)
3.1 Public Outreach Education and External Communications 3.4
6.1.1 Management and Oversight 3.4 Audit Of Values And Ethics Management (2008)

OCG Audit Of Corporate Risk Profiles (2009)

OCG Audit of Compliance with the MRRS Policy (2012)
3.2 Stakeholder and Partner Engagement 3.1
4.3, 4.5, 4.7 Visitor Service Offer 3.1 Evaluation (2011)
6.1.2 Internal Communication 3.0    
2.4.1 National Historic Sites Cost-Sharing 3.0 Audit Of The Management Of The Cost-Sharing Contribution Program (2011) Evaluation (2012)
6.2.5 Other Administrative Services (security, business continuity) 3.0    
2.1 National Parks Conservation 3.0 CESD Study Of Environmental Monitoring Systems (2011)

Audit Of Law Enforcement Program-Arming Initiative (2011)

CESD Audit of EI in National Parks (starting in 2012)
Evaluation 2013
4.1 Market Research and Promotion 2.9  
6.2.1 Human Resources Management Services 2.9 Audit Of Pay And Benefits (2009)

Independent 5 Year Review Of Human Resources Regime (2010)

HR Process In Coastal BC (2011)

OCOL Audit Of Delivery of Bilingual Services to Visitors by Parks Canada (2012)
6.3.2 Acquisition 2.9 Acquisition Card Process (2012)
1.1 National Park Establishment and Expansion 2.8 Evaluation (2012)
5.1 Townsite Management 2.6
6.1.3 Legal 2.4
2.3 National Historic Sites Conservation 2.1
2.1.1 Species at Risk 1.9 CESD Audit of SARA (starting 2012) Interdepartmental Evaluation (2012)
4.2, 4.4, 4.6 Interpretation 1.9
6.3.3 Material 1.6
2.2 National Marine Conservation Areas Sustainability 1.5 CESD Audit of Marine Protected Areas (2012) Interdepartmental Evaluation (2012)
1.2 National Marine Conservation Area Establishment 1.3
1.3 National Historic Site Designations 1.2
2.4 Other Heritage Places Conservation 1.1
1.4 Other Heritage Places Designations 0.8  

[1] The terms of reference for the committee were updated in June 2012.

[2] The salary for executive level employees including the CAEE is administered centrally in the Agency and does not form part of the functions budget.

[3] Administration includes planning, work on internal systems, support to the audit committee, staffing and other HR activities, some aspects of quality control, and follow-up on previous recommendations. Other work includes investigations, coordinating with and support the work of external assurance providers. Approximately 74% of the non-administrative time is devoted to assurance work in 2013–2014.

[4] These are the Law Enforcement Program and the General Class Contribution Program.

[5] The total dollars is the cost for auditor salary and expenses associated with the various projects for the current fiscal year.

[6] These are the law enforcement program and the General Class Contribution Program.