Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Parks Canada 2010-2011 Internal Audit Plan

Parks Canada Cover Image

Date Approved
March 30th, 2009

Final
March 24, 2010

Office Of Internal Audit And Evaluation

Table of Contents

Executive Summary

1. Introduction

2. Parks Canada Agency

3. Internal Audit Function

Applicable Policies and Professional Standards
Mission and Services Offered
Governance
Office of Internal Audit and Evaluation (OIAE)

4. The Audit Universe and Planning Considerations

Agency Renewal
Agency's Corporate Risk Profile
OCG/TBS Directed Work
Work of Other Assurance Providers
Status of Projects in 2009-2010 Plan
Considerations Arising from TB Submissions, RBAFs and Budget 2009
Follow-up Audits
Risk Assessments and Consultations with Management/Audit Committee

5. Planned Projects

Extent and Limitations of Coverage

Appendices

1. Assumptions in the Calculation Of Audit Capacity
2. Parks Canada Corporate Risk Profile

List of Tables

Table 1: Program Activities
Table 2: Planned Internal Audit Spending for 2010-2011
Table 3: Past Coverage of Audit Universe by Internal Audit and Other Assurance Providers
Table 4: Audit Universe and Scheduled Audit Projects for 2010-2011 to 2012-2013
Table 5: Internal Audit Project Scheduling for 2010-2011

Executive Summary

The 2010-2011 Parks Canada Internal Audit Plan outlines the mandate, organizational structure and resources for Internal Audit at Parks Canada, the strategy and process employed in developing the Plan and details of individual internal audit projects for the FY 2010-2011, the associated costs and plans for 2011-2012 and 2012-13. The Internal Audit Committee of the Agency discussed and recommended the plan to the CEO for approval. The CEO approved the plan on March 30th, 2010.

The Office of Internal Audit and Evaluation (OIAE) at Parks Canada adhere to the government's policies and standards for internal audit. Currently, the audit function consists of an executive level director (i.e., the CAE) and, as of 2010-2011, eight internal auditors. Given this resource base, the Office will have the capacity, in 2010-2011 to conduct between six and seven internal audit engagements (i.e., an average or typical engagement is 1,400 hours of effort), as well as addressing other non-risk based work (i.e., provision of advice, coordination, follow-up and participation in TBS directed audit work).

The universe used for audit planning is a modified version of the government's Management Accountability Framework (MAF). An informal updating of risks was undertaken in February and March 2010 based on management interviews. This information as well as several other considerations was used to develop the three year audit plan.

For the 2010-2011 fiscal year assurance work will continue to focus on audits related to basic financial and administrative controls as well as a new cycle of audits examining basic human resources processes and controls at the business unit level. Work will also include audits related to the new law enforcement program (i.e., a TB requirement) a continuation of national audits focusing on management of different types of revenue, an audit of particular high risk information systems (e.g., Geographical Information System) and work related to Economic Action Plan funded projects in the Agency.

Years two and three of the planning period show the continuation of the financial and human resources audit cycles, proposed high risk information systems for audit, work to complete the revenue management audit cycle and work on security and business continuity planning that was postponed from the 2009-2010 audit plan. Not all audit resources for years two and three of the plan have been committed pending completion of a new audit universe and formal risk rating of elements of the new universe.

1. Introduction

The 2010-2011 Parks Canada Internal Audit plan outlines the mandate, organizational structure and resources for internal audit at Parks Canada, the considerations employed in developing the Plan and details of individual internal audit projects for the FY 2010-2011 and beyond.

The plan was prepared in conformity with requirements of the Treasury Board Policy on Internal Audit, as well as Parks Canada's Internal Audit Charter (www.pc.gc.ca/docs/pc/rpts/rve-par/index_e.asp)

Risk assessment is an important component of multi-year internal audit planning. Parks Canada's approach to risk assessment for this cycle is described in more detail below. Additional factors considered in planning include:

  • Projects identified in previous planning cycles and those carried over from the previous year;
  • Follow-up of management commitments arising from previous internal and external audit work;
  • Requirements of the Office of the Comptroller General (OCG). Treasury Board submissions and related Risk-Based Audit Frameworks (RBAFs);
  • Work plans of other assurance providers such as the Auditor General, and the Commissioner of the Environment and Sustainable Development;
  • Senior management priorities.

Audit risk assessment and planning, as well as the resulting engagements, in conjunction with the work of other assurance providers, support an independent annual assurance report by the Chief Audit Executive to the Audit Committee and the Agency CEO on the adequacy and effectiveness of risk management, control and governance processes within the Agency. It is expected that the comprehensiveness and rigour of this assurance will improve over time.

2. Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

“Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations.”

Parks Canada delivers on its mandate through five major program activities shown in Table 1.

Table 1: Program Activities

Heritage Places Establishment Including the establishment to date of a system of 43 national parks, 3 national marine conservation areas, and the designation of 925 persons, places and events of national historic significance to Canada (e.g., of which 157 national historic sites are administered by the Agency) as well as supporting designation of other heritage places or structures (e.g., federal heritage buildings, heritage rivers, heritage railway, gravesites of prime ministers).
Heritage Resources Conservation Including the maintenance and restoration of ecological integrity in national parks, ensuring the commemorative integrity of national historic sites managed or influenced by Parks Canada; the protection and management of cultural resources under the administration of Parks Canada; and, the ecologically sustainable use of national marine conservation areas. Conservation also includes fulfilling legal responsibilities assigned to Parks Canada by the Species at Risk Act and the Canadian Environmental Assessment Act.
Public Appreciation and Understanding Activities aimed at reaching Canadians at home, at leisure, at school and in their communities through relevant and effective communication and public outreach education initiatives as well as by engaging many stakeholders and partners in the development and implementation of the Agency's future direction to increase Canadians' understanding, appreciation, support and engagement with respect to the natural and historical heritage of Parks Canada administered places.
Visitor Experience Activities aimed at increasing awareness of Parks Canada, supporting visit planning and traveling to and welcoming and orientation upon arrival, provision of recreational and interpretive infrastructure and activities (i.e., campgrounds, infrastructure, hiking trails) activities to ensure visitor safety and the ongoing post-visit relationship.
Town-Site and Throughway Infrastructure Managing, operating and providing municipal services to five townsite communities within Canada's national parks (i.e., provision of safe drinking water, snow removal, garbage pick-up and disposal, sewage treatment, road and street maintenance, and fire services to support residents and visitors). It also involves the operation of provincial and inter-provincial highways and waterways that connect communities and pass through national parks and national historic sites.

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

National parks and national historic sites are organized into thirty-two geographically based field units. About 80% of Parks Canada's work force is based in the field where most of its program expenditures take place. The work of field units is supported by Service Centres located in Halifax, Quebec City, Cornwall/Ottawa and Winnipeg (with small branch offices in Calgary and Vancouver). The Service Centres comprise about 10% of the work force and provide technical and professional services to field units (e.g., science, research, design services). National office, with less than 10% of the employee base, consists of five directorates (National Parks, National Historic Sites, Strategy and Plans, Human Resources and External Relations and Visitor Experience) who provide legislative, operational policy, planning, program direction, financial management, and human resources functions and services.

3. Internal Audit Function

Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2009), and associated directives, standards and guidelines. In 2008-2009 a new charter for the function was approved consistent with the policy and directions of the government.

Mission and Services Offered

The Agency's Internal Audit Charter defines the mission of the function to:

Provide independent and objective assurance and consulting services designed to add value and improve the Agency's operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization's risks are managed effectively and that its' goals and objectives will be achieved efficiently and economically;
  • Investigations of possible fraud or wrong doing;
  • Consulting and advice related to RBAFs, development of policies and management controls.

Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation six months after the final approval of the audit reports by the Chief Executive Officer. Managers are requested, by e-mail from the CEO, to complete a template that provides a status report on outstanding recommendations in their area of responsibility. The template is returned directly to the Chief Audit and Evaluation Executive, and is tabled and discussed at the Agency's audit committee.

Governance

In 2008-2009, Parks Canada implemented its independent audit committee consistent with the TB Internal Audit Policy requirement. The committee is composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[1] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal Audit Function and Products: the Agency's Internal Audit Charter; the adequacy of resources of the internal audit activities; the risk assessment and the Internal Audit Plan; the performance of the internal audit function; the appointment and performance appraisal of the CAE; internal audit reports and management action plans including following up to ensure action plans are implemented.
  • External Audit and Review: management support to the Office of the Auditor General and central agencies doing audit work in the Agency; the nature of the audit work; the reports and recommendations produced; and comments and advice on matters of the Agency's risk, control, and governance; and government-wide initiatives to improve management practices.
  • Financial Statements and Public Accounts Reporting: the Agency's financial statements including all significant accounting estimates and judgments, significant adjustments and management letters resulting from external audit, and findings and recommendations relating to the internal controls in place for financial statement reporting.
  • Risk Management: the corporate risk profile and Agency's risk management arrangements.
  • Agency Accountability Reporting: the Agency's Report on Plans and Priorities/Corporate Plan (RPP), the Agency's Annual Performance Report (DPR) and other significant accountability reports
  • Values and Ethics: the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies, and standards of ethical conduct.
  • Management Control Framework: the Agency's internal control arrangements, including the adequacy of management-led audits.

The committee is also responsible for preparing an Annual Report summarizing its activities including an assessment of the system of internal controls and significant concerns and recommendations related to risk management, controls, and accountability. It also provides an assessment of the capacity and performance of the internal audit function. The second annual report will be prepared in March 2010.

Office of Internal Audit and Evaluation (OIAE)

The organizational chart for the internal audit function in the Office is shown below. The function was reorganized and new positions added in 2009-2010 following analysis and recommendations presented to the audit committee and CEO in April 2009 and December 2009. Staffing of the revised function is not expected to be completed until May 2010.

The organizational chart for the internal audit function in the Office

Planned spending for 2010-2011 is shown in Table 2.

Table 2: Planned Internal Audit Spending for 2010-2011

  CAEE Office Internal Audit Total
FTEs 1 8 9
Salary 123,000 617,000 740,000
Benefits     148,000
Accommodations     96,200
Sub Total     984,200
O&M For Staff Support 5,000 80,000 85,000
O&M for Professional Services and Travel   320,000 320,000
Auditor Training and Certification Funds 2,500 30,000 32,500
Audit Committee Funds 30,000   30,000
Sub Total O&M 37,500 430,000 467,500
Grand Total 160,500 822,330 1,451,700
CAEE Office FTEs includes .5 of the FTE for the Chief Audit and Evaluation Executive and for the Executive Assistant. It includes the salary, and associated benefit/accommodations for the Executive Assistant position, as the salary for the CAEE is administered centrally for all executive level employees in the Agency. It also includes the estimated salary costs of the three independent audit committee members.

Figures presented above represent the available budgets including anticipated carry forwards and one time funding for work related to the Government's Economic Action Plan. Actual expenditures will differ depending on when staffing is complete and progress in particular projects. Given these resources, it was estimated that the OIAE would have the capacity to conduct approximately six to seven internal audit engagements (i.e., an average or typical engagement is 1,400 hours of effort). The actual number of audit projects undertaken in any one year may differ from these estimates to the extent that estimates of actual project hours differ from average project hours. Details of the calculations involved in these estimates are shown in Appendix 1, along with allocation of hours to non-risk based work including central agency directed audits, special projects and consulting, advice and coordination.

Professional Development: The TB Guidelines on Expected Qualifications for Chief Audit Executives suggest that Chief Audit Executives obtain a Certified Internal Auditor (CIA). Currently, the CAEE has completed 3 of the four required examines including the CGAP and the Head of Internal Audit obtained the CIA and CGAP designations in 2009-2010. The Office has made provisions in staff training plans to support certification for all interested internal audit staff.

4. The Audit Universe and Planning Considerations

The audit planning process begins with the development of a universe of all auditable entities in the organization. Parks' Canada audit universe developed for the 2007-2008 and 2008-2009 planning cycles is based on a modified version of the Treasury Board Management Accountability Framework (MAF). This universe differs from the TBS MAF in several respects. Table 3 shows the universe with links to OCG guide to auditors on core controls and to recent internal audits and relevant work by external assurance providers.

In 2008-2009 the Internal Audit Group began work on a revised and more elaborate audit universe based on specifying in detail sub elements within each MAF element and using existing documents and management input to develop brief descriptions of the key governance, risk management and control concerns within each sub-element. Due to turnover in staff during 2009-2010 this work is still ongoing and is not expected to be finished until March 2011.

Table 3: Past Coverage of Audit Universe by Internal Audit and Other Assurance Providers

MAF
Major Elements
Sub-Elements Core Management Controls Internal Audits January 2005
to March 2010
Work of External
Assurance Providers
Public Service Values Values Based Leadership, values and ethics are established, understood, communicated, effective and monitored PSV-1 to 5 Audit Of Values And Ethics Control Framework
(December 2009)
 
Governance and Strategic Direction Corporate Performance Framework (Consistency of strategic objective and PAA with mandate, clarity and measurability of outcomes, alignment of PAA with outcomes) G-3   OAG Annual Report on Sustainable Development Strategies
OAG Annual Review of Agency Performance Report
Effective Corporate Management Structures (e.g., Ex. Board, Finance and HR Committees, Min Roundtable, other governance mechanisms) G-1, 2, 5, 6    
Organizational Structure and Accountability, Authority, Responsibility - Clear, Communicated And Understood AC-1 to 3    
Management Planning And Public Consultation (Integration with corporate planning, enables effective allocation of resources, alignment of activities to outcomes, clarity of results and management of accountabilities) G-4, 5    
Business Planning: Integration with corporate and management planning, resource allocation to achieve results, clarity of results, adequate financial and non-financial information). G-4 Description of Planning and Budgeting Control Framework
(March 2009)
 
Collaborative Arrangements And Managing With Others (Engagement of Third Parties in Delivery of Mandate) AC-4    
  Analysis to support policy and program design: Quality, adequacy, soundness of analysis, resourcing, approach for monitoring PP-1 to 3    
Results and Performance Performance/results: at the organizational/program level tracked/monitored against expectations, reported, corrective action taken RP 1 to 3   OAG Annual Review of Performance Report
Learning, Innovation and Change Management Management of change, knowledge and talent management, developing employee skills and rewards and sanctions PPL-6, LICM-1-4    
Risk Management Risk Management Policies And Practices (Risk management process and risk mitigation strategies established, Informs the Corporate Plan, Formally Articulated) RM-1 to 8    
People Sustainable HR Policies And HR Planning, aligned, integrated with other planning PPL-1, 7   Independent Five Year Review of Consistency of HR Regime with HR Values and Principles
(March 2010)
Classification, Recruitment, Hiring and Promotion, Design and Fairness PPL-2, 3 Staffing Audit
(September 2007)
 
Occupational Health And Safety     OAG Chapter 3 Safety of Drinking Water: Federal Responsibilities
(February 2009)
Individual Performance Linked to business performance, assessment of individual performance, performance linked to staff evaluations PPL-5 RP-4    
Internal Communications PPL-8    
Official Languages (Internal And External Service Delivery)      
Labour Relations/ Conflict Resolution      
Stewardship Information Management And Privacy (Governance, management of information; Administration/ Compliance Privacy Act and ATIP)   Information Management Audit
(Feb 2010)
 
Systems under development ST-21 IT/IM Systems Description and Risk Assessment for Internal Audit
(March 2009)
 
Systems and information continuity ST-19  
System application controls/security ST-11  
New System Integration/ Connectivity    
Asset Management ST-8, 9 Audit of Fleet Vehicle/Vessel Management (December 2009)
2009-2010 Cycle of Audits of EAP Funded Construction Projects
Auditor General Audit of the Application of the Canadian Environmental Assessment Act
(Nov 2009)
Project Management  
Realty Services (Land Management)      
Security and Business Continuity      
Transfer Payments      
Pay And Benefits Administration   Pay & Benefits Audit
(August 2006)
Follow-up Audit
(March 2010)
 
Financial Planning and Budgeting (Budgets linked to objectives, clear process, timely allocation, challenge to assumptions, monitoring forecasts ST-1 to 4 32 Audits of Key Financial and Administrative Controls at Business Units Annual Auditor General Audit of Agency Financial Statements
Financial Management Policies (Established, communicated, compliance, monitored) ST-5, 6
Transaction Processing (Recording is accurate, timely, information is maintained, safeguarded, backed-up, adequate segregation of duties) ST-10, 12, 13
Monitoring (Verification of assets and records, analysis of variance, comparison of results achieved against expectations, reallocation of resources) ST-14, 16, 17, 20
Reporting (Financial information reviewed, approved, communicated internally and externally) ST-18, 20 Fire Management Emergency Funds
(March 2009)
Contract Management ST-22
Other Expenditures (Hospitality, Travel, Taxis, Vehicle Rentals, AMEX, Conferences, Memberships)  
Revenue From Fees i.e., entry, camping, recreational services   Audit of Revenue
(Entry and Campground Fees May 2009)
(Canal Fees, May 2010)
OAG Chapter 1 Audit of Managing User Fees in Government
(May 2008)
Other Revenue: Staff housing, Business Licenses, Other Rights and Privileges   Audit of Other Revenue
May 2010
 

Agency Renewal

In December 2007 the Agency began a project directed toward renewal of its programs in response to a number of external drivers for change (e.g., changing demographics, changing technology, , changes in leisure patterns , increased urbanization and increased national and international competition for tourist visits). Agency renewal is essential to ensure that Parks Canada continues to be relevant to Canadians and can effectively deliver its mandate into it's second century.

The foundation for the Agency Renewal was the development and communication, starting in January 2009, of a case for change and a new Vision Statement. The Agency is also renewing the Parks Canada brand designed to communicate the vision outside the Agency and increase the public's appreciation of the Agency and its programs. It includes definition of brand essence, positioning and a brand identity statement and associated implementation guidelines.

External Relations and Visitor Experience program realignment has been undertaken to equip field units with the support and capacity required to create enhanced relevance and connection to place among Canadians. This work included creation of separate visitor experience and external relations organizational structures and additional specialized capacity particularly in urban outreach, internet web content, and stakeholder and partner relations. Much of this work is targeted for completion by April 2010.

National Historic Sites program renewal has focused on developing a strategy that will make the Agency's national historic sites more known to, appreciated by and responsive to the needs of, and connected with Canadians. An initial situation analysis has been completed focusing on five key areas and an integrated renewal strategy has been developed.

In May, 2008 the Government of Canada announced improvements to law enforcement capabilities in Canada's National Parks and authorized PC to arm up to 100 law enforcement. The new program was developed and partially staffed to begin operating in 2009-2010. There is an approved RMAF with evaluation commitments for this program (see below).

At the same time, the Agency has development of a more coherent approach to prevention activities (i.e., preventing incidents before they occur and resolve incidents when they do occur safely and effectively). The approach is now embedded in the new Parks Canada Service Program (service standards and prevention guidelines). Prevention activities cut across the PAA structure of the Agency. This program was developed concurrently and in coordination with the new law program and has involved training over 100 trainers who subsequently trained over 3,500 front line employees prior to the 2009-2010 operating season.

Changes in law enforcement also led to undertaking renewal of the resource conservation function (i.e., accountability framework,, roles, responsibilities, accountabilities organizational models, work descriptions related to all aspect of natural resource conservation at the national office, service centre and field level).

In 2009-2010, the Agency also undertook a review and renewal of its top governance structures (i.e., the roles, responsibilities, and operating procedures of its executive committee and related sub-committees and support structures). As a result a new governance regime will be introduced starting in April 2010.

In some cases, these change priorities are well advanced (e.g., vision, brand, law enforcement) while in others the change effort is only beginning (e.g., renewal of the NHS program).

These initiatives and change efforts link to the audit universe in a number of ways including the general area of Governance, Learning, Innovation and Change Management, and several aspects of people management including human resources planning, classification, recruitment, hiring and promotion, occupational health and safety and internal communications. The OIAE has consulted with management on these initiatives and taken them into account in planning.

Agency's Corporate Risk Profile

In 2009-2010 the Agency updated its risk profile (see Appendix 3 for details). The four major risk areas were:

  • Competitive Position: Parks Canada's service and experience offer may be less attractive or of less interest to Canadians in comparison to other parks and cultural attractions and/or leisure activities.
  • Environmental Forces: Parks Canada may not be able to adapt effectively or quickly enough to environmental forces, such as climate change, biodiversity loss, and exotic/invasive species, which may hinder the Agency's ability to maintain or improve overall EI in national parks.
  • Delivery/Management of Infrastructure Projects: Failure to deliver and/or effectively manage infrastructure projects may weaken the credibility of Parks Canada within government and with the Canadian public.
  • Information Management: Failure to identify, capture, manage and report pertinent data and information may hinder the ability to effectively manage all program areas and meet legal requirements.

Some of these risk areas cut across many of the program activities (i.e., information management) while others relate to specific programs particularly the Conservation and Visitor Experience program activities.

OCG/TBS Directed Work

TB Internal Audit Policy provides for the Office of the Comptroller General to conduct horizontal audits of government activities. Internal audit groups are expected to provide support to these audits. In 2009-2010 the Agency was included in the scope of a horizontal audit on Corporate Risk Profiles which assessed the extent to which departments and agencies have effective processes in place to identify and prioritize the risks having the most impact on the achievement of their objectives and the extent to which risk profiles are linked with business plans and performance measures. Four areas of potential improvement in the risk assessment process were noted in the audit. The audit results and management action plan were presented to the audit committee in December 2009 and internal audit will continue to follow-up on management implementation of its action plan as with other audits. At this point, no additional OCG horizontal audit work for 2010-2011 has been identified.

Work of Other Assurance Providers

The CESD conducted an audit of application of the Canadian Environmental Assessment Act (November 2009) that was reviewed as part of our planning. The Agency was also included in the scope of a review conducted by the Office of the Procurement Ombudsman on processes for managing contract amendments in the Atlantic Region.

The Office of the Auditor General also conducts review level assurance work each year on the fairness and reliability of the performance information in the Agency's Annual Performance Report and audits the accrual financial statements that appear in the report. The OIAE has taken this assurance work into account in planning its priorities.

We also meet with the OAG principle for the Agency to discuss their plans, concerns and opportunities for collaborating or relying on each other's work.

Status of Projects in 2009-2010 Plan

Assurance Audits

The following planned assurance audits were completed in 2009-2010 including:

  • Audit of Information Management and Privacy
  • Follow up Audit of Pay and Benefit
  • Audits of Financial and Administrative Controls at three Business Units (i.e. ERVE, Quebec FU and Quebec Service Center)

Field Work and Reporting Writing on three Assurance Audits were completed but the final reports including management responses were not ready to table at audit committee by year end. These included the planned

  • Two Audits of Financial and Administrative Controls (Strategy & Plans and Jasper FU),
  • Audit of Revenue Management, which will result in two separate reports covering different types of revenue.

Reports are expected to be tabled in May 2010.

Two planned assurance audits were postponed. The Audit of Espace 400e was planned to address a TB requirement related to $24M in funding to support the Quebec 400th anniversary celebrations. A mid-term audit was approved in October 2007. The second required audit was planned for 2009-2010 but postponed due to approved changes in the end date of the project. The Audit of Business Continuity Planning in the Agency was postponed because management was about a year behind in implementing the framework that would form the audit criteria. These projects are rescheduled in the current plan.

EAP Related Projects

Two projects were planned related to new funding received under the Government's Economic Action Plan. The proposed assurance audit of the overall governance and process of investing funds was not completed due to shortage of staff and decisions to concentrate on other priorities. A program to review compliance with government and Agency policies related to life cycle management of individual construction projects supported by EAP funds was completed (i.e., covering nine locations and 16 projects with a total value of $42.5M budgeted expenditures). These reviews although carried out under audit standards did not result in audit reports but short management letters identifying areas of lack of compliance as a tool to help management focus on general issues and make course corrections as the investment program was developing. Common themes concerned the lack of documentation on file and communication and sharing with all relevant parties in a project. No critical issues in life cycle project management were noted resulting in a decision to scale back the planned audit activities with respect to construction project audits in 2010-2011.

Description and Survey Projects

Two descriptions and survey projects were planned in 2009-2010 but both were postponed due to staff departures and other considerations. The proposed description and survey of Sustainable HR Policies and HR Planning was postponed in part because the Agency undertook the legislatively required independent review of the consistency of its HR regime with its HR values and principles (i.e., required every five years). It was decided to await the results of this review due March 2010 prior to beginning our work. The proposed description and survey of Collaborative Arrangements and Managing with Others was postponed due to difficulties in obtaining a meaningful description of the universe of such arrangements (i.e., now in the process of being developed in the Agency).

Considerations Arising from TB Submissions, RBAFs and Budget 2009

Other than the commitment to audit the use of funds for the Quebec 400th anniversary reviewed above, the major existing commitments relate to auditing use of funds to complete the twining the TransCanada highway and to audit aspects of the new law enforcement program.

As indicated in the previous audit plan, the Agency received $150M in Budget 2009 for investment in its visitor and heritage infrastructure as well as funding for the TCH twinning ($130M). A small portion of the funds ($8M) is being used to support investments in built cultural heritage owned by others under the NHS Cost-Share Program. In January, 2010 the Agency received an additional $66.8 M for similar types of construction projects related to Heritage Resources Conservation ($23.9M), Visitor Experience ($30.9M) and Townsite & Throughway Infrastructure ($12M). EAP related audit work is included in the current plan.

There are also some general commitments in several RBAFs or Treasury Board decisions to conduct audit work as and when viewed as necessary in the risk based audit planning process. Examples include a general commitment to consider recipient based audits as part of the approved RBAF for Advancing Conservation Interests in the Northwest Territories; a general commitment to consider audits of either the program framework or individual projects in the approved funding for assessing contaminated sites; and a general commitment to do risk based audits of the contributions under the Agency's General Class Contribution Program Authority.

Follow–up Audits

In some cases, specific follow-up audits of particular business units or topics are scheduled following the approval of the original audit and management responses. Based on the results of the original audit of pay and benefits and the follow-up conducted in 2009-2010 it is proposed that this topic become a recurring audit on a three year cycle. Following, the tabling of the audit of staffing on March 31st 2008, it would agreed to incorporate audits of staffing into a cycle of business unit level audits of HR processes similar to our cycle of audits of basic financial and administrative control audits, rather than conduct a national follow-up audit.

Risk Assessment and Consultations with Management/Audit Committee

As noted, the function has not been able to update and risk rank a more comprehensive and fine grained audit universe than we have used in the past. We also did not repeat the previous risk ranking approaches used in 2006-2007 and 2007-2008. Instead, we have based our updated understanding of risks based on discussions with management. Within the Agency we held discussions with management in the Strategy and Plan and Infrastructure and Real Property Directorates which provide the oversight functions for most corporate functions of interest to audit (e.g., planning, performance reporting, finance, IT, IM, asset and land management). The function has previously developed a separate risk assessment for IT/IS (2008) including risks associated with particular information systems and used this in audit planning. The audit committee was also consulted on their interests and concerns in preparing the audit plan.

5. Planned Projects

Table 4 shows the modified MAF universe, the OCG draft list of core controls and, the proposed areas for audit assurance work (i.e., highlighted in green) and for descriptions and surveys that serve as background for planning audits (i.e., in yellow) for the next three fiscal years. Table 5 provides more details on planned projects for 2010-2011.

Extent and Limitations of Coverage

Proposed internal audit coverage of the elements of the MAF universe is sufficient to cover several areas of higher risk identified based on various inputs as well as providing some, but not complete coverage, of the draft list of core management controls identified by the Office of the Comptroller General.

For the 2010-2011 fiscal year assurance work will continue to focus on audits related to basic financial and administrative controls as well as a new cycle of audits examining basic human resources processes and controls at the business unit level. Work will also include audits related to the new law enforcement program (i.e., a TB requirement) a continuation of national audits focusing on management of different types of revenue, an audit of particular high risk information systems (e.g., Geographical Information System) and work related to Economic Action Plan funded projects in the Agency including funds supporting one contribution program.

Years two and three of the planning period show the continuation of the financial and human resources audit cycles, specify high risk information systems for audit, as well as projects to complete the revenue management audit cycle and on security and business continuity planning that was postponed from the 2009-2010 audit plan. Not all audit resources for years two and three of the plan have been committed pending completion of a new audit universe and formal risk rating of elements of the new universe.

Table 4: Audit Universe and Scheduled Audit Projects for 2010-2011 to 2012-2013

Rated Elements Core Controls 2010-2011 2011-2012 2012-2013
Values and Ethics Values Based Leadership PSV-1 to 5      
Governance Corporate Performance Framework G-3      
Effective Corporate Management Structures G-1, 2, 5, 6      
Organizational Structure and Accountability, AC-1 to 3      
Management Planning and Public Consultation G-4, 5      
Business Planning G-4      
Collaborative Arrangements and Managing With Others AC-4   Description
& Survey
 
Policies and Programs Analysis to support policy and program design PP-1 to 3      
Performance and Results Performance/ results RP 1 to 3 Law Enforcement Program    
Management of Change Management of change, knowledge and talent management PPL-6, LICM-1-4      
Risk Management Risk Management Policies and Practices RM-1 to 8      
People Sustainable HR Policies and HR Planning PPL-1, 7   Description
& Survey
 
Classification, Recruitment, Hiring and Promotion PPL-2, 3 HR Cycle
  • Nfld West & Labrador
  • Eastern Ontario
  • Coastal BC
  • Southwest NWT
HR Cycle
  • Nfld Est
  • Central Ontario
  • Gwaii Hsanas
  • Saskat–
    chewan S.
  • Hot Springs Ent.
HR Cycle
  • Cape Breton
  • New Brunswick North
  • Gaspesie
  • Ontario SC
  • Office of DG Eastern Canada
Internal Communication PPL-8
Individual Performance PPL-5 RP-4
Official Languages (Internal And External Service Delivery)  
Occupational Health and Safety        
Labour Relations/ Conflict Resolution        
Stewardship Information Management and Privacy        
Systems under development ST-21      
Systems and information continuity ST-19 GIS (Geographical Information System Cultural Resources and Artifacts Information  
System application controls/ security ST-11 POS / Campground Reservation System
New System Integration/ Connectivity      
Asset Management ST-8, 9 Audits of EAP Funded Projects    
Project Management   Quebec 400th anniversary
Twinning TransCanada Highway
NHS Cost Sharing Program (Contribution)
   
Realty Services (Land Management)        
Security and Business Continuity     Audit  
Transfer Payments        
Pay and Benefits Administration   See HR Cycle See HR Cycle See HR Cycle
Financial Planning and Budgeting ST-1 to 4 Financial and Administrative Control Audits
  • PEI
  • Northern Ontatio
  • Western Arctic
  • Waterton Lakes
  • Atlantic SC
  • CEO's Office
Financial and Administrative Control Audits
  • NHS Directorate
  • KYLL
  • Riding Mountain
  • Yukon
  • Southwest Ontario
  • Saguenay-St-Laurent
Financial and Administrative Control Audits
  •  New Brunswick South
  • Western Quebec
  • Nunavut
  • Manitoba
  • Banff
  • Human Resources Directorate
Financial Management Policies ST-5, 6
Transaction Processing ST-10, 12, 13
Financial Monitoring ST-14, 16-17, 20
Financial Reporting ST-18, 20
Contract Management ST-22
Other Expenditures (Hospitality, Travel, Taxis, Vehicle Rentals, AMEX, Conferences, Memberships)  
Fees i.e., entry, camping, backcountry use and camping        
Other Revenue (recreation fees, rights & privileges, licence fees)        
Other Revenue (rentals and concessions) Audit  
Other Revenue (Townsites)     Audit  

Table 5: Internal Audit Project Scheduling for 2010-2011

Projects Planned or Actual Dates Resources
Required*
2008-2009
Topic Type Descrip-
tion
Carry
For- ward from
2009-
2010
Start
Date
Comple-
tion of the field- work
Com-
ple-
tion of
Re-
port
Tabling at Audit Com-
mit- tee
App-
roxi-
mate hours
O&M
Core Controls Financial
and Adminis-trative Controls
Assu-
rance
Audits related to the manage-
ment control frame-
work, contrac-
ting, Wireless Devices usage, account payable, hospi-
tality, and inventory.
             
Prince Edward Island N June 10 Sept 10 Oct 10 Dec 10 700 $5K
Northern Ontario N Apr 10 July 10 Aug 10 Sept 10 700 $5K
Western Arctic (NWT) N June 10 Sept 10 Oct 10 Dec 10 700 $5K
Waterton Lakes N June 10 Sept 10 Oct 10 Dec 10 700 $5K
Atlantic Service Centre N Sept 10 Dec 10 Jan 11 March 11 700 $5K
CEO's office N Sept 10 Dec 10 Jan 11 March 11 700 $30K
Human Resour-
ces Controls
Assu-
rance
Audit related to staff housing, staffing actions, relocation, additions to the basic pay.   Schedule will be determined when the design of the programs will be done. Prog-
rams
$25K
New-
found-
land West & Labra-
dor
N 700 $5K
Eastern Ontario N 700 $2K
Coastal BC N 700 $5K
South-
west NWT
N 700 $5K
TB Require-
ment
Law Enforce-
ment
Assu-
rance
Assess the efficiency and effective-
ness of the Agency's Law Enforce-
ment program. This work is a require-
ment of the TB-
Submi-
ssion's RBAF/ RMAF.
N July 10 Dec 10 Feb 11 March 11 1400 $70K
Espace 400e Assu-
rance
Parks Canada received $24 millions to comme-
morate the 400th Anniver-
sary of Québec City. The project included the creation of a new compo-
nent of Parks' network of discovery centres. The TB Submi-
ssion requires that an audit be conducted at the end of the project to ensure proper usage of the money.
Y Apr 10 June 10 Aug 10 Sept 10 700 $2K
Risk Based Econo-
mic Action Plan
Assu-
rance
(Finan-
cial Compli-
ance)
Audit construc-
tion projects selected from the universe to assess the compli-
ance in regards to the contract awarding and project manage-
ment processes (i.e., will include audit work already required in a TB submi-
ssion related to Twining the TCH)
N Continuous Audit process until March 31st 2011 460 $62.5K
National Historic Site Cost Sharing Program Assu-
rance
Audit of cost sharing program allocation of funds for projects selected from the universe to assess the compli-
ance in regards to the standards for funds allocation and project manage-
ment monito-
ring.
N June 10 Sept 10 Oct 10 Dec 10 700  
Revenue Manage-
ment
Assu-
rance
(Phase 3 Rentals and Conce-ssions)
Based on its findings of previous field unit level finance and adminis-
trative audits it is proposed to conduct a national level audit of revenue manage-
ment focusing on risks related to cash manage-
ment and segre-
gation of duties to ensure the complete-
ness and accuracy of data.
N June 10 Nov 10 Feb 10 May 11 1200 (200 hours accoun-
ted in 2011-
2012)
$20K
IT System Audit Assu-
rance
Audit of the Geographical Information Systems. This system were identify as medium-high risk in the 2008 assessment of the IM/IT universe. N May 10 Sept 10 Dec 10 March 11 1400 $100K
                Totals 13 060 $351.5K
* Approximate hours reflect required effort within the fiscal year. Projects that extend beyond a fiscal year will require more effort than shown in the table. Staff or consultants may perform the work. O&M required includes costs of professional services and/or costs of staff travel

Consulting
Point of Sale and Campground Reservation System   Provide consulting services to management regarding the acquisition of these 2 systems (controls, integrity of data). Continuous consulting process until March 31st 2011 200  

Appendices

1. Assumptions in the Calculation Of Audit Capacity
2. Parks Canada Corporate Risk Profile

1. Assumptions in the Calculation Of Audit Capacity


  1. Hours Available for Work Per FTE Hours Available
    52 week/year * 5day week *7.5 hour/days 1950.0
    Average days holiday (20 days) -150.0
    Average days sick (5 days) - 37.5
    Average days training (5 days) - 37.5
    Total Work Time Available 1725.0*
    * Equivalent to 230 working days

  2. Hours Available for Audit Work: On average it is assumed that one hour per working day is allocated to breaks (i.e., 230 hours per auditor), leaving 1,495 hours of actual working time. It is further assumed that approximately 30% of the actual working time per auditor (i.e., 449 hours per year) is allocated to unit administration, including planning, meetings, supporting internal systems, support to the audit committee, human resources issues, follow-up on the status of previous audit recommendations, etc. The remaining time is allocated to audit work in point c, and to risk based audit work.

  3. Types of Audit Work: Available work hours are allocated to the following tasks:

    OCG Directed Audit Requirements
    • The Comptroller General requires up to 20% of internal audit resources be available to participate in government wide horizontal audits each year. These audits are based on government-wide risk analysis and may not be risk-based audit priorities for the Agency.
    • This category does not include audit work required as part of TB submissions or RMAF/RBAF commitments, which is treated as part of the risk-based project work.

    Special Requests
    • Periodic special requests by management outside the approved audit plan are typical. Examples include audits related to potential fraud or wrongdoing.

    Consulting/Advice/Coordination
    • Consulting and providing advice related to audit, controls are a normal part of the activities of the OIAE. Frequently, the OIAE has also taken a lead role in coordinating the work related to Auditor General's performance audits and follow-ups.

  4. O&M Dollars Available for Contracting: Additional capacity can be purchased from contracted professionals based on available O&M budgets. An average per diem of $1,200 per day or $160 per hour is used for this calculation. For 2010-2011, the O&M budget for professional services and travel is estimated to be $320K.

  5. The resource consumption of the average audit project: The average number of hours consumed by an audit project is affected by many factors, including its scope and complexity as well as the skills of the personnel performing the work. Based on a review of prior experience with contracted projects and estimates of internal staff time devoted to projects typical values of 1,200 hours per internal audit project were identified. We have adjusted this to 1,400 hours for this planning period in anticipated inefficiencies due to new staff being hired some at more junior levels than staff in the past.

A significant exception to this general project average is Parks Canada's cycle of standardized financial and administrative audits where each audit involves from 250 to 450 hours depending on whether new areas are being audited necessitating development of new audit programs. Therefore, between 3 and 6 of these audits are equivalent to one typical internal audit as defined above. We expect similar time frames in conducting the new cycle of business unit human resource control audits.

A) Resources CAEE Office Internal Audit Total
FTEs 1 8 9
Hours Available for Work (Less vacation, sick and training days, and 1 hour per working day for breaks leaving 1,495 hours per FTE) 1,495 11,960 13,455
Professional Service Hours Purchased (O&M for professional Services/$160 per hour/$275K budget)   1,719 1,719
Total Hours Available 1,495 13,679 15,174
B) Demands      
Administration i.e., (75% of CAEE, 100% of Admin. Assistant and 25% of other staff hours are allocated for activities such as planning, meetings, work on internal systems, support to the audit committee, human resources, quality control, follow-up on previous recommendations, etc.). -1,346 -2,990 -4,336
OCG Directed Audits (10% of one FTE) -10 -150 -160
 Special Requests (.25% of one FTE) -15 -374 -389
Consulting/Advice/Coordination (40% of one FTE) -125 -598 -723
Residual Hours for Risk Based Projects -1 9,567 9,566
C) Project Capacity      
Number of Typical Projects (1,400 hours per project)     6.8

2. Parks Canada Corporate Risk Profile

Risk Category and Label Description Relevant PAs Mitigation OIAE Work
Competitive Position Parks Canada's service and experience offer may be less attractive or of less interest to Canadians in comparison to other parks and cultural attractions and/or leisure activities. 4    
Environmental Forces Parks Canada may not be able to adapt effectively or quickly enough to environmental forces, such as climate change, biodiversity loss, and exotic/invasive species, which may hinder the Agency's ability to maintain or improve overall EI in national parks. 1, 2 and 4    
Delivery/Management Of Infrastructure Projects Failure to deliver and/or effectively manage infrastructure projects may weaken the credibility of Parks Canada within government and with the Canadian public. 2, 4    
Information Management Failure to identify, capture, manage and report pertinent data and information may hinder the ability to effectively manage all program areas and meet legal requirements. 1-5 and ISD Records Disposition Authority; Enterprise Information Committee; Information Management and ATIP and Privacy Awareness training, Phase 1. Audit of Information Management
Recruitment And Retention Failure to recruit and retain qualified employees may lead to challenges in delivery of all programs and support functions. 1-5 and ISD    
Public Support Support from local communities, stakeholders, NGOs, and the Canadian public may not exist or be insufficient to advance Parks Canada's programs 1-5    
Aboriginal Support Support from Aboriginal peoples may diminish and become insufficient to advance Parks Canada's programs 1-5    
Adoption Of Technology Use of information technology in Parks Canada's service offer may not meet employee, visitor and outreach expectations. 2-4    
Inter-Governmental Collaboration Collaboration with other federal departments, provinces, territories, and municipalities may be insufficient to advance Parks Canada's programs. 1-5    
Development Pressures Development pressures may limit opportunities for NP/NMCA establishment, NHS commemoration, maintenance of EI and CI, and development of connection to place. 1, 2, 4    
Partner Capacity Parks Canada's partners may not have capacity to assist in protection, presentation and promotion of Parks Canada administered places.      
Disasters Disasters may impair or destroy critical infrastructure and/or assets of national historic significance, or lead to serious injury or loss of life. 1, 2, 4 and 5   Audit Business Continuity Planning
PA-1: Heritage Places Establishment, PA-2: Heritage Resources Conservation, PA-3: Public Appreciation and Understanding, PA-4: Visitor Experience, PA-5: Town-Site and Throughway Infrastructure, ISD: Internal Service Delivery

[1] The terms of reference for the committee were updated in December 2009 to make it consistent with changes to the TB Policy on Internal Audit, which came into effect July 1, 2009.