Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Parks Canada 2011-2012 Internal Audit Plan

Parks Canada Multi-Year Internal Audit Plan 2011-12 to 2013-14

Parks Canada Multi-Year Evaluation Plan 2011-2012 to 2013-2014

June 21, 2011

Recommended for Approval by Parks Canada Audit Committee: June 21, 2011
Date approved by CEO: July 6, 2011

Office of Internal Audit and Evaluation
Parks Canada

Table of Contents

Executive Summary

1. Introduction

2. Parks Canada Agency

3. Internal Audit Function

3.1 Applicable Policies and Professional Standards
3.2 Mission and Services Offered
3.3 Follow-up on Management Responses
3.4 Governance
3.5 Organizational Structure and Budget

4. Audit Planning Methodology

4.1 Identification of the Audit Universe
4.2 Describing Audit Entities and Documenting Risk Exposure
4.3 Prioritization of Audit Entities
4.4 Other Factors In Audit Planning

5. Planned Projects for Next Three Years

Appendix A. Capacity of Internal Audit Function

Appendix B. Corporate Risk Profile

Appendix C. Risk Taxonomy

Appendix D. Priority Ratings of the Audit Universe

Printable Version (PDF, 791 Kb)


Note: To read the PDF version you need Adobe Acrobat Reader on your system.

If the Adobe download site is not accessible to you, you can download Acrobat Reader from an accessible page.

If you choose not to use Acrobat Reader you can have the PDF file converted to HTML or ASCII text by using one of the conversion services offered by Adobe.



Executive Summary

The Parks Canada Internal Audit plan outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit projects for the next three years.

The plan is based on a revised audit universe structured around the Agency’s Program Activity Architecture. For this round of planning 30 auditable entities were identified and rated for significance (i.e., importance, reach, and materiality), public visibility and risk exposure. Ratings on these three dimensions are combined to create the overall audit priority rating for the entity. Other planning considerations include external commitments to conduct an audit (i.e., typically in the context of special funding approved by TB for new programs or initiatives), recent or planned activities by other assurance providers, management priorities and audit committee recommendations and availability of audit resources and the carry forward of unfinished audit projects from previous years. Other planning considerations may result in situations where an entity otherwise deemed a low audit priority will be subject to an audit (e.g., if there is a TB requirement) or an entity rated as a high audit priority will not require an audit (e.g., if other assurance providers are conducting relevant work).

For this planning cycle, seven audit entities were rated as high audit priorities, 13 were rated as moderate audit priorities and the remaining ten were low audit priorities. Over the course of the three year plan, audits are scheduled for all of entities with a high audit priority rating and for ten of the entities receiving a moderate priority rating.

For 2011-2012 six audits are carried forward from the previous year and four new audits are planned. For following year eight audits are planned and with an addition six for the final year of the plan.

1. Introduction

The TB Policy on Internal Audit requires that the Chief Audit Executive (CAE) establish a multi-year audit plan based on an annual assessment of the significance and risk exposure of audit entities and appropriately addresses areas of higher risk and significance within the planning period.

The 2011-2012 Parks Canada Internal Audit plan outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit projects for the next three years.

2. Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

“Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations.”

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

National parks and national historic sites are organized into thirty-three geographically based field-units. About 80% of Parks Canada’s work force is based in the field where most of its program expenditures take place. The work of field units is supported by Service Centres located in Halifax, Quebec City, Cornwall/Ottawa and Winnipeg (with small branch offices in Calgary and Vancouver). The Service Centres comprise about 10% of the work force and provide technical and professional services to field units (e.g., science, research, design services). National Office, with less than 10% of the employee base, consists of five directorates (National Parks, National Historic Sites, Strategy and Plans, Human Resources and External Relations and Visitor Experience) who provide legislative, operational policy, planning, program direction, financial management, and human resources functions and services.

3. Internal Audit Function

3.1 Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2009), and associated directives, standards and guidelines. In 2008-2009 a new charter for the function was approved consistent with the policy and directions of the government.

3.2 Mission and Services Offered

The mandate of the function is to:

Provide independent and objective assurance and consulting services designed to add value and improve the Agency’s operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices.

In this context the function provides the CEO and audit committee with assurance that:

  • Risks are appropriately identified and managed
  • Governance arrangements are in place to support strategic direction, monitoring and accountability
  • Significant financial, managerial and operating information is accurate, reliable and timely
  • Activities and actions are in compliance with applicable laws, regulations policies, standards, and procedures
  • Resources are acquired economically, used efficiently and adequately protected
  • Programs, plans and objectives are achieved
  • Quality and continuous improvement are fostered in the Agency’s control processes
  • Significant legislative or regulatory issues impacting the Agency are recognized and addressed properly.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization’s risks are managed effectively, that its’ goals and objectives will be achieved efficiently and economically and that rules, regulations and policies are followed;
  • Investigations of possible fraud or wrong doing;
  • Consulting and advice related to development of policies and management controls.

3.3 Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation six months after the final approval of the audit reports by the Chief Executive Officer. Managers are requested, by e-mail from the CEO, to complete a template that provides a status report on outstanding recommendations in their area of responsibility. The template is returned to the Chief Audit and Evaluation Executive, and is tabled and discussed at the Agency’s audit committee.

3.4 Governance

The CAE reports directly and exclusively to the Chief Executive Office (i.e., deputy head) of the Agency. Consistent with TB Policy on Internal Audit, oversight of the function is provided by an independent audit committee composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[1] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal audit function and products
  • External audit and review
  • Financial statements and public accounts reporting
  • Risk management
  • Agency accountability reporting
  • Values and ethics
  • Management control framework

The committee is also responsible for preparing an Annual Report summarizing its activities including an assessment of the system of internal controls and significant concerns and recommendations related to risk management, controls, and accountability. It also provides an assessment of the capacity and performance of the internal audit function.

3.5 Organizational Structure and Budget

The organizational chart for the internal audit function is shown below.

Organizational chart for the internal audit function

The table below shows the budget for the function for 2011-2012. Given a completely staffed function, it is estimated that the OIAE would have the capacity to conduct approximately 7 audits (i.e., an average or typical project is 1200 hours). The actual number of projects undertaken in any one year may differ from this estimate to the extent that actual project hours differ from average project hours. Details of the calculations involved in the estimate are shown in Appendix A.

  CAEE Office** Audit Total
Salaries* 26,000 537,000 565,000
O&M Staff Support 6,000 100,000 106,000
O&M Professional Services and Travel   307,000 307,000
Total 32,000 944,000  
* Does not include benefits and accommodations costs (i.e., about 33% of the salary budget)
** CAEE Office includes .5 of the FTE for the Chief Audit and Evaluation Executive and for the Executive Assistant. It only includes the salary for the Executive Assistant position, as the salary for the CAEE is administered centrally for all executive level employees in the Agency.
It does not include the budget to support the independent audit committee (i.e., $135K).

4. Audit Planning Methodology

Audit planning begins with the identification of all the auditable entities within an organization, collectively referred to as the audit universe. For the last several years, the basis of the audit universe was a modified version of the TBS Management Accountability Framework (MAF). As early as 2008-2009 several limitations with the completeness of the universe and nature and extent of information available for audit planning were identified and work began to update both the universe and the ratings of entities within it. Due to staff departures and other work pressures a revised universe and priority ratings were not available until this planning cycle.

4.1 Identification of the Audit Universe

The audit universe defines the potential scope of IA activity and is comprised of individual “auditable entities” that may be subjected to IA activity. To ensure alignment between the focus of the OIAE and the Agency’s structure and programs, the Program Activity Architecture (PAA), including importantly the internal service aspects of the PAA, was used as the basis of revised audit universe.

As a starting point entities with the universe where defined as the sub-activities and sub-sub-activities of the PAA, with some adjustments and modifications to amalgamated sub-activities where it makes sense and to add a few programs[2] where there are existing audit commitments that are not part of the PAA structure.

4.2 Describing Audit Entities and Documenting Risk Exposure

The second phase of planning consisted of documenting the nature and scope of each audit entity and assembling information for prioritizing the entities. Priority ratings were based on three dimensions adapted from the OCG Practice Guidebook --- Internal Audit Planning for Departments and Agencies (2006).

  • Significance reflects the overall importance of the entity to Agency, the scope of its reach, the dollar value (materiality) associated with it and/or impact of the entity on stakeholders.
  • Public Visibility reflects the extent and entity is routinely subject to scrutiny by the general public, stakeholder groups and the media.
  • Risk Exposure takes account of the number, nature and types of risk to which an entity is exposed and the severity and breath of possible consequences

Sources of information for both describing and prioritizing entities included:

  • The Agency’s PAA descriptions and Chart of Accounts
  • Corporate Plans and reports and the Agency Corporate risk profile
  • Descriptions on the programs and activities on the Agency Intranet and Internet, and from entity specific plans and reports
  • Past audit and evaluation frameworks and reports
  • Audits and reviews by external assurance providers (i.e., OAG, OCG)
  • Interviews and discussions with management

In assessing risk exposure for each entity we used a modified version of the Agency’s Corporate Risk Profile and additional risk factors and domains identified in the OCG Practice Guidebook - Internal Audit Planning for Departments and Agencies (i.e., see Appendix B for risk taxonomy). Descriptions of the entities and the completeness and relevance of the information gathered for assessing significance and risk exposure were validated with management responsible for the entity.[3]

4.3 Prioritization of Audit Entities

Prioritization consists of assigning a significance, public visibility and risk exposure score to each entity (i.e., each with a five point scale ranging from 1 very low significance, visibility or exposure to 5 very high significance, visibility or exposure), and then combining the scores (i.e., weighted 30% for significance, 20% for visibility and 50% for risk exposure) to create a final priority score for each entity.

Preliminary ratings of the entities on these dimensions were made by a group of 11 managers (i.e., Director, DG and ADM equivalent) in February 2011. The overall ratings were then reviewed and validated by the group, and subsequently discussed and validated with the executive management committee and the audit committee.

Based on average ratings each entity was classified as very high, high, moderate or low priority for audit based on the following score ranges. In practice, none of the entities were rated as a very high priority.

Level Range Description
Very High 4.26 – 5.00 Entities considered to be highly important from an audit standpoint and should be subject to internal audit activity. Where possible, audits of these priorities should be conducted early in the planning cycle to permit the generation of assurance in a timely fashion.
High 3.51. – 4.25 Entities considered as an important audit priority and should be audited in the planning cycle, but not necessarily in the first year of the plan.
Moderate 2.51 – 3.50 Audit resources may be expended; however these areas are only of moderate audit priority during this planning cycle.
Low 0.00 – 2.50 Little to no justification for audit resources to be expended in these areas during this planning cycle.

4.4 Other Factors In Audit Planning

Aggregate priority ratings of the elements of the audit universe are not the only factor in determining whether and when to conduct a specific audit engagement. Additional factors include:

  • External commitments to conduct an audit (i.e., typically in the context of special funding approved by TB for new programs or initiatives). A TB commitment to conduct an audit typically takes precedent over other factors which may result in an audit of an otherwise low priority entity being included in the plan.
  • Other review activity including past or planned coverage by the OAG/CESD and other Agents of Parliament, the OCG, and program evaluation within the Agency. Coverage of an entity by other assurance providers may mean that an audit of an otherwise high priority entity is not required or can be delayed until later in the cycle.
  • Management priorities and audit committee recommendations
  • Availability of audit resources (i.e., human resources and O&M funds) which impacts on the amount of audit work that can be undertaken in any one year. Audit capacity in any one year to undertake new projects is also limited by the carry forward of project work from the previous year. In 2011-2012 six audit projects are being carried forward from the previous plan as shown below.
Audit of Planned Tabling Date Stage of Project
As of March 31, 2011
Audit of Law Enforcement Program - Arming Initiative September 2011 Starting Field Work
National Historic Site Cost Sharing Program June 2011 Drafting Report
HR Coastal BC September 2011 Drafting Report
South Western Ontario Financial and Administrative key processes September 2011 Drafting Report
Revenue Management (Rentals and Concessions) September 2011 Drafting Report
Geographical Information Systems (GIS). May 2012 Awarding Contract

5. Planned Projects for Next Three Years

Based on the preceding factors a short-list of audit projects to be conducted during the coming three-year planning horizon was identified. The table below provides a summary overview of the planned projects against the elements of the universe. This is sfollowed by more detailed descriptions and costing of each project for each of the next three years. Appendix D shows the elements of the universe ordered from highest to lowest priority rating, documents past coverage of the entities either through audit or evaluation and provides notes on how the final universe and ratings were adjusted from the universe rated by management in February 2011.

Summary Audit Plan By Program Activity Architecture
PA Entity Audit
Priority
2011-2012 2012-2013 2013-2014
Establishment of Heritage Places National Park Establishment and Expansion Moderate      
National Marine Conservation Area Establishment Low      
National Historic Site Designations Low      
Other Heritage Places Designations Low      
Heritage Resource Conservation National Parks Conservation Moderate 1. Audit of Law Enforcement Program - Arming Initiative   1. Audit Of The Management Of Long Arms
Species at Risk Low      
National Marine Conservation Areas Sustainability Low      
National Historic Sites Conservation Low      
Other Heritage Places Conservation Low      
National Historic Sites Cost-Sharing Moderate 2. Audit Of The Management Of The Cost-Sharing Contribution Program    
Public Appreciation and Understanding Public Outreach Education and External Communications Moderate   1. Audit Of Agency Branding And Corporate Identity Program  
Stakeholder and Partner Engagement Moderate   2. Audit Of MCF For Stakeholder And Partner Engagement  
Visitor Experience Market Research and Promotion Moderate      
Interpretation Low      
Visitor Service Offer Moderate      
Visitor Safety High     2. Audit Of Visitor Safety Program
Townsite and Throughway Management Townsite Management Moderate      
Through Highway Management High 7. Audit Of The Twinning Of The TCH    
Through Waterway Management High 8. Audit Of The Management Of Dam Safety    
Internal Services Governance and Management Support
Management and Oversight Moderate      
Internal Communication Moderate     3. Audit Of Internal Communications
Legal Low      
Resource Management Services
Human Resources Management Moderate 3. HR Process In Coastal BC 3. Audit of Information in PeopleSoft Supporting Centralized Pay 4. Audit Of Official Languages
Financial Management High 4. F&A Audit Of South Western Ontario

5. Audit Of Management Of Revenue From Rentals And Concessions

9. Audit Of Financial Management Framework
4. Audit Of Revenue -Canals 5. Audit Of Compliance With Policy On Internal Controls
Information Management High   5. Audit Of MCF For IM  
Information Technology High 6. Audit Of Geographic Information Systems Management 6. Audit Of Acceptable Use Of Electronic Network 6. Audit Of IT Investments
Other Administrative Services (security, business continuity). Moderate   7. Audit Of Business Continuity And Emergency Preparedness  
Asset Management Services
Real Property High   8. Audit Of Management Of Staff Housing  
Material Low      
Acquisition Moderate 10. Audit Of Acquisition Process    

Year 1: 2011-2012 PROJECTS AND RESOURCES

Section A: Carry Forward from Previous Year

Project Objectives and Scope Rational
1. Audit of Law Enforcement Program - Arming Initiative Moderate
Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Governance and strategic directions
  • Public service values
  • People
  • Risk management
  • Stewardship
The objective of this audit is to provide assurance that management and use of sidearms in the context of the law enforcement program is consistent with federal authorities, including the Criminal Code and Canadian Firearms Act, and to determine:
  • the adequacy of the management control framework associated with the arming program and procedures for the implementation of the program; and
  • the extent by which practices are in compliance with Services Delivery Agreements and Memoranda of Understanding established by / for Law Enforcement and
  • the extent by which practices are in compliance with the Agency’s Law Enforcement Program policies and procedures.
In May 2008, Canada’s Environment Minister announced that Government of Canada would authorize the Agency to create up to 100 armed enforcement positions. Subsequently, a new Law Enforcement Branch was created with a national director reporting directly to the Director General, National Parks. As of March 2011, 82 law enforcement officers have been hired.

Parks Canada is conducting the audit of Law Enforcement Program as required by the Treasury Board submission.
The project is expected to be completed in August 2011, and tabled at the audit committee in September 2011.

Planned expenditures in 2011-2012 are approximately $26K
2. Audit of the Management of the Cost-Sharing Contribution Program Moderate
Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Policy and programs
  • Results and performance
The objective of this audit is to confirm due diligence in the management of the program and that controls are adequate to achieve objectives.

The audit involves all aspects of the program including the application review, substance of contribution agreements, payment requirements, and submission of reports by the recipient, project completion and file closure.
The National Historic Sites Cost-Sharing Contribution Program is directed to historic sites non-federally owned or that are not administered by it. Through contribution agreements the program shares the costs to maintain or restore the physical health or integrity of site, and/or to present the importance of the site and its role in Canadian history. The typical contribution budget of the program is approximately $2.6M annually. However, an additional $8 million was provided through Canada’s Economic Action Plan for fiscal years 2009-2010 and 2010-2011. This temporary increase in funding and the need to ensure timely allocation and due diligence of funds have led management to make a decision to audit what would normally be a low audit priority entity. The project is expected to be completed by May 2011, and tabled at Audit committee in June 2011.

Planned expenditures in 2011-2011 are approximately $5 K
3. Audit of Human Resources at Coastal BC Field Unit Moderate Audit Priority Maps to Corporate Risks: Maps to MAF:
  • People
  • Policy and programs
  • Stewardship
  • Results and performance
  • Risk management
The objectives of this audit are to provide assurance to senior management that the management control framework in place is effective to ensure that HR actions and decisions are in compliance with existing human resources policies.

The scope of the audit involves staffing actions, staff housing, relocation, commuting assistance, and bonuses like isolated posts, bilingual, and acting pay.
Parks’ Internal Audit function conducted two horizontal audits related to human resources practices; namely: a Staffing Audit in 2006 and a Pay & Benefits Audit in 2009. Results from both audits led senior management to request that a human resource audit cycle similar to the existing financial and administrative audit cycle be developed.

Coastal BC field unit was selected as the test site to validate the audit program and assess the feasibility of undertaking other business unit based HR audit.

The audit is expected to be completed by June 2011, and the report to be tabled at the Audit Committee in September 2011.

Planned expenditures in 2011-2012 are approximately $10 K
4. Audit of Key Financial and Administrative Processes at South Western Ontario Field Unit High Audit Priority Maps to Corporate Risks Maps to MAF:
  • Stewardship
  • Results and performance
The objectives of this audit were to confirm whether due diligence is exercised in key management processes within the field unit and to provide assurance to senior management that processes and controls in place are adequate to ensure compliance with TBS and PCA policies and practices.

The audit comprised the review of the management control framework (MCF) as applied to financial management and the review of key financial processes.
The Agency has conducted a cycle of audits of key financial, administrative and management practices at the business unit level. The audit of this business unit followed the decision in April 2010 to divide the South Western Ontario field unit into two units (i.e., Georgian Bay Field Unit). The unit is supported by the Southwestern Ontario financial officer, located in the National Office, who ensures the delivery of financial services for both entities until the end of fiscal year 2010-2011.

The project is expected to be completed by June 2011, and tabled at the Audit Committee in September 2011.

Planned expenditures in 2011-2012 are approximately $5.5 K
5. Audit of Revenue Management (rentals, concessions and other revenues) High
Audit Priority
Maps to Corporate Risks: Maps to MAF:
  • Stewardship
  • People (Accountability)
  • Results and performance
  • Client-focused service
  • Risk management
The audit is intended to provide assurance that the control framework for this type of revenue is adequate and revenue is complete and accurately accounted for, and that revenue management practices comply with PCA policies and directives.

The scope of the audit will involve the description of processes for collecting revenue from 9 specific revenue accounts identified in Parks chart of accounts.
The Agency had total revenues of $110 in 2009-2010 accounting for 18% of its total budget. In 2008, the function began a series of audits of revenue management focusing first on revenue from entry and visitor services (i.e., approximately 60% of the annual revenue). Revenue from the use of land, buildings or easements by third party (leases & rents) and other revenue, the focus of this audit, represents about 24% of the total.

Leases type will determine if rate revision will take place every 10 years or every 2 years. Adjustments may be substantial as they are not frequent. There is a risk of revenue lost if the Agency does not make the adjustments when scheduled.

Companies that provide commercial activities (concessions) on Parks’ sites pay fees according to predetermined criteria (i.e., most often based on profits generated by the entity). Controls must be in place to ensure appropriate revenue is collected.

The project is expected to be completed in August 2011 and tabled at the September meeting of the Audit Committee.

Planned expenditures in 2011-2012 are approximately $40K
6. Performance Audit of the Geographic Information System (GIS) High
Audit Priority
Maps to Corporate Risks:
  • Information management
Maps to MAF:
  • Governance and strategic directions
  • Client-focused service
  • Stewardship – general information technology
  • Results and performance
  • Risk management
The objective of this audit is to provide independent opinion that GIS activities in PCA are conducted in ways that ensure funds are used efficiently, effectively and economically. The audit focuses on the:
  • appropriateness of the governance structure
  • adequacy of management practices and tools to ensure efficiency and economy;
  • extent to which GIS effectively supports the Agency’s mandate, objectives and priorities.
Parks Canada has been using GIS and other geomatics technology to improve decision-making since the late 1970s largely as a tool for natural resource management.

Executive Management Committee recently directed that Geomatics systems be designed to serve all functions within the Agency. As Geomatics grows from servicing one specific functional area to servicing the entire Agency, outputs must meet priority requirements and work must be done efficiently. The key to that is ensuring that PCA has an effective accountability framework (governance structure) in place for Geomatics.

The project is expected to be completed by March 2012, for tabling at the first audit committee meeting in 2012-2013.

Planned expenditures in 2011-2012 are approximately $150K

Section B: New Projects for 2011-2012

Project Objectives and Scope Rational
7. Audit of the Twinning Trans Canada Highway Project High Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Governance and strategic direction
  • Public service value
  • Client-focused service
  • Risk management
  • Stewardship
  • Results and performance
The objective of the audit is to provide assurance that management control framework is adequate to ensure compliance with TBS and Parks’ financial and contracting policies and practices.

The scope of the audit involves the review of contracts awarding process under the Gateways and Border Crossings Funds as well as Budget 2009; and the examination of Parks’ expenditures related to TCH Twinning project.
The Trans Canada Highway (TCH) passes through Banff National Park for a distance of 82 km. Under vote 25, a TB submission granted Parks Canada $130 M over 5 year period. ($80M from Budget 2009 and $50M from previously approved funding). The audit project is one of the six audit and evaluation TB requirements stated in the submission.

Some limited audit work was performed in 2009-2010 when reviewing the contracting processes for EAP funded projects.

This project is expected to be completed in the fall, and tabled at the Audit Committee in January 2012.

Planned expenditures in 2011-2012 are approximately $7,5 K
8. Management of Dams Safety High Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Risk management
  • Stewardship
  • Policy and programs
Assess whether management practices in place to manage the safety of dams are adequate to ensure that PCA fulfilled its responsibilities in accordance with relevant legislation and in compliance with regulations. Through waterway management program involves the water control aspect of operation for nine national historic canals/waterways including the Trent-Severn Waterway, the Rideau, Lachine and Chambly canals. This includes more than 650 kilometres of waterway and 25,000 square kilometres of drainage basin. While the likelihood that dam failure is thought to be low, the potential impacts for human health and safety and environmental damage, should they occur are significant.

As federally-owned assets, dams under Parks’ management do not have to comply with provincial laws and regulations. Parks established its own set of policies and directives to manage and ensure dams safety.

This project is expected to be completed in January 2012, and tabled at the Audit Committee in March.

Planned expenditures in 2011-2012 are approximately $5 K
9. Financial Management Framework High Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Governance and strategic direction
The audit will focus on the adequacy of the overall governance and control framework for financial management in the Agency. The focus will be on adequacy of financial management structure, overall budgeting, integration of key framework documents (e.g., PAA, chart of accounts), adequacy of central guidance documents, and overall monitoring and reporting processes in the context of the TB Policy on Financial Management Governance.

This audit scope does not include assessing compliance with TB Policy on Internal Control.
The Treasury Board Secretariat (TB) of Canada approved the Policy on Financial Management Governance effective April 1, 2009. The Policy establishes a framework specific to roles and responsibilities for financial management governance for departments and agencies.

Inadequate financial management governance can lead to inconsistencies in operations, inefficient and ineffective use of funds, failure to comply with relevant authorities and obligations and waste of effort and resources. Overall governance of the function will be critical to address these risks as the Agency moves toward full implementation of the TB financial policy suite.

Planned expenditures in 2012-2013 are approximately $7.5 K
10. Horizontal Audit of Acquisition processes Moderate
Audit Priority
Maps to Corporate Risks: Maps to MAF:
  • Stewardship
The audit will aim to provide senior management with an overall assurance that the acquisition process within the Agency respects Parks and TBS’ rules and policies. In 2010-2011, the Agency spent more than $200M on acquisition of goods, services and construction. Over $170 M were open bidding, (which include construction) and traditional competitive process. Past audit work at the business unit level over several years identified moderate to significant control weakness in 28% of the audited entities for use of acquisition cards.

This project is expected to be completed in the winter of 2012, and tabled at the Audit Committee in March.

Planned expenditures in 2011-2012 are approximately $20 K

Project Name Size Person Days O&M Total ($)
1. Audit of Law Enforcement Program - Arming Initiative Medium 185 26K 70,400
2. Audit of the Management of the Cost-Sharing Contribution Program Small 130 5K 36,200
3. Audit of Human Resources at Coastal BC Field Unit Small 105 10K 35,200
4. Audit of financial and administrative key processes at Southwestern Ontario Field Unit Small 105 5.5 K 30,700
5. Audit of Revenue Management (rentals, concessions and other revenues) Medium 185 40K 84,400
6. Performance Audit of the Geographic Information System (GIS) Large 196 150K 168,240
7. Audit of the Twinning Trans Canada Highway Project Small 125 7.5K 37,500
8. Management of dams safety Small 125 5K 35,000
9. Financial management framework Large 185 7.5K 51 900
10. Horizontal financial audit of acquisition processes Medium 185 20K 64,400

Year 2: 2012-2013

Project Objectives and Scope Rational
1. Audit of MCF for Stakeholder and Partner Engagement Moderate
Audit Priority
Maps to Corporate Risks:
  • Aboriginal Support
  • Inter-governmental Collaboration
  • Partnering Instruments
Maps to MAF:
  • Governance and strategic direction
  • Risk management
  • Policy and programs
  • People
  • Results and performance
The audit will focus on the adequacy and effectiveness of the management control framework for stakeholders and partner relations in the Agency. Much of the work of the Agency involves a variety of partners and stakeholders including joint and cooperative management of parks Canada sites, and local, regional and national arrangements ranging from informal consultations to formal sponsorships. As of 2009 the Agency had identified more than 6000 stakeholders and partners.

The audit will identify the risks and controls in various types of arrangements and mechanism to ensure that Agency values are maintained and that arrangements adhere to established policies, directives and procedures.

Planned expenditures in 2012-2013 are approximately $10 K
2. Audit of Agency Branding and Corporate Identity Program Moderate
Audit Priority
Maps to Corporate Risks:
  • Competitive Position
Maps to MAF:
  • Governance and strategic direction
  • Client-focused service
  • People
  • Results and performance
The audit will focus on governance, risks and controls in place to create a corporate identity and brand for the Agency. As part of its overall renewal strategy to ensure the Agency’s program and products remain relevant to Canadians, the Agency has focused on standardizing and marketing its corporate image and brand. Identity and branding includes the look and feel of the Agency’s communications products and images. It can include signage, media campaigns and products, and various public events/celebrations.

Lack of consistency in branding and a weak corporate identity can result in a weaker competitive position for the Agency’s products and services and reduced effectiveness in achieving key strategic outcomes of connecting the hearts and minds of Canadians to their natural and historic treasures.

Planned expenditures in 2012-2013 are approximately $7.5 K
3. Information in PeopleSoft To Support Centralized Pay Moderate Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Risk management
  • Stewardship
  • Results and performance
The objective of the audit is to provide assurance that the testing and implementation of the new PeopleSoft version are adequate to support Parks HR operations in the new centralized federal pay environment. In April 2006, a Treasury Board Directive on Corporate and Administrative Systems Investment recognized the PeopleSoft Government of Canada Human Resources Management System (GC HRMS), version 8.9, as the target system environment for human resources (HR) systems for federal government organizations.

With the move to centralized pay processing, the updated PeopleSoft system will become the source of key information related to pay. Controls over the access to, and completeness, accuracy, and reliability of information in the system will become increasingly important for ensuring efficient and effective pay administration.

This project is expected to start in the winter of 2012 and be completed in fiscal year 2012-2013.

Planned expenditures in 2012-2013 are approximately $5 K
4. Audit of Revenue – Canals High Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Stewardship
  • People (Accountability)
  • Results and performance
  • Client-focused service
  • Risk management
The objective of the audit aims to assess the adequacy of the management control framework over revenue collection for canals to ensure accuracy and completeness of data. The Agency has significant revenue dependencies (i.e. in 2009-2010 total revenue was over $110 million, which represents about 18% of PCA’s total budget. In 2008, the function began a series of revenue audit (an audit of revenue from entry and visitor services was approved in 2009; an audit of revenue from rentals, concessions and other revenue is expected to be approved in September 2011).

This third and last audit project related to revenue collection was initially included in Parks Internal Audit Plan for 2009-2010, but has been rescheduled for operational purposes.

The audit aims to ensure that revenue related to canal operation and accounted for in the financial system are accurate and complete. It is not intended to provide assurance for the conformity of the software application nor the IT system architecture.

This project is expected to be completed in the fall, and tabled at the Audit Committee in January 2013.

Planned expenditures in 2012-2013 are approximately $7.5K
5. Audit of the MCF for Information Management High Audit Priority Maps to Corporate Risks:
  • Information Management
Maps to MAF:
  • Governance and strategic direction
  • Policy and programs
The audit will focus on the overall management control framework for information management in the Agency including overall governance, roles and responsibilities, accountability, communication, and mechanism to ensure information management is alignment with business needs, resourcing and integrated with IT management. A previous audit (2009) identified a number of gaps in the IM control framework. The amount of information to be managed continues to grow exponentially (i.e., estimated at over 16 billion pages of text in 2008). The ability to adequately manage information is one of the two key operational risks identified in the Agency’s Corporate Risk Profile. Failure to have an adequate framework in place for the management of information can lead to inefficiencies, duplication and the loss of key corporate resources.

Planned expenditures in 2012-2013 are approximately $10 K
6. Audit of Acceptable Use of Electronic Network High Audit
Priority
Maps to Corporate Risks
  • Information management
Maps to MAF:
  • Risk management
  • People
  • Governance and strategic direction
  • Policy and programs
The audit focuses on compliance with Agency and TBS policies and directives regarding the acceptable use of the electronic networks. The Agency’s electronic network supports the use of central business systems in a decentralized organizational and provides employees to a variety of sources of information and tools for social networking such as Facebook, Twitter, SMS, YouTube. Network capacity has grown over many years but demand continues to increase at a faster rate than supply.

Lack of compliance with policies and directives on acceptable use and/or gaps in the framework governing acceptable use can expose the Agency to reduced efficacy in the operation of the network, increased costs, lower employee productively and potential compromise network security.

Planned expenditures in 2012-2013 are approximately $10 K
7. Business Continuity and Emergency Preparedness Moderate Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Governance and strategic direction
  • Risk management
  • Policy and programs
  • People
  • Client-focused service
The audit will focus on the existence, adequacy and effectiveness of contingency plans to protect employees and visitors, safeguard assets and assure the continued delivery of critical services in the event of a natural or man-made disaster. Under TB Policy on Government Security and Directive on Departmental Security Management departments and agencies are required to develop a departmental security plan including establishing business continuity and emergency preparedness plan to ensure the continued availability of services and associated assets. Deputy heads are responsible for ensuring periodic reviews of the plan to assess its effectiveness and appropriateness over time, the existence of period review is one element of security assessed under the TBS MAF process.

Planned expenditures in 2012-2013 are approximately $10 K
8. Management of Parks’ Staff Housing High Audit Priority Maps to Corporate Risks:
  • Information Management
Maps to MAF:
  • Stewardship
  • Risk management
The audit will provide assurance that the control framework for the Agency’s staff housing program is adequate to ensure
  • Revenue is collected effectively, efficiently and equitably.
  • Accommodations are maintained in manner to protect the health & safety of Parks’ employees.
Parks Canada provides staff housing in some areas where accommodations may not be readily available or affordable and/or for some seasonal employees where it does not make sense to require employees to purchase their own accommodations. The stock of housing (Crown-owned or leased dwelling units across the country) is not known with certainty although as 2005 it was estimated to be on the order of 700 units. Living accommodations allowances are negotiated as part of collective agreements (i.e., article 6.03 in the current agreement).

Employees who are occupying a unit of the state must pay a rent payable to the PCA. The basic factors of rent for government housing are determined by an assessment of the value of the house and the rental market in different localities so that the rents are comparable with those of private dwellings in the same markets.

Planned expenditures in 2012-2013 are approximately $25 K

Project Name Size Person Days O&M Total ($)
1. Audit of MCF For Stakeholder And Partner Engagement Medium 185 10K 54,400
2. Audit of Agency Branding and Corporate Identity Program Medium 185 7.5K 51,900
3. Audit of Information in PeopleSoft to Support Centralized Pay Medium 185 5K 49,400
4. Audit of Revenue - Canals Small 105 7.5K 32,900
5. Audit of the MCF for information management Large 185 10K 54,400
6. Audit of Acceptable Use of Electronic Network Small 105 10K 35,200
7. Audit of Business continuity and emergency preparedness Small 130 10K 41,200
8. Audit of Management of Parks’ Staff housing Small 130 25K 56,200

Year 3: 2013-2014

Project Objectives and Scope Rational
1. Management of Long Arms Moderate Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Risk management
  • Policy and programs
  • Stewardship
  • People
The focus of the audit is on assessing compliance with policies and directives related to management of long arms (i.e., rifles) in the Agency. Under Agency policy, employees, including term employees and students, may be authorized to transport, carry, be custodian of or use Agency long arms and related ammunition for natural resource management purposes including: control of animals and culling of hyper abundant species; prevention of hazardous wildlife-human encounters; destruction of wildlife that is deemed to be a danger to the public; euthanasia; and, as a last resort, for self-protection or protection of others from wildlife. Long arms involve inherent risks to employee and/or visitor health and safety. The Agency Security Officer is responsible for the policy and directives framework governing the use of long arms. Resource Conservation agents are accountable for managing the arms.

Planned expenditures in 2013-2014 are approximately $10K
2. Visitor Safety Program High Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Risk management
  • Policy and programs
  • People
The audit focuses on the MCF for the visitor safety program (governance, risk management and controls). Responsibility for the development of control framework and the delivery of the Visitor Safety program is shared in the Agency. The External Relations and Visitor Experience Directorate is accountable for the policy framework (e.g., developing and providing prevention communications). Day to day prevention a widely shared responsibility at the field level involving many functions. In addition, there are specialized search and rescue activities performed by the resource conservation function. The program is complex and involves the management of inherent heal and safety risks for visitors to Parks Canada sites.

Planned expenditures in 2013-2014 are approximately $10K
3. Internal Communication Moderate Audit
Priority
Maps to Corporate Risks:
  • Information management
Maps to MAF:
  • People
The audit will focus on the overall MCF over internal communication governance, risk management and controls and the use of tools such as the Agency intranet to communicate with employees. The Agency is a decentralized organization which creates challenges in ensuring consistent, focused, and reliable communication to staff at all levels. Issues with the effectiveness of internal communication were identified in the 2010 Independent Review of the Consistency of the HR Regime with the Agency HR values and principles.

Planned expenditures in 2013-2014 are approximately $10K
4. Official Languages Moderate Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Policy and programs
  • People
The audit will focus on the Agency’s responsibilities under the Official Languages Act with respect to identifying, maintaining and staffing bilingual positions, and providing a work environment conductive to the use of both official languages. The Agency has responsibilities to offer services to the public in both official languages in designated regions to provide a work environment conductive to work in both official languages. The focus of this audit is on the internal work environment rather than service to the public and includes processes for identifying language requirements for positions in the Agency, staffing and/or training to meet the requirements and maintenance of language capacity over time taking into account the mandate of the Agency, the public it serves and the location of its offices.

Planned expenditures in 2013-2014 are approximately $25 K
5. Compliance with Policy on Internal Control High Audit Priority Maps to Corporate Risks: Maps to MAF:
  • Risk management
  • Policy and programs
The audit will focus on the implementation of the TB Policy on Financial Management Controls within the Agency. Under TB Policy on Internal Control and supporting directives deputy heads are responsible for conducting periodic audits and reviews to ensure effective implementation of the Policy. The CFO must also acknowledge the conduct of an annual risk-based assessment of the system on internal control over financial reporting to determine its on-going effectiveness. This requirement is phased-in over a three year period between 2009 and 2012.

The policy requires that the Agency documents its financial and associated administrative process and controls and develops plans for addressing weakness in controls.

Planned expenditures in 2013-2014 are approximately $15 K
6. IT Investments High Audit
Priority
Maps to Corporate Risks: Maps to MAF:
  • Governance and strategic direction
  • Stewardship
The audit will focus on the overall MCF (governance, risk management and controls) for IT investments to ensure that the long term investment plan is aligned with Parks’ priorities. Information Technology refers to infrastructure required to process, transport and store electronic digitized information in an efficient and orderly and safe manner. Infrastructure services include hardware recapitalization for storage devices and network hardware, Web Access support, Disaster Recovery, IT Security and Infrastructure and System monitoring. IT Services includes direct services to clients such as, help desk support, procurement advice and repairing hardware and software problems.

The scope of the audit will include not only the investment by the office of the CIO but investments by individual managers with authority to acquire IT material using their own budget.

Planned expenditures in 2013-2014 are approximately $20K

Project Name Size Person Days O&M Total ($)
1. Audit of the Management of long arms Small 105 10K 35,200
2. Audit of Visitor safety program Medium 154 10K 47,000
3. Audit of Internal Communication Medium 154 10K 47,000
4. Audit of Official Languages Small 130 25K 56,200
5. Audit of Compliance with Policy on Internal Control Medium 200 15K 63,000
6. Audit of IT investments Small 105 20K 45,200

Appendix A. Capacity of Internal Audit Function

a)

Hours Available for Work Per FTE Hours Available
52 week/year * 5day week *7.5 hour/days 1950.0
Average days holiday (20 days) -150.0
Average days sick (5 days) - 37.5
Average days training (5 days) - 37.5
Total Work Time Available 1725.0*
* Equivalent to 230 working days

b) Hours Available for Audit Work: On average it is assumed that one hour per working day is allocated to breaks (i.e., 230 hours per auditor), leaving 1,495 hours of actual working time. It is further assumed that approximately 15% of the actual working time per auditor (i.e., 224 hours per year) is allocated to unit administration, including planning, meetings, supporting internal systems, support to the audit committee, human resources issues, follow-up on the status of previous audit recommendations, etc. The remaining time is allocated to audit work in point c, and to risk based audit work.

c) Types of Audit Work: Available work hours are allocated to the following tasks:

OCG Directed Audit Requirements

  • The Comptroller General requires up to 20% of internal audit resources be available to participate in government wide horizontal audits each year. These audits are based on government-wide risk analysis and may not be risk-based audit priorities for the Agency.
  • This category does not include audit work required as part of TB submissions or RMAF/RBAF commitments, which is treated as part of the risk-based project work.

Special Requests

  • Periodic special requests by management outside the approved audit plan are typical. Examples include audits related to potential fraud or wrongdoing.

Consulting/Advice/Coordination

  • Consulting and providing advice related to audit, controls are a normal part of the activities of the OIAE. Frequently, the OIAE has also taken a lead role in coordinating the work related to Auditor General’s performance audits and follow-ups.

d) O&M Dollars Available for Contracting: Additional capacity can be purchased from contracted professionals based on available O&M budgets. An average per diem of $1,200 per day or $160 per hour is used for this calculation. For 2011-2012, the O&M budget for professional services and travel is estimated to be $307K.

e) The resource consumption of the average audit project: The average number of hours consumed by an audit project is affected by many factors, including its scope and complexity as well as the skills of the personnel performing the work. Based on a review of prior experience with contracted projects and estimates of internal staff time devoted to projects typical values of 1,200 hours per internal audit project were identified. We have adjusted this to 1,400 hours for this planning period in anticipated inefficiencies due to new staff being hired some at more junior levels than staff in the past.

A significant exception to this general project average is Parks Canada’s cycle of standardized financial and administrative audits where each audit involves from 250 to 450 hours depending on whether new areas are being audited necessitating development of new audit programs. Therefore, between 3 and 6 of these audits are equivalent to one typical internal audit as defined above. We expect similar time frames in conducting the new cycle of business unit human resource control audits.

A) Resources CAEE Office Internal Audit Total
FTEs 1 8 9
Hours Available for Work (Less vacation, sick and training days, and 1 hour per working day for breaks leaving 1,495 hours per FTE) 1,495 11,960 13,455
Professional Service Hours Purchased (O&M for professional Services/$160 per hour/$275K budget)   1,719 1,719
Total Hours Available 1,495 13,679 15,174
B) Demands
Administration i.e., (75% of CAEE, 100% of Admin. Assistant, 75% of Head of Internal Audit and Auditor III Quality, 25% of Auditor III Operations and 15% of other staff hours are allocated for activities such as planning, meetings, work on internal systems, support to the audit committee, human resources, quality control, follow-up on previous recommendations, etc.). -1,346 -3,735 -5,081
OCG Directed Audits (10% of one FTE) -10 -150 -160
Special Requests (25% of one FTE) -15 -374 -389
Consulting/Advice/Coordination (40% of one FTE) -125 -598 -723
Residual Hours for Risk Based Projects -1 8822 8821
C) Project Capacity
Number of Typical Projects (1,400 hours per project)     6.3

Appendix B. Corporate Risk Profile

Risk Category and Label Description Risk Owner
Public
Aboriginal Support Support from Aboriginal Peoples may diminish and become insufficient to advance Parks Canada’s programs. Director, Aboriginal Affairs Secretariat
Inter-governmental Collaboration Resource capacity in other federal departments, provinces, territories, and municipalities may be insufficient to fully collaborate on Parks Canada’s program priorities. DG, National Parks
DG, National Historic Sites
Partnering Instruments Existing partnering instruments may limit Parks Canada’s ability to fully leverage partnering opportunities, resulting in its inability to extend its reach and to grow the base of support for Parks Canada’s administered places. DG, External Relations and Visitor Experience
Public Support Support from local communities, stakeholders, NGOs, and the Canadian public may not exist or be insufficient to advance Parks Canada’s programs. DG, External Relations and Visitor Experience
Socio-Economic
Competitive Position Parks Canada’s profile, service and experience offer may be less attractive or of less interest to Canadians in comparison to other parks and cultural attractions and/or leisure activities. DG, External Relations and Visitor Experience
Development Pressures Development pressures may limit opportunities for NP/NMCA establishment, NHS commemoration, maintenance of EI and CI, and development of connection to place. DG, National Parks
DG, National Historic Site
Environmental Forces
Disasters Disasters may impair or destroy critical infrastructure and/or assets of national historic significance, or lead to serious injury or loss of life. Chief Administrative Officer
Environmental Forces The Agency’s ability to maintain or improve overall EI in national parks and meet legal requirements related to species at risk may be hindered by environmental forces, such as climate change, biodiversity loss, and exotic/invasive species. DG, National Parks
Parks Canada’s Business Operations
Asset Management Aging infrastructure and inadequate level of recapitalization and maintenance could result in failure of assets and/or significant impairment of built cultural resources, which could compromise public safety, hinder Parks Canada's ability to deliver on its mandate and damage the Agency's reputation. Chief Administrative Officer
Information Management Failure to identify, capture, manage, share and report pertinent data and information may hinder the ability to effectively manage all program areas and meet legal requirements. Chief Administrative Officer
Recruitment and Retention Failure to recruit and retain competent employees may lead to challenges in delivery of all programs and support functions. Chief Human Resources Officer

Appendix C. Risk Taxonomy

Risk Domain Definition Risk Area Risk Area Definition
A. Strategic Loss or damage caused by external conditions or events which may negatively affect the government's policy or program position, asset base or other decisions. 1. Transformation The risks associated with the government's inability to make needed program, policy or other changes to adapt to, or efficiently meet emerging or evolving needs.
2. Alignment and Priority Setting The risks associated with the misalignment of activities, priorities and financial resources.
3. Public Opinion The risks associated with a shift of public opinion.
4. Economic The risks associated with major disruptions in the Canadian or world economy.
B. Operational Loss or damage caused by failures in people, processes or internal systems. 1. Human Resources The risks associated with maintaining a sufficient and representative workforce with the appropriate experience and skill-mix.
2. Third Party The risks associated with the failure on the part of third parties on which the Government depends.
3. Knowledge Capital The risks associated with loss or failure to manage information, including intellectual property, organizational or operational information, and personal information of Canadians.
4. Capital Infrastructure The risks associated with deteriorating or damaged capital infrastructure including hard assets (e.g., buildings, vessels, scientific equipment), but excluding IT infrastructure.
5. Information System Infrastructure The risks associated with failure or incapacity of information technology.
6. Legal and Compliance The risks associated with violation of laws, regulations, international treaties / agreements and policies.
7. Internal Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by internal personnel for personal gain.
8. External Fraud The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by a partner or the public for personal gain.
C. Hazard Loss or damage caused by natural, accidental or pre-meditated actions 1. Natural Hazards The risks associated with natural, e.g., biological or climatic hazards.
2. Human Actions - Intentional The risks associated with chemical, nuclear or other hazards, resulting from deliberate actions.
3. Human Actions - Unintentional The risks associated with chemical, nuclear or other hazards, resulting from accidents.

Appendix D. Priority Ratings of the Audit Universe

  PA Number Entity Risk Significance Public Visibility Priority
1. 6.2.3 Information Management 4.4 4.7 1.9 4.0
2. 6.2.2 Financial Management 4.2 4.1 2.9 3.9
3. 6.2.4 Information Technology 4.4 4.4 1.7 3.9
4. 5.2 Through Highway Management 4.1 3.4 3.1 3.7
5. 5.3 Through Waterway Management 3.9 3.4 3.5 3.7
6. 4.3.1 Visitor Safety 3.6 3.2 4.0 3.6
7. 6.3.1 Real Property 4.1 3.7 1.9 3.5
8. 3.1 Public Outreach Education and External Communications 3.0 4.3 3.2 3.4
9. 6.1.1 Management and Oversight 2.5 4.4 2.1 3.4
10. 3.2 Stakeholder and Partner Engagement 3.2 3.2 2.6 3.1
11. 4.3, 4.5, 4.7 Visitor Service Offer 3.2 3.5 2.2 3.1
12. 6.2.5 Other Administrative Services (security, business continuity)       3.0
13. 6.1.2 Internal Communications       3.0
14. 2.4.1 National Historic Sites Cost-Sharing Contribution Program       3.0
15. 2.1 National Parks Conservation 2.8 3.2 3.4 3.0
16. 6.2.1 Human Resources Management Services 2.8 4.1 1.2 2.9
17. 4.1 Market Research and Promotion 2.5 3.8 2.3 2.9
18. 6.3.2 Acquisition 3.1 3.1 1.9 2.9
19. 1.1 National Park Establishment and Expansion 2.8 2.3 3.7 2.8
20. 5.1 Townsite Management 2.8 2.3 2.5 2.6
21. 6.1.3 Legal 1.8 3.6 1.9 2.4
22. 2.3 National Historic Sites Conservation 1.9 2.3 2.2 2.1
23. 4.2, 4.4, 4.6 Interpretation 1.5 2.9 1.2 1.9
24. 2.1.1 Species at Risk 1.9 1.3 2.7 1.9
25. 6.3.3 Material 1.7 1.8 1.0 1.6
26. 2.2 National Marine Conservation Areas Sustainability 1.4 1.5 1.5 1.5
27. 1.2 National Marine Conservation Area Establishment 1.4 1.3 1.3 1.3
28. 1.3 National Historic Site Designations 1.1 1.1 1.5 1.2
29. 2.4 Other Heritage Places Conservation 1.4 0.9 1.0 1.1
30. 1.4 Other Heritage Places Designations 0.7 0.8 1.3 0.8

PA Num-ber Entity Prio-rity 2011-2012 2012-2013 2013-2014 Recent Audit Coverage Evaluation Coverage
6.2.3 Information Management 4   Audit Of MCF For IM   Audit Of Information Management (2008)  
6.2.2 Financial Management 3.9 Audit Of Revenue Management (Rentals and Concessions)

F&A Audit Of South Western Ontario Field Unit

Audit Of Financial Management Framework
Audit Of Revenue -Canals Audit Of Compliance With Policy On Internal Controls 31 Finance And Administrative Audits (5 directorates and 26 field units) between April 2005 and March 2010

Audit Of Revenue Management (Entry And Camping) (2008)
 
6.2.4 Information Technology 3.9 Performance Audit Of Geographic Information Systems (GIS) Audit Of Acceptable Use Of Electronic Network Audit Of IT Investments    
5.2 Through Highway Management 3.7 Audit Of The Twinning Of The TCH       Evaluation (Dec. 2010)
5.3 Through Waterway Management 3.7 Audit Of The Management Of Dam Safety       Evaluation (2011)
4.3.1 Visitor Safety 3.6     Audit Of Visitor Safety Program    
6.3.1 Real Property 3.5   Audit Of Manag-
ement Of Staff Housing
    Evaluation Of Asset Management Program (2009)
3.1 Public Outreach Education and External Communi-cations 3.4   Audit of Agency Branding and Corporate Identity Program      
6.1.1 Management and Oversight 3.4       Audit Of Values And Ethics Management (2007)

OCG Audit Of Corporate Risk Profiles (2009)

OCG Horizontal Audit Performance Management (2011-12)
 
3.2 Stakeholder and Partner Engagement 3.1   Audit of MCF For Stakeholder And Partner Engage-
ment
     
4.3, 4.5, 4.7 Visitor Service Offer 3.1         Evaluation 2011
6.1.2 Internal Commu-nication 3.0     Audit Of Internal Communi-
cations
   
2.4.1 National Historic Sites Cost-Sharing 3.0 Audit Of The Management Of The Cost-Sharing Contribution Program        
6.2.5 Other Adminis-
trative Services (security, business continuity)
3.0   Audit Of Business Continuity And Emergency Prepared-
ness
     
2.1 National Parks Conservation 3.0 Audit Of Law Enforcement Program-Arming Initiative   Audit Of The Management Of Long Arms CESD Study Of Environmental Monitoring Systems (2011) Evaluation 2011
4.1 Market Research and Promotion 2.9         Some Coverage In VSO Eval 2011
6.2.1 Human Resources Management Services 2.9 HR Process In Coastal BC Audit Of Transfor-
mation Of Pay
Audit Of Official Languages Audit Of Pay And Benefits (2009)

Audit Of Staffing (2006)

Independent 5 Year
Review Of Human Resources Regime (2010)

OCOL Audit Of Service To Public (2011-12)
 
6.3.2 Acquisition 2.9 Audit Of Acquisition Process     (Covered In Finance And Admin. Audit Cycle)  
1.1 National Park Establish-
ment and Expansion
2.8         Evaluation 2011
5.1 Townsite Management 2.6          
6.1.3 Legal 2.4          
2.3 National Historic Sites Conservation 2.1          
2.1.1 Species at Risk 1.9         Horizontal Evaluation (2011)
4.2, 4.4, 4.6 Interpretation 1.9          
6.3.3 Material 1.6          
2.2 National Marine Conservation Areas Sustainability 1.5          
1.2 National Marine Conservation Area Establish-
ment
1.3          
1.3 National Historic Site Designations 1.2          
2.4 Other Heritage Places Conservation 1.1          
1.4 Other Heritage Places Designations 0.8          

Notes Regarding Adjustments to the Audit Universe and Priority Ratings:

We have made the following adjustments to the elements of the universe and the ratings provided by management at the February 2011 workshop.

Managers rated visitor service offer and interpretation as three separate elements for each corresponding to the VS offer or interpretation programs in national parks, national marine conservation areas and national historic sites. On reflection these separate entities were combined to form one entity each for VSO and interpretation (i.e., consistent with the approach used in the evaluation universe). The reported scores are from the highest rated element within each entity. At the macro level this does not change the overall priority classification i.e., low or moderate priority).

During the workshop, managers suggested splitting the entity 2.3 national historic sites conservation into historic sites conservation related to historic canals verses other national historic sites conservation. This was predicated on the idea that the canals (through waterways) managed by the Agency have working historic assets (i.e., dams and other structures) that contribute to managing water levels over a large area and which if not properly managed pose significant health and safety risks. We recognize the importance of the distinction but for the sake of maintaining consistent with the PAA structure have chosen to treat 2.3 national historic sites conservation as one entity but assigned the lower scores accorded to national historic sites other than canals to the whole entity. The aggregate rating of conservation of historic canals as a separate entity was identical to the aggregate rating of management of through waterway management (i.e., 3.7 or high) and we treated the concerns with canals as part of this entity.

Managers also rated the sub-sub-activity “communications” which is formally identified as part of the governance and management support sub-activity in internal services program activity. The definition of this entity focuses on a variety of external communications processes and activities. For purposes of the framework we split the entity into two components, external communications and internal communication. External communications is essentially the same as entity 3.1 Public Outreach Education and External Communications and we used the scores for communications for this entity rather than those provided for the separate ratings of 3.1. These ratings where higher on all dimensions but still resulted in the entity being classified as a medium priority. We also assigned the generic communications score to “internal communications” a sub-sub-activity within Internal Services.

The TBS definition of entity 6.25 Other Administrative Services includes internal services that do not smoothly fit with any of the internal services categories and specifically government of Canadian travel services. This entity was rated as a low priority by management. Subsequent to management rating of the entity we revised the definition so that the entity would cover Agency security, business continuity and disaster recovery. We subsequently, rerated the entity based on the internal audit assessment of the significance, visibility and risk exposures in conjunction with input from program management.

Finally, we adjusted the overall rating of the 2.4.1 the national historic sites cost sharing contribution program from a low priority to a moderate priority to reflect the fact it had received funding through the EAP and there were concerns about the timeliness of the use of the funds.


[1] The terms of reference for the committee were updated in November 2010 to make it consistent with changes to the TB Policy on Internal Audit, which came into effect July 1, 2009.

[2] These are the law enforcement program and the General Class Contribution Program.

[3] The sub-activities and sub-sub-activities of the five program activities in the Agency PAA (i.e., minus the sixth internal services activity) are also the entities in the universe used by the evaluation function in the Agency. Therefore, the core descriptions of the entities are shared in one document/database called Elements of the Internal Audit and Evaluation Universes 2011-2012. Data supporting priority ratings of the entities in the universe for each function are contained in separate documents as the dimensions on which each element is rated differ, with some overlap, between audit and evaluation (see Audit Priority Ratings 2011-2012, and Evaluation Priority Ratings 2011-2012).