Parks Canada
Symbol of the Government of Canada

Common menu bar links

Internal Audit and Evaluation Documents

Parks Canada Multi-Year Internal Audit Plan 2014–2015 to 2016–2017

Collage of photographs of locations in Parks Canada parks

May 2014 Final
Office of Internal Audit and Evaluation Parks Canada

Recommended for Approval by Parks Canada Audit Committee: March 26, 2014
Date Approved by CEO: June 10, 2014

Table of Contents

Executive Summary

The Parks Canada Multi-Year Internal Audit Plan 2014-15 to 2016-17 outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit projects and activities for the next three years.

Parks Canada’s Office of Internal Audit and Evaluation (OIAE) adheres to the government’s policy, directive and standards for internal audit. The audit function consists of the Chief Audit and Evaluation Executive (CAEE) and seven auditor positions.

The audit universe (i.e., the individual programs, processes or systems that may be subjected to IA activity) consists of 30 entities based on a modified version of the Agency’s Program Alignment Architecture (PAA), including internal services. Audits entities are described and prioritized based on considerations of significance, public visibility and risk. In principle, audit activities should focus on the entities with the highest priority scores, as determined by a yearly review, for the three year period of the plan.

For 2014–2015 the function will focus on five assurance engagements, continue to monitoring the pay transformation process and support one external review, as well as continue work on internal projects. Over the three year period 17 assurance audit engagements are planned.

Introduction

The Parks Canada Multi-Year Internal Audit plan 2014–2015 to 2016–2017, consistent with the TB Policy on Internal Audit, outlines the mandate, organizational structure and resources for internal audit in the Agency, the considerations employed in developing the risk based plan and describes the audit activities for the next three years.

Parks Canada Agency

Parks Canada was established as a separate departmental corporation in 1998. The Agency's mandate is to:

"Protect and present nationally significant examples of Canada's natural and cultural heritage, and foster public understanding, appreciation and enjoyment in ways that ensure the ecological and commemorative integrity of these places for present and future generations."

Responsibility for the Parks Canada Agency rests with the Minister of the Environment. The Parks Canada Chief Executive Officer (CEO) reports directly to the Minister.

Internal Audit Function

Applicable Policies and Professional Standards

The internal audit function at Parks Canada adheres to the Treasury Board Policy on Internal Audit (2012), and the associated directive and standards. In June 2012, a revised audit charter for the function was approved.

Mandate and Services Offered

The mandate of the function is to:

"Provide independent and objective assurance and consulting services designed to add value and improve the Agency’s operations. It helps the Agency accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance processes, risk management strategies and practices, and management control frameworks, systems and practices."

In this context, the function provides the CEO and audit committee with assurance that:

  • Risks are appropriately identified and managed;
  • Governance arrangements are in place to support strategic direction, monitoring and accountability;
  • Significant financial, managerial and operating information is accurate, reliable and timely;
  • Activities and actions are in compliance with applicable laws, regulations policies, standards, and procedures;
  • Resources are acquired economically, used efficiently and adequately protected;
  • Programs, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in the Agency’s control processes;
  • Significant legislative or regulatory issues impacting the Agency are recognized and addressed properly.

Services include:

  • Assurance Audits that provide an assessment on the adequacy of the governance and controls in place to ensure that the organization’s risks are managed effectively, that its goals and objectives will be achieved efficiently and economically and that rules, regulations and policies are followed;
  • Investigations of possible fraud or wrong doing;
  • Consulting, analysis and advice related to policies, programs, risks, systems and controls.

Follow-up on Management Responses

The audit cycle includes a systematic follow-up on the management responses to each audit recommendation four months after the final approval of the audit report by the Chief Executive Officer; and every six months afterwards until recommendations are fully addressed. A summary of progress made in implementing action plan is a standing item on the Audit Committee’s agenda.

Governance

The CAEE reports directly and exclusively to the Chief Executive Office (i.e., deputy head) of the Agency. Consistent with TB Policy on Internal Audit, oversight of the function is provided by an independent audit committee composed of three members external to the public service. The Chief Executive Officer, the Chief Audit and Evaluation Executive and the Chief Financial Officer are ex officio members of the committee.[1] The committee is responsible for reviewing and providing advice and/or recommendations to the CEO, as required, on issues related to:

  • Internal audit function and products;
  • External audit and review;
  • Financial statements and public accounts reporting;
  • Risk management;
  • Agency accountability reporting;
  • Values and ethics;
  • Management control framework.

Organizational Structure and Resources

Organizational Structure and Resources

The organizational chart for the function is shown at the right. The function currently consists of seven funded positions. The effective staff complement for 2014–2015 is estimated to be 6.4 FTEs due to a few auditors being away for part of the year.

Budget for the audit function in the Agency includes:

  1. Part of the salary and O & M costs for Executive Assistant to the CAEE, typically about $34K per year[2]
  2. Salary and operating costs of the audit committee, typically about $100K per year of which 80% to 85% covers salaries (i.e., costs in 2013–2014 were $117K of which 82% was salary).
  3. Costs of the audit function (i.e., the salary and expenditures for the seven auditor positions).

The available budget for the audit function in 2014–2015, along with actual expenditures in 2013–2014 and forecasted expenditures in 2014–2015 are shown in the table below.

  Available Budget Expenditures Forecasted Expenditures as % of Available Budget
2013–2014 2014–2015
Actual Forecast
814,174 487,738 687,000 84%
Salaries 634,874 422,536 550,000 87%
Project Costs 179,300 8,953 77,000 76%
Non Project O & M 56,249 60,000

Audit Planning Methodology and Considerations

Audit planning is based on a listing of auditable entities (i.e., the programs, process or activities that may be subject to audit) call the audit universe. The universe is based on the Agency’s Program Alignment Architecture (PAA) including internal services. The PAA was restructured by the Agency in 2013–2014 leading to a restructured audit universe for the 2014–2015 Audit Plan. The universe consists of 30 entities reflecting sub-programs in the PAA and internal services with some adjustments and modifications to amalgamate sub-programs where it makes sense and to add a few entities that are not part of the PAA structure.[3]

Each entity is described, documented and assigned a priority rating. Priority ratings are based on an assessment of the significance, public visibility and risk exposure of the entity. The ratings are combined and classified based on ranges of scores as very high, high, moderate and low audit priority. Appendices A, B, C and D provide more details on the planning process, some of the inputs to the ratings (i.e., Corporate Risk Profile, past audit and evaluation coverage).

In addition to audit priority ratings, the function takes account of several additional factors in planning including external commitments to conduct an audit (i.e., typically in the context of special funding approved by TB for new programs or initiatives); past or planned coverage by other assurance providers (OAG/CESD, other Agents of Parliament, the OCG, and program evaluation within the Agency); management priorities and audit committee recommendations; and the availability of audit resources.

For this planning cycle, descriptive information for most audit entities was updated but final formal priority ratings were not completed for the entities in time to inform the plan. Priorities were assessed through a series of discussions and meetings with members of Executive Management Committee and in some cases their management teams during February and March.

Planned Projects for the Next Three Years

In 2014–2015, the function will undertake:

  • Five assurance engagements and will completed one engagement started in 2013–2014
  • One consulting
  • Continue to implement 3 internal projects

Details of planned projects for the next three years are presented below.

Summary of Audit Plans by Risk Ratings of Audit Entities

# Entity Priority 2014–2015 2015–2016 2016–2017
25 Information Management 4     Information Management
24 Financial Management 3.9 3 Audits of Key Financial and Administrative Processes 2 Audits of Key Financial and Administrative Processes 2 Audits of Key Financial and Administrative Processes
26 Information Technology 3.9 Point of Sale (POS) System    
16 Highways Management 3.7      
17 Heritage Canals Management 3.7      
14 Visitor Safety 3.6      
27 Real Property 3.5 Staff housing Realty Data Quality and Management of Obligations  
11 Heritage Places Promotion 3.4      
20 Management and Oversight 3.4   Project Management Investment Planning
12 Partnering and Participation 3.1   Revenue collected by third party  
5 National Parks Conservation 3     Reservation system
6 National Urban Park Conservation 3      
10 Law Enforcement 3      
13 National Parks VE 3      
13 National Urban Park VE 3      
13 National Marine Conservation Areas VE 3      
13 National Historic Sites VE 3      
13 Heritage Canal VE 3      
21 Communications 3      
30 Security Business Continuity 3 Business Continuity and Emergency Preparedness    
23 Human Resources Management 2.9   Audit Of Official Languages Audit of Compliance with Organizational Design Requirements
29 Acquisitions 2.9      
1 National Park Establishment and Expansion 2.8      
15 Townsites Management 2.6      
22 Legal 2.4      
8 National Historic Sites Conservation 2.1      
18 General Class Contribution Program 2      
19 National Historic Sites Cost-Sharing Program 2      
28 Material 1.6      
7 National Marine Conservation Areas Conservation 1.5      
2 National Marine Conservation Area Establishment 1.3      
3 National Historic Site Designations 1.2      
9 Other Heritage Places Conservation 1.1      
4 Other Heritage Places Designations 0.8      

Year 1: 2014–2015

Section A: Assurance Work

Objectives Scope/Rational

1. Three Audits of Key Financial and Administrative Processes

To provide continuous assurance to senior management that, in general, financial and administrative practices respect policies and directives.

High Audit Priority

Maps to Corporate Risks:

Maps to MAF:

These audits assess compliance with government and Agency policies, directives and standards (e.g., contracting, travel, hospitality, financial coding, allowances etc.) in selected business units (i.e., a field unit, or national office directorate). The intent is to conduct at least two of these audits every year.

2. Point of Sale (POS) System

The audit will assess the adequacy of the control framework (governance, roles and responsibility, risks management and controls) supporting data collection through POS (i.e., revenue and social science data).

High Audit Priority

Maps to Corporate Risks:

  • Information Management

Maps to MAF:

  • Financial Management and Control

A new common point of sale system was implemented across most of the Agency’s operations in 2012–2013. The scope will include a review of processes and procedures to ensure completeness, timeliness, and accuracy of the data collected.

3. Audit of the Management of Staff Housing

The audit aims to provide assurance to senior management that Parks’ staff housing initiative is an efficient tool to support organizational objectives by ensuring optimization of value for money while in compliance with applicable policies and directives.

High Audit Priority

Maps to Corporate Risks:

Maps to MAF:

Staff housing is provided as a benefit to attract staff where accommodations are not easily available or affordable and/or for some seasonal employees for whom it would be unreasonable to require them to acquire their own accommodations. The audit scope will focus on 1) the reasonableness of maintain staff housing at particular locations 2) fairness and equity in assigning staff housing 3) the adequacy of the housing stock 4) compliance with policy and procedures with respect to setting fees (rent) and collecting revenues.

Project started in the fall of 2013 and the report should be tabled at the Audit Committee in the fall of 2014.

4. Business Continuity and Emergency Preparedness

The audit will assess compliance with the framework (governance, existence and efficiency) for business continuity plan and emergency preparedness, established by the Agency.

Moderate Audit Priority

Maps to Corporate Risks:

  • Environmental Forces
  • Asset Management

Maps to MAF:

  • Risk management
  • Management of Security
  • Citizen-focused service

The scope will include processes in place to implement the TB Policy on Government Security and the Directive on Departmental Security Management including practices leading to security and business continuity and emergency preparedness plans.

The project should begin in winter 2015 with a completion date in the next fiscal year.

Section B: Consulting Projects

Objectives Scope/Rational

1. Pay Transformation Planning and Capacity

The audit team will continue to participate in and monitor the process of pay centralization in the Agency (i.e., transferring pay accounts to Miramichi NB). The target date to complete the process is early 2015–2016.

Section C: Other Work

Objectives Scope/Rational

1. Shared Services Canada (SSC) IT Security and Disaster Recovery Controls Assessment

The scope includes a review and documentation of the security and disaster recovery controls related to IT infrastructure and operating systems, applications, user access and business continuity planning. The project is jointly carried out by the Office of Audit and Evaluation at SSC and the Office of Internal Audit and Evaluation at Parks Canada based on an IT Security and Disaster Recovery Controls Assessment Framework created by SSC. The project is expected to be completed by fall 2014.

2. OCG Horizontal Audit of Information Technology Security in Large and Small Departments

The objectives of the audit are to determine whether governance frameworks over Information Technology (IT) Security are in place within departments as well as across government; and selected control frameworks are in place in departments to mitigate IT Security risks. The OIAE will conduct the examination phase under the guidance and technical expertise of the OCG. The examination phase is expected to be completed by October 2014.

Section D: Internal Projects

Objectives Scope/Rational

1. Update Audit Universe and Priority Ratings

The function had engaged management to confirm and update its descriptions of audit entities and subcomponents of audit entities. The capture of information necessary to establish priority ratings at the sub component level of the universe (i.e., likely 60 or more auditable entities) to support audit planning in the future is still in progress.

2. Analysis in Support of Continuous Auditing

The function focus on identifying key processes and questions that can be addressed through continuous auditing and on writing scripts to extract relevant data from the financial system. This involves consultations with TBS experts and working group. The analysis will be used to create a framework for standardizing the use of continuous auditing in the function.

3. Team Mate Implementation

The Team Mate audit software was acquired through PWGSC in 2013–2014. Initial configuration and implementation of the system took place at the end of March 2014. The system will be used in parallel with old system for part of the year.



Project Resources Size Hours O & M 2014–2015 Total ($)[4]
Overall Total   5,300 77,000 310,200
Three Audits of Key Financial and Administrative processes Small 1,500 42,000 108,000
Point of Sale (POS) System Large 1,500 25,000 91,000
Management of Staff Housing Large 350 5,000 20,400
Business Continuity and Emergency Preparedness Small 500 5,000 27,000
Total   3,850 77,000 246,400
Consulting        
Pay Transformation Planning and Capacity   400   17,600
Total   400   17,600
Other Work        
SSC IT Security and Disaster Recovery Controls Assessment   50   2,200
OCG Horizontal Audit of Information Technology Security in Large and Small Departments   400   17,600
Audit Universe Update   150   6,600
Continuous Auditing   150   6,600
Team Mate Implementation   300   13,200
Sub Total Internal Projects   1,050   46,200

Year 2: 2015–2016

Preliminary Objectives Preliminary Scope/Rational

1. Two Audits of Key Financial and Administrative Processes

To provide continuous assurance to senior management that, in general, financial and administrative practices respect policies and directives.

High Audit Priority

Maps to Corporate Risks:

Maps to MAF:

  • Stewardship
  • Results and performance
  • Financial Management

See project description in 2014–2015

2. Realty Data and Obligations Management

The audit will assess the quality of the existing realty data and the active management of realty obligations as set out in various realty instruments.

High Audit Priority

Maps to Corporate Risks:

Maps to MAF:

  • Stewardship

 

The scope include the control and oversight regime in place to monitor adherence to the TB Policy on Management of Real Property and the Reporting Standard on Real Property with respect to land management and obligations related to land use (i.e., an estimated 8,500 land-use documents, ranging from leases to concessions to utility agreements).

3. Project Management

The audit will assess the framework (governance, roles and responsibilities, communication, risk management and controls) developed by the Agency to support project management.

High AuditPriority

Maps to Corporate Risks:

  • Information Management
  • Asset Management

Maps to MAF:

  • Investment Planning and Management of Projects
  • Procurement

The scope of will include processes in place to implement the TB Policy on the Management of Projects and the Agency’s Project Management Standard including verifying the existence and adequacy of systems, processes and controls for managing projects , to support the achievement of project and program outcomes while limiting the risk to stakeholders and taxpayers.

4. Revenue collected by third party

The audit will assess the framework and the effectiveness of the controls surrounding the collection of revenue on behalf of PCA to ensure the Agency is receiving all revenues its entitled to.

Moderate Audit Priority

Maps to Corporate Risks:

 

Maps to MAF:

 

Field units enter into contracts with third parties (mostly bus tour, tourism associations and hotels) that allow them to collect revenue on behalf of PCA (e.g., entry fees that are embedded in a package fee). These amounts are to be remitted to the Agency at the time the tour is taking place or according to pre-established schedules.

5. Official Languages

The audit will assess the Agency’s responsibilities under the Official Languages Act with respect to identifying, maintaining and staffing bilingual positions, and providing a work environment conductive to the use of both official languages.

Moderate Audit Priority

Maps to Corporate Risks:

  • Workforce Management

Maps to MAF:

  • People Management

The scope will include a review of processes for determining language requirements for positions, and that staffing and training practices work effectively to ensure language requirements are meet.



Project Resources Size Hours O & M ($) Total ($)
2015–2016 2016–2017
  5,300 61,500 4,000 298,700
1. Two Audits of Key Financial and Administrative Processes Small 800 14,000   49,200
2. Realty Data Quality and Management of Obligations Large 1,500 20,000   86,000
3. Project Management Medium 1,200 15,000   67,800
4. Revenue collected by third party Small 900 5,000 4,000 48,600
5. Official Languages Small 900 7,500   47,100

Year 3: 2016–2017

Preliminary Objectives Preliminary Scope/Rational

1. Audit of Information Management

To assess the state of the current control framework (governance, roles and responsibilities, risk and control) for information management.

High Audit Priority

Maps to Corporate Risks:

  • Information Management

Maps to MAF:

  • Managing for Results
  • Risk Management

The scope will include process for the implementation of the TB Policy on Information Management, the Directive on Information Management Roles and Responsibilities including ensuring that governance structures, mechanisms and resources are in place to support the continuous and effective management of information.

2. Two Audits of Key Financial and Administrative Processes

To provide continuous assurance to senior management that, in general, financial and administrative practices respect policies and directives.

High Audit Priority

Maps to Corporate Risks:

Maps to MAF:

  • Stewardship
  • Results and performance
  • Financial Management

See project description in 2014–2015

3. Investment Planning

The audit will assess the adequacy of Investment planning governance, risk identification and management, and controls for ensuring follow through on investment decisions.

High Audit Priority

Maps to Corporate Risks:

  • Asset Management

Maps to MAF:

  • Investment Planning and Management of Projects

The scope will include the processes in place to implement the TB Policy on Investment Planning -- Assets and Acquired Services including the efficiency and effectiveness of the investment planning regime.

4. Reservation system

To provide assurance that the framework in place (governance, roles and responsibilities, communication and controls) allows for sound management of the campground reservation system.

Moderate Audit Priority

Maps to Corporate Risks:

 

Maps to MAF:

 

A new campground reservation system was implemented in 2013–2014. The new service allows for visitors to choose and reserve ahead of time their site in one of our 20 national park. Reservations can be made on line or by phone. The new system integrates data from other systems in place like POS and STAR.

A compliance audit will validate that controls in place are functioning to ensure completeness and accuracy of data.

5. Audit of Compliance with Organizational Design Requirements

To provide assurance that decisions made with respect to organizational models and control of salary costs are being implemented as intended.

Moderate Audit Priority

Maps to Corporate Risks:

 

Maps to MAF:

 

The Agency has created a suite of organizational models for various functions (e.g., External Relations, Visitor Experience, and Resource Conservation) and implemented requirements to control salary costs (e.g., costed organizational charts). The audit is focused on assessing continued compliance across the Agency with respect to organizational design and control of salary expenditures.



Project Resources Size Hours O & M ($) Total ($)
2016–2017 2017–2018  
5,600 37,000   283,400
1. Audit of Information Management Large 1,500 5,000   71,000
2. Two Audits of Key Financial and Administrative Processes Small 800 14,000   49,200
3. Investment Planning Medium 1,200 5,000   57,800
4. Reservation system Medium 1,200 8,000   60,800
5. Audit of Compliance with Organizational Design Requirements Small 900 5,000   44,600

Appendix A. Steps in Audit Planning

1. Audit Universe

The audit universe consists of 30 entities reflecting sub-programs in the PAA and internal services with some adjustments and modifications to amalgamate sub-programs where it makes sense and to add a few entities that are not part of the PAA structure.[5] Many of these entities (e.g., national parks conservation, human resources management) are complex and can farther divided into several sub-elements so that in principle the universe may expand over time to 70 or more entities.

2. Describing and documenting Audit Entities

A description of each audit entity is prepared with basic information (purpose, budget, expenditures, governance framework, owner, partners, stakeholders, supporting information systems, and financial coding etc). Additional information is gathered to then rate the entity on three dimensions adapted from the OCG Practice Guidebook --- Internal Audit Planning for Departments and Agencies (2006):

  • Significance reflects the overall importance of the entity to Agency, the scope of its reach, the dollar value (materiality) associated with it and/or impact of the entity on stakeholders;
  • Public Visibility reflects the extent to which an entity is routinely subject to scrutiny by the general public, stakeholder groups and the media;
  • Risk Exposure takes account of the number, nature and types of risk to which an entity is exposed and the severity and breath of possible consequences.

3. Prioritization of Audit Entities

Prioritization consists of assigning a significance, public visibility and risk exposure score to each entity (i.e., each with a five point scale ranging from 1 very low significance, visibility or exposure to 5 very high significance, visibility or exposure), and then combining the scores (i.e., weighted 30% for significance, 20% for visibility and 50% for risk exposure) to create a final priority score for each entity.

Level Range Description
Very High 4.26 – 5.00 Entities considered to be highly important from an audit standpoint and should be subject to internal audit activity. Where possible, audits of these priorities should be conducted early in the planning cycle to permit the generation of assurance in a timely fashion.
High 3.51. – 4.25 Entities considered as an important audit priority and should be audited in the planning cycle, but not necessarily in the first year of the plan.
Moderate 2.51 – 3.50 Audit resources may be expended; however these areas are only of moderate audit priority during this planning cycle.
Low 0.00 – 2.50 Little to no justification for audit resources to be expended in these areas during this planning cycle.

Appendix B. Corporate Risk Profile 2014–2015

Risk Category and Label Risk Statement Risk Owner
Public

Aboriginal Engagement

A decrease in Aboriginal engagement with Parks Canada may impact the Agency’s ability to deliver on and advance its programs.

Director, Aboriginal Affairs Secretariat

Partnering

Parks Canada may not be able to effectively collaborate with potential partners due to internal capacity (such as deficiencies in financial authorities) or external factors. This could limit our ability to leverage opportunities, extend our reach, grow our base of support, and advance our programs.

VP, External Relations and Visitor Experience

Public Awareness and Support

Local communities, stakeholders, NGOs, and the Canadian public may not be sufficiently aware or supportive of Parks Canada, compromising the Agency’s ability to fulfill its mandate.

VP, External Relations and Visitor Experience

Socio-economic

Competitive Position

Parks Canada may fail to attract visitors if it does not maintain a strong competitive position within the tourism industry and respond to the changing needs and expectations of visitors.

VP, External Relations and Visitor Experience

External Development Pressures

Development pressures may limit opportunities for establishment of new national parks and national marine conservation areas, affect the ecological integrity of national parks and the ecologically sustainable use of national marine conservation areas, as well as impact commemorative integrity at Parks Canada’s national historic sites in urban areas.

VP, Protected Areas Establishment and Conservation; VP, Heritage Conservation and Commemoration

Environmental

Disasters

Natural and human-originated disasters may impair or destroy critical infrastructure and lead to significant unforeseen expenses, serious injury, loss of life and the permanent loss of assets of national significance.

Chief Administrative Officer; VP, Operations, Eastern Canada; VP, Operations, Western and Northern Canada

Environmental Forces

Environmental forces such as habitat changes, exotic/invasive species may limit the Agency’s ability to make improvements in ecological integrity in national parks and meet legal requirements related to Species at Risk.

VP, Protected Areas Establishment and Conservation

Parks Canada’s Business Operations

Asset Condition

Assets are continuing to deteriorate with the result that almost half of the Agency’s built assets are in poor or very poor condition.

Chief Administrative Officer

Information Management

Failure to identify, capture, manage, share and report pertinent data, plus maintain security of information and knowledge, may hinder the ability to effectively manage all program areas and meet legal requirements.

Chief Administrative Officer

Source: Parks Canada Agency Corporate Risk Profile 2014-15

Appendix C. Risk Taxonomy

Risk Domain Definition Risk Area Risk Area Definition

A. Strategic

Loss or damage caused by external conditions or events which may negatively affect the government's policy or program position, asset base or other decisions.

1. Transformation

The risks associated with the government's inability to make needed program, policy or other changes to adapt to, or efficiently meet emerging or evolving needs.

2. Alignment and Priority Setting

The risks associated with the misalignment of activities, priorities and financial resources.

3. Public Opinion

The risks associated with a shift of public opinion.

4. Economic

The risks associated with major disruptions in the Canadian or world economy.

B. Operational

Loss or damage caused by failures in people, processes or internal systems.

1. Human Resources

The risks associated with maintaining a sufficient and representative workforce with the appropriate experience and skill-mix.

2. Third Party

The risks associated with the failure on the part of third parties on which the Government depends.

3. Knowledge Capital

The risks associated with loss or failure to manage information, including intellectual property, organizational or operational information, and personal information of Canadians.

4. Capital Infrastructure

The risks associated with deteriorating or damaged capital infrastructure including hard assets (e.g., buildings, vessels, scientific equipment), but excluding IT infrastructure.

5. Information System Infrastructure

The risks associated with failure or incapacity of information technology.

6. Legal and Compliance

The risks associated with violation of laws, regulations, international treaties / agreements and policies.

7. Internal Fraud

The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by internal personnel for personal gain.

8. External Fraud

The risks associated with illegal acts or irregularities resulting from an intentional misrepresentation or corruption by a partner or the public for personal gain.

C. Hazard

Loss or damage caused by natural, accidental or pre-meditated actions

1. Natural Hazards

The risks associated with natural, e.g., biological or climatic hazards.

2. Human Actions - Intentional

The risks associated with chemical, nuclear or other hazards, resulting from deliberate actions.

3. Human Actions - Unintentional

The risks associated with chemical, nuclear or other hazards, resulting from accidents.

Appendix D. Past Coverage by Priority Ratings

PA Number Entity Priority Audits Evaluation Coverage

6.2.3

Information Management

4

Audit Of Information Management (2009)

 

6.2.2

Financial Management

3.9

10 Finance And Administrative Audits between April 2009 and March 2013.

Audit Management of Revenue -Rentals and Concessions (2012)

 

6.2.4

Information Technology

3.9

Performance Audit of the GIS

 

5.2

Through Highway Management

3.7

Audit Of The Twinning Of The TCH (2012)

Evaluation (Dec. 2010)

5.3

Through Waterway Management

3.7

 

Evaluation (2010 and 2012)

4.3.1

Visitor Safety

3.6

   

6.3.1

Real Property

3.5

 

Evaluation (2009)

3.1

Public Outreach Education and External Communications

3.4

   

6.1.1

Management and Oversight

3.4

OCG Audit Of Corporate Risk Profiles (2009)

OCG Audit of Compliance with the MRRS Policy (2012)

 

3.2

Stakeholder and Partner Engagement

3.1

   

4.3, 4.5, 4.7

Visitor Service Offer

3.1

 

Evaluation (2011)

6.1.2

Internal Communication

3.0

   

2.4.1

National Historic Sites Cost-Sharing

3.0

Audit Of The Management Of The Cost-Sharing Contribution Program (2011)

Evaluation (2012)

6.2.5

Other Administrative Services (security, business continuity)

3.0

   

2.1

National Parks Conservation

3.0

CESD Study Of Environmental Monitoring Systems (2011)

Audit Of Law Enforcement Program-Arming Initiative (2011)

CESD Audit of EI in National Parks (starting in 2012)

Evaluation 2013

4.1

Market Research and Promotion

2.9

   

6.2.1

Human Resources Management Services

2.9

Audit Of Pay And Benefits (2009)

Independent 5 Year Review Of Human Resources Regime (2010)

HR Process In Coastal BC (2011)

OCOL Audit Of Delivery of Bilingual Services to Visitors by Parks Canada (2012)

 

6.3.2

Acquisition

2.9

Acquisition Card Process (2012)

 

1.1

National Park Establishment and Expansion

2.8

 

Evaluation (2012)

5.1

Townsite Management

2.6

   

6.1.3

Legal

2.4

   

2.3

National Historic Sites Conservation

2.1

   

2.1.1

Species at Risk

1.9

CESD Audit of SARA

Interdepartmental Evaluation (2012)

4.2, 4.4, 4.6

Interpretation

1.9

   

6.3.3

Material

1.6

   

2.2

National Marine Conservation Areas Sustainability

1.5

CESD Audit of Marine Protected Areas (2012)

Interdepartmental Evaluation (2012)

1.2

National Marine Conservation Area Establishment

1.3

   

1.3

National Historic Site Designations

1.2

   

2.4

Other Heritage Places Conservation

1.1

   

1.4

Other Heritage Places Designations

0.8

   

[1] The terms of reference for the committee were updated in September 2012.

[2] The salary for executive level employees including the CAEE is administered centrally in the Agency and does not form part of the functions budget.

[3] These are the Law Enforcement Program and the General Class Contribution Program.

[4] The total dollars is the cost for auditor salary and expenses associated with the various projects for the current fiscal year.

[5] These are the Law Enforcement Program and the General Class Contribution Program.