ARCHIVED Follow-up to the Audit of the NRC Industrial Research Assistance Program (IRAP)

Transcription

1 NATIONAL RESEARCH COUNCIL CANADA ARCHIVED Follow-up to the Audit of the NRC Industrial Research Assistance Program (IRAP) This PDF file has been archived on the Web. Archived content Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats by contacting us at

2 N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Follow-up to the Audit of the NRC Industrial Research Assistance Program (IRAP) I n t e r n a l A u d i t, N R C O C T O B E R

3

4 1.0 Executive Summary and Conclusion Background This report presents the findings of the Follow-up to the Audit of the NRC Industrial Research Assistance Program (NRC-IRAP). The decision to conduct the audit was approved by the President following the recommendation of the Senior Executive Committee and thereafter by the Departmental Audit Committee on April 29, 2010 as part of the NRC to Risk-Based Internal Audit Plan. Audit objective, scope and methodology In accordance with the Treasury Board Policy on Internal Audit and professional auditing standards, the objective of this audit was to verify management s progress in implementing their action plans in response to the recommendations contained in the Internal Audit of NRC-IRAP as well as those subsequent recommendations emanating from three Finance Branch audits of IRAP recipients issued between February 2008 and November The scope was limited to the four NRC-Internal Audit recommendations and the 13 recommendations emanating from the recipient audits. However, in order to assess the effectiveness of the changes made to the financial monitoring framework, the results of the June 2011 Finance Branch recipient audit were reviewed given that they were pertinent to the time period audited. In assessing management s progress in implementing the audits recommendations, the six potential rating standards issued by the Office of the Comptroller General and described in the Appendix formed the basis of our observations. The audit procedures included, but were not limited to: conducting interviews with NRC managers and staff; reviewing relevant NRC-IRAP October

5 documentation and SONAR 1 applications; and placing reliance on the continuous audits of the contribution agreements undertaken by NRC-Internal Audit in response to risks associated with the Canada Economic Action Plan (CEAP) funds (file reviews and data analysis of 130 contribution agreements). Audit opinion and conclusion Overall, we found the level of implementation of both Internal Audit and Finance Branch audit recommendations to be very positive. The majority of the recommendations have been fully or substantially implemented. Significant progress has been identified with respect to business planning as well as implementing revised monitoring control frameworks for Firms and Organizations. While the frequency and quality of monitoring efforts have substantially improved, we noted other opportunities to further minimize the risks of overpayments and stacking. Progress has also been noted with regard to the development and implementation of a nationally coordinated approach to the collection, analysis and reporting of performance information for Firms including a recent upgrade to SONAR essential for data collection. Senior management has reported that the delivery of the CEAP has by necessity diverted their attention from responding to this audit recommendation for Organizations but the development of a performance measurement framework is ongoing. Our recommendation with respect to planned improvements to SONAR for Organizations to assist IRAP Advisors in exacting and demonstrating due diligence with respect to appropriate project approvals and amendments has become obsolete due to the fact management chose more costeffective means to address these issues. However, significant enhancements have been made to SONAR for more effective management of contribution agreements for Firms. 1 SONAR is NRC-IRAP s client relationship management system by which all contribution agreements for Firms are managed and to a lesser extent Organizations. October

6 Recommendation: 1. NRC-IRAP Management should verify ITAs understanding of the importance of monitoring / site visits in lowering the risk of over-payments that may be caused by stacking issues, or other reasons. NRC-IRAP Management should verify that Preparatory Meetings and First Claim Validation procedures are being followed. [Moderate Priority] NRC Management Response: NRC-IRAP agrees with this recommendation and acknowledges that there are opportunities to improve this process and further minimize the risks of overpayments that may be caused by stacking and/or other issues. NRC- IRAP s Director General Office will issue a communication piece to its Senior Leadership Team (to be sent to staff) related to the importance of site visits and how these visits can contribute to prevent risk of overpayments. This communication piece will also stress NRC-IRAP Management s role in ensuring that its staff understands the importance of site visits by December NRC-IRAP s Director General Office will issue a communication piece to its Senior Leadership Team (to be sent to staff) related to the procedures surrounding the preparatory and claim-related meetings and the post payment validation of the first claim. This communication piece will also stress NRC- IRAP Management s role in ensuring that its staff understands these procedures. NRC-IRAP will review the sections of the Field Manual pertaining to preparatory and claim related meetings to ensure that more emphasis is placed on the requirement for segregating costs and maintaining adequate financial records October

7 to reduce the possibilities of overpayments and stacking issues by December For all of the above, NRC IRAP Management will monitor performance thereafter in order to verify staff understanding as recommended. Statement of assurance In my professional judgement as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against preestablished audit criteria that were agreed upon by management. The opinion is applicable only to the entity examined. Jayne Hinchliff-Milne, CMA, Chief Audit Executive NRC Audit Team Members Mayan Ismail, Junior Auditor, BCom Jean Paradis, Audit Manager, CA, CIA October

8 Appendix : NRC Internal Audit Implementation Rating Scale for Management Action Plans Legend Ratings Description Level 1: No Progress or Insignificant Progress Actions such as striking a new committee, having meetings, and generating informal plans are regarded as insignificant progress. Level 2: Planning Stage Formal plans for organizational changes have been created and approved by the appropriate level of management (at a sufficiently senior level, usually executive committee level or equivalent) with appropriate resources and a reasonable timetable. Level 3: Preparations for Implementation The entity has made preparation for implementing a recommendation by hiring or training staff, or developing or acquiring the necessary resources to implement the recommendation. Level 4: Substantial Implementation The structures and processes are in place and integrated within at least some parts of the organization, and some achieved results have been identified. The entity will also probably have a short-term plan and timetable for full implementation. Level 5: Full Implementation The structures and processes are operating as intended and are fully implemented. Obsolete It is no longer applicable because the process or issue has become outdated as a result of having been superseded by something newer, i.e., management resolved the issue by doing something else. October