City of Saskatoon Updated Internal Audit Plan SPCF Public Meeting. Date of Submission: March 29, 2016 Date of Meeting: April 4, 2016

Similar documents
Key Risks and Risk Based Management Update

I S D I G I TA L S T R AT E G Y

Sustainability and Internal Audit Innovating to add value 21 April 2016

Statement of Work Business Continuity Project Submitted on August 8, 2017 for SPC on Finance on August 14, 2017

AUDIT COMMITTEE REPORT

Statement of Work Contract Management Advisory Project Submitted on May 29, 2018 for SPC on Finance on June 5, 2018

Statement of Work. Human Resources (HR) Health Check Engagement HR Function Process Assessment & Talent Management Process Assessment

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

Auditing Corporate Strategies

Service Inventory. Prepared by: Ryan Gray. Strategy Management Branch

Administrative Response and Timelines PwC Human Resources (HR) Health Check Engagement

Branch Information Technology

Management Accountability Framework

GCC VAT implementation roadmap are you ready?

Draft Internal Audit Plan for Institute of Technology Blanchardstown 2017

KING IV GOVERNANCE PRINCIPLES APPLICATION BY MURRAY & ROBERTS FY The governing body should lead ethically and effectively (Leadership)

BOARD STANDING AND AD HOC COMMITTEES

ISO 29990:2010 Standards

Siuslaw valley Fire Rescue & Western Lane Ambulance. SHARED ADMINISTRATIVE SERVICES Proposed Implementation Plan

Audit report Written statement of response to the audit report from the health service CEO

Progress Report on the City s SAP Implementation

Answer the following questions to determine your team s purpose.

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

City of Saskatoon Business Continuity Internal Audit Report

SUPPLY CHAIN MANAGEMENT AND PROVIDER PAYMENTS POLICY

Ministry of Government Relations. Plan for saskatchewan.ca

Branch Law. Introduction

Governance Process ENDS. Board- President Relationship. Executive Limitations

Group Technology Committee Charter

Efficiency First Program

EY Center for Board Matters. Leading practices for audit committees

Finance for Non- Finance Executives

Chapter 9 Corporate responsibility reporting and assurance

A Strategic Guide to Visibility & Cost Reduction

Audit Planning and risk assessment. Presentation by Richard Maggs to the PEMPAL Seminar in St Petersburg September 2013

Capital Metropolitan Transportation Authority Response to the State-Mandated Performance Audit, January 12, 2017

Emerging Technology and Security Update

What is the right path to prepare for accounting change?

Annual Regulatory Compliance and Quality Report. Deloitte LLP June 2015 Audit 2014/15

The Corporation of the City of Windsor Manage Changes to Information Systems

To the Directors of the Canadian Wireless Telecommunication Association

Chapter 17 Corporate responsibility reporting and assurance

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Sto. Domingo DO JULY 2017

Operational Transaction Services

AUDIT COMMITTEE REPORT

Session 608 Tuesday, October 22, 2:45 PM - 3:45 PM Track: Industry Insights

Getting ready for AMP6 Delivering Capex Programmes in the Water Sector

How to qualitatively assess indefinite-lived intangibles for impairment

What Else Is There to Know About External Audits?

Public Sector Certificate Program

pwc.co.uk Crisis management

The Annual Audit Letter for Devon Partnership NHS Trust

Business Plan

City Auditor s Office 2017/18 Annual Audit Plan

Navigating the brave, new world of equipment lease management April 20, 2016

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2012/13

The Sustainability Value Equation & Benefits of Risk Management

ISACA San Francisco Chapter

2019 WORK PLAN POWERING LONG ISLAND S CLEAN, RELIABLE, AND AFFORDABLE ENERGY FUTURE. lipower.org

Gearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau.

INTERNAL AUDIT OFFICE (IAO) FISCAL YEAR 2019 RISK-BASED AUDIT PLAN

Assurance Dashboard. Audit added to review controls related to Audit Added Procurement. increased activity due to hurricane Irma 2017 CAT Travel and

Independent Assurance Practitioner s Report on the pro forma 25 October 2015 balance sheet to satisfy ASX listing requirements

Snow & Ice Management Program Value for Money Report

How much has the efficiency of support functions improved?

Phumelela Gaming and Leisure Limited

DECOMMISSIONING AND DISINVESTMENT STRATEGY CCG: CS01

Lincolnshire County Council Counter Fraud Plan 2017/18. June Page 69. for all your assurance needs

INSEAD PPPs as Policy Instruments. Abraham Akkawi November 29, 2010

Looking beyond simple savings

BCP Methodology Benefits realisation

Internal Audit Services. March 2017

City College Norwich - Subcontracting Policy 2018/19

Our mission is to promote transparency and integrity in business. We monitor the quality of UK Public Interest Entity audits. We have responsibility f

Strategic Technology Advisory Services. Building a better working world from strategy through execution

TABLE OF CONTENTS. Overview Resource Planning, Energy Efficiency and Renewable Energy Transmission & Distribution System Reliability...

Chris Horton, Ph.D., CIA, CGAP County Auditor. Arlington County Auditor DRAFT Annual Audit Work Plan FY 2019

Creating value through vendor management. 16 April 2014

Introduction. The Assessment consists of:

Consultation Regulatory Impact Statement

Annual reporting in 2016/17: broad perspective, clear focus Aide mémoire

Rolling workplan of the CGIAR System Internal Audit Function for

2/20/2013. Information Governance Matters: Real-World Lessons. Real-World Events. Information

PwC Nigeria IFRS Newsletter. September 2014

ICMI PROFESSIONAL CERTIFICATION

EXECUTIVE COMPENSATION

REQUEST FOR PROPOSAL

Terms of Reference for the Audit and Risk Committee (the Committee )

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

Service Business Plan

Skills Team Supply-Chain Fees and Charges Policy

Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016

4/26. Analytics Strategy

Building Operational Management Excellence

A Discussion About Internal Controls February 2016

Strategic Resource Plan

Application Decommissioning in Regulated Industry

Empowering ERP Asset Management Solutions

Management Responsibilities Comparative Table

Regulatory financial reporting for Royal Mail

Transcription:

City of Saskatoon 2016 Updated Internal Audit Plan SPCF Public Meeting Date of Submission: March 29, 2016 Date of Meeting: April 4, 2016

Table of Contents Context - Updating Internal Audit Plan 3 Introduction 4 Key Updates 5 Risk Coverage 6 Five Year Internal Audit Plan 7 Key Assumptions 8 2015 Actual 9 2016 Projected 10 2017 Planned 11 2018 Planned 12 2019 Planned 13 Unassigned Risks 14 Next Steps 15 PricewaterhouseCoopers LLP 2

City of Saskatoon Internal Audit Plan Context - Updating Internal Audit Plan PwC 3

Introduction The internal audit plan has been updated to revise the timing of certain projects. The risk assessment exercise conducted in 2015 continues to be valid. This plan represents the proposed project coverage for the next 4 years for the annual calendar year cycle through to December 31, 2019. PricewaterhouseCoopers LLP 4

Key Updates The internal audit plan has been updated in consideration of the following: No new risks have been identified since the internal audit plan approved in July 2015. Accordingly, the individual projects put forward in July 2015 have not changed, although the ordering of certain projects has been modified. The 2016 calendar plan now includes 5 projects, increased from 4 in the original plan. This is the result of 250 hours not utilized in 2015 being used in 2016 for a target of 2,800 hours from 2015 and 2016 combined (i.e. 1,400 per year). Reordering of certain projects based on: a) logistics and b) facts and circumstances impacting ideal timing of projects in order to maximize usefulness of project to stakeholders and SPCF. PricewaterhouseCoopers LLP 5

Risk Coverage A common target for internal audit functions is to address 80% to 100% of high risk areas within a 3 to 5 year cycle, plus emerging issues and management and professional standards requirements. In the initial plan presented in July 2015, all high risk areas were covered by projects in the first 3 years of the plan, with some medium risk projects beginning to be incorporated in Year 3 (2017). In the revised plan, this is still the case although some projects addressing medium risk areas have been moved to Year 2 (2016), with the final high risk area being addressed in the first quarter of 2018. We have not been presented with any emerging issues to address. PricewaterhouseCoopers LLP 6

City of Saskatoon Internal Audit Plan Five Year Internal Audit Plan PwC 7

Key Assumptions Prioritization of the plan is based on inputs through the survey conducted in 2015 and our subsequent discussions with SPCF and the Administration. Administration and the SPCF have responsibility for audit priorities based on risk. PwC will be responsible for executing the plan and reporting on audits. Administration is expected to provide revised risks for us to update our plan going forward on an annual basis. Beside each Audit Area in the first column of each of the years, the first number (i.e. 1) indicates the current position of the project within the 5-year audit plan while the second number indicates the previous position PricewaterhouseCoopers LLP 8

2015 - Actual Audit Area (1) (1) Risk Assessment and Council Surveys/ Presentation (2) (2) Road Maintenance (3) (3) Snow and Ice Management Scope Initial risk assessment and audit plan preparation - COMPLETED Assess the economy, efficiency and effectiveness of road maintenance - TO BE COMPLETED IN EARLY 16 Assess economy, efficiency and effectiveness of snow and ice management COMMENCED IN 15 Actual Hours Fees ($ 000) Risk Level Type of Audit / Assurance / Advisory 650 101 N/A (Assurance & Advisory) 400 67 Value for Money (Assurance) 100 20 Value for Money (Assurance) Total achieved 15 1,150 188 Carryover to 2016 250 Total incl. carryover 1,400 High Risk Areas Medium Risk Areas Low Risk Areas PricewaterhouseCoopers LLP 9

2016 - Proposed Audit Area (3) (3) Snow and Ice Management (Continued) (4) (7) Revenue Generation (5) (9) Asset Life Cycle Costs (6) (12) Transit Services (7) (17 & 18) Human Capital Planning and Management Scope Assess economy, efficiency and effectiveness of snow and ice management program Assess potential options with respect to additional revenue generation Review current capital budgeting process and identify improvements to incorporate asset life cycle costs including future operating cost impact Assess economy, efficiency and effectiveness of the transit services Review process with respect to resource management (including decisions with respect to appropriate number of staff) and succession planning for critical positions Estimated Hours Fees ($ 000) Risk Level Type of Audit / Assurance / Advisory 325 53 Value for Money (Assurance) 400 62 Advisory 425 70 Advisory 425 70 Value for Money (Assurance) 75 9 Advisory Total proposed 16 1,650 264 Total achieved 15 1,150 188 High Risk Areas Total 15 and 16 combined Medium Risk Areas Low2,800 Risk Areas 452 PricewaterhouseCoopers LLP 10

2017 Planned (subject to change based on annual risk review) Audit Area (7) (17 & 18) Human Capital Planning and Management (Continued) (8) (4) Sidewalks (9) (5) Bridge Maintenance (10) (6) Business Continuity Scope Review process with respect to resource management (including decisions with respect to appropriate number of staff) and succession planning for critical positions Assess economy, efficiency and effectiveness of sidewalk maintenance Assess economy, efficiency and effectiveness of bridge maintenance Review current disaster recovery and business continuity plans for the City and identify improvements Estimated Hours Fees ($ 000) Risk Level 430 71 Advisory Type of Audit / Assurance / Advisory 400 67 Value for Money (Assurance) 400 67 Value for Money (Assurance) 170 27 Value for Money (Assurance) Total planned 17 1400 232 High Risk Areas Medium Risk Areas Low Risk Areas PricewaterhouseCoopers LLP 11

2018 - Planned (subject to change based on annual risk review) Audit Area (10) (6) Business Continuity (Continued) (11) (8) Citizen Engagement Process (12) (11) Budgeting Process (13) (10) Infrastructure Investment Evaluation (14) (13) IT Security Scope Review current disaster recovery and business continuity plans for the City and identify improvements Review current processes for engaging with citizens and their effectiveness including customer response mechanism. Assess economy, efficiency and effectiveness of budgeting process Review process for evaluating infrastructure investments and management s process to minimize risk of under/over investment Review current state of privacy of information and overall IT security policies, procedures and practices Estimated Hours Fees ($ 000) Risk Level Type of Audit / Assurance / Advisory 230 39 Value for Money (Assurance) 400 68 Operational (Assurance and Advisory) 350 59 Value for Money (Assurance) 300 51 120 20 Assurance IT (Assurance) Total planned 18 1400 237 High Risk Areas Medium Risk Areas Low Risk Areas PricewaterhouseCoopers LLP 12

2019 - Planned (subject to change based on annual risk review) Audit Area (14) (13) IT Security (Continued) (15) (15) Parks and Recreation (16) (16) IT Governance Audit (17) (14) Building Maintenance Scope Review current state of privacy of information and overall IT security policies, procedures and practices Assess economy, efficiency and effectiveness of parks and recreation facilities Review current governance process around IT goals & initiatives and their alignment to business needs Assess economy, efficiency and effectiveness of building maintenance Estimated Hours Fees ($ 000) Risk Level 230 40 IT (Assurance) Type of Audit / Assurance / Advisory 400 69 Value for Money (Assurance) 325 56 Operational (Assurance) 400 69 Value for Money (Assurance) Total planned 19 1,355 234 Unallocated 45 High Risk Areas Medium Risk Areas Low Risk Areas PricewaterhouseCoopers LLP 13

Unassigned Risks Audit Area Scope Risk Level Type of Audit / Assurance / Advisory Integrated Asset Management System Review benefits and drivers for an integrated asset management system and create roadmap for implementation IT (Advisory) Systems Integration Assess business case for integration of IT systems and related benefits that can be achieved by the organization Advisory Staff Turnover and Retention Assess root causes for high turnover and review current processes to address this within the City Assurance Climate Change Strategy Evaluate the City s climate change strategy and efforts to manage related risks Assurance Garbage Collection Assess efficiency and effectiveness of garbage collection function Value for Money (Assurance) Procurement and Sole Sourcing Assess compliance with procurement and sole sourcing processes for key contracts for the last 2-3 years Assurance Regional Growth Plan Assess the City s current growth plan, related risks and efforts undertaken to align efforts with neighbors Advisory CO2 Reduction Initiatives Review the current environmental strategy of the City and benchmark with other cities to identify what CO2 Reduction initiatives could be considered Advisory Fleet Maintenance Cross Charging of Costs Review current condition of fleet across the City and help identify how to manage them more effectively. Advice on how to build a lease vs buy option Review the current process for cross charging costs from different areas and assess whether the distribution is fair and what can be done to improve the methodology to accurately reflect actual costs Operational (Advisory) Assurance High Risk Areas Medium Risk Areas Low Risk Areas PricewaterhouseCoopers LLP 14

Next Steps PwC 15

Next Steps Work with management to organize the rest of the audits. Present our audit reports. Refresh risks and internal audit plan before December 2016. PricewaterhouseCoopers LLP 16

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback