Managing Risks For Results Internal Audit Perspective. Planning & Performance Exchange (PPX) Learning Event November 3, 2009

Similar documents
INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING

Audit of Entity Level Controls

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

ARCHIVED Audit of Risk Management

Evaluation: A Canadian Government Priority Rafika Amira Danish Evaluation Society Conference 2007 Kolding, Denmark September 15, 2007

Integrated Business Planning Audit

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

Audit of Policy on Internal Control Implementation (Phase 1)

Internal Audit Principal

Management Accountability Framework

Audit of the Management Control Framework (MCF) Spectrum Telecommunication Program (S/TP) Final Report. Audit and Evaluation Branch.

Management Accountability Framework (MAF) Overview

Audit of the Governance and Strategic Directions

Generic Valuation Tool Management and Oversight

AUDIT REPORT NOVEMBER

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

Audit of the Delegation of Authorities for Select Human Resources Processes

Audit of the Movable Cultural Property Program

ARCHIVED - Evaluation Function in the Government of. Archived Content. Centre of Excellence for Evaluation Treasury Board of Canada Secretariat

Horizontal audit of the Public Services and Procurement Canada investigation management accountability framework

Audit of Information Management. Internal Audit Report

GOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL

Fraud Risk Management

Natural Resources Canada

JOB DETAILS. Chief Executive Officer Office of the Chief Executive Officer Office of the Chief Executive Officer NEMISA Board 15

Audit of Human Resources Planning

EY Center for Board Matters. Leading practices for audit committees

Public Sector (Outcomes) Performance Measurement: Ethics, mechanics, challenges & lessons learned

Internal Audit of Compensation and Benefits

Audit of the Initiation Phase of the New Bridge for the St. Lawrence Corridor (NBSLC) Project

International Perspectives on Internal Control & Audit Systems in the Public Sector

FI Competency Profile and Core Curriculum. FMI PD Week 2010 Human Capital Stream - Tools November 24, 2010

Audit Report. Audit of Contracting and Procurement Activities

Final Audit Report. Audit of Information Technology (IT) Planning. June Canada

The CFO s Role in Resource Management

Internal Audit Charter

Shared Services and Systems -

The Red (Book) Rocks The Latest and Greatest Audit Standards

Internal Quality Assurance Report. Internal Audit/Inspector General Department

Procurement and Contracting Operations Audit

Financial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014

Internal Auditor Independence in the Public Sector

External Quality Assessment of the Internal Audit Activity at. County of Orange. April County of Orange Final Report: June 13,

Audit of Canada s Participation in the World Exposition Shanghai China 2010 (Expo 2010)

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

Audit of Public Participation and Consultation Activities. The Audit and Evaluation Branch

Internal Audit and corporate governance

1. Definition & Mission

Quality Assurance and Improvement Program (QAIP)

Treasury Board Policies for Investment Planning and the Management of Projects Lessons Learned & Status

Risk Management at Statistics Canada

Treasury Board Policy on Results

Chief Audit Executive, Global Internal Audit

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

ANNUAL GOVERNANCE STATEMENT 2016/17 AUDIT AND RISK COMMITTEE. 28 March Report by Chief Executive

Corporate Risk Management Audit

MPAC BOARD OF DIRECTORS MANDATE

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Business Continuity Planning. Prepared by: Audit and Assurance Services Branch

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Audit Planning and risk assessment. Presentation by Richard Maggs to the PEMPAL Seminar in St Petersburg September 2013

Audit of the Integrated Services Function at Selected Research Centres

International Finance Corporation

Justice Canada. Audit of Cost Recovery Process Improvement (CRPI) Initiative Phase 1. Audit Report. Internal Audit Services.

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

Internal Audit Charter

Canada AUDIT OF DIGITIZATION OF SERVICE AND HEALTH RECORDS. March Audit and Evaluation Division. Page i

Promoting Accountability & Transparency in Canada

Meeting Date: 2/19/2013 Meeting Type: Workshop Title: COUNCIL ITEM OF SPECIAL INTEREST: INTERNAL AUDITOR INDEPENDENCE

Borough of Poole Local Code of Governance

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Review of the Framework Governing the management of CSC s Responses to Internal and External Reports. Internal Audit Sector

Internal Audit Policy

Audit of Staffing and Classification

Contents. Contents 1 Executive Summary 2 What We Examined 2 Why It's Important 2 What We Found 2 Special Examination Opinion 4

Office of the Superintendent of Financial Institutions

EMNAMBITHI/ LADYSMITH MUNICIPALITY INTERNAL AUDIT SECTION

AUDITING. Auditing PAGE 1

Audit Committee Forum Alert 12

International Scan on Asset Management: Australia, Canada, England, and New Zealand. April 8-April 23, 2005

THE GBA+ FRAMEWORK A GUIDE TO BUILDING ORGANIZATIONAL CAPACITY FOR GENDER-BASED ANALYSIS+ (GBA+)

Presentation to the General Committee. City of Markham. January 18, Auditor General Services. Presented by: Geoff Rodrigues & Veronica Bila

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Audit of Business Continuity Planning

Evaluation of the Sustainability Reporting and Indicators Program (Sub-program 1.3.1) Final Report

LIBRARY AND ARCHIVES CANADA EVALUATION PLAN

Appendix 1 Detailed Internal Audit Strategic Planning Process

Director s Draft Report

PHASE TWO FOLLOW-UP REPORT ON THE AUDIT OF CONTRACTS (2008)

REPORT 2015/077 INTERNAL AUDIT DIVISION

Follow-up Audit of the CNSC Performance Measurement and Reporting Frameworks, November 2011

Audit of Corporate Information Management

APPENDIX 3 LOCAL CODE OF GOVERNANCE

Audit of Shared Services Canada s Information Technology Asset Management

Office of the Superintendent of Financial Institutions. Internal Audit Report on Supervision Sector: Deposit Taking Group - Conglomerates

Audit and Advisory Services Integrity, Innovation and Quality

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

Transcription:

Managing Risks For Results Internal Audit Perspective Planning & Performance Exchange (PPX) Learning Event November 3, 2009

Overview Why Focus on Risk Management? IA Risk Management Tools/Processes Risk-based Audit Planning Government-wide Audit Universe What Have We Learned? Key Strategies

Why Risk Management? TB Oversight support - OCG Mandate CG Annual Report on State of G o C Governance, Risk, & Controls/TB IA Policy Audit Intelligence gathering/decision-making support Early Warning - Control Risks/Failures Enhance Departmental Risk Management & Mitigation DH Accountability Officer Role Demonstrate effectiveness of Department s controls

IA Risk Management Tools/Processes Risk-Based Audit Plans & Guidelines OCG Horizontal Internal Audit Plan/ Risk Assessment Departmental Internal Audit Liaison Activities (CAEs, DAACs) Audit Intelligence (Trends, Gaps, Best Practices)

Internal Audit : Background The Policy on Internal Audit establishes standards and requirements for internal audit functions reinforcing Internal Audit across government and repositioning it in a key role supporting effective and credible governance. The Policy requires the Comptroller General to report annually to the Treasury Board on: Significant issues of risk, control and management arising from internal auditing across government; and Horizontal auditing Internal Audit requires value-added, robust audit methodologies that support a credible and holistic assessment of departmental controls. One of the key methodologies is risk-based internal audit planning.

The Assurance Cycle Scanning* Risk Perspective* Planning Risk Studies Selection of Assurance Products* Criteria Studies (Continuous Development) Assurance Engagements Recommendations Continuous Auditing Monitoring

Risk Based Audit Planning A systematic process where auditable entities are identified, prioritized according to risk and scheduled for the conduct of internal audit activities. Four step process: Development of the Audit Universe Preliminary Risk Prioritization of the Audit Universe Final Prioritization of the Audit Universe Audit Plan Completion

Development of PS Risk Landscape Government Priorities (as expressed in the Speech from the Throne); Priorities of Clerk. Top Down MAF Assessments Departmental Performance Reports Auditor General Reports Reports by other Agents of Parliament PSC Reports Reports on Plans and Priorities Corporate Risk Profiles Audit Risk Analyses, Reports and Plans Audit Monitoring & Followup R I S K A N A L Y S I S Consultative Annual Review Continuous Public Service Management Risk Landscape Other sources of risk information including US GAO High Risks, Corporate Executive Board, Audit Executive s Roundtable. Bottom Up

Step 1: Development of the Audit Universe Starting point for the organization s audit planning process Represents the potential range of all audit activities and is comprised of a number of auditable entities Entities include a range of programs, activities, functions, structures and initiatives which collectively contribute to the achievement of the department s strategic objectives (also typically captured in Corporate Risk Profile) Ranked relative to one another to derive Internal Audit priorities and plans (focus on areas of highest risk)

Public Service Management Risk Landscape: Situating the Audit Universe Stewardship Risk Management People Risk Auditability Low Audit Priority Moderate Audit Priority High Audit Priority Very High Audit Priority

Government-wide Audit Universe Audit Universe Element Stewardship Accountability Governance and Strategic Directions Results and Performance Risk Management People Auditable Entity Description Topic Objective Financial Management and Controls Alignment of Accountability Instruments Corporate Performance Framework Program Evaluation Function Effectiveness of Corporate Risk Management Workforce Management Financial systems and controls Application of authority, responsibility and accountability Suite of management processes and controls in place Independent assessment function of program or policy results Management approach risks All aspects of human resource management Financial Administration Act (FAA) Compliance Third Party Accountability Federal Accountability Act Evaluation Policy Compliance Integrated Risk Management Framework HR planning Compliance with Sections 32/33/34 of the FAA Effectiveness of MOU and other accountability instruments for partners Compliance with legislative provisions Compliance with TBS Evaluation Policy and associated standards Adequacy and effectiveness of risk management regime Adequacy and effectiveness of the controls for HR planning

Government-wide Audit Universe Audit Universe Element Policy and Programs Citizen-Focussed Services Public Service Values Learning, Innovation and Change Management Auditable Entity Description Topic Objective Quality of Program and Policy Analysis Public communications and outreach Organization s values and ethics framework Managing Organizational Change The processes for determining policy and program priorities The process by which citizen/client needs and expectations are determined The means of senior management establishment within organization The organization s change management processes and controls TB submission and Memoranda to Cabinet Public Opinion Surveys Values and Ethics Framework Learning and Development Quality and consistency Management of surveys Adequacy and effectiveness of organization s documented corporate values and ethics Adequacy and effectiveness of human resource learning and development approach

Step 2: Risk Prioritization of the Audit Universe Involves risk ranking of auditable entities based on a series of prioritization criteria: Assessing risk exposure Assessing risk significance Determining the preliminary audit priority (ies) Criteria are applied to each auditable entity based on information gathered through documentation review, consideration of past audit results, and consultation with senior management.

Chief Audit Executive Inputs Average Risk & Auditability of MAF Elements 5 Average Rating 4 3 2 1 3.7 3.5 3.4 3.2 3.1 2.8 2.5 0 People Stewardship Risk Management Public Service Values Governance and Strategic Objectives Learning, Innovation and Change Citizen focused Services

Step 3: Final Prioritization of the Audit Universe Considerations for final audit priorities and audit projects: Auditability Priorities of management and audit committee Priorities of OCG and TBS Priorities and plans of other assurance providers Time since last audit

Key elements: Step 4: Audit Plan Completion Scoping and selection of audit type Coverage of risk management, controls and governance in support of annual overall opinion Required resources/gaps assessment Planning for other activities Drafting the plan Approving the plan (DAAC & DH) Follow-up activities

What Have We Learned? Real Risk Management challenges/success opportunities exist e.g. Economic Action Plan - Significant Gaps between emerging Threat/Risk areas & level of Management Focus (Governance, V&E) Risk Management Knowledge/Capacity is improving but Processes still tend to heavily rely on: Today s Policy/Program assumptions Self-assessment of Risk Mitigations Involvement of Decision-makers is key

Key Strategies Challenge Conventional Wisdom & Assumptions Position/integrate the Risk Management Function as enabler of successful Corporate Strategy the expected results Integrate Judgement with Process and Data

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback