1. Foreword from the External Members of the Committee
It is with great pleasure that we submit the Annual Report from the external members of the Audit and Evaluation Committee (AEC) of the Office of the Commissioner of Official Languages (OCOL), for the year ending March 31, 2016. The current year included a change in membership. In October, Mrs. Susan Cartwright completed her tenure on the AEC after serving two years. During that period, she made a significant contribution to the organization with her advice on governance and oversight at OCOL. Following her departure, the Committee welcomed Mr. Gaëtan Lussier to the AEC.
We wish to express how pleased we are with the enhancements OCOL continues to make to its management practices and the organization responsiveness to items identified though the work of Audit and Evaluation and the views of the AEC. In 2015-2016, the organization was challenged with turnover to key staff within corporate management and with the difficulties of implementing a major IT project. OCOL responded very effectively to these challenges. Continued enhancements to the financial forecasting processes supported management in prudently managing resources to deliver on priorities and expected results throughout the year. Once again the soundness of OCOL’s accounting and financial reporting practices is evidenced by the clean audit opinion the Office of the Auditor General rendered on the 2014-2015 financial statements. The organization continues to leverage its audit function effectively to provide the Commissioner and management with assurance on governance, risk management and control practices and offer practical and helpful recommendations to address areas for improvement.
Over the past year we engaged the Executive team at each meeting. These conversations provided us with a valuable opportunity to learn more about OCOL’s business, challenges and accomplishments and to further management’s understanding of the AEC and its work. They assist us in providing advice aligned with the context and limited resources of the organization. We look forward to continuing these conversations in the coming year.
Commissioner, we sincerely appreciate your continued interest in and support for the Audit and Evaluation Committee. We would also like to thank your Executive team and, in particular, the Corporate Management Branch for their continued hard work and support for the AEC. In the coming year we will continue to fulfill our role as independent members, providing advice and recommendations on governance, risk management, and oversight activities at OCOL.
Tom Pulcine, CPA, CMA, Gaëtan Lussier
2. Introduction
The external members of the Office of the Commissioner of Official Languages (“OCOL”) Audit and Evaluation Committee (“AEC” or the “Committee”) prepared this annual report for the Commissioner of Official Languages, hereafter “the Commissioner”, to summarize the Committee’s activities and advice from April 1st, 2015 to March 31st, 2016. It also presents the key areas of focus of the Committee for fiscal year 2016-2017. The report is also designed to provide the external members’ assessment and recommendations as needed, on the capacity, independence and performance of the internal audit function.
In its advisory role to the Commissioner, the AEC provides independent and constructive advice regarding the adequacy and functioning of OCOL’s risk management, control and governance practices, as well as accountability frameworks and processes. The AEC also provides advice and guidance on OCOL’s evaluation function in addition to advice and guidance as may be requested by the Commissioner.
3. Role and membership of the Audit and Evaluation Committee
The AEC’s role is to provide the Commissioner with independent and objective advice, guidance and deliberation on the adequacy of OCOL’s governance, risk management and control frameworks and processes. The AEC is also charged with providing advice with respect to the use of evaluation within OCOL to support management practices, decision-making and program performance.
As specified in the Treasury Board Directive on Internal Auditing in the Government of Canada and the Treasury Board Evaluation Policy, the AEC provides oversight in the following key areas:
- Values and Ethics
- Risk Management
- Management Control Framework
- Internal Audit Function
- Evaluation Function
- External Assurance Providers
- Follow-up on Management Action Plans
- Financial Statements and Public Accounts Reporting
- Accountability Reporting
- Strategic Advice
The AEC exercises active oversight in core areas of OCOL’s control and accountability framework in an integrated and systematic way. In so doing, the AEC addresses high-level strategic issues as well as ongoing operational issues in the broad areas of both audit and evaluation.
This serves as an important support to the independence of the Internal Audit Function within OCOL and the neutrality of the Evaluation function, and helps ensure that the results of internal audits and evaluations are incorporated into the corporate priority setting and business and planning processes.
In broad terms, the work of the AEC reinforces the quality of financial and other performance information used by OCOL managers for decision-making and reporting and, thus, emphasises good management practices and accountability of managers in general.
The AEC, as a strategic resource to the Commissioner, also provides such advice and recommendations as may be requested by the Commissioner on specific priorities, concerns, risks, opportunities and/or accountability reporting.
The AEC was composed of the following members in 2015-2016:
- Graham Fraser, Commissioner, Chair
- Susan Cartwright, external member (mandated ended after the October 2015 meeting)
- Tom Pulcine, external member
- Gaëtan Lussier, external member (replaced Susan Cartwright in October 2015)
Required attendees for all AEC meetings include:
- Mario Séguin, Assistant Commissioner, Corporate Management Branch as well as Chief Audit Executive (“
CAE
”) - Michel Dion, Secretary to the Committee and Director, Planning, Audit and Evaluation
4. Summary of Audit and Evaluation Committee Activities
The sections that follow highlight key AEC activities and areas of focus for 2015-2016, together with the results of reviews.
4.1 Meetings
Three AEC meetings were held during the 2015-2016 fiscal year. As a regular component of each AEC meeting, the external members met individually in-camera with the CAE, and also with the Commissioner to raise and discuss issues in confidence.
In addition to the three AEC meetings noted above, a special meeting was held with representatives from the Office of the Auditor General (“OAG
”) on July 29, 2015 to review and discuss the 2014-2015 audited financial statements. As part of this meeting, the AEC members met in-camera with the OAG representatives.
The meeting dates were:
- June 9, 2015
- July 29, 2015 (special meeting)
- October 29, 2015
- February 3, 2016
There was a 100% attendance at these meetings by all members. Minutes were prepared for each meeting and they were approved by the AEC members at the meeting that followed.
4.2 Review of AEC Charter and Annual Plan
The Committee fulfills the role of the Departmental Audit Committee, as per the Financial Administration Act, and of the Departmental Evaluation Committee as per the Treasury Board Policy on Evaluation. As specified in the Treasury Board Directive on Internal Auditing in the Government of Canada and the Treasury Board Evaluation Policy, the AEC provides oversight in the following key areas:
- Values and Ethics
- Risk Management
- Management Control Framework
- Internal Audit Function
- Evaluation Function
- External Assurance Providers
- Follow-up on Management Action Plans
- Financial Statements and Public Accounts Reporting
- Accountability Reporting
- Strategic Advice
The roles, responsibilities and operations of the AEC were documented in a Charter that was approved by the Commissioner. To deliver on its Charter, the AEC developed an activity plan for how it was to deliver on its responsibilities in 2015-2016. Progress against this plan was monitored at each meeting throughout the year.
The Audit and Evaluation Committee Charter is reviewed annually by the members to ensure it is current and all members have a common understanding of the role of the Committee.
The AEC Charter requires external members to be free of any conflicts of interest and should any such potential or real conflicts arise the members are required to discuss them with the Commissioner. The external members use this report to confirm that they have performed their duties in the public interest and are free of any conflicts of interest. Susan Cartwright is a Commissioner with the Public Service Commission of Canada (“PSC”). She recused herself from all discussion of OCOL at the PSC, in the context of PSC’s oversight function.
The Audit and Evaluation Committee Charter was reviewed and approved at the February 2016 meeting. It includes a forward agenda for the year 2016-2017.
5. Audit and Evaluation Committee’s Core Areas of Responsibility
5.1 Values and Ethics
At the October 2015 meeting, the Senior Human Resources Advisor was invited to the AEC to make a presentation on Values and Ethics at OCOL. The presentation included the results of the public service employee survey, as well as the different committees and initiatives in place to promote and communicate value and ethics in the workplace. The AEC members expressed their satisfaction with the ways values and ethics is managed and promoted at OCOL.
5.2 Risk Management
At the February 2016 meeting, members reviewed and discussed OCOL’s 2016-2017 Corporate Risk Profile. The organization has fully updated the risk management approach with a methodology aligned with the current practice in risk management. The approach was designed to ensure all categories of risk, threats and opportunities were reviewed in the process. It also provides a framework to better integrate risk management in other corporate planning and oversight processes. The full risk analysis exercise was completed, resulting in a new Corporate Risk Profile for the year 2016-2017.
The members were satisfied with the new Corporate Risk Profile and noted that it should be a useful document to the new Commissioner.
5.3 Management Control Framework
The AEC reviewed OCOL’s management control framework (MCF) in a variety of ways throughout the year. Internal and external audit engagements often examine one or more elements of the MCF.
During 2015-2016, the AEC also examined and provided feedback and advice to the Commissioner and senior management on the MCF through its review and discussion of the following areas.
- Annual Staffing Monitoring Exercise
- Management Accountability Framework self-assessment
5.3.1 Annual Staffing Monitoring Exercise
At the February 2016 meeting, the Director of Human Resources presented the results of the Internal Annual Staffing Monitoring Exercise performed in May – June 2015. The presentation discussed how the Public Service Commission is modifying the approach for the staffing delegation and the monitoring requirements. OCOL will review and prepare a monitoring plan that aligns with the new requirements during 2016-2017. The members were satisfied with the results of the monitoring exercise.
5.3.2 Performance Management Framework
At the June 2015 meeting, the AEC received a presentation of the approach for the assessment of the management framework at OCOL. The presentation was a follow-up on the update provided to the AEC at the October 15, 2014, meeting. The new management accountability framework (MAF) model includes a short version for Small Departments and Agencies (SDAs). OCOL will review the types of reports that MAF 2.0 can generate for a small organization and how they can assist OCOL.
The AEC members discussed the proposed approach and provided advice to the organization, understanding that the new MAF process for SDAs is still in development.
5.4 Internal Audit
5.4.1 Risk-Based Audit and Evaluation Plan
The annual update of the Risk-Based Audit and Evaluation Plan (RBAEP) was reviewed and approved at the June 2015. As part of the review it was proposed to change the order of the two proposed projects and complete in 2015-2016 the evaluation project.
However, given the two audit reports completed during the year and the significant effort required to implement the recommendations, it was decided to postpone the evaluation project until 2016-2017. The members were informed of the decision at the February 2016 meeting and agreed with the strategy. The annual update of the Risk-Based Audit Plan for 2016-2017 was completed in March and recommended for approval by the members during a teleconference held on April 4, 2016.
5.4.2 Internal Audit Charter
The Internal Audit Charter is reviewed annually by the Committee. At the February 2016 meeting, the Internal Audit Charter was reviewed and recommended for approval. It was the same version as presented in February 2015.
5.4.3 CAE Update
At each meeting the CAE presented an update on his activities and the activities of the Planning, Audit and Evaluation Division at OCOL.
5.4.4 Audit of the IM/IT Renewal Project
The Committee reviewed the audit report on the Information Management and Information Technology (IM/IT) renewal project. Deloitte made a presentation at the October 2015 meeting.
The objective of this audit was to provide assurance on the effectiveness of OCOL’s project management framework and the progress of the implementation of the IM/IT Renewal Project, focusing on Module 2 which was the Client Relationship Management (CRM) solution. The audit was performed by Deloitte.
The audit report identified significant concerns with project governance, requirements definition and operational readiness.
The audit report included a total of fourteen recommendations covering:
- the overall governance and management of the project;
- the functional readiness of the system, including business requirements, data migration and privacy and security;
- the deployment and operational readiness, including people change management; and,
- consideration of the ongoing maintenance and operational costs of the system after deployment.
Management prepared a management response and action plan which addressed the key issues in a timely manner. The Committee appreciates that management put significant leadership effort into this key initiative for the organization and decided to de-scope the project definition in order to implement the required changes and successfully complete the project.
5.5 Evaluation
The AEC has the role of the Departmental Evaluation Committee. During the year the committee completed the following activities related to evaluation.
5.5.1 Evaluation Charter
The Evaluation Charter is reviewed annually by the Committee. At the February 2016 meeting, the Evaluation Charter was reviewed and recommended for approval. It was the same version as presented in February 2015.
5.6 External Assurance Providers
5.6.1 Horizontal Audit of IT Security
Last year, OCOL agreed to participate in the horizontal audit of IT Security which was included in the audit plan of the Office of the Comptroller General (OCG). The audit examined whether governance frameworks over IT security for unclassified government networks were in place.
Overall, the audit found that elements of such frameworks were in place but improvements were needed, particularly at the government-wide and shared IT infrastructure levels.
The audit made thirteen recommendations identifying areas for improvement in governance at the government wide level, governance at the departmental level and selected departmental control frameworks. Six of these recommendations were applicable to OCOL.
Management has developed a management action plan aligned with the needs of the organization. The report and the management action plan were presented and approved by the AEC at the February 3rd, 2016 meeting. The Committee was satisfied with the proposed approach and recommended for approval the management response and action plan.
5.6.2 OAG Audit of Financial Statements
The Office of the Auditor General (OAG) completed the annual audit OCOL’s financial statements. It provides assurance to OCOL from an external assurance provider of the organization’s financial results. (See section 5.8 Financial Statements)
5.7 Follow-up on Management Action Plans
The AEC monitors management’s implementation of action plans to address recommendations from internal audits, external audits, and evaluations. A report was presented at the June 2015, October 2015 and February 2016 AEC meetings.
The following table presents the status of recommendations at the beginning and end of the year.
| Project Title | Year | Recs Issued | Outstanding at Mar 31, 2015 | New | 2015-2016 Status | |||
|---|---|---|---|---|---|---|---|---|
| Fully Implemented | On-Track | Delayed | Outstanding at Mar 31, 2016 | |||||
| Audit of Investigative Practices | 2012-2013 | 10 | 2 | 0 | 2 | 0 | 0 | 0 |
| Audit of Strategic Communications and Promotions | 2013-2014 | 6 | 2 | 0 | 2 | 0 | 0 | 0 |
| Internal Audit Practice Inspection | 2014-2015 | 4 | 3 | 0 | 3 | 0 | 0 | 0 |
| Audit of IM/IT Renewal Project | 2014-2015 | 14 | 0 | 14 | 9 | 4 | 1 | 5 |
| Horizontal Internal Audit of IT Security | 2014-2015 | 6 | 0 | 6 | 0 | 6 | 0 | 6 |
| Total | 40 | 7 | 20 | 16 | 10 | 1 | 11 | |
5.8 Financial Statements
5.8.1 Year-end Financial Statements
The Commissioner is an agent of Parliament whose financial statements are audited annually by the Office of the Auditor General. The AEC met with the OAG in July 2015 to review and discuss the 2014-2015 audited financial statements. OCOL received a clean opinion with no management letter and the financial statements were subsequently approved by the Commissioner. The auditors noted that no matters related to fraud were observed as a result of the audit procedures.
In February 2016, the OAG representatives made a presentation to the AEC on their Annual Audit Plan for the 2015-2016 Financial Statements. The discussion covered the proposed approach, key risks and a discussion on fraud.
5.8.2. Financial update and budgetary management
Budgetary management continues to be an area where the AEC provides active oversight. The external members advised the Commissioner on the need for continued prudence and rigour in financial planning and forecasting. The members discussed with management a strategy to manage the overall salary budget at OCOL including the salary increases in collective agreements which were not covered by TBS during the fiscal year.
The members discussed the financial controls and strategies and were satisfied with the information provided and the proposed approach.
5.8.3 Internal Controls
The AEC received a presentation in February 2016 on the implementation of the Policy on Internal Control at OCOL. The presentation included information on the testing of internal controls and the plan to complete the design and testing of internal controls at OCOL.
5.8.4 Quarterly Financial Statement/Public Accounts
As part of its responsibilities, the AEC reviewed the quarterly financial reports published in September 2015 and December 2015, and the public accounts for 2014-2015. The members were satisfied with the financial information and analysis included in these documents.
5.9 Accountability Reports
The AEC reviewed OCOL’s draft 2014-2015 Departmental Performance Report (DPR) and the draft 2016-2017 Report on Plans and Priorities (RPP). AEC members discussed the plans and priorities and results of the organization with the Commissioner. The discussion covered various opportunities for improvement including performance indicators that are meaningful, realistic and support strategic decision-making.
5.10 Advice to the Commissioner
5.10.1 Emergency Response and Recovery Plan
The members received a presentation on the Emergency Response and Recovery Plan. OCOL is currently updating its documents and ensuring it is satisfactory and aligned with the needs of the organization. The members were satisfied with the proposed approach.
5.10.2 Strategic Advice
The Commissioner also asked the Committee to provide advice outside of the regular meetings on specific files during the year on matters related to the role of the Committee. The members were pleased to support the Commissioner with their independent and external assessment and advice.