Internal Audit Committee Annual Report 2016-17

Foreword from the External Members of the Committee

It is with great pleasure that we submit the Annual Report from the external members of the Audit Committee (AC) of the Office of the Privacy Commissioner of Canada (OPC), for the year ended March 31, 2017. The report reflects a summary of the oversight work carried out by the Committee together with associated insight and advice provided.

We wish to say how pleased we are with the significant enhancements the OPC has made to its management practices this year and over the past eight years. This includes a more robust planning and financial management, monitoring and reporting regime; risk management practices that continue to mature and be integrated into various facets of the organization’s work; enhanced human resource management practices; and a renewed focus and attention on results and performance. The soundness of OPC’s accounting and financial reporting practices is evidenced by the results of the testing of the controls over financial reporting and the twelfth straight unmodified (i.e. ‘clean’) audit opinion the Office of the Auditor General rendered on the 2015-2016 financial statements.

Commissioner, we sincerely appreciate your continued interest and support for the Audit Committee. We would also like to thank your Executive team, and in particular, the Corporate Services Branch for their continued hard work and support for the AC.

(Original signed by)

Laurel Murray, CPA, CA

(Original signed by)

Elisabeth Nadeau

1.0 Introduction

The external members of the Office of the Privacy Commissioner Audit Committee (AC) prepared this annual report for the Commissioner to summarize the Audit Committee’s activities, observations and advice in the fiscal year 2016-2017. This report is pursuant to the requirements as set out in the Treasury Board’s 2012 Policy on Internal Audit and the approved AC Terms of Reference.

In carrying out its work, the AC maintains appropriate independent oversight while building relationships with management and the Office of the Auditor General (OAG). Consistent with prior years, our focus has been to identify and assess risk, to oversee control and governance processes as well as best practices across the OPC. Our aim throughout our work has been to provide the Commissioner with objective, clear and constructive advice.

The Audit Committee’s observations of, and advice on, each of the Committee’s oversight areasFootnote 1 are detailed in Section 4 of this report.

2.0 Role and Membership of the Committee

The role of the Audit Committee (AC) is to provide the Commissioner with independent advice and recommendations about the overall quality and functioning of the OPC’s risk management, control and governance frameworks and processes. The AC also provides the Commissioner with strategic advice on emerging priorities, concerns, risks, opportunities and accountability reporting.

The AC is composed of the following members:

  • Laurel Murray, CA, Chair, external member
  • Elisabeth Nadeau, external member
  • Daniel Therrien, Commissioner, ex-officio member

In addition, the following OPC staff were required to attend all 2016-2017 AC meetings:

  • Chief Audit Executive, Daniel Nadeau, who is also the Chief Financial Officer
  • Secretary to the Committee, Chantale Roussel, who is also the Director, Business Planning and Management Practices

The Audit Committee has documented its role, responsibilities, and operations in a Terms of Reference (TOR) document (refer to Annex A). These TOR are periodically reviewed, updated as required, and reaffirmed by the Commissioner. The most recent review of the TOR was completed in 2015 and a review is anticipated in 2017-2018 following the implementation of changes to the TB Internal Audit policy suite.

To deliver on its approved Terms of Reference, the Audit Committee developed a 2016-2017 Work Plan that was reviewed and approved at the Committee’s June meeting (refer to Annex B). Progress against the plan is monitored throughout the year to ensure the Committee delivered on its commitments.

As part of the annual discussion of the Audit Committee’s Annual Report, members review and attest to them being free of any real or perceived conflicts of interest that could impede their independence and objectivity. No issues have been noted.

3.0 Summary of 2016-17 Audit Committee Activities

The sections that follow summarize key activities and areas of focus for 2016-2017, together with advice provided to further strengthen management and oversight practices across the OPC.

3.1 Meetings

The AC held four meetings during the year as follows:

  • June 27, 2016;
  • August 22, 2016;
  • December 16, 2016; and
  • March 28, 2017.

At the start of each AC meeting, members engaged in an open discussion of emerging issues facing the organization. During these discussions, the Commissioner briefed members on key happenings across the organization since the last meeting as well as possible issues or opportunities that may impact the organization. These discussions provided members with valuable context and insights that promoted a better understanding and appreciation of the changing work and environment within which the organization operates. These discussions also provide an opportunity for AC members to provide the Commissioner with strategic advice in new or emerging areas or issues facing the OPC.

There was 100% attendance by all AC members and required attendees at meetings held during 2016-2017. Minutes of meeting were prepared for each meeting and circulated electronically between meetings for review and recommended approval. Following the Committee’s recommendation, the Chair formally signed them to clearly convey this approval.

As part of each Committee meeting, the external Committee members held in-camera discussions with the Chief Audit Executive who is also the Chief Financial Officer, and officials from the OAG when in attendance. These in-camera segments provide an opportunity for these officials to raise and discuss sensitive issues in confidence. The external members also meet in camera at each meeting to discuss issues as required.

3.2 Committee Self-Assessment

In the spring of 2016, the Audit Committee undertook a self-assessment of its function and performance. A survey in support of this assessment was developed focusing on four areas - mandate and composition; roles and responsibilities; Committee support; and specific questions for select OPC managers. The three members of the AC as well as the two required attendees completed the survey with 5 of 7 managers completing the section requested of them.

Overall, the survey results were very positive with noted improvements since the last self-assessment conducted in 2012. Most respondents agree that the Audit Committee does good work and provides value-add. The survey also provided some suggestions for improvement, primarily in terms of helping strengthen the audit function in general rather than the Audit Committee in particular. An action plan was developed, approved and monitored by the AC to address the noted areas for improvement.

3.3 Transparency

AC information is publicly available on the OPC website. This includes bios of the AC members, the Committee’s Terms of Reference, annual reports and approved internal audit reports. The Audit Committee believes that the proactive sharing of this information provides Canadians with valuable information and insight into the work of the Committee and its role in the oversight of the management practices of the Office. In response to the AC self-assessment undertaken in 2015-2016, work is underway to enhance the electronic availability of AC information on the OPC’s intranet site.

4.0 Core Areas of Responsibility

The sections that follow provide a summary of the AC’s activities during the year to discharge its responsibilities in providing the Commissioner with advice that helps strengthen governance, risk management and control processes and practices across the OPC.

4.1 Values and Ethics

Values and Ethics continues to be an area of importance for management and the AC. During the year, the Committee reviewed and discussed the annual report on conflict of interest (COI) and post-employment measures, together which summarize the OPC’s activities related to its Values and Ethics program. No areas of concern were noted; however, the external members made two recommendations to help provide greater context, namely in terms of reporting being proactive and providing real examples of real or perceived conflicts of interest that can aid in enhancing staff members’ understanding and compliance with COI requirements.

4.2 Risk Management

A key element of OPC’s formalized risk management arrangements continues to be the Corporate Risk Profile (CRP) that is reviewed and refined each year as part of the strategic planning process. The CRP provides a summary of the organization’s strategic risks requiring ongoing management and monitoring and is a key input into the organization’s strategic planning process and the development of the OPC’s Departmental Plan (DP), a key accountability document in the Estimates process.

During the year, the Audit Committee reviewed and discussed the draft CRP, recognizing that further work was being undertaken to identify controls in relation to the key risks and associated mitigation strategies. The external members concurred with the strategic risks while offering recommendations to help clarify the associated risk statements. As in prior years, as management monitors its key risks throughout the year, the external members looked to be apprised of any changes to the key risks as well as the effectiveness of risk mitigation strategies.

4.3 Management Control Framework (MCF)

While not subject to the Management Accountability Framework (MAF) assessment undertaken by Treasury Board of Canada Secretariat, the OPC utilizes the TBS tool in carrying out a self-assessment of the organization’s management control processes and practices. The external members continued to be pleased with, not only the many strengths evidenced through this assessment, but as well with management’s commitment to continually strive to improve in an efficient and effective manner.

In addition to the MAF, the following is a summary of other areas of the MCF examined and advice and recommendations provided by the external members.

4.3.1 Financial Authority

Delegation of authority is a key control with respect to sound stewardship and compliance with the Financial Administration Act (FAA). During the year, the AC reviewed and discussed the financial delegation authority instrument, discussing its appropriateness for the nature and value of OPC expenditures. The external members were satisfied with the mechanisms in place to support the level of delegation including tools, mandatory training and post-payment verification. The external members recommended that delegated managers be kept abreast of the delegation tools, and payment approvals that have restrictions (i.e. membership fees) should be clearly articulated in the associated guidance.

4.3.2 Internal Controls over Financial Reporting (ICFR)

Using an outside consulting firm, OPC tested key internal controls over financial reporting for 2015-2016, namely financial close and reporting, capital assets, and attractive assets. The AC discussed the results of this testing noting that they were very positive. The testing highlighted that OPC’s control environment is very strong, that the Office is well versed in controls and that the Office has a genuine desire to improve and to do the best it can – all indicators of sound controls over financial reporting. Members reviewed the action plan developed to address minor recommendations for improvement, with the external members recommending that there be a focus on key issues needing to be addressed so as to avoid adding new onerous control processes. The Committee was very pleased with the results of this testing and management’s commitment to continuous improvement and looks forward to monitoring progress against the action plan as part of the Committee’s review of the 2016-2017 ICFR testing.

4.3.3 Staffing

The Audit Committee reviewed and discussed OPC’s new Staffing Framework in support of the Public Service Commission’s (PSC) new staffing model, a model that promotes greater sub-delegation of staffing. Members were also briefed on the results of the PSC’s recent assessment of the OPC’s staffing program and practices and were pleased with the results highlighting that OPC is well positioned to transition to the new model.

4.3.4 Financial Resource Management

Financial resource management continues to be critical to supporting the organization in effectively managing its resources. The AC received an update on the OPC financial situation at each meeting, as well as a briefing on the financial results and carry forward for 2016-2017. This review highlights the due diligence and rigour OPC management undertakes to manage an expanding mandate with no additional resources. The external members also continue to be pleased with the collaboration amongst Agents of Parliament in examining funding mechanisms for these organizations.

4.3.5 Results-based Accountability and Reporting Framework

As an Agent of Parliament, OPC is not subject to monitoring or oversight by TBS but rather the Commissioner is responsible for ensuring compliance with TB policies and directives. Work continued this year in developing a Results-based Accountability and Reporting Framework that supports the organization in understanding and complying with the full suite of required policies and directives. Where there is discretion in how the OPC complies with policy requirements, the external members recommended that an approach be designed that is consistent with the work necessary to deliver on the core mandate while providing sufficient safeguards that policy objectives are met. This recommendation recognizes that OPC is a very small organization with limited resources to deliver on its mandate while also complying with the multitude of requirements that are required of much larger federal departments and agencies.

4.3.6 OPC’s Results Framework

With the implementation of the new TB Policy on Results, OPC has a renewed focus on the development of a new strategic results framework. The external members were briefed on a draft of the Framework at the March meeting and then met off-line to do a more thorough review and analysis of the proposed draft so as to provide the Commissioner with relevant, practical feedback. The members found that overall the Framework is well done in that it is more streamlined and reflective of the difference the OPC is really trying to make in term of privacy protection. Recommendations were made to strengthen some of the performance indicators and to enhance accountability for achievement of results, and the consistency, cost and integration of the Framework.

4.3.7 Quarterly Financial Reporting

The AC reviewed and provided feedback and advice on the OPC’s 1st, 2nd and 3rd 2016-2017 Quarterly Financial Reports. While the format of these reports is prescribed by Treasury Board Secretariat, members did not note any concerns but rather once again commend management for the clarity and conciseness of these reports.

4.4 Internal Audit Function

The Audit Committee plays an active oversight role of the OPC’s internal audit function. The mandate, roles and responsibilities and authority of the internal audit function are detailed in the OPC’s Internal Audit Charter that is recommended for approval by the Audit Committee and formally approved by the Commissioner. In the coming year, the Charter will be reviewed and revised as required following April 1, 2017 implementation of a revised TB Internal Audit policy suite.

The OPC’s in-house internal audit capacity consists of a Director, Business Planning and Management Practices, with oversight by the Chief Audit Executive (CAE). The CAE, who is also the Director General, Corporate Services and Chief Financial Officer, reports directly to the Commissioner. At the March 2017 meeting, the external members met in-camera with the Commissioner and provided input into the performance appraisal of the CAE.

To augment the in-house capacity and support the independence of the audit function, OPC continues to co-source both the development of the Risk-based Audit Plan (RBAP) and the individual internal audit engagements with an outside professional services firm. This arrangement enables OPC to retain control and oversight of the internal audit function while leveraging the expertise and experience of internal audit professionals The AC Chair, who is a Chartered Professional Accountant, Chartered Accountant (CPA, CA), with significant internal audit expertise, also provides expertise, guidance to support the enhancement of this function and its independence and oversight throughout the year. While the current AC Chair is cycling off the Committee early next year, her replacement is also a CPA, CAwith extensive internal and external audit experience and expertise.

At the June meeting, the external members were briefed on the continued relevance of the 2016-2017 Risk-Based Internal Audit Plan (RBAP). Members did not recommend any changes to the Plan and concurred with the intention to commence the review of the Technology and Analysis Directorate (TAD) in Q4 of the year. Members were verbally briefed on this review at the March 2017 meeting and look forward to reviewing the results of this work once completed. In response to a recommendation made as part of the AC’s self-assessment process, the AC will look to meet in-camera with the audit firm that carried out the TAD Review.

With respect to the 2017-2018 to 2019-2012 RBAP, the external members met with the contractor developing the plan in January 2017 and provided feedback on the draft plan. The draft RBAP was then tabled at the March AC meeting and recommended for approval by the Commissioner.

For 2015-2016 the CAE provided a verbal annual report versus a written report as was done in prior years. The Committee concurred with this approach given that there were not any internal audit engagements during the year, the members were provided with a verbal CAE briefing at each meeting, and the comprehensiveness of the 2015-2016 Audit Committee Annual Report. The verbal report highlighted that the function met expected performance targets established for the year and that resources for the function were sufficient to deliver on expectations efficiently and effectively.

4.5 External Assurance Providers

As in past years, the Office of the Auditor General (OAG) carries out an audit of the OPC’s financial statements with the objective of rendering an audit opinion on these statements. Representatives from the OAG attended the Committee’s March meeting to discuss the plan for the annual audit of OPC’s 2016-2017 financial statements.

The OAG Audit Principal and Audit Project Leader attended the AC’s August 2016 meeting to review and discuss the audited Financial Statements and the Management Representation Letter, including the related Annex with respect to internal control over financial reporting. The OAG’s report to the AC highlighting the annual audit results for the year ended March 31, 2016 was also a key document reviewed and discussed at this meeting. For the twelfth (12th) straight year, the OAG rendered an unmodified audit opinion on the financial statements. No significant internal control weaknesses were noted by the OAG nor did they issue a Management Letter.

4.6 Follow-up on Management Action Plans

The AC monitors management’s progress in implementing management action plans stemming from internal audit reports until all recommendations have been satisfactorily implemented or are no longer relevant. On a semi-annual basis, the Committee receives and reviews a report on management’s progress in implementing outstanding actions.

At March 31, 2016, there were two outstanding management actions, both flowing from the Audit of IM/IT Governance undertaken in the year 2014-2015. The external members were pleased that both of these actions were fully implemented in 2016-2017. The Committee was also briefed on the implementation of recommendations from the 2015 Privacy Act Diagnostic Review project. Management is making progress on implementing both recommendations and working closely with the Commissioner throughout the process. No new management actions came on stream in 2016-2017.

4.7 Financial Statements

As the Commissioner is an Agent of Parliament, the financial statements of the organization are audited by the Office of the Auditor General (OAG) each year. At the August meeting, AC members reviewed and discussed the OPC’s 2015-2016 audited financial statements with the Deputy CFO, CFO and representatives from the OAG. Following these discussions, the AC recommended the Commissioner approve these financial statements.

4.8 Accountability Reports

The external members reviewed the OPC’s draft 2015-2016 Departmental Performance Report (DPR) and the draft 2017-2018 Departmental Plan (DP). AC members provided advice and recommendations to management prior to these reports being approved by the Commissioner.

5.0. TB POLICY RESET INITIATIVE

During the year, the AC was briefed on the Treasury Board Policy Reset Initiative. This included insight into role and collaboration OPC and the Agents of Parliament Working Group (WG) are undertaking to actively engage in this process. Early in the new year, the AC will review the changes to the new Policy on Internal Audit and accompanying Directive as well as management’s approach to comply with the new requirements.

6.0 Looking Ahead

Over the coming year, the Committee will be welcoming a new Chair and looks forward to provide oversight as well as advice to the Commissioner with a particular focus on the following activities:

  • Implementation of new/revised TB policies and OPC's compliance with associated requirements
  • Finalization and implementation of the OPC Results Framework, including integration of the Framework into key business processes (i.e. planning, monitoring, financial resource allocation/reallocation)
  • Results of the Technology and Analysis Directorate (TAD) Review
  • Results of monitoring activities in relation to the implementation of the new Staffing model

ANNEX A - Audit Committee Terms of Reference

Revised: June 16, 2015

Table of Contents

  1. INTRODUCTION
  2. MANDATE
  3. COMMITTEE REPORTING AND COMPOSITION
  4. COMMITTEE MEETINGS
  5. RESPONSIBILITIES
  6. OPERATIONS
  7. EVALUATION OF THE COMMITTEE'S PERFORMANCE
  8. ANNUAL REPORT
  9. APPROVAL OF COMMITTEE TERMS OF REFERENCE

1. INTRODUCTION

This document outlines the purpose, responsibilities, membership and operating procedures of the Audit Committee (the Committee) in the Office of the Privacy Commissioner of Canada (OPC).

The Committee is an essential component of the internal audit regime established within OPC and reflective of both the Treasury Board Policy on Internal Audit which came into effect on April 1, 2006Footnote 2 and the Joint Agreement of the Working Group of Officers of Parliament. Footnote 3 The latter reinforces OPC’s status as an Officer of Parliament.

The Working Group of Officers of Parliament have agreed that the intent of the government’s Internal Audit Policy shall be reflected in the Internal Audit systems, processes and infrastructure within each Office of Parliament, but taking account of their status of independence and their relatively small size.

2. MANDATE

The Committee provides objective advice and recommendations to the Commissioner regarding the sufficiency, quality and results of assurance on the adequacy and functioning of the OPC's risk management, control and governance frameworks and processes (including accountability and auditing systems). This work supports the Commissioner’s role as OPC’s accounting officer before Parliament.

To give the Commissioner this support, the Committee reviews, with a risk guided focus, all core areas of OPC management, control and accountability processes in an integrated way, such that the results of internal audits may be incorporated into the OPC priority-setting and strategic planning processes. Hence, the work of the Committee reinforces the quality and reliability of the financial and other performance information used by OPC managers for decision-making and reporting and, in so doing, contributes to enhanced managerial accountability. The Committee also serves to reinforce the independence, effectiveness and accountability of the Chief Audit Executive.

The Committee also provides advice and recommendations as may be requested by the Commissioner.

3. COMMITTEE REPORTING AND COMPOSITION

3.1 Membership

The Commissioner is responsible for establishing an independent audit committee for the Office consisting of three members. There are two external members who are not currently members of the Federal Public Service and the Commissioner is an ex-officio member. The Chief Audit Executive (CAE)/Chief Financial Officer (CFO) attends all meetings.

The Commissioner is responsible for selecting the Committee’s Chair, the members and the Secretary. All members of the Committee shall be, or become within the first year of appointment, financially literate and familiar with private- or public-sector financial reporting. At least one member is a financial expert who possesses a professional accounting designation.

Members shall be independent as demonstrated by their absence of real and perceived, direct and indirect, personal and financial interest or that of their family and business associates and competitors AND by their personal capacity and behaviour to engage the management, CAE and external auditors in demanding explorations of practices and areas of concern. It extends to seeing this principle through to standing by one’s challenge to reports and practices held to be incompatible with the facts or to acceptable practices – even when colleagues on the Committee may be inclined to defer. The consequence of this is the duty to inform the Commissioner directly in such a case. Protection of independence may result in a mutual agreement to terminate the appointment.

The external members of the Committee shall declare their independence and absence of conflict of interest annually.

3.2 Reporting

The Chair represents the Committee in periodic meetings with the Commissioner.

3.3 Length of Term

Members shall normally be appointed for a term of four years. A member shall serve no more than two terms. To ensure continuity, mandates can be staggered, and some terms may be for less than four years.

4. COMMITTEE MEETINGS

4.1 Frequency

The Committee shall meet two or three times a year either in person or by teleconference, with more meetings as deemed necessary by the Chair. The Committee’s meeting schedule will normally be set out six months in advance so that OPC management and internal auditors can prepare the information and reports required to support the Committee’s work. Rescheduling of Committee meetings will be by exception only.

4.2 Quorum

Quorum shall be a majority of the members. No alternates shall be permitted.

4.3 Preparation and Attendance of Members

To enhance the effectiveness of the Committee meetings, each member shall:

  • Devote the time necessary to prepare for, and participate in, each meeting: this involves reading the reports and reference documents provided for the meeting;
  • Maintain an excellent record of attendance at meetings.

4.4 Attendance of Non-Members

The Chief Audit Executive shall attend all meetings of the Committee. The Chair may request the attendance of other senior officials. When required, the Chair shall ask a senior representative of the external assurance providers to attend the Committee meetings to discuss the plans, findings and other matters of mutual concern.

4.5 Minutes of meetings

Minutes of each meeting are kept and contain the list of attendees, a summary of the decisions made and an overview of the points discussed. The minutes are approved by the Committee and signed by the Chair on behalf of the Committee.

4.6 In camera meetings

As part of each Committee meeting, the Committee shall meet in camera with the CAE/CFO, representatives of external assurance providers when in attendance and any other officials the Committee decides to call.

4.7 Committee’s Annual Plan

The Chair, in consultation with the other members of the Committee, shall prepare a plan for recommendation to the Commissioner, to ensure that the responsibilities of the Committee are scheduled and fully addressed.

4.8 Examination of the Committee’s Terms of Reference

The Committee shall periodically review its terms of reference and if revised, submit them to the Commissioner for approval.

5. RESPONSIBILITIES

The particular emphasis and priorities from among the Committee’s key areas of responsibility are to be set by the Commissioner in consultation with the Committee. In doing so, consideration is given to the OPC’s mandate, objectives and priorities, as well as the corresponding risks affecting the organization.

Below are the key areas of responsibility that fall within the scope of concern of the Committee, and that will be reviewed with an appropriate risk-guided focus and cycle.

5.1 Values and Ethics

The Committee shall review and provide advice on the OPC’s systems and practices established by the Commissioner to monitor compliance with laws, regulations, policies and standards of ethical conduct and identify and deal with any legal or ethical violations. This may also include the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies, and standards of ethical conduct.

5.2 Risk Management

The Committee shall review and provide advice on the risk management arrangements established and maintained by the OPC.

5.3 Management Control Framework

The Committee shall review and provide advice on the OPC’s internal control arrangements, and be informed on all matters of significance arising from the work performed by others who provide assurances to senior management and the Commissioner.

5.4 Internal Audit Function

The Committee shall:

  • Recommend, and periodically review, the OPC Internal Audit Charter for approval by the Commissioner;
  • Provide advice to the Commissioner on the sufficiency of resources of the internal audit function;
  • Review and recommend for approval by the Commissioner the Risk-Based Audit Plan;
  • Monitor and assess the performance of the Internal Audit function;
  • Advise the Commissioner on the recruitment and appointment, as well as the performance of the Chief Audit Executive;
  • Review and recommend for the Commissioner’s approval internal audit reports and corresponding management action plans to address recommendations;
  • Be advised of audit engagements or tasks that do not result in a report to the Committee and be informed, by the appropriate level of management, of all matters of significance arising from such work;
  • Review regular reports on progress against the risk-based audit plan.

5.5 External Assurance Providers

The Committee shall be informed of and shall advise the Commissioner on:

  • All audit work relating to the OPC to be undertaken by external assurance providers, including management’s response; and,
  • Audit-related issues and priorities raised by external assurance providers.

5.6 Financial Statements and Public Accounts Reporting

The Committee shall review and provide advice to the Commissioner on the key financial management reports and disclosures of the OPC, including quarterly financial reports, annual financial statements and Public Accounts.

The Committee shall also review the annual Statement of Management Responsibility Including Internal Control over Financial Reporting and provide advice to the Commissioner on the risk-based assessment plans and associated results related to the effectiveness of the OPC’s system of Internal Control over Financial Reporting.

Since the OPC financial statements are audited by the OAG, the Committee shall review:

  • The financial statements with the external auditor and senior management, discuss any significant accounting estimates and adjustments therein, any adjustments required to the statements as a result of the audit, as well as any difficulties or disputes encountered with management during the course of the audit;
  • Management letters arising from the external audit;
  • The auditor's findings and recommendations relating to the internal controls in place for financial reporting and consider their impact on controls, risk management and governance processes.

5.7 Follow up on Management Action Plans

The Committee shall review regular reports on the progress of the implementation of approved management action plans resulting from prior internal audit recommendations as well as management action plans resulting from the work of external assurance providers.

5.8 Accountability Reporting

The Committee shall receive copies of the Report on Plans and Priorities, the Departmental Performance Report and other significant accountability reports. These reports provide context for the deliberations of the Committee and advice to the Commissioner. Over time, and in the course of successively reviewing these documents, the Committee will be attentive to, and provide advice on, any material misstatements or omissions.

5.9 Evaluation Plans and Reports

The Committee shall, at a minimum, receive copies of evaluation plans and evaluation reports for information. The Committee may also provide advice and recommendations on evaluation activities as may be requested by the Commissioner.

6. OPERATIONS

6.1 Access

The Committee has full access to the Chief Audit Executive and the other OPC employees and documents required to fulfill its responsibilities, subject to applicable legislation. The CAE has full access to the Committee and to the Committee Chair.

6.2 Orientation, Training, and Continuing Education of Committee Members

Members shall receive formal orientation and training on the Committee's responsibilities and objectives and on the business of the OPC.

6.3 Support

The Internal Audit function provides the Committee with the necessary support to carry out its responsibilities and fulfill its duties. The Committee also has the power to obtain independent help and advice. The support to the Committee includes among other things:

  • Administrative duties (i.e., preparation and distribution of meeting agendas, minutes and materials);
  • Supporting the Committee in executing its work;
  • Supporting the Committee in assessing its performance;
  • Supporting the Committee in its accountability reporting;
  • Supporting the orientation for new members.

6.4 Duty to Inform and Duty to Resign – Disagreement

In the event that a member of the Committee has a difference of opinion with another member that cannot be resolved by the Chair or if the member has an unresolved difference of opinion with the Chair and provided that the difference of opinion, from the perspective of the member, has, or could have, a material, negative impact on the fairness of reported information or on the integrity of operations of the OPC or involves the questionable behaviour of an individual then the member shall bring the issue forward for resolution, as follows:

  • Bring the issue to the attention of the Commissioner within a reasonable timeframe.
  • If the Commissioner is unable to resolve the issue and if the member is of the opinion that the issue still remains, the member has a duty to resign.

7. EVALUATION OF THE COMMITTEE’S PERFORMANCE

The Committee shall periodically evaluate its own performance to continually improve how it carries out its responsibilities. The Committee’s performance shall also be part of an external evaluation of the internal audit function that is to be carried out at least every five years, by an independent auditor.

8. ANNUAL REPORT

The independent members of the Committee shall submit an annual report to the Commissioner that shall:

  • Summarize the results of the Committee's reviews of areas of responsibility;
  • Provide the independent members’ assessment, and make recommendations as needed on the capacity, independence and performance of the internal audit function; and,
  • Express views in the annual report that shall be entirely and exclusively those of the independent members, notwithstanding any assistance given by OPC officials in the preparation of the annual report.

9. APPROVAL OF COMMITTEE TERMS OF REFERENCE




Reviewed by the Audit Committee



Date



Approved by the Commissioner



Date

Annex B - Audit Committee Annual Plan 2016-17

# AC Action Item Description Purpose/Action Frequency Q1
Apr-June
Q2
July-Aug
Q3
Oct-Dec
Q4
Jan-March
Other Comments
AC Infrastructure
1 AC Terms of Reference Review and recommend to the Commissioner for approval Periodically       1   Recommend review towards the end of the fiscal year once the changes to the policy are solidified
2 AC Annual Plan (for upcoming fiscal year) Review and recommend to the Commissioner for approval Annually 1         Required annually to establish committee work required for the year.
3 Establish AC meeting schedule Approve Every 6 months         1 Done off-line semi-annually as not practical to set meetings too far in advance.
4 Orientation/ongoing PD requirements Determine Periodically     1     Members attend DAC Symposium and PD as required
Internal Audit Oversight Responsibilities
5 Internal Audit Charter Review and recommend to the Commissioner for approval Periodically       1   Recommend review towards the end of the fiscal year once the changes to the policy are solidified
6 Adequacy of internal audit resources Monitor Annually     1     Integral part of approval of the Risk-based Internal Audit Plan (RBAP) process
7 Risk-based Internal Audit Plan (RBAP) Review and recommend to the Commissioner for approval Annually     1 1   AC engaged in the update process and reviews draft RBAP and recommends it for approval by the Commissioner
8 Performance of the internal audit function and CAE Monitor and assess Annually       1   AC input is intended to be an input into the CAEs annual performance appraisal. Done through an in-camera discussion with the Commissioner at our last meeting of the year
9 Internal Audit Reports and corresponding management responses and action plans Review and recommend to the Commissioner for approval Ongoing           Review of Technology Analysis Directorate (TAD) Services expected to get underway in Q4 thus, no internal audit reports expected in 2016-17
10 Reports on the progress against the internal audit plan Receive and review Ongoing 1   1 1   CAE speaks to this as part of his update at each meeting.
11 CAE's Annual Report Receive and review Annually 1         Given that no internal audit engagements were undertaken in 15-16, combined with the robust nature of the AC's Annual Report, the CAE's 2015-2016 annual report will be a verbal report to the Committee
Additional Responsibilities
12 Values and Ethics Review and provide advice In accord with risk guided focus and cycle           Results of implementation of new COI Directive expected in 16-17 (timing for it to come to AC tbd). Other elements of V&E may also be examined.
13 Risk management Review and provide advice In accord with risk guided focus and cycle     1     Review Corporate Risk Profile
14 Management Control Framework Review and provide advice In accord with risk guided focus and cycle     1     In addition to reviewing key elements of the MCF via internal audit reports, the AC will also discuss whether the Office should undertake a MAF exercise in 16-17 given the results and improvements made over the past number of years as well as other initiatives currently underway. Committee also expects to provide advice on OPC's new Results Framework to be developed in 2016-17. This Framework will replace MRRS.)
15 OAG, agents of parliament and central agencies Review OAG Audit Plan and Review and Discuss Audit Results Semi-annual   1   1   OAG presents the plan for the financial statement audit to the Committee in Jan-March and the review of the results of this audit discussed at the summer meeting.
16 Follow-up on Management Action Plans Review and provide advice Periodically     1 1   Semi-annual review.
17 OPC Financial Statements Review and recommend to the Commissioner for approval Annually   1       Special meeting held in the summer whereby the AC reviews and discusses the financial statements together with the results of the OAG's audit of them and provides advice/recommended approval.
Accountability Reporting:
18 Report on Plans and Priorities (RPP) Review and provide advice Annually     1     Tied to Parliamentary reporting timelines
19 Departmental Performance Report (DPR) Review and provide advice Annually   1       Tied to Parliamentary reporting timelines
Committee Assessment
20 Committee self-assessment Review and monitor implementation of any resulting actions Periodically 1         Will look to engage OPC management who appear before the committee in the process.
21 External practice inspection Undergo/Review Every 5 yrs           N/A, completed in 14-15 and all recommendations have been implemented
Accountability and Reporting
22 AC Annual Report Prepare and brief Commissioner prior to finalization Annually 1          
Other Duties
23 Delegation of Authority Review and provide advice TBD 1         Review work management carries out to ensure they are calibrated at the right level
Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: