Western Economic Diversification Canada
Symbol of the Government of Canada

The Audit Universe

An audit universe represents the potential range of all audit activities and is comprised of a number of auditable entities. These entities generally include a range of programs, activities, functions, structures and initiatives which collectively contribute to the achievement of the department’s strategic objectives.

WD’s Audit Universe is detailed stand-alone document that is updated on a periodic basis. The universe has been mapped against the office of the Comptroller General’s Core Management Controls, taking into consideration WD’s Program Activity Architecture and Management Resources and Results Structure.

Approach and Coordination

The Risk Based Audit Plan was developed through consultation with WD’s Department Audit Committee, senior management and business planners. Internal Audit consulted with the Office of the Comptroller General, the Office of the Auditor General and other assurance providers to ascertain if any of their planned audits include WD.

To ensure the risks identified in the audit plan were consistent with the WD’s mandate and priorities, Internal Audit researched a number of relevant documents. Reference sources included: Program Activity Architecture, Management Resources and Results Structure, Corporate Risk Profile, Treasury Board Submissions, Reports on Plans and Priorities, Departmental Performance Report, Management Accountability Framework assessments, previous Internal Audit Reports, unaudited Financial Statements, and Evaluation Reports.

As a result of this thorough process, Internal Audit selected and prioritized the audit engagements for 2011–2014 based on risk exposure, significance, and the quality of internal control environments that exist to mitigate risks. Any planned audit to be led by an external assurance provider was also included in the plan.

Risk Assessment and Prioritization

Through the risk based audit planning process, internal audit priorities have been identified and audit projects planned in those areas that reflect the greatest need or priority from a departmental perspective.

First, Internal Audit assigned a preliminary ranking by assessing each auditable entity in terms of its risk exposure and significance considering the WD Corporate Risk Profile and other relevant inherent business risks. Internal Audit consulted with senior management and business planners to fully understand WD’s business and associated key risks. Second, Internal Audit assigned a final ranking by incorporating additional priority factors such as management or audit committee requests, horizontal audits, CAE annual perspective statement coverage, and past audit coverage.

Risk exposure is defined as the level of risk to which each auditable entity is exposed and considers the following:

  • The auditable entity’s current and anticipated business conditions and the presence of risk factors;
  • The number and nature of potential risk events to which the auditable entity is exposed as a result of its business conditions/risk factors;
  • The severity of consequences if the risks to which the entity is exposed materialized; and
  • The overall state of control in place within a given auditable entity.

Significance is the value or impact of the entity in the context of WD’s overall objectives. Significance considers materiality, expected benefits to the department and its stakeholders, and the degree to which the audit entity is exposed to public or political scrutiny.

The results of this risk analysis and ranking of the audit universe is found in Risk Assessment Worksheet, Annex A. This risk assessment incorporated both WD-specific risks and those that are government-wide as identified by the Office of the Comptroller General.

Departmental Corporate Risk Profile

The risk assessment also incorporated and included linkages of the audit topics to the Corporate Risk Profile. Currently, the six key risk areas identified and approved by WD management are summarized below.

  • Delivery of the Economic Action Plan – There is a risk that the department will be unable to complete delivery of the plan given the existing level of resources and timelines;
  • Values and Ethics – There is a risk of a real or perceived breach of WD’s values and ethics given the nature of WD programs and the requirement for considerable judgement in the provision of taxpayer dollars to the not-for-profit and private sector;
  • Results – There is a risk that WD will be unable to measure and demonstrate progress in achieving its mandate due to a lack of accurate, accessible performance results information;
  • Financial Management – There is a risk of inadequate budget management and a break down in the department’s control framework;
  • Public Service Renewal – There is a risk that WD will not be successful retaining and developing staff recruited as part of Public Service Renewal efforts; and
  • Policy and Programming – There is a risk that the department is not properly engaged in the appropriate policy forums to influence national policy discussions and inform program development.

Chief Audit Executive’s Annual Overview Report

One of the key requirements of the 2009 Treasury Board Policy on Internal Audit is the requirement for the Chief Audit Executive to provide an annual overview report on departmental risk management, control and governance processes. As a result, the plan has incorporated selected audit coverage towards supporting the Chief Audit Executive’s ability to provide an annual reporting. This was one of the factors that influenced changes between the preliminary rankings and the final rankings.

Audit Coverage

Audit engagements are targeted to provide assurances around key risk management, control and governance processes within WD. For the purposes of this plan, assurance engagements have been categorized into auditable entities and topics that reflect all the Management Accountability Framework indicators and WD’s business activities that support the achievement of its Strategic Outcome. Audit projects for the period are summarized in Table 1 and detailed in Tables 2-4. All the audits selected contribute in one way or another to the success of WD’s one Strategic Outcome:

  • The western Canadian economy is developed and diversified.

Carry-Over Audits

The 2011-14 audit plan contains two audits whose field work is being carried over from the 2010-11 audit plan: Monitoring and Payments and IM/IT Governance. Significant delays in the procurement of contractors for the IM/IT Governance audit prevented this engagement from being started and completed in 2010-11. The Follow-Up Audit of Governance was originally scheduled for 2010-11. The Deputy Minister is leading significant change to the existing management practices and processes in this area, and this work is expected to be completed in 2011-12. As a result, the Deputy Minister agreed to defer this audit until 2013-14, as the audit can better focus on assessing the effectiveness of the changes that are currently in progress.

Follow-up Audits

Internal Audit conducts follow up work in three forms. Firstly, Internal Audit does semi-annual follow-up audit work on outstanding recommendations from previous audits. The report of that follow up work is presented to the Departmental Audit Committee.

Secondly, while conducting its periodic risk assessment and prioritization, Internal Audit assesses past audit work to determine if follow-up audits are required on a previously completed audit. Finally, Internal Audit may select an audit that is blended, containing some follow up work from a previously conducted audit and some revised scope elements.

The 2011-14 audit plan contains follow up work in all three categories, including these three audits: Financial Readiness Assessment (2011-12), Grants and Contributions – Due Diligence Approval Process (2012-13) and Governance (2013-14).

Audits from Other Assurance Providers

Internal Audit canvassed other assurance providers to determine what work, if any, they would be conducting during 2011-12 that would impact on WD. The following is a list of activities for which Internal Audit will be providing a liaison role and that will have some resource demands within other parts of WD as a result of these audits taking place:

  1. Office of the Auditor General – Second Audit of Canada’s Economic Action Plan; and
  2. Office of the Comptroller General –Horizontal Audit of Grants and Contributions Management Control Framework Phase 1 (management action plan development and follow up only).

In all of these cases, the Internal Audit resources required to support these initiatives is recorded as part of the Practice Management function on Table 5.

Resources

Internal Audit has five full-time audit professional staff, the Chief Audit Executive and one administrative assistant. The Chief Audit Executive concludes that the current resource level of personnel is adequate for the audits planned for 2011-2014. The audit plan will use a combination of internal and external resources because of the volume of planned engagements as well as to fulfill the collective proficiency standards required for internal auditing. The operating budget includes some targeted funding to support the operation of the Departmental Audit Committee and the continuous professional development of the internal audit staff.

  &2011 - 2012 &2012 - 2013 &2013 - 2014
Financial Resources $1,040,000 $1,040,000 $1,040,000
Human Resources – FTEs 7 7 7

Resource allocations for all 2011-12 audit projects can be found on Table 5.

Other Activities

Some key consulting activities that Internal Audit will pursue in the planning cycle include:

  • Consulting engagements requested by senior management (subject to preservation of Internal Audit’s objectivity and independence);
  • Quality Assurance and Improvement Program enhancements;
  • Continuous professional development for internal audit staff;
  • Support to the Departmental Audit Committee;
  • Education of staff and other stakeholders on the role of Internal Audit; and
  • Support to horizontal engagements assigned from outside assurance providers and central agencies.