An audit universe represents the potential range of all audit activities and is comprised of a number of auditable entities. These entities generally include a range of programs, activities, functions, structures and initiatives which collectively contribute to the achievement of the department’s strategic objectives.
WD’s Audit Universe is detailed stand-alone document that is updated on a periodic basis. The universe has been mapped against the office of the Comptroller General’s Core Management Controls, taking into consideration WD’s Program Activity Architecture and Management Resources and Results Structure.
The Risk Based Audit Plan was developed through consultation with WD’s Department Audit Committee, senior management and business planners. Internal Audit consulted with the Office of the Comptroller General, the Office of the Auditor General and other assurance providers to ascertain if any of their planned audits include WD.
To ensure the risks identified in the audit plan were consistent with the WD’s mandate and priorities, Internal Audit researched a number of relevant documents. Reference sources included: Program Activity Architecture, Management Resources and Results Structure, Corporate Risk Profile, Treasury Board Submissions, Reports on Plans and Priorities, Departmental Performance Report, Management Accountability Framework assessments, previous Internal Audit Reports, unaudited Financial Statements, and Evaluation Reports.
As a result of this thorough process, Internal Audit selected and prioritized the audit engagements for 2011–2014 based on risk exposure, significance, and the quality of internal control environments that exist to mitigate risks. Any planned audit to be led by an external assurance provider was also included in the plan.
Through the risk based audit planning process, internal audit priorities have been identified and audit projects planned in those areas that reflect the greatest need or priority from a departmental perspective.
First, Internal Audit assigned a preliminary ranking by assessing each auditable entity in terms of its risk exposure and significance considering the WD Corporate Risk Profile and other relevant inherent business risks. Internal Audit consulted with senior management and business planners to fully understand WD’s business and associated key risks. Second, Internal Audit assigned a final ranking by incorporating additional priority factors such as management or audit committee requests, horizontal audits, CAE annual perspective statement coverage, and past audit coverage.
Risk exposure is defined as the level of risk to which each auditable entity is exposed and considers the following:
Significance is the value or impact of the entity in the context of WD’s overall objectives. Significance considers materiality, expected benefits to the department and its stakeholders, and the degree to which the audit entity is exposed to public or political scrutiny.
The results of this risk analysis and ranking of the audit universe is found in Risk Assessment Worksheet, Annex A. This risk assessment incorporated both WD-specific risks and those that are government-wide as identified by the Office of the Comptroller General.
The risk assessment also incorporated and included linkages of the audit topics to the Corporate Risk Profile. Currently, the six key risk areas identified and approved by WD management are summarized below.
One of the key requirements of the 2009 Treasury Board Policy on Internal Audit is the requirement for the Chief Audit Executive to provide an annual overview report on departmental risk management, control and governance processes. As a result, the plan has incorporated selected audit coverage towards supporting the Chief Audit Executive’s ability to provide an annual reporting. This was one of the factors that influenced changes between the preliminary rankings and the final rankings.
Audit engagements are targeted to provide assurances around key risk management, control and governance processes within WD. For the purposes of this plan, assurance engagements have been categorized into auditable entities and topics that reflect all the Management Accountability Framework indicators and WD’s business activities that support the achievement of its Strategic Outcome. Audit projects for the period are summarized in Table 1 and detailed in Tables 2-4. All the audits selected contribute in one way or another to the success of WD’s one Strategic Outcome:
The 2011-14 audit plan contains two audits whose field work is being carried over from the 2010-11 audit plan: Monitoring and Payments and IM/IT Governance. Significant delays in the procurement of contractors for the IM/IT Governance audit prevented this engagement from being started and completed in 2010-11. The Follow-Up Audit of Governance was originally scheduled for 2010-11. The Deputy Minister is leading significant change to the existing management practices and processes in this area, and this work is expected to be completed in 2011-12. As a result, the Deputy Minister agreed to defer this audit until 2013-14, as the audit can better focus on assessing the effectiveness of the changes that are currently in progress.
Internal Audit conducts follow up work in three forms. Firstly, Internal Audit does semi-annual follow-up audit work on outstanding recommendations from previous audits. The report of that follow up work is presented to the Departmental Audit Committee.
Secondly, while conducting its periodic risk assessment and prioritization, Internal Audit assesses past audit work to determine if follow-up audits are required on a previously completed audit. Finally, Internal Audit may select an audit that is blended, containing some follow up work from a previously conducted audit and some revised scope elements.
The 2011-14 audit plan contains follow up work in all three categories, including these three audits: Financial Readiness Assessment (2011-12), Grants and Contributions – Due Diligence Approval Process (2012-13) and Governance (2013-14).
Internal Audit canvassed other assurance providers to determine what work, if any, they would be conducting during 2011-12 that would impact on WD. The following is a list of activities for which Internal Audit will be providing a liaison role and that will have some resource demands within other parts of WD as a result of these audits taking place:
In all of these cases, the Internal Audit resources required to support these initiatives is recorded as part of the Practice Management function on Table 5.
Internal Audit has five full-time audit professional staff, the Chief Audit Executive and one administrative assistant. The Chief Audit Executive concludes that the current resource level of personnel is adequate for the audits planned for 2011-2014. The audit plan will use a combination of internal and external resources because of the volume of planned engagements as well as to fulfill the collective proficiency standards required for internal auditing. The operating budget includes some targeted funding to support the operation of the Departmental Audit Committee and the continuous professional development of the internal audit staff.
|&2011 - 2012||&2012 - 2013||&2013 - 2014|
|Human Resources – FTEs||7||7||7|
Resource allocations for all 2011-12 audit projects can be found on Table 5.
Some key consulting activities that Internal Audit will pursue in the planning cycle include: