Environment Canada's Three-Year Risk-Based Audit and Evaluation Plan 2009-2012

| TOC | Previous | Next |

1. Introduction

• 1.1 Purpose
• 1.2 Planning Approach

1.1 Purpose

This document presents Environment Canada's (EC) Risk-Based Audit and Evaluation Plan for 2009-2012. The plan has been designed with the objective of allocating audit and evaluation resources to those areas that represent the most significant risks and priority to the department, and to respond to implementation requirements for the Treasury Board (TB) 2006 Policy on Internal Audit¹ and the 2001 Evaluation Policy².

The External Audit Advisory Committee (EAAC) reviewed the portion of the plan relating to the Internal Audit function (i.e. internal audit engagements and supporting strategic planning and coordination activities) and recommended it to the Deputy Minister for approval. The evaluation projects and supporting strategic planning and coordination activities were presented to the Departmental Evaluation Committee (DEC) for their review and approval.

Top of page

1.2 Planning Approach

This year EC has strengthened its approach to risk-based audit and evaluation planning, in accordance with the requirements of the TB Policy on Internal Audit and the Evaluation Policy.

Key enhancements to this year's plan include:

• Risk methodology is based on the April 2006 Internal Audit Policy and is consistent with the Treasury Board Secretariat (TBS) Integrated Risk Management Framework
• Identification and ranking of the audit universe by priorities with the selection of projects by highest risk
• Better coverage of risk management, controls and governance processes (as per TBS Internal Audit Policy and Federal Accountability Act)
• Better alignment and integration with key corporate activities – i.e. departmental strategic review, Corporate Risk Profile (CRP), Report on Plan and Priorities (RPP), MAF assessments, financial readiness assessment and board priorities
• Better alignment and integration with other audit assurance providers – Office of the Auditor General (OAG)/Commission of the Environment and Sustainable Development (CESD), TBS/Office of the Comptroller General (OCG), Privacy Commissioner, Commissioner of Official Languages and Public Service Commission
• Improved rationale, risk description, scope and objectives, projected start date and tabling date for each audit and evaluation project
• Improved rationale and reporting for carry-over projects
• Improved follow-ups on recommendations and management action plans

Risk Assessment

This year’s risk assessment and prioritization process was conducted using the draft OCG Risk-Based Audit Planning (RBAP) guide, which provides a comprehensive and rigorous approach to risk-based annual planning.

According to the RBAP guide and methodology, there are four steps to developing a robust risk-based plan:

1. Development of the Audit and Evaluation Universe – This includes the identification of the audit and evaluation entities based upon an analysis and grouping of EC’s programs, activities, functions, structures and initiatives (2008-2009 Program Activity Architecture (PAA)) which contribute to the achievement of the department’s strategic objectives.
2. Preliminary Prioritization of the Audit and Evaluation Universe – This includes the review and consideration of available departmental risk information, including the Strategic Review from 2008, the CRP, the latest MAF assessment, departmental priorities, board priorities and the readiness assessment for audited financial statements. Results of the risk ranking exercise are detailed in the working papers that support the development of this plan. Each entity was assessed in terms of its risk exposure and significance using a series of prioritization criterion to generate a priority level assigned to each entity, which in turn informed the planning of specific audit engagement and evaluation projects. Appendix A lists each element of the PAA rated according to its levels of risk and audit and/or evaluation priority.
3. Final Prioritization of the Audit and Evaluation Universe – Consideration was given to other factors such as management requests and the EAAC and DEC recommendations; mandated audits such as OCG’s horizontal audits; mandated evaluations by TB; other assurance providers (e.g., OAG, CESD, PSC, Privacy Commissioner, OCOL); time since last audit, carry-over audits and evaluations; and follow-up audits and evaluations. Senior management was consulted on potential audits and evaluations, the risks to which programs and activities are exposed, and prioritization of the entities. Final priority rankings, rationale, scope and objectives, timelines and budget estimates were confirmed by Audit and Evaluation Branch (AEB) directors. Finally, professional judgement was applied to select and finalize the list of specific audit and evaluation projects.
4. Audit and Evaluation Plan Development and Approval – The development of the plan took into consideration the coverage of the high audit and evaluation priorities over the three-year planning horizon. The plan will be reviewed by the audit and evaluation committees who will recommend to the Deputy Minister for approval. The approval process consists of:
   1. The plan being presented to the EAAC for their review and comments and for recommendations for the Deputy Minister to approve (audit component).
   2. The plan (evaluation component) being presented to the DEC for their review and approval.

See Appendix E for a more detailed description of this year’s planning approach.

Top of page

---

¹ Treasury Board Policy on Internal Audit, April 2006. [Back]

² Treasury Board Evaluation Policy, April 2001. [Back]