June 2019 – Tenth Annual Report
For the year ending March 31, 2019
The creation of independent departmental audit committees that include a majority of members from outside the federal public service is an essential component of the Treasury Board (TB) Policy on Internal Audit. The fundamental role of these committees is to ensure that the deputy head has independent, objective advice, guidance and assurance on the adequacy of the department’s control and accountability processes.
The importance of audit committees was further underlined in legislation when the Federal Accountability Act amended the Financial Administration Act to include the following requirements:
16.1 The deputy head or chief executive officer of a department is responsible for ensuring an internal audit capacity appropriate to the needs of the department.
2006, c. 9, s. 259.
16.2 Subject to and except as otherwise provided in any directives issued by the Treasury Board under paragraph 7(1)(e.2), the deputy head or chief executive officer of a department shall establish an audit committee for the department.
2006, c. 9, s. 259.
16.21(1) A person who does not occupy a position in the federal public administration but who meets the qualifications established by directive of the Treasury Board may be appointed to an audit committee by the Treasury Board on the recommendation of the President of the Treasury Board.
Audit Committees and Parliamentary Agencies
The Treasury Board (TB) Policy on Internal Audit makes specific reference to offices of agents of Parliament, including the Office of the Public Sector Integrity Commissioner. Deputy heads of these organizations may, subject to compliance with sections 16.1 and 16.2 of the Financial Administration Act, authorize such departures from the specific policy requirements contained in the Policy as they may deem appropriate in light of the governance arrangements, statutory mandate and risk profile of the organization of which they are deputy heads.
Audit and Evaluation
Although audit and evaluation are the subjects of separate policies in the federal government, the management of these functions is closely linked, particularly in small agencies. In the interest of efficiency, the PSIC audit committee also has responsibilities related to evaluations carried out under the TB Policy on Results and consequently, is named the Audit and Evaluation Committee (AEC).
Accountability of the AEC
The role of the AEC is advisory in nature. The sole accountability of the AEC is to the Public Sector Integrity Commissioner of Canada (Commissioner). In this regard, members are accountable for the objectivity, quality and timeliness of their advice and for the performance of their contractual responsibilities.
Responsibilities of the AEC
The responsibilities of the AEC as set out in its Charter, are:
- To provide objective advice and recommendations to the Commissioner regarding the sufficiency, quality and results of internal audit engagements related to the adequacy and functioning of the Office’s frameworks and processes for risk management, control and governance;
- To review, using a risk-based approach, all areas of management designated by the Comptroller General of Canada for audit committee review. These areas are:
- Values and Ethics
- Risk Management
- Internal Audit Function
- External Assurance Providers
- Follow-up on Management Action Plans
- Financial Statements and Public Accounts Reporting
- Accountability Reporting
- To provide advice and recommendations on any other matters for which the Commissioner, as accounting officer, is responsible, and on other related matters as needed or requested by the Commissioner.
With respect to evaluations, the Committee will:
- Provide advice to the Commissioner, though review of the PSIC risk-based audit and evaluation plan, as to programs or operations of PSIC that should be the subject of an evaluation;
- Review and advise on the terms of reference, scope and timing of any planned evaluation;
- Review the findings of evaluations carried out and monitor subsequent management action plans.
Annual Plan and Annual Report
The AEC carries out its operations according to an Annual Plan that is prepared by the Chair and approved by the Commissioner. The document sets out the number of meetings planned for the coming year as well as topics to be covered at the meetings. At the end of each fiscal year, the Chair of the Committee, in consultation with other External Members, prepares a report (this document) to the Commissioner that describes the activities carried out by the AEC during that year and provides an assessment of systems, controls and other management tools that are in place at PSIC.
The Chair and members are selected by the Commissioner. The 2018–19 Committee consisted of:
- Michael Nelson, External
- Joe Friday, Commissioner
- Josée De La Durantaye, External
- Jacques Paquette, External (from November 19, 2018)
Regular Non-Member Attendees
- France Duquette, Deputy Commissioner and Chief Audit Executive (CAE) (until June 21, 2018)
- Denis Bilodeau, Deputy Commissioner and Chief Audit Executive (CAE) (from June 24, 2018)
- Eric Trottier, Manager, Financial Services and Chief Financial Officer (CFO)
- Heidi Bartman, Chief Results Delivery Officer
During 2018–19 the Committee met on:
- April 20, 2018
- July 9, 2018
- November 26, 2018
- February 21, 2019
In-camera sessions with the Commissioner, with the CAE, with the Chief Financial Officer (CFO), and with the Office of the Auditor General (OAG) representative (when present) as well as between external members only, were held at each regular meeting.
Support to the Committee
The Committee received information and support from management to enable it to carry out its duties and responsibilities effectively. The Commissioner also made available to the Committee the Commissioner’s reports to Parliament, including his Annual Report and Case Reports.
The Chief Results Delivery Officer prepared Agendas and Minutes for the 2018–19 meetings and provided support for the work of the Committee.
Summary of 2018–19 AEC Meeting Topics
Items considered by the AEC in 2018–19 included the following:
Office of the Auditor General (OAG) Audit of Financial Statements
- PSIC Financial Statements are audited each year by the OAG.
- Nathalie Chartrand, Audit Principal, and Josée Maltais, presented the results of the audit of the 2017–18 to the Committee on July 9, 2018. Ms. Maltais advised that the results of the audit resulted in an unmodified opinion on the financial statements. There were no legal claims and no business risks that had significant audit implications were identified.
- Ms. Chartrand thanked PSIC staff and CHRC (the financial services provider for PSIC) for their full cooperation. No action plan will be requested by OAG as a result of the audit.
- On the recommendation of the AEC, the Commissioner and the CFO signed the audited financial statements.
- The Audit cycle continued with a presentation by the OAG on February 21, 2019, on the Audit Plan for the 2018–19 Financial Statements.
PSIC Threat and Risk Assessment
- An independent threat and risk assessment was carried out on PSIC’s IT infrastructure to ensure that adequate safeguards are in place.
- Raynald Lamperon, Director of Operations and Departmental Security Officer at PSIC, led a presentation by him and Eric Trottier on the results and the management response. Although some risks had been identified by the assessment, none of those had ever materialized at PSIC.
- The AEC was satisfied with actions that were being taken.
PSIC Risk-Based Audit and Evaluation Plan (RBAEP)
- A five-year RBAEP was prepared for PSIC by The OTUS Group.
- AEC members were engaged throughout the process of creating the plan and provided input to the final version.
- A comparison was made between the Audit Universe of the RBAEP and the Audit Universe of the Small Departments and Agencies (SDA). The comparison confirmed that while there were some differences, the overall audit coverage of the PSIC RBAEP was very similar to that of the SDA and was sufficient for PSIC’s requirements.
Evaluation of the Legal Request Access Program
- An evaluation of the Legal Request Access Request Program was conducted by Goss Gilroy Inc.
- The results of the evaluation as well as the Management Response were presented to the AEC over the course of two meetings.
- The AEC expressed appreciation to the Legal Team on their leadership during this evaluation.
Update on LEAN Implementation
- Raynald Lampron presented an update to the AEC on implementation of Phase II of the LEAN exercise.
- Operational efficiencies had been gained and new pilot projects had been developed as a result of the creation of a PSIC group tasked with driving LEAN forward.
- AEC members were impressed with the results generated by LEAN and asked to be kept informed of results.
Audit of Service Level Agreements
- The Chief Audit Executive briefed AEC members on problems related to the performance of service providers under Service Level Agreements.
- It was agreed that an audit of these agreements should be carried out in order to determine their value for the money that was being expended.
- This audit was still being carried out as the fiscal year ended.
Public Service Employee Survey (PSES)
- The Commissioner provided the AEC with results of the most recent PSES. PSIC employee participation in the survey was high and results were exceptionally positive.
- AEC members complimented the Commissioner and his Executive Team on the leadership that resulted in these excellent results.
- At each meeting the Committee was provided with the opportunity to review and comment on operational statistics.
- Details were provided on management of disclosure files, including number of active files and active investigations.
- Details were provided at each meeting on the most current PSIC Performance Standards results.
- The Commissioner provided updates on PSIC cases that were before the courts and on cases that had been referred by the Commissioner to the Public Servants Disclosure Protection Tribunal.
The AEC reviewed quarterly financial reports prepared by PSIC and provided comments to the CFO. At each meeting, members were presented with a comprehensive report and analysis by the CFO on expenditures and forecasts.
Each AEC meeting included a discussion of human resources issues, including hiring, staff turnover, training and planning. When appropriate, these discussions were held in-camera.
The AEC was informed at each meeting on PSIC accommodation plans. In particular, the relocation of PSIC offices was of interest to the AEC. The efforts of the CFO in working with Public Services and Procurement Canada were commended by the AEC.
The risks associated with delivery of IT services by CHRC were of particular interest to the AEC during the reporting period. The CFO briefed members on progress, including the hiring of a dedicated PSIC IT specialist, at each meeting.
Audit and Evaluation Dashboard
- The PSIC Audit and Evaluation Dashboard was discussed at AEC meetings. These discussions included the status of each planned audit and evaluation, and any proposed changes to scope or timings.
- Given the time that elapses between AEC meetings, members requested that they be advised by email of any significant changes to the scope, progress or completion dates of any planned audits or evaluations.
Implementation of Phoenix at PSIC
- The Government of Canada (GC) approved the Transformation of Pay Administration (TPA) Initiative in 2009 to transform the GC’s pay administration system, renew business processes and consolidate pay services. The new system is known as Phoenix.
- The CFO provided members with updates on the impact of Phoenix at PSIC at each meeting. The impact on PSIC staff remained minimal. This was confirmed by discussion with the OAG in the context of the Audit of 2017–18 Financial Statements.
Reports on PSIC by Others
- Like most other government entities, PSIC is subject to laws, including its own governing legislation, which result in reports on PSIC by other Agents of Parliament.
- At each meeting, the AEC was presented with the results of any reports on PSIC activities that had been conducted, including reports by the Office of the Privacy Commissioner, the Office of the Access to Information Commission, the Office of the Commissioner of Official Languages and other independent agencies.
- The AEC was satisfied that any issues or recommendations for improvement either had been implemented or were in progress.
Audit and Evaluation Personnel Changes
- France Duquette left her position as CAE upon her retirement. Denis Bilodeau was appointed CAE upon joining PSIC as Deputy Commissioner.
- Jacques Paquette joined the AEC as an external member effective November 19, 2018.
- Michael Nelson ended his term as AEC Chair effective March 31, 2019.
- Josée De La Durantaye became Chair of the AEC effective April 1, 2019.
The Commissioner thanked France and Michael for their contributions, welcomed Denis and Jacques, and looked forward to Josée’s leadership of the AEC.
Orientation and Learning Activities
Office of the Comptroller General (OCG) Departmental Audit Committee (DAC) Symposium
On November 27, 2018, Michael Nelson, Josée De La Durantaye and Jacques Paquette attended the DAC Symposium. The theme of the Symposium was, “Transformation: Trends, Tools and Technology”. Topics discussed at the symposium included: Initiatives supporting a renewed vision for internal audit; Transforming the delivery of services to Indigenous Peoples; Complex project leadership and oversight; Government of Canada’s new digital services and strategic plan; Current IT security trends and threats and important questions audit committee members should ask; and, a closing keynote from the Secretary of the Treasury Board on “improving the way we serve Canadians better”.
Committee Forward Agenda
Certain AEC activities take place each year, including the following:
- Providing advice and recommendations to the Commissioner on issues related to delivery of services, including performance measurement and communication with stakeholders;
- Reviewing audit and evaluation reports;
- Follow-up of Management Action Plans, including recommendations made in reports from other Agents of Parliament;
- Cooperation with the OAG and the OCG where appropriate with the PSIC’s status as an Agent of Parliament;
- As a Committee, developing a better understanding of both the administration and the business of PSIC through briefings on PSIC operations made by appropriate PSIC staff so that Committee members may be better able to provide advice regarding risks;
- Review of Quarterly Financial Statements and provision of comments where appropriate on the Report on Plans and Priorities, the Departmental Performance Report and the Commissioner’s Annual Report to Parliament;
- Participating where appropriate in audit community learning events in order to exchange views with audit committee members in other departments and agencies.
Assessment of PSIC’s System of Internal Controls, Risk Management and Governance Processes
The AEC meets as a committee with PSIC staff three or four times a year, thus the role of the AEC with respect to providing conclusive advice to the Commissioner regarding the functioning of internal controls, risk management and governance processes is challenging.
To increase the reliability of the advice provided by the AEC to the Commissioner during the reporting period and in this report, the following steps were taken:
- At each AEC meeting, the external members held in-camera sessions with the CFO, the CAE and the Commissioner. The CAO and the CFO were asked at each session whether there were any irregularities they wished to discuss with the external members. There was none.
- During the reporting period, the Chair was in regular contact with the CAE and the CFO.
- PSIC’s Quarterly Financial Statements were reviewed by external members and questions were asked of the CFO on financial matters (and satisfactory answers were provided) during each AEC meeting.
- Members were provided with agendas and minutes of PSIC Executive Committee meetings as well as a presentation of the evolving PSIC Results Dashboard at each AEC Meeting.
- External members met in-camera on July 9, 2018, with the OAG Principal responsible for the audit of PSIC’s 2017–18 financial statements. This audit did not examine internal controls, risk management or governance processes in detail. However, the audit did not identify any material misstatements or concerns that needed to be brought to the attention of the AEC, the CFO, the CAO or the Commissioner.
Having taken these steps, the view of the external members of the AEC is that PSIC’s system of internal controls, risk management and governance processes are from our perspective and to the best of our knowledge, sound.
Assessment of the Capacity and Performance of the Internal Audit and Evaluation Function
The Committee noted that:
- The AEC meets regularly, including in-camera, has an external Chair, and membership is reviewed annually and renewed when required.
- OAG audits take place each year and OAG staff have commended the cooperation of PSIC officials with whom they worked in carrying out these audits as well as the cooperation of CHRC officials, the financial service providers to PSIC.
- A risk-based audit and evaluation plan has been prepared and reviewed by the Committee and approved by the Commissioner. An Audit and Evaluation Dashboard is prepared by the CAE and is reviewed at least once each fiscal year by the AEC.
- PSIC uses external consultants to provide expert services in the areas of Risk Assessment, audits and evaluations and audit and evaluation planning. The Committee will continue to monitor the results of these services.
- Sufficient funds are available to carry out the approved risk-based audit and evaluation plan.
The Committee will continue to review the capacity and performance of the internal audit and evaluation functions at PSIC.
(Original signed by)
Josée De La Durantaye, Chair
On behalf of the PSIC Audit and Evaluation Committee