2010-2013 Risk-Based Internal Audit Plan

1. Introduction

1.1 Background

As an officer of Parliament and agent of change, the Office of the Commissioner of Official Languages (OCOL) has a mandate to promote the Official Languages Act and oversee its full implementation, protect the language rights of Canadians, and promote linguistic duality and bilingualism in Canada. It is the duty of the Commissioner to take all actions and measures within the authority of the Commissioner with a view to ensuring recognition of the status of each of the official languages and compliance with the spirit and intent of this Act in the administration of the affairs of federal institutions, including any of their activities relating to the advancement of English and French in Canadian society.

The Commissioner ensures that the three key objectives of the Act are achieved and takes all necessary measures in this respect. These objectives are:

  • the equality of English and French in Parliament, the Government of Canada, the federal administration and the institutions subject to the Act;
  • the development and vitality of official language minority communities in Canada; and,
  • the equal status of English and French in Canadian society.

OCOL has more than 170 employees and an annual budget in excess of $20 million. Annually, OCOL receives over 800 complaints, publishes 2 to 5 audit reports on average, performs legal interventions and the Commissioner performs various activities all across the country to promote official languages.

Over the last few years, OCOL has faced a number of changes and transformations including the evolution of the role of Ombudsman for official languages, the streamlining of the approach to handle complaints and the re-thinking of regional offices' structure and role. Considering that other significant changes are expected, such as an A-Base/strategic review, the implementation of a large IM/IT project and the retirement of key members of personnel, it is clear that a strong risk-based internal audit plan will be an important governance element in helping OCOL achieve its objectives.

This document outlines OCOL's internal audit annual plan for 2010-2013. It also highlights potential areas of audit focus and secures resources to ensure that requests from the Audit and Evaluation Committee and the executive committee can be ensured timely and efficiently. The plan reconfirms the objective of allocating audit resources to those areas that represent the most significant priorities to OCOL, and to ensure that internal audit services will be of greatest benefit to the organization as a whole.

1.2 Approach

The approach on which this plan is based is in compliance with the Institute of Internal Auditors (IIA) Professional Practices Framework. The audit plan was developed as follows:

Risk-Based Audit Planning Approach

Risk-Based Audit Planning Approach

1.2.1 Identification of the Audit Universe

The audit universe defines the potential scope of IA activity and is comprised of individual “auditable entities” that may be subjected to IA activity. To ensure alignment between the focus of internal audit and the operational structure of the department, the 23 auditable entities were aligned with the 3 program activities identified in the 2010-2011 Program Activity Architecture (PAA) structure. This table represents OCOL's audit universe.

Strategic Outcome Canadians' rights under the Official Languages Act are protected and respected by federal institutions and other organizations subject to the Act; and linguistic duality is promoted in Canadian society.
Program Activity 1. Protection through Compliance Assurance 2. Promotion through Policy and Communications 3. Internal Services
Auditable Entities
  • Investigations (3 client portfolios)
  • Audits (3 client portfolios)
  • Strategic Performance Measurement (3 client portfolios)
  • Legal Affairs
  • Branch Management Support
  • Policy and Research
  • Strategic Communications and Promotion
  • Parliamentary Relations
  • Regional Operations
  • Branch Management Support
  • Strategic Planning
  • Information Technology
  • Internal Audit and Evaluation
  • OCOL Travel and Hospitality
  • Administrative Services
  • Human Resources
  • Information Management
  • Access to Information and Privacy
  • Values and Ethics
  • Finance
  • Commissioner's Office
  • Procurement, Acquisition Cards and Contracting
  • Branch Management Support

1.2.2 Environmental Scan of the Audit Universe

The project team conducted a series of interviews with Assistant Commissioners and members of the Audit and Evaluation Committee to identify organizational changes, key risks to which operations are exposed, and ultimately areas where internal audit can be of assistance in supporting the achievement of organizational objectives. The project team leveraged information in the Corporate Risk Profile to facilitate the identification of risk areas for audit planning purposes. This risk information not only provided important insight into the concerns of management, but also provided risk exposure information which was used to prioritize auditable entities and identify necessary audit projects.

1.2.3 Prioritization of Auditable Entities

Each entity that comprises the audit universe was ranked using 2 criteria (risk exposure and importance), each of which is weighted to reflect its relative importance. The following criteria were used, all weighted equally:

Risk Exposure:

  • Review of Corporate Risk Profile and Consultations
  • Degree and Recentness of Changes
  • Complexity / Dependencies / Legislative Requirements

Importance:

  • Materiality (the entity's budget, i.e. Low <$500k; Moderate >$500k but <$1M; High >$1M)
  • Sensitivity / Public Profile
  • Link to Mandate

Taken together, these criteria were applied to derive a total weighted priority score used to generate a preliminary prioritization of the audit universe. Then, recent audit coverage of the entity was considered before assigning it a requirement for audit rating. The outcome is a preliminary ranked list of audit priorities, details of which can be found in Appendix A.

1.2.4 Project Selection and Plan Development

Finally, the project team developed a three year audit plan. To this end, the highest audit priorities identified serve as the starting point, and provide the main, but not only consideration for project selection. The team examined the top priority entities against a variety of constraints and opportunities, including:

  • Availability of audit resources over the 3 year period;
  • Feasibility of conducting an audit;
  • Conduct of other reviews providing oversight (i.e. Program Evaluations, OAG audits, etc.);
  • Mandated audit projects (i.e. follow-ups, OAG/PSC obligations for horizontal audits, etc.);
  • Management requests; and
  • Audit and Evaluation Committee direction.

New priorities are determined based on these considerations; audits are defined for the top priorities. The outcome is a short-list of audit projects and activities to be conducted during the coming three-year planning horizon.

An analysis of the proposed audit coverage of the organization is conducted in order to ensure an appropriately balanced audit plan. The project team considered the number of corporate risks covered by the plan, the number of priorities covered, and how the allocation of audit resources aligns with the organization's expenditures.

Details of audits planned are provided including the scope, objectives, key risks, rationale and timing for each engagement and estimates on resourcing levels. Timing of audits planned is provided with the tabling of the multi-year Risk-based Audit.

A budget of approximately $90,000 has been established for the Internal Audit Function for 2010-2011. The estimated breakdown of expenditures for the 2010-2011 Internal Audit budget is as follows:

  • Assurance audits – 100%
  • Advisory or other projects – 0%

Based on the audit plan developed and described in section 3, no resource limitations have been identified for the delivery of effective internal audit services for the period covered by this plan.

2. Planning Context

2.1 Role of Internal Audit

Internal audit is an independent, objective entity within OCOL that is designed to add value and improve the organization's operations. It helps OCOL accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. The Internal Audit group is led by the Chief Audit Executive who is supported by a variety of staff and external professional service providers with varying skill sets depending on the nature of the audit project.

Generally, OCOL's Internal Audit group provides assurance and advisory services to the Commissioner, the Executive Committee and the Audit and Evaluation Committee. Internal audit work is typically focused on assessing whether the system of internal control within OCOL is adequate and effective to support the following imperatives:

  • Achievement of operational objectives;
  • Safeguarding of assets;
  • Economy and efficiency of operations;
  • Reliability and integrity of financial and operational information; and
  • Compliance with legislation, policies and procedures

2.2 Strategic Outcome and Operational Priorities

For internal audit planning purposes, it is important to use OCOL's strategic outcome and operational priorities as context for the establishment of internal audit activities to be conducted.

OCOL's strategic outcome reads as follow:  Canadians' rights under the Official Languages Act are protected and respected by federal institutions and other organizations subject to the Act; and linguistic duality is promoted in Canadian society. Operational priorities read as follow:

  1. Work with federal institutions and other organizations subject to the Official Languages Act so that they fully integrate linguistic duality as an important element of leadership.
  2. Promote to Canada's two official language communities, the value of linguistic duality as one of the key elements of Canadian identity.
  3. Support official language minority communities in order to foster their development and vitality.
  4. Strengthen organizational capacity by applying sound management principles and practices with respect to corporate priorities.

2.3 Key Organizational Risks

A critical element in establishing internal audit priorities relates to the key risks being faced by OCOL. A core principle of internal audit at OCOL is to focus resources in areas that will be of the highest value to OCOL – with key risk areas representing a typical starting point. Usually, Internal Audit will build off the organization's risk management framework and OCOL has completed an exercise to develop a corporate-level risk profile.

The corporate risk profile identifies the following four high-rated risks, which are being addressed by senior management through various risk mitigation measures:

  • Inadequate IM/IT systems, infrastructure and support. The risk that the IM/IT infrastructure and support are not sufficient to fulfill OCOL's current operational needs. Also the risk that information cannot be collected, analyzed and reported/communicated on a timely basis. Finally, the risk of losing valuable corporate memory.
  • Perception that the Official Languages Act may be less relevant. The risk that the public and/or stakeholder groups perceive OCOL and the Official Languages Act as irrelevant. Also, the risk of loss of credibility and influence within the federal government and not being able to fulfill OCOL's mandate.
  • Inadequate funding from the federal government The risk that changes to government policy/funding priorities could result in reduced funding to OCOL. Also, the risk that OCOL's expenses increase significantly, due to new requirements necessitating additional unplanned resources.
  • Inadequate performance measures and reports. The risk that performance measures are not set or can't be measured. Also the risk that adequate performance information is not collected or that IT systems are not able to collect it. Finally, the risk that corrective measures to address performance gaps are not implemented.

3. Audit Plan Summary

As an Agent of Parliament, OCOL is constantly evolving to respond to the expectations of Canadians and to ensure that it remains relevant, effective and efficient. As identified by management through a series of interviews, the Commissioner's evolving role as an Ombudsman is gradually being reflected in the organization's structure. This new approach is now supported by a modernized approach to investigations, audits, promotion and prevention activities. The roles and responsibilities of regional offices will also be impacted significantly as an initiative is underway to realign regional activities.

The proposed audit plan below accounts for all of these recent changes and also focuses on risks identified in the corporate risk profile, as well as activities required to achieve the organization's strategic outcome. This audit plan will bring added value to the organization by ensuring that the Executive Committee and the Audit and Evaluation Committee are provided with recommendations on OCOL's management practices, control frameworks, policies, directives, etc. in areas considered by management as having a higher risk level or as being of particular interest to better manage the organization.

Audit projects where management determined there is the greatest need for support and value-added assistance within the first year of the plan (2010-2011) includes:

  • an audit of integrated planning practices;
  • an audit of investigation practices; and,
  • an audit of Parliamentary relations (will be started in 2010-2011 but completed in 2011-2012).

For the following two years of the plan, it was determined that research and studies activities, the regional office restructuration pilot project, workplace health and safety and the IM/IT renewal project (when funding from this project is eventually obtained) would benefit from audit activity. Three potential audit projects have also been identified. These potential audits may be conducted if another audit project is postponed, cancelled, or if capacity is sufficient to undertake these potential audits.

The table in Section 4 provides a listing of the proposed audit projects along with their scope, objective and rationale. The proposed audit timing, relative audit effort, scope, objective and rationale might be modified through time as new issues or needs arise and are brought to the Audit and Evaluation Committee's attention. For further details on the rationale to select these audit projects, please refer to Appendix A.

To finalize this plan, it is expected that it will be recommended for approval by the Executive Committee, approved by the Audit and Evaluation Committee, and ultimately by the Commissioner.

4. Audit Project Descriptions

4.1 Audit Projects

The table below provides the objective/scope and rationale for each of the audit projects proposed for 2010 to 2013. The rationale includes, where applicable, a mapping to the identified key risks facing OCOL and a reference to the audit priority rating as detailed in Appendix A. Finally, it should be noted that final scope/objectives for the audits may be modified depending on the results of the planning phases of each of the respective projects. In addition to the proposed audit projects below, Internal Audit will continue to attend key management and Audit and Evaluation Committee meetings, conduct follow-ups on previous audits (as appropriate), and develop the annual internal audit plan (i.e. this document).

Year Audit Project Name Primary Entity Relative Audit Effort Audit Scope/Objective/Rationale
2010-2011 Audit of Integrated Planning Practices Corporate Services Branch Moderate
  • Scope: Integrated strategic and operational planning practices carried out by OCOL.
  • Objective: The objective of the audit is to determine if OCOL has an adequate, effective and rigorous integrated strategic and operational planning process to align resources with organizational priorities and objectives.
  • Rationale: Moderate Audit Requirement. Considering that the planning function has been recently relocated within Corporate Services, and that integrated planning is relatively new yet increasingly important as OCOL is faced with important decisions when it comes to funds allocations, an audit of this activity is recommended.
2010-2011 Audit of Investigation Practices Compliance Assurance Branch High
  • Scope: Investigation management practices of CAB.
  • Objective: The objective of the audit is to determine if OCOL has effective management practices for investigations. This includes roles and responsibilities, the complaint reception centre (and related intake and prioritisation process), how investigations are conducted and files maintained, and how information derived from investigations is ultimately leveraged throughout OCOL.
  • Rationale: High Audit Requirement. Considering the lack of past audit coverage and recent structural changes at OCOL impacting investigations, an audit of investigation practices would be beneficial to help ensure that investigation practices are appropriate.
2010-2011 (will be started in 2010-2011 but completed in 2011-2012) Audit of Parliamentary Relations Policy and Communications Branch Low
  • Scope: Management practices over OCOL's relations with the Parliament, its committees and parliamentarians.
  • Objective: The objective of the audit is to determine if OCOL has an effective management control framework in place to manage relations with Parliament, its committees and parliamentarians. This audit will focus on the parliamentary strategy and activities that ensure that OCOL's parliamentary relations are appropriate and aligned with the organization's priorities.
  • Rationale: Moderate Audit Requirement. Considering the lack of past audit coverage, the recent changes in the Commissioner's Ombudsman's role and the importance of parliamentary relations, an audit of this activity is recommended.
2011-2012 Audit of Regional Pilot Project Policy and Communications Branch Moderate
  • Scope: Management practices conducted in the regional office selected for the regional pilot project.
  • Objective: The objective of the audit is to determine if the changes proposed by the regional pilot project are appropriate to help ensure OCOL has an effective management control framework for the activities performed in regional offices. This audit will focus on the new structure, roles and responsibilities of regional offices as proposed by the pilot project.
  • Rationale: High Audit Requirement. Considering the lack of past audit coverage, changes in the Commissioner's role, upcoming structural changes and based on discussions with management, an audit of this activity is recommended. The timing of the audit is intended to align with the completion of the pilot project. The audit should be completed before the pilot project is extended to other regional offices.
2011-2012 Audit of Research and Studies Activities Policy and Communications Branch Moderate
  • Scope: Management practices over studies and research on official languages carried out by the Policy and Communications Branch.
  • Objective: The objective of the audit is to determine if OCOL has an effective management control framework in place to manage its research activities in alignment with corporate goals, policies and directives. The audit will focus on how research projects are selected, prioritized, performed, used and also how OCOL leverages research performed by other federal organizations.
  • Rationale: High Audit Requirement. Considering the lack of recent audit coverage, management consultations and upcoming changes within this activity, an audit of research activities is recommended.
2012-2013 Workplace Health and Safety Audit Corporate Services Branch Low
  • Scope: Management practices related to workplace health and safety for OCOL as a whole
  • Objective: The objective of the audit is to determine if OCOL has effective management practices related to workplace health and safety for its employees and visitors, and to assess compliance with applicable TBS and OCOL policies, directives and best practices.
  • Rationale: Moderate Audit Requirement. Workplace health and safety across the federal government is an important issue. OCOL recognized the importance of health and safety by recently creating a committee dedicated to this area. An audit of activities and practices pertaining to health and safety is recommended.
2012-2013 (actual timing to be aligned with project timelines) IM/IT Renewal Project Audit Corporate Services Branch High
  • Scope: Project management practices for the IM/IT renewal project.
  • Objective: The objective of the audit is to determine if OCOL has effective management practices to manage this major IM/IT renewal project. The audit will focus on project management practices and compliance with various TBS Policies and leading practices that impact large IM/IT projects.
  • Rationale: High Audit Requirement. As considerable amounts of resources are being allocated to the IM/IT Renewal Project, its success is critical to the organization. Large IM/IT projects are inherently risky as they introduce numerous organizational changes. The timing of the audit is intended to align with the mid-point of the project lifecycle.
Potential Audit – timing TBD Audit of Strategic Communications and Promotion (scope to be further refined) Policy and Communications Branch High
  • Scope: Management practices related to strategic communications and promotion (scope to be further refined).
  • Objective: The objective of the audit is to determine if OCOL has effective management practices related to strategic communications and promotion, including how activities are planned, prioritized and carried out. 
  • Rationale: Considering discussions with management, an audit may not be required at this time as there were no significant issues or changes identified with this activity; however, considering the importance of this activity, a potential audit project has been identified. The audit may be conducted if another audit project is postponed, cancelled, or if capacity is sufficient to undertake this audit.
Potential Audit – timing TBD Audit of CAB Audit Practices Compliance Assurance Branch High
  • Scope: Audit management practices of CAB.
  • Objective: The objective of the audit is to determine if OCOL has effective management practices for audits. This includes roles and responsibilities, how audits are identified and prioritized, how audits are conducted and files maintained, and how information derived from audits is ultimately leveraged throughout OCOL.
  • Rationale: Considering that the audit process has gone through a quality assurance review recently, an audit may not be required at this time; however, considering the importance of this activity, a potential audit project has been identified. The audit may be conducted if another audit project is postponed, cancelled, or if capacity is sufficient to undertake this audit.
Potential Audit – timing TBD Audit of Strategic Performance Management Policy and Communications Branch High
  • Scope: Strategic performance management practices of PCB.
  • Objective: The objective of the audit is to determine if OCOL has effective management practices for strategic performance management. This includes roles and responsibilities, planning and prioritization, how activities are conducted, and how information derived from these activities is ultimately leveraged throughout OCOL.
  • Rationale: Considering the audit priority rating and discussions with management, an audit may not be required at this time as there were no significant issues identified with this activity; however, considering the importance of this activity, a potential audit project has been identified. The audit may be conducted if another audit project is postponed, cancelled, or if capacity is sufficient to undertake this audit.

4.2 Relative Audit Effort Definitions

The following table provides a definition for the relative audit effort identified in the table above. Please note that these definitions are provided as indication only and could vary based on the audit scope and objectives.

Relative Audit Effort Rating Definition
Low Less than $20,000
Moderate Between $20,000 and $40,000
High Over $40,000

5. Appendix A – Audit Prioritization

The following rating criteria were used to prioritize auditable entities and establish audit plan priorities.

Criteria Ratings
  Total Weight   Total Weight Definitions
When determining audit priority ratings for each audit entity, the following scale was used:
  • Low: < 1.8
  • Moderate (Mod): > 1.8 but < 2.2
  • High: > 2.2
Risk Exposure 50% Review of Corporate Risk Profile and consultations 1/6 Review of the Corporate Risk Profile and consultations with Assistant Commissioners and Audit and Evaluation Committee members provides insights on the risk exposure of each auditable entity.
  • 1 = Low
  • 2 = Moderate
  • 3 = High
Degree and Recentness of Changes 1/6 Impact of change includes the magnitude, history and timing of the change. This criterion includes all changes recently done or anticipated during the 3 years audit planning scope. Changes considered include:
  • Legislation, regulations or internal policies
  • Governance structure
  • Personnel
  • Financial / Funding
  • Operational restructuring
  • New technology or systems
  • 1 = No major changes done or anticipated
  • 2 = Some significant changes done or anticipated
  • 3 = Very significant changes done or anticipated
Complexity / Dependencies / Legislative Requirements 1/6 The complexity of business processes, technology and regulatory environment are considered. The greater the dependencies, the more coordination required. Legislative requirements consider the extent of obligations of OCOL from legislation.
  • 1 = Low
  • 2 = Moderate
  • 3 = High
Importance 50% Materiality 1/6 This criterion considers the dollar value associated with both O&M and Salaries for 2010-2011 for each entity.
  • 1 = Low (<$500k)
  • 2 = Moderate (>$500k but <$1M)
  • 3 = High (>$1M)
Sensitivity / Public Profile 1/6 External and internal factors and activities influencing an organization's policy and management agenda. Factors considered include:
  • Public visibility
  • Political influence
  • Social influence
  • Media scrutiny
  • Impact on stakeholders
  • 1 = Low
  • 2 = Moderate
  • 3 = High
Link to Mandate 1/6 All activities linked directly to OCOL's strategic outcome are inherently high risk as they are key to fulfilling the organization's mandate.
  • 1 = No direct link to mandate
  • 2 = Linked, but not directly, to mandate
  • 3 = Linked directly to mandate

The following table provides a complete analysis of risk exposure, importance and recent audit coverage for each activity included in the audit universe. This analysis ensures that this risk based audit plan will focus on high risk areas and areas of concern for management.

Audit Entity 2010-2013 Audit Prioritization Proposed 2010-2013 Audits
Risk Exposure Importance Audit Priority Rating Recent Audit Coverage Audit Requirement Rating and Rationale
Consultations & Risk Profile Recentness of Changes Complexity & Dependencies Materiality Sensitivity & Public Profile Link to Mandate
1. Investigations 2 3 2 3 3 3
2.66   High  
No recent audit coverage. Audit Requirement Rating:   High   2010-11 Audit Projects
  • Audit of Investigation Practices
Considering the high audit priority rating, the lack of past audit coverage and recent structural changes at OCOL impacting investigations, an audit of investigation practices would be beneficial to help ensure that investigation practices are appropriate.
2. Audits 2 2 2 3 3 3
2.5   High  
The External Audits Process went through a Quality Assurance Review in April 2010. Audit Requirement Rating: Moderate Potential Audit Project
  • Audit of CAB Audit Practices
Considering that the audit process has gone through a quality assurance review recently, an audit may not be required at this time; however, considering the importance of this activity, a potential audit project has been identified.
3. Strategic Performance Management 1 1 1 3 3 3
2.00 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate Potential Audit Project
  • Audit of Strategic Performance Management
Considering the audit priority rating and discussions with management, an audit may not be required at this time as there were no significant issues identified with this activity; however, considering the importance of this activity, a potential audit project has been identified.
4. Legal Affairs 1 2 1 2 3 3
2.00 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate None identified
Considering the audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
5. Branch Management Support (CAB & LAB) 1 1 2 3 1 2
1.67   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
6. Policy and Research 3 2 2 3 2 3
2.50   High  
No recent audit coverage. Audit Requirement Rating: High 2011-12 Audit Projects
  • Audit of Research and Studies Activities
Considering the high audit priority rating, the lack of recent audit coverage, management consultations and the recent changes with this activity, an audit of research activities is recommended.
7. Parliamentary Relations 3 1 1 1 3 3
2.00 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate 2010-11 Audit Projects
  • Audit of Parliamentary Relations
Considering the Moderate audit priority rating, the lack of recent audit coverage, the recent changes in the Commissioner's role and the importance of parliamentary relations, an audit of this activity is recommended.
8. Strategic Communications and Promotion 2 1 1 3 3 3
2.17 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate Potential Audit Project
  • Audit of Strategic Communications and Promotion
Considering the audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues or changes identified with this activity; however, considering the importance of this activity, a potential audit project has been identified.
9. Regional Operations 3 3 1 3 2 2
2.33   High  
No recent audit coverage. Audit Requirement Rating:   High   2011-12 Audit Projects
  • Audit of Regional Pilot Project
Considering the high audit priority rating, changes in the Commissioner's role, upcoming structural changes and based on discussions with management, an audit of this activity is recommended.
10. Branch Management Support (PCB) 1 1 1 2 1 2
1.33   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
11. Strategic Planning 3 2 2 1 1 2
1.83 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate 2010-11 Audit Projects
  • Audit of Integrated Planning Practices
Considering that the planning function has been recently relocated within Corporate Services, and that integrated planning is relatively new yet increasingly important as OCOL is faced with important decisions when it comes to funds allocations, an audit of this activity is recommended.
12. Human Resources Management 2 1 2 2 1 2
1.67   Low  
An internal Audit of Human Resources Management Practices was completed in June 2009. The Public Service Commission also regularly audits OCOL's HR practices. Audit Requirement Rating: Low None identified
Considering the low audit priority rating, the fact that an audit of HR practices was recently completed and that no other significant HR related issues were brought up by management, an audit is not required at this time.
13. Finance 1 1 2 2 1 2
1.50   Low  
OAG's annual financial audits. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
14. Information Technologies 3 3 3 3 1 2
2.50   High  
An internal Audit of Information Management and Information Technology Governance was completed in January 2010. Audit Requirement Rating: Moderate 2012-13 Audit Projects
  • IM/IT Renewal Project Audit
As considerable amounts of resources are being allocated to the IM/IT Renewal Project, its success is critical to the organization. Large IM/IT projects are inherently risky as they introduce numerous organizational changes.  The timing of the audit is intended to align with the mid-point of the project lifecycle.
15. Information Management 3 3 3 2 1 2
2.33   High  
An internal Audit of Information Management and Information Technology Governance was completed in January 2010. Audit Requirement Rating: Moderate 2012-13 Audit Projects
  • IM/IT Renewal Project Audit
Considering the fact that an audit of IM/IT governance was completed recently and that no other significant IM related issues were brought up by management, an audit is not required at this time.
16. Commissioner's Office 1 1 1 2 2 2
1.50   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
17. Internal Audit and Evaluation 1 2 1 1 2 2
1.50   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were no significant issues identified with this activity.
18. Access to Information and Privacy 1 1 2 1 3 2
1.66   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were not significant issues identified with this activity.
19. Procurement, Acquisition Cards and Contracting 1 1 2 1 2 2
1.50   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were not significant issues identified with this activity.
20. OCOL Travel and Hospitality 1 1 1 2 2 2
1.50   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were not significant issues identified with this activity.
21. Values and Ethics 1 2 1 1 1 2
1.33   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were not significant issues identified with this activity.
22. Branch Management Support (CSB) 1 1 2 1 1 2
1.33   Low  
No recent audit coverage. Audit Requirement Rating: Low None identified
Considering the low audit priority rating and discussions with management, an audit is not required at this time as there were not significant issues identified with this activity.
23. Administrative Services 3 2 2 2 1 2
2.0 Moderate
No recent audit coverage. Audit Requirement Rating: Moderate 2012-13 Audit Projects
  • Workplace Health and Safety Audit
Workplace health and safety across the federal government is an important issue. OCOL recognized the importance of health and safety by recently creating a committee dedicated to this area. An audit of activities and practices pertaining to health and safety is recommended.