management action plan (map) status update report (july 2010) · management action plan status...

Office of Audit and Ethics Management Action Plan Status Update Report

July 2010

1

Management Action Plan (MAP) Status Update Report

Office of Audit and Ethics July 6, 2010

E-DOCS-#3555403v1-Report MAP Status Update July, 2010-.DOC


July 2010

1. EXECUTIVE SUMMARY

Update as at June 1, 2010

This report provides an update on the implementation of the management action plans that remained OPEN at the conclusion of the April status update for the audits of Sealed Source Controls, Corporate Security Program and Uranium Mills and Mines Division (UMMD). In addition, we present a status update for two new audits that were previously tabled and accepted at the April audit committee meeting, namely, the Follow-up Audit of Special Equipment and the Audit of Staffing.

Section 2 of this report also includes the status of the Audit of Contracting and Procurement (4), although we did not request an update at this time since the four outstanding management actions are due after July 2010.

The chart below illustrates CNSC’s overall progress in implementing all of the ongoing Management Action Plans (MAPs) listed in this report.

Changes of all ongoing MAPs

Status Carry over from March

31/10

Change since

March 31

Revised Total As at June

1st/10

New MAPs

Total As at June

1st/10 Complete 221 +1 23 5 28 In progress:

On track 8 -1 7 2 9 Delayed 4 - 4 2 6

Not addressed - - - - -Obsolete 5 - 5 - 5 Total 39 - 39 9 48

1 Complete – excludes 2 MAPs from the Hospitality Expense Audit and 6 MAPs from the OAG Management Letter which are now CLOSED

2


July 2010

The following chart presents the overall status of audits and percentage of completion.

Audit

Status as at June 1, 2010

Current status Complete

In progress Not addressed/ Obsolete

Total Rec's

Percent of Rec’s

Implemented On Track Delayed

Audit of Corporate

security Program 15 4 0 5 24 63% Ongoing

Audit of Contracting and

Procurement 1 1 3 0 5 20% Ongoing

Audit of Sealed Sources

0 1 1 0 2 0 Ongoing

Audit of UMMD 7 1 0 0 8 88% Ongoing

Audit of Staffing 3 1 1 0 5 60% Ongoing

Audit of Special Equipment

2 1 1 0 4 50% Ongoing

Sub-Total (Ongoing MAPs)

28 9 6 5 48 58% Ongoing

Audit of Hospitality

2 0 0 0 2 100% Closed

OAG Management

Letter 6 0 0 0 6 100% Closed

Total 36 9 6 5 56 64%

Note: New Audits

Closed Audit - no further action

3


July 2010

2. STATUS OF MANAGEMENT ACTION PLANS

2.1 Audit of Staffing

Scale Status Total # of Recs

1 Complete 3 2 In progress:

On track 1 Delayed 1

3 Not addresses 0 4 Obsolete 0

Total 5

CLOSED 3

OPEN 2

This is our first follow up on the Audit of Staffing which was conducted in 2009 and was tabled and approved in April 2010. This audit resulted in 5 audit recommendations and management action plans. As at June 1, 2010, Human Resources Directorate (HRD) completed three of the MAPs while one is on track and another one is delayed.

Since the audit, the Staffing Policy and framework were finalized. Guidelines and various tools, templates were also made available on BORIS. The HR modules of Management Fundamentals training sessions were delivered and a fall session will be offered to delegated managers. To improve the HR quality assurance process, internal HR procedures and checklists have been developed; realignment of resources for quality assurance is done.

The 2010-2013 Strategic HR Plan is being finalized and the target date for completion is delayed to June 30, 2010. Succession planning is under review and on target for completion November 30, 2010. A staffing database has been developed to track staffing activities and timelines; the remainder of the MAPs are on track.

Please refer to Exhibit A for detailed status update.

2.2 Follow-up Audit of Special Equipment

Scale Status Total # of

Recs 1 Complete 2 2 In progress:



Total 4

CLOSED 2

OPEN 2

4


July 2010

The Audit of Special Equipment was conducted in 2005 and reviewed by the Audit Committee in 2007. The previous follow up was conducted in 2009 and resulted in an additional four recommendations and MAPs which were tabled and approved in April 2010. This follow up is focused on these four recommendations and MAPs. Since that time, two of the detailed actions have been completed while one is on track and another one is delayed.

Actions taken include the clarification of procedures. A clear delineation of responsibilities has been defined and communicated to the relevant staff. The classification of information for special equipment has been reviewed and communication protocols have been established.

One MAP is comprised of two actions and implementation dates: the Nuclear Security Division (NSD) has formally documented the life cycle of special equipment and is currently documenting the acquisition, tracking and disposal processes. The target date for this document has been delayed to July 31, 2010 as NSD requires more time to draft the additional processes and have them approved. The Information Management and Technology Directorate (IMTD) has initiated discussions with NSD to review the special equipment database and will be making recommendations following the review by June 30. Any further actions will depend on the results of their review.

Please refer to Exhibit B for detailed status update.

2.3 Audit of Sealed Source Controls

Scale Status Number of

Recs 1 Complete 0 2 In progress:


3 Not addressed 4 Obsolete 0

Total 2

CLOSED 0

OPEN 2

For this follow up period, management reported that all actions are in-progress and on track. Discussions are still ongoing within IT regarding the prioritization and approval of the plan for the integration of the two licensing administration database systems- LISE and LOUIS for FY 10/11.

Please refer to Exhibit C for detailed status update.

5


July 2010

2.4 Audit of Corporate Security Program

Scale Status Number of Recs


On track 4 Delayed

3 Not addressed 0 4 Obsolete/non-significant 5

Total 24

CLOSED 20

OPEN 4

The Corporate Security Division reported the completion of one of the five items that were previously in progress. The ground floor access control is now completed and operating. The Corporate Security Division continues to work on the implementation of the outstanding MAPs and the overall progress is reported as being on track. For the recommendation (#16) of enhancing access control system, OAE will recommend to the Audit Committee that this MAP be closed as it is an ongoing project until 2012.

Please refer to Exhibit D for detailed status update.

2.5 Audit of Uranium Mines and Mills Division (UMMD)

Scale Status Total # of Recs


On track 1 Delayed


Total 8

CLOSED 7

OPEN 1

The only outstanding item for this audit is the development of Part II of the Action Tracking Tool. Completion of the MAP is still on track for July 2010.

Please refer to Exhibit E for detailed status update.

6


July 2010

2.6 Contracting and Procurement

Scale Status Number of Recs



3 Not addressed 4 Obsolete 0

Total 5

CLOSED 1

OPEN 4

No follow up conducted at this time as the implementation dates for the four outstanding items are due after July 2010.

Detailed Status Update

Complete details of the progress made in implementing specific MAPs are provided in the following exhibits: Exhibit A – Audit of Staffing Exhibit B – Audit of Special Equipment Exhibit C – Audit of Sealed Sources Exhibit D – Audit of Corporate Security Program Exhibit E – Audit of Uranium Mines and Mills Division (UMMD)

It should be noted that the information contained in this update was provided by the officials responsible for implementation of the management action plans and only the completed MAPs have been verified or confirmed by OAE. Based on the significance of the reported observations or recommendations, OAE will determine whether a comprehensive Follow-Up Audit, over and above OAE’s status update, is warranted and should be included in the annual Risk-Based Audit Plan.

7

-


July 2010

Exhibit A- Audit of Staffing Implementation Status Update – As at June 1, 2010

OVERVIEW Recommendations Person (s) Accountable

Status

1. HRD should continue to improve the integration of HR planning into corporate business planning and document HR priorities including succession planning in the strategic HR plan.

DG,HRD Director RHRHPD

Linkages between HRD and corporate planning are closely aligned. Employment Equity plan has been approved and is available on BORIS EE page. HR plan is being finalized and is pending for approval. HRD is involved in business planning as a strategic partner. Succession planning was discussed on April 22, 2010. Validation of data and identification of critical positions below MGT level is on target for completion by Nov 2010.

Open

2. The CNSC should have an approved staffing policy and framework. The HRD should implement the approved staffing policy and framework to clarify roles and responsibilities and outline expectations on staffing.


The Staffing Policy and framework were launched on March 31, 2010. Guidelines and various tools, including process maps and templates are available on BORIS Staffing page.

Closed

3. HRD should ensure that managers with delegated human resources authorities understand their responsibilities and accountability for staffing and have sufficient support and tools at their disposal.


The HR modules of Management Fundamentals training sessions were delivered and a Fall session or online test is also available for the delegated managers who have not taken the training.

Closed

4. HRD should implement mechanisms to measure, monitor and report on performance for staffing activities and produce an annual staffing activity report for senior management.


Training for staffing advisors is done. HR Advisors have been assigned from operational staffing to corporate staffing. A staffing database has been developed and is on the target for testing on October 31, 2010. Staffing activity report will be reported to senior management in April, 2011.

Open

5. HRD should improve its quality assurance process and the documentation of the staffing files.


Internal HR procedures and checklists have been developed. The “Staffing Options at a Glace” tool is available on the BORIS staffing page. Realignment of resources for QA is done through assigning HR advisors from operational staffing to corporate staffing.

Closed

8

-


July 2010

Exhibit B - Audit of Special Equipment Implementation Status Update – As at June 1, 2010


Status

1. SCPD, ASCD and NSD need to clarify existing procedures so that all persons involved in the procurement of special equipment know who is responsible to retain what information and where the records should be held.

Directors of SCPD, NSD, ASCD

Procedures have been clarified and there is now a clear delineation of responsibilities. The owners responsible for specific document retention and where the documents should be kept have been identified and communicated to the relevant staff.

Closed

2. NSD should formally document the life-cycle management and process for the procurement, control and eventual disposal of special equipment.

Director, NSD NSD has formally documented the life cycle of special equipment and is currently documenting the acquisition, tracking and disposal of special equipment. The target date for this document will be delayed to July 31, 2010.

Open

3. The various information related to special equipment should be reviewed for classification and a communication protocol established based on the classification

Directors of SCPD, NSD, ASCD

The classification for special equipment has been reviewed and required protocols have been established. Staffs involved with special equipment have been trained.

Closed

4. The database to track the special equipment should be reviewed by IMTD to ensure it complies with IM/IT standards.

Directors of IMTD,NSD

IMTD has initiated discussions with NSD to review the database and will be making recommendations following the review by June 30, 2010. Please note that any further actions will depend on findings of their review.

Open

Acronyms:

SCPD - Security, Contracting and Procurement Division NSD - the Nuclear Security Division ASCD - Accounting, Systems and Controls Division IMTD - Information Management and Technology Directorate

9

-


July 2010

Exhibit C - Audit of Audit of Sealed Sources Implementation Status Update – As at June 1, 2010


Status

1 CNSC should consider changes to the content of the annual NSSR/SSTS report to provide internal and external stakeholders a more complete and accessible account of CNSC activities related to sealed sources.

DG, DNSR A report on lost and stolen radioactive material is available on the CNSC external website. Data on activities will be included in the DNSR industry report.

Open

2 Information in the LOUIS and LISE databases should be electronically integrated to address control weakness.

Interim, manual reconciliation procedures should be established until an electronic link is established.

DG, DNSR The integration plan for Louis and Lise has been developed and is now awaiting approval. Next status update from IMTD will be July 1, 2010.

Adoption of COGNOS 8 for reporting purposes is still on track.

New verification process for export licenses issued by Non-proliferation and Export Control Division (NECD) is in place.

Automatic notification system requesting confirmation of export of sources is now in place.

Open

Acronyms:

NSSR - National Sealed Source Registry SSTS - Sealed Source Tracking System DNSR - Directorate of Nuclear Substance Regulations (DNSR) NECD - Non-proliferation and Export Control Division

10

-

The security information contained on the Employee Orientation Intranet site should be enhanced to more adequately explain the role of the DSO and the corporate security program.


July 2010

Exhibit D - Audit of the Corporate Security Program Implementation Status Update – As at June 1 2010


Status

1. The Departmental Security Officer (DSO) should update the CNSC Security Manual to clarify the roles and responsibilities of the DSO and the purpose of the corporate security program.

Director, SCPD and DSO

CNSC Security Policies will continue to be updated as they are published by TBS.

Closed

2. Work descriptions of the DSO and his team should be updated.


Updated July 2009 Closed

3. The DSO should be provided with appropriate resources.

DG, FAD Received funding for 4 FTEs & $131K O&M

Closed

4. The reporting relationship of the DSO should be realigned.

DG, FAD DSO reports to DG, FAD & Pres for urgent matters; approved by MC

Closed

5. Establish a network of Regional Security Coordinators.


Regional managers responsible for security

Closed

6. The DSO or a member of the Corporate Security Team should visit each regional or site offices once a year to assess the state of both the CNSC’s and licensee’s corporate security programs in relation to the GSP.


Regional and site visits have been started with only two sites remaining. The remaining two sites will be done in the first quarter of 2010/2011

Open

7. 8.

Develop a security-reporting format for regular presentation to the CNSC’s Executive Committee.


1st report tabled with MC on Feb 2009; process will be continued

Closed

9. Develop a comprehensive action plan for renewal of the CNSC’s corporate security program and present it to the Executive Committee.


The plan was presented and accepted at MC on April 6, 2010.

Closed

10 Further promote awareness of security issues, policies, and procedures through an intranet website.


The development of the intranet content is on-going and forms part of the Communications BORIS redesign effort.

Open

11 Director, SCPD and DSO

Role of the DSO is part of Security Policy which is to be posted on BORIS. (Policy was posted Sept/09).

Closed

11

-

Conduct a full departmental Threat & Risk Assessment.


July 2010

Exhibit D - Audit of the Corporate Security Program Implementation Status Update – As at June 1 2010


Status

12 Ensure security training for those regional/site staff assigned GSP responsibilities.


Security awareness training has been given to staff with GSP responsibilities during the planed site and regional office. This will become an ongoing project.

Closed

13 Develop a briefing package/presentation to be given either to staff members travelling internationally or into potentially hazardous areas.


Guidance published in the Travel Safe Booklet

Closed

14 Implement the recommendations of previous Threat & Risk Assessments.


Has been completed- April 30, 2010.

Closed

15 Director, SCPD and DSO

Completed August 2006 Closed

16 Explore ways and means of enhancing access control measures currently in place.


Calgary and Saskatoon have been completed. Ongoing work to be done: Pt-Lepreau (Summer/Fall

2010) Lab at limebank (Sept/Oct

2010) Mississauga (Dec 2010) Gentilly (Feb 2011) Bruce (March 2011) Darlington (March 2011) Pickering ( January 2012)

Open

17 Develop a full Business Continuity Plan (BCP).


Ongoing and on track for completion by November 2010.

Open

18 Develop a security incident reporting system for regional/site staff.


Done. Info on BORIS Closed

19 Develop a reporting framework for staff to report security related incidents when they are away from the office on Commission duties.


Done. Guidance provided in Travel Safe Booklet

Closed

12


July 2010

Exhibit E - Audit of Uranium Mines and Mills Implementation Status Update – As at June 1, 2010

Recommendations (Abbreviated version) Person(s) Accountable

Status

1 The UMMD should establish a performance measurement system that includes an expanded set of measurable performance targets and indicators to gauge the achievement of UMMD’s mandate.

B. Howden (DG, DRIMPM)

Formalization/documentation of CNSC Management System managed under the Harmonized Plan

Closed

2 UMMD, DNCFR, Operations Branch and Corporate Services Branch should work together to develop strategies to attract and retain needed qualified staff.

P. Elder (DG, DNCFR)

- DNCFR nearly fully staffed with 2 vacancies out of 55 FTEs; new HR strategies in place

Closed

3 UMMD, DNCFR and Operations Branch should work together to ensure that the DNCFR Licensing Process is up-to-date and accurately reflects the environment and related processes.

G. Rzentkowski (DG, DPRR)

Formalization/documentation of CNSC licensing process managed under the Harmonized Plan

Closed

4 In conjunction with its ongoing quality initiatives, UMMD, DNCFR and Operations Branch should establish a framework for its verification activities that includes a policy, procedures, guidance and tools. Operations Branch should establish guidance or procedures for each type of review and inspection and establish minimum documentation and reporting standards for each.

A. Régimbald (DG, DNSR)

Formalization/documentation of CNSC compliance process managed under the Harmonized Plan

Closed

5 UMMD or DNCFR should develop enhanced guidance and tools for Project Officers for managing Regulatory Activity Plans (RAPs).


RAPs management done by FACTeams but now supported by directorate planners

Closed

6 Until such time as more detailed guidance on report writing is available from Operations Branch, UMMD should communicate minimum standards and expectations to the UMMD inspectors who complete Final Type II Inspection reports.


- UMMD procedures developed and issued for implementation in Nov 2006

Closed

7 UMMD and DNCFR should develop a process and mechanism to centrally track enforcement actions and recommendations including those of the Provincial Inspectors.

G. Rzentkowski (DG Champion)

- HP Action Tracking Tool is on track - scheduled for completion July 2010

Open

8 DNCFR, in conjunction with the Corporate Security Section, should document and update processes and record keeping requirements for issuing and managing Inspector Certificates.

B. Howden (DG, DRIMPM) Process Completed Closed

13

management action plan (map) status update report (july 2010) · management action plan status...

Documents