management action plan (map) status update report (july 2010) · management action plan status...
TRANSCRIPT
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
1
Management Action Plan (MAP) Status Update Report
Office of Audit and Ethics July 6, 2010
E-DOCS-#3555403v1-Report MAP Status Update July, 2010-.DOC
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
1. EXECUTIVE SUMMARY
Update as at June 1, 2010
This report provides an update on the implementation of the management action plans that remained OPEN at the conclusion of the April status update for the audits of Sealed Source Controls, Corporate Security Program and Uranium Mills and Mines Division (UMMD). In addition, we present a status update for two new audits that were previously tabled and accepted at the April audit committee meeting, namely, the Follow-up Audit of Special Equipment and the Audit of Staffing.
Section 2 of this report also includes the status of the Audit of Contracting and Procurement (4), although we did not request an update at this time since the four outstanding management actions are due after July 2010.
The chart below illustrates CNSC’s overall progress in implementing all of the ongoing Management Action Plans (MAPs) listed in this report.
Changes of all ongoing MAPs
Status Carry over from March
31/10
Change since
March 31
Revised Total As at June
1st/10
New MAPs
Total As at June
1st/10 Complete 221 +1 23 5 28 In progress:
On track 8 -1 7 2 9 Delayed 4 - 4 2 6
Not addressed - - - - -Obsolete 5 - 5 - 5 Total 39 - 39 9 48
1 Complete – excludes 2 MAPs from the Hospitality Expense Audit and 6 MAPs from the OAG Management Letter which are now CLOSED
2
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
The following chart presents the overall status of audits and percentage of completion.
Audit
Status as at June 1, 2010
Current status Complete
In progress Not addressed/ Obsolete
Total Rec's
Percent of Rec’s
Implemented On Track Delayed
Audit of Corporate
security Program 15 4 0 5 24 63% Ongoing
Audit of Contracting and
Procurement 1 1 3 0 5 20% Ongoing
Audit of Sealed Sources
0 1 1 0 2 0 Ongoing
Audit of UMMD 7 1 0 0 8 88% Ongoing
Audit of Staffing 3 1 1 0 5 60% Ongoing
Audit of Special Equipment
2 1 1 0 4 50% Ongoing
Sub-Total (Ongoing MAPs)
28 9 6 5 48 58% Ongoing
Audit of Hospitality
2 0 0 0 2 100% Closed
OAG Management
Letter 6 0 0 0 6 100% Closed
Total 36 9 6 5 56 64%
Note: New Audits
Closed Audit - no further action
3
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
2. STATUS OF MANAGEMENT ACTION PLANS
2.1 Audit of Staffing
Scale Status Total # of Recs
1 Complete 3 2 In progress:
On track 1 Delayed 1
3 Not addresses 0 4 Obsolete 0
Total 5
CLOSED 3
OPEN 2
This is our first follow up on the Audit of Staffing which was conducted in 2009 and was tabled and approved in April 2010. This audit resulted in 5 audit recommendations and management action plans. As at June 1, 2010, Human Resources Directorate (HRD) completed three of the MAPs while one is on track and another one is delayed.
Since the audit, the Staffing Policy and framework were finalized. Guidelines and various tools, templates were also made available on BORIS. The HR modules of Management Fundamentals training sessions were delivered and a fall session will be offered to delegated managers. To improve the HR quality assurance process, internal HR procedures and checklists have been developed; realignment of resources for quality assurance is done.
The 2010-2013 Strategic HR Plan is being finalized and the target date for completion is delayed to June 30, 2010. Succession planning is under review and on target for completion November 30, 2010. A staffing database has been developed to track staffing activities and timelines; the remainder of the MAPs are on track.
Please refer to Exhibit A for detailed status update.
2.2 Follow-up Audit of Special Equipment
Scale Status Total # of
Recs 1 Complete 2 2 In progress:
On track 1 Delayed 1
3 Not addresses 0 4 Obsolete 0
Total 4
CLOSED 2
OPEN 2
4
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
The Audit of Special Equipment was conducted in 2005 and reviewed by the Audit Committee in 2007. The previous follow up was conducted in 2009 and resulted in an additional four recommendations and MAPs which were tabled and approved in April 2010. This follow up is focused on these four recommendations and MAPs. Since that time, two of the detailed actions have been completed while one is on track and another one is delayed.
Actions taken include the clarification of procedures. A clear delineation of responsibilities has been defined and communicated to the relevant staff. The classification of information for special equipment has been reviewed and communication protocols have been established.
One MAP is comprised of two actions and implementation dates: the Nuclear Security Division (NSD) has formally documented the life cycle of special equipment and is currently documenting the acquisition, tracking and disposal processes. The target date for this document has been delayed to July 31, 2010 as NSD requires more time to draft the additional processes and have them approved. The Information Management and Technology Directorate (IMTD) has initiated discussions with NSD to review the special equipment database and will be making recommendations following the review by June 30. Any further actions will depend on the results of their review.
Please refer to Exhibit B for detailed status update.
2.3 Audit of Sealed Source Controls
Scale Status Number of
Recs 1 Complete 0 2 In progress:
On track 2 Delayed 0
3 Not addressed 4 Obsolete 0
Total 2
CLOSED 0
OPEN 2
For this follow up period, management reported that all actions are in-progress and on track. Discussions are still ongoing within IT regarding the prioritization and approval of the plan for the integration of the two licensing administration database systems- LISE and LOUIS for FY 10/11.
Please refer to Exhibit C for detailed status update.
5
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
2.4 Audit of Corporate Security Program
Scale Status Number of Recs
1 Complete 15 2 In progress:
On track 4 Delayed
3 Not addressed 0 4 Obsolete/non-significant 5
Total 24
CLOSED 20
OPEN 4
The Corporate Security Division reported the completion of one of the five items that were previously in progress. The ground floor access control is now completed and operating. The Corporate Security Division continues to work on the implementation of the outstanding MAPs and the overall progress is reported as being on track. For the recommendation (#16) of enhancing access control system, OAE will recommend to the Audit Committee that this MAP be closed as it is an ongoing project until 2012.
Please refer to Exhibit D for detailed status update.
2.5 Audit of Uranium Mines and Mills Division (UMMD)
Scale Status Total # of Recs
1 Complete 7 2 In progress:
On track 1 Delayed
3 Not addresses 0 4 Obsolete 0
Total 8
CLOSED 7
OPEN 1
The only outstanding item for this audit is the development of Part II of the Action Tracking Tool. Completion of the MAP is still on track for July 2010.
Please refer to Exhibit E for detailed status update.
6
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
2.6 Contracting and Procurement
Scale Status Number of Recs
1 Complete 1 2 In progress:
On track 1 Delayed 3
3 Not addressed 4 Obsolete 0
Total 5
CLOSED 1
OPEN 4
No follow up conducted at this time as the implementation dates for the four outstanding items are due after July 2010.
Detailed Status Update
Complete details of the progress made in implementing specific MAPs are provided in the following exhibits: Exhibit A – Audit of Staffing Exhibit B – Audit of Special Equipment Exhibit C – Audit of Sealed Sources Exhibit D – Audit of Corporate Security Program Exhibit E – Audit of Uranium Mines and Mills Division (UMMD)
It should be noted that the information contained in this update was provided by the officials responsible for implementation of the management action plans and only the completed MAPs have been verified or confirmed by OAE. Based on the significance of the reported observations or recommendations, OAE will determine whether a comprehensive Follow-Up Audit, over and above OAE’s status update, is warranted and should be included in the annual Risk-Based Audit Plan.
7
-
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit A- Audit of Staffing Implementation Status Update – As at June 1, 2010
OVERVIEW Recommendations Person (s) Accountable
Status
1. HRD should continue to improve the integration of HR planning into corporate business planning and document HR priorities including succession planning in the strategic HR plan.
DG,HRD Director RHRHPD
Linkages between HRD and corporate planning are closely aligned. Employment Equity plan has been approved and is available on BORIS EE page. HR plan is being finalized and is pending for approval. HRD is involved in business planning as a strategic partner. Succession planning was discussed on April 22, 2010. Validation of data and identification of critical positions below MGT level is on target for completion by Nov 2010.
Open
2. The CNSC should have an approved staffing policy and framework. The HRD should implement the approved staffing policy and framework to clarify roles and responsibilities and outline expectations on staffing.
DG,HRD Director RHRHPD
The Staffing Policy and framework were launched on March 31, 2010. Guidelines and various tools, including process maps and templates are available on BORIS Staffing page.
Closed
3. HRD should ensure that managers with delegated human resources authorities understand their responsibilities and accountability for staffing and have sufficient support and tools at their disposal.
DG,HRD Director RHRHPD
The HR modules of Management Fundamentals training sessions were delivered and a Fall session or online test is also available for the delegated managers who have not taken the training.
Closed
4. HRD should implement mechanisms to measure, monitor and report on performance for staffing activities and produce an annual staffing activity report for senior management.
DG,HRD Director RHRHPD
Training for staffing advisors is done. HR Advisors have been assigned from operational staffing to corporate staffing. A staffing database has been developed and is on the target for testing on October 31, 2010. Staffing activity report will be reported to senior management in April, 2011.
Open
5. HRD should improve its quality assurance process and the documentation of the staffing files.
DG,HRD Director RHRHPD
Internal HR procedures and checklists have been developed. The “Staffing Options at a Glace” tool is available on the BORIS staffing page. Realignment of resources for QA is done through assigning HR advisors from operational staffing to corporate staffing.
Closed
8
-
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit B - Audit of Special Equipment Implementation Status Update – As at June 1, 2010
OVERVIEW Recommendations Person (s) Accountable
Status
1. SCPD, ASCD and NSD need to clarify existing procedures so that all persons involved in the procurement of special equipment know who is responsible to retain what information and where the records should be held.
Directors of SCPD, NSD, ASCD
Procedures have been clarified and there is now a clear delineation of responsibilities. The owners responsible for specific document retention and where the documents should be kept have been identified and communicated to the relevant staff.
Closed
2. NSD should formally document the life-cycle management and process for the procurement, control and eventual disposal of special equipment.
Director, NSD NSD has formally documented the life cycle of special equipment and is currently documenting the acquisition, tracking and disposal of special equipment. The target date for this document will be delayed to July 31, 2010.
Open
3. The various information related to special equipment should be reviewed for classification and a communication protocol established based on the classification
Directors of SCPD, NSD, ASCD
The classification for special equipment has been reviewed and required protocols have been established. Staffs involved with special equipment have been trained.
Closed
4. The database to track the special equipment should be reviewed by IMTD to ensure it complies with IM/IT standards.
Directors of IMTD,NSD
IMTD has initiated discussions with NSD to review the database and will be making recommendations following the review by June 30, 2010. Please note that any further actions will depend on findings of their review.
Open
Acronyms:
SCPD - Security, Contracting and Procurement Division NSD - the Nuclear Security Division ASCD - Accounting, Systems and Controls Division IMTD - Information Management and Technology Directorate
9
-
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit C - Audit of Audit of Sealed Sources Implementation Status Update – As at June 1, 2010
OVERVIEW Recommendations Person (s) Accountable
Status
1 CNSC should consider changes to the content of the annual NSSR/SSTS report to provide internal and external stakeholders a more complete and accessible account of CNSC activities related to sealed sources.
DG, DNSR A report on lost and stolen radioactive material is available on the CNSC external website. Data on activities will be included in the DNSR industry report.
Open
2 Information in the LOUIS and LISE databases should be electronically integrated to address control weakness.
Interim, manual reconciliation procedures should be established until an electronic link is established.
DG, DNSR The integration plan for Louis and Lise has been developed and is now awaiting approval. Next status update from IMTD will be July 1, 2010.
Adoption of COGNOS 8 for reporting purposes is still on track.
New verification process for export licenses issued by Non-proliferation and Export Control Division (NECD) is in place.
Automatic notification system requesting confirmation of export of sources is now in place.
Open
Acronyms:
NSSR - National Sealed Source Registry SSTS - Sealed Source Tracking System DNSR - Directorate of Nuclear Substance Regulations (DNSR) NECD - Non-proliferation and Export Control Division
10
-
The security information contained on the Employee Orientation Intranet site should be enhanced to more adequately explain the role of the DSO and the corporate security program.
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit D - Audit of the Corporate Security Program Implementation Status Update – As at June 1 2010
OVERVIEW Recommendations Person (s) Accountable
Status
1. The Departmental Security Officer (DSO) should update the CNSC Security Manual to clarify the roles and responsibilities of the DSO and the purpose of the corporate security program.
Director, SCPD and DSO
CNSC Security Policies will continue to be updated as they are published by TBS.
Closed
2. Work descriptions of the DSO and his team should be updated.
Director, SCPD and DSO
Updated July 2009 Closed
3. The DSO should be provided with appropriate resources.
DG, FAD Received funding for 4 FTEs & $131K O&M
Closed
4. The reporting relationship of the DSO should be realigned.
DG, FAD DSO reports to DG, FAD & Pres for urgent matters; approved by MC
Closed
5. Establish a network of Regional Security Coordinators.
Director, SCPD and DSO
Regional managers responsible for security
Closed
6. The DSO or a member of the Corporate Security Team should visit each regional or site offices once a year to assess the state of both the CNSC’s and licensee’s corporate security programs in relation to the GSP.
Director, SCPD and DSO
Regional and site visits have been started with only two sites remaining. The remaining two sites will be done in the first quarter of 2010/2011
Open
7. 8.
Develop a security-reporting format for regular presentation to the CNSC’s Executive Committee.
Director, SCPD and DSO
1st report tabled with MC on Feb 2009; process will be continued
Closed
9. Develop a comprehensive action plan for renewal of the CNSC’s corporate security program and present it to the Executive Committee.
Director, SCPD and DSO
The plan was presented and accepted at MC on April 6, 2010.
Closed
10 Further promote awareness of security issues, policies, and procedures through an intranet website.
Director, SCPD and DSO
The development of the intranet content is on-going and forms part of the Communications BORIS redesign effort.
Open
11 Director, SCPD and DSO
Role of the DSO is part of Security Policy which is to be posted on BORIS. (Policy was posted Sept/09).
Closed
11
-
Conduct a full departmental Threat & Risk Assessment.
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit D - Audit of the Corporate Security Program Implementation Status Update – As at June 1 2010
OVERVIEW Recommendations Person (s) Accountable
Status
12 Ensure security training for those regional/site staff assigned GSP responsibilities.
Director, SCPD and DSO
Security awareness training has been given to staff with GSP responsibilities during the planed site and regional office. This will become an ongoing project.
Closed
13 Develop a briefing package/presentation to be given either to staff members travelling internationally or into potentially hazardous areas.
Director, SCPD and DSO
Guidance published in the Travel Safe Booklet
Closed
14 Implement the recommendations of previous Threat & Risk Assessments.
Director, SCPD and DSO
Has been completed- April 30, 2010.
Closed
15 Director, SCPD and DSO
Completed August 2006 Closed
16 Explore ways and means of enhancing access control measures currently in place.
Director, SCPD and DSO
Calgary and Saskatoon have been completed. Ongoing work to be done: Pt-Lepreau (Summer/Fall
2010) Lab at limebank (Sept/Oct
2010) Mississauga (Dec 2010) Gentilly (Feb 2011) Bruce (March 2011) Darlington (March 2011) Pickering ( January 2012)
Open
17 Develop a full Business Continuity Plan (BCP).
Director, SCPD and DSO
Ongoing and on track for completion by November 2010.
Open
18 Develop a security incident reporting system for regional/site staff.
Director, SCPD and DSO
Done. Info on BORIS Closed
19 Develop a reporting framework for staff to report security related incidents when they are away from the office on Commission duties.
Director, SCPD and DSO
Done. Guidance provided in Travel Safe Booklet
Closed
12
Office of Audit and Ethics Management Action Plan Status Update Report
July 2010
Exhibit E - Audit of Uranium Mines and Mills Implementation Status Update – As at June 1, 2010
Recommendations (Abbreviated version) Person(s) Accountable
Status
1 The UMMD should establish a performance measurement system that includes an expanded set of measurable performance targets and indicators to gauge the achievement of UMMD’s mandate.
B. Howden (DG, DRIMPM)
Formalization/documentation of CNSC Management System managed under the Harmonized Plan
Closed
2 UMMD, DNCFR, Operations Branch and Corporate Services Branch should work together to develop strategies to attract and retain needed qualified staff.
P. Elder (DG, DNCFR)
- DNCFR nearly fully staffed with 2 vacancies out of 55 FTEs; new HR strategies in place
Closed
3 UMMD, DNCFR and Operations Branch should work together to ensure that the DNCFR Licensing Process is up-to-date and accurately reflects the environment and related processes.
G. Rzentkowski (DG, DPRR)
Formalization/documentation of CNSC licensing process managed under the Harmonized Plan
Closed
4 In conjunction with its ongoing quality initiatives, UMMD, DNCFR and Operations Branch should establish a framework for its verification activities that includes a policy, procedures, guidance and tools. Operations Branch should establish guidance or procedures for each type of review and inspection and establish minimum documentation and reporting standards for each.
A. Régimbald (DG, DNSR)
Formalization/documentation of CNSC compliance process managed under the Harmonized Plan
Closed
5 UMMD or DNCFR should develop enhanced guidance and tools for Project Officers for managing Regulatory Activity Plans (RAPs).
P. Elder (DG, DNCFR)
RAPs management done by FACTeams but now supported by directorate planners
Closed
6 Until such time as more detailed guidance on report writing is available from Operations Branch, UMMD should communicate minimum standards and expectations to the UMMD inspectors who complete Final Type II Inspection reports.
P. Elder (DG, DNCFR)
- UMMD procedures developed and issued for implementation in Nov 2006
Closed
7 UMMD and DNCFR should develop a process and mechanism to centrally track enforcement actions and recommendations including those of the Provincial Inspectors.
G. Rzentkowski (DG Champion)
- HP Action Tracking Tool is on track - scheduled for completion July 2010
Open
8 DNCFR, in conjunction with the Corporate Security Section, should document and update processes and record keeping requirements for issuing and managing Inspector Certificates.
B. Howden (DG, DRIMPM) Process Completed Closed
13