powerpoint timesaver better charts, tables, and diagrams for better

Presentation to FMI – Focus on Value

November 29, 2012

Presented by:

Nancy J. Rector, CA, CISA, CIA, CISSP, CIPP/C, CRMA

Partner, Enterprise Risk

Telephone: 613-751-5345

Email: [email protected]

Internal Audit’s Role in the

Implementation of the Deficit

Reduction Action Plan (DRAP)

©2012 Deloitte & Touche LLP

Agenda

Introduction, Roundtable and Background

Budget 2012 Themes and Discussion

1

2

3 Potential Internal Audit Activities

4 Questions

Internal Audit's Role in the Implementation of DRAP 1


Background

2 Internal Audit's Role in the Implementation of DRAP

• Budget 2012 and related DRAP initiatives have significant implications for the vast

majority of Federal Government Departments and Agencies (Departments)

• There is an expectation that CAEs will play a lead role in identifying and assessing the

risks faced by Departments with Budget 2012

• OCG expects CAEs to update their RBAPs in a timely manner for Budget 2012

Some Key Questions:

• How well do you know the DRAP initiatives within your Department and the impact of

Budget 2012?

• With Budget 2012, what do you believe are the highest risks facing your Department?

• How will your department mitigate those risks? Will Internal Audit be involved?

• What role should Internal Audit be playing?

• What role should the DAC be playing? How does Internal Audit proactively engage

the DAC?

©2012 Deloitte & Touche LLP ©2012 Deloitte & Touche LLP

Budget 2012

Highlights



What is the Focus of the 2012 Federal Budget?


Source: Economic Action Plan 2012 – The Budget in Brief


What is the impact of the 2012 Federal Budget on CAEs?


Major themes:

Achieving Efficiencies (Admin and Programs)

Impacting Activities Within Departments

Impacting Activities Across Departments

1

2

3

Increased use of Technology

4

Workforce Adjustments (WFA)

5


Budget 2012 Themes

Budget 2012 Theme #1:


Achieving Efficiencies (Admin and Programs)

• “The Government focused…on finding savings that would reflect the primary goal of

achieving efficiencies in operations and enhancing productivity…”

• The budget takes a broad approach to efficiencies, including opportunities for both:

‒ Program efficiencies – spending on programs will be reallocated or reduced, with some

programs being eliminated altogether and others being consolidated.

‒ Administrative efficiencies – many Departments will streamline back-office functions in order

to increase efficiency.

• Some Known Examples:

• Natural Resources Canada will streamline its review process for major economic projects.

• Finance Canada will reconfigure and modernize its internal services.

• Citizenship and Immigration will centralize part of its visa processing function.

Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets


Budget 2012 Themes



Workforce Adjustment

• “The planned reduction in departmental spending is expected to eliminate about

12,000 government positions over a three-year-period, with affected individuals

qualifying for collectively bargained workforce adjustment measures.”

• “The planned reduction in employment includes the elimination of about 600 executive

positions, or 7.4 per cent of the executive workforce, bringing the level of management

overhead more in line with private sector best practices.”

• The number of employees affected by the WFA process is far greater than the number

of employees who will ultimately lose their jobs.


• 1,026 positions eliminated at CBSA over the next three years

• Approximately 1,100 civilian positions to be eliminated at DND



Budget 2012 Themes



Impacting Activities Within Departments

• “The Government has identified opportunities to consolidate administrative

functions including HR and financial services, real property maintenance, IT,

communications and contracting within portfolios…”

• Consolidation may take the form of functional consolidation (e.g. consolidating

administrative functions) or geographic consolidation (e.g. closing regional offices)

within Departments.

• In addition to consolidation and streamlining, the budget also includes targeted

investments to increase government effectiveness and service to Canadians.


• Canada Revenue Agency will implement changes to the SR&ED tax credit program and the

international taxation system.

• Health Canada will enhance its regional presence in Northern Canada.

• AAFC will consolidate grants and contribution programs across the Department



Budget 2012 Themes



Impacting Activities Across Departments

• “The Government has identified opportunities to consolidate administrative

functions including HR and financial services, real property maintenance, IT,

communications and contracting…across similar organizations.”

• “[Shared Services Canada’s] mandate is to consolidate IT infrastructure, including

email, data centres and networks, across 43 departments and agencies.”

• The budget includes several measures in which Departments will come together to

consolidate functions or share resources.


• Establishing Shared Services Canada, which will consolidate many IT functions

• Health Canada and the Public Health Agency of Canada will adopt a shared services model and

merge back-office functions.

• Fisheries and Oceans will transfer the responsibility for managing and maintaining Arctic ports to

the Northwest Territories and Nunavut.



Budget 2012 Themes



Increased use of Technology

• The use of technology is a pervasive theme of the budget – investments in new

technological infrastructure, updating systems, and greater use of the internet to

gain efficiencies and ultimately reduce costs.

• “[The Government] has also identified ways to reduce travel expenses by using virtual

tools such as teleconferencing, videoconferencing and virtual presence.”


• Canadian Space Agency will receive funding to support the development of advanced robotics

and other space technologies.

• VIA Rail will implement electronic ticketing and invoicing systems.

• Canada Revenue Agency will enhance its online filing application and the My Business online

portal.



Achieving

Efficiencies

Activities

Within

Activities

Across Technology WFA

Do we understand the risks introduced in areas

impacted by the budget?

Will changes come at the expense of adequate

internal controls?

Will accountability be blurred with consolidation?

How do Departments retain sufficient oversight and

control over consolidated activities?

Will Management Control Frameworks (MCFs)

require substantial modification?

Are DRAP initiatives being planned and

implemented appropriately?

Will timely completion of IA engagements become

more difficult in areas with FTE reductions?

Will employee morale impact the quality of control

activities they perform?

Will new technologies allow for thorough audits?

Will there be sufficient audit trails?

Are services being reduced or productivity

increased so cuts are sustainable?

11

Some Risk and Control Considerations

Internal Audit's Role in the Implementation of DRAP


Achieving

Efficiencies

Activities

Within

Activities

Across Technology WFA

Will IA be asked to take on additional

responsibilities that may impact its independence?

How do we keep IA teams motivated and focused?

Is there a need to consider components of shared

services for IA?

Does IA need to consider additional measures that

help efficiency like data analytics?

Will new investments be adequately controlled?

What is the impact on regional operations?

12

Some Risk and Control Considerations



Discussion


Some Key Questions:

• How well do you know the DRAP initiatives within your Departments and the impact of

Budget 2012?

• With Budget 2012, what do you believe are the highest risks facing your Department?

• How will your Department mitigate those risks? Will Internal Audit be involved?

• What role should Internal Audit be playing?

• What role should the DAC be playing? How does Internal Audit proactively engage the

DAC?

©2012 Deloitte & Touche LLP ©2012 Deloitte & Touche LLP

Potential Internal Audit Activities


Responding to Budget 2012


Risk Assessment Workshops


• IA play can play a lead role in facilitating risk assessments in impacted areas

• Engages management in proactively identifying and managing risks

• Helps IA demonstrate value add

• Typical Risk Assessment Process

1. Understand scope of changes in impacted area

2. Identify risks introduced by those changes

(e.g. SOD, morale, WFA grievances, service quality,

compliance, loss of revenue, IT security)

3. Identify controls that may mitigate these risks

4. Assess residual risks

5. Provide recommendations for additional controls

• Use of voting technology should be considered


Broad Audit of DRAP


• Internal Audit may audit the DRAP implementation within the Department

• OAG will likely conduct audit activities related to the implementation of Budget

2012 measures, similar to Budget 2009/Economic Action Plan

• Some key questions to be answered by the audit:

• Are DRAP activities being planned and implemented appropriately?

• Is monitoring and oversight of the implementation adequate?

• Was the criteria for resource allocation decisions appropriate?

• What is the overall impact of DRAP changes on departmental governance,

risk management and internal controls?

• The audit could be conducted in multiple phases

1. Early Days: Audit the DRAP Governance, Planning, Project Management, and

Monitoring Processes. Identify high risk DRAP initiatives (consider analytics)

2. As DRAP Implementation carries on: Audit the implementation of the high risk DRAP

initiatives. Continuous Auditing techniques should be considered

3. Towards the end of the implementation: Conclude on the overall DRAP

implementation and assess readiness for a potential OAG audit


Efficiency Considerations in Audits


• Consider adding a line of inquiry around efficiencies

‒ Shows value add and strategic contribution to overall DRAP objectives

• If services are not being reduced or productivity increased, cuts may not be

sustainable

• Key risks relevant for this type of audit include:

1. Operational inefficiencies

2. Unclear “ownership” boundaries and roles and responsibilities

3. Non value added activities

4. “Status quo” culture (i.e. as opposed to a continuous improvement culture)

Potential Approach

1. Perform audit planning

2. Analyze current work processes and map potential new processes

3. Evaluate improvements and validate with key process owners

4. Quantify changes or link to performance metrics

5. Present results in report with management action plans

6. Evaluate results achievement through follow-up audits and report on progress


Segregation of Duties Analysis


• Reducing the number of people to manage business processes may expose

risks related to segregation of duties (SoD).

• IA can review business processes to provide guidance on how manual and

automated controls can reinforce SoD rules.

• Key questions to be addressed:

1. Are SoD rules considered in process changes?

2. Are approval steps in business processes assigned to appropriate authorities?

3. Do change management processes include checking for new SoD violations by

business authorities?

4. Are compensating controls in place where segregation can not be sustained (e.g.

where one person must manage conflicting steps in a process)?

5. How do automated systems support SoD rules?

Potential Approaches

1. Business process analysis to update control frameworks

2. Either point in time or continuous auditing approach

3. Use of automated tools to more efficiently analyze configured roles and user

assignments in ERP suites like SAP, Oracle and PeopleSoft.


Project Risk Assessments


• The budget lists targeted investments,

including construction projects, and

implementations of IT systems and

common platforms

• As with any large project which are

inherently risky, IA should consider

playing a role throughout the lifecycle of

the project.

Scope Considerations - Construction:

• Review of project risk management and

governance activities

• Review of overall and ongoing project

management activities including: o Reporting, Budgeting, Scheduling, Monitoring

and inspection, Change orders and Close out process

• Review of procurement/contract

payments processes

• Review of project quality assurance and

compliance with safety regulation

P R O D U C T L I F E - C Y C L E R I S K

PLANNING & INITIATION REQUIREMENTS

ANALYSIS

TESTING

DESIGN

IMPLEMENTATION

& ROLLOUT

POST

IMPLEMENTATION

DEVELOPMENT

COST

P R O J E C T M A N A G E M E N T R I S K

COMMUNICATION PROCUREMENT HR RISK

QUALITY TIME SCOPE

PROJECT INTEGRATION (PROJECT OFFICE)

P R O J E C T S U P P O R T R I S K

PROGRAM OFFICE INTEGRATION WITH COMMON

BUSINESS FUNCTIONS

P R O J E C T E N V I R O N M E N T R I S K

STAKEHOLDERS

PORTFOLIO MANAGEMENT

STRATEGIC ALIGNMENT CORPORATE CULTURE

BUSINESS ENVIRONMENT RISK PROCESS ALIGNMENT

Scope Considerations – IT Systems

©2012 Deloitte & Touche LLP 20

Increased use of Analytics

• The current environment requires IA to be more efficient – an increased use

of analytics should be considered in that context

‒ Identifying areas to audit in RBAP

‒ Identifying risks at audit planning stage

‒ Selecting samples during audit execution

‒ For continuous auditing



Questions


powerpoint timesaver better charts, tables, and diagrams for better

Documents