ARCHIVED - 2011-12 to 2013-14 Risk-Based Internal Audit Plan

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

ARCHIVED - 2011-12 to 2013-14 Risk-Based Internal Audit Plan (PDF, 320 KB)

Executive Summary

2011-12 Planned Audits

The chart below depicts those audits that will commence or will be completed in 2011-12; others will be completed in the following year as indicated in Section 3.5. There are four audits which have not yet been completed by the end of 2010-11 that are planned to be presented to the Audit Committee in the first half of the fiscal year, i.e., the audits of the Financial Management Control Framework (Budgeting, Revenue and EDP Purchases), Human Resources Planning, Follow-up to the 2007-08 Audit of the Management of IT Security and the Follow-up to the Audit of the Industrial Research Assistance Program.  Continuous audit testing for Canada Economic Action Plan funds received in 2009-10 and 2010-11 (Industrial Research Assistance Program, Modernizing Federal Laboratories and Federal Contaminated Sites Assistance Program) will be completed. Continuous audits of these areas and others were introduced in 2009-10 as a means for ensuring audit results obtained in previous years remain relevant for the purposes of supporting the Chief Audit Executive’s annual assurance reporting on the adequacy and effectiveness of NRC’s risk management, control and governance processes.  While audits have been conducted since 2006-07 in all three tiers of NRC’s audit universe, relatively smaller coverage has been provided to date in the Scientific and Innovation Activities portion.  These audits that were to have commenced 2011-12 are on hold pending the further development and refinement of NRC’s new Strategy as well as confirmation that funding for the Technology Clusters will continue beyond 2011-12.

Due to their timeliness for management decision making, continuous audits will be expanded in frequency and in scope in 2011-12 in order to provide assurance more concretely that risks associated with specific audit entities are acceptable.  By undertaking these assessments, the necessity for more frequent formal management control framework and follow-up audit assurance engagements will be reduced.  Traditional follow-up audits will continue for audit entities where sufficient coverage cannot be adequately addressed by continuous audit activities; their continuous audit activities will be more audit surveillance rather than assurance. The frequency of follow-up audits will also be reduced by the introduction of Internal Audit verifying and challenging evidence provided by management where they report to the Departmental Audit Committee the full completion of their action plans in response to recommendations made in audit reports.

Most of the audit work will be completed by Internal Audit staff with audit entity-specific expertise to be contracted out as indicated.

Internal Audits Planned for 2011-12

Accessible version of the pie chart representing the Internal Audits Planned for 2011-12

Internal Audits Percentages
Canada Economic Action Plan Funds 13.6%
IRAP Follow Up 6.8%
Capital Planning and Investment 18.1%
Continuous Assurance Audits
(Travel, Hospitality, Contracts)
27.1%
Continuous Risk Surveillance 5.0%
Human Resources Management Planning 6.8%
Financial Management Control Framework 9.0%
IT Security Follow up 6.8%
Performance Management OCG Horizontal Audit 6.8%

Allocation of Internal Audit Resources:

In response to the new Treasury Board Policy on Internal Audit introduced in April 2006, a reinvigorated audit function for NRC was introduced.  Initially a contracting model was adopted whereby a significant portion of the annual operating budget was used to contract the services of qualified external consultants to complete the audit work which was in turn managed closely by NRC Internal Audit.  Due to difficulties experienced procuring their costly services, the decision was made last year to recruit recent university graduates interested in a career in audit and train them in order to build up in-house audit expertise. This has the added advantage of being able to capitalize on their knowledge gained of NRC for future audits.  While still a significant portion of the annual budget – about 15 percent – is earmarked for highly specialized contracted audit resources, the majority of funds are being used to build a sustainable and knowledgeable internal audit function. 

As with previous years, the majority of Internal Audit’s services will be directed towards providing assurance that NRC’s network of risk management, control and governance processes, as designed and represented by management, is adequate.  Audit efforts have traditionally been directed towards those audit entities that present the highest levels of risk and this will continue for 2011-12 including audits of Human Resources Management, Capital Planning & Investment and Canada Economic Action Plan funds.  While high risk, largely because they have not yet been audited, significant elements of the Scientific and Innovation Activities portion of NRC’s audit universe will not be audited until the new Strategy has been fully implemented.  In 2009-10, in order to reflect relatively lower audit risks verified by completed audits as well as the permanent reduction in audit resources as part of organization-wide reductions, NRC’s audit planning cycle was increased from five years to seven, with audit entities of higher risk being audited more frequently and supplemented with continuous audit activities in intervening years.  One note of caution is presented by the possibility that unplanned audit requests made by management may not be able to be accommodated by the very limited resources set aside for them. They would likely require that other sources of funding be identified or that planned audits be delayed.

Allocation of Internal Audit Resources by Level of Risk

The accessible version of the Allocation of Internal Audit Resources by Level of Risk pie chart

Internal Audit Resource Percentages
High Risk-Funded Audits
Canadian Economic Action Plan Funds 13.6%
IRAP Follow Up 6.8%
Capital Planning and Investment 18.1%
Human Resources Management Planning 6.8%
Moderate Risk-Funded Audits Risk
Continuous Risk Surveillance 5.0%
Continuous Assurance Audits
(Travel, Hospitality, Contracts)
27.1%
Financial Management Control Framework 9.0%
IT Security Follow up 6.8%
Performance Management - OCG Horizontal Audit 6.8%
Date modified: