Skip to content | Skip to institutional links

Common menu bar links

Institutional links

Reports
Resources
Proactive Disclosure

Proactive Disclosure

Multi-Year Risk-Based Audit Plan
2011-12 to 2013-14

Project Number 6B218
Final Audit Report
March 18, 2011

Foreword

This document contains the three-year Risk-based Audit Plan from 2011-12 to 2013-14 for Fisheries and Oceans Canada. It was approved by the Deputy Minister for the Department upon recommendation from the Departmental Audit Committee on March 18, 2011. The Plan is updated annually based on an assessment of current risks and therefore, the timing or scope of some internal audit projects in future years may change.

List of Acronyms
1. Introduction
1.1 Purpose
1.2 Department of Fisheries and Oceans Canada
2. Internal Audit Directorate Organization
2.1 Organization
2.2 Departmental Audit Committee
2.3 Resources
2.4 Internal Audit Services
2.5 Other Services
3. Approach/Methodology
3.1 Universe
3.2 Corporate Risk Profile
3.3 Planning Process
3.4 Approval of the Risk-based Audit Plan
3.5 Monitoring of the Risk-based Audit Plan
4. Summary of Audit Coverage
4.1 Coverage of PAA
4.2 Coverage of Departmental Priorities
4.3 Coverage of Corporate Risks
4.4 Coverage of Risk Management, Controls and Governance
5. Audit Resources
5.1 Summary of Resource Availability and Capacity Use
5.2 Statement on the Adequacy of Resources
6. 2010-11 in Review
6.1 Adjustments to the Audit Plan for 2010-11
6.2 Follow-up on Recommendations to be Implemented
6.3 Changes to the 2010-11 to 2012-13 Risk-based Audit Plan
7. Emerging Issues
7.1 Economic Action Plan
7.2 Cohen Inquiry
Appendix 1: Internal Audits with Recommendations to be Implemented
Appendix 2A: Audit Plan Summary – Three Years at a Glance
Appendix 2B: Detailed Project Description for Fiscal Year 2011-12
Appendix 3: Audit Priorities by Program Activity, Materiality of Coverage and DFO Horizontal Audits
Appendix 4: Summary of DFO’s Corporate Risk Profile
Appendix 5: Summary of Planned Projects by Other Assurance Providers
Appendix 6: Coverage of Departmental Priorities
Appendix 7: Coverage of Corporate Risks
Appendix 8: Coverage by Sector and Risk
Appendix 9: Estimated Resource Allocation and Timelines

List of Acronyms

CAE

Chief Audit Executive

CCG

Canadian Coast Guard

CRP

Corporate Risk Profile

CFO

Chief Financial Officer

DAC

Departmental Audit Committee

DFO

Department of Fisheries and Oceans Canada

EAP

Economic Action Plan

IAD

Internal Audit Directorate

IIA

Institute of Internal Auditors

IPPF

International Professional Practices Framework

OAG

Office of the Auditor General

OCG

Office of the Comptroller General

PAA

Program Activity Architecture

QAIP

Quality Assurance and Improvement Program

RBAP

Risk-based Audit Plan

Treasury Board

Top of page

1.0 Introduction

1.1 Purpose

This document, developed by the Internal Audit Directorate (IAD), outlines the Risk-based Audit Plan (RBAP) for the Department of Fisheries and Oceans Canada (DFO). The RBAP has been designed with the objective of:

identifying the priorities of the internal audit activity based on an assessment of risk and potential exposure that may affect DFO entities’ ability to accomplish their objectives;
coordinating activities with external assurance services providers to ensure proper coverage and minimize duplication of efforts;
allocating internal audit resources to those areas that represent the highest risk and materiality and to ensure that sufficient work is completed to support an overall assurance statement; and
considering recent Management Accountability Framework assessment requirements.

1.2 Department of Fisheries and Oceans Canada

DFO is responsible for developing and implementing policies and programs in support of Canada’s scientific, ecological, social and economic interests in oceans and freshwaters. The Canadian Coast Guard (CCG), a Special Operating Agency within DFO, is responsible for services and programs that contribute to the safety, security and accessibility of Canada’s waterways. The CCG also contributes to the objectives of other government organizations through the provision of a civilian fleet and a broadly distributed shore-based infrastructure.

DFO is a national and international leader in marine safety and in the management of oceans and freshwater resources. Departmental activities and presence on Canadian waters help to ensure the safe movement of people and goods. As an economic and sustainable development department, DFO will integrate environment, economic and social perspectives to ensure Canada’s oceans and freshwater resources benefit this generation and those to come.

The Department’s guiding legislation includes the Fisheries Act, which confers responsibility to the Minister for the management of fisheries, habitat and aquaculture and the Oceans Act, which charges the Minister with leading oceans management and providing CCG and hydrographic services on behalf of the Government of Canada. The Department also shares, with Environment Canada and Parks Canada, responsibility for the Species at Risk Act, which charges the Minister with the responsibilities associated with the management of aquatic species at risk in Canada.

2. Internal Audit Directorate Organization

2.1 Organization

Internal audit in the Government of Canada is a professional, independent assurance function that provides objective, substantiated conclusions as to how well the organization's risk management, controls and governance processes are designed and working. The focus of internal audit is on all management systems, processes and practices, including the integrity of financial and non-financial information. Internal audit adds value by assessing and making recommendations on the effectiveness of control mechanisms in place to ensure that the organization achieves its objectives and in a way that demonstrates informed, accountable decision making with regard to ethics, compliance, risk, economy and efficiency.

At DFO, the mission of IAD is to help improve departmental performance by identifying opportunities through assurance and advisory services. The IAD operates in accordance with respective Treasury Board policies and guidelines. Internal audits are conducted within the standards of the Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) and IAD’s Internal Audit Engagement Process Manual.

The Department’s internal audit activity is led by the Chief Audit Executive (CAE) who reports directly to the Deputy Head. The CAE is responsible for establishing a RBAP consistent with the Department’s objectives and maintaining a quality assurance and improvement program to monitor the IAD effectiveness. The CAE is also responsible for ensuring internal audit resources are professionally qualified and appropriately trained. In addition, the CAE communicates relevant information, including internal audit findings, to the Departmental Audit Committee (DAC), the Deputy Minister and, as appropriate, to the Office of the Comptroller General (OCG).

The IAD consists of Internal Audit Services and Professional Practices function, both led by Directors reporting to the CAE. The Internal Audit Services is responsible for providing assurance and advisory services while the Professional Practices function supports the internal audit activity by providing a quality assurance and improvement program, external liaison services and DAC secretariat.

2.2 Departmental Audit Committee

The DAC provides the Deputy Minister with independent, objective advice, guidance and assurance on the adequacy of the Department’s risk management, controls, governance processes and audit capacity.

The DAC is composed of four members: the Deputy Minister and three external members. The Deputy Minister chairs the meetings and an external member is vice-chair. The Associate Deputy Minister, the CCG Commissioner, the Chief Financial Officer (CFO), the Senior General Counsel and the CAE are permanent observers of the DAC.

2.3 Resources

The total budget (salary, operations and maintenance funding) of the IAD in fiscal year 2011/12 will be $2.5M. The IAD consists of two distinct but complementary functions, namely Internal Audit and Professional Practices. IAD has an approved count of 29.21 FTEs. In 2011/12, the internal audit function will be delivered through 28.88 FTEs (FTE utilization). A breakdown by function follows:

Assurance Work
Audit engagements	20.23
Risk-based Audit Plan	1.35
Quality Assurance and Improvement Program	1
External Liaison	1.4
Support to DAC	1.2
Other Work
Administrative Services (Finance, HR and Strategic Planning)	1.9
Support Services	1.8
TOTAL	28.88 FTEs

*Data has been extracted from the 2011/12 Internal Audit Directorate HR Plan.

2.3.1 Challenges

Greater competition in the public and private sectors for qualified and experienced internal audit professionals, combined with labor market demographic issues, has exacerbated auditor shortages and has made the recruitment and retention of experienced professionals particularly challenging.

The high demand for qualified auditors both inside and outside the public service has made it a challenge for IAD to retain qualified auditors. However, from a turnover of approximately 45% for 2009-10 representing 13 departures, IAD’s attrition was reduced to 11% (3 departures of which 2 are permanent) in 2010/11.

With the exception of three staff taking maternity/parental leave in early 2011-12, the IAD expects to be fully staffed at April 1, 2011; normal turnover throughout the year is expected. Replacing temporary departures of six month to one year is not an easy task given the shortage of auditors in the public service.

2.4 Internal Audit Services

2.4.1 Assurance and Advisory Services

Internal audit takes a disciplined, evidence-based approach to determining whether or not assurance can be provided, that key systems and processes are appropriately designed and are functioning as intended. Principally as a complement to the assurance role, and within its sphere of expertise, the IAD will provide advisory services to the Deputy Minister and the Departmental Management Board.

2.4.2 Follow-up on Audit Recommendations

IAD actively and vigorously monitors and reports on the implementation of approved Management Action Plans to address recommendations from IAD, the Office of the Auditor General (OAG) and other external assurance providers. As part of the follow-up process, IAD requests updates from management, assesses and validates corrective measures that have been taken and determines whether the actions carried out are appropriate. The results of these follow-up activities are reported to and approved by the DAC on a semi-annual basis and annually for OAG audits.

When there is a high risk that the corrective actions may not be completed as reported by the client, IAD will conduct a more comprehensive follow-up audit. Follow- up audit reports are tabled and approved at the DAC and posted on the Directorate Intranet site and provided to TBS/OCG as for regular internal audit engagements. For a complete list of internal audits with recommendations to be implemented, see Appendix 1.

2.4.3 Liaison with the Office of Auditor General and other Assurance Providers

IAD’s management of liaison activities with the OAG, the OCG, and other assurance providers ensures that the activities of the Department are represented accurately, fairly and in a balanced manner. Various activities are carried out to ensure positive working relationships and effective coordination of all external audit work. Specifically, this includes providing assistance to departmental officials throughout the conduct of audits, negotiating acceptable timeframes for providing requested material, as well as collaborating with others when validating the factual content of audit reports and preparing departmental responses.

2.4.4 Support to the Comptroller General

As outlined in the Treasury Board (TB) Policy on Internal Audit, the IAD must address risks and internal audits identified by the OCG as part of government-wide coverage. Horizontal audits planned by the OCG were taken into account and those involving IAD were included in the 2011-12 to 2013-14 RBAP, refer to Appendix 2A.

Recently, the OCG has adopted a new method of conducting horizontal internal audits. Horizontal audits are now being conducted as a collaborative approach by sharing the work between the OCG and the Internal Audit groups in departments. When conducting a horizontal audit in large departments and agencies, the OCG will perform the planning of the audit and prepare the audit work programs including the steps to take for documentation review and interview questionnaires. The OCG then requires the IAD to provide 2 auditors (a supervisor and someone to do the work) to complete the examination phase and provide fact sheets to the OCG within a 12 week window. The OCG will join the IAD in the field to ensure consistency in the way the work is being carried out across large departments and agencies.

We believe that resources required to perform the OCG work has been planned appropriately in the RBAP. However, as the RBAP was being prepared, the OCG was still in the process of finalizing its audit plan for 2011-12 to 2013-14. Once it is finalized, the IAD may need to make adjustments to portions of its RBAP to avoid duplication and ensure efficient use of resources. The IAD will seek the DAC approval for any such substantive changes¹.

The TB Policy on Internal Audit also requires that Deputy heads ensure that, on a timely basis, the OCG is provided: copies of internal audit plans as approved by the deputy head; copies of any management letters resulting from the audits of the OAG; electronic copies of reports on all completed internal audits before they are posted on the departmental web site; a copy of the annual assurance overview report by the CAE; access to internal auditing staff and their working papers; the annual report of the DAC including the Committee's assessment of the departmental internal audit function; and external professional practice inspection reports.

2.5 Other Services

2.5.1 Support to the DAC

The IAD provides support to the DAC members in order to coordinate and organize the quarterly meetings. This includes the preparation of material into binders two weeks before the date of the meeting. The IAD reimburses the DAC external members for the cost of travel and salary for hours worked. The IAD also provides support for the preparation of the DAC Annual Report and the DAC Annual Work Plan.

2.5.2 Quality Assurance Activities

Pursuant to the TB Policy on Internal Audit, the Government of Canada adopted the IIA International Professional Practices Framework and the International Standards for the Professional Practice of Internal Audit as part of the Government of Canada Internal Audit Standards. The implementation of the Policy was to be phased in by the effective date of July 1, 2009. As part of the Standards, the CAE is responsible to develop and maintain a Quality Assurance and Improvement Program (QAIP).

In 2009/2010, IAD signed a Memorandum of Understanding (MOU) with Audit Services Canada for a pilot quality assurance program. In that year, 13 of 17 phases of audits were reviewed, including projects led by all four managers. A report was prepared by Audit Services Canada including strengths and opportunities for improvement.

In 2010/2011, the program was transferred in house under the direction of the Director, Professional Practices. The QAIP manager established a program, approved by the Director and CAE, to ensure that all phases of all audits would be submitted to Quality Assurance prior to the audit reports going to DAC for recommendation and approval by the Deputy Minister.

Furthermore, IAD has volunteered to undergo an external pilot professional practice inspection conducted by the OCG that will satisfy the requirement of the TB Policy on Internal Audit to have an external review done at least once every four years.

3. Approach/Methodology

3.1 Universe

The Department activities are organized under three strategic objectives: Economically Prosperous Maritime Sectors and Fisheries, Sustainable Aquatic Ecosystems, and Safe and Secure Waters. Supported by scientific excellence, modern and efficient corporate functions and a versatile Coast Guard fleet, these strategic objectives form the basis for organizing, planning and reporting on the Department's programs and services.

These strategic objectives form the basis of the Department’s PAA for 2011-12 referred to in Appendix 3. The PAA is an inventory of all the programs and activities undertaken by the Department. The PAA was a major input into the definition of the audit universe. The audit universe, which forms the basis for selecting areas to audit, defines the potential scope of the internal audit activity and is comprised of major auditable units that may be subject to audit. It is the starting point of the RBAP.

3.2 Corporate Risk Profile

The internal audit plan of engagements takes into consideration the Corporate Risk Profile (CRP) for DFO. The CRP consists of: key corporate risk identification, assessment and prioritization; assignment of senior management accountabilities for mitigation; and, identification of additional mitigation strategies. As well, the CRP contains sections on: the context and drivers for Integrated Risk Management; the governance of Integrated Risk Management; communications; the methodology to derive the CRP; and a detailed analysis of each of the corporate risks. A summary of DFO’s Corporate Risks can be found in Appendix 4.

3.3 Planning Process

This Plan represents an update of the 2010-11 to 2012-13 RBAP that was approved by the Deputy Head in March 2010.

The procedures taken to develop the 2011-12 to 2013-14 RBAP were based on the OCG practice guidebook entitled Internal Audit Planning for Departments and Agencies as well as best practices/areas of improvement found during last year’s update. The audit universe was DFO’s new 2011-12 PAA which represents the inventory of auditable entities in the department organized by strategic objective. This audit universe was then prioritized and assessed for risk based on interviews with senior management and risk factors including materiality, complexity, degree of change, previous assurance work, legislative or other compliance requirements, and degree of dependencies. The results of the risk prioritization are summarized in Appendix 3.

The RBAP for 2011-12 to 2013-14 was developed from the list of prioritized internal audit projects. The three-year summarized internal audit plan is provided in Appendix 2A. Additional information on planned audits for 2011-12 is provided in Appendix 2B. The RBAP includes carry-over audit projects from 2010-11, OCG horizontal audits and proposed audit projects. Appendix 5 provides, as contextual information, a summary of projects planned by other assurance providers.

3.3.1 Document Review

In order to update the 2010-11 to 2012-13 RBAP, the audit team undertook a review of relevant documents to validate the current list of proposed audit projects and identify potential changes and additions. The following documents were consulted:

DFO’s Program Activity Architecture;
DFO’s Corporate Risk Profile;
DFO sector risk profiles;
DFO’s Management Accountability Framework assessment;
DFO Department Performance Report;
DFO Report on Plans and Priorities;
DFO Internal Audit and Evaluation Reports;
Reports of external assurance providers; and
DFO’s departmental priorities.

3.3.2 Identification of Areas with High Risk

Consultations were held with Senior Management as an opportunity to engage them in the risk-based audit planning process. Management was asked to validate the audits identified in the previous RBAP for 2011-12 and 2012-13 and to provide input for the planning of audit projects for 2013-14. They were also asked to discuss any particular sources of risk to which their organizations were exposed. A separate consultation was held with the DAC members. The IAD considered the information provided during these consultations when preparing the DFO’s 2011-12 to 2013-14 RBAP.

3.4 Approval of the Risk-based Audit Plan

The Risk-based Audit Plan is formally updated by the IAD on an annual basis, reviewed by the DAC and recommended for approval to the Deputy Head.

When changes to the RBAP are necessary, IAD will ensure that the principles of the audit planning process are observed and that all resulting decisions are well documented and approved by the DAC². By following a rigorous process, the Department can ensure that new decisions are being made in a consistent and timely manner.

3.5 Monitoring of the Risk-based Audit Plan

The implementation of the RBAP will be monitored on a regular basis throughout the year and proposed changes will be presented to DAC for approval, when required².

4. Summary of Audit Coverage

4.1 Coverage of PAA

Appendix 3 summarizes coverage of the audit universe by assurance providers and the DFO 2011-12 to 2013-14 RBAP. The audits selected in the 2011-12 to 2013-14 RBAP provide coverage of 56% ($1B / $1.8B) of DFO’s spending estimates for 2011-12. Furthermore, 2 OCG and 3 DFO multi-sector audits will be conducted providing further coverage. The DFO 2011-12 to 2013-14 RBAP covers 66% (12/18) of high audit priorities, with coverage on the balance provided by previous assurance work or other assurance providers when possible. The only exception is “Fisheries Strategies and Governance” which is an approved new PAA element as of April 2011. Inclusion of this PAA element into the 2012-13 to 2014-15 RBAP will be made when associated risks and controls can be assessed.

4.2 Coverage of Departmental Priorities

Appendix 6 summarizes audit coverage of Departmental Priorities as approved at the September 2010 DMC meeting. These priorities were then used in developing the priorities found in DFO’s 2011-12 Report on Plans and Priorities. There is either recently completed or planned assurance projects listed for every auditable priority. Several management priorities target specific initiatives that are not auditable. For example, the IAD cannot audit the tabling of the new Fisheries Act and passage through parliament.

4.3 Coverage of Corporate Risks

Appendix 7 summarizes the 2011-12 to 2013-14 RBAP coverage of corporate risks. All 13 corporate risks from Appendix 4 are addressed except for Communications. Risks associated to Communications were ranked moderate (see Appendix 3). As such, it was not prioritized above other audits for inclusion in the 2011-12 to 2013-14 RBAP.

4.4 Coverage of Risk Management, Controls and Governance

Each audit contained in the 2011-12 to 2013-14 RBAP was selected for its high potential to add value to DFO’s operations through the improvement of risk management, controls, and governance processes. Furthermore, this RBAP contains several multi-sector audits on DFO initiatives such as the Northern Strategy, the Governance Structure, and the Policy on Internal Control which will directly address the areas of risk management, controls, and governance across several sectors and strategic objectives.

Appendix 8 summarizes the 2011-12 to 2013-14 RBAP coverage of DFO sectors and risks.

5. Audit Resources

5.1 Summary of Resource Availability and Capacity Use

In preparation of the RBAP, an estimate of total resource capacity available was determined and used for scheduling of the audits. Taking into account the budget available for internal and external resources, a total of approximately 2,535 person-days of capacity for 15 full-time auditors was estimated for 2011-12. This is direct audit time. The FTE utilization of 20.23 referred to in section 2.3 includes work associated with first level quality assurance, leave provisions and time for administration, professional development and other training which decreases available auditor work time.

Appendix 9 summarizes estimated resource allocation and timelines for audits in each fiscal year: 2011-12, 2012-13, and 2013-14.

5.2 Statement on the Adequacy of Resources

Appendix 2B Detailed Project Descriptions for Fiscal-Year 2011-12, summarizes the estimated salary, contractor and travel costs required for each audit in 2011-12. The resource needs are adequately covered by the IAD budget $2.5M while allowance is made for MAP follow-up activities, liaison with the OAG and other central agencies, support to the DAC, professional practices, administrative support, leave and training. Should the IAD budget in future years remain comparable, it is expected that resources will be adequate for 2012-13 and 2013-14.

Although resource needs are slightly higher for 2012-13 (refer to Appendix 9), audit project realignment based on a DFO updated risk assessment is expected at the next RBAP update.

6. 2010-11 in Review

6.1 Adjustments to the Audit Plan for 2010-11

As per the 2010-11 to 2012-13 RBAP, 11 audits were scheduled for completion in 2010-11. During fiscal year 2010-11, adjustments were required to the RBAP due to new requirements on IAD identified by DFO senior management. IAD proposed the following adjustments to the plan for which approval was received at the September 2010 meeting of the DAC.

6.1.1 Atlantic Lobster Sustainability Measures Program

In 2009-10, the Department implemented two lobster-related programs, the Short Term Transitional Measures and the Atlantic Lobster Sustainability Measures, to provide short term assistance to lobster harvesters affected by the global economy and to address sustainability of the fishery over the longer term. The Deputy Minister requested that the IAD assess the adequacy of the management control framework put in place for these programs. The audit report was approved at the December 2010 DAC meeting.

6.1.2 BC Aquaculture Program

In February 2009, the B.C. Supreme Court ruled that marine finfish aquaculture on the coast of B.C. is a fishery and a matter of exclusively federal jurisdiction. DFO became responsible for the BC Aquaculture program as of December 18, 2010. Prior to this transition, IAD was requested to conduct a limited scope review of the program. This work was agreed upon by the Deputy Minister, and conducted during the 2010-11 fiscal year. The report was approved by DAC at their September 2010 meeting.

6.1.3 Internal Service Business Management

In the context of strategic review, the IAD was requested to undertake a preliminary study, and subsequently oversee the independent review, including a benchmarking analysis of the program planning and coordination (PPC) function at DFO. The reports of these studies reached findings and made recommendations that helped management make informed decisions regarding the department’s business model for the delivery of internal services. These recommendations have been accepted by the Deputy Minister and an implementation committee has been struck.

6.1.4 Coast Guard Mid-shore Vessel Procurement Review

The CCG, in partnership with Public Works and Government Services Canada, is overseeing a $218.9 million contract for the building of 9 Mid-shore Patrol Vessels for the CCG. An audit was requested by the CCG. As a result, IAD engaged Audit Services Canada to undertake a limited scope review. The findings and recommendations of this review were presented to the DAC in December 2010.

6.1.5 Economic Action Plan Scope Change

During the Audit of the Implementation of Economic Action Plan (EAP), instances were observed where there was non-compliance to Government procurement and financial policies and regulations, including the Financial Administration Act and the Government Contracting Regulations. As a result, further audit work was undertaken which resulted in further evidence of non-compliance. The audit report was tabled at the December 2010 DAC meeting.

6.1.6 Projects Delayed

Over 2010-2011, IAD was faced with resource challenges. These challenges included the implementation of new quality assurance processes, delays in software upgrades, and a total of 5 persons taking leave for assignments or parental leave.

As a result of the addition of the above noted audit and review projects and resourcing challenges, the completion of the audits of Aquaculture Management, Fleet Operational Readiness, Accounts Verification and the CCG College was deferred until the 2011-12 fiscal year. This change was approved by the DAC in September, 2010.

The 2011-12 to 2013-14 RBAP has been structured to minimize carry-overs in future years.

6.2 Follow-up on Recommendations to be Implemented

At the DAC on December 17, 2010, IAD reported on the semi-annual follow-up on recommendations to be implemented. At that time, it was reported that of the 126 recommendations resulting from internal audits approved between February 2004 and June 2010, 108 (85%) of the recommendations had been implemented or closed leaving 18 (15%) to be fully implemented. Please refer to Appendix 1 for a complete list of internal audits with recommendations to be implemented.

6.3 Changes to the 2010-11 to 2012-13 Risk-based Audit Plan

Changes in Audit Priorities

Some audits from the 2010-11 to 2012-13 RBAP were no longer deemed to be a priority. This was determined when the residual risks were too low to warrant an audit, work in progress required a change in timing, materiality was low, or when the inherent risks were not significant. A total of nine audits are no longer deemed to warrant assurance work. These audits are:

Canadian Coast Guard College (2010-11)
Small Craft Harbours (2011-12)
Information Management (2011-12)
The Aboriginal Policy and Governance Organization (2011-12)
Inventory Management (2011-12)
Search and Rescue Services (2012-13)
Diversity Employment Equity, Planning and Recruitment Strategy (2012-13)
Pacific Salmon Treaty Program (2012-13)
Federal Contaminated Sites Action Plan (2012-13)

Furthermore, the title, scope and objective for three audits were changed. The audit of Life-Cycle Asset Management Services (2011-12) was changed to the audit of Shore-based Asset Readiness (2012-13) as a result of the preliminary survey phase for the audit of Fleet Operational Readiness. The audit of Legal Risk Management was changed to the audit of the Legal Risk Management Control Framework. Finally, the audit of Support for Marine Security (2012-13) was changed to the audit of Maritime Security (2012-13).

Horizontal Audits of the Office of the Comptroller General (2011-12 and 2012-13)

As a large department, DFO was asked by the OCG to identify two horizontal audits in which to participate. As described in section 2.4.4, IAD will be required to provide resources for the conduct phase of these audits and as such has made provisions for them in the 2011-12 to 2013-14 RBAP. Note that the OCG has not given final confirmation of DFO’s inclusion in these audits.

7. Emerging Issues

There are a number of emerging DFO or government wide priorities or issues that may have implications for IAD. Some issues which may affect the RBAP that the IAD is currently monitoring include the following:

7.1 Economic Action Plan

The IAD conducted a Readiness Assessment of the EAP initiatives in 2009-10 to ensure that appropriate governance, risk and control frameworks are in place to manage the EAP funding. Gaps were identified and managers responsible for EAP developed a Management Action Plan to address these gaps for corrective action. An audit of EAP was included in the 2010-11 RBAP and was conducted accordingly. While there is no specific EAP project included in the RBAP, the OAG is expected to conduct audit work in this area which may require IAD involvement in the Fall of 2011.

7.2 Cohen Inquiry

A Commission of Inquiry into the Decline of Sockeye Salmon in the Fraser River has been established. The purpose of the inquiry is to investigate and report on reasons for the decline in the Fraser River sockeye salmon returns and make recommendations for the long-term viability of this fishery. As part of the examination, the policies and practices of the Department are being examined.

There is currently no project on the RBAP specific to the inquiry into the decline of sockeye salmon; however, the IAD should be prepared to react should its assistance be required during the course of the inquiry.

Appendix 1: Internal Audits with Recommendations to be Implemented

	Internal Audit Project	Recommendations to be Implemented	Risk Assessment
1	Follow-up Audit of the Experimental Lakes Area	1	Low
2	Audit of the Contribution Agreement with the Shubenacadie First Nation	1	Low
3	Audit of the Conservation and Protection Program	2	Low
4	Audit of Departmental Succession Planning	2	Moderate
5	Audit of the Management Control Framework Supporting Senior Management Committee Information for Decision Making	2	Moderate
6	Review of BC Aquaculture	6	Moderate
7	At-Sea Mentoring Initiative and First Nations Fisheries Operations Management Initiative (ASMI/FOMI)	4	Moderate

Note: the above status was reported at the December 2010 DAC Semi-annual Follow-up of Recommendations to be Implemented.

Appendix 2A: Audit Plan Summary – Three Years at a Glance

FY	Potential Audit Area Identified	Preliminary Audit Objective	Strategic Objective	Lead Sector/ Branch	Risk Ranking	Rationale	Estimated Resources Needed (Person- days)
Carry-Over and Planned Projects for 2011-12 (1890 days) Carry-Over Projects from 2010-11 (640 days) ; Planned projects for 2011-12 (1250 days)
Carry-Over	Fleet Operational Readiness Part 1: Fleet Asset Management	The objective of this audit is to provide assurance that the Fleet’s asset base is being adequately managed to ensure its sustainability into the future to efficiently and effectively deliver the Fleet Operational Readiness Program. Note: The audit of Fleet Operational Readiness has been phased into two projects. This will be the first phase. The second phase will be addressed subsequently in 2011-12.	Safe and Secure Waters	CCG	High	Fleet and infrastructure renewal is listed as one of the DFO priorities for 2011-12 in order to address aging equipment and anticipate needs of the future. The 2007 OAG follow-up audit found that some deficiencies still existed. High materiality. A new organization has recently been established for Vessel Procurement under a new Deputy Commissioner resulting in new roles, responsi- bilities, and accounta- bilities that have not yet been examined.	400 (50% remaining) = 200
Carry-Over	Accounts Verification	The objective of this audit is to provide assurance that DFO's management control framework for the implemen- tation of the new risk based account verification process is in place and is adequate to ensure effective internal controls, compliance with legislation, regulations and policies, and accurate financial information.	Internal Services	CFO	High	Strengthe- ning internal control is stated as a DFO priority under “Managing for Results”. The Readiness Assessment for Financial Statements found that the accounts verification processes had significant internal control weaknesses.	400 (30% remaining) = 120
Carry-Over	Real Property	The objective of this audit is to provide assurance that Real Property, Safety and Security (RPSS) management of real property is adequate and supports timely, informed real property management decisions.	Internal Services	HRCS / RPSS	High	For three consecutive years, the effectiveness of asset management has been identified as an ‘Opportunity for Improvement’ in the Management Accountability Framework assessments. Areas of weakness identified therein include departmental real property policies and the real property information system. Identified by Senior Management as a high risk.	400 (20% remaining) = 80
Carry-Over	Aquaculture Management	The objective of this audit is to provide assurance on the adequacy of the Management Control Framework for Aquaculture Management taking into consideration the contributions of Aquaculture Science within the overall program activity.	Sustainable Aquatic Ecosystems	Program Policy	High	The program has received increased funding in recent years. This program has received increased attention resulting in high visibility.	400 (60% remaining) = 240

FY	Potential Audit Area Identified	Preliminary Audit Objective		Strategic Objective	Lead Sector/ Branch		Risk Ranking	Rationale	Estima- ted Resour- ces Needed (Person- days)
Planned Projects for 2011-12 (1,250 days)
2011-12	OCG Audit - Horizon- tal Internal Audit of Perfor- mance Manage- ment	The audit will assess compliance with the Policy on Management, Resources, and Results Structures (2008). It will also assess the following: whether the Treasury Board Secretariat is improving its ability to provide effective and efficient government-wide reporting and decision making; and whether departments and agencies have established Manage- ment, Resources, and Results Structures that include a common framework linking financial and non-financial information across government.	Internal Services			CFO	OCG Commit- ment	Effective performance management enables a large department or agency to ensure accountability, good governance, value for money, and overall effectiveness of operations and service delivery. Program management underpins management decision making at all levels of government. Performance management should also support more effective planning when results are integrated into future business plans.	150
2011-12	Fleet Opera- tional Readi- ness Part 2: Fleet Opera- tional Capa- bility	The objective of this audit is to provide assurance that the Fleet Operational Capability program is adequately managed to ensure that certificated professionals safely, effectively and efficiently operate vessels, air cushion vehicles, helicopters and small crafts that are ready to respond to the Government of Canada's on-water and marine related needs. Note: The audit of Fleet Operational Readiness has been phased into two projects. This will be the second phase.	Safe and Secure Waters			CCG	High	There is high materiality in the area of Fleet Operational Capability. The preliminary survey for the 2010-11 audit of Fleet Asset Management also identified areas such as costing methodology and fulfilling client needs as being areas of risk. 2007 OAG follow-up audit found that some deficiencies still existed. There has been no additional follow-up work since 2007.	400
2011-12	Commer- cial Fisheries	The objective of this audit is to provide assurance that controls for the commercial fisheries program related to licensing, quota monitoring, and the implemen- tation of management measures are adequate to meet the objectives of DFO.	Economically Prosperous Maritime Sectors and Fisheries			Ecosys- tems and Fisheries Manage- ment	High	DFO priority “Fisheries Renewal”. Senior Management identified 7 different licensing systems, a need for moderni- zation, and regional inconsis- tencies	400
2011-12	Integra- ted Oceans Manage- ment	The objective of this audit is to assess the adequacy of the management control framework in place to deliver DFO's mandated responsi- bilities under the Oceans Act.	Sustainable Aquatic Ecosystems			Oceans and Science	Moderate	Identified as a DFO priority under “Healthy Ecosystems”. Senior Management identified this audit as timely. High visibility and lack of previous audit coverage. Moderate materiality.	300

FY	Potential Audit Area Identified	Preliminary Audit Objective		Strategic Objective	Lead Sector/ Branch	Risk Ranking	Rationale	Estima- ted Resour- ces Needed (Person- days)
Planned Projects for 2012-13 (2,450 days)
2012-13	OCG – Horizontal Internal Audit of the Grants and Contri- butions Manage- ment Control Framework -Phase 2	This audit will build on the Horizontal Internal Audit of the Grants and Contributions Management Control Framework – Phase 1. Given the first-year audit will only examine the role of the Treasury Board Secretariat in enabling some of the expected results of the new policy, this second audit will examine progress. These expected results include simplifying administration of, and strengthening accountability in, the government-wide operations of grants and contributions.	Internal Services		EFM/ CFO	OCG Commit- ment	The significance and public visibility associated with grants and contribu- tions contribute to its priority as a horizontal internal audit.	150
2012-13	DFO Governance Structure	The objective of this audit is to provide assurance that management has an appropriate governance framework in place to set DFO strategic directions, operational plans, objectives and priorities.	All		Exe- cutive Secre- tariat	High	A new governance structure has been put in place in January 2011 and a need for an audit has been identified by senior management for 2012-13.	400
2012-13	International Affairs	The objective of this audit is to determine whether the controls are adequate for the International Affairs program to ensure it contributes to a stable international trade regime for Canadian fish and seafood products.	Economically Prosperous Maritime Sectors and Fisheries		Interna- tional Affairs Direc- torate	High	This is a DFO priority under “Inter- national” with a focus on the need to develop governance and a framework to define and assess where inter- national effort is best placed to benefit the overall DFO/CCG agenda. Senior Management indicated the need for assurance on the controls of the Inter- national Affairs Directorate.	200
2012-13	Policy on Internal Controls	The objective of this audit is to provide assurance that risks relating to the stewardship of public resources are adequately managed through effective internal controls, including internal controls over financial reporting. (e.g., Directives on Accountable Advances, Acquisition Cards, Delegation of Financial Authorities, Departmental Bank Accounts, Expenditure Initiation and Commitment Control, Pay Administration)	Internal Services		CFO	High	New TB Policy on Internal Control effective April 1st 2009. DFO priority “Managing for Results” has a focus on strengthe- ning internal controls. The importance of internal controls has been stated by Senior Management and DAC external members. Issues identified with uniformity and standar- dization across regions	400
2012-13	Northern Strategy	The objective of this audit is to determine the adequacy of the management control framework in place to ensure that the short-run and long-run objectives related to the government northern strategy are met and to provide assurance on the integration of DFO’s efforts both internally among programs and externally with other departments.	All		Ecosys- tem and Fisheries Mana- gement Note: CCG, Science and Central and Arctic region are involved	High	The North is identified as a DFO priority under “Cross Cutting Priorities”. Report on Plans and Priorities mentions the develop- ment of a Northern Strategy. DFO is a key department in the Prime Minister’s multi-depart- mental Northern Strategy. High materiality.	400
2012-13	Shore-based Asset Readiness	The objective of this audit is to assess the life-cycle management of the $1.6B CCG’s non-fleet assets to ensure they are available and reliable to support CCG’s programs.	Safe and Secure Waters		CCG	High	High Risk and high materiality ($1.6B asset value). No recent assurance has been performed. This audit follows audits on Real Property, Small Craft Harbours, and Fleet Assets and will provide additional assurance on the state of CCG’s non-fleet asset base.	200
2012-13	Legal Risk Management Control Framework	The objective of this audit is to assess the adequacy of the management control framework in place for managing legal risks facing the Department. Management control framework is understood as the suite of controls that management has put in place to manage the risk and increase the likelihood that established organizational objectives will be achieved.	Internal Services		Legal	High	Senior Management indicated that Legal risk is high and that demands for legal services are increasing along with associated costs to DFO. No recent audit of the activity. A new legal risk governance framework is being developed.	300
2012-13	Maritime Security	The objective of this audit is to assess the extent to which DFO and CCG are fulfilling their identified roles, responsibilities and accountabilities for maritime security.	Safe and Secure Waters		CCG	Mode- rate	It is identified as a DFO priority under “CCG” and ties into the Northern Strategy (DFO is a key department in the Prime Minister’s multi-depart- mental Northern Strategy.) CCG provides a crucial support function in the delivery on the multi-depart- mental Canadian maritime security agenda. There is a lack of recent assurance work. Significant amount of coordination is required with other departments (e.g., RCMP).	400

FY	Potential Audit Area Identified	Preliminary Audit Objective		Strategic Objective	Lead Sector/ Branch		Risk Ran- king	Rationale	Estima- ted Resour- ces Needed (Person- days)
Planned Projects for 2013-14 (1900 days)
2013-14	Contract Manage- ment	The objectives of this audit are to provide assurance on compliance with Treasury Board Secretariat and DFO policy and guidelines for contracting; to ensure that contract management is effectively enabling program management in an efficient and responsive way, to provide assurance on the economy of procurement and on the cost savings.	Internal Services			CFO	High	High materiality. Follow-up audit was done in 08-09 by DFO identified only partial completion on several recommen- dations. Use of Advance Contract Award Notice (ACAN) in the regions was mentioned in interviews as an area of higher risk.	300
2013-14	BC Aquaculture Program	The objective of this audit is to provide assurance that the management control framework is efficient and effective to ensure that the BC Aquaculture program meets its objective.	Economically Prosperous Maritime Sectors and Fisheries			Ecosys- tems and Fisheries Mana- gement	Mode- rate	New program transferred from the province of BC; high visibility; need to ensure the MCF is in place. Senior Management indicated that this audit would be of benefit.	300
2013-14	Aids to Navigation	The objective of this audit is to assess the adequacy of the management control framework in place to support safe and efficient marine navigation; and to assess the extent of the progress made on recommendations to be implemented since the 2007 Status Report of the Office of the Auditor General.	Economically Prosperous Maritime Sectors and Fisheries			CCG	Mode- rate	It is identified as a DFO priority under “North” and ties into the Northern Strategy The 2007 Status Report of the Office of the Auditor General deemed progress unsatis- factory in the implemen- tation of a number of recommen- dations to be implemen- ted relating to aids to navigation. Moderate materiality.	300
2013-14	Species at Risk Manage- ment	The objectives of this audit are to assess: the management control framework in place for the management of species at risk; and whether DFO can meet its obligations under the Species at Risk Act; and compliance with applicable legislation and policies.	Sustainable Aquatic Ecosystems			Oceans and Science / Oceans Habitat and Species at Risk	Mode- rate	Senior Management expressed interest in this audit. The OAG follow-up audit in 2008 identified areas of concern that had not been fully addressed. Lack of recent assurance work. Moderate materiality.	300
2013-14	Atlantic Lobster Sustai- nability Measures	The objective of this audit is to assess the management control framework in the implementation and administration of the Program.	Economically Prosperous Maritime Sectors and Fisheries			Ecosys- tem and Fisheries Mana- gement	Mode- rate	New program identified in management interviews as an area of concern. Moderate materiality.	200
2013-14	Travel and Hospitality	The objective of this audit is to provide assurance that DFO is in compliance with Government of Canada Travel and Hospitality directives; to provide assurance that economies are being realized with the implementation of the new DFO travel and hospitality system (cost and process).	Internal Services			CFO	Mode- rate	New Treasury Board Directive on the Management of Expenditures on Travel, Hospitality and Conferences that took effect on January 1, 2011. Travel and Hospitality spending was capped at $63 million for 2009-10. Risk is slightly increased because of the new automated travel system put in place in the Fall of 2010. The overall rating for this audit is still considered moderate because of the degree of control already in place.	300
2013-14	Aquatic Invasive Species	The objective of this audit is to assess the adequacy of the management control framework in place for the Program and to assess the status of the extent of the progress made on recommendations to be implemented since the 2008 Status Report of the Commissioner of the Environment and Sustainable Development.	Sustainable Aquatic Ecosystems			Oceans and Science	Mode- rate	Considered a source of risk and high visibility in some parts of the country only. Identified as a risk by senior management. Lack of recent assurance work. The overall risk is deemed to be moderate due to lower materiality.	200

Appendix 2B: Detailed Project Description for Fiscal Year 2011-12

Project Risk Ranking			High
Project Title:		Fleet Operational Readiness Part 1: Fleet Asset Management (Carry-over)
Major Auditable Unit:		Canadian Coast Guard
Link to Corporate Risk:		Physical Infrastructure, Strategic Alignment, Higher Input Costs, Hazard-type or Crisis-type Risks ; Climate
Link to Management Accountability Framework:		Stewardship, Citizen-focused Service
Background and Engagement Specific Risks: Fleet and infrastructure renewal is listed as one of the DFO priorities for 2011-12 in order to address aging equipment and anticipate needs of the future. There is "High Materiality" in the areas of vessel maintenance and procurement. A new organization has recently been established for Vessel Procurement under a new Deputy Commissioner resulting in new roles, responsibilities and accountabilities that have not yet been examined. In addition, in 2007 the Office of the Auditor General conducted a follow-up audit on recommendations that had been made in previous reports and found that some deficiencies still existed. There has been no additional follow-up work since 2007.
*Audit Objective (Assurance Audit):* The objective of this audit is to provide assurance that the Fleet’s asset base is being adequately managed to ensure its sustainability into the future to efficiently and effectively deliver the Fleet Operational Readiness Program.
Audit Scope: This audit will focus on the management of the Fleet’s assets through the asset life cycle focusing primarily on procurement, maintenance and disposal of vessels, Air-Cushion Vehicles and helicopters. Although shore-based and program infrastructure assets are important to the delivery of the Fleet Operational Readiness program, they are excluded for the purpose of this audit as they are not part of the Fleet Operational Readiness program. The audit will focus on the management of Fleet’s assets during the period of fiscal years 2009-10 and 2010-11. In order to understand the evolution of some activities, review of information dating back earlier may be required to provide sufficient context to the area being examined. The audit will be carried out in National Headquarters and in selected regions to be determined.
Estimated Project Costs:
Resource Days:	400 (50% remaining) = 200
Resource Dollars:	$80,160
Timing:	Q1-Q2
Contractor Costs:	$30,000
Travel Costs:	$0

Project Risk Ranking			High
Project Title:		Accounts Verification (Carry-over)
Major Auditable Unit:		Chief Financial Officer
Link to Corporate Risk:		Information for Decision Making, Strategic Alignment
Link to Management Accountability Framework:		Stewardship
Background and Engagement Specific Risks: Since 1998, numerous Auditor General, DFO Internal Audit and management reviews have concluded that DFO’s Internal Controls need to be strengthened. The latest assessment conducted by an external consulting firm to determine DFO’s readiness for an independent, controls-based audit of its financial statement identified weaknesses in the accounts verification processes. In response to the assessment, the Chief Financial Officer developed an internal control remediation plan to address these issues which included developing national standardized processes and procedures. The account verification project began in April 2008 with a new account verification business process being rolled-out nationally in October 2009. With this, DFO expects to achieve increased compliance to legislation, regulation and policies, more accurate financial information and significant improvement in internal financial control.
Audit Objective *(Assurance Audit)*: The objective of this audit is to provide assurance that DFO's management control framework for the implementation of the new risk based account verification process is in place and is adequate to ensure effective internal controls, compliance with legislation, regulations and policies, and accurate financial information.
Audit Scope: The audit will focus on the new risk-based account verification process within the Department, to determine if management controls are in place, functioning effectively and comply with relevant TB and DFO policies and directives. The effectiveness and consistency in the application of the Quality Assurance and Sampling Plan within the National Capital, Pacific and Maritime Regions will be examined for the period April 1, 2010 to October 31, 2010 by selecting a random sample of transactions to determine if they comply with the DFO Policy and Directive. The sample will cover Vote 1 O&M expenditures, Vote 5 Capital expenditures and Vote 10 Grants and Contribution expenditures as well as PAYE settlements, set up in March 2010.
Estimated Project Costs:
Resource Days:	400 (30% remaining) = 120
Resource Dollars:	$48,096
Timing:	Q1
Contractor Costs:	$0
Travel Costs:	$0

Project Risk Ranking			High
Project Title:		Real Property (Carry-over)
Major Auditable Unit:		Human Resources and Corporate Services / Real Property, Safety and Security
Link to Corporate Risk:		Physical Infrastructure, Legal
Link to Management Accountability Framework:		Stewardship
Background and Engagement Specific Risks: In recent Management Accountability Framework assessments, areas of weakness were identified in departmental real property policies and the real property information system. Internally, the risk that real property infrastructure will deteriorate to a point that sudden and large capital investments will be required could compromise DFO program delivery.
Audit Objective *(Assurance Audit)*: The objective of this audit is to provide assurance that Real Property, Safety and Security (RPSS) management of real property is adequate and supports timely, informed real property management decisions. .
Audit Scope: It is important to note that the audit of real property will only focus on the real property function of RPSS. Therefore, the Safety and Security branch as well as the Office of Environmental Coordination operating under RPSS will be both excluded from the audit scope. As per the Risk-based Audit Plan and our subsequent analysis, the audit will only focus on properties that are under the custodianship or the management of RPSS. Hence, the audit scope will also include properties that are leased by RPSS. Properties that are under the custodianship of Small Craft Harbours and Canadian Coast Guard will be excluded from the audit scope with the exception of Canadian Coast Guard properties that have been identified as divestitures the reason being, once assets have been identified for divestiture by Canadian Coast Guard, the management of the properties is reassigned to RPSS. Consequently, those properties will also be included in the audit scope. As the scope includes real property management both in the RPSS organization and in DFO regional offices, the audit team will visit the Pacific and Central and Arctic regions. Both regions were selected based on a comprehensive analysis performed during the preliminary survey phase and discussion with RPSS management.
Estimated Project Costs:
Resource Days:	400 (20% remaining) = 80
Resource Dollars:	$32,064
Timing:	Q1
Contractor Costs:	$0
Travel Costs:	$0

Project Risk Ranking			High
Project Title:		Aquaculture Management (Carry-over)
Major Auditable Unit:		Program Policy
Link to Corporate Risk:		Third Party Reliance, Legal
Link to Management Accountability Framework:		Citizen-focused Service
Background and Engagement Specific Risks: The Government of Canada announced a $70 million investment over five years in Budget 2008. This funding will help to create the conditions for a successful and sustainable aquaculture industry across Canada. This investment will streamline the regulatory process, strengthen science to create performance-based environmental standards, spur innovation to enhance the sector’s competitiveness and productivity, and develop a certification scheme to meet rigorous quality standards in international markets.
*Audit Objective (Assurance Audit):* The objective of this audit is to provide assurance on the adequacy of the Management Control Framework for Aquaculture Management taking into consideration the contributions of Aquaculture Science within the overall program activity.
Audit Scope: In accordance with the approved RBAP, the IAD is conducting an Audit of Aquaculture Management which will also consider the integration of Science within the overall activity. The scope of the audit will include various sectors within the department including Program Policy, Oceans and Science, and Ecosystems and Fisheries Management. The preliminary scope of the audit will include National Headquarters and the regions. During the preliminary survey phase the scope and objective of the audit will be further defined by March 31st, 2011.
Estimated Remaining Project Costs:
Resource Days:	400 (60% remaining) = 240
Resource Dollars:	$96,192
Timing:	Q1-Q2
Contractor Costs:	$0
Travel Costs:	$15,000

Project Risk Ranking			OCG Commitment
Project Title:		OCG Audit - Horizontal Internal Audit of Performance Management
Major Auditable Unit:		Chief Financial Officer
Link to Corporate Risk:		Information for Decision Making ; Strategic Alignment
Link to Management Accountability Framework:		Effectiveness of Corporate Risk Management
Background and Engagement Specific Risks: Effective performance management enables Large Departments and Agencies to ensure accountability, good governance, value for money, and overall effectiveness of operations and service delivery. Program management underpins management decision making at all levels of government. Performance management should also support more effective planning when results are integrated into future business plans. Although results-based management has been around for some time, there is widespread concern that little real progress has been made toward reporting on outcomes of initiatives. A horizontal internal audit of performance management is expected to yield important insight and lessons learned in what is known to be an area of systemic weakness across government. The value of such an audit is further increased by the overarching accountability agenda: without good information on performance, the government’s ability to adequately address this agenda is limited. This audit will therefore contribute to the broad government-wide agenda by highlighting problems and related solutions in individual departments.
Audit Scope and Objectives: The audit will assess compliance with the Policy on Management, Resources, and Results Structures (2008). It will also assess whether the Treasury Board Secretariat is improving its ability to provide effective and efficient government-wide reporting and decision making; and whether departments and agencies have established Management, Resources, and Results Structures that include a common framework linking financial and non-financial information across government.
Estimated Project Costs:
Resource Days:	150
Resource Dollars:	$60,120
Timing:	Q4
Contractor Costs:	$0
Travel Costs:	$0

Project Risk Ranking			High
Project Title:		Fleet Operational Readiness Part 2: Fleet Operational Capability
Major Auditable Unit:		Canadian Coast Guard
Link to Corporate Risk:		Higher Input Costs, Hazard-type or Crisis-type Risks, Climate Change, Third Party Reliance, Human Capital
Link to Management Accountability Framework:		Citizen-focused Service, Excellence in People Management
Background and Engagement Specific Risks: There is high materiality in the area of Fleet Operational Capability. The preliminary survey for the 2010-11 audit of Fleet Asset Management identified areas such as costing methodology and fulfilling client needs as being areas of risk. The 2007 OAG follow-up audit found that some deficiencies still existed. There has been no additional follow-up work since 2007.
Audit Objective *(Assurance Audit): The objective of this audit is to provide assurance that the Fleet Operational Capability program is adequately managed to ensure that certificated professionals safely, effectively and efficiently operate vessels, air cushion vehicles, helicopters and small crafts that are ready to respond to the Government of Canada's on-water and marine related needs. Note: The audit of Fleet Operational Readiness has been phased into two projects. This will be the second phase.*
Audit Scope: The audit of the Fleet Operational Capability will focus on the fleet operations, fleet management and the provision of fleet personnel, to provide assurance that certificated professionals, safely, effectively and efficiently operate vessels, air cushion vehicles, helicopters, and small craft that are ready to respond to the Government of Canada's on-water and marine related needs. The audit will focus on the management of Fleet’s services during the period of fiscal years 2009-10 to 2010-11. In order to understand the evolution of some activities, review of information dating back earlier may be required to provide sufficient context to the area being examined. The audit will be carried out in National Headquarters and in selected regions to be determined.
Estimated Project Costs:
Resource Days:	400
Resource Dollars:	$160,319
Timing:	Q2-Q4
Contractor Costs:	$20,000
Travel Costs:	$13,000

Project Risk Ranking			High
Project Title:		Commercial Fisheries
Major Auditable Unit:		Ecosystems and Fisheries Management
Link to Corporate Risk:		Economic and Market Pressures, Overcapacity and Overfishing, Information for Decision Making
Link to Management Accountability Framework:		Citizen-focused Service
Background and Engagement Specific Risks: Commercial fishing is an important industry across Canada, with a landed value of close to $1.9 billion in 2008. The program integrates input from other related DFO program areas (Science, Policy, Conservation and Protection, Aboriginal Programs and Governance, International Affairs, Aquaculture), other levels of government (provincial/territorial and municipal), other government departments and stakeholders to develop and implement fishing plans (Integrated Fisheries Management Plans, Conservation and Harvesting Plans, etc.) for fisheries. Under the authority of the Fisheries Act and the Species at Risk Act, these plans integrate conservation, management and scientific objectives, and spell out the required measures to conserve and manage fisheries resources. Commercial Fisheries is listed as a DFO priority under “Fisheries Renewal”. Senior Management identified some issues with the program including 7 different licensing systems, a need for modernization, and regional inconsistencies.
*Audit Objective (Assurance Audit):* The objective of this audit is to provide assurance that controls for the commercial fisheries program related to licensing, quota monitoring, and the implementation of management measures are adequate to meet the objectives of DFO.
Audit Scope: The scope of the audit will encompass the controls in place for the licensing systems, quota monitoring, and management measures to control commercial fisheries. The preliminary scope of the audit will include HQ and regions as selected. During the preliminary survey phase, the scope and objective of the audit will be further defined.
Estimated Project Costs:
Resource Days:	400
Resource Dollars:	$160,319
Timing:	Q1-Q3
Contractor Costs:	$20,000
Travel Costs:	$13,000

Project Risk Ranking			Moderate
Project Title:		Integrated Oceans Management
Major Auditable Unit:		Oceans and Science
Link to Corporate Risk:		Information for Decision Making, Climate Change, Legal, Overcapacity and Overfishing
Link to Management Accountability Framework:		Citizen-focused Service
Background and Engagement Specific Risks: The Integrated Oceans Management program provides federal, and provincial government authorities, industry and Canadians with the tools (e.g., identification of Ecologically and Biologically Significant Areas, Marine Protected Areas) needed to collaboratively develop integrated management plans that incorporate social, economic, and environmental considerations in decision making. Other methods of intervention used by the program include: developing Canada’s ocean-related international legal commitments and the establishment of integrated management areas for all of Canada’s marine regions. Integrated Oceans management is a DFO priority under “Healthy Ecosystems”. Senior management identified this audit as timely. There is high visibility and lack of previous audit coverage. There is moderate materiality in the area of integrated oceans management.
*Audit Objective (Assurance Audit):* The objective of this audit is to assess the adequacy of the management control framework in place to deliver DFO's mandated responsibilities under the Oceans Act.
Audit Scope: The scope of the audit will encompass the integrated management plans that incorporate social, economic and environmental considerations in decision making. The preliminary scope of the audit will include HQ and regions as selected. During the preliminary survey phase, the scope and objective of the audit will be further defined.
Estimated Project Costs:
Resource Days:	300
Resource Dollars:	$120,240
Timing:	Q1-Q3
Contractor Costs:	$20,000
Travel Costs:	$12,000

Appendix 3: Audit Priorities by Program Activity, Materiality of Coverage and DFO Horizontal Audits

PROGRAM ACTIVITIES	Coverage	Risk³	Materiality (000's)⁴
1.1 INTEGRATED FISHERIES RESOURCE MANAGEMENT			139,742
1.1.1 Commercial Fisheries	Audit in 2011-12	High	114,144
1.1.2 Recreational Fisheries	Evaluation in 2011-12	Moderate	5,832
1.1.3 Atlantic Lobster Sustainability Measures Program	Audit in 2013-14	Moderate	17,558
1.1.4 Fisheries Science Collaborative Program	Audit in 2009-10	Low	2,209
1.2 FISHERIES STRATEGIES AND GOVERNANCE	New PAA element as of April 2011	High	45,981
1.3 ABORIGINAL STRATEGIES AND GOVERNANCE			111,357
1.3.1 Aboriginal Fisheries Strategy	Audit in 2007-08 Evaluation in 2013-14	Moderate	33,144
1.3.2 Aboriginal Aquatic Resource & Oceans Management	Audit in 2007-08 Evaluation in 2013-14	Low	14,619
1.3.3 Strategies and Governance	Audit in 2009-10 OCG audit in 2012-13 Evaluation in 2012-13	Low	14,781
1.3.4 Atlantic Integrated Commercial Fisheries Initiative	Evaluations in 2012-13	Low	14,163
1.3.5 Pacific Integrated Commercial Fisheries Initiative	Evaluations in 2012-13	Low	34,650
1.3.6 Aboriginal Funds for Species at Risk	New PAA element as of March 2011	Low	Same as 1.3.3
1.4 SUSTAINABLE AQUACULTURE PROGRAM			41,628
1.4.1 Aquaculture Regulatory Reform	Audit 2007-08 Evaluation 2012-13	Low	139
1.4.2 Aquaculture Innovation and Market Access Program		Low	3,137
1.4.3 Aquaculture Certification and Sustainability Reporting		Moderate	10,490
1.4.4 British Columbia Aquaculture Program	Audit in 2013-14	Moderate	9,902
1.4.5 Aquaculture Environmental and Biological Science Program	Audit in 2011-12	High	11,726
1.4.6 Aquaculture Collaborative Research & Development Program		High	346
1.4.7 Program for Aquaculture Regulatory Research		High	5,888
1.5 AQUATIC ANIMAL HEALTH	Evaluation in 2014-15	Moderate	5,878
1.6 BIOTHECHNOLOGY AND GEONOMICS	Evaluation in 2012-13	Low	2,985
1.7 INTERNATIONAL AFFAIRS	Audit in 2012-13	High	15,937
1.8 WATERWAYS MANAGEMENT	Evaluation 2010-11	Moderate	5,142
1.9 AIDS TO NAVIGATION	Audit in 2013-14	Moderate	22,110
1.10 ICEBREAKING SERVICES	Evaluation 2010-11	Moderate	17,024
1.11 SMALL CRAFT HARBOURS			111,681
1.11.1 Harbour Operations and Maintenance	EAP 2010-11	High	92,831
1.11.2 Divestiture of Non-Core Harbours	Audit in 2010-11	Low	19,150
1.12 TERRITORIAL DELINEATION	Evaluations in 2011-12	Moderate	6,404
2.1 COMPLIANCE AND ENFORCEMENT			109,419
2.1.1 Education and Shared Stewardship	Audit in 2009-10	Low	10,420
2.1.2 Monitoring, Control and Surveillance		Low	50,163
2.1.3 Major Cases and Special Investigations		Moderate	15,424
2.1.4 Compliance and Enforcement Program Capacity		Low	33,413
2.2 SALMONID ENHANCEMENT PROGRAM			29,993
2.2.1 Salmonid Enhancement Program Facilities	Audit in 2009-10 Audit in 2008-09 Evaluation in 2013-14	Low	18,427
2.2.2 Community Involvement program		Low	7,579
2.2.3 Resource Restoration Program		Low	3,024
2.2.4 Salmonid Enhancement Contribution Programs		Low	962
2.3 HABITAT MANAGEMENT	Audit in 2008-09 OAG audit in 2009-10 Evaluation in 2011-12	High	57,956
2.4 ABORIGINAL INLAND HABITAT PROGRAM	Audit in 2008-09 Evaluation in 2011-12	Low	8,750
2.5 SPECIES AT RISK MANAGEMENT	Audit in 2013-14	Moderate	26,899
2.6 ENVIRONMENTAL RESPONSE SERVICES	OAG audit in 2010-11 Audit in 2009-10	High	10,413
2.7 INTEGRATED OCEANS MANAGEMENT			38,793
2.7.1 Marine Conservation Tools	Audit in 2011-12	Moderate	15,494
2.7.2 Ecosystem Assessments	Audit in 2011-12	Moderate	23,250
2.8 AQUATIC INVASIVE SPECIES	Audit in 2013-14	Moderate	11,008
3.1 SEARCH & RESCUE SERVICES			34,521
3.1.1 Search & Rescue Coordination and Response	Evaluation in 2011-12	Moderate	29,819
3.1.2 Canadian Coast Guard Auxiliary	Evaluation in 2011-12	Low	4,702
3.2 MARINE COMMUNICATIONS & TRAFFIC SERVICES	Audit in 2010-11	Moderate	44,763
3.3 MARITIMES SECURITY	Audit in 2012-13	Moderate	10,039
3.4 FLEET OPERATIONAL READINESS			419,488
3.4.1 Fleet Operational Capability	Audit in 2011-12 (Phase 2)	High	243,409
3.4.2 Fleet Maintenance	Audit in 2011-12 (Phase 1)	Moderate	47,110
3.4.3 Fleet Procurement	Audit in 2011-12 (Phase 1)	High	128,970
3.5 SHORE-BASED ASSET READINESS	Audit in 2012-13	High	123,388
3.6 CANADIAN COST GUARD COLLEGE	Evaluation in 2011-12	Moderate	10,971
3.7 HYDROGRAPHIC PRODUCTS AND SERVICES	Evaluation in 2012-13	Moderate	28,518
3.8 OCEAN FORECASTING	Evaluation in 2012-13	Moderate	9,680
INTERNAL SERVICES			309,120
Governance & Management support		High	79,178
Management & Oversight Services	OCG Audit in 2011-12 on Performance Management ; OAG Audit of Evaluation and Internal Audit in 2011	Moderate	62,573
Communications		Moderate	10,875
Legal	Audit in 2012-13	High	5,729
Resource Management Services			109,813
Human Resources Management	2 audits in 2009-10 PSC audit in 2010-11	High	25,896
Information Management	Audit in 2009-10	High	18,119
Information Technology	Audit in 2010-11	High	37,690
Financial Management	Audit in 2011-12	High	28,225
Travel & other administrative services	Audit in 2013-14	Moderate	32M as of 11/2010, there is a $60M cap
Asset Management Services			120,130
Real Property	Audit in 2011-12	High	112,785
Material	Evaluation in 2011-12	Moderate	3,635
Acquisition	Audit in 2013-14	High	3,710

Coverage by Materiality

	DFO $ Spending (000's)	$ covered (000's)	% covered
Total:	1,809,591	1,009,628	56%
		Note: Does not include OCG horizontal audits and DFO multi-sector audits

OCG Horizontal Audits and DFO Multi-Sector Audits

OCG Horizontal Audits
Performance Management	2011-12
Grants and Contributions Management Control Framework - Phase 2	2012-13
DFO Multi-Sector Audits
DFO Governance Structure	2012-13
DFO’s Northern Strategy	2012-13
Policy on Internal Control	2012-13

Appendix 4: Summary of DFO’s Corporate Risk Profile

Internal Risks
Risk Name	Risk Event
1. Human Capital	There is a risk that DFO will be unable to sustain a sufficient and representative workforce with the appropriate competencies to adequately support, deliver and manage programs and services.
2. Information for Decision Making	There is a risk that sufficient and appropriate information will not be available on a timely basis to support decision making.
3. Physical Infrastructure	There is a risk that DFO will be unable to invest in or maintain the infrastructure necessary to achieve its objectives. This includes particularly port infrastructure, real property, IT infrastructure, fleet, aids to navigation and shore-based assets.
4. Strategic Alignment	There is a risk that DFO’s resources, activities, plans and strategies will not be sufficiently harmonized with the priorities and expectations of the Government of Canada and other external stakeholders.
5. Financial Capacity	There is a risk that sufficient resources will not be available to support program delivery and maintain service levels for both internal and external client groups.
6. Communications Capacity	There is a risk that stakeholder awareness, understanding and acceptance of DFO mandate, programs, regulations, decisions, roles and responsibilities, and value added will be affected by gaps in communications and consultations.
External Risks
7. Legal Risks	There is a risk that DFO will make decisions or take actions which will be successfully challenged before the courts, and result in either significant financial liability, or negative effects on DFO’s legislative or regulatory authorities. In addition, there is a risk that groups seeking to have DFO’s regulatory mandate complied with, enforced or extended will bring litigation against DFO.
8. Third Party Reliance	There is a risk that third parties, on which DFO relies to deliver many of its programs and services, will not be able to produce the necessary results.
9. Climate Change	There is a risk that DFO will be unable to adapt quickly to the effects of climate change.
10. Economic and Market Pressures	There is a risk that DFO will be unable to facilitate access to international markets for Canadian commercial fisheries and that Canadian commercial fishers will be unable to remain globally competitive.
11. Overcapacity and Overfishing	There is a risk that DFO will be unable to manage and protect fisheries resources and foster viability because of commercial fishing fleet overcapacity. Overcapacity can lead to overfishing which presents a risk to DFO’s ability to foster globally competitive fisheries and the preservation and sustainable use of fisheries resources.
12. High Input Costs	There is a risk that higher input costs (e.g. fuel, value of the dollar, labour etc.) are creating challenges for the industry in maintaining economically prosperous fishing and processing enterprises.
13. Hazard-type or Crisis-type Risks	There is a risk that DFO will be ill-prepared to respond effectively to major hazards and crises (e.g., The oil spill response regime is 20 years old.) (This includes matters such as contingency planning.)

Appendix 5: Summary of Planned Projects by Other Assurance Providers

Project Title	Major Auditable Unit	Timing
*Office of Auditor General (OAG) / Commissioner of the Environment and Sustainable Development (CESD)*
Cumulative Environmental Effects Assessment	Ecosystems & Fisheries Management	2011
Environmental Science	Oceans and Science	2011
Environmental Enforcement	To be determined	2011
Land-based Emergencies	To be determined	2011
Public Accounts	Chief Financial Officer	2011
Internal Audit	Chief Audit Executive	2011
Petitions	Department of Fisheries and Oceans	2011, 2012, 2013
Follow-up on Past Recommendations	Department of Fisheries and Oceans	2011, 2012, 2013
Biodiversity and Endangered Species	To be determined	2012
SDS Monitoring	To be determined	2012
Acquisition of ships	Canadian Coast Guard	2012
The Arctic	To be determined	2013
*Office of the Comptroller General (OCG)*
Audit of Performance Management	Internal Services – Chief Financial Officer	2011-12
Audit of Grants and Contributions Management Control Framework	Ecosystems and Fisheries Management/Chief Financial Officer	2012-13

Appendix 6: Coverage of Departmental Priorities

DFO Priority as per September 2010 DMC meeting⁵	Audit coverage
Fisheries Renewal	Commercial Fisheries 2011-12
Healthy Ecosystems	Integrated Oceans Management 2011-12
Aboriginal	Audit of At-Sea Mentoring Initiative (ASMI) and the First Nations Fisheries Operations Management Initiative (FOMI) 2009-10
International	International Affairs 2012-13
Coast Guard Priorities	Fleet Asset Management 2011-12; Maritime Security 2012-13
North	Aids to Navigation 2013-14; Northern Strategy 2012-13
Climate Change Adaptation	OAG Audit 2010-11
Cohen Inquiry	See RBAP section 7.2
Fisheries Act Renewal	Not Applicable
Consultation and Engagement	Not Applicable
Policy on Private-Public Goods	Not Applicable
Integration of Science to Underpin Economic Prosperity	Not Applicable
Management Priorities:
Strategic Alignment	DFO Governance Structure 2012-13
People Management	Significant assurance provided recently: PSC Audit of Staffing 2010-11 ; Classification 2009-10; Succession Planning 2009-10
Asset Management	Audit of Small Craft Harbours Divestiture Class Grant Program 2010-11
Managing for Results	Accounts Verification 2011-12; Policy on Internal Controls 2012-13

Appendix 7: Coverage of Corporate Risks

	DFO Corporate Risks	2011-12 to 2013-14 RBAP Audit Coverage
Internal Risks	Human Capital	Fleet Operational Capability
	Information for Decision-making	Accounts Verification, OCG Audit of Performance Management, Commercial Fisheries, Integrated Oceans Management, DFO Governance Structure, Policy on Internal Controls, Maritime Security, Species at Risk Management, Atlantic Lobster Sustainability Measures, Aquatic Invasive Species
	Physical Infrastructure	Fleet Asset Management, Real Property, Shore-based Asset Readiness, Aids to Navigation
	Strategic Alignment	Fleet Asset Management, Accounts Verification, OCG Audit of Performance Management, OCG Audit of the Grants and Contributions Management Control Framework Phase 2, DFO Governance Structure, Policy on Internal Controls, BC Aquaculture Program, Travel and Hospitality
	Financial Capacity	BC Aquaculture Program
	Communications Capacity
	Legal	Real Property, Aquaculture Management, Integrated Oceans Management, Legal Risk Management Control Framework, Contract Management, BC Aquaculture Program, Aids to Navigation, Species at Risk Management
External Risks	Third Party Reliance	Aquaculture Management, Fleet Operational Capability, International Affairs, Maritime Security, Species at Risk Management, Aquatic Invasive Species
	Climate Change	Fleet Asset Management, Fleet Operational Capability, Integrated Oceans Management, Northern Strategy, Aquatic Invasive Species
	Economic and Market Pressures	Commercial Fisheries, International Affairs, Atlantic Lobster Sustainability Measures
	Overcapacity and Overfishing	Commercial Fisheries, Integrated Oceans Management
	Higher Input Costs	Fleet Asset Management, Fleet Operational Capability
	Hazard-type or Crisis-type Risks	Fleet Asset Management, Fleet Operational Capability, Northern Strategy

Appendix 8: Coverage by Sector and Risk

Appendix 9: Estimated Resource Allocation and Timelines⁶

¹At DFO, the Deputy Minister chairs the DAC.

² At DFO, the Deputy Head chairs the DAC.

³The risk assessment was done by Internal Audit and took into account management interviews, materiality, and risk factors such as complexity, degree of change, previous assurance work, legislative or other compliance requirements, and degree of dependencies.

⁴ Materiality was taken from DFO Main Estimates for 2011-12 as of November 2010.

⁵ These priorities were used as input to DFO’s 2011-12 Report on Plans and Priorities

⁶ This table has been developed in compliance with the OCG practice guidebook entitled Internal Audit Planning for Departments and Agencies. The data concerning the scheduling of the various audit engagements within the fiscal years reflects the intention at the time this plan is drafted. Audit engagements planned for a particular year will be conducted within the year but actual scheduling must remain flexible. This is particularly so in the out-years of the plan.