Internal Audit Report

Governance Structure over Monitoring and Reporting
for Strategic and Operating Review Implementation

Project 2012-6B250

TABLE OF CONTENTS

1.0 EXECUTIVE SUMMARY
2.0 BACKGROUND
3.0 AUDIT OBJECTIVE
4.0 AUDIT SCOPE
5.0 AUDIT APPROACH
6.0 AUDIT FINDINGS
7.0 AUDIT OPINION
8.0 STATEMENT OF CONFORMANCE
APPENDIX A — AUDIT CRITERIA

1.0  EXECUTIVE SUMMARY

Fisheries and Oceans Canada, including the Canadian Coast Guard, participated in the government wide Strategic and Operating Review that identified cost saving measures to modernize government, make it easier for Canadians and stakeholders to deal with the Government, and refocus the cost of operations and program delivery. A total of 5.2 billion of ongoing savings is to be achieved federally with Fisheries and Oceans Canada contributing a total of 79.3 million in ongoing savings by fiscal year 2014-15.

The Department will achieve those savings through efficiency measures and program reductions. With these changes, the Department continues to focus on three strategic outcomes:

  • Economically Prosperous Maritime Sectors and Fisheries;
  • Sustainable Aquatic Ecosystems; and
  • Safe and Secure Waters.

Fisheries and Oceans Canada’s Strategic and Operating Review process involved the development of a series of proposals that were approved as part of Budget 2012. The savings proposals have been organized into Tracks and most Strategic and Operating Review measures will be fully implemented by April 1, 2015.

The Audit assessed the governance and accountability, monitoring and reporting, risk management and project management practices to ensure management processes and controls are in place and effective to successfully implement the Tracks and achieve Strategic and Operating Review objectives.

Based on the audit findings, our opinion is that, overall, management processes and controls are in place and effective to successfully implement the Tracks and achieve Strategic and Operating Review objectives. The audit identified improvements that should be made as the department continues its implementation of Strategic and Operating Review measures. The recommended improvements are as follows:

  • Review and revise the Accountability Framework for Strategic and Operating Review to include responsibility for monitoring and reporting. 
  • Implement a challenge and review function of information being prepared for submission to oversight bodies.
  • Revise the Progress Report provided to oversight bodies to ensure it provides an overall status on the department’s progress in implementing Strategic and Operating Review and information on the risks related to implementation.
  • Work with the Chief Risk Officer to ensure Strategic and Operating Review Risks are considered when the Corporate Risk Profile is updated.

Management is in agreement with the audit findings, has accepted the recommendations included in this report, and has developed a management action plan to address them. The management action plan has been integrated in this report.

2.0  BACKGROUND

Fisheries and Oceans Canada, including the Canadian Coast Guard participated in the 2010-11 Strategic Review, during which the department completed a comprehensive assessment of 100 percent of its direct program spending and operating costs. As per Budget 2011, Fisheries and Oceans Canada is to achieve a total of 56.8 million dollars in ongoing savings by 2013-14.

While the changes contribute to reducing the federal deficit they are also directed to strengthen the design and delivery of Fisheries and Oceans Canada’s core programs and services. Three new strategic outcomes were identified:

  • Economically Prosperous Maritime Sectors and Fisheries;
  • Sustainable Aquatic Ecosystems; and
  • Safe and Secure Waters.

Emphasizing the department’s new focus on economic prosperity, Strategic Review had three major themes:

  • Modernizing Fisheries Management;
  • Modernizing Marine Infrastructure; and
  • Making Fisheries and Oceans Canada’s operations more efficient.

Following Strategic Review, Fisheries and Oceans Canada participated in Strategic and Operating Review. The Strategic and Operating Review (announced in Budget 2011) builds on the accomplishments of Strategic Review. It positions Fisheries and Oceans Canada to make further efficiency, structural and policy-based changes, allowing the department to re-orient its policies and to be more innovative in the delivery of its programs. As a result of the Strategic and Operating Review, Fisheries and Oceans Canada is to achieve a total of 79.3 million dollars in ongoing savings by 2014-15.

3.0  AUDIT OBJECTIVE

The audit objective is to provide assurance that the monitoring and reporting for Strategic and Operating Review implementation is being conducted to ensure management processes and controls are in place and effective to successfully implement the initiatives and achieve Strategic and Operating Review objectives.

4.0  AUDIT SCOPE

Based on the results of the risk assessment carried out during the engagement planning phase, the audit team identified that further examination was required for the following areas:

  • Governance and Accountability;
  • Monitoring and Reporting;
  • Risk Management; and
  • Project Management.

The audit focused on processes and controls designed by management to effectively manage, monitor and report on the Strategic and Operating Review measures.

5.0  AUDIT APPROACH

The audit team carried out its mandate in accordance with Treasury Board’s Policy on Internal Audit and the Internal Audit Standards for the Government of Canada. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that audit objectives are achieved. The audit included various procedures, as considered necessary, to provide such assurance. They were designed to draw conclusions on the existence and effectiveness of key controls in the scope areas examined. They were not designed to draw conclusions beyond the scope areas. These procedures employed various techniques including, interviews as well as reviews and analysis of documentation and information.

6.0  AUDIT FINDINGS

Management processes and controls, including governance and accountability, monitoring and reporting, risk management and project management practices must be in place and effective to successfully implement the Tracks and achieve Strategic and Operating Review objectives.

The audit was conducted based on the lines of enquiry and audit criteria identified in the planning phase; conclusions by audit criteria are in Appendix A. This section provides the observations and recommendations resulting from the audit work carried out. Audit findings are structured along the following main themes:

  • Governance and Accountability;
  • Monitoring and Reporting;
  • Risk Management; and
  • Project Management.

Based the audit work performed and our professional judgment, the risk associated with each observation was rated using a three-point scale. The risk ranking (high, moderate, low) is based on the level of potential risk exposure we feel may have an impact on the achievement of Fisheries and Oceans Canada objectives, and is indicative of the priority Management should give to the recommendations associated with that observation. The following criteria were used in determining the risk exposure level:

High Controls are not in place or are inadequate.
Compliance with legislation and regulations is inadequate.
Important issues are identified that could negatively impact the achievement of program/operational objectives.
Moderate Controls are in place but are not being sufficiently complied with.
Compliance with central agency/departmental policies and established procedures is inadequate.
Issues are identified that could negatively impact the efficiency and effectiveness of operations.
Low Controls are in place but the level of compliance varies.
Compliance with central agency/departmental policies and established procedures varies.
Issues identified are less significant but opportunities that could enhance operations exist.

6.1  GOVERNANCE AND ACCOUNTABILITY

A Governance Structure should provide assurance that the essential management processes and controls are in place and effective to successfully implement initiatives and achieve objectives. According to the Treasury Board of Canada Secretariat Audit Criteria related to the Management Accountability Framework: A Tool for Internal Auditors, March 2011, "A department's governance-related objectives are enabled by the collective suite of management processes and controls that are in place to set strategic direction, operational plans, objectives and priorities and to provide clear direction on how resources should be allocated to achieve these plans. The presence of oversight bodies is important to ensure that management's direction, plan and actions are appropriate and responsible. Oversight bodies should be provided with timely and accurate financial, operating, and risk management information in order to fulfill their oversight function."

Observations
Low 6.1.1 Governance and Accountability

The Department has established a governance structure that consists of oversight committees and key stakeholders to ensure the successful implementation of the Strategic and Operating Review. The oversight committees have documented mandates that include roles, authorities and accountabilities. However, the mandate does not clearly define roles and responsibilities with respect to the oversight of risk management. In addition, reporting requirements have not been defined and communicated to ensure oversight committees receive complete, timely and accurate information for decision-making.

The Strategic and Operating Review Governance Structure is described in the “DFO 2015 Initiative Accountability Framework”. The Framework was approved at Fisheries and Oceans Canada’s Departmental Management Board. The Framework outlines the scope of DFO 2015 Initiative; the Governance, Roles and Responsibilities; as well as Implementation Track Accountabilities. In addition to the existing departmental management structure, a Transformation Sector lead by an Assistant Deputy Minister was established along with two committees, the Strategic and Operating Review Governance Committee and the Strategic and Operating Review Track Leads Coordinating Committee. The “DFO 2015 Initiative Accountability Framework” outlined the Roles and Responsibilities for the following:

  • Deputy Minister/Associate Deputy Minister/Commissioner;
  • Departmental Management Board;
  • Strategic and Operating Review Governance Committee;
  • Strategic and Operating Review Track Leads Coordinating Committee; and Sectors, Regions, CCG, and all Internal Services providers.

Roles and responsibilities with respect to governance have been clearly defined, communicated and are understood by senior management, members of oversight committees, and Project Implementation Teams. However, roles and responsibilities with respect to risk management, monitoring and reporting are not clearly defined in the “DFO 2015 Initiative Accountability Framework” or in the Terms of Reference or mandates for the oversight committees or senior management.

Sector Assistant Deputy Ministers and the Commissioner of the Canadian Coast Guard are accountable for Track implementation; as such they are responsible for managing risks for their respective Tracks. Therefore, existing management structures, practices and accountabilities are being utilized to manage risks related to Strategic and Operating Review.

As a lesson to be learned, any future projects similar to Strategic and Operating Review should ensure that responsibility for risk management is included in the mandate for oversight bodies. In addition, an overall departmental implementation risk assessment that includes enabler risks should be undertaken. This would ensure risks and opportunities common to multiple initiatives or that are horizontal in nature are identified and assessed, and a departmental mitigation strategy can be developed and monitored.

Due to roles and responsibilities with respect to monitoring and reporting not being clearly defined in the mandate and Terms of Reference, oversight committees and senior management may not be receiving reports that are complete, sufficient and accurate to enable them to undertake their monitoring responsibilities.

Recommendation Management Action Plan
R-1. The Assistant Deputy Minister, Transformation, should review and revise the Accountability Framework for Strategic and Operating Review to include responsibility for monitoring and reporting. The Assistant Deputy Minister, Transformation, will revise the Accountability Framework to clarify roles and responsibilities with respect to monitoring and reporting.
Office of Primary Interest: Assistant Deputy Minister, Transformation
Due Date: December 1, 2012

6.2 MONITORING AND REPORTING

Monitoring and reporting are core fundamental controls for management. It is important that programs and activities are monitored on a regular basis and that accurate and timely reports provide governing bodies with information on program performance for decision making including relevant information on risks and risk management strategies.

In order to develop adequate reporting practices, information requirements of key stakeholders need to be formally identified and communicated. Furthermore, information systems need to be in place to run regular status reports, address ad hoc reporting requirements and identify and share lessons learned and best practices.

Observations
Medium 6.2.1 Monitoring and Reporting

Overall, monitoring and reporting is being conducted and information collected and made available to oversight bodies. However, monitoring and reporting practices were not always sufficient to provide comprehensive, accurate and timely information. The Strategic and Operating Review Governance Committee has not clearly defined and communicated its reporting requirements, including reporting requirements for risk management. In addition, information included in the first Progress Report (dated September 14) provided to the Departmental Management Board did not provide an overall status of the Strategic and Operating Review implementation and did not contain any information on risk management. 

As per the “DFO 2015 Initiative Accountability Framework,” Track Leads are responsible for providing timely and accurate reports on the progress of the implementation of Tracks. The Track Lead Coordinating Committee is the coordinating point for monitoring and reporting on progress. The Transformation Sector is responsible for coordinating and compiling input for purposes of reporting progress. The Chief Financial officer is responsible for monitoring and oversight of cash-flow objectives.

The Assistant Deputy Minister, Human Resources and Corporate Services is responsible for monitoring and reporting on the progress of Workforce Adjustment measures through weekly and quarterly reports to the Comptroller General as well as monthly reports to the Transformation Sector. The Assistant Deputy Minister, Human Resources and Corporate Services is also reporting on Real Property implications for Strategic and Operating Review implementation to the Transformation Sector.

The Transformation Sector required each Track to use Microsoft Project for tracking and monitoring purposes; however, limited guidance was provided to Tracks on the level of detail to be included and on the timing and frequency for updating the Microsoft Projects. In addition, some Track Leads had limited experience in using the software. As such, the level of detail in the Microsoft Projects varied greatly between tracks. To address these variances and ensure greater consistency and more meaningful reporting, the Transformation Sector had commenced discussions with each of the Tracks to challenge milestones; Tracks will then revise milestones in the Microsoft Projects.

Within Tracks, progress updates are shared and significant concerns/issues are discussed through regular reporting channels including committee meetings, e-mails, and telephone/teleconference and regular briefings to Sector Management.

Prior to September 2012, formalized reporting on track milestones was not prepared. Strategic and Operating Review progress updates were done verbally at the Departmental Management Board by the Assistant Deputy Minister, Transformation. However, some Strategic and Operating Review Governance Committee members indicated that information received at the committee’s meetings did not allow them to have an overview of the overall Strategic and Operating Review initiatives.

The first Progress Report, dated September 2012, was developed and presented to the Departmental Audit Committee and the Departmental Management Board by the Transformation Sector. The expected frequency of this report was established by way of an email from the Transformation Sector to Track Leads on September 27, 2012. The Progress Report will now be tabled at the Departmental Management Board on a bi-weekly basis. However, a formal procedure for the Transformation Sector to challenge and review the information has not been implemented. The audit team undertook an analysis of the Progress Report and identified some discrepancies and inconsistencies in the information provided. For example, the report did not cover cash flow (i.e. target vs. actual) or risk management activities and did not address conflicts in timelines between implementation plans and enabler functions such as real property. In addition, the Progress Report did not present an overall summary of the Department’s progress in implementing Strategic and Operating Review initiatives or identify specific risks to the realization of individual Tracks or overall Strategic and Operating Review implementation; progress is reported on a Track by Track basis only.

Track progress status were reported as Red, Yellow or Green, however, the report did not contain a narrative section to explain the criteria for assigning the Status. For example, some Tracks were assessed as Green (i.e. on Track) even if they missed the date to complete one or more tasks. Further, the report shows the milestones planned date of completion and percentage complete; however, there is not an estimate of number of days required to complete the milestone, and therefore, it is difficult to determine if milestones can be completed in the time remaining.

The Strategic and Operating Review Governance Committee has not clearly defined and communicated its reporting requirements, including reporting requirements for risk management. Without formally established reporting requirements, information needed for decision making may not be available and decisions could be based on inconsistent or incomplete information. As well, governing bodies may not be able to identify any impediments to Strategic and Operating Review implementation. In addition, a formal procedure to challenge and review information would help to ensure governing bodies receive accurate and complete information for decision making.

Recommendation Management Action Plan
R-2.  The Assistant Deputy Minister, Transformation, should implement a challenge and review function of information being prepared for submission to oversight bodies. The Assistant Deputy Minister, Transformation, will use the Transformation Office as the challenge and review function for information being prepared for oversight bodies. The challenge function will be primarily performed through review of Track Lead input into the Strategic and Operating Review Progress Report.
Office of Primary Interest: Assistant Deputy Minister, Transformation
Due Date: Commenced and On-going
Recommendation Management Action Plan

R-3. The Assistant Deputy Minister, Transformation, should as a result of a review and challenge of information provided by Tracks, revise the Progress Report provided to oversight bodies to ensure it contains an Executive Summary that includes the following:

  • An overall assessment of the department’s progress in implementing Strategic and Operating Review;
  • A rationale for assigning Track Progress Status as red, yellow, or green; and
  • An identification of any risks, either at a Track level, or departmentally that may impede implementation.
The Assistant Deputy Minister, Transformation will revise the Progress Report to address the recommended points, adding an Executive Summary to the Report.
Office of Primary Interest: Assistant Deputy Minister, Transformation
Due Date: December 15, 2012

6.3  Risk Management

Risk management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives (International Professional Practices Framework, The Institute of Internal Auditors). As per Treasury Board of Canada Secretariat Audit Criteria related to the Management Accountability Framework – A Tool for Internal Auditors (March 2011), risks should be managed proactively and formal risk management practices must be included in a control framework in order to assist decision-making and monitor the changes to the conditions that may result in risk or opportunity. A good risk monitoring and control process will provide information that assists with making effective decisions in advance of the risks occurring (Project Management Body of Knowledge Guide 2000 edition).

Observations
Medium 6.3.1 Risk Management

An overall Strategic and Operating Review implementation risk assessment was not undertaken to ensure risks (or opportunities) to the Strategic and Operating Review implementation are identified, assessed, monitored and mitigation strategies developed if required. Sector Assistant Deputy Ministers and the Commissioner of the Canadian Coast Guard are accountable for Track implementation; as such, they are responsible for managing risks for their respective Tracks. Therefore, existing management structures, practices and accountabilities are being utilized to manage risks related to Strategic and Operating Review.

Roles and responsibilities with respect to risk management for Strategic and Operating Review implementation are not defined for the Strategic and Operating Review Governance Committee in the “DFO 2015 Initiative Accountability Framework” or in the Terms of Reference of the Track Leads Coordinating Committee. As per the “DFO 2015 Initiative Accountability Framework”, Track Leads are responsible for “identifying” and “mitigating” risks and the Chief Financial Officer, the Assistant Deputy Minister, Human Resources and Corporate Services and the Director General, Communications are responsible for “providing recommendations on managing risks” in their areas.

The Corporate Risk Profile was revised with Strategic and Operating Review and Strategic Review in mind in March 2012 to reflect the possible impact of the anticipated changes associated with the transformation agenda. However, the Corporate Risk Profile is not a working tool to manage the risks for Strategic and Operating Review implementation since it does not capture risks related to the implementation of the Strategic and Operating Review and the mitigation measures are not specific to Strategic and Operating Review implementation. In addition, as there is no consolidated overall risk assessment for Strategic and Operating Review implementation at the departmental level enabler function risks, for example Human Resources, Real Property, etc. have not been identified.

Oversight Bodies have not defined the reporting requirements for risk management and they do not receive any formal reports on the status of risks and mitigation strategies either at a Track level or at an overall level. However, informally and as needed, oversight bodies are made aware of risks and have been able to address issues as they arise. For example, one Track is experiencing significant delays so an ad hoc committee was created as a sub-set of the Departmental Management Board, chaired by the Deputy Minister and includes 6 Regional Directors General to address this Track.

Sector Assistant Deputy Ministers and the Commissioner of the Canadian Coast Guard are accountable for Track implementation; as such they are responsible for managing risks for their respective Tracks. Therefore, existing management structures, practices and accountabilities are being utilized to manage risks related to Strategic and Operating Review. In addition, the upcoming update of the Departmental Corporate Risk Profile should identify any risks or opportunities to the department as a result of the implementation of Strategic and Operating Review.

As a lesson to be learned, any future projects similar to Strategic and Operating Review should ensure that an overall departmental implementation risk assessment is undertaken. This will ensure that enabler function risks and risks that are horizontal in nature are identified, mitigated and monitored on a horizontal basis as opposed to a project based approach.

Recommendation Management Action Plan
R-4.  The Assistant Deputy Minister, Transformation, working with the Chief Risk Officer, should ensure Strategic and Operating Review Risks are considered when the Corporate Risk Profile is updated.  The Assistant Deputy Minister, Transformation, will collaborate with the Chief Risk Officer for inclusion of Strategic and Operating Review Risks, as appropriate when the Corporate Risk Profile is updated.
Office of Primary Interest: Assistant Deputy Minister, Transformation
Due Date: December 2012

6.4 PROJECT MANAGEMENT

According to the Project Management Body of Knowledge Guide 2000, “Project management is the application of knowledge, skills, tools, and techniques to project activities to meet project requirements. Project management is accomplished through the use of processes such as: initiating, planning, executing, controlling, and closing. The project team manages the work of the projects.”

Observations
Low 6.4.1 Project Management

Existing project management practices including systems, processes and controls are being utilized to manage the implementation of Tracks. Project management practices took into account the size, scope and complexity of the Track.

Overall, the Department has made use of existing management structures to deliver the Strategic and Operating Review initiatives. Interviews indicated that Strategic and Operating Review had to be undertaken in a short period of time with a limited number of individuals due to confidentiality requirements. Thus, the department has not undertaken a formal Project Complexity and Risk Assessment as required by the Treasury Board Policy on the Management of Projects to determine the expected management processes and controls necessary to foster the achievement of project outcomes and limit the risk.

Even though a formal documented Project Complexity and Risk Assessment was not undertaken, project management processes put in place took into account the scope and complexity of the Tracks. In terms of project management structure, Assistant Deputy Ministers and the Commissioner of the Canadian Coast Guard are accountable for the implementation of the Tracks within their respective Sectors. Responsibilities for implementing the Tracks were assigned to Directors General or Directors. Interviews indicated that the teams put in place had adequate project management experience as these individuals have worked on projects of this size and complexity before.

Once proposals were approved as part of Budget 2012, the Transformation Sector required each Track to develop implementation plans. The implementation plan template developed by the Transformation Sector and provided to the Tracks did not contain any guidance on completing the template, resulting in a lack of consistency in the level of detail provided by each Track. As well the Transformation sector required the use of Microsoft Project to monitor and report on implementation progress; however there were inconsistencies on the level of detail provided by each Track as some Track Leads did not have adequate knowledge of Microsoft Project. The Transformation Sector has commenced discussions with each of the Tracks to revise/challenge milestones to ensure greater consistency and enable more meaningful reporting.

Interviews and documentation review indicated that project management practices are appropriate according to the size and complexity of the Tracks. Track implementation plans, and in some cases project charters, were developed for individual Tracks. In general, the implementation plans and/or the Microsoft Project files contain a description of the project, responsibilities of the project team, schedule, milestones and deliverables. In addition, some sectors with multiple Tracks to implement supplemented Track resources with an employee that has knowledge of project management and the sector activities to coordinate and facilitate implementation within the sector.

Project management processes could be further improved to include a process to identify and document lessons learned and best practices for use in future projects.

Recommendation Management Action Plan
No recommendation required. n/a
Office of Primary Interest: n/a
Due Date: n/a

7.0  AUDIT OPINION

Based on the audit findings, our opinion is that, overall, management processes and controls are in place and effective to successfully implement the Tracks and achieve Strategic and Operating Review objectives. The audit identified improvements that should be made as the department continues its implementation of Strategic and Operating Review measures. The recommended improvements are as follows:

  • Review and revise the Accountability Framework for Strategic and Operating Review to include responsibility for monitoring and reporting. 
  • Implement a challenge and review function of information being prepared for submission to oversight bodies.
  • Revise the Progress Report provided to oversight bodies to ensure it provides an overall status on the department’s progress in implementing Strategic and Operating Review and information on the risks related to implementation.
  • Work with the Chief Risk Officer to ensure Strategic and Operating Review Risks are considered when the Corporate Risk Profile is updated.

Lessons may be drawn from the implementation of Strategic and Operating review that should be applied if the department is required to implement similar initiatives in the future. Accountability Frameworks should be developed that clearly detail monitoring and reporting requirements, including reporting requirements for risk. This will ensure that oversight bodies receive sufficient, complete, accurate and timely information for decision making.

In addition, risk management should be undertaken at a departmental level and at the individual project level. For a large initiative that is made up of many individual projects, there may be cumulative effects to the department of individual project risks. As well, undertaking a risk assessment at the departmental level will ensure enabler risks are identified. A departmental risk assessment would also enable consolidated monitoring and reporting as opposed to a project based risk management and reporting approach.

8.0  STATEMENT OF CONFORMANCE

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The extent of the examination was planned to provide a reasonable level of assurance with respect to the audit criteria. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed on with Management. The opinion is applicable only to the entity examined and within the scope described herein. The evidence was gathered in compliance with the Treasury Board Policy and Directive on Internal Audit. The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Quality Assurance and Improvement Program (QAIP). The procedures used meet the professional standards of the Institute of Internal Auditors. The evidence gathered was sufficient to provide Senior Management with proof of the opinion derived from the internal audit.

APPENDIX A – AUDIT CRITERIA

Based on a combination of the evidence gathered through documentation examination, analysis and interviews, each of the audit criteria listed below was assessed and a conclusion for the audit criteria was determined using the following definitions:

appendix a - audit criteria
  Conclusion on Audit Criteria Definition of Opinion
1 Criteria Met – Well Controlled Well managed or no material weaknesses noted, controls are effective.
2 Criteria Met with Exceptions – Controlled Requires minor improvements.
3 Criteria Met with Exceptions – Moderate Issues Requires improvements in the areas of material financial adjustments, some risk exposure.
4 Criteria Not Met – High Impact – Significant Improvements Requires significant improvements in the area of material financial adjustments, serious risk exposure.

The following are the audit criteria and examples of key evidence and/or observations noted which were analyzed and against which conclusions were drawn. In cases where significant improvements and/or moderate issues were observed, these were reported in the audit report.

audit criteria examples of key evidence
Audit Criteria Conclusion on Audit Criteria Examples of Key Evidence/ Observations
Line of Enquiry 1 – Governance and Accountability
To provide assurance that the essential conditions – appropriate oversight and clear responsibilities, authorities and accountabilities- are in place to support the implementation of the SOR and the delivery of results.
Criterion 1.1: An effective governance structure has been formally established to ensure effective oversight of the Strategic and Operating Review implementation. 1 6.1
Criterion 1.2: Responsibilities, accountabilities and authorities are clearly defined, understood and communicated throughout the Department. 2 6.1
Line of Enquiry 2 – Monitoring and Reporting
To provide assurance that results and reporting requirements have been defined, information is being collected and analyzed and made available to support decision-making.
Criterion 2.1: Reporting requirements are adequately defined to enable comprehensive reporting on the status of the implementation of Tracks. 3 6.2

Criterion 2.2: Monitoring and reporting is conducted consistently, and on an on-going basis to ensure successful implementation of the Tracks.

3 6.2
Line of Enquiry 3 – Risk Management
To provide assurance that strategies are in place to identify risks, develop mitigation strategies and monitor implementation plans.
Criterion 3.1: A formal risk management strategy has been developed to ensure risks (or opportunities) to the Strategic and Operating Review implementation are identified, assessed and mitigation strategies developed if required. 3 6.3
Criterion 3.2: Risks are reviewed from time to time and mitigation strategies and implementation plans are updated as required. 3 6.3
Line of Enquiry 4 – Project Management
To provide assurance that appropriate systems, processes and controls for managing projects are in place to support the achievement of Strategic and Operating Review objectives.

Criterion 4.1: Sound project management practices including systems, processes and controls are being utilized to manage the implementation of Tracks.

1 6.4