Internal Audit's Role in the Implementation of the Deficit Reduction
Transcript of Internal Audit's Role in the Implementation of the Deficit Reduction
Presentation to FMI – Focus on Value
November 29, 2012
Presented by:
Nancy J. Rector, CA, CISA, CIA, CISSP, CIPP/C, CRMA
Partner, Enterprise Risk
Telephone: 613-751-5345
Email: [email protected]
Internal Audit’s Role in the
Implementation of the Deficit
Reduction Action Plan (DRAP)
©2012 Deloitte & Touche LLP
Agenda
Introduction, Roundtable and Background
Budget 2012 Themes and Discussion
1
2
3 Potential Internal Audit Activities
4 Questions
Internal Audit's Role in the Implementation of DRAP 1
©2012 Deloitte & Touche LLP
Background
2 Internal Audit's Role in the Implementation of DRAP
• Budget 2012 and related DRAP initiatives have significant implications for the vast
majority of Federal Government Departments and Agencies (Departments)
• There is an expectation that CAEs will play a lead role in identifying and assessing the
risks faced by Departments with Budget 2012
• OCG expects CAEs to update their RBAPs in a timely manner for Budget 2012
Some Key Questions:
• How well do you know the DRAP initiatives within your Department and the impact of
Budget 2012?
• With Budget 2012, what do you believe are the highest risks facing your Department?
• How will your department mitigate those risks? Will Internal Audit be involved?
• What role should Internal Audit be playing?
• What role should the DAC be playing? How does Internal Audit proactively engage
the DAC?
©2012 Deloitte & Touche LLP ©2012 Deloitte & Touche LLP
Budget 2012
Highlights
3 Internal Audit's Role in the Implementation of DRAP
©2012 Deloitte & Touche LLP
What is the Focus of the 2012 Federal Budget?
4 Internal Audit's Role in the Implementation of DRAP
Source: Economic Action Plan 2012 – The Budget in Brief
©2012 Deloitte & Touche LLP
What is the impact of the 2012 Federal Budget on CAEs?
5 Internal Audit's Role in the Implementation of DRAP
Major themes:
Achieving Efficiencies (Admin and Programs)
Impacting Activities Within Departments
Impacting Activities Across Departments
1
2
3
Increased use of Technology
4
Workforce Adjustments (WFA)
5
©2012 Deloitte & Touche LLP
Budget 2012 Themes
Budget 2012 Theme #1:
Internal Audit's Role in the Implementation of DRAP 6
Achieving Efficiencies (Admin and Programs)
• “The Government focused…on finding savings that would reflect the primary goal of
achieving efficiencies in operations and enhancing productivity…”
• The budget takes a broad approach to efficiencies, including opportunities for both:
‒ Program efficiencies – spending on programs will be reallocated or reduced, with some
programs being eliminated altogether and others being consolidated.
‒ Administrative efficiencies – many Departments will streamline back-office functions in order
to increase efficiency.
• Some Known Examples:
• Natural Resources Canada will streamline its review process for major economic projects.
• Finance Canada will reconfigure and modernize its internal services.
• Citizenship and Immigration will centralize part of its visa processing function.
Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets
©2012 Deloitte & Touche LLP
Budget 2012 Themes
Budget 2012 Theme #2:
Internal Audit's Role in the Implementation of DRAP 7
Workforce Adjustment
• “The planned reduction in departmental spending is expected to eliminate about
12,000 government positions over a three-year-period, with affected individuals
qualifying for collectively bargained workforce adjustment measures.”
• “The planned reduction in employment includes the elimination of about 600 executive
positions, or 7.4 per cent of the executive workforce, bringing the level of management
overhead more in line with private sector best practices.”
• The number of employees affected by the WFA process is far greater than the number
of employees who will ultimately lose their jobs.
• Some Known Examples:
• 1,026 positions eliminated at CBSA over the next three years
• Approximately 1,100 civilian positions to be eliminated at DND
Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets
©2012 Deloitte & Touche LLP
Budget 2012 Themes
Budget 2012 Theme #3:
Internal Audit's Role in the Implementation of DRAP 8
Impacting Activities Within Departments
• “The Government has identified opportunities to consolidate administrative
functions including HR and financial services, real property maintenance, IT,
communications and contracting within portfolios…”
• Consolidation may take the form of functional consolidation (e.g. consolidating
administrative functions) or geographic consolidation (e.g. closing regional offices)
within Departments.
• In addition to consolidation and streamlining, the budget also includes targeted
investments to increase government effectiveness and service to Canadians.
• Some Known Examples:
• Canada Revenue Agency will implement changes to the SR&ED tax credit program and the
international taxation system.
• Health Canada will enhance its regional presence in Northern Canada.
• AAFC will consolidate grants and contribution programs across the Department
Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets
©2012 Deloitte & Touche LLP
Budget 2012 Themes
Budget 2012 Theme #4:
Internal Audit's Role in the Implementation of DRAP 9
Impacting Activities Across Departments
• “The Government has identified opportunities to consolidate administrative
functions including HR and financial services, real property maintenance, IT,
communications and contracting…across similar organizations.”
• “[Shared Services Canada’s] mandate is to consolidate IT infrastructure, including
email, data centres and networks, across 43 departments and agencies.”
• The budget includes several measures in which Departments will come together to
consolidate functions or share resources.
• Some Known Examples:
• Establishing Shared Services Canada, which will consolidate many IT functions
• Health Canada and the Public Health Agency of Canada will adopt a shared services model and
merge back-office functions.
• Fisheries and Oceans will transfer the responsibility for managing and maintaining Arctic ports to
the Northwest Territories and Nunavut.
Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets
©2012 Deloitte & Touche LLP
Budget 2012 Themes
Budget 2012 Theme #5:
Internal Audit's Role in the Implementation of DRAP 10
Increased use of Technology
• The use of technology is a pervasive theme of the budget – investments in new
technological infrastructure, updating systems, and greater use of the internet to
gain efficiencies and ultimately reduce costs.
• “[The Government] has also identified ways to reduce travel expenses by using virtual
tools such as teleconferencing, videoconferencing and virtual presence.”
• Some Known Examples:
• Canadian Space Agency will receive funding to support the development of advanced robotics
and other space technologies.
• VIA Rail will implement electronic ticketing and invoicing systems.
• Canada Revenue Agency will enhance its online filing application and the My Business online
portal.
Source: Budget Plan, Chapter 5 - Responsible Management to Return to Balanced Budgets
©2012 Deloitte & Touche LLP
Achieving
Efficiencies
Activities
Within
Activities
Across Technology WFA
Do we understand the risks introduced in areas
impacted by the budget?
Will changes come at the expense of adequate
internal controls?
Will accountability be blurred with consolidation?
How do Departments retain sufficient oversight and
control over consolidated activities?
Will Management Control Frameworks (MCFs)
require substantial modification?
Are DRAP initiatives being planned and
implemented appropriately?
Will timely completion of IA engagements become
more difficult in areas with FTE reductions?
Will employee morale impact the quality of control
activities they perform?
Will new technologies allow for thorough audits?
Will there be sufficient audit trails?
Are services being reduced or productivity
increased so cuts are sustainable?
11
Some Risk and Control Considerations
Internal Audit's Role in the Implementation of DRAP
©2012 Deloitte & Touche LLP
Achieving
Efficiencies
Activities
Within
Activities
Across Technology WFA
Will IA be asked to take on additional
responsibilities that may impact its independence?
How do we keep IA teams motivated and focused?
Is there a need to consider components of shared
services for IA?
Does IA need to consider additional measures that
help efficiency like data analytics?
Will new investments be adequately controlled?
What is the impact on regional operations?
12
Some Risk and Control Considerations
Internal Audit's Role in the Implementation of DRAP
©2012 Deloitte & Touche LLP
Discussion
13 Internal Audit's Role in the Implementation of DRAP
Some Key Questions:
• How well do you know the DRAP initiatives within your Departments and the impact of
Budget 2012?
• With Budget 2012, what do you believe are the highest risks facing your Department?
• How will your Department mitigate those risks? Will Internal Audit be involved?
• What role should Internal Audit be playing?
• What role should the DAC be playing? How does Internal Audit proactively engage the
DAC?
©2012 Deloitte & Touche LLP ©2012 Deloitte & Touche LLP
Potential Internal Audit Activities
14 Internal Audit's Role in the Implementation of DRAP
Responding to Budget 2012
©2012 Deloitte & Touche LLP
Risk Assessment Workshops
15 Internal Audit's Role in the Implementation of DRAP
• IA play can play a lead role in facilitating risk assessments in impacted areas
• Engages management in proactively identifying and managing risks
• Helps IA demonstrate value add
• Typical Risk Assessment Process
1. Understand scope of changes in impacted area
2. Identify risks introduced by those changes
(e.g. SOD, morale, WFA grievances, service quality,
compliance, loss of revenue, IT security)
3. Identify controls that may mitigate these risks
4. Assess residual risks
5. Provide recommendations for additional controls
• Use of voting technology should be considered
©2012 Deloitte & Touche LLP
Broad Audit of DRAP
16 Internal Audit's Role in the Implementation of DRAP
• Internal Audit may audit the DRAP implementation within the Department
• OAG will likely conduct audit activities related to the implementation of Budget
2012 measures, similar to Budget 2009/Economic Action Plan
• Some key questions to be answered by the audit:
• Are DRAP activities being planned and implemented appropriately?
• Is monitoring and oversight of the implementation adequate?
• Was the criteria for resource allocation decisions appropriate?
• What is the overall impact of DRAP changes on departmental governance,
risk management and internal controls?
• The audit could be conducted in multiple phases
1. Early Days: Audit the DRAP Governance, Planning, Project Management, and
Monitoring Processes. Identify high risk DRAP initiatives (consider analytics)
2. As DRAP Implementation carries on: Audit the implementation of the high risk DRAP
initiatives. Continuous Auditing techniques should be considered
3. Towards the end of the implementation: Conclude on the overall DRAP
implementation and assess readiness for a potential OAG audit
©2012 Deloitte & Touche LLP
Efficiency Considerations in Audits
17 Internal Audit's Role in the Implementation of DRAP
• Consider adding a line of inquiry around efficiencies
‒ Shows value add and strategic contribution to overall DRAP objectives
• If services are not being reduced or productivity increased, cuts may not be
sustainable
• Key risks relevant for this type of audit include:
1. Operational inefficiencies
2. Unclear “ownership” boundaries and roles and responsibilities
3. Non value added activities
4. “Status quo” culture (i.e. as opposed to a continuous improvement culture)
Potential Approach
1. Perform audit planning
2. Analyze current work processes and map potential new processes
3. Evaluate improvements and validate with key process owners
4. Quantify changes or link to performance metrics
5. Present results in report with management action plans
6. Evaluate results achievement through follow-up audits and report on progress
©2012 Deloitte & Touche LLP
Segregation of Duties Analysis
18 Internal Audit's Role in the Implementation of DRAP
• Reducing the number of people to manage business processes may expose
risks related to segregation of duties (SoD).
• IA can review business processes to provide guidance on how manual and
automated controls can reinforce SoD rules.
• Key questions to be addressed:
1. Are SoD rules considered in process changes?
2. Are approval steps in business processes assigned to appropriate authorities?
3. Do change management processes include checking for new SoD violations by
business authorities?
4. Are compensating controls in place where segregation can not be sustained (e.g.
where one person must manage conflicting steps in a process)?
5. How do automated systems support SoD rules?
Potential Approaches
1. Business process analysis to update control frameworks
2. Either point in time or continuous auditing approach
3. Use of automated tools to more efficiently analyze configured roles and user
assignments in ERP suites like SAP, Oracle and PeopleSoft.
©2012 Deloitte & Touche LLP
Project Risk Assessments
19 Internal Audit's Role in the Implementation of DRAP
• The budget lists targeted investments,
including construction projects, and
implementations of IT systems and
common platforms
• As with any large project which are
inherently risky, IA should consider
playing a role throughout the lifecycle of
the project.
Scope Considerations - Construction:
• Review of project risk management and
governance activities
• Review of overall and ongoing project
management activities including: o Reporting, Budgeting, Scheduling, Monitoring
and inspection, Change orders and Close out process
• Review of procurement/contract
payments processes
• Review of project quality assurance and
compliance with safety regulation
P R O D U C T L I F E - C Y C L E R I S K
PLANNING & INITIATION REQUIREMENTS
ANALYSIS
TESTING
DESIGN
IMPLEMENTATION
& ROLLOUT
POST
IMPLEMENTATION
DEVELOPMENT
COST
P R O J E C T M A N A G E M E N T R I S K
COMMUNICATION PROCUREMENT HR RISK
QUALITY TIME SCOPE
PROJECT INTEGRATION (PROJECT OFFICE)
P R O J E C T S U P P O R T R I S K
PROGRAM OFFICE INTEGRATION WITH COMMON
BUSINESS FUNCTIONS
P R O J E C T E N V I R O N M E N T R I S K
STAKEHOLDERS
PORTFOLIO MANAGEMENT
STRATEGIC ALIGNMENT CORPORATE CULTURE
BUSINESS ENVIRONMENT RISK PROCESS ALIGNMENT
Scope Considerations – IT Systems
©2012 Deloitte & Touche LLP 20
Increased use of Analytics
• The current environment requires IA to be more efficient – an increased use
of analytics should be considered in that context
‒ Identifying areas to audit in RBAP
‒ Identifying risks at audit planning stage
‒ Selecting samples during audit execution
‒ For continuous auditing
Internal Audit's Role in the Implementation of DRAP