The audit concluded that Finance Canada has developed an adequate Corporate Risk Profile and established an Integrated Risk Management function in line with guidelines. Some elements of the communication strategy from the Corporate Risk Profile have not been fully implemented. The Department has identified key risks but could improve awareness of risk management practices among staff through better communication.
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
Presentation by Vincent Tophoff, IFAC Senior Technical Manager and J. Stephen McNally, Campbell Soup Company Finance Director and Comptroller at the IMA Annual Conference and Exposition, June 2014
Risk is the effect of uncertainty to on objectives. Risk can be negative or positive. When Risks are converted into opportunity, it create huge success.
The underlying premise of enterprise risk management is that every entity exists to provide determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
COSO's Internal Control - Integrated Framework.
Includes:
Objectives;
Components;
Principles relating to the components and
Point of Focus assisting users in determining whether the principles are present and functioning
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
Risk is the effect of uncertainty to on objectives. Risk can be negative or positive. When Risks are converted into opportunity, it create huge success.
The underlying premise of enterprise risk management is that every entity exists to provide determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value.
Many leaders in today’s business environment have recognized the need for internal audit to play a larger role – one that expands on its historic focus on value preservation to encompass activities related to value creation. Leading integrated internal audit functions will need to stay ahead of the risk curve rather than simply follow the business, whilst preserving the core compliance and assurance activities senior management and the audit committee require. Audit functions that focus their efforts on significant risks are able to concentrate their audit resources on issues that drive the business. This 3-day course has been designed to help internal auditors understand what is needed to make the audit function totally risk based
COSO's Internal Control - Integrated Framework.
Includes:
Objectives;
Components;
Principles relating to the components and
Point of Focus assisting users in determining whether the principles are present and functioning
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
Integrating Data Analytics into a Risk-Based Audit PlanCaseWare IDEA
Presented at a IIA Chapter Meeting.
Although most would agree that internal audit provides an assurance function, it can also be a value-added service. One such value is identifying areas of improvement. This presentation looks at how data analytics can be used within the audit process including risk and controls assessment.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
This plan is uploaded to be use as a sample to help people to get an idea. This internal audit plan is prepared for an automotive business activity. I hope it will be useful.
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
Risk assessments are the primary component when planning, executing and delivering value in an internal audit. They are the building blocks of your internal audit activities and operational audit program. Sonia Luna CPA, CIA, CEO of Aviva Spectrum and Monica Raffety, CIA
Senior Manager, Financial Controls at Kaiser Permanente will help you to:
Understand risk assessment tools available
Learn how and when to apply risk assessment techniques
Leverage different forms of quantitative and qualitative analysis techniques
Learn when to deviate from risk assessment templates with a memo or scoring
Understand what external auditors, management and the Board need to know when executing a risk assessment.
Understand how risk assessment impact the internal audit activities, from walkthroughs to testing
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
This webinar covers seven common pitfalls faced when establishing enterprise risk management. Also, it conveys the commitment necessary for the proper implementation in order to achieve organizational objectives over time.
Main points covered:
Major drawbacks in Enterprise Risk Management
• Weak tone at the top
• Focusing on issues instead of risks
• Not embedding ERM within business
• Not rethinking perspective towards risk
• Unidimensional risk evaluation
• Vague risk responses
Presenter:
Shady Hallab is an Experienced Manager at PricewaterhouseCoopers LLP in Montreal. He focuses mainly on managing and directing enterprise risk management programs and acts as a risk advisor for evaluating and recommending risk solution best practices for a wide range of private, public and government organizations.
Link of the recorded session published on YouTube: https://youtu.be/GRj_GdIqIo4
The Management of Uncertainty
•It has long been recognized that one of the most important competitive factors for any organization to master is the management of uncertainty.
•Uncertainty is the major intangible factor contributing towards the risk of failure in every process, at every level, in every type of business.
•Managing business uncertainty may involve introducing, developing and implementing strategic enterprise management frameworks for –
–Corporate Foresight and Business Strategy
–Business Planning and Forecasting
–Business Transformation
–Enterprise Architecture
–Enterprise Risk Management
–Enterprise Performance Management
–Enterprise Governance, Reporting and ControlsEAEA
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
Welcome to Bank Gaborone Limited. What makes us a particularly interesting company is not that we are owned by Capricorn Group but that we are the first green field operation in the history of the diversified Capricorn Group of companies.
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
#Contract Risk Audit# By SN panigrahi,
Enterprise Risk Management (ERM),
Risk Audit,
Contract Risk Audit process.
Types of Audit,
Risks Need to be Analyzed
on Four Aspects : SQSC,
CONTRACT ADMINISTRATION
Finance is the procurement (to get, obtain) of funds and effective (properly planned) utilization of funds. It also deals with profits that adequately compensate for the cost and risks borne by the business
UK Corporate Governance Code and selected companies approaches to designing and implementing risk appetite statements, and the lessons for boards and for risk professionals.
IRM is the leading professional body for risk management. We are an independent, not-for-profit organisation that champions excellence in managing risk to improve organisational performance.
We do this by providing internationally recognised qualifications and training, publishing research and guidance and raising professional standards across the world. Our members work in all industries, in all risk disciplines and across the public, private and not-for-profit sectors.
IRM does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.
Learn more about Risk Management and the essentials with IRM’s level 1 certification.
https://www.theirmindia.org/level1
Level 1 qualified or risk management professionals with 2-3 years of experience can also enroll for level 2 certification.
https://www.theirmindia.org/level2
Visit: https://www.theirmindia.org/
Address: IRM India Affiliate, 907,908,909, Corporate Park II, 9th Floor, VN Puran Marg, Near Swastik Chambers, Chembur Mumbai 400071
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
1. 1
Audit of Risk Management
Final Report
March 25, 2010
Prepared by Internal Audit & Evaluation for the:
Audit and Evaluation Committee meeting of March 25, 2010
Finance Canada
2. 2
Table of Contents
Executive Summary 3
Background 4
Audit Objective and Scope 5
Approach, Assurance Statement and Auditing Standards Employed 6
Conclusions 7
Findings by Audit Criteria 8
Recommendations and Management Action Plan 13
Members of the Audit Team 14
Appendices
Appendix A – List of Department of Finance Canada Personnel Interviewed 16
Appendix B – List of Key Documents Consulted 17
3. 3
Executive Summary
As part of the Government of Canada’s commitment to strengthening risk management
practices in the public service, the Treasury Board of Canada Secretariat (TBS) developed
the Integrated Risk Management Framework (IRMF) in 2001. The IRMF defines integrated
risk management as a continuous, proactive and systematic process to understand, manage
and communicate risk from an organization-wide perspective. It is about making strategic
decisions that contribute to the achievement of an organization's overall corporate objectives.
The objective of the Audit of Risk Management is to provide the Department of Finance (the
Department) with reasonable assurance that the corporate risk management framework and
processes it has in place effectively identify, assess and manage corporate risks.
Our audit concluded that overall, the Department has developed an adequate Corporate Risk
Profile (CRP) and has established an Integrated Risk Management (IRM) function, in line with
good management practices and the TBS guidelines on IRMF. The Department has
implemented the elements of an effective risk management framework; however, some
elements of the communication strategy presented in the Corporate Risk Profile (CRP) have
not been fully implemented.
4. 4
Background
History
As per the Treasury Board Policy on Internal Audit, risk management is a mandatory element of internal
audit coverage. Consequently, the Audit of Risk Management has been included as part of the
Department’s three-year risk-based audit plan, which was approved by the Deputy Minister upon the
recommendation of the Audit and Evaluation Committee.
Background
As part of the Government of Canada’s commitment to strengthening risk management practices in the
public service, TBS developed the IRMF in 2001. The IRMF provides Departments with guidance on
developing their risk management function so that they may be more effective in identifying and mitigating
risks, which would otherwise affect their ability to meet departmental objectives.
As per the IRMF, the primary element of establishing an effective risk management framework is for an
organization to develop a Corporate Risk Profile (CRP). The CRP is an effective tool used to identify key
corporate risks such as infrastructure risks, people risks, policy risks and process risks and establish
strategies to mitigate these risks.
In the Department, the Corporate Services Branch provides leadership towards integrating risk
management at all levels and provides guidance to branches, as required. The ultimate responsibility for
implementing effective risk management; however, rests with all employees, particularly the management
team.
5. 5
Objective
The objective of the Audit of Risk Management is to provide reasonable assurance that a corporate risk
management framework and processes are in place and that corporate risks are identified, assessed and
managed.
Scope
The scope of the audit includes assessing risk management practices at the corporate and branch levels.
At the corporate level, the audit examines the Department’s CRP for the purpose of assessing the
integrated risk management function. Other integrated risk management practices at the departmental
level were also assessed.
At the branch level, the audit examines practices and processes regarding the implementation of the
integrated risk management framework, such as the manner in which each branch establishes the
necessary systems and appropriate mitigation strategies to implement risk management in their respective
functions.
The scope of the audit does not include the following:
An assessment of the appropriateness of the ten key risk areas identified in the CRP.
An assessment of the appropriateness of policy recommendations.
Audit Objective and Scope
6. 6
The audit was conducted in accordance with the International Standards for the Professional Practices
of Internal Auditing. These standards require that the audit be planned and performed in such a way as
to obtain reasonable assurance that the audit objective was achieved. During the audit, appropriate
procedures were followed and sufficient evidence was obtained to support the accuracy of findings
and conclusions presented in this report. Audit procedures included, but were not limited to, interviews,
observations, review of supporting documentation, and analytical reviews. The audit criteria used to
develop the required audit tests were based on: (1) good management practices; and (2) applicable
policies and regulations, in particular the TBS guidelines on IRMF, and relevant elements of the Office
of the Comptroller General’s Core Management Controls.
In total, 18 individuals were interviewed including personnel from each of the Department’s nine
branches, specifically two senior representatives per branch in most instances. The complete list of
personnel interviewed is provided in Appendix A. In addition, the audit team conducted a review of
relevant policies, standards, directives and related documents (list provided in Appendix B).
The audit approach allowed for the audit results to be communicated in such a manner as to enable
management to review and provide feedback on the findings and conclusions before they were
finalized.
Approach, Assurance Statement and Auditing Standards
Employed
7. 7
Conclusions
To provide
reasonable
assurance that a
corporate risk
management
framework and
processes are in
place and that
corporate risks are
identified, assessed
and managed.
The audit concluded that overall, the Department’s Risk Management practices are in
line with good management practices and the TBS guidelines on Integrated Risk
Management Framework (IRMF). In particular, the following good management
practices and key aspects are worth noting:
The Department has a standard approach to risk management and an
approved Corporate Risk Profile (CRP) that identifies key risks.
The Department has established an Integrated Risk Management (IRM)
function led by the Corporate Planning Division (CPD) of the Corporate
Services Branch (CSB).
Risk Management is practiced enterprise-wide and at the branch levels.
An effective communication strategy is an essential part of fostering a corporate
culture that enables effective and integrated risk management at every level of the
organization, including the sharing of best practices. The Department has
implemented the elements of an effective risk management framework; however,
some elements of the communication strategy presented in the Corporate Risk
Profile (CRP) have not been fully implemented.
Audit Objective
8. 8
The following table presents the assessment of the level of risk exposure identified in the audit. Levels
of risk exposure are categorized by audit criteria.
The audit criteria used to assess the risk exposure are based on good management practices, the TBS
guidelines on IRMF and relevant elements of OCG Core Management Controls related to risk
management.
The risk ranking is based on the level of risk exposure. A high, medium or low ranking corresponds to
the potential risk exposure auditors believe may have an impact on the achievement of Department
objectives, and is indicative of the priority management should give to address the recommendations.
The assessment summarizes the audit observations based on the factual evidence gathered and
analyzed during the audit. Based on these assessments, issues/themes along with potential causes,
impacts, management initiatives and recommendations are summarized in the “Recommendations and
Management Responses” section.
Findings by Audit Criteria
High exposure
Medium exposure
Low exposure
9. 9
Criteria Risk
Exposure
Assessment
Establishing the Corporate Risk Profile
The Corporate
Risk Profile of
the Department
has identified
and highlighted
key corporate
risk areas
Low The Department has a standard approach to risk management and an
approved Corporate Risk Profile (CRP) which identifies key risks.
The Department has had a CRP since November 2007 and its status is
reviewed three times a year as part of the integrated planning cycle, with
changes to the CRP included as warranted. This has led to revisions to the
CRP in November 2008 and June 2009. The process of developing and
updating the CRP is integrated within the Department’s planning, monitoring
and reporting cycle.
The Department’s major risks identified in the CRP are regularly reviewed as
part of the integrated planning process. An environmental scan involving all
branches is usually conducted three times a year, threats and opportunities
are identified, mitigation strategies are developed and progress on the
implementation of these strategies is monitored. The risks in the CRP are
identified by management as risks that would most affect the Department’s
ability to achieve its objectives.
The most recent CRP was reviewed and discussed with senior management
at various committees, including the Departmental Coordinating Committee
(DCC), prior to receiving final approval at the Executive Committee (EXEC) on
June 5, 2009.
Findings by Audit Criteria
10. 10
Findings by Audit Criteria
Criteria Risk
Exposure
Assessment
Practicing Integrated Risk Management
The
Department
implements
and practices
Integrated
Risk
Management
within an
established
framework
Low The Department has established and implemented an Integrated Risk
Management (IRM) function led by the Corporate Planning Division
(Corporate Planning) of the Corporate Services Branch (CSB).
The Corporate Planning within the CSB provides horizontal support and
leadership to all branches on matters related to risk management, by
providing advice and coordinating activities related to the function. As
part of the integrated planning process, each branch regularly assesses
the risks relevant to their area and develops corresponding mitigation
strategies.
This risk information is collected from the branches and assessed
through a standard planning template by the Corporate Planning, with the
support of the Department’s Planning Network (Network). The Network
is made up of representatives from all branches in order to integrate
business planning and risk management across the Department. The
information collected in these templates is updated three times a year by
the branches and forms the basis of changes to the CRP as warranted.
11. 11
Findings by Audit Criteria
Criteria Risk
Exposure
Assessment
Practicing Integrated Risk Management (continued from the previous page)
The
Department
implements
and practices
Integrated Risk
Management
within an
established
framework
Low Once templates have been completed and information has been assessed,
senior management is further consulted through the DCC for their review, prior
to a final review and approval from the EXEC.
The risk identification process is rigorous and considers internal and external
risk exposures. This process results in the identification of the ten major risk
areas documented in the CRP, which are categorized into four groups: (1)
policy risks, (2) people risks, (3) infrastructure risks and (4) process risks. In
addition to the CRP risks, each branch identifies other risks that could impact
their specific subject business areas. During 2009-2010, the branches identified
approximately thirty additional risks during one of three integrated planning
exercises. Mitigation strategies were developed and included in each of the
branches’ respective business plans.
12. 12
Findings by Audit Criteria
Criteria Risk
Exposure
Assessment
Practicing Integrated Risk Management (continued from the previous page)
The
Department
implements
and practices
Integrated Risk
Management
within an
established
framework
Low The integrated approach to risk management is complemented by appointing
“risk champions”, at the Assistant Deputy Minister level for each risk identified in
the CRP. These “risk champions” are responsible for ensuring effective
synchronized mitigation strategies for the department-wide key corporate risk
assigned to them; however, their involvement beyond their Branch is limited.
Although the Department has an effective integrated approach to risk
management, some elements of the communication strategy presented in the
CRP have not been fully implemented. For the most part, these relate to
communicating key corporate messages more widely across Branches to
management and all staff regarding: (1) availability of the risk management web
site, (2) recommended risk management tools; (3) important updates to the
department-wide risk management strategy; and (4) sharing and discussing
best practices at department-wide forums such as the general assembly and
the annual executive retreat. An effective communication strategy is an
essential part of fostering a corporate culture that enables effective and
integrated risk management at every level of the organization, including the
sharing of best practices.
13. 13
Recommendations and Management Action Plan
The following section presents the key opportunity for improvement stemming from
the audit findings. The impact and recommendation is also stated. Where
applicable, the relevant management initiatives already underway are included. For
the recommendation, management has provided:
An action plan, which addresses the recommendation;
The position responsible for implementing the action plan; and,
The target date for completion.
14. 14
Summary of the Audit Finding and its Impact
As part of its Integrated Risk Management Framework and consistent with best practices, the Department has
established a communication strategy. Effective communication is essential to increasing awareness and effective
implementation of key risk management practices at all levels, particularly risk mitigation strategies.
Although the Department has an effective integrated approach to risk management, some elements of the
communication strategy presented in the CRP have not been fully implemented. For the most part, these relate to
communicating key corporate messages more widely across Branches to foster the sharing of best practices
among management and all staff.
Fully implementing an effective communication strategy will further improve management and staff’s awareness of
the Corporate Risk Profile and encourage the use of available tools, such as the Department’s website on risk
management. Ultimately, increasing risk management awareness and the sharing of best practices will better
enable the Department to achieve its objectives.
Recommendation Management Response
It is recommended that
the ADM, Corporate
Services Branch (CSB),
in cooperation with the
ADM, Consultations
and Communications
(C&C) Branch, fully
implement the
communication strategy
for risk management.
The ADM CSB, in cooperation with the ADM C&C Branch, is committed to continue to
foster communications around risk management. The Director Corporate Planning will
work with Finance Branches to validate which form of communication is best suited to
increase awareness of risk management practices across the Department, as part of the
comprehensive review of the Corporate Risk Profile planned for summer 2010. The
communications strategy will be updated based on review findings by the end of Q2
2010-11. The ADM-CSB will then work to implement the updated communications
strategy with a focus on increasing risk management awareness and the sharing of best
practices among management and staff across all Branches. It is expected that the
communication strategy will be fully implemented by the end of Q2 2011-12.
1. Foster Communications Around Risk Management Best Practices
15. 15
The members of the audit team are:
Roger Vachon, Master in Administration, Audit Manager
Olivia Zhu, MPA, CIA, Senior Auditor
Ziad Shadid, CGA, Audit Manager
Christian Kratchanov, MBA, CIA, Chief Audit Executive
Members of the Audit Team
16. 16
Appendix A – List of Department of Finance Canada Personnel
Interviewed
Jean- Michel Catta, General Director, Consultations and Communications Branch
Chris Forbes, General Director, Federal-Provincial Relations and Social Policy Branch
David Gamble, Director - Public Affairs & Operations Division, Consultations and Communications Branch
Barb Gibbon, Director – Corporate Planning, Corporate Services Branch
James A. Haley, General Director, International Trade & Finance Branch
Sherry Harrison, Chief Financial Officer and Executive Director, Corporate Services Branch (acting ADM
Corporate Services Branch at the time of the audit interview)
Nancy Horsman, General Director, Tax Policy Branch
Claude Lavoie, Director – Economic Studies & Policy Analysis Division, Economic and Fiscal Policy Branch
Clifton Lee-Sing, Chief – Financial Markets Division, Financial Sector Policy Branch
Sheila Macdonald, Chief-International Policy & Analysis Division, International Trade and Finance Branch
Erin O’Brien, Chief - Policy Analysis & Coordination, Economic Development & Corporate Finance Branch
Hélène Shirreff, Senior Analyst – Corporate Planning, Corporate Services Branch
Trevor J. Smith, Special Advisor and Counsel to the ADM, Law Branch
Rob Stewart, General Director, Financial Sector Policy Branch
Peter Turner, Chief – Personal Income Tax Division, Tax Policy Branch
Julie Turcotte, Chief – Economic Studies and Policy Analysis Division, Economic and Fiscal Policy Branch
Nipun Vats, Senior Chief – Federal-Provincial Relations Division, Federal-Provincial Relations and Social Policy
Branch
Kathy Wesley, Director - Access to Information and Privacy Division, Law Branch
17. 17
Appendix B – List of Key Documents consulted
Legislation
• The Accountability Act (April 2006)
Standards (TBS)
• Integrated Risk Management Framework (April 2001)
Policy (TBS)
• Risk Management Policy (October 2001)
Documents Specific to the Department
• Corporate Risk Profile (June 2009)
• Corporate Risk Profile (November 2008)
• Corporate Risk Profile (November 2007)
• Integrated Business Plan (2009-2010)
• Business Planning Input – Operating Environment and Risk Analysis (May 2009 – one
document per Branch)
Other Documents
• Management Accountability Framework (2008-2009)
• Integrated Risk Management Implementation Guide - (TBS) (2004)
• OCG Core Management Controls: A Guide for Internal Auditors (OCG) (November 2007)