2017 Fall Reports of the Auditor General of Canada to the Parliament of Canada Independent Audit ReportReport of the Auditor General of Canada to the Board of Directors of the National Capital Commission—Special Examination—2017

2017 Fall Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Directors of the National Capital Commission—Special Examination—2017

Independent Audit Report

This report reproduces the special examination report that the Office of the Auditor General of Canada issued to the National Capital Commission on 19 June 2017. The Office has not performed follow-up audit work on the matters raised in this reproduced report.

Introduction

Background

1. The National Capital Commission (the Corporation) is a federal Crown corporation created in 1959. It reports to Parliament through the Minister of Canadian Heritage. According to its enabling legislation, the National Capital Act, the Corporation’s mandate is to help develop, conserve, and improve the National Capital Region in keeping with its national significance as the seat of the Government of Canada. The Corporation owns and manages land totalling more than 500 square kilometres and more than 1,700 properties, including the official residences of Canada.

2. In the 2015–16 fiscal year, the Corporation had about 400 employees, organized in six branches: Capital Planning; Capital Stewardship; Corporate Services; Public and Corporate Affairs; Audit, Research, Evaluation and Ethics; and Legal Services and Commission Secretariat.

Greenbelt—An area of mostly undeveloped land surrounding the City of Ottawa’s urban core.

3. The Corporation fulfills its mandate through the following activities:

4. The Corporation owns and manages over 10 percent of the lands in Canada’s Capital Region. The Corporation is responsible for the management of Gatineau Park and the Greenbelt, as well as 13 urban parks, including Confederation Park, Vincent Massey Park, Major’s Hill Park, and Jacques-Cartier Park.

5. The Corporation owns and manages properties leased for residential, agricultural, institutional, recreational, and commercial purposes. Also, the Corporation is responsible for managing Canada’s six official residences in the Capital Region:

6. The Corporation’s primary source of funding is the federal government. The Corporation earns revenue from other sources such as rent from its properties and user fees.

Focus of the audit

7. Our objective for this audit was to determine whether the systems and practices we selected for examination at the National Capital Commission were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

8. Based on our assessment of risks, we selected systems and practices in the following areas:

The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.

9. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.

Findings, Recommendations, and Responses

Corporate management practices

The Corporation had good corporate management practices, but weaknesses in risk management

Overall message

10. Overall, we found that the Corporation had good corporate management practices for governance, strategic planning, and performance measurement and reporting. However, there were weaknesses in its risk management practices. Specifically, the Corporation’s management and its Board of Directors did not receive comprehensive risk information for decision making. In addition, the Board and management did not clearly describe in the annual corporate plan the risk that it might not have sufficient resources to restore, maintain, and preserve its assets. This plan is key to informing the government of the Corporation’s issues.

11. These findings matter because the Corporation relies on sound management practices to operate efficiently and effectively. Comprehensive risk information supports decision making by the Corporation’s Board of Directors and the government. The government, Corporation management, and Board need to receive comprehensive information on the risks the Corporation faces in order to ensure that strategies are implemented to mitigate those risks.

12. Our analysis supporting these findings discusses the following topics:

13. The Corporation has a Board of Directors (the Board) of 15 members, including the Chairperson as well as the Chief Executive Officer. The other 13 members are appointed from the various regions of Canada. Of these Board members, 5 are from the National Capital Region and 8 are from other regions. In 2016, the Corporation made a key change to its governance structure to provide for the ex officio and non-voting participation of the mayors of Ottawa and Gatineau at Board meetings. The Corporation holds public Board meetings five times a year.

14. Strategic planning and risk management are essential for the Corporation to set short- and long-term objectives, and to allocate resources to achieve them. Risk management helps the Board and management identify factors that may affect the Corporation’s ability to achieve its objectives and to develop strategies to mitigate them. Performance measurement and reporting enable the Board and management to demonstrate the extent to which the Corporation has achieved its objectives and fulfilled its mandate.

15. Our recommendations in these areas of examination appear at paragraphs 25 and 39.

16. Corporate governance. We found that the Corporation had in place good corporate governance practices (Exhibit 1).

Exhibit 1—Corporate governance—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Board independence

The Board functioned independently from management; individual Board members were independent from the Corporation and followed defined code-of-conduct and conflict-of-interest guidelines for Board members.

The Board of Directors functioned independently from management and ensured that Board members declared any real or potential conflicts of interest and followed the code of conduct.

Check  mark in a green circle, meaning met the criteria

Board oversight and decision making

The Board received timely information necessary to oversee and monitor the Corporation’s activities, results, and management of risk, and for decision making to achieve corporate objectives.

During its meetings, the Board received appropriate information on the Corporation’s activities, significant issues, financial results, and performance against strategic objectives for decision making.

The Board participated in strategic planning and challenged management in the decision-making process.

Check  mark in a green circle, meaning met the criteria

Compliance monitoring

The Board monitored the Corporation’s compliance with laws, regulations, and key corporate policies, as well as with its code of conduct and ethical requirements.

The Board received information to monitor compliance with its key legislative obligations and key corporate policies, as well as with its code of conduct and ethical requirements.

Check  mark in a green circle, meaning met the criteria

Communications

The Board maintained effective communication with external stakeholders, the responsible Minister, and the public in the delivery of its mandate.

The Board maintained effective communications with external stakeholders and the public. Board members participated in stakeholder meetings and key public consultations, and held public Board meetings five times a year.

The Chair and the Chief Executive Officer met with the responsible minister and briefed the Board on these discussions.

Check  mark in a green circle, meaning met the criteria

Board competencies

The Board had a sufficient number of members with the ability, skills, knowledge, and experience, as well as access to external expertise and training, to discharge its responsibilities.

The Board members collectively had an appropriate balance of knowledge, skills, and experience, as well as the necessary Canadian geographical representation, to carry out their responsibilities. Management provided the Board members with orientation as well as access to external training and expertise to discharge their responsibilities.

Check  mark in a green circle, meaning met the criteria

17. Strategic planning, risk management, and performance measurement and reporting. We found that the Corporation had adequate systems and practices in place for strategic planning and performance measurement and reporting. However, we found weaknesses in risk management (Exhibit 2).

Exhibit 2—Strategic planning, risk management, and performance measurement and reporting—key findings and assessment

Strategic planning

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Strategic direction setting

Strategic direction was clearly defined and communicated and was congruent with government priorities and the Corporation’s mandate.

The Board and management had defined the Corporation’s strategic direction, established measurable strategic objectives, and communicated its strategic plans.

The strategic direction was aligned with the Corporation’s mandate and enabling legislation, and with the government’s direction.

Check  mark in a green circle, meaning met the criteria

Implementation of strategic direction through operational planning

Operational plans were aligned with the strategic direction, contained sufficient and appropriate information to guide management action, and were well communicated throughout the organization.

Management aligned its operational plans with its strategic direction, and communicated the plans to accountable managers and employees. Management established memoranda of understanding between the various branches and the Chief Executive Officer (CEO) to align branch activities with corporate goals and support achievement of those goals. Progress against the objectives in the branch memoranda of understanding was provided through quarterly updates to the CEO and the Board.

Check  mark in a green circle, meaning met the criteria

Risk management

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Assigning roles and responsibilities for risk management

Roles, responsibilities, authority, and accountability for risk management were defined and implemented.

The Board and management had defined roles, responsibilities, and authority for the identification and management of its strategic risks. The accountability for managing operational risks was assigned to each branch.

Check  mark in a green circle, meaning met the criteria

Risk identification, assessment, and mitigation

The Corporation identified and assessed the potential risks that needed to be managed to achieve its strategic and operational objectives.

The Corporation defined and implemented responses to the risks it faced.

The Board approved management’s strategic risk assessment and oversaw the Corporation’s establishment of its mitigation strategies for the strategic risks identified.

Weaknesses

The Board and management did not clearly describe one of the Corporation’s strategic risks in its annual corporate plan, which is a key document to inform the government of the issues the Corporation faces.

As a result, the steps to mitigate that risk were also not described in this document.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Information for decision making and monitoring risks

There was appropriate information on risks provided to senior management and to the Board for decision making and to allow them to manage/monitor risks and update risk mitigation strategies.

The annual strategic planning exercise provided information to senior management and the Board on strategic risks.

Weaknesses

Management, in prioritizing strategic risks, did not prepare a comprehensive inventory of all the risks that the Corporation faced in each branch. In addition, the Board and management did not establish the Corporation’s risk tolerance levels. As a result, senior management and the Board did not have comprehensive risk information for decision making.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Performance measurement and reporting

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Designing measurable performance indicators

The Corporation designed measurable performance indicators to generate information that was important to users (entity management, the Board, and the public) and supported achievement of its strategic objectives.

Management identified performance indicators at the corporate level and established specific targets for some of the important performance indicators.

Check  mark in a green circle, meaning met the criteria

Collecting data to assess performance against operational targets

The Corporation collected performance-indicator data that measured its success in achieving its operational targets as set out in annual corporate plans.

Management collected performance data in line with the Corporation’s strategic objectives and reported on its achievements in its annual report.

Check  mark in a green circle, meaning met the criteria

Communication of performance information

Annual reports communicated key performance information to the management, the Board, and the public.

The 2015–16 Annual Report contained performance information on strategic objectives.

The Corporation’s internal and external reports compared its performance over time.

Check  mark in a green circle, meaning met the criteria

Taking corrective action based on performance information

Management used performance information to identify and address performance shortcomings.

Management used information on its progress in achieving corporate objectives as part of its decision making and reporting and undertook corrective action when necessary.

Check  mark in a green circle, meaning met the criteria

18. Weaknesses—Risk identification, assessment, and mitigation. In our last special examination of the Corporation, in 2007, we found that projects required to restore the Corporation’s assets were not always completed within the planned time frames, partly because of a lack of funding. As discussed in our findings on asset maintenance later in this report (paragraphs 36–38), we found that the Corporation continued to have a risk of insufficient resources to restore, maintain, and preserve its assets at an acceptable level. However, in its annual five-year corporate plans, the Board and management did not clearly describe this significant risk or the mitigation strategy and its related financial impact. The corporate plan is a key vehicle for the Corporation to inform the government every year on its activities, strategic issues, and key risks.

19. The Corporation’s main strategy to mitigate the risk of insufficient financial resources was to delay the required maintenance on some assets, in order to use the available funds to complete the highest-priority work. The Corporation also implemented some revenue-generating and cost-reduction initiatives, such as sharing costs with other levels of government, launching a snowshoeing program in Gatineau Park, and automating systems like parking fee collection. However, these activities have not yet had a significant financial impact.

20. These weaknesses matter because the government did not receive clear and complete information about this key risk and mitigation strategy in the corporate plan for decision making.

21. Our recommendation regarding these weaknesses appears at paragraph 39.

22. Weaknesses—Information for decision making and monitoring risks. In our last special examination report of the Corporation, in 2007, we noted that the Corporation did not have an integrated risk management framework. Management developed an enterprise risk management framework, which was approved in 2008, and also drafted a corporate policy.

23. During the period covered by the audit, we found that the Board and management completed annual strategic risk assessment exercises. These exercises included identifying risks to achieving the Corporation’s strategic objectives and developing strategies to mitigate those risks. However, there was no consistent and integrated process to identify and evaluate risks across the organization. As a result, the Board and management did not prepare a comprehensive inventory of all the risks it faced. Also, management did not establish its risk tolerance levels; therefore, it did not clearly define the level of risk that the Corporation was willing to accept when making decisions.

24. These weaknesses matter because an integrated risk management process and a comprehensive inventory of risks are needed to manage risk. Without them, it is difficult for management and the Board to get the assurance that all significant operational risks have been identified, analyzed, and managed in terms of their potential effects on the Corporation’s activities and ability to meet its mandate. These elements would also support decision making by management and the Board.

25. Recommendation. The Corporation should establish and approve a comprehensive enterprise risk management framework that

The Corporation’s response. Agreed. The Corporation will continue to advance a comprehensive and integrated enterprise risk management framework that will set risk tolerances, assess strategic and operational risks, and provide comprehensive risk information for decision making. The framework will be completed by 31 March 2018, based on a thorough strategic risk assessment completed in the 2016–17 fiscal year.

Management of National Capital Region operations

There was a significant deficiency in asset maintenance, although the Corporation had good management practices in its operations

Overall message

26. Overall, we found a significant deficiency in the Corporation’s asset maintenance. More than one quarter of its assets were in fair, poor, or critical condition, and there was an estimated shortfall in the resources required to restore them and maintain all of its assets. This would put the Corporation at risk of not safeguarding its assets and of not meeting its mandate. However, we found that the Corporation had good systems and practices in the other operational areas. The Corporation developed long-term plans for the National Capital Region, managed capital projects required to support the achievement of these plans, and completed regular assessments on the condition of its assets. The Corporation also had good systems and practices to complete its business process transformation, which included improving its management information system.

27. This finding matters because without adequate resources, the Corporation might not be able to meet an important part of its mandate, which is to maintain and preserve its assets and historic places in the National Capital Region. It might also not be able to meet its obligation under the Financial Administration Act to safeguard its assets.

28. Our analysis supporting this finding discusses the following topics:

29. As one of the largest owners and managers of property in Canada’s Capital Region, the Corporation collaborates with the cities of Ottawa and Gatineau as well as several other municipalities on many initiatives, including public programming, planning, and property and land stewardship.

30. As a key part of its mandate, the Corporation develops and implements long-term plans for the National Capital Region. The Corporation collaborates with provincial and municipal partners, and with local Indigenous communities, to harmonize these various plans in the Capital Region. The Corporation also seeks public and stakeholder feedback. The most recent example is the Plan for Canada’s Capital, on which the Corporation sought comments from Canadians in the summer of 2016.

31. To increase operational efficiency, the Corporation implemented a business optimization project, which made improvements in its internal processes, service delivery, and information systems. As part of this project, the Corporation replaced its financial system with a broader management information system.

32. Our recommendation in this area of examination appears at paragraph 39.

33. National Capital long-term planning. We found that the Corporation had established a framework and completed consultations at various levels in the development of its plans for the National Capital Region (Exhibit 3).

Exhibit 3—National Capital long-term planning—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Capital planning framework

The Corporation developed and implemented coherent and harmonized plans for preserving the Capital’s heritage.

Management had established a new Capital planning framework, the Capital Master Plan, which was approved by the Board. The Capital Master Plan incorporated all the various plans for preserving the Capital’s heritage required for the Corporation to meet its mandated objectives.

Management had established a schedule to complete its plans and a process for reporting to the Board on the progress of these plans.

Check  mark in a green circle, meaning met the criteria

Consultation

The Corporation had a process in place to consult with municipalities and other stakeholders in order to identify and consider regional needs, plans, priorities, and planning direction in the development of its plans for the National Capital Region.

The Corporation routinely consulted with key stakeholders, including municipalities and the public, to identify regional needs, plans, and priorities. It took these into account when developing its plans for the National Capital Region, including master plans, priorities, and proposed strategic directions.

Check  mark in a green circle, meaning met the criteria

34. Capital project management. We found that the Corporation had good systems and practices in place to manage its capital projects (Exhibit 4).

Exhibit 4—Capital project management—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Assigning roles and responsibilities for capital project management

Roles, responsibilities, authority, and accountability for capital project management were defined and implemented.

Management had established a policy and management framework to govern and direct the management of its capital projects. The policies and management framework clearly set out roles and responsibilities between the Capital Stewardship Branch and the Capital Planning Branch over the capital project planning and implementation life cycle, as well as authority for the management of capital projects.

Check  mark in a green circle, meaning met the criteria

Capital project prioritization

Project management systems and practices in place allowed the Corporation to identify and prioritize its capital projects according to their importance and their alignment with strategic objectives.

Management identified projects that needed to be carried out and established priorities through its annual Multi-Year Capital Program planning process. The prioritization process was guided primarily by the Corporate Plan’s strategic direction and priorities and followed clearly defined timelines, criteria for selection, reviews, and approval authorities.

Check  mark in a green circle, meaning met the criteria

Capital project management

Project management framework allowed the Corporation to plan and manage approved capital projects in order to ensure that scope, cost, schedule, and quality objectives were met and that risks were identified and mitigated to reduce threats to the achievement of the project objectives.

Management had an established project management framework and policies to facilitate the planning and delivery of capital projects and managed its projects in accordance with this framework.

Check  mark in a green circle, meaning met the criteria

35. Asset management and protection. We found a significant deficiency in asset maintenance. We also found that the Corporation had appropriate systems and practices in place for the life cycle maintenance program for its assets, the oversight of its rental portfolio, and the management of its environmental risks (Exhibit 5).

Exhibit 5—Asset management and protection—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Life cycle maintenance program

The Corporation established and implemented a preventive maintenance program that was based on regular assessment of the physical condition of its assets and allowed for an assessment of priorities in the completion of the required work.

Management had established and implemented policies and procedures to complete regular assessments of the condition of its assets. These policies and procedures covered the full life cycle for asset management and were designed to support corporate priorities.

Check  mark in a green circle, meaning met the criteria

Asset maintenance

In order to complete the required maintenance work, the Corporation established and implemented maintenance work plans that allocated human, material, and financial resources for all priority maintenance work in a timely manner, taking into account the resources available.

Significant deficiency

The Corporation allocated available resources to assets that it had prioritized for maintenance. However, this meant that it delayed the maintenance work on many assets. The Corporation assessed the condition of 27 percent of its assets as fair, poor, or critical, and identified a shortfall in resources needed to restore those assets. The Corporation’s analysis also showed that it might not be able to maintain and preserve all its assets at an acceptable level in the future.

Minus sign in a red circle, meaning did not meet the criteria

Rental portfolio management

The Corporation had systems and practices to optimize leasing opportunities and provide effective oversight of rental property managers.

Management had processes in place to identify and communicate leasing opportunities and to provide oversight of its portfolio of rental properties.

Check  mark in a green circle, meaning met the criteria

Management of environmental risks

The Corporation had established a system of management controls designed to provide assurance to management and the Board that the Corporation’s environmental risks were routinely assessed and managed to reduce or eliminate potential environmental impacts or liabilities and achieve compliance with environmental requirements.

The Corporation had established an environmental strategy as a guiding document to mitigate potential negative environmental impacts of its activities. Mitigation measures for identified environmental risks were outlined in corporate plans and strategies. Progress on these measures was communicated to senior management and to the Board.

Check  mark in a green circle, meaning met the criteria

36. Significant deficiency—Asset maintenance. Management carried out its identified priority asset maintenance work on the basis of the available resources. Because its resources were limited, the Corporation had to delay maintenance on other assets. The Corporation’s recent data on asset conditions indicated that 10 percent of its assets were in poor or critical condition and 17 percent were in fair condition. These assets included some official residences, such as 24 Sussex Drive, other heritage buildings, bridges, parkways, and shorelines that are core to the Corporation’s activities. Many of these assets generated revenue to support the achievement of the Corporation’s mandate.

37. Through various initiatives over the last few years, the Board and management identified and took steps to mitigate the risk that the resources were not sufficient to restore and maintain the Corporation’s assets and that the Corporation might not be able to safeguard its assets or meet its mandate in the future. However, as described in paragraph 18, the Board and management did not clearly describe this strategic risk in the annual corporate plan to inform the government of this issue, or describe the mitigation strategy and its related financial impact. By the end of the period covered by the audit, management was finalizing a detailed asset-by-asset analysis to quantify the resources required to restore its deteriorating assets to a good condition and to identify the annual level of resources needed to maintain and preserve all its assets.

38. This significant deficiency matters because if the Corporation’s assets continue to deteriorate, it might not meet its mandate, and the assets could cause health and safety issues.

39. Recommendation. The Corporation should develop a full range of options to address its strategic risk related to asset maintenance, based on a complete analysis of the resources needed to restore and maintain its assets. The Corporation should work with appropriate government entities, through the corporate planning process and other means, so that steps are taken to address this strategic risk.

The Corporation’s response. Agreed. The Corporation has been actively working with other government entities to secure additional government funding to allow the Corporation to restore and maintain its assets. Since the 2009–10 fiscal year, the Corporation has not received any increases in funding other than for specific purposes, mostly of a temporary nature. To reduce the impact of the financial pressures, the Corporation implemented strategies to generate revenues and contain costs, and identified opportunities for partnerships and collaborations. This was in addition to ongoing efforts to catalogue and understand the nature and extent of deferred maintenance. These efforts culminated in identifying this risk in the 2017–2018 to 2021–2022 Corporate Plan approved by the Board in January 2017 and submitted to the government for its approval. The Corporation will finalize its analysis of the level of resources necessary to restore and maintain its assets, develop a range of options to address those needs, and take steps to request the necessary approvals by 30 June 2017.

40. Business process transformation. We found that the Corporation had good systems and practices for acquiring, developing, and implementing its business optimization project, which replaced the Corporation’s existing financial system with a broader management information system (Exhibit 6).

Exhibit 6—Business process transformation—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

System acquisition, development, and implementation

In order to realize the business optimization project, information technologyIT solutions were identified, developed, or acquired, as well as implemented into the business process.

The Corporation established an effective process for planning, developing, and approving the business and technical requirements of the business optimization project. It also conducted user validation testing of the proposed solution to determine that management could deliver, operate, and maintain it.

Check  mark in a green circle, meaning met the criteria

Training and development of users

A training and development program on the business optimization systems and processes was in place and enabled the acquisition, maintenance, and development of skills and competencies needed to carry out required work and meet objectives.

Management developed and implemented a comprehensive training plan for the first phase of the business optimization project. The training plan enabled users to acquire, maintain, and develop the skills and competencies needed to carry out the required work.

Check  mark in a green circle, meaning met the criteria

Conclusion

41. In our opinion, based on the criteria established, with the exception of the significant deficiency we found in asset maintenance, there were no significant deficiencies in the National Capital Commission’s systems and practices that we examined for corporate management and the management of National Capital Region operations. We concluded that the Corporation has maintained these systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.

About the Audit

This independent assurance report was prepared by the Office of the Auditor General of Canada on the National Capital Commission. Our responsibility was to express

Under section 131 of the Financial Administration Act (FAA), the National Capital Commission is required to maintain financial and management control and information systems and management practices that provide reasonable assurance that

In addition, section 138 of the FAA requires the Corporation to have a special examination of these systems and practices carried out at least once every 10 years.

All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard for Assurance Engagements (CSAE) 3001—Direct Engagements set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.

The Office applies Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.

In conducting the audit work, we have complied with the independence and other ethical requirements of the Rules of Professional Conduct of Chartered Professional Accountants of Ontario and the Code of Values, Ethics and Professional Conduct of the Office of the Auditor General of Canada. Both the Rules of Professional Conduct and the Code are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.

In accordance with our regular audit process, we obtained the following from management:

Audit objective

The objective of this audit was to determine whether the systems and practices we selected for examination at the National Capital Commission were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

Scope and approach

Our audit work examined the National Capital Commission. The scope of the special examination was based on our assessment of the risks the Corporation faced that could affect its ability to meet the requirements set out by the Financial Administration Act.

As part of our examination, we selected and tested samples from a targeted population of items to determine whether systems and practices were in place and were functioning as intended. The targeted population of items included Board of Directors and senior management meeting minutes, approvals of projects on federal lands, risk identification and mitigation strategies, performance indicators, capital projects, rental properties, and asset inspection reports. Sampling was used to determine whether selected attributes or characteristics of the populations tested were correctly specified and could be relied upon.

For asset management and protection, representative sampling was used to examine the systems and practices of 51 assets. The sample was randomly selected subject to the constraint that the distribution across the portfolio types in the sample reflected the actual distribution in the population. A sample of 51 assets is sufficient in size to conclude on the sampled population of 6,629 assets with a margin of error of no more than +10 percent at a confidence level of 90 percent.

In performing our work, we also reviewed documents and interviewed members of the Board of Directors, senior management, and employees of the Corporation. During the period covered by the audit, we observed some meetings of the Board of Directors and its committees.

The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.

In carrying out the special examination, we relied on the internal audit of National Capital long-term planning.

Sources of criteria

The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.

Corporate governance

Organisation for Economic Co-operation and DevelopmentOECD Guidelines on Corporate Governance of State-Owned Enterprises, Organisation for Economic Co-operation and Development, 2015

Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005

Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Treasury Board Secretariat, 1996

Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014

20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007

20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006

Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013

Strategic planning, risk management, and performance measurement and reporting

Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005

Guidelines for the Preparation of Corporate Plans, Treasury Board Secretariat, 1996

Framework for the Management of Risk, Treasury Board Secretariat, 2010

20 Questions Directors Should Ask about Strategy, third edition, Canadian Institute of Chartered Accountants, 2012

20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006

20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007

OECD Guidelines on Corporate Governance of State-Owned Enterprises, Organisation for Economic Co-operation and Development, 2015

Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013

Enterprise Risk Management—Integrated Framework, Executive Summary, Committee of Sponsoring Organizations of the Treadway Commission

Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015

National Capital long-term planning

National Capital Act

Capital project management

National Capital Act

Policy on the Management of Projects, Treasury Board, 2007

Standard for Project Complexity and Risk, Treasury Board Secretariat, 2007

Organizational Project Management Capacity Assessment Tool, Treasury Board Secretariat

Asset management and protection

Financial Administration Act

National Capital Act

International Organization for StandardizationISO 14001—Environmental Management Systems, International Organization for Standardization

Improving Environmental Performance and Compliance: 10 Elements of Effective Environmental Management Systems, Commission for Environmental Cooperation, 2000

Business process transformation

Control Objectives for Information and related TechnologyCOBIT 4.1 Framework for IT Governance and Control—PO10.2 (Project Management Framework), PO10.3 (Project Management Approach), PO10.5 (Project Scope), PO10.6 (Project Phase Initiation), PO10.13 (Project Performance Measurement, Reporting and Monitoring), DS6.2 (Project Costs), AI2.1 (High-level Design), AI2.2 (Detailed Design), AI2.8 (Software Quality Assurance), AI2.9 (Applications Requirements Management), and AI4.1 (Planning for Operational Solutions), Information Systems Audit and Control AssociationISACA

Policy on Learning, Training and Development, Treasury Board, 2006

Ultimate Human ResourcesHR Manual, Human Resource Professionals Association and Commerce Clearing HouseCCH

Period covered by the audit

The special examination covered the period between 1 February and 31 December 2016. This is the period to which the audit conclusion applies. However, to gain a more complete understanding of the significant systems and practices, we also examined certain matters that preceded the starting date of the special examination.

Date of the report

We obtained sufficient and appropriate audit evidence on which to base our conclusion on 29 March 2017 in Ottawa, Ontario.

Audit team

Principal: Margaret Haire

Director: Sophie Boudreau

Jason Blom
Sophie Chen
Jan-Alexander Denis
Jason Ference
Marc-André Gervais
Geneviève Hivon
Sara-Amanda Houle
Jocelyn Lefèvre
Bruce Sloan

List of Recommendations

The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.

Corporate management practices

Recommendation Response

25. The Corporation should establish and approve a comprehensive enterprise risk management framework that

  • sets risk tolerances,
  • assesses strategic and operational risks through a consistent and integrated process, and
  • provides comprehensive risk information for decision making. (17–24)

The Corporation’s response. Agreed. The Corporation will continue to advance a comprehensive and integrated enterprise risk management framework that will set risk tolerances, assess strategic and operational risks, and provide comprehensive risk information for decision making. The framework will be completed by 31 March 2018, based on a thorough strategic risk assessment completed in the 2016–17 fiscal year.

Management of National Capital Region operations

Recommendation Response

39. The Corporation should develop a full range of options to address its strategic risk related to asset maintenance, based on a complete analysis of the resources needed to restore and maintain its assets. The Corporation should work with appropriate government entities, through the corporate planning process and other means, so that steps are taken to address this strategic risk. (35–38)

The Corporation’s response. Agreed. The Corporation has been actively working with other government entities to secure additional government funding to allow the Corporation to restore and maintain its assets. Since the 2009–10 fiscal year, the Corporation has not received any increases in funding other than for specific purposes, mostly of a temporary nature. To reduce the impact of the financial pressures, the Corporation implemented strategies to generate revenues and contain costs, and identified opportunities for partnerships and collaborations. This was in addition to ongoing efforts to catalogue and understand the nature and extent of deferred maintenance. These efforts culminated in identifying this risk in the 2017–2018 to 2021–2022 Corporate Plan approved by the Board in January 2017 and submitted to the government for its approval. The Corporation will finalize its analysis of the level of resources necessary to restore and maintain its assets, develop a range of options to address those needs, and take steps to request the necessary approvals by 30 June 2017.