Operating context and key risks

Office of the Auditor General of Canada2018–19 Departmental Plan

Operating context: Conditions affecting our work

The operating context of the Office of the Auditor General of Canada is most affected by developments in the auditing and accounting professions, and by changes in government operations.

Professional developments

All of our audits are planned, performed, and reported in accordance with professional auditing standards. As these standards evolve, we integrate changes into the Office’s methodology, tools, and training to ensure that our auditors remain well equipped to conduct their work.

New and amended Canadian Auditing Standards applicable to the practice of financial auditing were issued in Canada in 2017, for application in 2018. Most notably, changes include a new auditor’s report that provides more transparency on important aspects of the audit and better describes what an audit is and what an auditor does.

Auditing standards also changed for direct engagement audits (that is, performance audits and special examinations). The Canadian Standard for Assurance Engagements (CSAE) 3001—Direct Engagements, which contains new and amended standards, came into effect in Canada on 30 June 2017 and we are now conducting the first round of audits that are applying it.

In addition, a number of new financial accounting standards, both Public Sector Accounting Standards and International Financial Reporting Standards, became applicable to financial reports during this past fiscal year.

Government operations

The federal government’s budgeted program expenditures for 2017–18 were $50 billion higher than its actual program expenses in 2014–15. These expenditures appear in government financial statements, and the Office must audit them. They also increase the size of our audit universe for performance audits, requiring us to develop a knowledge of these expanded operations and their risks. The federal government has given us three new financial audits to conduct each year. For two of these, we must also do a periodic special examination.

The federal government has had challenges in implementing its new payroll system, which has caused us to change our financial audit approach for payroll and payroll-related expenses. We expect we will need to keep this change in place for a number of years. We will also have to increase our capability to audit information systems and assess evolving information technology (IT) security controls to obtain audit evidence about large IT systems that store and process financial data while they are being developed.

The nature of government transactions is becoming more complex, which means that we need more capacity to audit them. Derivative financial instruments are more prevalent and more complex. New infrastructure arrangements, including different public–private partnership arrangements are being used. More complex pension investments are being made by pension funds such as the Public Sector Pension Investment Board. The government always has complex programs under way, such as purchasing new fighter jets and naval ships, carrying out large infrastructure programs, and implementing new IT systems. The complexity of government programs requires us to develop an adequate understanding of these programs even before we start our performance audits.

Finally, we need to change the way we do follow-up audits to provide parliamentarians and the government with better information on the impact of our audits on results for Canadians.

Key risks: Things that could affect our ability to achieve our plans and results

The ongoing and evolving changes in our environment are putting a significant strain on the Office’s resources and ability to deliver high-quality products on a timely basis. In addition, our funding is stable while our operating expenses continue to increase. In particular, our information technology capacity is insufficient to address pending requirements.

Internally, we have made many changes to our organization. We have changed the roles and responsibilities of our senior audit managers. We have put in place a renewed Bilingualism in the Workplace Strategy, and an updated Policy on Learning and Professional Development. We expect these changes to generate many benefits for the Office, but we also recognize that this level of change can be unsettling, and that we need to manage these changes as effectively as possible.

Key risks

Risks Risk response strategy Link to the Office’s Core Responsibilities Link to the Office’s strategic priorities

Budget and funding pressures

The Office is facing capacity pressures in a number of areas, including audit operations, audit services, and corporate services. This situation is affecting the Office’s ability to deliver essential services, deliver quality products in a timely manner, and meet compliance requirements. It is also affecting staff morale.

Actions:

  • Funding proposal has been submitted to the Minister of Finance.
  • Treasury Board Submission to be finalized.
  • In the meantime, the Office will continue with the currently planned program and outputs for the 2018–19 fiscal year.
  • Executive Committee is providing enhanced oversight of spending decisions and developing priorities for longer-term budget implementation.
  • The Office will eliminate work that is not necessary to fulfill requirements of professional standards, legal and regulatory requirements, and internal service standards.

Risk appetite:

  • While having in place key elements of corporate governance, the Office cannot live with non-compliance with significant- and high-risk laws, policies, and regulations.
  • The Office cannot live with a failure to comply with professional standards while it seeks to eliminate work that is not essential to achieve this compliance.
  • The Office will meet all client-accepted service standards as efficiently as possible.

Measures:

  • Reduction of vacancies in approved full-time equivalents and ideal audit profiles.

Legislative auditing

To be a financially well-managed organization accountable for the use of resources entrusted to it

IT systems and security

The Office’s current information technology (IT) security controls do not reduce security risk to a level acceptable to the Office. In addition, we are facing the potential failure of some of our IT systems, with an immediate need to replace our human resource management system.

Actions:

  • A roadmap has been developed to guide maintenance and updating of all IT systems.
  • A multi-year IT security self-assessment plan has been developed and is being implemented.
  • The funding proposal identifies resource needs to address IT systems and security requirements.

Risk appetite:

  • While having in place key elements of corporate governance, the Office cannot live with non-compliance with significant- and high-risk laws, policies, and regulations.
  • The Office will meet all client-accepted service standards as efficiently as possible.

Measures:

  • Reduction in delays in implementing IT roadmap
  • Implementation of IT security plan according to schedule

Legislative auditing

To ensure effective, efficient, and accountable Office governance and management

Enhancing value

The Office wants to enhance and demonstrate its value to Parliament and Canadians, both in the selection and conduct of individual audits, and through the type of assurance and other products it offers.

Actions:

  • Develop a plan for the performance audit practice to measure and report on the Office’s impact on improving results for Canadians.
  • Continue implementation of the attest audit (AA) vision project.
  • Complete the mandate review for special examinations.

Risk appetite:

  • While the Office cannot live with an error on a substantive point in an audit report, it wants staff to seek ways to maximize the value we add and is prepared to live with some failures in these efforts.
  • The Office cannot live with a failure to comply with professional standards while it seeks to eliminate work that is not essential to achieve this compliance.

Measures:

  • Development of a plan to measure results in performance audits
  • Implementation of the AA vision plan according to schedule
  • Decision on requesting a change to the special examination mandate

Legislative auditing

To report what is working, areas for improvement, and recommendations in a manner that is understandable, timely, fair, and adds value

To ensure selection and continuance of audit products likely to have significant impact and value

Transitioning Office senior management

While the Office believes this situation is well managed, it acknowledges that the significant changes to the senior management of the Office that will occur in the coming few years need to be managed effectively to ensure the continued strong oversight and management of the Office.

Actions:

  • Ongoing succession planning and talent management

Risk appetite:

  • The Office cannot live with a failure to develop a skilled, engaged, and bilingual workforce.

Legislative auditing

To develop and maintain a skilled, engaged, and bilingual workforce