Introduction

Background

1. The Canadian Commercial Corporation is a federal Crown corporation that connects Canadian exporters to global government procurement markets and foreign government buyers. The Corporation reports to Parliament through the Minister of International Trade Diversification.

2. As the Government of Canada’s international contracting agency, the Corporation facilitates government-to-government contracting. The Corporation also helps federal organizations procure goods and services so that the organizations can deliver their programs in other countries. The Corporation charges fees for its services with the exception of sales to the United StatesUS Department of Defense under the Canada–US Defence Production Sharing Agreement.

3. Historically, the Corporation’s operations focused on aerospace, defence, security, and infrastructure. In recent years, the Corporation successfully secured a few large defence contracts that yielded enough revenue to fund operations. The Government of Canada gradually phased out its budget appropriation, with the final $3.5 million appropriation received for the 2016–17 fiscal year (Exhibit 1). In its 2017–18 Statement of Priorities, the Minister of International Trade Diversification directed the Corporation to ensure that it remained fiscally sustainable.

4. The Corporation developed a diversification strategy in 2017 to address the risk of depending on a few significant contracts in one sector and to contribute to long-term fiscal sustainability. The strategy focused on industries that could leverage the Corporation’s value proposition—that is, the value that the Corporation provides to international buyers.

5. To support the strategy, the Corporation reorganized its business lines to focus on five sectors—aerospace, construction and infrastructure, clean technology, information and communications technology, and defence—under two business units:

• International Commercial Business, for aerospace; construction and infrastructure; clean technology, environment, and energy; information and communications technology; and security; and
• Global Defence and Security, for sales to the US Department of Defense and to other global markets.

The Corporation’s five priority regions include the United States, the Middle East, Latin America and the Caribbean, Asia, and Africa.

6. The Corporation is headquartered in Ottawa and employs approximately 135 people belonging to various disciplines, such as finance, procurement, project management, law, and international trade.

Focus of the audit

7. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canadian Commercial Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

8. In addition, section 139 of the Financial Administration Act requires that we state an opinion, with respect to the criteria established, on whether there was reasonable assurance that there were no significant deficiencies in the systems and practices examined. A significant deficiency is reported when the systems and practices examined did not meet the criteria established, resulting in a finding that the Corporation could be prevented from having reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.

9. Based on our assessment of risks, we selected systems and practices in the following areas:

• corporate management practices, and
• management of business development and contracting.

The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.

10. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.

Findings, Recommendations, and Responses

Overall message

11. Overall, we found no significant deficiencies in the Canadian Commercial Corporation’s systems and practices. We found that the Corporation had well-managed systems and practices for both corporate management and operations; however, we noted areas that could be improved. These areas related to establishing systematic processes at the business unit level for planning operations and identifying risks. Furthermore, we found that the Corporation’s due diligence processes for transactions did not adequately consider human rights issues.

Corporate management practices

The Corporation had good corporate governance practices, but some improvements were needed

12. We found that the Corporation had good corporate governance practices. However, we found that the Corporation did not formally document planning processes and that business units did not prepare operational plans in the same way. We also found that business units did not identify and assess risks systematically.

13. Our analysis supporting this finding discusses the following topics:

• Corporate governance
• Strategic planning
• Corporate risk management

14. The Corporation is governed by a Board of Directors, which consists of the Chairperson and nine directors. The Governor in Council^{Definition i} appoints the Chairperson, while the Minister of International Trade Diversification appoints the nine directors with the approval of the Governor in Council. The Governor in Council also appoints the Corporation’s President and Chief Executive Officer. At the start of the period covered by the audit, all nine director positions had expired. By the end of the period, the Minister had appointed six directors, including three who were reappointed to their positions.

15. Our recommendations in this area of examination appear at paragraphs 21, 22, and 26.

16. Analysis. We found that the Corporation had good practices in corporate governance (Exhibit 2).

17. Analysis. The Corporation had good practices in performance measurement, monitoring, and reporting. However, it had several weaknesses in its strategic planning processes (Exhibit 3).

18. Weaknesses—Strategic planning processes. We found that the Corporation did not formally document its strategic planning processes to ensure consistent application year over year and across business units. Our findings are consistent with those of the Corporation’s internal audit. We also observed that the Corporation’s business units did not prepare operational plans in the same way—and that those plans did not always consider interdependencies between business units.

19. We also found that the Minister of International Trade Diversification did not approve the Corporation’s 2018–19 to 2022–23 corporate plan. The Corporation originally submitted the draft plan in January 2018, and the Minister returned it requesting amendments to reflect the cancellation of a significant contract. The Corporation resubmitted the plan in August 2018, but it remained unapproved at the end of the period covered by the audit. The Corporation attempted to engage the Minister to secure approval of the plan. Government approval of corporate plans is a process outside the Corporation’s control.

20. These weaknesses matter because inconsistent strategic planning processes may not provide the level of detail required to support the Corporation in achieving its strategic objectives. Furthermore, corporate plans outline a five-year strategic and financial direction. Many of the Corporation’s transactions span several years and require long-term planning. The lack of an approved corporate plan limits the ability of the Corporation to assure its suppliers and the foreign governments it works with that it can carry out its contracts to their conclusion.

21. Recommendation. The Corporation should document its strategic planning processes and link them to operational planning. The Corporation should also ensure that its strategic planning processes are consistently applied and integrated across the organization.

The Corporation’s response. Agreed. The Corporation will document its strategic planning processes and provide better linkages to operational planning. The Corporation will continue to strengthen its business plans through increased guidance while also focusing on integration and interdependencies between the respective plans. The Corporation will continue to evolve its business planning process and include regular touch points throughout the year to ensure accountability for deliverables identified within the plans. The strategic process documentation and related improvements will be completed by 30 September 2019.

22. Recommendation. The Corporation should continue to work with the government to ensure that its 2019–20 to 2023–24 corporate plan is approved.

The Corporation’s response. Agreed. The Corporation notes that government stakeholder consultations take place regularly and that the status of the corporate plan is frequently discussed. The Corporation will continue these discussions and work toward having the 2019–20 to 2023–24 corporate plan formally approved.

23. Analysis. We found that the Corporation had good risk management practices. However, we found a weakness in the Corporation’s risk identification and assessment (Exhibit 4).

24. Weakness—Risk identification and assessment. The Corporation’s process for identifying and assessing corporate risks included 14 risks across three categories: strategic, operational, and transactional. However, we found that the Corporation did not have formal processes for systematically collecting risk information at the business unit level. This meant that the process for identifying and assessing risk at the business unit level was not systematic.

25. This weakness matters because without a formal process of collecting risk information from business units, the Corporation might not identify, assess, mitigate, and monitor certain risks.

26. Recommendation. The Corporation’s process for identifying risks should ensure that risk information is collected at the business unit level.

The Corporation’s response. Agreed. The Corporation will provide additional guidance on risk identification and assessment to business units as part of its business plan process. Additional focus on the business plans at the Risk and Opportunities Committee will also be established. These improvements will be completed by 30 September 2019.

Management of business development and contracting

27. Through contracts with foreign government buyers, the Corporation guarantees delivery of a Canadian exporter’s goods or services. The Corporation also holds a contract with the Canadian exporter, which requires the exporter to fulfill its contract with the foreign government buyer. As a result, the Corporation assumes and mitigates risks, such as financial or political, for the Canadian exporter and the foreign government buyer. Before concluding these contracts, the Corporation assesses the risks to the transaction, which include

• the risk of the Canadian exporter not having the technical, managerial, or financial capacity to fulfill the contract;
• the risk of the foreign government buyer not concluding the contract or paying; and
• any other risks associated with the project that could affect its likelihood of success, including reputational risks such as corruption and bribery risks.

28. The Corporation’s transactions can involve exports of controlled goods, such as some military or dual-use goods or technology. Such controlled goods are subject to the Export and Import Permits Act, which requires that an export permit be issued by Global Affairs Canada before the goods can be exported. Once a contract has been signed, the exporter submits an application for an export permit to the Export Controls Operations Division of Global Affairs Canada, for a review of the facts of the export to ensure consistency with Canada’s foreign and defence policies. On the basis of this review, the Minister of Foreign Affairs decides whether to grant an export permit in a particular set of circumstances. The Corporation is not involved in the decision as to whether the export of a controlled good or service can proceed, but assesses the risk associated with the export permit approval as part of the due diligence process.

The Corporation had good business development practices, but there were weaknesses in its contracting processes

29. We found that improvements were needed in the Corporation’s due diligence processes related to managing risk in its contracts. In particular, the Corporation did not adequately consider risks related to human rights in its contracting processes. We also found weaknesses in the Corporation’s monitoring systems that track contract costs.

30. Our analysis supporting this finding discusses the following topic:

• Business development and contracting

31. Our recommendations in this area of examination appear at paragraphs 35 and 38.

32. Analysis. We found that the Corporation had good business development practices. However, we found weaknesses in the Corporation’s contract management and performance monitoring and reporting processes (Exhibit 5).

33. Weakness—Contract management. We reviewed the Corporation’s due diligence processes to assess whether the risks posed by potential contracts were well identified, assessed, and considered before a transaction was approved. In the transactions we examined, we found that the Corporation assessed certain areas of suppliers’ due diligence, such as business integrity (corruption and bribery risks) and suppliers’ technical, managerial, and financial risks associated with a proposed transaction. However, we found that the Corporation did not have a formal process for reviewing human rights issues that related to the transactions. At the time of our audit, the Corporation was implementing due diligence processes to address these issues.

34. This weakness matters because the Corporation has committed to the highest ethical standards in business dealings both in Canada and abroad. Entering into transactions associated with human rights concerns exposes the Corporation to reputational risks and to transactional risks if human rights issues prevent Global Affairs Canada from issuing an export permit.

35. Recommendation. The Corporation should establish and implement due diligence processes for human rights risks. These processes should properly assess and mitigate risks, both as the contract is prepared and for its duration. The Corporation should consult with external partners, such as Global Affairs Canada, as part of these due diligence processes, where relevant.

The Corporation’s response. Agreed. The Corporation is revising its ongoing risk assessment and transactional due diligence to ensure that human rights, transparency, and responsible business conduct (RBC) are core guiding principles. The review will result in modifications to the Corporation’s policy suite to include improved policies and systematic procedures that will constitute an “Enhanced RBC Framework” intended for implementation by June 2019. The framework will assess and develop risk mitigation strategies with respect to human rights risks in the Corporation’s transactions. The Corporation recently established a Human Rights Committee to conduct due diligence reviews for human rights concerns. The Corporation will continue to consult with officials at Global Affairs Canada in its human rights assessments and ensure that human rights risks are reviewed at the outset and throughout a transaction. These improvements will be completed by 30 November 2019.

36. Weakness—Performance monitoring and reporting. The Corporation did not have monitoring systems and practices in place for project costs. As a result, the Corporation was unable to track actual costs incurred on a contract to compare those costs with the estimated pricing, nor could the Corporation be assured that fees charged on contracts covered all related costs.

37. This weakness matters because these systems and practices are needed to validate and inform the pricing for the Corporation’s services and to help the Corporation achieve long-term financial sustainability. The Corporation cannot assess whether its fees on individual contracts contribute to a fiscal sustainability without adequate monitoring information related to fees and profit on contracts.

38. Recommendation. The Corporation should develop and implement monitoring systems and practices that will provide information on contract fees and profit to inform decisions around contract pricing and the Corporation’s fee structure.

The Corporation’s response. Agreed. The Corporation will review options on monitoring systems and practices that could strengthen information gathering on contract costs to better inform decision making around the Corporation’s fee structure. The selected options will be implemented by 31 December 2019.

Conclusion

39. In our opinion, based on the criteria established, there was reasonable assurance there were no significant deficiencies in the Canadian Commercial Corporation’s systems and practices that we examined. We concluded that the Corporation maintained its systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.