Joint Report of the Audit Committee and Chief Audit Executive to the Chief Electoral Officer of Canada for the Year 2017–18
This report summarizes the activities of the Departmental Audit Committee (DAC) and the Chief Audit Executive (CAE) of Elections Canada (EC) for the fiscal year 2017–18.
As of April 1, 2017, the revised Treasury Board (TB) Policy Suite on Internal Audit no longer requires annual reporting by either DACs or CAEs. However, the DAC and the CAE decided in August 2017 to prepare a single report on an annual basis presenting an integrated perspective of EC's audit-related activities.
B. Departmental Audit Committee
The Departmental Audit Committee was established in compliance with the Federal Accountability Act. It is composed of external members and the Chief Electoral Officer (CEO). It provides the CEO with independent advice on stewardship, management controls and accountability practices. The Terms of Reference guide the Committee's activities.
Throughout 2017–18, the Committee was chaired by the acting CEO, Stéphane Perrault. External members were Kevin Lindsey, André Grondines and Karen Jackson. The Committee held four regular meetings during the year: August 16 and October 26, 2017, and February 7 and March 28, 2018. The Committee also met on October 25, 2017 for a special meeting on the Corporate Transformation Agenda. There was full attendance at all meetings.
A representative of the Office of the Auditor General (OAG) attended the meetings, as did the CAE, the Deputy Chief Electoral Officer, Internal Services (also the agency's Chief Financial Officer (CFO)), and the Assistant Director, Assurance. As required, members of senior management and staff made presentations and responded to matters raised by the Committee. All meetings included in camera sessions between the external members and the Chair.
C. Internal Audit
The internal audit function provides independent and objective assurance services to add value to the agency and improve its operations. It plans and conducts its activities in accordance with sections 16.1 and 16.2 of the Financial Administration Act and the TB Policy Suite on Internal Audit, as adapted to EC's status as an agent of Parliament (AoP). Audit activities are determined by the agency's Risk-based Audit Plan (RBAP). The current triennial RBAP was developed following a comprehensive assessment by senior management of organizational risks and assurance needs.
The CAE is Josée Villeneuve, who also serves as Senior Director, Electoral Integrity. She reports on the management of internal audit matters to the Deputy Chief Electoral Officer, Regulatory Affairs, as well as directly to the CEO and the Committee, as necessary. The Assistant Director, Assurance, Erik Lairot, manages audit engagements and supports the Audit Committee. A newly-appointed member of the Internal Audit team, Rhianne Saville, will provide analytical and logistical support on a part-time basis.
D. 2017–18 Year in Review
i) Highlights for DAC and CAE
Revised Treasury Board Policy Suite on Internal Audit
In April 2017, a revised TB Policy Suite on Internal Audit replaced the 2012 policy suite. Changes applicable to all federal institutions streamlined the instruments, removed conflicting audit requirements and clarified the role and responsibilities of the Comptroller General of Canada. AoPs continue to be excluded from a number of requirements. Changes were presented and discussed at the August 2017 EC DAC meeting. The following decisions were taken at the meeting:
Mandatory Internal Audit Function
The revised policy suite made the internal audit function mandatory only in departments that have a reference level greater than $300 million per year. However, it was decided that EC should continue to have an internal audit function given its operating environment and the limited oversight by central agencies of AoPs.
Qualifications of the Chief Audit Executive
CAEs designated by AoPs are not required to possess an internal audit certification or a professional accounting designation. Nonetheless, the Committee recommended that the CAE obtain the internal audit certification.
DAC Chair Eligibility
The policy suite introduced a new requirement for audit committee chairs in departments to be from outside the federal public administration unless an exemption is granted by the Comptroller General of Canada. While AoPs are exempt from this requirement, it was decided that the CEO would continue to chair the Audit Committee until otherwise decided.
Audit Members to Proactively Disclose Remuneration and Expenses Annually
As an AoP, EC is not required to proactively disclose remuneration and expenses (including travel and hospitality) of DAC members. However, it was decided that disclosure would be adopted as a best practice. This will be implemented in 2018–19, based on guidelines provided by the Office of the Comptroller General.
Audit Members to Disclose Activities Annually
As an AoP, EC is not required to proactively disclose—at least annually—all new activities, interests or appointments of the external DAC members. This is done to assess whether they may impair, or be seen to impair, their ability to discharge their duties in an independent and objective manner. However, it was decided that activity disclosure would be adopted as a best practice. It will be implemented in 2018–19.
CAE and DAC Annual Reports No Longer Required
The policy suite no longer requires annual reporting by the CAE and DAC, although it may be required by the Deputy Head. The CAE and DAC decided to collaborate to produce a single report on an annual basis.
Corporate Transformation Agenda
Elections Canada is in the process of implementing a significant transformation agenda, comprising over 20 projects, to modernize service delivery and renew critical assets for the 43rd general election and beyond. Most of the projects are IT-enabled and involve significant corporate change management.
A special meeting of the DAC was held on October 25, 2017 to review the risk factors and project management plans of four key transformation initiatives. The DAC underscored the importance of agile governance and integrated oversight of all major projects, adequate project management capacity, thorough contingency planning, change management leadership, and robust and integrated testing of solutions.
The DAC recommended that EC conducts an external review of the aggregated project plans and their impacts. As a result, Gartner Consulting was hired and carried out an independent review of EC's Transformation Agenda, focusing on 12 projects carrying the highest risk and cost. Preliminary results were presented by Gartner Consulting at the March 28, 2018 DAC meeting, including recommendations to mitigate the implementation risks of the current projects and enhance the agency's capacity to execute future IT-enabled projects.
ii) Activities of the Audit Committee
The revised TB Policy Suite on Internal Audit no longer requires the audit committees of departments and agencies to focus on eight specific areas of oversight. This approach was nonetheless continued in 2017–18 as a best practice while the impacts of the policy changes were being assessed.
The DAC examined the following key areas during the past year:
1. Values and Ethics
- The DAC was presented with an update on initiatives to integrate values and ethics into all aspects of the workplace. As well, management presented EC's mental health strategy and new Civility Charter, which aim to foster a culture of respect and integrity in the workplace.
2. Risk Management
- The Committee received periodic updates on evolving issues and steps taken by EC to manage its affairs and deliver on its mandate.
- In February 2018, the DAC was presented with an overview of EC's Corporate Risk Management Framework. This framework sets out the key risks faced by the agency, and serves to foster its ongoing corporate risk management capability and approach and inform its Corporate Risk Profile.
- An update was provided on how EC is addressing Phoenix-related pay issues to ensure that the agency meets its obligations, accounts for transactions properly, and minimizes impacts on employees. The members noted the efforts made to date, stating that the impacts of the Phoenix pay system at EC appear to be under control.
- In October 2017 and March 2018, the Committee received updates on EC's election readiness activities and associated milestones for the 43rd general election. The DAC noted the importance of successfully implementing the transformation projects and associated change management, as well as effectively managing the impact of proposed legislative reform.
- The Committee received an overview of EC's security strategy for the 43rd general election in March 2018. The Committee emphasized the importance of the strategy, particularly aspects related to physical security and cybersecurity.
3. Management Control Framework
- In February and March 2018, the DAC was updated on the Internal Controls over Financial Management, and specifically which financial management tools would be in place for the 43rd general election. The members were also informed of the development of the Internal Control Action Plan for 2017–18 to 2019–20. The Committee commended EC on the move toward a more systematic testing of internal controls.
- The Committee received the agency's procurement plan, as well as supplier engagement procedures and contract management governance in October 2017.
- EC officials noted that the agency had received a draft report from the Procurement Ombudsman, which stated that EC was in good standing with only minor items to address. The DAC suggested that procurement be included in the agency's audit planning, given that an audit of the function had not taken place since 2009.
4. Internal Audit Function
- The findings of the audit of the Political Financing Candidate Return Program were presented to the DAC in March 2018. While the Committee supported the findings and agreed with the recommendations, it was suggested that the report was a program review rather than an audit given the scope and definition of the analysis. The report was revised accordingly.
- In March 2018, the DAC was informed by the CAE of the postponement until after the next general election of the Audit of Controls over Field Financial Management.. The rationale for postponement was the implementation of the newly-developed Action Plan on Internal Controls, which would provide comprehensive testing of internal financial controls in spring 2019.
- In 2017–18, it was decided that in the future, the CAE and CFO would participate annually in an in camera session with the DAC.
5. Office of the Auditor General of Canada and Central Agencies
- By virtue of attendance at DAC meetings by a representative of the Auditor General of Canada (OAG), the Committee was kept informed of matters raised by the Office and of its audit plans.
- In August 2017, the OAG official provided an overview of the OAG's audit of EC's financial statements and noted that the financial statements were in accordance with Canadian public sector accounting standards.
- In February 2018, the OAG official outlined the OAG's plan for the annual audit of the year ending on March, 31 2018.
- External DAC members, as well as the CAE, attended the DAC symposium sponsored by the Treasury Board Secretariat (TBS) on November 27, 2017. This symposium informed participants of trends and priorities for management and audit in the federal government.
6. Follow-up on Management Action Plans
- DAC follows a systematic approach to monitoring action plans presented by management in response to external and internal audits. The follow-up on management action plans was postponed, given organizational priorities, until August 2018.
7. Financial Statements and Public Accounts Reporting
- At its August 2017 meeting, the Committee reviewed and endorsed the disclosure contained in EC's financial statements. The members noted the efforts undertaken in regards to the financial statements and annex documents, in particular the efforts to improve asset reporting to the satisfaction of the OAG.
8. Accountability Reporting
- In August 2017, the DAC received an overview of the Departmental Results Framework, including how it was developed, its key components and the next steps required to submit the framework to TBS.
- At the same time, the Committee reviewed and endorsed the 2017–18 Departmental Results Report.
- In February 2018, the Committee reviewed the 2018–19 Departmental Plan. The Committee was reminded of recent changes to the plan as a result of the TB's new Policy on Results. This was a transition year between the old and new approaches.
iii) Activities of the Chief Audit Executive
During 2017–18, the Chief Audit Executive (CAE) sought to strengthen the internal audit function in light of organizational changes and the revised TB Policy Suite on Internal Audit.
- First, the CAE continued efforts begun in March 2017 to integrate the internal audit within the Electoral Integrity Office as a single entity. This change consolidates and strengthens EC's independent assurance function. The Audit Committee took note of this integration and asked that the CAE provide an overview on the future of the electoral integrity function to better understand potential synergies with the audit function.
- Second, the revised policy suite presented the internal audit function with an opportunity to reflect and improve on existing practices. The Internal Audit team revised its RBAP, Internal Audit Charter and Terms of Reference, and presented these to the DAC.
- Third, the internal audit function implemented its second triennial RBAP (2017–18 to 2019–20) from which the majority of its activities are derived. Of the three audits contained therein, one was scheduled to be conducted in 2017–18 (the audit of the Political Financing and Candidate Return Program). The main objective was to provide independent assurance that the Political Financing Program is adequate, effective, efficient and timely in meeting the agency's obligations in regards to the political financing provisions of the Canada Elections Act, with a particular focus on the efficiency and effectiveness of the process for auditing candidate returns. The audit was conducted in the fall and winter of 2017–18.
- Fourth, the internal audit function helped coordinate the analysis and discussion of the transformation agenda and the IT-enabled projects. It managed Gartner's independent external review of the agenda.
- Fifth, the CAE took steps to obtain their internal audit certification, as had been recommended previously by the Audit Committee. The DAC recognized the progress made by the CAE in this regard over the year.
Additional Key Milestones
- A new DAC member was retained.
- Logistical and informational support was provided to the Audit Committee and to external assurance providers.
- The internal audit function assisted PricewaterhouseCoopers in conducting mandatory independent audits of several by-elections, and the results were presented to the DAC.
- Updates were provided on recent EC internal and external audits and administrative reviews.
The CAE deems that EC's internal audit responsibilities were met in 2017–18.
The Audit Committee recognizes the accomplishments of the CAE during the past year. It encourages the CAE to continue to develop the internal audit function and its ability to provide assurance to the agency with respect to key programs and initiatives.
The Audit Committee considers that its activities for the year constitute a satisfactory basis for fulfilling its role. It was provided relevant and transparent information responsive to its mandate.
The DAC notes EC's efforts to establish its transformation agenda and to get ready for the 43rd general election while facing pressures of the proposed legislative reform. Based on its observations throughout 2017–18, the Committee considers that EC has a systematic and rational approach to delivering its mandate, managing risks, monitoring results and reporting publicly.