Administration of the Agency

Source URL

https://www.canada.ca/en/revenue-agency/corporate/about-canada-revenue-agency-cra/management-accountability-cra/board-management-oversight-framework-table-contents/board-management-oversight-framework-administration-agency.html

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

Administration of the Agency

Expectation (a): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration, including sound enterprise risk management.
Related Key Questions
Evidence
Sources of Evidence
  • Is there a sound risk- management process in place to assess and address risk in the Agency?
  • Risk management (RM) is an ongoing CRA priority, and senior executives continue to be highly engaged in managing risks.
  • The Agency has an Enterprise Risk Management (ERM) Framework in place to assess and address risk in the Agency. The elements of the framework include:
    • An ERM policy approved by the Board in March 2006 (with the underlying theme that RM is everyone's business);
    • Improved CRA RM process and tools, which strengthen the alignment between risks and expected results; and
    • An ERM program strategy, presented to the Board in December 2007, which introduced two ERM program goals: to implement and sustain a solid corporate risk-management function that supports effective decision making; and to establish an effective risk- management centre of expertise to assist CRA employees in managing risks proactively on a daily basis.
  • The framework ensures the Agency has:
    • A disciplined and structured methodology (RM process and tools) that results in the consistent and systematic assessment and management of risks across the Agency on an ongoing basis; and
    • The right process and tools to enable the Agency to continuously identify, analyze, evaluate, address, monitor, and communicate risks. It is an approach that provides the Agency with the necessary means to identify risks and to continuously reprioritize risks as conditions change.
  • ERM Policy
  • ERM Program Implementation Strategy (October 2007)
  • Risk-management process and tools (September 2008)
  • Does the Corporate Risk Inventory identify the Agency’s top risks?
  • The CRA Corporate Risk Inventory (CRI) 2007 was endorsed by the Board in December 2007:
    • The CRI is based on the extensive analysis of the information generated from the risk assessments conducted in all Headquarters branches (involving a significant number of senior managers);
    • The CRA AC level ERM Committee was engaged in discussions to provide guidance and validate this analysis; and
    • AMC confirmed the list of risks and evaluated each risk (voted on likelihood and impact).
  • CRI (December 2007)
  • CRA Risk Action Plan (September 2008)
  • Strategy for Ensuring the Currency of the CRI (March 2008)
  • Does the Corporate Risk Inventory identify the Agency’s top risks? cont.
  • The CRI identifies the Agency’s top risks, risk drivers, impacts, current controls, ratings (likelihood/impact), sponsor/owner (accountability assigned at the AC level), and the response strategy for each risk.
  • In September 2008, the CRA completed the CRA Risk Action Plan:
    • The overall objective of the plan is to ensure that the right approaches for reducing, maintaining, and controlling the growth of the Agency’s risk exposure are implemented;
    • The plan is the companion document to the CRI. Developed using a phased approach (Round I – Agency top 5 risks, Round II – Agency highest risks, Final Round – All risks), the final plan outlines the response strategies for addressing all 17 risks identified in the CRI; and
    • The risk response strategies described in the plan are based on the careful consideration of the risk level, the exposure reduction/maintenance potential for each risk, and existing resource constraints and limitations. The strategies are also aligned with CRA priorities as outlined in the CBP.
  • Consistent with the Strategy for Ensuring the Currency of the CRI, a complete renewal of the CRI is currently underway with the intent of finalizing a new CRI for May 2009 (complete renewals every two years with updates every other year). The rationale behind the timing of the launch was to ensure CRI alignment with the Agency’s corporate planning cycle. With new/updated CRIs in place every spring, the AMC and the Board will have the most current risk information available for priority setting, planning, and resource allocation purposes. Furthermore, this second CRI exercise includes a greater regional perspective.
  • Are enterprise-wide risks being assessed and addressed?
  • All 17 risks identified in the current Inventory were assessed (identified, analyzed, and evaluated) and are being addressed through the mitigation strategies developed in support of the CRA Risk Action Plan:
    • The foundation of the CRI is built on branch/regional risk assessments involving the entire CRA senior management cadre. All assessments are facilitated using the Agency-approved risk-management (RM) process and tools, thus raising awareness and building proficiency in the use of the CRA RM process and tools across the Agency;
    • Each Agency risk is assigned a risk sponsor at the AC level;
      • All sponsors develop a response strategy for their risks; and
      • Details behind each response strategy are outlined in the CRA Risk Action Plan.
    • The CRA’s RM information, approach, process, and tools are made available to employees in a variety of ways: RM InfoZone site; formal training for MGs and EC01/02s; and internal messaging from the chief risk officer.
    • The ERM centre of expertise provides support to any group in the Agency seeking help to undertake a risk assessment. Support varies (depending on the requirements), for example— coaching, facilitating, providing information, reviewing documents;and
    • Awareness/information sessions are provided to groups across the Agency upon request.
  • CRI (December 2007)
  • CRA Risk Action Plan (September 2008)
  • Corporate Risk Inventory Summary 2007
  • Guidelines to Complete Executive Cadre Performance Agreements for 2008-2009
  • Are enterprise-wide risks being assessed and addressed? cont.
  • The CRA communicates and monitors progress of mitigation strategies at the senior management level by:
    • Actively embedding risk information in the CRA planning, reporting, and performance process;
    • Promoting the inclusion of RM in EC performance agreements. Accountabilities at lower levels follow the ones established at the AC and EC levels as managers and team leaders are responsible for operationalizing concrete responses to risks for which ACs and ECs are the sponsors; and
    • Requiring risk sponsors to report on the development and implementation of their risk action plans, as deemed necessary, to the AMC and the Board.
  • Is risk management embedded in the CRA’s strategic planning cycle and decision making processes?
  • RM has been included in the Commissioner's 2008-2009 performance agreement and in all AC performance agreements. In addition, it is one of the tailored special commitments in the Guidelines to Complete Executive Cadre Performance Agreements for 2008-2009. Because of this, as well as the inclusion of information in the CBP, RM is an important element in the accountability of many executives and managers across the Agency.
  • The risk information generated during the development of the CRI is also used to provide the Agency with detailed risk information that is explicitly used to inform CRA planning, reporting, performance, and the resource allocation process:
    • Risk information generated for the development of the CRI is linked to the corporate priorities reflected in the CRA CBP;
    • Corporate priorities are reflected in the risk sponsors' choice of mitigation strategies when developing the CRA risk action plan. As such, the implementation of the risk mitigation strategies fully supports corporate performance; and
    • RM is now a specific requirement for the development of business cases for all major investment projects presented to the Resource and Investment Management Committee (RIMC).
  • Guidelines to Complete Executive Cadre Performance Agreements for 2008-2009
  • CBP
  • Annual Report
  • RIMC Guidelines
Management Performance Measures
Is there a sound risk-management process in place to assess and address risk in the Agency?
  • In Round VI (2008-2009) of the Management Accountability Framework (MAF) assessment, the CRA received a rating of “strong” for the area of management relating to risk management.
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
  • CRA’s ability to deal with mitigation strategies relies on the active participation and support of partners such as TBS and Public Works and Government Services Canada (PWGSC) in a reasonable time frame.
  • A monitoring and reporting process will be developed along with key risk indicators to identify any change that could potentially impact 1) the level of severity of risks in the CRI and 2) the accuracy of the risk information contained in the CRI.
  • A risk-management training strategy describing the delivery approach will be developed over the March 2009 to February 2010 period.
Acceptable
Opportunity for Improvement
Attention Required
Expectation (b): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including an effective program evaluation function to assess the long-term success of Agency programs.
Related Key Questions
Evidence
Sources of Evidence
  • Does the evaluation function have an appropriate level of independence?
  • The CRA Program Evaluation (PE) Policy states “the program evaluation function will be independent and not have responsibility or accountability for the areas being reviewed.”
  • The director general of the Corporate Audit and Evaluation Branch (CAEB) reports directly to the commissioner.
  • The Management Audit and Evaluation Committee (MAEC) reviews the plans and output of PE:
    • To ensure appropriate follow-up to evaluations; and
    • To ensure appropriate assurances for the Board.
  • Core responsibilities are delivered with A-base funding.
  • CRA Program Evaluation Policy (approved September 2006)
  • MAEC Terms of Reference
  • Board Audit Committee Charter
  • CAEB 2008-2011 Business Plan
  • Does the evaluation function have an effective risk-based planning process?
  • The CAEB’s multi-year risk-based evaluation plan is prepared annually and considers the priorities and challenges of the Agency as described in the CBP andthe CAEB’s risk-assessment of Agency activities.
  • Focused risk-planning starts mid-year with a review of current work in progress, an initial environmental scan of internal and external potential risks, and a review of known risks.
  • Branch senior managers hold discussions with selected senior managers from functional and regional areas to ensure all critical risks are considered.
  • The PE plan also considers evaluation and performance measurement commitments related to TBS and RIMC requirements.
  • The PE plan is integrated into the CAEB business plan, approved by the commissioner and the MAEC, and reviewed by the Board.
  • CAEB 2008-2011 Business Plan
  • CBP
  • CAEB Master Control Spreadsheet
  • CRI
  • Program Evaluation Division Plan
  • Does the CRA value and make effective use of evaluation information to inform expenditure and policy decisions and program improvement?
  • Relative to the size of the Agency, the evaluation group is very small; therefore evaluation coverage of the Agency’s program activity architecture has been very limited.
  • Three evaluations will be completed in 2008-2009:
    • GST Delinquent Filing and Remitting Evaluation;
    • GST Registration Evaluation; and
    • Charities Partnership and Outreach Evaluation.
  • CAEB 2008-2011 Business Plan
  • PE Status Reports (June, September, December and March)/CAEB Annual Report
  • Discussion Paper on Measuring and Reporting on the Benefits of a RIMC Project
  • PE Client Surveys
  • Does the CRA value and make effective use of evaluation information to inform expenditure and policy decisions and program improvement? cont.
  • Quarterly progress-to-plan reports and a CAEB annual report are provided to the Board’s Audit Committee.
  • In addition to evaluations, PE provides advice and guidance to CRA project teams with the development of approaches to performance measurement and evaluation to satisfy requirements of the RIMC business case process.
Management Performance Measures


Does the CRA value and make effective use of evaluation information to inform expenditure and policy decisions and program improvement?
  • In 2007-2008, one evaluation (HQ-Managers Exchange Pilot Implementation) produced three recommendations. There was no management response.
  • In 2008-2009, two completed evaluations (GST/HST Registration Compliance and Charities Partnership and Outreach Program) included a combined seven recommendations. All seven recommendations were accepted by management.
  • In 2008-2009, PE advised senior management on performance measurement on 13 different projects.
  • Client satisfaction surveys indicated that clients were very satisfied with the service provided by PE staff in terms of level of expertise, timeliness, and consistency of advice.
Management performance will be demonstrated by trending the results of planned versus completed evaluations (frameworks and studies). (see graph)
  • The 2007-2008 data will be used as the benchmark for analysis and performance discussion in subsequent BoMOF assessments.
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Acceptable
  • This function has appropriately been refocussed to deal with benefits measurement.
  • Program coverage will be considered as a factor in developing future evaluation plans.
Acceptable
Opportunity for Improvement
Attention Required
Expectation (c): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including a professional internal audit function to provide assurance on the efficacy of the Agency’s control framework.
Related Key Questions
Evidence
Sources of Evidence
  • Does internal audit have appropriate resources (staff qualifications, mix and level of experience of professional staff)?
  • The CAEB continues to place a focus on professionalism including accreditations such as the certified internal auditor (CIA) designation and professional accounting designations. The . CAEB continues to demonstrate support to all staff pursuing their designations by providing them with the necessary materials, allowing them time to study, and providing them with access to any relevant training. In addition, the , CAEB continues to strive for a balance between staff with strong program experience and strong academic backgrounds.
  • CAEB Business Plan
  • CAEB Staff Profiles Database
  • Is internal audit planning appropriate for example —risk-based, appropriate approvals, methodology?
  • Internal audits are identified using a risk-based approach that includes consideration of Agency-wide risks and CBP priorities as well as CAEB's risk assessment of the audit universe. The risk assessment entails environmental scanning and consultation in regions and at Headquarters. Level of risk is the first driver to establish audit priority. Other factors that influence audit selection include:
    • Timing for audit work for example— systems under-development audits. It is not appropriate to audit a project too early in its development, nor too late);
    • Ability to audit; and
    • Extent of previous audit or planned external oversight (that is— CAEB internal audit plans are co-ordinated with the OAG to avoid duplication or gaps).
  • Evidence of the effectiveness of this approach is demonstrated in the number of recommendations and other areas for improvement resulting from audits performed.
  • The CAEB, using preliminary guidance from the TBS/Office of the Comptroller General (OCG), is working towards achieving the following to ensure it will be well-positioned to deliver on the TBS policy requirements for a substantiated holistic opinion on risk management, control, and governance processes:
    • Linking Internal Audit Reporting to Corporate Risk Analyses and Plans. In preparation for the annual CAEB Business Plan Update, the CAEB is establishing the linkages between proposed internal audits and the corporate risk analysis as well as the TBS MAF and BoMOF elements. In this way, the CAEB will be better positioned to report audit results to the CRA’s senior management and the Board in a more thematic context.
    • Including in the CAEB Business Plan for 2009-2012 the first stages of a strategy to work towards being able to provide an overall perspective on the state of CRA risk-management, control and governance processes for the fiscal year ended March 31, 2011. This strategy and perspective would take into consideration such inputs suggested by the TBS/OCG as follows:
      • The results of completed risk-based internal audits;
      • The status of management action plans for all audit work affecting the Agency (that is, including the reports of the auditor general);
      • The results of TBS Management Accountability Framework (MAF) assessments (including BoMOF assessments as a unique element for the CRA);
      • Environmental scans, corporate priorities, change management strategies, and risk profiles;
      • Other sources of assurance, including monitoring and studies performed by management, and the work of other independent reviews of the Agency.
  • Assessment by Institute for Internal Auditors
  • CAEB business plan
  • Follow-up of 2004-2005 Internal Audit Report
  • Audit Committee charter
  • Corporate risk inventory
  • Corporate business plan
  • ERM Framework
  • Is internal audit planning appropriate for example—risk-based, appropriate approvals, and methodology?cont.
  • This overall perspective will include caveats to highlight where assurances provided are not at as high a level as would be associated with an audit. It will provide a foundation for moving towards the provision of subsequent holistic assurances across the full spectrum of the management objectives defined by MAF and focusing on the high-level assurance of key risk areas.
  • In addition, the CAEB is striving to provide input into the Agency's risk scoring system.The CAEB is using the output of the CRI, Round 2 exercise in our current business planning process. The CAEB is currently performing a mapping exercise in relation to the core controls that will be shared with the ERM to inform the discussion on the CRI.
  • Within CAEB audit coverage (that is, without systematically aiming to examine all activities in the Agency, the , CAEB strives to ensure sufficient coverage of key functions to determine whether proper controls are in place and functioning as intended, for example—a cyclical approach is taken for financial type audits). Also, consideration is given to mandatory requirements (that is,. some issues may be ranked as relatively low risk but must be audited given commitments in Treasury Board (TB) submissions or memoranda of understanding with other organizations).
  • Is internal audit planning appropriate for example—risk-based, appropriate approvals, and methodology? cont.
  • Other factors taken into consideration are integration with input provided from the ERM team; program dimensions in terms of full-time equivalents, and fiscal impact; and major change initiatives from RIMC or TBS, for example— where CAEB work is integrated into the oversight framework and meeting the key audit assurance needs of key stakeholders such as the commissioner and the Board's Audit Committee.
  • The risk-based plan is subject to an internal challenge process and shared for input with Agency senior management. The CAEB’s primary clients— the commissioner and the Audit Committee of the Board of Management—participate in shaping the plan along with the OAG.
  • The MAEC and the Board Audit Committee approve the risk-based internal audit plan.
  • Are internal audit reports objective, reliable, accurate, and of high-quality?
  • Both the Commissioner's and the Board Audit Committee’s feedback indicate that reports are objective, reliable, accurate, timely and of high quality.
  • Processes in place ensure quality review and the provision of feedback at both the divisional and branch levels within the CAEB.
  • Post-internal audit questionnaires are sent to program areas to obtain feedback on the objectivity and quality of internal audit products, as well as the usefulness of the findings and recommendations. Management feedback on the quality of internal audit reports indicates the vast majority are of good quality.
  • The CAEB’s internal professional practices reviews indicate that audits are conducted in accordance with IIA standards, that reports are well supported by working papers, and that risk-assessment is documented.
  • The CAEB final reports (both internal audit and program evaluation) are proactively posted on the CRA Internet site and are thus completed in such a manner as to withstand the scrutiny that publishing them in a public domain entails.
  • Assessment by Institute for Internal Auditors
  • CAEB Annual Report
  • Post Internal Audit Questionnaires
  • Commissioner and Board feedback
  • Minutes of the Board Audit Committee
Management Performance Measures
Does internal audit have appropriate resources (staff qualifications, mix, and level of experience of professional staff)?
  • 30% of audit staff have one or more professional designation;
  • 66% possess a university degree; and
  • 68% have either one or more professional designation and some type of university degree.
Is internal audit planning appropriate (for example—risk-based, appropriate approvals, and methodology?
  • The Institute for Internal Auditors (IIA) certification of CRA's internal audit function in 2006 included a “generally conforms” (highest IIA rating possible) to the IIA standard for planning. The CAEB continues to strive to maintain this rating in anticipation of another review in 2011. Adherence to the IIA Standards is a priority of the CAEB.
Are internal audit reports objective, reliable, accurate and of high-quality?
  • The IIA certification of the CRA's internal audit function in 2006 included a “generally conforms” (highest IIA rating possible) to the IIA standard for communicating results.
Management performance will be demonstrated by trending the results of the following:
  • Percentage of audits completed as identified in the audit plan; and
  • Percentage of audit recommendations implemented.
The 2007-2008 data will be used as the benchmark for analysis and performance discussion in subsequent BoMOF assessments.




Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
Acceptable
Opportunity for Improvement
Attention Required
Expectation (d): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration ensuring that sustainable development is embedded in the way we do business.
Related Key Questions
Evidence
Sources of Evidence
  • Does the CRA have a reliable reporting frameworks in place for sustainable development?
  • The CRA’s Sustainable Development (SD) Strategy is supported by the National SD Action Plan that consists of goals, objectives, targets, activities, due dates, offices of responsibility, outputs, and measures.
  • SD is incorporated in key CRA planning and reporting documents, including the RPP, CBP, and AR.
  • Management at all levels is responsible for providing support and direction for planning and implementing sustainable development activities at the CRA.
  • Framework instruments include corporate SD and environment policies, an environmental management system, and supporting programs and tools such as SD action plans, communications strategy, learning strategy, and Results-Based Management Accountability Framework.
  • The Agency uses modern management tools, systems, and processes to effectively integrate SD into both our operations and service delivery.
  • The SD program is led by the SD Division, the centre of expertise for planning, implementation, and reporting, and is supported by a network of SD practitioners in all CRA branches and regions.
  • The CRA's Environment Policy includes requirements to reduce the consumption of materials and other resources (for example–—energy) in its operations, and reduce waste and minimize pollution resulting from operations.
  • The Commissioner of the Environment and Sustainable Development monitors the Agency’s SD performance against the commitments published in individual SD strategies, including that of the CRA. Environment Canada's 2008 management review of departmental SD strategies named several of the CRA's SD program elements as successes and best practices.
  • Sustainable Development Strategy 2007-2010
  • SD National 2007-2010, Branch and Regional Action Plans
  • RPP/CBP
  • SD/CRA Environment Policy
  • Online SD Performance Reporting Tool
  • OPI, Network, and Progress SD Quarterly/Semi-Annual Reports
  • SD Annual Report
  • Communications/Learning Strategy
  • Results-Based Management Accountability Framework
  • AC and EC performance agreements
  • Reports of the Commissioner of the Environment and Sustainable Development
  • Sustainable Development Strategies Management Review
  • Sustainable Development Employee Survey, prepared by Ekos Research Associated Inc. – March 2008
  • CRA Performance Report on Sustainable Development, April 1, 2007 to March 31, 2008
  • Minutes o f the Board Audit Committee
Management Performance Measures
Does the CRA have a reliable reporting framework in place for sustainable development?
  • 97% of ECs included an SD measure in their performance agreements for 2008-2009.
  • The results of the November 2007 SD awareness survey indicated that 89% of employees were aware of SD efforts at the CRA. This increased from 72% in 2004. The Agency's awareness target is 95% by March 2010.
  • The results of the 2007-2008 satisfaction survey of the SD Network indicated an overall approval rating of 78% for services provided by the SD Division.
  • The number of sheets of multi-purpose office paper used per employee was reduced by 0.7% or 40 sheets, moving from 5,761 sheets in 2006-2007 to 5,721 sheets in 2007-2008.
  • The CRA included environmental specifications in two of two strategic sourcing contracts issued during the period. In addition, 11.4% of total product spending went to green product purchases—exceeding the Agency target of 10% for 2007-2008.
Rating Scale
Board’s Assessment and Related Comments
Next Steps
Strong
Strong
Acceptable
Opportunity for Improvement
Attention Required


Report a problem or mistake on this page

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified:
2010-02-19