Administration of the Agency
Expectation (a): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including sound enterprise risk management (ERM).
|
|
|
|
- Is there a sound risk management process in place to assess and address risk in the Agency?
|
- Risk Management (RM) is an on-going Canada Revenue Agency (CRA) priority and senior executives continue to be highly engaged in managing risks.
- The Agency has an ERM Framework in place to assess and address risk in the Agency. The elements of the Framework include:
- ERM Policy approved by the Board in March 2006 (with the underlying theme that RM is everyone's business);
- ERM Program Implementation Strategy approved by the Board December 2006; and
- CRA RM process and tools, which enable the consistent and systematic assessment and management of risk at all levels of the Agency (approved by the Board in December 2006).
- The Framework ensures the Agency now has:
- A more disciplined and structured methodology (RM process and tools) that will result in the consistent and systematic assessment and management of risks across the Agency on an on-going basis; and
- The right process and tools to enable the Agency to continuously identify, analyze, evaluate, address, monitor/evaluate, and communicate risks. It is an approach that provides the Agency with the necessary means to keep its risks up-to-date and to continuously re-prioritize risks as conditions change.
|
- Enterprise Risk Management Policy
- ERM Program Implementation Strategy
- Risk management process and tools
|
- Does the Corporate Risk Inventory identify the Agency's top risks?
|
- The CRA Corporate Risk Inventory 2007 identifies the Agency's top risks:
- The Inventory is based on the extensive analysis of the information generated from the risk assessments conducted in a HQ Branches (involving a significant number of senior managers);
- The CRA Assistant Commissioner (AC) level ERM Committee was engaged in discussions to provide guidance and validate this analysis; and
- Agency Management Committee (AMC) confirmed the list of risks and evaluated each risk (voted on likelihood and impact).
- The Inventory identifies the Agency's top risks, risk drivers, impacts, current controls, ratings (likelihood/impact), sponsor/owner (accountability assigned at the AC level), and the response strategy for each risk.
|
- Corporate Risk Inventory (December 2007)
|
- Are enterprise-wide risks being assessed and addressed?
|
- Enterprise-wide risks are being assessed and addressed as evidenced by the CRA Corporate Risk Inventory 2007. All 17 risks identified in the current Inventory were assessed (identified, analyzed and evaluated) and are being addressed:
- Each risk has been assigned a Risk Response Sponsor at the AC level;
- All Sponsors have chosen a response strategy for their risks; and
- Details behind each response strategy will be outlined in the CRA Risk Action Plan. The first phase of the Action Plan (which will provide strategies for the top risks) was presented to the Board in March 2008.
- The Agency has also developed a strategy to ensure the currency of the information contained in the Corporate Risk Inventory (i.e. keeping inventories evergreen). This strategy was tabled at AMC in February 2008 and was presented to the Board in March 2008.
|
- Corporate Risk Inventory (December 2007)
- Risk Management Action Plan – Agency Top Risks (March 2008)
- Strategy for Ensuring the Currency of the Corporate Risk Inventory (March 2008)
|
- Is risk management embedded in CRA's strategic planning cycle and decision-making processes?
|
- RM has been integrated into the CRA's corporate planning and reporting cycle for a number of years as evidenced in previous Corporate Business Plans (CBP) and Annual Reports. As such, the Agency planning, decision-making and priority setting have been, and continue to be informed by risk.
- With the maturing of RM in the Agency and the advent of the ERM Program, the CRA has taken additional measures to integrate, embed and align RM into its key core processes. Accomplishments to date include:
- Resource Allocation: the CRA has embedded RM into the Resource and Investment Management Committee (RIMC) process. Specifically, RM is an important aspect in the RIMC guidelines which makes the completion of a risk assessment a mandatory requirement for all major investment projects;
- Performance Management Regime: RM has been included in the Commissioner's 2007-2008 Performance Agreement and in all HQ AC performance agreements. In addition, it is one of the Tailored Special Commitments in the 2007-2008 Guidelines to complete Executive Cadre and Senior Manager Performance Agreements. Because of this, as well as the inclusion of RM in the CBP, RM is an important element in the accountability of many executives and managers across the Agency; and
- Corporate Audit and Evaluation (CAE): an established information exchange exists between the ERM and the Corporate Audit and Evaluation functions – the Corporate Risk Inventory is one of the sources used in establishing the CAE Plan and results from audits and evaluations are a source of information used for risk identification and evaluation.
|
- Corporate Business Plan
- Annual Report
|
|
|
|
|
|
|
- Good work done
- The Board anticipates that ERM will continue to mature over the next few years
|
- Establish corporate risk management function and risk management centre of expertise
- Inculcate in minds of all CRA managers
|
|
|
Opportunity for Improvement
|
|
|
Expectation (b): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including an effective program evaluation function to assess the long-term success of Agency programs.
|
|
|
|
- Does the evaluation function have an appropriate level of independence?
|
- Strong governance structure, including the Board and Agency Management Committee (AMC), provides appropriate approvals and oversight of the function's policy, plans, study results and program area action plans in response to evaluation findings.
- Evaluation reports directly to Commissioner through the Director General of the Corporate Audit and Evaluation Branch (CAEB).
- CAEB's mandate is to support the achievement of the strategic goals by providing the Commissioner and Senior Management with independent and objective information, advice and assurance on the soundness of the management framework and on effectiveness, efficiency and economy of its strategies, programs and practices.
- Core responsibilities are delivered with A-base funding while additional funding is provided for commitments resulting from Treasury Board business cases.
- Canada Revenue Agency (CRA) Program Evaluation Policy approved September 2006 includes “the program evaluation function will be independent and not have responsibility or accountability for the areas being reviewed.”
|
- Board of Management Audit Committee Charter
- CRA Program Evaluation Policy
|
- Does the evaluation function have an effective risk-based planning process?
|
- Annual multi-year, risk-based evaluation plan takes into account Agency-wide risks, priorities, and evaluation commitments related to Treasury Board Secretariat and the Agency's Resource and Investment Management Committee requirements.
- Evaluation plan is approved by the Commissioner and AMC and reviewed by the Board.
- Quarterly progress-to-plan reports are provided to the Board's Audit Committee.
|
|
- Does the CRA value and make effective use of evaluation information to inform expenditure and policy decisions and program improvement?
|
- Use of evaluation information is related to the quality of reports; processes are established to ensure quality review and the provision of feedback at both the divisional and branch levels within the CAEB function.
- CRA Program Evaluation Policy 2006 ensures that the function assesses the results of Agency policies, programs, and initiatives, including their effectiveness, relevance, impacts, and alternative ways of achieving expected results.
- AMC is tasked with assessing the adequacy and progress of management action plans developed in response to program evaluation findings and recommendations.
- Post-study questionnaires are sent to program areas to obtain feedback on objectivity and quality of evaluation products as well as usefulness of the findings and recommendations; AMC accepted findings and recommendation for both evaluations of HQ-Regions Managers Exchange Program (2007) and Secure Channel – Branches indicated study findings were balanced, constructive and recommendations were appropriate, useful and realistic.
- Periodic follow-up activity assesses action taken in response to previous evaluations; June 2007 function reported on the status of the results from three previous evaluations; two cases, the function did not recommend that any further work be done; third case recommended an in-depth follow up of action plans initiated in 2008-2009.
|
- Management concurrence with recommendations
- Action plans developed
- Implementation monitored
|
|
|
Board's Assessment and Related Comments
|
|
|
|
- Evolving in the right direction
- Significant progress made
|
|
|
|
Opportunity for Improvement
|
|
|
Expectation (c): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including a professional internal audit function to provide assurance on the efficacy of the Agency's control framework.
|
|
|
|
- Does internal audit have appropriate resources (staff qualifications, mix and level of experience of professional staff)?
|
- Focus on professionalism, accreditation (Certified Internal Auditor) and accounting designations with a balance between experience and academic background; support staff with materials, time and training.
- Financial Management (FI) positions established in Finance Audit Team for conducting financial audits and staffing underway.
- 29% of internal audit management and staff possess one or more professional designation; 66% possess a university degrees.
|
- Corporate Audit and Evaluation Branch 2007-2010 Business Plan
- CAEB Staff Profiles Database
|
- Is internal audit planning appropriate (risk-base, appropriate approvals, methodology, etc.)?
|
- 2006 Institute for Internal Auditors (IIA) certification includes “generally conforms” (highest rating) for planning.
- Audit Committee of the Board of Management assists the Board in fulfilling its oversight responsibilities by reviewing the Agency's accounting framework, financial and performance information, internal controls and risk tolerance, and compliance with financial and environmental legislation.
- All members of the Committee are independent of the Agency. All meetings of the Committee are closed meetings unless specified otherwise. The Commissioner, the Chief Financial Officer, the Director General of Corporate Audit and Evaluation and a representative of the Office of the Auditor General of Canada attend as observers in regular closed sessions of Committee meetings.
- At each meeting of the Committee there shall be an in camera session scheduled on the agenda. The in camera session shall have its own respective agenda. If the Committee so chooses, it may call an official from the Office of the Auditor General to attend either a portion of, or the entire, in camera session.
- Commissioner, Audit Committee and Office of the Auditor General participate in shaping plan which is subject to an internal challenge process and shared for input with senior management.
- Risk-based internal audits consider Agency-wide risks, Corporate Business Plan priorities and Corporate Audit and Evaluation Branch's (CAEB) risk assessment of audit universe; risk assessment entails environmental scanning and consultation with Canada Revenue Agency (CRA) management.
- Risk is first driver of audit priority; other factors include: timing for audit work, ability to audit, extent of previous audit or external oversight, audit coverage, mandatory requirements, Enterprise Risk Management, program dimension, major change initiatives from Resource Investment Management Committee or Treasury Board Secretariat and audit assurance needs of stakeholders.
- Internal Audit Management Committee and the Board annually approve internal audit plan.
- Quarterly progress-to-plan reports are provided to Audit Committee.
- Consistent with IIA standards, business advisory services are considered as recommended alternative where that type of engagement is most effective way of improving controls and risk management; however, business advisory services are considered on an exception basis only; 94% direct hours providing assurance services, 6% towards business advisory services.
|
- Assessment by Institute for Internal Auditors
- Corporate Audit and Evaluation Branch 2007-2010 Business Plan
- Follow-Up of 2004-2005 Internal Audit Reports Report
|
- Are internal audit reports objective, reliable, accurate and of high-quality?
|
- 2006 IIA certification includes “generally conforms” for communicating results.
- Processes in place ensure quality review and provision of feedback.
- Commissioner and Audit Committee indicate reports are objective, reliable, accurate, timely and of high quality.
- Management feedback indicates about 90% of internal audit reports are good quality.
- CAEB review indicates audits are in accordance with IIA standards, reports are supported by working papers and that risk-assessment is documented.
- Final reports are proactively posted on CRA Internet site.
|
- Assessment by Institute for Internal Auditors
- CAEB 2006-2007 Annual Report
- Post Internal Audit Questionnaires
- Commissioner and the Board feedback
|
|
|
Board's Assessment and Related Comments
|
|
|
|
- Significantly beyond standards set for other government departments
|
|
|
|
Opportunity for Improvement
|
|
|
Expectation (d): The Board must assure itself that the Agency follows appropriate processes to ensure sound overall administration including ensuring that sustainable development (SD) is embedded in the way we do business.
|
|
|
|
- Does the CRA have a reliable reporting framework in place for SD?
|
- CRA's Sustainable Development Strategy is supported by the National SD Action Plan that consists of goals, objectives, targets, activities, due dates, offices of responsibility, outputs, and measures.
- Using identified measures, all SD reports outline, with various levels of detail, progress against the targets, activities, and outputs established in the Action Plan.
- Sustainable Development Steering Committee, a senior-level forum for discussion and action on SD, reports twice a year to the Commissioner and the Agency Management Committee on progress towards our Sustainable Development Strategy commitments and related initiatives.
- Agency uses modern management tools, systems, and processes to effectively integrate SD into both our operations and service delivery.
- Framework instruments include corporate SD and Environment Policies, an Environmental Management System, and supporting programs and tools such as SD Action Plans, Communications Strategy, Learning Strategy, and Results-based Management Accountability Framework.
- SD program is led by the SD Division (Finance and Administration Branch) the centre of expertise for planning, implementation and reporting and is supported by a network of SD practitioners in all CRA branches and regions.
- In accordance with the current SD Strategy, all Assistant Commissioners and most of the Executive Cadre had SD integrated into their performance agreements.
- Management at all levels are responsible for providing support and direction for planning and implementing sustainable development activities at the CRA.
- Employees are responsible for being aware of the principles of SD, and for applying these principles in their work.
- Compared with 2005-2006, CRA lowered its internal paper consumption by about 10%, increased its purchases of greener products by about 30%, and significantly exceeded its solid waste diversion target.
|
|
- How does the Commissioner of the Environment and Sustainable Development view CRA's SD Reports?
|
- Commissioner of the Environment and Sustainable Development monitors agencies' and departments' SD performance against the commitments published in individual SD strategies, including that of the CRA.
- CRA has received favourable assessments in the annual reports of the Commissioner of the Environment and Sustainable Development, specifically for progress in the areas of solid waste management and green procurement.
- Agency also received the best rating for its 2004 SD Strategy from among all federal government departments.
|
- Annual Report of Commissioner of Environment and Sustainable Development
|
|
|
Board's Assessment and Related Comments
|
|
|
|
|
|
|
|
Opportunity for Improvement
|
|
|
- Date modified:
- 2009-04-07
