November 2010
Recommended for Approval to the
Deputy Minister by Departmental Audit Committee
on January 25, 2011
Approved by the Deputy Minister on January 31, 2011
Table of Contents
- 1.0 Executive Summary
- 2.0 About the Audit
- 3.0 Findings and Recommendations
- 4.0 Conclusion
- Appendix A: Audit Criteria
- Appendix B: Management Action Plan
1.0 Executive Summary
1.1 Introduction
The Industrial and Regional Benefits (IRB) Policy was established by the Government of Canada in 1986 to lever large government procurement for industrial development. The Policy was created to ensure that Canadian companies can derive benefits from procurements, such as new business or investments in new technologies. The majority of procurements subject to the Policy are Defence procurements.
The IRB Policy requires that prime contractors (Canadian and foreign) work with Canadian firms or make investments in advanced technology sectors of the Canadian economy, in an amount usually equal to the contract value.
This audit of IRB was included in Industry Canada's 2010–11 Risk-Based Internal Audit Plan at the request of IRB Directorate management, who were seeking early feedback on changes they are making to the IRB management control framework (MCF).
The objective of this audit is to provide senior management with an assessment of the governance and risk management aspects of the IRB management control framework. Because operational processes, controls and procedures are currently being documented, the Audit and Evaluation Branch (AEB) has proposed to perform advisory services in this area during the third and fourth quarter of 2010–11.
AEB compared the IRB Directorate's proposed MCF to the Core Management Controls identified by the Office of the Comptroller General (OCG). These controls are aligned with the Treasury Board Secretariat's Management Accountability Framework (MAF), which contains a set of management expectations.
1.2 Overall Conclusion
The IRB Directorate's initiatives to update its MCF are partially implemented or under development and, therefore, it is too early for AEB to provide an assessment of the MCF's effectiveness. The Directorate's draft Business Plan 2010–13 represents a proactive approach to define the Directorate's vision and mandate, and it contains the key foundational pieces of the revised MCF that need to be implemented. The proposed MCF aligns well with most of the criteria of OCG Core Management Controls in the areas of governance processes and risk management practices.
1.3 Summary of Findings
Table 1 provides an overview of the implementation status of the IRB Directorate's MCF by the ten MAF elements, using a three-stage progressive development scale (additional details are in Section 2.4 of the report):
- Start-up Phase
- In Process
- Implemented.
Below is a summary of findings by principal lines of enquiry:
Governance
The IRB Directorate has clearly defined and communicated strategic directions and objectives, aligned with its mandate, through a draft three-year Business Plan developed in July 2010. The Directorate has been restructured to improve its effectiveness. It follows the Values and Ethics Code for the Public Service. It is currently implementing a more robust performance reporting regime. Change initiatives have been communicated effectively to IRB staff and are based on environmental and organizational analysis.
Key elements of the control framework being implemented include a policy capacity, employee performance feedback process, external and internal consultations in regard to policy/control framework changes, and plans for communications and outreach activities.
Finding 1.0: The IRB Business Plan should include a formal process to monitor the implementation of Business Plan initiatives and the IRB MCF.
Finding 2.0: No specific oversight mechanism is identified to monitor the effectiveness of the application of IRB Policy.
Risk Management
The IRB Directorate's Business Plan includes an extensive analysis of risks facing the organization and contemplates a Risk Analysis Framework to analyse industry-related risks and benefits.
Finding 3.0: The IRB Directorate has not documented and articulated its risk methodology and risk management practices at the project level.
1.4 Summary of Recommendations
Governance
Recommendation 1.0: The Director, IRB Directorate should ensure the approval of the draft Business Plan and institute a formal process to monitor implementation of the Business Plan initiatives and the IRB MCF.
Recommendation 2.0: The Director General, ADMB should explicitly identify an oversight mechanism to monitor the effectiveness of the application of the IRB Policy.
Risk Management
Recommendation 3.0: The Director, IRB Directorate should ensure that, at the project level, risk methodology, risk management practices, and related tools are documented and communicated to staff.
1.5 Statement of Assurance
In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed to with management. The opinion is applicable only to the entities examined and within the scope described herein. This audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada.
1.6 Audit Opinion
In my opinion, Industry Canada's management control framework for the application of the Government of Canada's Industrial and Regional Benefits Policy, at its early stage of development, has defined the key foundational pieces that need to be implemented. There are a few issues with moderate risk exposures in regard to governance and risk management practices.
Susan Hart
Chief Audit Executive,
Industry Canada
2.0 About the Audit
2.1 Background
The objective of the Contracting Policy of the Government of Canada is to acquire goods and services and to carry out construction in a manner that enhances access, competition and fairness and results in best value or, if appropriate, the optimal balance of overall benefits to the Crown and the Canadian people. In support of its objective, the Contracting Policy states that government contracting shall be conducted in a manner that will, among other things, support long-term industrial and regional development and other appropriate national objectives, including aboriginal economic development.
The Industrial and Regional Benefits (IRB) Policy was established in 1986 to lever large government procurement for industrial development. The Policy was created to ensure that Canadian companies can derive benefits from procurements, such as new business or investments in new technologies. The majority of procurements subject to the IRB Policy are Defence procurements.
The IRB Policy requires that prime contractors (Canadian and foreign) work with Canadian firms or make investments in advanced technology sectors of the Canadian economy, in an amount usually equal to the contract value. The investments can be either directly related (goods, services and/or long-term service support directly for the items being procured by the government) to the procured item, or indirectly related (i.e. investments, technology cooperation, and product mandates) to it.
Industry Canada (IC) is responsible for the administration of the IRB Policy. The Regional Development Agencies perform an advocacy role for their respective regional stakeholders. IC works in partnership with Public Works and Government Services Canada (PWGSC), which oversees the procurement process, and with the Department of National Defence (DND), which establishes the technical requirements.
The IRB Directorate, which is responsible for the design and implementation of the IRB Policy, resides within the Aerospace, Defence and Marine Branch (ADMB) of the Industry Sector. The Directorate has a budget of approximately $2.5M and comprises 25 Full Time Equivalents (FTEs). The Regional Directors in the Quebec, Ontario and Pacific regions support the IRB Directorate by allocating one FTE (at 10% of their time) to provide input and advice regarding economic activity in their region. The Directorate indicates that its portfolio currently has 57 separate Defence procurements with a value of approximately $20B.
The IRB Directorate discharges its responsibilities through four key functions:
- Negotiate and approve IRB requirements with regard to new military procurements;
- Manage and monitor the specific corporate IRB obligations achieved through a series of "IRB transactions";
- Verify that the companies actually deliver on their agreed-upon commitments; and,
- Communicate, disseminate, and promote the IRB Policy and ongoing portfolio of commitment opportunities for Canadian business.
In 2006, the Government of Canada announced the Canada First Defence Strategy (CFDS), which will see substantial increases in defence spending. The CFDS is estimated to double IRB obligations owed to Canada from their current level of approximately $20B.
In September 2009, the Minister of Industry announced a series of enhancements to the IRB Policy. This was the first major change to the Policy since its implementation in 1986. The enhancements are to be implemented in 3 phases:
- Phase 1 involves the phasing in of the requirement to identify 60% of the IRBs upfront (30% at contract signing, and 30% within one year), and the incentive for the creation of Public-Private Consortia.
- Phase 2 involves improving the recognition of the value of Canadian firms' participation in Global Value Chains, and firm-level research and development and commercialization.
- Phase 3 involves enhancing the priority technology list, the requirement for strategic plans from prime contractors with major IRB obligations, and the banking of industrial and regional benefit credits.
All 3 phases are to have been implemented by Fall 2010.
As a result of the changes to the IRB Policy and the projected increase in procurements in the CFDS, the IRB Directorate is undertaking significant changes to its management control framework, guided by its first three-year Business Plan 2010–13. The development of the plan was accompanied by an organizational review and an exercise to verify internal processes. The Business Plan (currently in draft) is intended to ensure that the Directorate can continue to meet its mandate and achieve its strategic objectives as the CFDS is rolled out.
The draft IRB Business Plan identifies seven areas as critical in enabling the IRB Directorate to continue to meet its mandate, achieve its vision and address the risks and challenges facing it in the future. The seven critical areas are, in no specific order of importance:
- Strengthened Industrial Advocacy Over the Entire Procurement Cycle
- Improved Stakeholder Relations
- Standardized Operational & Business Processes
- Enhanced Data/Information Management
- Effective Communication of IRB Success and Opportunities
- Improved Human Resources Management
- Strengthened Policy Capacity.
This audit of IRB was included in the 2010–11 departmental Risk-Based Audit Plan at the request of IRB management, who were seeking early feedback on the changes being made to the management control framework (MCF).
2.2 Audit Objective
The objective of this audit is to provide senior management with an assessment of the governance and risk management aspects of the IRB management control framework.
The IRB Directorate is currently completing the documentation of operational processes, controls and procedures in support of the MCF. Because this initiative will not be completed until fiscal 2011–12, AEB will be conducting advisory services in this area in the context of proposed controls and opportunities for improvement.
2.3 Audit Scope
The scope of the audit included comparing the newly revised management control framework for IRB to applicable controls outlined in the draft OCG Core Management Controls. These draft November 2007 Core Management Controls are aligned with the Treasury Board Secretariat's Management Accountability Framework, which contains a set of management expectations.
The IRB Directorate is undertaking significant changes to its MCF, guided by its draft three-year Business Plan. This audit focused on changes made to the MCF since 2009, to provide management with early feedback.
2.4 Audit Methodology
This internal audit was conducted in accordance with the Treasury Board Policy on Internal Audit and Internal Auditing Standards for the Government of Canada. The audit utilized criteria based on the Core Management Controls and the Management Accountability Framework. Appendix A provides a summary of these criteria.
The audit approach consisted of the following:
- a planning phase, including audit risk assessment, and preparation of an audit planning memorandum with audit criteria that were presented to IRB Directorate management;
- interviews with IRB management and staff members;
- review of IRB documentation, including past audit and evaluation reports; and
- review of key documents related to the changes in the IRB MCF, including the IRB Directorate's draft Strategic Plan dated July 2010(now renamed the Business Plan), the IRB HR Workload Review Report, and the IRB verification report.
The audit was conducted from May 2010to August 2010.
Recognizing that the IRB MCF is in the process of being implemented, our assessment of the IRB MCF uses a three-stage development scale to determine overall status by MAF element and provide an assessment, where appropriate, of progress made on the IRB MCF. Table 2 below describes expectations associated with each stage of development.
| Stage of Development | Audit Criteria | Indicator of Progress |
|---|---|---|
| Start-up Phase | Most criteria have not yet been met. | Applying the MCF has recently begun. |
| In Process | Many criteria have not been met, but progress is being made. | Actively and demonstrably moving toward application of the MCF. |
| Implemented | All criteria have been substantially met. | Applying the MCF. |
2.5 Reporting Strategy
Our report provides an overview of the IRB MCF's implementation status by MAF elements and describes the key initiatives implemented and planned under each element, grouped by the two audit lines of enquiry of Governance, and Risk Management. Recommendations are provided at a high level where moderate issues are noted.
3.0 Findings and Recommendations
3.1 Overview
The new management control framework for IRB is at an early stage of development (key elements such as the three-year Business Plan, annual report, policy direction, and system improvement are yet to be finalized). Therefore, our audit assessment of governance and risk management relates to the actions taken to date to implement a new management control framework, and reports significant gaps as compared to key Core Management Controls, categorized by MAF elements.
Table 3 below shows the status of the IRB Directorate's revised MCF by the ten MAF elements.
| MAF Element/Stage of Development | Implemented | In Process | Start-up Phase |
|---|---|---|---|
| Governance and Strategic Direction | X | ||
| Public Service Values | X | ||
| Results and Performance | X | ||
| Learning, Innovation and Change Management | X | ||
| Risk Management | X | ||
| Policy and Programs | X | ||
| People | X | ||
| Citizen-Focused Service | X | ||
| Accountability | X | ||
| Stewardship | Not in scope |
3.2 Governance
3.2.1 Policy and Programs
Prior to the announcement of the changes to the IRB Policy in September 2009, the Directorate engaged in a process of consultation with key users and stakeholders of the IRB Policy. According to the Directorate, the consultation process highlighted the need for both the creation of a policy cell within the IRB Directorate, and a strategy to keep the IRB Policy "evergreen".
The Directorate has since established a dedicated policy unit and has identified the development of a strategy to keep the IRB Policy evergreen as a key output for 2010–11 draft IRB Business Plan.
Currently the IRB Policy framework consists of a Policy Statement on the IC website, a model request for proposal, and a model contract. These documents specify the terms and conditions to be added to IRB eligible procurements.
In its draft Business Plan, the IRB Directorate has identified the need to create a formal IRB operational policy document.
3.2.2 People
All IC employees (except executives and senior excluded/unrepresented managers) are subject to the Employee Performance Measurement (EPM) Framework. The EPM facilitates the performance appraisal process by encouraging regular communication between managers/supervisors and employees about work expectations, job performance and employee development. The IRB Directorate follows the EPM. A similar performance management process is also in place for executives and excluded employees.
The Director of the IRB Directorate plans to institute a process (by the end of FY 2010–11) to review performance on a quarterly basis for those IRB staff who report directly to him.
Improved HR management is one of the seven areas of critical importance in the draft IRB Business Plan, which also includes specific expected outputs over the planning period. The Business Plan notes that the nature of IRB activity requires an on-the-job training period for junior IRB managers.
The Directorate is in the process of implementing a new organizational structure. The structure was changed for several reasons including a desire to improve training and succession planning. The Directorate has developed a three-year training plan for new and existing employees.
The IRB Directorate is included in the Industry Sector Human Resources Plan, but we did not find a formal document listing current and future resource competency needs, or an analysis of key positions and succession planning for the Directorate.
3.2.3 Citizen-Focused Service
Prior to the announcement of the changes to IRB Policy by the Minister of Industry in September 2009, the IRB Directorate consulted with key users and stakeholders of the IRB Policy.
Designated Industry Canada regional staff are involved in bi-weekly conference calls with the IRB Directorate. The Directorate solicited staff input and subsequently held an all-staff meeting where the draft Business Plan was presented.
The IRB Directorate has recently instituted a working group at both the Director General and Assistant Deputy Minister level with DND and PWGSC to discuss contracting and IRB issues.
The Industry Canada website contains a section regarding the IRB Policy and the IRB Directorate. The website includes information about the changes to the IRB Policy, an IRB information kit for small and medium-sized enterprises, and a listing of current procurements and their IRB managers.
Additionally, the draft IRB Business Plan has identified the following key outputs related to citizen-focused service for 2010–11:
- finalizing the IRB Communications Plan;
- developing a strategic outreach plan;
- producing a draft IRB annual report for internal use (expected approval in Fall 2010);
- developing content and messaging for an enhanced IRB website to support industry enquiries; and
- hiring a resource to redevelop the IRB website and communications strategy.
3.2.4 Public Service Values
The IRB Directorate adheres to the Values and Ethics Code for the Public Service. The code contains a Statement of Public Service Values, measures to prevent Conflict of Interest situations, post -employment rules of conduct, and methods of compliance and avenues of resolution for issues arising from the code.
This code is communicated to employees via the IC intranet. The Public Service Disclosure Protection Act provides a formal channel of communication for people to report suspected improprieties.
New IRB Directorate employees are alerted to the importance of the Values and Ethics Code and its requirements via their letter of offer. However, there is currently no requirement for IRB employees to periodically acknowledge compliance with the code. Such a procedure is considered a best practice to reinforce an organization's commitment to values and ethics.
3.2.5 Results and Performance
"Industrial and Regional Benefits" was added as a Sub-Activity to Industry Canada's Program Activity Architecture in 2009–10. As a result, the IRB Directorate's performance measures are included in IC's Report on Plans and Priorities (RPP), and the results achieved are documented against planned performance in the Departmental Performance Report (DPR).
The Directorate is working to modify the wording of the indicators specified in the 2009–10 RPP and DPR to more accurately reflect the performance of the IRB Policy.
The Directorate has been reporting to the Deputy Minister on a bi-weekly basis on the status of key current and upcoming IRB projects. Ad hoc reports are also prepared in response to requests from various levels of management.
In 2010–11, the IRB Directorate launched:
- a bi-monthly report to the Minister containing metrics regarding the IRB portfolio; and
- an internal annual report containing an analysis of current and future IRB opportunities and metrics regarding the IRB portfolio.
The IRB Directorate has initiated a project to create a Data Management System (DMS) to replace the current IRB database. The DMS is intended to improve the capture, reporting and verification of IRB information. In preparation for migration of data to the new database, the Directorate has begun a process to validate the project information contained within the current database. Our audit did not involve a detailed examination/assessment of the accuracy of project file information.
The draft Business Plan indicates that an evaluation of the IRB Policy will be conducted during the planning period.
Essentially, the IRB Directorate has taken several positive steps towards implementing a more robust performance reporting regime.
top of page3.2.6 Learning, Innovation and Change Management
The key document guiding the changes being implemented by the IRB Directorate is the three-year draft Business Plan, which includes a vision statement developed during a two-day planning session, as well as guiding principles and mandate.
The plan identifies seven strategic areas critical to enabling the Directorate to continue to meet its mandate, achieve its vision and address the risks and challenges facing it in the future. Change initiatives are identified by fiscal year. The IRB Directorate indicates that once the Business Plan is approved by senior management, these change initiatives will be mapped by fiscal quarter.
A key risk identified in the draft Business Plan is the implementation of new standardized processes. Mitigation strategies are indicated. According to IRB management, comments from staff have been incorporated into the draft plan, which was presented at an all staff meeting.
As noted above, there is a requirement for on-the-job training/learning for new IRB employees. The Directorate put in place a new organization structure partly to allow for such training of junior IRB managers, and for succession planning.
The Directorate has ensured that senior management communicates clearly on staff expectations; has established mentoring relationships between senior and junior IRB managers via the new organizational structure; and is developing standardized processes via their process mapping exercise.
3.2.7 Accountability
The IRB Directorate undertook a verification exercise (completed in January 2010) to determine areas of concern within IRB operations. One of the findings was that roles and responsibilities of IRB management were not clearly defined. The exercise also found that IRB did not have a clear process or definition of roles when a "red flag" concerning a transaction occurs.
The results of the verification project, coupled with the changes to the IRB Policy announced in September 2009, led the Directorate to undertake significant changes to its management control framework. Changes planned for 2010–11 include:
- Updated work descriptions for IRB Directorate positions;
- A process to review performance on a quarterly basis for those IRB staff that report directly to the Director;
- A new team-based organizational structure; and
- Standardization of operational and business processes and a project management framework to ensure consistency among IRB teams.
3.2.8 Governance and Strategic Direction
In reviewing the governance structure, we expected that the IRB Directorate would have clearly defined and communicated strategic directions and strategic objectives, aligned with its mandate, and operational plans and objectives aimed at achieving IRB Policy objectives.
As part of the changes it made to its management control framework, the IRB Directorate has developed a three-year draft Business Plan (2010–2013), developed in July 2010, that:
- Communicates the vision, mandate and mission of the Directorate;
- Aligns strategic directions and strategic objectives with its mandate and related risks;
- Includes draft operational outputs and objectives aimed at achieving its strategic objectives; and
- Includes an analysis of external and internal risks that may affect the objectives, policies and/or control environment of the Directorate as well as proposed responses and mitigating strategies.
At the time of our audit, the IRB Business Plan had not received approval from IC senior management. Furthermore, the plan did not identify a specific process/mechanism to monitor its implementation or an estimate of resources that may be required for implementation and related accountability.
The IRB Directorate is included in both the Industry Sector (IS) Business Plan, and the IS Integrated Human Resources Plan (2010–2013). Both plans have been shared with all IS staff via the intranet.
Overall, we found that strategic directions and operational plans, operational outputs and objectives to support the achievement of IRB objectives, and linkages between high-level IRB business priorities and operational work objectives were identified in the draft Business Plan. However, we did not find an explicit process to monitor the implementation of the Business Plan to ensure success.
Recommendation 1.0: The Director, IRB Directorate should ensure the approval of the draft Business Plan and institute a formal process to monitor implementation of the Business Plan initiatives and the IRB MCF.
Core management controls include an expectation that an oversight body/mechanism/function, composed of sufficiently skilled members, would exist to monitor the effectiveness of the application of IRB Policy, receiving timely and accurate information and effectively exercising its oversight function.
The Procurement Review Policy, whose objective is to enhance the use of procurement in support of industrial and regional development, states that Industry Canada is responsible for the coordination and management of the Canadian Annual Procurement Strategy (CAPS), the process by which the government determines its overall strategy for the use of procurement in support of industrial and regional development. The IRB Directorate indicates that the CAPS process has not been used for the past decade.
Several government committees exist to review individual or aggregated procurements. These include:
- The Procurement Review Committee (PRC) (one committee for each procurement), chaired by the contracting authority, which conducts a review of the socio-economic aspects of individual or aggregated procurements, recommends to the operating and contracting departments appropriate procurement strategies, and where industrial and regional benefits or other national objectives form part of the bid evaluation, receives briefings on the results of bid evaluations;
- The Senior Procurement Advisory Committee (one committee for each procurement), which carries out the procurement review functions of the PRC for projects over $100 million as set out in the Treasury Board policy on Major Crown Projects;
- The Major Crown Projects—Interdepartmental Overview Committee, which is an ad hoc committee that provides a forum to discuss issues and concerns related to CFDS procurements. The committee includes representatives of various government departments including Industry Canada; and
- Working groups at each of the Director General and Assistant Deputy Minister levels, instituted recently by the IRB Directorate with DND and PWGSC to discuss contracting and IRB issues. Both of these groups have held initial meetings and are establishing terms of reference.
Although the above-mentioned committees are monitoring aspects of the procurement process, no single oversight body or mechanism is tasked with monitoring the effectiveness of the application of the IRB Policy.
The profile of the IRB Policy has increased significantly in recent years because of CFDS and increases in defence-related procurement. In addition, recent organizational and verification reviews in IRB have identified a number of areas for improvement. An oversight mechanism would significantly enhance monitoring of the application of the IRB Policy and related accountability obligations and provide strategic advice.
Recommendation 2.0: The Director General, ADMB should explicitly identify an oversight mechanism to monitor the effectiveness of the application of the IRB Policy.
3.3 Risk Management
According to the Core Management Controls, in an environment with well-designed controls, management and staff should have a solid and up-to-date understanding of the internal and external factors that may expose their strategic and operational objectives to risk. Well-managed organizations should have in place formal and institutionalized practices that permit them to monitor their environments for conditions that may result in risk or opportunity.
The existing components of the IRB risk management regime include the following:
- The draft Business Plan includes an analysis of external and internal risks that may affect the objectives, policies and/or control environment of the Directorate;
- For each of the seven areas of critical importance within the draft Business Plan, there is a listing of key risks, and a strategy to mitigate those key risks; and
- As part of the IRB transaction verification process, IRB managers conduct risk assessments to identify/verify large transactions, or transactions that are high risk from an operational policy perspective. This process is not documented, and the approach differs among IRB managers.
The draft Business Plan indicates that a Risk Analysis Framework will be developed and implemented during the planning period. We noted that the Plan does not provide an assessment of each risk in terms of impact and likelihood.
According to the Core Management Controls, management should have a documented approach to risk management that identifies risks that may preclude the achievement of its objectives, and that identifies and assesses the existing controls in place to manage its risks.
As part of the changes to its management control framework, the Directorate is currently mapping key processes, procedures and controls related to IRB.
At the IRB project level, we did not find documented and articulated risk management practices or a risk methodology. We were informed that risk-related issues are discussed at staff meetings. The IRB Directorate should articulate, document and communicate its risk management practices/methodology and related tools to ensure an appropriate risk-based monitoring and management approach to its projects. The methodology should encompass an assessment of the impact and likelihood of risks that are identified.
Recommendation 3.0: The Director, IRB Directorate should ensure that, at the project level, risk methodology, risk management practices, and related tools are documented and communicated.
4.0 Conclusion
The IRB Directorate's initiatives to update its MCF are partially implemented or under development and, therefore, it is too early for AEB to provide an assessment of the MCF's effectiveness. The Directorate's draft Business Plan 2010–13 represents a proactive approach to define the Directorate's vision and mandate, and it contains the key foundational pieces of the revised MCF that need to be implemented. The proposed MCF aligns well with most of the criteria of OCG Core Management Controls.
Appendix A: Audit Criteria
| Criteria | OCG Core Management Controls Reference | |
|---|---|---|
| Oversight Bodies are established | Senior Management Committee is established, composed of sufficiently skilled members, and meets regularly. | G1 |
| The oversight body has a clearly communicated mandate. | G2 | |
| The oversight body requests and receives timely, complete and accurate information. | G6 | |
| Management appropriately communicates its risks and risk management strategies to key stakeholders. | RM-6 | |
| Independent oversight exists to monitor and provide assurance on the quality of risk management and due diligence in risk decision-making. | RM-8 | |
| The Organization | The organization has clearly defined and communicated strategic directions and strategic objectives, aligned with its mandate. | G3 |
| Operational plans and objectives aimed at achieving its strategic objectives are in place. | G4 | |
| External and internal environments are monitored to obtain information that may signal a need to re-evaluate objectives, policies and/or control environment. | G5 | |
| Public Service Values | Does management, through its actions, demonstrate that the organization's integrity and ethical values cannot be compromised? | PSV-1 |
| Is the Code of Ethics documented? | PSV-2 | |
| Do formal channels of communication exist for people to report suspected improprieties? | PSV-3 | |
| Has the organization's corporate values and ethics, code of conduct or equivalent policy been communicated clearly internally and to external stakeholders? | PSV-4 | |
| Do employees formally and periodically acknowledge compliance with the organization's corporate values and ethics, code of conduct or equivalent policy? | PSV-5 | |
| HR Planning | Is HR planning aligned with strategic and operational planning? | PPL-1 |
| Do recruitment, hiring and promotion consider the current and future needs of the organization? | PPL-2 | |
| Does the organization provide employees with the necessary training, tools, resources and information to support the discharge of their responsibilities? | PPL-4 | |
| Planning and resource allocations consider risk information. | RM-7 | |
| A clear and effective organizational structure is established and documented. | AC-3 | |
| The organization has in place a formal approach to knowledge and talent management. | LICM-4 | |
| Employee Performance Review | Does the organization have in place a system for the performance evaluation of employees? | PPL-5 |
| Does the organization have in place a formal system of rewards and sanctions? | PPL-6 | |
| Performance results are linked to management and staff evaluations. | RP-4 | |
| Communication Process | Formal communication processes/mechanisms exist and support sharing of timely, relevant and reliable information to users and other external stakeholders. | CFS-1 |
| Feedback from users and other stakeholders drives strategic and operational planning. | CFS-2 | |
| The organization takes measures to facilitate access to its services. | CFS-5 | |
| Risk Management | Management has a documented approach with respect to risk management. | RM-1 |
| Management identifies the risks that may preclude the achievement of its objectives. | RM-2 | |
| Management identifies and assesses the existing controls that are in place to manage its risks. | RM-3 | |
| Management assesses the risks it has identified. | RM-4 | |
| Management formally responds to its risks. | RM-5 | |
| Management appropriately communicates its risks and risk management strategies to key stakeholders. | RM-6 | |
| Accountability | Authority, responsibility and accountability are clear and communicated. | AC-1 |
| Employees formally acknowledge their understanding and acceptance of their accountability. | AC-2 | |
| The organization's accountability(ies) in support of collaborative initiatives are formally defined. | AC-4 | |
| Change Management | The organization has in place a process to identify change opportunities/requirements. | LICM-1 |
| The organization has processes and practices to ensure change initiatives are properly implemented. | LICM-2 | |
| Change initiatives are well communicated. | LICM-3 | |
| Results and Performance | Management has identified appropriate performance measures linked to planned results. | RP-2 |
| Management monitors actual performance against planned results and adjusts course as needed. | RP-3 | |
| Forecasts are monitored on a regular basis. | ST-4 | |
| Policies and Programs | The organization has resources to support research and policy analysis. | PP-1 |
| The organization has a formal and rigorous approach to policy and program design. | PP-2 | |
| Monitoring of policy options and program design occurs in a regular and timely manner. | PP-3 | |
| Guidelines and procedures that are aligned with government-wide policies and expectations have been defined and implemented. | PP-4 | |
| Clear departmental policies and guidelines consistent with government policies. | PP-IC2 |
Appendix B: Management Action Plan
| Recommendation (Page/Section) | Planned Action or Justification for no action on the Recommendation | Responsible Official | Target Completion Date |
|---|---|---|---|
| 1. The Director, IRB Directorate should ensure the approval of the draft Business Plan, and institute a formal process to monitor implementation of the Business Plan initiatives and the IRB MCF. | Director, IRB Directorate will continue to work with senior officials regarding the approval of the IRB Business Plan. The IRB Directorate will develop specific detailed project plans for each deliverable within the Business Plan. These project plans will include major milestones and completion dates. | Director, IRB | Complete implementation plan by March 31, 2011 |
| 2. The Director General, ADMB should explicitly identify an oversight mechanism to monitor the effectiveness of the application of the IRB Policy. | DG, ADMB will investigate oversight models for the IRB Policy, including looking at oversight models for other programs and the existing interdepartmental mechanisms that look at procurement-related issues. | Director General, ADMB | New oversight process in place by Fall 2011. |
| 3. The Director, IRB Directorate should ensure that, at the project level, risk methodology, risk management practices, and related tools are documented and communicated. | Director, IRB Directorate is in the process of reviewing and standardizing business processes related to IRB transaction management. The risk management framework will be integrated into these processes. External project management advice will be sought in developing the framework. Once this framework is in place, IRB business processes will be updated at the project level to include risk management practices. | Director, IRB | Risk Management Framework created by June 2011. IRB Processes updated to reflect project-level risk management by September 2011. |
Figure Descriptions
Description of the image Summary Status of the Industrial and Regional Benefits MCF
Table 1: Summary Status of the Industrial and Regional Benefits MCF, provides an overview of the implementation status of the IRB Directorate's MCF by the ten following MAF elements as well as by using a three-stage progressive development scale which are either in Start-up phase, In-progress or Implemented: Public Service Values Status: Implemented; Results and Performance Status: In Process; Learning, Innovation and Change Management Status: Start-up Phase; Governance and Strategic Direction Status: Start-up Phase; Policy and Programs Status: Start-up Phase; People Status: In Process; Citizen-Focused Service Status: In Process; Accountability Status: Start-up Phase; Stewardship Status: To be assessed later; Risk Management Status: Start-up Phase.