FOLLOW-UP TO MANAGEMENT ACTION PLANS
Prepared by the
Audit, Evaluation and Review Directorate
This follow-up report on the implementation of management action plans concludes the internal audit process and program evaluation, and outlines the measures taken by various responsible entities in response to our findings and recommendations. According to the follow-up process in effect, management action plans are to be reviewed annually until they are fully implemented and the extent of implementation is to be assessed and reported to the Audit and Evaluation Committee.
This annual report contains the follow-up findings as at March 31, 2005 for 11 audit projects and an evaluation project, for which reports and management action plans were submitted to and approved by the Audit and Evaluation Committee.
We believe this report clearly shows that management is diligently implementing the recommendations that were drawn up. Overall, we are satisfied that the responsible entities are implementing the components of their action plans to which they committed themselves.
The following pages contain additional details of the progress achieved with the action plan for each audit project.
Audit Project: 00/01 01-03
Audit Project objective
The Audit Project objective was to provide management with assurances that the Information Technology Division had an appropriate management framework to meet the requirements of the central agencies and that financial and operational management controls had been applied with sufficient rigour.
In September 2001, we reported that Information Technology (IT) had competent, professional managers who could tackle the many challenges in the constantly changing IT field. We also said we believed the IT management framework fulfilled expectations very well, but nonetheless required some improvements. During our review, we found that management was already taking action to solve some of the problems raised in the Audit Report.
The four activities in abeyance as at March 31, 2005 were implemented during the 2004-2005 fiscal year.
The setting up of a project management system in January 2005 and the reorganization of IT into two distinct groups, ie, information systems and infrastructure and computer support management, completed the implementation of the part of the action plan focussing on the management framework.
As for the recommendations with respect to procedures, the action plan was completed with the adoption in July 2004 of a systems acquisition and development policy and the development and putting into practice of off-site backup procedures.
Audit Project: 00/01 01-04
Audit Project objective
The Audit Project objective was to provide management with assurances that the Information Management Division had an appropriate management framework to meet the requirements of the central agencies and that financial and operational management controls had been applied with sufficient rigour.
Sound document management is essential for ensuring that the information in documents can be accessed and that documents, including documents with archival or historical value, are protected.
In November 2001, we reported that the Information Management (IM) Division had a manager and employees who were competent and professional and had the necessary expertise to tackle numerous challenges in the IM field. We believe that the IM management framework fulfilled expectations very well, but nonetheless required some improvements. During our review, we found that management was already taking action to solve some of the problems raised in the Audit Report.
During the year, implementation of the Livelink Electronic Document Management System (EDMS) got started on schedule. We therefore deemed the activities related to this item in the management's action plan to be completed.
One of the two items in abeyance was the drafting of an IM management framework. It is currently in the review stage and should be completed by June 2005. The document outlines the vision of the IM Division, which is to manage published information and government information, regardless of medium and format. Integration of the Configuration Library has helped to consolidate all of the information management services under IM supervision.
The other item in abeyance was the development of a directory of key documents. The schedule for this project had to be postponed to December 2005 because of a lack of human resources. However, a position has just been filled for this activity and the person will start work on April 1, 2005. Three IM employees have also been given training on how to identify key documents.
Audit Project: 00/01 01-05
Audit Project objective
The Audit Project objective was to assess the degree to which the Security and Facilities Division, which was assigned the responsibilities of managing the operation and maintenance of John H Chapman Space Centre facilities and ensuring their physical security, had an appropriate management framework and complied with the policies, directives and instructions of the central agencies and the Space Agency.
In December 2001, we reported that the Security and Facilities Division was generally carrying out its responsibilities well and going ahead with effective, economical management controls. Nonetheless, we gave management our comments, findings and recommendations on how it could carry out its responsibilities with optimum effectiveness.recommendations_security
A large part of the action plan focusses on improving the Agency's Departmental Security Plan. We reported in the Annual Report of March 31, 2004 that management was fully committed to developing and implementing a departmental security plan in accordance with the Government Security Policy and that several activities had been carried out or were under way.
Management continues intense efforts to implement components of its action plan. The drafting of policies and procedures is under way according to a rigorous and methodical approch. Given the scope of the task, the original schedule has been revised and it is now anticipated that the final security policy will be published in September 2006. To date, the Master Policy on Procedures and Security and the Policy and Procedures Relating to the Conduct of Security Threat and Risk Assessments (TRAs) have been approved. Seven other policies are being developed and are at various stages of completion.
As for facilities management, steps taken to introduce a maintenance and mechanical engineering contract have not been successful. Another approach is being developed in order to finalize the delivery method for property management services.
Audit Project: 01/02 01-01
Audit Project objective
The Audit Project objective was to determine the extent to which the CSA was meeting its financial management responsibilities, especially with regard to monitoring requirements set out in sections 32, 33 and 34 of the Financial Administration Act (FAA) and other Treasury Board requirements for delegating financial authority, committing expenditures, certifying contract performance and verifying accounts for payment purposes.
In November 2002, we reported that financial authority was properly exercised overall. Expenditures were committed and certified in compliance with sections 32 and 34 of the FAA and independent financial officers verified accounts for payment purposes in accordance with section 33.
However, several recommendations were made to consolidate the control framework and improve the effectiveness and efficiency of operations.
Action plan components that were under way and completed to varying degrees on March 31, 2004 are still in progress.
The Delegation of Financial Signing Authorities Chart will have to be reviewed again before it is submitted to the Minister for approval so that new delegated authorities can be taken into consideration as part of human resources management modernization. Management has not satisfactorily followed through on the recommendation to provide coaching (explanations and descriptions) relative to the type and extent of the delegated financial authorities.
The computerization of delegation instruments and the sample-based auditing of changes made to pay files in order to comply with section 33 of the FAA are still scheduled, but subject to priorities and availability of resources.
Moreover, the evaluation and development of a new purchase order (value contract) and the automatic calculation of interest on late payments will be taken into consideration in Phase 2 of the implementation of SAP V 4.7.
Audit Project: 01/02 01-03
Audit Project objective
The Audit Project objective was to provide management with assurances that the unit in charge of co?ordinating the Access to Information and Privacy (ATIP) Policy had a proper management framework that met the requirements of the central agencies and that operational controls were implemented with sufficient rigour. This Audit also determined the volume and types of requests for access to information that were processed during the year and studied the critical path of a request, including approval levels and the number of days required to process requests.
We reported in November 2001 that, although the Access to Information Act and the Privacy Act were passed in 1983 and despite the Agency's short period of existence, the Agency should nonetheless process access to information requests with the same expertise as other more longstanding federal institutions. We also mentioned that the Agency should consider reviewing its business model and the duties involved in co?ordinating access to information and privacy so that adjustments could be made to the roles and responsibilities of various players.
The only activity in abeyance on March 31, 2004 had been implemented during the 2004-2005 fiscal year.
This activity concerned the need for more in-depth training for the person replacing the ATIP Co?ordinator during extended absences. During the year, two IM employees were trained in order to fill in during extended absences. In other respects, because the ATIP will be transferred along with the Corporate Secretariat starting in April 2005, three Corporate Secretariat employees were given training this year on the Access to Information Act.
Audit Project: 01/02 01-04
Audit Project objective
As part of implementing the Financial Information System (FIS), the establishment of opening balances on April 1, 2001 was the starting point for recording and reporting accounts in accordance with the new accounting standards. The objective of this Audit Project was to ensure that opening balances had been correctly established and recorded in compliance with the new accounting standards.
It was pointed out in the audit report submitted in November 2002 that the opening balances as at April 1, 2001, as reviewed and corrected with the participation of the Receiver General and the Treasury Board Secretariat, complied with requirements. However, we submitted recommendations to Corporate Management to the effect that the accuracy of audit balances could be guaranteed throughout the year by validating the balances of certain accounts, setting up periodic account analysis procedures and making effective policies available to the staff.
The Corporate Management Directorate has followed up on nearly all of the components in its action plan. The review of policies and procedures and the implementation of an inventory value assessment mechanism for the purposes of reporting inventory in financial statements is under way.
Periodic procedures for confirming the accuracy of balances in certain major accounts have been developed and implemented. The practices are based on procedures for obtaining confirmations from sector financial officers. We encourage management to continue its efforts to improve periodic account analysis procedures by standardizing analysis formats, for example, and extending them to other general ledger accounts. These account analyses will be all the more necessary since they will be required once the annual audit of financial statements becomes mandatory.
Audit Project: 01/02 01-05
Audit Project objective
The Audit Project objective was to assess the extent to which the management framework for travel expenses helped to carry out the CSA's program and objectives effectively, efficiently and economically while complying with Treasury Board policies and guidelines.
Travel is generally carried out economically and reasonably so as to reduce the financial impact on the Agency. We also reported that there were enough breaches of the rules to conclude that the travel directives were misunderstood both by employees travelling on official business and by managers approving travel and authorizing requests for travel allowances. Several recommendations were put forward to raise staff awareness of the need to comply with policies and procedures and adopt effective, efficient practices.
The Corporate Management Directorate has assumed responsibility for the action plan, although many of the recommendations are intended for all Agency employees. We had reported in the previous annual report that several initiatives had been implemented to inform employees and increase their awareness. With the setting up of the new government travel service Travel AcXess Voyage, employees continued to be provided with information throughout the 2004-2005 fiscal year.
Procedures for account verification on a sample basis and resulting non-compliance reports help to identify weaknesses and establish appropriate corrective measures to keep error rates at acceptable levels.
In 2005-2006, management plans to carry out the in-depth review (or overhaul) of all Agency travel policies and procedures in order to bring them in line with the government Travel Policy issued in October 2002 and with the new government travel service.
Audit Project: 01/02 01-06
Audit Project objective
The Audit Project objective was to assess the degree to which employees have quality information provided in sufficient amounts and on a timely basis to help them carry out their financial management responsibilities, and to assess whether this information is obtained in efficient ways.
The audit report of December 2003 set out recommendations for improving the Agency's financial management capability. We reported that the Corporate Management Directorate had to take action in several ways to give managers at all levels of management more support to help them to carry out their financial management responsibilities.
In 2004-2005, the Corporate Management Directorate implemented several components of the action plan for exercising stricter management of the accounting system and developing a system of codes in accordance with accounting requirements and suited to Agency operations. The accounting system was thoroughly reviewed so that it would henceforth help to identify and classify operations based on their relationship with strategic results and strengthen the financial management of projects. Moreover, consultations that were held (when the new business procedures were established) to develop a new version of the corporate financial management system have helped to promote the financial system to employees.
Considerable effort has gone into reviewing parliamentary appropriations to ensure that they correspond to the type of operations concerned. However, we expect the review to be completed during the 2005-2006 fiscal year and that measures will be taken to ensure that employees have a good understanding of how parliamentary appropriations are used.
The Corporate Management Directorate took advantage of the development of the SAP V 4.7 corporate finance system to take corrective measures to meet financial management requirements and managers' needs.
So that all levels of management can carry out effective and efficient financial management of operations under their responsibility, we had recommended to the Corporate Management Directorate that it establish standards for reports and report content. Despite the importance of this recommendation, management had not yet followed through on the recommendation satisfactorily.
Audit Project: 02/03 01-03
Audit Project objective
The Audit Project objective was to ensure that the Agency carried out its acquisition card management responsibilities properly and effectively. The Audit also assessed the appropriateness of the management framework as well as compliance with related Treasury Board Secretariat (TBS) requirements.
In January 2003, we reported that acquisition cards were an appropriate tool that is suited to modern management practices and can considerably lighten the workload in the Contracts Division, given the nearly 5,500 transactions made by acquisition cardholders per year, worth an average of $415. We also said that practices had changed since acquisition cards were introduced in 1999 and that some practices should be reviewed to tighten up the management framework. We also felt that special attention should be devoted to the administrative aspect of transactions and that a reminder should be sent to key staff members (managers and cardholders) to make them aware of their responsibilities.
Implementation of the action plan is progressing satisfactorily.
One of the items in abeyance is the acquisition card policy, which has been fully reviewed and is currently being revised and translated. It should be completed by late April. The feasibility study to determine the cost-effectiveness of using acquisition cards as a payment tool was carried out last year. However, after priorities were reviewed, the analysis of the study data was postponed.
After many past and present changes made and undergoing to the way the acquisition card program is managed, the method of increasing cardholder awareness will now be reviewed. An approach giving preference to information bulletins rather than group training will be adopted.
Moreover, this awareness building can only be carried out when the upcoming acquisition card module in Phase 2 of the introduction of SAP V 4.7 is operational. Inventory control procedures to ensure that purchases of non-consumables worth more than $1,000 or attractive assets purchased with acquisition cards are entered in inventory will also be reviewed after the acquisition card module is set up in SAP V 4.7.
Audit Project: 02/03 01-04
Audit Project objective
The Audit Project objective was to determine the extent of implementation of the action plan submitted in response to the Health Canada recommendations issued in the Health Canada report of March 1999 concerning the Occupational Health and Safety Program. The report submitted by Health Canada in March 1999 put forward 36 recommendations.
In April 2003, we reported that considerable effort had been made since the action plan had been submitted to the Executive Committee in July 2001. Moreover, some actions set out in the plan involved the Occupational Health and Safety Policy Committee (OHSPC), whereas the Committee was not yet active in the Agency at the time of the audit.
Furthermore, some actions set out in the plan involved the Human Resources Directorate, the Local Occupational Health and Safety Committee (LOHSC) and the OHSPC. However, these entities were not in agreement on the identified actions or methods of implementing them.
The OHSPC was set up in the spring of 2003 and its roles and responsibilities were established at that time. The Committee's first meeting was held on April 24, 2003. Another meeting was held in October 2003 and the most recent was held in April 2004. The OHSPC has not held a meeting in over 11 months since then. Since April 1, 2005, the OHSPC no longer has a Chairperson. A new Chairperson will have to be appointed so that the Committee's activities can continue.
To date, three actions have not yet been carried out, although they were initially scheduled for October 2003. These three actions have to do with identifying specific actions and drawing up an implementation plan for three of the recommendations set out in the Health Canada report. The actions identified in the CSA action plan in response to the Health Canada report do not have the unanimous agreement of the parties involved, ie, the Human Resources Directorate, the OHSPC and the LOHSC.
The new Chairperson of the OHSPC will have to address this issue in order to reach a consensus within a reasonable period of time.
Audit Project: 03/04 01-04
Audit Project objective
The Audit Project objective was to ensure that the policies, procedures and practices (PPPs) of the Project Approval and Management Framework (PAMF) had been updated in response to observations and recommendations set out in the audits conducted in 2002 by the Audit, Evaluation and Review Directorate and the Office of the Auditor General of Canada. Another objective was to ensure that the PPPs were operational and systematically implemented in all projects carried out at the Agency.
In March 2004, we reported that the review of the PAMF was in progress and encouraged the Project Management group to continue its efforts by including new measures in its action plan to ensure that the area of application of the policy was extended to all projects carried out at the Agency. Other recommendations focussed on support for the implementation of the project management framework using standardized procedures and practices suited to requirements.
To ensure more rigorous, uniform management of projects, minimum requirements for documentation have been established with respect to project planning, implementation, monitoring and termination. Various work instruments have also been reviewed to make them more suitable for the circumstances of projects conducted at the Agency, while other instruments have been developed to provide greater support for persons concerned.
A major review of PPPs has been carried out to reflect various changes made to components of the Project Approval and Management Framework. One of the most important changes was to distinguish the corporate policy from procedures and practices. Moreover, in order to account for all of these changes and facilitate access to supporting documents, the intranet site assigned to project management and risk management has been completely overhauled.
Several action plan components that are under way concern the review of the policy, which must reflect the clarifications and corrections that have been made and communicate them to various persons concerned. Some practices will also have to be reviewed because of the introduction of the project management module into the SAP V 4.7 and of the electronic document management system (Livelink).
The PAMF review process will be completed once the policy has been approved by the Internal Management Committee and the new management framework has been submitted to and approved by the Treasury Board Secretariat.
Audit Project: 02/03 02-01
Evaluation Project objective
The Project objective was to provide management with an evaluation of the extent to which the forecast objectives of the Canadian Space Station Program had been achieved as well as a statement of CSSP results. We looked at the management framework to ensure that it was appropriate and met the requirements of the central agencies and that financial management and operational controls were implemented with sufficient rigour.
In April 2003, we reported that the CSSP had achieved several of the initially established objectives. We also mentioned that we believed that the existing management framework required some improvements. We made some recommendations with respect to project management, risk management, financial management, strategic planning and distribution of industrial regional benefits.
To date, all of the recommendations have been implemented in whole or in part.
Virtually all of the actions set out in the plan for the Project Management Framework have been implemented. The adoption by the Executive Committee of changes to the Project Approval and Management Framework (PAMF) will complete the implementation of this part of the action plan. As for financial management, the upgrading of the SAP corporate financial system is under way and should help provide managers with the tools they need for proper financial management.
As for the distribution of industrial regional benefits, we will discuss this issue again during upcoming program evaluations. An action plan has been implemented to help the CSA meet its objectives for all regions.