2005 Audit Recommendations - Status Tracking | ||||||||||||||
Audit: Management Control Framework | (EMC Lead: K.Kirkpatrick / Staff Lead: various | |||||||||||||
Audit Recommendation | Management Response | Comments | Budget Implications 2007 or Beyond |
Related Council Motions | Status Update | |||||||||
Audit Management Response | Action Required Based on DCM Implementation Plan | Management Timelines (Q1- Q4) | (Risks, issues regarding implementation, etc) | ($$ if known) | ||||||||||
1i) | c) incorporating capacity planning in the planning process and the plan and, | Management
agrees with explicitly identifying key assumptions used in the development of
the plan. This will be addressed through post mortem – see response above.
This will be implemented as part of the CCP refresh that will take place in
late 2006. Regarding the recommendation that the CCPPR Officer investigate the opportunity to integrate the Corporate Services Priority setting tool, see response regarding capacity assessment above. As noted by the Auditor General, the Corporate Planning process was implemented recently and will evolve over time. Through mechanisms such as the post mortem we are taking a continuous improvement approach and will identify areas where the process can be improved. |
We disagree with this
observation. |
N/A | No | Capacity
planning was included in the planning process and the CCP. The planning process followed specifically
took capacity constraints into account.
The feasibility of implementing each action item included in the CCP
and DBPs within the existing resource base was evaluated by the City
department(s) involved. Where this
was not possible, the additional resources required were highlighted and
included in the costing of the plans that were submitted to Council. This is a simple, cost-effective approach
to capacity assessment. Subject to further discussion between the Auditor General and the Council Audit Working Group. |
||||||||
2 | That the City Manager ensure there is a review to update the Centres of Expertise Service Level Agreements, including definition of performance levels, monitoring requirements and approach for identifying and resolving issues or disputes. | Management agrees with this recommendation. A draft proposed process, addressing all of these elements, will be presented to Senior Management Team (SMT) at the January 2006 meeting. This project is a priority identified in the 2006 Corporate Services departmental business plan and will be included in the 2006 workplan of the Office of the Chief Corporate Services Officer. | This project is a priority identified in the 2006 Corporate Services departmental business plan and will be included in the 2006 workplan of the Office of the Chief Corporate Services Officer. | Q4 - 2006 | No | The Chief Corporate Services Officer and the members of EMC and SMT continue to treat this as a significant issue. Work on this project has slowed down as a result of the accelerated 2007 Budget approval process as consideration has to be given to the availability of resources in CS and the availability of directors. Therefore, the priority timetable will be revisited during Q1 07 and we will proceed to continue with work on this project as resources permit. | ||||||||
3 | That the Chief Corporate Services Officer develop a formal financial management control framework that clearly defines financial management accountabilities, control objectives, risks and the related control processes/mechanisms that have been put in place to mitigate the risks. The roles and responsibilities as they relate to shared services (in particular, the Financial Support Units) should link to those set out in the Service Level Agreements between Financial Services and client departments. | Management agrees with the recommendation to develop an overall framework. If this framework is supposed to be broad and intended to describe general control objectives, levels of responsibility, overall control policies and philosophy, then this exercise is achievable in 2006, likely within existing resources. One specific issue that will be addressed, as part of the SLA updates noted in the response above, will be a clarification of the role of the Financial Support Units, so that services will be provided on a consistent basis and their role will be well understood Management will also establish parameters for review of transactions that will be consistently applied. | The development of a financial control framework has not been initiated as the Auditor has undertaken an audit of the Financial Control Environment. This second audit will undoubtedly provide more substance as to the nature of the control framework therefore the work has been put on hold until the completion of the second audit. | Completion in 2007 | While the original response indicated that the framework could be developed with existing resources this no longer is possible therefore to undertake this work in 2007 will require one-time funding of $100,000 to hire a consultant to deal with this and whatever arises from the 2nd audit. | No | On hold until
completion of audit of Financial Control environment. Since the budget requirement was identified after the tabling of the original report, discussion and approval will be required of CAWG. |
|||||||
4 | That the CCPR
Officer introduce integrated risk management within the City, as part of the
planning and performance management cycle.
This would include such activities as: a) development of an integrated risk management policy, b) development of tools and approaches for risk management, and c) provision of risk management training. |
Although
Management agrees with the Auditor General’s recommendation in principle,
Management does not believe it would be practical to implement this
recommendation at this point. The cost/benefit of implementing a full blown,
organization-wide risk management initiative, as suggested by the Auditor
General, is not clear, nor is it clear that this is a widely accepted best
practice in municipal governance. Recent implementation of these types of
programs in the private sector has been driven to a considerable extent by
Sarbanes-Oxley requirements in the U.S.
To Management’s knowledge, in the few cases where Canadian
municipalities have experimented with them, implementation has not been
successful. Management’s priority at this point, from a management control framework perspective, is on rolling out the planning framework and developing and implementing the performance measurement and reporting framework, throughout the organization over the next 2-3 years. Nonetheless, certain steps Management is taking to enhance the Corporate planning process, such as the presentation of a comprehensive environmental scan, which will identify risks to be considered in developing the City Corporate Plan and Departmental Business plans, will address this issue. |
We do not believe it would be practical to implement this recommendation at this point. The cost/benefit of implementing a full blown, organization-wide risk management initiative, as suggested by the Auditor General, is not clear, nor is it clear that this is a widely accepted best practice in municipal governance. To our knowledge, in the few cases where Canadian municipalities have experimented with them, implementation has not been successful. Our priority at this point, from a management control framework perspective, is on rolling out the planning framework and developing and implementing the performance measurement and reporting framework, throughout the organization over the next 2-3 years. | N/A | $425K was never addressed in the original report - revised financial implication coming forward in revised busiess case | No | A business case
for the potential implementation of an Integrated Risk Management Framework
was completed in January 2007. Staff
recommendation remains deferring implementation of such a framework to focus
on other priorities. CAWG considered business case at is
meeting on January 29th. CPPRO will undertake the following to address the AG recommendation: i) modify the existing risk management policy or develop a new Corporate integrated risk management policy by 2008; |
|||||||
4 | Regarding the development of an
integrated risk management policy management, Management believes that the
Auditor General’s observations in this area should take into account that the
City has a risk management policy, which was approved by Council in 2001,
confirms the City’s commitment to sound risk management processes. Some of
the specific measures that Corporate Services has taken to explicitly address
risks in different areas are outlined in this policy. For example, risk
management principles are explicitly applied in investment decisions, in
decisions regarding insurance coverage and in providing and maintaining safe
conditions in the workplace. In addition, risk management processes are also
applied in other key areas. The Emergency Measures Unit has identified
catastrophic risks that could impact the City and has developed a
program/plan to address them. Moreover, on an ongoing basis, Public Works
staff perform construction/maintenance project risk assessments and
procedures have been adopted by the City to ensure that risks are reasonably
transferred through the tender, contract and agreement process. Both Real
Property Asset Management and Public Works and Services have adopted Comprehensive Asset Management Strategies that have been approved by City Council and that include inventories, gap analyses and strategies for decommissioning and rehabilitating infrastructure reaching the end of its lifecycle. |
Nonetheless,
certain steps we are taking to enhance the Corporate planning process, such
as the presentation of a comprehensive environmental scan, which will
identify risks to be considered in developing the City Corporate Plan and
Departmental Business plans, will address this issue. We have also developed an estimate of the
cost involved in implementing an integrated risk framework on a Corporate-wide basis and will include this activity for consideration by Council in the 2007 budget submission. |
ii) introduce into its guidance for the preparation of branch business plans, a section that outlines the potential risks to the achievement of the branch objectives; iii) develop a template that can be used to capture the 3-5 most significant risks for each branch & how those risks are addressed - this will be integrated with the branch business plan templates & will be made available in 2008 for the 2009 business planning cycle; & iv) develop a course to be offered in the latter part of 2008 on risk management relating to the application of these concepts & the use of the template. | |||||||||||
Yes | This course will be offered to management staff involved in the the evaluation of risk as part of the business planning process. We estimate the cost of policy development, training material development & delivery is $150K, which we will include as a budget pressure for 2008. | |||||||||||||
5 | That the Chief Corporate Services Officer complete plans for reviewing and updating corporate administrative policies and developing a new corporate policy framework, which should include a single point of access, common look and feel, the consolidation of by-laws, and defining a timetable for when the process will be completed. Departments should monitor their plans to ensure that the harmonization of operational policies and procedures are completed on a timely basis. | Management
agrees. Plans are currently being developed within Corporate Administrative
Policy and Performance Management (CAPPM) for reviewing and updating
Corporate Administrative Policies and developing a new corporate policy
framework. This framework will be completed and presented to EMC for approval
in Q4 2006. In defining a timetable for when the overall policy update process will be completed, consideration has to be given to availability of resources. The same resources to complete work outlined in 4.2 COE, will be deployed to complete this work. The Management Advisory Committee chaired by the Chief Corporate Services Officer will prioritize the updating of policies. |
Plans are currently being developed within CAPPM for reviewing and updating Corporate Administrative Policies and developing a new corporate policy framework. This framework will be completed and presented to EMC for approval in 2006. The Management Advisory Committee chaired by the Chief Corporate Services Officer will prioritize the updating of policies. | No | Anticipate the framework will go forward to MAC and EMC in Q2 2007. | |||||||||
By-laws are now consolidated on
the City’s Intranet, work being completed by these same resources. With regard to departments monitoring of their plans to ensure timely harmonization of operational policies and procedures, management agrees but no specific changes or initiatives are required in response to this recommendation. As noted by the Auditor General, this responsibility rests with each department. CAPPM will work with each department regarding Corporate Administrative Policy to share experience, tools and approaches, however operational policies and procedures at the sub-corporate level (Departmental or Branch) are the responsibility of those policy owners. The CAPPM will monitor the implementation of the corporate framework and report on an annual basis to the Chief Corporate Services Officer. |
||||||||||||||