Multi-year Risk-based Audit and Evaluation Plan

Introduction
Internal Audit and Evaluation Directorate Services
Internal Audit and Evaluation Directorate
Multi-year Risk-based Audit and Evaluation Plan Methodology
2019-20 Multi-year Risk-based Audit and Evaluation Plan Methodology.
Audit Project Schedule (From 2019- 20 to 2021-22)
Five-year Evaluation Schedule (2019-20 to 2023-24)
Annex 1: Public Safety Canada Departmental Core Responsibilities and Program Inventory
Annex 2: Public Safety Canada Audit and Evaluation Coverage (Past 5 Years and planned 2019-20)
Annex 3: Public Safety 2019-22 Risk Categories and Coverage
Footnotes

2019-2020

MESSAGE FROM THE CHIEF AUDIT AND EVALUATION EXECUTIVE

Public Safety’s Internal Audit and Evaluation Directorate (IAED) adds value by being an agent of positive change and innovation. We bring a systematic, disciplined approach to evaluate and improve the effectiveness and efficiency of the Department’s risk management, controls, governance, programs and initiatives.

Our Mission: To foster and influence management excellence, performance and accountability by providing objective and independent insights.

Our Vision: To be a trusted advisor to management and to our stakeholders.

MULTI-YEAR RISK-BASED AUDIT AND EVALUATION PLAN

As the Chief Audit and Evaluation Executive, I am pleased to present the 2019-20 Multi-year Risk-based Audit and Evaluation Plan (RBAEP) that describes the internal audit and evaluation priorities and activities in support of Public Safety’s strategic priorities.

The RBAEP details the assurance, evaluation and consulting services that the IAED will provide, independent of line management, to sustain a strong, credible regime that supports the Deputy Minister in the role of accounting officer and contributes directly and proactively to sound performance measurement, risk management, control and governance.

The Plan guides the allocation of our financial and human resources to achieve our objectives. It takes into account the necessary alignment with organizational risks and priorities. The audit and evaluation coverage proposed in the Plan strives to achieve senior management’s expectations and high risk areas for the department. IAED is currently undergoing a strategic resourcing analysis exercise that will further position the function to effectively and efficiently deliver its suite of services.

Our Plan sets out an exciting and innovative year ahead. I look forward to contributing to advancing the Department’s priorities.

Daniel Giroux
Chief Audit and Evaluation Executive

Introduction

Purpose and Scope of the Plan

The Risk-based Audit and Evaluation Plan (RBAEP) describes the planned engagements to be undertaken by the Internal Audit and Evaluation Directorate (IAED) (see “Audit and Evaluation Project Schedule”), allocates audit and evaluation resources to the areas that represent the greatest risk and priority to Public Safety (PS) and, as such, ensures that the IAED adds value to the department and to Canadians. The Plan is a rolling, multi-year instrument that is developed and updated annually in compliance with applicable Treasury Board of Canada policies and professional standards, most notably the Policy on Internal Audit and the Policy on Results.

The audit and evaluation project schedule has been reviewed and recommended by both the Departmental Audit Committee (DAC) and Performance Measurement and Evaluation Committee (PMEC).

Public Safety Operating Environment and Key Risks

PS operates in an ever-changing environment with a wide array of internal and external factors that have the potential to significantly affect the Department’s operations and programs. As a result, the Department requires a high level of adaptability and flexibility, and must remain at the forefront of threats and developments that can affect its ability to deliver on its broad mandate and results for Canadians.

PS has identified four corporate risks that address the ever-changing environment and organizational pressures. The 2019-20 corporate risks are:

There is a risk that some program outcomes relying on the actions of partners will not be met;
There is a risk that Public Safety will be unable to keep pace with and take advantage of technological advances;
There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment; and,
There is a risk that the Department will not attract and retain the employees required to achieve its organizational objectives.

Internal Audit and Evaluation Directorate Services

The IAED has three main functions: internal audit, evaluation and professional practices.

Internal Audit

In line with the Treasury Board Policy on Internal Audit and the Institute of Internal Auditors (IIA) Professional Standards, IAED offers two types of services:

Assurance engagements:

Internal Audits: Internal audit is an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operation. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Laser Audits: Comparable to a typical internal audit, but focuses on providing assurance that core controls within an entity are working as intended. Scope is narrower and defined using a less intensive approach.

Consulting Services:

Control Self-Assessment: to support a work team in its self-assessment of the performance of key governance, risk management and control processes (through a facilitated workshop or survey).
Consulting Engagements: to support management in any area related to controls, risk management or governance, including enterprise risk management, advice during program or systems development, etc.

Evaluation

Evaluation is the systematic and neutral collection and analysis of evidence to judge merit, worth or value. Evaluations typically focus on programs, policies and priorities and examine questions related to relevance, effectiveness and efficiency.

In line with the Treasury Board Policy on Results, IAED offers two types of evaluation services:

Program Improvement Services:

Delivery Evaluations: Focus on the implementation of a program or policy, the production of outputs and ways to improve efficiency.
Impact Evaluations: Assess the results and outcomes of a program or policy, the department’s influence on the observed changes, and issues such as alternatives and improvements.

Consulting Services:

Performance Measurement: to support the creation of logic models and performance measures as part of Performance Information Profiles to outline intended outputs and outcomes.
Targeted research: to offer management insights on global trends or practices. May be based on management needs for information to guide changes to program design or delivery.

Professional Practices

The Professional Practices Unit is a key function within IAED as it is mainly responsible for the Quality Assurance and Improvement Program, Corporate Strategic report, external liaison and the DAC and PMEC Secretariat. It complements the work of the internal audit and evaluation functions and contributes to the overall value-added services.

Quality Assurance and Improvement Program (QAIP)

Pursuant to the Treasury Board Policy on Internal Audit, the Government of Canada adopted the Institute of the Internal Auditors International Professional Practices Framework as part of the Government of Canada Internal Audit Standards. As part of the Standards, the Chief Audit Executive is responsible to develop and maintain a QAIP. Although not required by the Treasury Board Policy on Results and associated Directive, the QAIP also applies to the evaluation function.

Liaison with the Office of the Auditor General (OAG) and other External Assurance Providers

The Professional Practices Unit is also responsible for liaison activities with the OAG, the Office of the Comptroller General (OCG), and other external assurance providers. The unit helps ensure that the activities of the Department are represented accurately, fairly and in a balanced manner. Various activities are carried out to ensure positive working relationships and effective coordination of all external audit work. Specifically, this includes providing assistance and advice to departmental officials throughout the conduct of audits, negotiating acceptable timeframes for providing requested material, as well as collaborating with others when validating the factual content of audit reports and preparing departmental responses. Ongoing communication occurs with these external assurance providers and the extent of their activities within the department is considered as part of the development of the RBAEP.

Liaison with Treasury Board Secretariat and participation in the OCG Horizontal Audits

In accordance with the Treasury Board (TB) Policy on Internal Audit and Policy on Results, IAED is required to submit performance measure and data, completed annual capacity assessments, and the approved RBAEP to Treasury Board and the OCG. The coordinated information gathering and response to the corporate requests and required submissions to TB and OCG are managed by the Professional Practices Unit within IAED.
Furthermore, as outlined in the TB Policy on Internal Audit, the IAED must consider government-wide audits led by the Comptroller General when developing the RBAEP. Horizontal audits planned by the OCG were taken into account in the RBAEP. The OCG process for these includes flexibility for each department to expand the scope of the audit to address matters of significance specific to their identified risk or concerns. To ensure effective and efficient delivery of the audit, the Internal Audit groups of the participating departments are required to provide audit resources.
As the responsible group for liaison activities with the OCG, the Professional Practices Unit is the coordinator of any upcoming horizontal internal audits where Public Safety would be identified as a participating department or where IAED would have an interest to participate in order to increase efficiency and avoid duplication.

Follow-up on Management Action Plans

Monitoring and reporting on the implementation of approved Management Action Plans that address internal audit and evaluation recommendations, as well as recommendations stemming from external audits performed by other external assurance providers, such as the OAG is performed by the Professional Practices Unit. As part of the follow-up process, the Unit requests updates from management, assesses and validates corrective measures that have been taken and determines whether the actions carried out are appropriate.

Departmental Audit Committee and Performance Measurement and Evaluation Committee Secretariat

The Professional Practices Unit also provides administrative and logistical support to the DAC and PMEC external members in order to coordinate and organize the meetings. This includes the preparation of the Committee meeting agenda, and the collecting and assembling of meeting material into electronic binders for submission to DAC and PMEC two weeks in advance of each meeting.

Internal Audit and Evaluation Directorate

Organizational Structure

As indicated previously, the IAED has three main functions: internal audit, evaluation and professional practices. It comprises 18 indeterminate positions: the Chief Audit and Evaluation Executive, the Director of Internal Audit and Evaluation Division, two administrative support positions, six internal auditors, five evaluators, and three professional practices positions.

Figure 1: IAED Organizational Chart

Image Description

The figure illustrates the organizational structure of IAED. IAED is led by the Chief Audit and Evaluation Executive (CAEE) who is supported by one Executive Assistant and one Administrative Assistant. The Director, Internal Audit and Evaluation and Manager, Professional Practices Unit (PPU) report directly to the CAEE. Within the Internal Audit and Evaluation Division, the Manager, Evaluation and Manager, Internal Audit report directly to the Director, Internal Audit and Evaluation. The Manager, Evaluation has two direct reports: one Senior Evaluation Advisor and one Evaluation Advisor. The Senior Evaluation Advisor and Evaluation Advisor each have a Senior Evaluation Analyst as a direct report.

The Manager, Internal Audit has two Internal Audit Project Team Leads as direct reports. One Internal Audit Project Team Lead has an Internal Auditor as a direct report. The second Internal Audit Project Team Lead has a Senior Internal Auditor as a direct report, who in turn has an Internal Auditor as a direct report.

Within PPU, the Senior Professional Practice Officer and Professional Practice Officer report directly to the Manager.

Directorate Human and Financial Resources

IAED’s 2019-20 Notional Budget includes $1.7M in salary and $816K in Operations & Maintenance (O&M) for a total of $2.5M. Based on this budget IAED can fund a total of 18 indeterminate positions (as indicated in the chart below). The O&M budget is $605K that is supplemented with TB Submissions, which vary from fiscal year to the next.

Directorate Human and Financial Resources
Unit	#FTE	#Term/Members	Salary ($000)	O&M ($000)	Total ($000)
Office of the Chief Audit & Evaluation Executive	3	3 (DAC Members) 1 (PMEC Member)	$324	$36	$360
Internal Audit Unit	6.50	N/A	$516	$380	$896
Evaluation Unit	5.50	1 Term (1 year)	$530	$300	$830
Professional Practices Unit	3	N/A	$360	$100	$ 460
Total	18		$1,730	$ 816	$2,546

Multi-year Risk-based Audit and Evaluation Plan Methodology

To inform the identification and prioritization of audit projects, IAED has developed a two year rotational approach. During the first year an extensive and comprehensive assessment of established risk categories is performed. This exercise consists of elaborate consultations with senior management complemented with a review of corporate documents such as the Departmental Plan, Corporate Risk Profile and Departmental Results Report; trend analysis of previously conducted audit and evaluation projects across government, and a review of the study of high risk areas provided by industry best practices. Figure 2 below contains an overview of the process.

Figure 2: RBAEP Methodology (Year 1)

Image Description

The figure portrays the step by step approach followed by IAED for the development of the departmental RBAEP during the first year of its two-year rotational approach. The first-year approach is extensive and comprehensive.

The first step involves a detailed review of the Audit and Evaluation Universe. The next step is a detailed document review. This is followed by consultations with departmental senior management. The next step is the development of both audit risk assessments and evaluation assessments, and then the identification and prioritization of internal audit and evaluation projects. The final step is the approval and reporting of the RBAEP which includes the internal audit and evaluation projects.

The second year of the rotational approach consists of validating the need and timelines of the already identified projects and revising where required. The validation and updates are done through consultations with senior management. Specifically, a survey is sent out to Directors General (DGs) for their review of project list and timelines. DG feedback is incorporated in a revised document and shared with ADMs for their input and confirmation. Figure 3 below contains an overview of the process.

Figure 3: RBAEP Methodology (Year 2)

Image Description

The figure portrays the step by step approach followed by IAED for the development of the departmental RBAEP during the second year of its two-year rotational approach. The second-year approach is a follow up validation and update of the first-year RBAEP exercise.

The first step involves a light review of the Audit and Evaluation Universe. The next step is a document review, which is followed by surveys with departmental senior management to validate the information. The next step is the revision and update of internal audit and evaluation projects. The final step is the approval and reporting of the RBAEP which includes the internal audit and evaluation projects.

The rotational approach does not apply to the planning processes for evaluation. Evaluation projects are validated and revised where required as per the Financial Administration Act (FAA) requirements, program renewal cycles, and the newly established programs.

2019-20 Multi-year Risk-based Audit and Evaluation Plan Methodology

The development of the 2019-20 RBAEP is based on the Treasury Board Policy on Internal Audit and Policy on Results, the 2013 COSO Internal Control - Integrated Framework and guidance provide by the Office of the Comptroller General. The following steps describe the process that was applied as part of this year’s exercise:

Review of the Audit and Evaluation Universe

To develop the Audit and Evaluation Universe the IAED used the Departmental Core Responsibilities and Program Inventory (Annex 1), which is updated when required. The Inventory supports the Department in achieving its strategic objective and priorities, which are included in the Departmental Results Framework (DRF). Each of the programs listed in the Inventory constitute an audit and evaluation entity within the Universe.

Document Review

IAED conducted document reviews to understand departmental context and key corporate and program risks and priorities. Key departmental reports included: the 2018-19 Departmental Plan; the available Branch Business Plans; the 2019-20 Corporate Risk Profile; the 2017-18 Departmental Results Report; both Ministers’ Mandate Letter; and the Departmental Results Framework (DRF). In addition, IAED reviewed previous IAED audits and evaluations, as well as reports on Public Safety from other assurance providers such as the OAG, the OCG, and the Public Service Commission.

Management Consultations

IAED sought input from DGs across PS in order to validate the need and timelines of the already identified projects and revising where required. The validation and updates were done through consultations with senior management. Specifically, a survey was sent out to DGs for their review of the project list and timelines and the identification of any risk areas not covered as part of the current list. DG feedback was incorporated into a revised document and shared with ADMs for their input and confirmation. IAED then met with each ADM to discuss the program needs, priorities and risk areas.

In addition, IAED met with all Branch Management Committees in order to discuss the suite of services offered by both the audit and evaluation functions for Branches to consider as part of the consultation process.

IAED also consulted with external assurance providers (e.g. OAG and OCG) to minimize duplication of effort and impact on programs. External members of the Departmental Audit committee were also consulted to discuss risks and proposed projects.

Finally, the draft audit and evaluation project schedule was presented to senior management for review and comments at the Internal Policy Committee meeting held on January 22, 2019.

4. Audit Risk Assessment

The information obtained in the document review and consultations, along with the previous year’s assessment of risks were included in the development of the audit project schedule. Risk categories that were assessed as part of last year’s first of our two year rotational approach were based on the 2013 COSO Framework, OCG guidance and audit community best practices. The results of this assessment were reviewed and used to ensure coverage of high risk areas (Annex 3). The risk categories and their definition are as follows:

Risks
Risk Categories	Risk Definition
Risk Categories	Risk Definition
Business processes and project management	Threats and opportunities associated with business process design or implementation (consider complexity of operations, level of centralization) and/or those associated with processes and practices of developing and managing projects.
Financial Management	Threats and opportunities associated with the structures and processes of an organization to ensure sound management and safeguarding of financial resources and its compliance with financial management policies and standards.
Fraud	Threats and opportunities associated with any illegal act characterized by deceit, concealment, or violation of trust to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage (i.e. fraudulent reporting, asset misappropriation, corruption, or management override).
Governance and strategic direction	Threats and opportunities associated with an organization's approach to leadership, decision-making and management capacity.
HR Management	Threats and opportunities associated with staff/management turnover; employment/work culture; recruitment, retention and staffing processes and practices; HR and succession planning and talent management; employee development, training and capacity building; and employee engagement.
Information management	Threats and opportunities associated with an organization's capacity and sustainability of information management procedures and practices, including privacy consideration and security of information.
Information technology	Threats and opportunities associated with an organization's capacity and sustainability of information technology, both the infrastructure and utilization of technological applications (consider also reliance on SSC) as well as the safeguarding of IT assets.
Organizational transformation and change management	Threats and opportunities associated with significant structural, cultural or behavioural change within an organization related to mandate, operating context, leadership and strategic direction.
Political agenda and other environmental changes	Threats and opportunities associated with the potential changes in the political agenda and/or the environmental operating context, which are outside of the Department's control.
Stakeholders and partnerships (e.g. clients, FPT)	Threats and opportunities associated with an organization's partners and stakeholder demographics, characteristics and activities as well as those associated with program delivery.

5. Evaluation Assessment

The information obtained through document review and consultation, along with the department’s priorities, allowed the assessment of the evaluation entities. Commitments made in submissions approved by the Treasury Board of Canada and other corporate reports were used to determine the schedule for the evaluation projects. The timing of all mandatory evaluations were considered, prior to the discretionary evaluations being proposed and scheduled.

Discretionary evaluation projects were also examined through the lens of feasibility, alignment (between audit and evaluation and with other, external audits and evaluations), workload and burden on the program areas. The goal was to ensure optimum efficiency of projects while making every effort to minimize “oversight fatigue” on the part of Public Safety management.

6. Project Identification and Prioritization

To identify and prioritize the potential audit and consulting engagements for the next three years, the following factors were examined:

Results of consultations with senior management;
Coverage of the audit and evaluation universe (Annex 2);
Coverage of identified risk categories (Annex 3)
Departmental priorities including Mandate letters;
DAC priorities;
Previous audit and evaluation outstanding recommendations;
Maturity of program/process and their audit readiness; and,
Audits by external assurance providers.

Public Safety’s Five-year Evaluation Plan (2019-20 to 2023-24), fulfills the requirements of subsection 42.1 of the Financial Administration Act, which stipulates that all ongoing programs of grants and contributions with five-year average actual expenditures of $5 million or greater per year are evaluated at least once every five years.

7. Approval and Reporting

The schedule of planned audits and evaluations were presented to the Internal Policy Committee on January 22, 2019 for review and comments. It was also presented to the DAC on February 25, 2019, and to the PMEC on the March 27, 2019. The DAC and PMEC have recommended the schedule for approval. The RBAEP was finalized by IAED for Deputy Minister’s approval.

The RBAEP will be submitted to the Results Division of the Treasury Board Secretariat as required by the Policy on Results and to the OCG as required by the Policy on Internal Audit.

Audit Project Schedule (From 2019- 20 to 2021-22)

Audit Project Schedule (From 2019- 20 to 2021-22)
Audit Title	Objective and Scope	Rationale	Date	Resources		Organization Level Involved

Audit Title	Objective and Scope	Rationale	Date	FTE	O&M	Organization Level Involved
Audit of Governance	Objective: To assess whether PS’s internal governance structure operates effectively and provides oversight over key departmental activities. Scope: Records and processes relevant to PS’s internal management governance structure.	PS Strategic Priority: - Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): There is a risk that some program outcomes relying on the actions of partners will not be met Risk Category: Governance and Strategic Direction Past Coverage: Internal Audit of Financial Management Governance (2014) Internal Audit of Emergency Management Planning: Leadership and Oversight (2014)	Start: September 2018 Estimated completion: June 2019	2 FTE	$105K	Department; Corporate Management Branch (CMB) & Portfolio Affairs & Communications Branch (PACB) Leads
Laser Audit of the application of gender-based analysis (GBA+)	Objective: To assess if PS has effective key elements in place that support GBA+ implementation and application. Scope: Corporate key framework elements in place to support the implementation and application of GBA+.	PS Strategic Priority: - Increase the efficiency and effectiveness of community safety, with a focus on at-risk and vulnerable populations, including Indigenous peoples, as well as those with mental health issues in the criminal justice system. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Business Processes and Project Management Past Coverage: No previous audit or consulting work completed.	Start: January 2019 Estimated completion: June 2019	2 FTE	N/A	Department; PACB Lead
Laser Audit: Follow-up on Implementation of the Commissioner of the Environment and Sustainable Development (CESD) Recommendations on Sustainable Development Strategies (SDS)	Preliminary Objective: Determine whether the implementation of management action plans have been effective in addressing audit recommendations and the findings. Preliminary Scope: Review of the actions taken to address the SDS audit recommendations and assess a sample of files to determine the effectiveness and efficiency of the implemented measures.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Business Processes and Project Management Past Coverage: Commissioner of the Environment and Sustainable Development (CESD) Sustainable Development Strategies (SDS) (2017/2018)	Preliminary start date: April 2019 Estimated completion date: October 2019	1.5 FTE	N/A	Department; PACB Lead
Laser Audit: Follow-up on Implementation of the OAG Recommendations on Payroll Management	Preliminary Objective: Provide assurance that PS actions identified in support of OAG recommendations on Payroll Management were fully implemented and are effective to detect and address payroll inaccuracy. Preliminary Scope: Review and test processes, practices and controls implemented to address information sharing in support of pay administration, financial and human resource management, and, internal controls in pay processing.	PS Strategic Priority: Continue to strengthen an ethical and values-based departmental culture focused on respect and people-centered practices, mental health, and workplace wellness. Corporate Risk Profile (2019-20): There is a risk that the Department will not attract and retain the employees required to achieve its organizational objectives. Risk Category: HR Management Stakeholders and Partnerships (e.g. clients, FPT) Past Coverage: TBS Internal Audit and PSPC Lessons Learned from the Transformation of Pay Administration Initiative (2017) OAG Phoenix Pay Problems (2017) OAG Performance Audit of Transformation of Pay Administration Initiative (Fall 2018)	Preliminary start date: April 2019 Estimated completion date: October 2019	1.5 FTE	N/A	Department; CMB Lead
OCG Horizontal Internal Audit of IT Security	Preliminary Objective: To determine whether a systematic and integrated process is in place to identify, assess, prioritize and mitigate the IT security risks that relate to the new GC IT Strategic Direction. Preliminary Scope: To assess the process through which IT security risks related to the Government’s IT Strategic Direction including the upcoming Digital Policy are being identified, assessed, prioritized and mitigated. Includes: how IT security risks are considered in the GC Enterprise Architecture Review Board (EARB) submission process; consultations with GC and external stakeholders to obtain their perspectives on risks and mitigation measures; and comparisons with other jurisdictions that have embarked on similar transformations and the risks they have faced and any lessons learned. The review will apply to the status of the GC IT Strategic Direction as at February 28, 2019.TBC	PS Strategic Priority: Advance the federal government’s efforts in protecting Canadians and Canada’s critical infrastructure from cyber threats and cybercrime. Corporate Risk Profile (2019-20): There is a risk that PS will be unable to keep pace with and take advantage of technological advance There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment Risk Category: Information Technology Past Coverage: Audit of Information Technology Security (2013) OCG Horizontal Internal Audit of IT Security - Phase 1 (2016)	Start: October 2018 Estimated completion: December 2019	.5 FTE	N/A	CMB or National and Cyber Security Branch (NCSB) (TBC)
Audit of IT Security	Preliminary Objective: Assess the effectiveness and efficiency of the processes and controls in place for managing IT security and ensure compliance with TB and departmental policies, directives and standards. Preliminary Scope: IT infrastructure, IT services, departmental applications and systems, and the IT security controls in place for the management of electronic information.**The scope will be adjusted depending on the OCG Horizontal Audit of IT Security Phase II. They are finalizing their planning phase.	PS Strategic Priority: Advance the federal government’s efforts in protecting Canadians and Canada’s critical infrastructure from cyber threats and cybercrime. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. There is a risk that PS will be unable to keep pace with and take advantage of technological advances. Risk Category: Information Technology Past Coverage: Audit of Information Technology Security (2013) OCG Horizontal Internal Audit of IT Security - Phase 1 (2016)	Preliminary start date: April 2019 Estimated completion date: February 2020	1 FTE	$120K	Department; CMB Lead
Consulting engagement on Staffing Monitoring Framework	Preliminary Objective: Provide advice on PS’s Staffing Monitoring Framework. Preliminary Scope: The scope of the engagement will be determined in consultation with program management.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): There is a risk that the Department will not attract and retain the employees required to achieve its organizational objectives. Risk Category: HR Management Past Coverage: Audit of System-wide Staffing (PSC 2017)	Preliminary start date: October 2019 Estimated completion date: February 2020	1.5 FTE	N/A	CMB Lead
Laser Audit of Secure Handling of Classified Documents (secret and above)	Preliminary Objective: Determine if key controls are in place for secure handling of classified document and assess their effectiveness. Preliminary Scope: Processes in place for handling of paper documents classified as secret and above.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Information Management Past Coverage: Internal Audit of the Management Control Framework over Personal Information (2015)	Preliminary start date: November 2019 Estimated completion date: June 2020	1.5 FTE	N/A	Department; CMB Lead
EMPB Control Self-Assessment Consulting Engagement	Preliminary Objective: Provide advice on the processes and practices within the Policy and Outreach Division to meet its outcomes, more specifically related to its outreach activities. Preliminary Scope: Directorate-level controls, as determined in consultation with management.	PS Strategic Priority: Strengthen community resilience to emergencies in collaboration with provinces and territories, Indigenous communities and municipalities. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Business Processes and Project Management Past Coverage: Internal Audit of Emergency Management Planning: Leadership and Oversight (2014)	Preliminary start date: November 2019 Estimated completion date: June 2020	.5 FTE	$60K	Emergency Management and Programs Branch (EMPB) Lead
Audit of Information Management (IM)	Preliminary Objective: Assess processes and controls in place to ensure effective and efficient IM. Preliminary Scope: IM Framework that includes practices for access, retention and disposal of information.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Information Management Organizational Transformation and Change Management Past Coverage: Audit of Information Technology Security (2013)	Preliminary start date: January 2020 Estimated completion date: October 2020	1.5 FTE	$120K	CMB Lead
Consulting Engagement of Continuity of Constitutional Government - Joint engagement with Privy Council Office (PCO) (TBC)	Preliminary Objective: Provide advice on the plans, processes and controls to support PCO’s and Public Safety Canada’s roles and responsibilities in planning for the continued operation of the Government of Canada’s Executive Branch following a catastrophic disruption. Preliminary Scope: The scope of the engagement will be determined in consultation with program management	PS Strategic Priority: Strengthen community resilience to emergencies in collaboration with provinces and territories, Indigenous communities and municipalities. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Business Processes and Project Management Past Coverage: Audit of Government Operations Centre (2016) Audit of the Business Continuity Planning Program (2016) Internal Audit of Emergency Management Planning: Leadership and Oversight (2014)	TBD	1 FTE	60K	EMPB Lead

Inventory of engagements for consideration in fiscal year 2020-21
Audit Title	Objective and Scope	Rationale	Preliminary Date	Organization Level Involved
National Security Policy and Operations Control Self-Assessment Consulting Engagement	Preliminary Objective: Provide advice on the processes and practices used by the directorate to meet its outcomes. Preliminary Scope: Directorate and program level controls as determined in consultation with management.	PS Strategic Priority: Continue to advance countering radicalization to violence and counter-terrorism efforts with all levels of government, internal partners, and other stakeholders. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Business Processes and Project Management Past Coverage: Audit of the Government Operations Centre (2016) Internal Audit of Policy, Priority-setting and Planning (2012)	Preliminary start date: April 2020 Estimated completion date: October 2020	NCSB Lead
Audit of Procurement	Preliminary Objective: Assess contracts and contracting processes to determine the completeness, effectiveness and efficiency as well as the accuracy of the procurement process. Preliminary Scope: Review the departmental processes and practices and test a sample of contracts across the department to assess effectiveness of key controls and efficiency of procurement process.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Financial Management Fraud Past Coverage: Public Safety Canada Audit of Internal Controls Over Financial Reporting (2017) Audit of Contracting and Procurement (2010) Audit of the Acquisition Card Procurement Program (2010)	Preliminary start date: April 2020 Estimated completion date: February 2021	Department; CMB Lead
OCG Audit of Departmental Performance Measurement in Large and Small Departments	Preliminary Objective: To determine whether key government-wide and departmental frameworks supporting the collection, analysis, and reporting on departmental performance are in place and effective, and aligned with the TB Policy on Results. Preliminary Scope: The control frameworks in place in departments over reporting on departmental performance measurement. This could include key controls such as those supporting the TB Policy on Results. Elements of central agency guidance, direction, and support for the development and implementation of departmental performance frameworks could also be included.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Political Agenda and Other Environmental Changes Past Coverage: Internal Audit of Performance Measurement (2016)	Preliminary start date: April 2020 Estimated completion date: September 2021	Department; PACB Lead
Strategic Policy, Research, Planning, and International Affairs Control Self-Assessment Consulting Engagement	Preliminary Objective: Provide advice on the process and practices used by the directorate to deliver on its outcomes. Preliminary Scope: Directorate and program level controls as determined in consultation with management.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Business Processes and Project Management Past Coverage: Internal Audit of Policy, Priority-setting and Planning (2013)	Preliminary start date: November 2020 Estimated completion date: June 2021	PACB Lead

Inventory of engagements for consideration in fiscal year 2021-22
Audit Title	Objective and Scope	Rationale	Preliminary Date	Organization Level Involved
Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program	Preliminary Objective: Determine that program management processes and practices are in place to support the Disaster Financial Assistance Arrangements Program in achieving its objectives. Preliminary Scope: Key processes and controls in place for efficient and effective management of the program.	PS Strategic Priority: Strengthen community resilience to emergencies in collaboration with provinces and territories, Indigenous communities and municipalities. Corporate Risk Profile (2019-20): There is a risk that the Department may not respond effectively to the pace and magnitude of change in the evolving all-hazards threat environment. Risk Category: Organizational Transformation and Change Management Stakeholders and Partnerships (e.g. clients, FPT) Financial Management Past Coverage Internal Audit of Emergency Management Planning: Leadership and Oversight (2014)	Preliminary start date: January 2021 Estimated completion date: March 2022	EMPB Lead
Audit of Project Management	Preliminary Objective: Assess the effectiveness of the project management processes and practices to support the delivery of projects. Preliminary Scope: The scope of the audit will include Department's project management framework and the effectiveness and efficiency of key controls in place for managing projects.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Governance and strategic direction Financial Management Business Processes and Project Management Past Coverage: No previous audit or consulting work completed.	Preliminary start date: April 2021 Estimated completion date: March 2022	Department; CMB Lead
Laser Audit of Public Consultation	Preliminary Objective: Assess the processes and controls in place used to improve public consultations through the implementation of the Engagement Hub. Preliminary Scope: The effectiveness and efficiency of key processes in support of improved public consultations.	PS Strategic Priority: Strengthen community resilience to emergencies in collaboration with provinces and territories, Indigenous communities and municipalities. Increase the efficiency and effectiveness of community safety, with a focus on at-risk and vulnerable populations, including Indigenous peoples, as well as those with mental health issues in the criminal justice system. Corporate Risk Profile (2019-20): N/A Risk Category: Stakeholders and Partnerships (e.g. clients, FPT) Organizational Transformation and Change Management Political agenda and Other Environmental Changes Past Coverage: Internal Audit of Emergency Management Planning: Leadership and Oversight (2014)	Preliminary start date: September 2021 Estimated completion date: February 2022	Community Safety and Countering Crime Branch (CSCCB) & PACB
Audit of Training Expenditures	Preliminary Objective: Assess the identification, approval and management of training expenditures. Preliminary Scope: Processes and procedures in place for the approval and management of training and a sample of approved training.	PS Strategic Priority: Ensure a strong focus on results through effective performance measurement and sound management practices consistent with the federal government’s renewed focus on results. Corporate Risk Profile (2019-20): N/A Risk Category: Financial Management Past Coverage: Public Safety Canada Audit of Internal Controls Over Financial Reporting (March 2017)	Preliminary start date: January 2022 Estimated completion date: October 2022	Department
Laser Audit of the Implementation of the Labour Code	Preliminary Objective: Determine whether the Departmental framework is in place to ensure compliance with the labour code. Preliminary Scope: The effectiveness and efficiency of framework to support the implementation of the labour code.	PS Strategic Priority: Continue to strengthen an ethical and values-based departmental culture focused on respect and people-centered practices, mental health, and workplace wellness. Corporate Risk Profile (2019-20): N/A Risk Category: HR Management Past Coverage: Audit of Occupational Health and Safety (2014)	Preliminary start date: January 2022 Estimated completion date: June 2022	Department; CMB Lead

Five-year Evaluation Schedule (2019-20 to 2023-24)

The following table presents the five year evaluation schedule included in the Plan. It provides information on when evaluation results are planned to be available to support decision making, as well as the type of evaluation planned. Resources for each evaluation will be determined as part of the annual operational planning.

Five-year Evaluation Schedule (2019-20 to 2023-24)
Evaluation Title	Program Inventory	Type of Evaluation	Branch	Mandatory or Discretionary	Horizontal or Thematic Evaluation	Last Evaluated	Date	G&C Value in 2018-19
Evaluations underway or planned to start in fiscal year 2019-20
DNA Analysis Activities	Border Policy	Impact	CSCCB	Mandatory: Required by the FAA	No	February 2014	Start June 2018 Expected Completion April 2019	$ 6.9M
Aboriginal Community Safety Planning Initiative	Corrections	Impact	CSCCB	Discretionary: Program renewal	No	November 2014	Start June 2018 Expected Completion April 2019	$ 1.9M
National Disaster Mitigation Program	Emergency Prevention/ Mitigation	Impact	EMPB	Mandatory: Required by the FAA	No	Never	Start January 2019 Expected Completion November 2019	$ 57.1M
Immigration and Refugee Protection Act Division 9/National Security Inadmissibility	National Security Leadership	Impact	NCSB	Mandatory: TB Commitment	Horizontal	June 2016	Start January 2019 Expected Completion March 2020	N/A
Nation’s Capital Extraordinary Policing Costs Program	Law Enforcement and Policing	Impact	CSCCB	Mandatory: Program Renewal	No	Never	Start January 2019 Expected Completion June 2019	$2.0M
Canada Centre - Office for Community Outreach and Counter Radicalization to Violence	Crime Prevention	Delivery	PACB	Mandatory: [Redacted]	No	Never	Preliminary start date: April 2019 Expected Completion: November 2019	$ 4.4M
Search and Rescue New Initiatives Fund	Emergency Response/ Recovery	Impact	EMPB	Mandatory: FAA requirement	No	N/A (was evaluated by DND in 2014-15)	Preliminary start date: April 2019 Expected Completion: March 2020	$7.2M
Major Events and Summitry, including G7	Law Enforcement and Policing	Horizontal Evaluation led by Global Affairs Canada	CSCCB	Mandatory: [Redacted]	Yes	N/A	Preliminary start date: TBD Expected Completion: March 2020	$77.5M
Evaluations planned to start in fiscal year 2020-21
Indigenous Policing (Formerly, First Nation Policing)	Indigenous Policing	Delivery	CSCCB & EMPB	Mandatory: Required by the FAA	No	January 2016	Preliminary start date: January 2020 Expected Completion: March 2021	$ 146M
Memorial Grant Program for First Responders	Law Enforcement and Policing	Delivery	CSCCB	Mandatory: Required by the FAA	No	Never	Preliminary start date February 2020 Expected Completion: December 2020	$ 21.6M
Indigenous Community Corrections Initiative	Corrections	Delivery	CSCCB	Mandatory: TB Commitment as part of Addressing the Need of Vulnerable Offenders	No	Never	Preliminary start date: March 2020 Expected Completion: March 2021	N/A
Strategy to Prevent and Address Gender Based Violence – led by Status of Women Canada	Serious and Organized Crime	TBD by SWC Mid-term evaluation	CSCCB	Mandatory: TB Commitment	Horizontal	Never	Preliminary start date: April 2020 Expected Completion March 2021	$ 2.0M
Cyber Security Strategy	Cyber Security	Delivery	NCSB	Mandatory: TB Commitment	No	September 2017	Preliminary start date: April 2020 Expected Completion: March 2021	$ 0.3M
Evaluations planned to start in fiscal year 2021-22
Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program	Emergency Prevention/ Mitigation Emergency Response/ Recovery	Impact	EMPB	Mandatory: Required by the FAA	No	March 2017	Preliminary start date: January 2021 Expected Completion: March 2022	$ 609M
Canadian Drugs and Substances Strategy (including the Substance Use and Addictions Program, and Opioid Response) - led by Health Canada	Law enforcement and Policing	TBD by Health Canada	CSCCB	Mandatory: Required by the FAA	Horizontal	N/A	Preliminary start date: April 2021 Expected Completion: March 2022	N/A
Search and Rescue	Emergency Prevention/ Mitigation Emergency Response/ Recovery	Impact	EMPB	Mandatory: Requested by TBS	No	Never	Preliminary start date: April 2021 Expected Completion: March 2022	$ 10.2M
Federal Terrorism Response Plan	National Security Leadership	Delivery	NCSB	Discretionary: Departmental Priority	No	Never	Preliminary start date: June 2021 Expected Completion: March 2022	N/A
Initiative to Enhance the National Security Framework	National Security Leadership	Delivery	NCSB	Mandatory: TB Commitment	No	Never	Preliminary start date: June 2021 Expected Completion: March 2022	N/A
Government Operations Centre	Emergency Prepared-ness Emergency Response/ Recovery	Delivery	EMPB	Discretionary: Departmental Priority	No	Never	Preliminary start date: June 2021 Expected Completion: March 2022	N/A
Evaluations planned to start in fiscal year 2022-23
Human Trafficking	Serious and Organized Crime	Delivery	CSCCB	Mandatory: TB Commitment	No	December 2017	Preliminary start date: January 2022 Expected Completion: December 2022	$ 2.0M
Workplace Wellness	HR Management	Impact and Delivery	CMB	Discretionary: Government priority and Corporate Risk	Thematic	Never	Preliminary start date: January 2022 Expected Completion: March 2023	N/A
Critical Infrastructure	Critical Infrastructure	Impact	NCSB	Discretionary: Departmental Priority	No	January 2018	Preliminary start date: April 2022 Expected Completion: March 2023	N/A
Enhanced Passenger Protect Program	National Security Leadership	Delivery	NCSB	Mandatory: TB Commitment	Horizontal	Never	Preliminary start date: April 2022 Expected Completion: March 2023	N/A
National Crime Prevention Strategy	Crime Prevention	Impact	CSCCB & EMPB	Mandatory: Required by the FAA	No	May 2018	Preliminary start date: July 2022 Expected Completion: March 2023	$ 44.5M
Funding for First Nation and Inuit Policing Facilities	Indigenous Policing	Impact	CSCCB & EMPB	Mandatory: Required by the FAA	No	Never	Preliminary start date: April 2022 Expected Completion: March 2023	$9.95 M
Implementing the New Framework for Medical Marijuana – Cannabis - led by Health Canada	Law Enforcement and Policing	TBD by Health Canada	CSCCB	Mandatory: TB Commitment	Horizontal	Never	Preliminary start date: TBD Expected Completion: TBD	N/A
Evaluations planned to start in fiscal year 2023-24
Addressing Drug-Impaired Driving and Communication	Law Enforcement and Policing	Impact	CSCCB & PACB	Mandatory: Required by the FAA	Horizontal	Never	Preliminary start date: January 2023 Expected Completion March 2024	N/A
Initiative to Take Action Against Guns and Gangs	Serious and Organized crime	Impact	CSCCB& EMPB	Mandatory: TB Commitment	Horizontal	Never	Preliminary start date: January 2023 Expected Completion: March 2024	N/A
Strategy to Prevent and Address Gender Based Violence – led by Status of Women Canada	Serious and Organized Crime	TBD by SWC	CSCCB	Mandatory: TB Commitment	Horizontal	Never	Preliminary start date TBD Expected Completion: March 2024	N/A

Annex 1: Public Safety Canada Departmental Core Responsibilities and Program Inventory

Image Description

The figure illustrates the department’s core responsibilities, as well as the components of its program inventory. The program inventory identifies all departmental programs and describes how resources are organized to contribute to the department's core responsibilities and results.

The department has three core responsibilities: National Security; Community Safety; and, Emergency Management.

The department also has four program inventory areas: National Security; Community Safety; Emergency Management; and, Internal Services.

The following are the components of the program inventory within each of the above areas:

National Security: National Security Leadership; Critical Infrastructure; and, Cyber Security.

Community Safety: Crime Prevention; Serious and Organized Crime; Indigenous Policing; Law Enforcement and Policing; Corrections; and, Border Policy.

Emergency Management: Emergency Prevention/Mitigation; Emergency Response/Recovery; and, Emergency Preparedness.

Internal Services: Management and Oversight; Legal; Financial Management; Information Technology; Materiel; Communications; Human Resources Management; Information Management; Real Property; and, Acquisitions.

Annex 2: Public Safety Canada Audit and Evaluation Coverage (Past 5 Years and planned 2019-20)

Public Safety Canada Audit and Evaluation Coverage (Past 5 Years and planned 2019-20)
Program Inventory	Audit Coverage (2014- 2019 and planned 2019-20)	Evaluation Coverage (2014- 2019 and planned 2019-20)
National Security	Performance Measurement (2016)	2015-16 Evaluation of the Policy Development Contribution Program
1.2 National Security Leadership	N/A	2019-20 Evaluation of the Immigration and Refugee Protection Act Division 9/National Security Inadmissibility 2015-16 Evaluation of the Kanishka Project Research Initiative 2014-15 Horizontal Evaluation of IRPA (Division 9)/ National Security Initiative
1.3 Cyber Security	N/A	2016-17 Horizontal Evaluation of Canada's Cyber Security Strategy
1.4 Critical Infrastructure	Control Self-Assessment – Regional Resilience Assessment Program (2018)	2017-18 Evaluation of the Regional Resilience Assessment Program and the Virtual Risk Analysis
Community Safety	Grants and Contributions (2017) Performance Measurement (2016) First Nations Policing Program (OAG 2014)	2015-16 Evaluation of the Policy Development Contribution Program
2.1 Crime Prevention	Control Self-Assessment – Crime Prevention and Aboriginal Community Safety Division (2018)	2019-20 Evaluation of the Canada Centre - Office for Community Outreach and Counter Radicalization to Violence 2017-18 Evaluation of the National Crime Prevention Strategy
2.2 Serious and Organized Crime	N/A	2016-17 Horizontal Evaluation of the National Action Plan to Combat Human Trafficking
2.3 Corrections	Control Self-Assessment – Crime Prevention and Aboriginal Community Safety Division (2018)	2018-19 Evaluation of the Aboriginal Community Safety Planning Initiative 2017-18 Review of the National Office for Victims 2016-17 Evaluation of the National Flagging System 2015-16 Evaluation of the Grants Program to National Voluntary Organizations
Program Inventory	Audit Coverage (2014- 2019 and planned 2019-20)	Evaluation Coverage (2014- 2019 and planned 2019-20)
2.4 Law Enforcement and Policing	N/A	2019-20 Evaluation of the Nation’s Capital Extraordinary Policing Costs Program 2019-20 Evaluation of Major Events and Summitry, including G7 2017-18 Evaluation of the Canadian Police Arrangement and the International Police Peacekeeping and Peace Operations Program – led by GAC 2017-18 Evaluation of the Major International Events Security Cost Framework 2016-17 HC-led Horizontal Evaluation of the Federal Tobacco Initiative 2016-17 Justice-led Horizontal Evaluation of the National Anti-Drug Strategy 2014-15 RCMP-led Horizontal Evaluation of the Great Lakes and St. Lawrence Seaway Marine Security Operations Centre
2.5 Indigenous Policing	N/A	2016-17 INAC-led Horizontal Evaluation of the Implementation and Enforcement Supports for the Family Homes on Reserves and Matrimonial Interests or Rights Act 2014-15 Evaluation of the First Nations Policing Program
2.6 Border Policy	Beyond the Boarder (OAG 2016)	2018-19 Evaluation of the Akwesasne Organized Crime Initiative 2018-19 DNA Analysis Activities 2016-17 HC-led Horizontal Evaluation of the Federal Tobacco Initiative 2016-17 IRCC-led Horizontal Evaluation of the In-Canada Asylum System
Emergency Management	EMPB Control Self-Assessment Consulting Engagement (2020) Consulting Engagement of Continuity of Constitutional Government – Joint engagement with Privy Council Office (PCO) (TBC) Grants and Contributions (2017) Performance Measurement (2016) Emergency Management Planning: Leadership and Oversight (2014)	2015-16 Evaluation of the Policy Development Contribution Program
3.1 Emergency Prevention Mitigation	Performance Audit of Adapting to Climate Change Impacts (CESD 2017) Mitigating the Impacts of Severe Weather (OAG 2016)	2019-20 Evaluation of the National Disaster Mitigation Program 2016-17 Evaluation of the Disaster Financial Assistance Arrangements
Program Inventory	Audit Coverage (2014- 2019 and planned 2019-20)	Evaluation Coverage (2014- 2019 and planned 2019-20)
3.2 Emergency Preparedness	Horizontal Internal Audit of Business Continuity Planning in Large and Small Departments (OCG 2018) Performance Audit of Adapting to Climate Change Impacts (CESD 2017)	N/A
3.3 Emergency Response /Recovery	Government Operations Centre (2016)	2019-20 Evaluation of the Search and Rescue New Initiatives Fund 2016-17 Evaluation of the Disaster Financial Assistance Arrangements 2015-16 Evaluation of the Workers Compensation Program
Internal Services	Audit of Governance (2019) Laser Audit of the application of gender-based analysis (GBA+) (2019) Laser Audit: Follow-up on the Commissioner of the Environment and Sustainable Development (CESD) Sustainable Development Strategies (SDS) Audit Recommendations (2019) Grants and Contributions (2017) Performance Measurement (2016) Horizontal Internal Audit of Shared Accountability in Interdepartmental Service Arrangements (OCG 2015)	2015-16 Evaluation of the Policy Development Contribution Program
4.1 Management & Oversight	Advisory Engagement of Enterprise Risk Management (2019) Departmental Progress in Implementing Sustainable Development Strategies (CESD 2016 and 2018) Governor in Council Appointment Process in Administrative Tribunals (OAG 2016) Departmental Business Continuity Planning (2016) MCF over Personal Information (2015) Audit of Public Safety Canada (PSC 2014) Occupational Health and Safety (2014)	N/A
4.2 Communications	N/A	N/A
Program Inventory	Audit Coverage (2014- 2019 and planned 2019-20)	Evaluation Coverage (2014- 2019 and planned 2019-20)
4.3 Legal	Not assessed	Not assessed
4.4 HR Management	Consulting engagement on Staffing Monitoring Framework (2020) Laser Audit: Follow-up on Implementation of OAG Recommendations on Payroll Management (2019) Audit of System-wide Staffing (PSC 2018) Audit of Credential Validation (PSC 2018) Values and Ethics (2015)	N/A
4.5 Financial Management	Grants and Contributions (2017) Internal Control over Financial Reporting (2016) Financial Management Governance (2014)	N/A
4.6 Information Management	Audit of Information Management (IM) (2020) Laser Audit of Secure Handling of Classified Documents (secret and above) (2020) Review of Personal Information Practices to operationalize the security of Canada Information Sharing Act (OPC) Phase 1 (2016) - Phase 2 (2017) MCF over Personal Information (2015)	N/A
4.7 Information Technology	Audit of IT Security (2020) OCG Horizontal Internal Audit of IT Security (2019) Laser Audit of IT Asset Management (2018) Horizontal Internal Audit of Information Technology Security in Large and Small Departments (Phase 1) (2016) MCF over Personal Information (2015)	N/A
4.8 Real Property	N/A	N/A
4.9 Material	N/A	N/A
4.10 Acquisitions	N/A	N/A

Annex 3: Public Safety 2019-22 Risk Categories and Coverage

Public Safety 2019-22 Risk Categories and Coverage
Audit Risk Category	Assurance/Consulting Engagements
Business Processes and Project Management	Laser Audit of the Application of Gender-Based Analysis (GBA+) Consulting Engagement of Continuity of Constitutional Government (joint engagement with PCO) Laser Audit: Follow-up on the Commissioner CESD Sustainable Development Strategies (SDS) Audit Recommendations EMPB Control Self-Assessment Consulting Engagement National Security Policy and Operations Control Self-Assessment Consulting Engagement Audit of Procurement Strategic Policy, Research, Planning, and International Affairs Control Self-Assessment Consulting Engagement Audit of Project Management
Financial Management	Audit of Procurement Audit of Training Expenditures Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program Audit of Project Management
Fraud	Audit of Procurement
Governance and Strategic Direction	Audit of Governance Audit of Project Management
HR Management	Consulting engagement on Staffing Monitoring Framework Laser Audit: Follow-up on Implementation of OAG Recommendations on Payroll Management Laser Audit of the Implementation of the Labour Code
Information Management	Laser Audit of Secure Handling of Classified Documents Audit of Information Management (IM)
Information Technology	OCG Horizontal Internal Audit IT Security Audit of IT Security
Organizational Transformation and Change Management	Audit of Information Management (IM) Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program Laser Audit of Public Consultation
Stakeholders and Partnerships (e.g. clients, FPT)	Laser Audit: Follow-up on Implementation of OAG Recommendations on Payroll Management Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program Laser Audit of Public Consultation

Footnotes

1
From 2018-19 Main Estimates

Date modified:: 2020-04-09

Language selection

Search and menus

Search

Multi-year Risk-based Audit and Evaluation Plan

2019-2020

MESSAGE FROM THE CHIEF AUDIT AND EVALUATION EXECUTIVE

MULTI-YEAR RISK-BASED AUDIT AND EVALUATION PLAN

Introduction

Purpose and Scope of the Plan

Public Safety Operating Environment and Key Risks

Internal Audit and Evaluation Directorate Services

Internal Audit

Evaluation

Professional Practices

Internal Audit and Evaluation Directorate

Organizational Structure

Figure 1: IAED Organizational Chart

Directorate Human and Financial Resources

Multi-year Risk-based Audit and Evaluation Plan Methodology

Figure 2: RBAEP Methodology (Year 1)

Figure 3: RBAEP Methodology (Year 2)

2019-20 Multi-year Risk-based Audit and Evaluation Plan Methodology

Audit Project Schedule (From 2019- 20 to 2021-22)

Five-year Evaluation Schedule (2019-20 to 2023-24)

Annex 1: Public Safety Canada Departmental Core Responsibilities and Program Inventory

Annex 2: Public Safety Canada Audit and Evaluation Coverage (Past 5 Years and planned 2019-20)

Annex 3: Public Safety 2019-22 Risk Categories and Coverage

Footnotes