Audit of Corporate Governance

Final Report
June 27, 2012

PDF 98 KB


Table of Contents

  1. Executive Summary
  2. Statement of Assurance
  3. 1.0 Introduction
    1. 1.1 Authority
    2. 1.2 Objective
    3. 1.3 Methodology
    4. 1.4 Context
    5. 1.5 Scope
    6. 1.6 Criteria
  4. 2.0 Conclusion
  5. 3.0 Findings
    1. 3.1 Summary of Findings
    2. 3.2 Governance Structure
    3. 3.3 Operations and Support to the Executive Committee
  6. 4.0 Recommendations
  7. 5.0 Management Response and Action Plan
  8. Appendix A - Lines of Enquiry and Detailed Audit Criteria

Executive Summary

Objective

The objective of the Audit of Corporate Governance was to assess the adequacy of Privy Council Office governance mechanisms (policies, structures, processes and information) to provide strategic direction and oversight of activities in support of the department, the Prime Minister, and Cabinet. 

Scope

The audit focused on the assessment of the the department’s formal governance structure as it is described in Annex B of the Privy Council Office Integrated Business Plan 2011-2012. This formal governance structure consists of the following nine (9) Committees, of which five (5) report directly to the Clerk, and four (4) are sub-Committees reporting to the Executive Committee:

  • Executive Committee
    • Business Transformation Committee
    • Corporate Management Advisory Committee
    • Human Resources Advisory Committee
    • National Labour Management Consultation Committee
  • Management Committee
  • Operations Committee
  • Departmental Audit Committee
  • Evaluation Committee

Conclusion

Privy Council Office has established a comprehensive governance framework to provide strategic direction and oversight of departmental activities. This framework features a formal Committee structure, supplemented by a variety of other mechanisms and conventions. However, the Committee structure has not been revisited for some time, and its internal linkages are not fully understood. Consequently, Senior Management would benefit from validating its strategic linkages and processes now and on a periodic basis. The effectiveness of Executive Committee, in particular, could be improved through greater management involvement in the agenda setting process; better communication of the Committee’s information requirements; and formal documentation and follow-up of Committee decisions.

Summary of Findings

The findings are detailed in the body of the report. In summary, the main findings are as follows:

  • The Privy Council Office has a comprehensive governance structure in place to support departmental oversight and direction. The primary governance mechanism in place for the achievement of departmental objectives, the Operations Committee chaired by the Clerk, is an effective forum, and the Executive Committee, also chaired by the Clerk, generally functions well as the primary management committee that deals with departmental management responsibilities and the implementation of major change initiatives.
  • However, the relationships and strategic linkages between the Executive Committee and the various other committees in the formal governance structure, particularly the Corporate Management Advisory Committee and the Human Resources Advisory Committee, are not sufficiently well understood. More specifically:
    • Although the roles and responsibilities of the various Committees are defined and documented, the Committee Terms of Reference have not been reviewed recently, and may not align appropriately with the expectations of current Senior Management. In particular, the cycle and role for the Corporate Management Advisory Committee and the Human Resources Advisory Committee are in need of clarification.
    • Sub-Committees do not always communicate information to Executive Committee in a manner that satisfies Senior Management. Analysis of this information disclosed varying degrees of clarity and/or summarization.
    • Records of Decision are not prepared for the Executive Committee and tracking of decisions and follow-up on tasking is currently informal.

Recommendations

The audit resulted in the following three recommendations:

  • Recommendation # 1 – Privy Council Office, through its Executive Committee, review and re-validate on a cyclical basis (to be determined by Senior Management) the roles, responsibilities, and interrelationships of each of the Committees in the departmental governance structure, and make adjustments as considered appropriate.
  • Recommendation # 2 – Privy Council Office, through its Executive Committee, ensure that Senior Management participates in the agenda setting process for PCO’s governance Committees, and provides sufficient direction to the governance sub-Committees to ensure that they tailor their analysis, options and recommendations to better respond to the needs of Executive Committee.
  • Recommendation # 3 – Privy Council Office, through its Executive Committee, ensure that appropriate Records of Decision are prepared for all Executive Committee meetings, and that resulting actions are followed up and monitored.

Management Response

Management accepts the report and its recommendations. A Management Action Plan is set out in Section 5.0 of the report.

Statement of Assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support a reasonable level of assurance as to the accuracy of the conclusion provided and contained in this report. The conclusion is based on a comparison of the conditions as they existed at the time against pre-established audit criteria that were agreed on with management. The conclusion is applicable only to the entity examined.

Original signed by

Signature of Chief Audit Executive
Jim Hamer

1.0 Introduction

1.1 Authority

The internal Audit of Corporate Governance was approved by the Clerk as part of the 2011-2012 to 2013-2014 multi-year Risk Based Audit Plan (RBAP) for the Privy Council Office.

1.2 Objective

The objective of the audit, as articulated in the RBAP, was to assess the adequacy of Privy Council Office governance mechanisms (policies, structures, processes and information) to provide strategic direction and oversight of activities in support of the department, the Prime Minister, and Cabinet. 

1.3 Methodology

Audit work was conducted between October and December 2011. The audit was carried out in three phases: Planning, Examination, and Reporting. The Planning Phase consisted of a review and analysis of relevant documents, interviews with key management and operational personnel involved, and an assessment of risk from an audit perspective. The Examination Phase consisted of a detailed review of those areas which were identified as high risk during the Planning Phase of the audit. Upon completion of the Examination Phase, audit findings were discussed and validated with management. The Reporting Phase involved the preparation of a draft report to document the audit’s findings, conclusions, recommendations, and resulting Management Action Plan.  

1.4 Context

The Office of the Comptroller General (OCG), Treasury Board Secretariat (TBS), and the Institute of Internal Auditors (IIA) all define Governance in a similar manner:

  • "…the methods and mechanisms through which senior executives direct and control their organizations, gather information, make decisions, and report on their outcomes in a manner that meets the expectations and values of their key stakeholders." (OCG Report on the State of Comptrollership in the Government of Canada, March 2011)
  • “…the processes and structures through which decision-making authority is exercised. For example, an effective governance structure ensures individuals or groups of individuals are responsible for setting policy directions, priorities, making investment decisions, reallocating resources and designing programs.” (TB Policy on Management, Resources and Results Structures, February 23, 2010)
  • “The combination of processes and structures implemented by senior management to inform, direct, manage, and monitor the activities of the organization toward achievement of its objectives.” (IIA International Standards for the Professional Practice of Internal Auditing)

TBS identifies “Governance and Strategic Direction” as one of the ten Management Accountability Framework (MAF) elements contributing to good management. The Governance and Strategic Direction element includes eight MAF indicators (i.e. support to Ministers, Cabinet and Parliament; a management framework aligned to strategic outcomes; the right executive team; results-focused corporate priorities; strategic resource allocation / reallocation based on performance; an integrated agenda for management excellence; horizontal collaboration; and environmental scanning).

These definitions and components of governance encompass a broad range of management processes and structures, both formal and informal. Privy Council Office, like other organizations, employs a variety of conventions and mechanisms to support good governance, informed decision making, and the achievement of the organization’s objectives. These conventions and mechanisms range from informal activities, such as ad-hoc meetings and ongoing discussions, both internally and externally with other government departments, to more sophisticated processes and controls, such as periodic risk assessments and the design and application of formal financial controls.

The more formal of these conventions and mechanisms, all of which contribute to good governance, have been and will continue to be the subject of both internal and external audit work in Privy Council Office. For example, from an internal audit perspective, the concurrent Audit of Accounting Officer Responsibilities Including Risk Management, assesses Privy Council Office’s management control framework, approaches to risk management, and related financial and non-financial controls. Other recent internal audits have examined various elements of the department’s operations, including delegation of financial authorities and account verification procedures; contracting processes; staffing and payroll processes; and business continuity and emergency preparedness arrangements. From an external audit perspective, the Office of the Auditor General has recently audited aspects of the Privy Council Office Governor in Council appointment process; and the Office of the Comptroller General recently examined the department’s electronic record keeping practices as part of its government-wide horizontal audit program.

1.5 Scope

Recognizing that the various definitions of governance encompass a broad range of activities, the audit scope initially included consideration of all relevant personnel, organization, procedures, processes, and systems employed or directed by Privy Council Office to support effective governance. During the Planning Phase, the audit scope was narrowed to address the two elements of governance considered to be of greatest risk: Oversight and Strategic Direction. The Examination Phase focused on the department’s formal governance structure as it is described in Annex B of the Privy Council Office Integrated Business Plan 2011-2012. This formal governance structure consists of the following nine (9) Committees, of which five (5) report directly to the Clerk, and four (4) are sub-Committees reporting to the Executive Committee:

  • Executive Committee
    • Business Transformation Committee
    • Corporate Management Advisory Committee
    • Human Resources Advisory Committee
    • National Labour Management Consultation Committee
  • Management Committee
  • Operations Committee
  • Departmental Audit Committee
  • Evaluation Committee

1.6 Criteria

As a basis for concluding on the objective of the audit, the following three audit criteria were developed by the audit team during the Planning Phase, and were agreed to by management as relevant standards of performance and control:

  1. Privy Council Office has an effective governance framework that sets its strategic direction, and manages and oversees its activities or supports its strategic direction.
  2. Privy Council Office’s governance bodies have clearly communicated mandates that include, as appropriate, roles with respect to both oversight and strategic direction.
  3. Privy Council Office’s external and internal environments are monitored to obtain information that may signal a need to re-evaluate the organization's governance structures and mechanisms, objectives, policies and/or control environment.

The detailed lines of inquiry (oversight and strategic direction), and the related audit criteria/sub-criteria are set out in Appendix A.

2.0 Conclusion

Privy Council Office has established a comprehensive governance framework to provide strategic direction and oversight of departmental activities. This framework features a formal Committee structure, supplemented by a variety of other mechanisms and conventions. However, the Committee structure has not been revisited for some time, and its internal linkages are not fully understood. Consequently, Senior Management would benefit from validating its strategic linkages and processes now and on a periodic basis. The effectiveness of Executive Committee, in particular, could be improved through greater management involvement in the agenda setting process; better communication of the Committee’s information requirements; and formal documentation and follow-up of Committee decisions.

3.0 Findings

3.1 Summary of Findings

The main findings of the audit are as follows:

  • The Privy Council Office has a comprehensive governance structure in place to support departmental oversight and direction. The primary governance mechanism in place for the achievement of departmental objectives, the Operations Committee chaired by the Clerk, is an effective forum, and the Executive Committee, also chaired by the Clerk, generally functions well as the primary management committee that deals with departmental management responsibilities and the implementation of major change initiatives.
  • However, the relationships and strategic linkages between the Executive Committee and the various other committees in the formal governance structure, particularly the Corporate Management Advisory Committee and the Human Resources Advisory Committee, are not sufficiently well understood. More specifically:
    • Although the roles and responsibilities of the various Committees are defined and documented, the Committee Terms of Reference have not been reviewed recently, and may not align appropriately with the expectations of current Senior Management. In particular, the cycle and role for the Corporate Management Advisory Committee and the Human Resources Advisory Committee are in need of clarification.
    • Sub-Committees do not always communicate information to Executive Committee in a manner that satisfies Senior Management. Analysis of this information disclosed varying degrees of clarity and/or summarization.
    • Records of Decision are not prepared for the Executive Committee and tracking of decisions and follow-up on tasking is currently informal.

The following two sub-sections describe the audit findings in greater detail.

3.2 Governance Structure

Privy Council Office has a single strategic outcome that is directly informed by its mandate: “The Government's agenda and decision making are supported and implemented and the institutions of government are supported and maintained.”  As a small but significant central agency, departmental activities are not centered on direct delivery of programs and services to Canadians, but rather on the delivery of advice and support to the Prime Minister and Cabinet, and the provision of leadership and direction to the Public Service. The primary role of Privy Council Office is to drive the government agenda and priorities. The corporate governance structure and related management functions support this objective.

Overall Governance Structure. In support of its strategic outcome and objectives, Privy Council Office has established an overall governance structure with varying degrees of formality and rigour. The current Committee framework has evolved since it was first established in 2005 by the Clerk of the Privy Council. However, there have been numerous changes among Senior Management, including appointment of a new Clerk in July 2009. Although the roles and responsibilities of Privy Council Office’s various Committees are defined and documented, they are not well understood outside the individual Committees, and the overall governance structure has not been revisited by Senior Management for some time.

Operations Committee. The Operations Committee is the primary governance mechanism in place for the achievement of departmental objectives. The Operations Committee, which meets on a daily basis with the Clerk, is an effective forum for information sharing, overall alignment and some decision making, but does not directly address departmental management activities. The other governance committees meet regularly but less frequently than the Operations Committee.

Executive Committee. Executive Committee is the primary management committee. Executive Committee meets on a bi-weekly schedule, and is supported by the following three internal sub-Committees which research, analyze information, and make recommendations on specific areas of interest to the Executive Committee:

  • Business Transformation Committee. The Business Transformation Committee was established in 2010-2011 in response to the government-wide Strategic and Operating Review exercise. Its mandate is to look at implementation challenges and offer suggestions for future similar initiatives in the longer term. With the implementation of the government-wide deficit reduction action plan in 2011-2012, the role of the Business Transformation Committee requires realignment, and its Terms of Reference needs to be revisited. The Committee meets quarterly.
  • Corporate Management Advisory Committee. The Corporate Management Advisory Committee meets monthly. The Committee’s mandate is to provide strategic leadership, direction, advice and recommendations on corporate management related activities. The Committee is co-chaired by the Director, Legislative and House Planning, and the Executive Director, Finance and Corporate Planning Division. Membership is made up of Directors of Operations and most Directors in the Corporate Services Branch. Although membership is considered appropriate, audit results indicate that there is an increasing tendency to send alternates, which risks adversely impacting the Committee’s effectiveness in supporting the Executive Committee.
  • Human Resources Advisory Committee. The Human Resources Advisory Committee also meets monthly. The Committee discusses and makes recommendations to the PCO Executive Committee on human resource issues, policies, plans and reports. The Committee is chaired by the Assistant Secretary to the Cabinet, Economic and Regional Development Policy, with the Executive Director, Human Resources acting as Secretary. Membership is made up of Assistant Secretaries, the Assistant Deputy Minister, Corporate Services Branch, and related Directors. Membership is considered appropriate.

In addition to the Executive Committee and its supporting sub-Committees, Privy Council Office has two committees which provide oversight and advice directly to the Clerk. These two Committees are secretarially supported by the department’s Audit and Evaluation Division:

  • Departmental Audit Committee. The Departmental Audit Committee was established in accordance with the requirements of the Treasury Board Policy on Internal Audit. The Committee’s mandate is to provide objective advice and recommendations to the Clerk regarding the sufficiency, quality and results of assurance on the adequacy and functioning of the department’s risk management, control and governance frameworks and processes. Membership is appropriate, consisting of three external, independent members and two internal senior management representatives, with an external member serving as the Chair. The Departmental Audit Committee meets on a quarterly basis.
  • Evaluation Committee. Privy Council Office is classified as a Small Department and Agency for purposes of the 2009 Treasury Board Policy on Evaluation. Privy Council Office’s responsibilities under the Policy are therefore limited to, among other things, ensuring that evaluations are conducted appropriate to the needs of the department. Evaluation Committee meets on an as-required basis.

The remaining two departmental governance Committees act primarily as information sharing venues:

  • Management Committee. Management Committee is a venue for information briefings, meeting as considered appropriate. It has only met once or twice in the last few years. The need for this Committee was questioned in interviews with senior management.
  • National Labour Management Consultation Committee. Although this Committee is identified as a sub-Committee to the Executive Committee in the Privy Council Office Integrated Business Plan, it serves primarily as a means of communication between management and the unions that represent the interests of staff. Mandatory for all departments, the Committee is co-chaired by the Associate Secretary to the Cabinet and the unions which jointly establish the Committee agendas.

3.3 Operations and Support to the Executive Committee

As previously noted, Treasury Board defines Governance as “… the processes and structures through which decision-making authority is exercised”. As such, an effective governance structure ensures that individuals or groups of individuals are assigned responsibility for setting policy directions and priorities, making investment decisions, reallocating resources, and designing programs. Based on this understanding, a governance framework should provide effective support to Senior Management in ensuring the execution of these activities.

The Executive Committee serves as the primary management decision making Committee in the Privy Council Office’s governance structure. The Executive Committee provides oversight of matters such as the department’s management control framework, risk management practices, human resource management, departmental policies, internal processes and controls, and departmental reporting documents (e.g. the Report on Plans and Priorities, the Departmental Performance Report, Public Accounts information, and departmental financial statements). The Executive Committee also makes decisions which impact the strategic direction of the department and link Privy Council Office activities to the priorities of government as communicated through key federal government documents, such as the Speech from the Throne and the Budget.

The decisions made by Executive Committee are often based on information presented by its sub-Committees. However, the audit disclosed a need for improvement in the relationships and processes between Executive Committee and its sub-Committees, in particular, the Corporate Management Advisory Committee and Human Resources Advisory Committee:

  • Executive Committee agendas and information requirements are not effectively coordinated with those of its supporting sub-Committees. Executive Committee does not establish its own agendas, i.e. identify what advice and recommendations its sub-Committees should provide to facilitate Executive Committee’s role and decision making. There is currently too much “bottom-up” material on the agendas. A more robust agenda setting process would ensure that Executive Committee’s time is well used and that agenda items facilitate overall alignment with Privy Council’s strategic objective.
  • Senior Management indicated that the role of the Corporate Management Advisory Committee is not clear. The role, responsibilities and activities of the Committee as outlined in the Committee’s Terms of Reference have been affected by the evolution of key departmental processes.
  • Audit results indicate that the Corporate Management Advisory Committee and the Human Resources Advisory Committee do not always communicate information to Executive Committee in a manner that satisfies Senior Management. Audit interviews and a review of a sample of ten presentation documents linked to Executive Committee agendas disclosed varying degrees of clarity and/or summarization - information presented to Executive Committee is not always consistently targeted to the corporate decision required; not always supported by sufficient analysis; and/or not always summarized appropriately for management decision making.
  • For the Human Resources Advisory Committee, the rationale for the submission of information to the Executive Committee is not always clear. This is particularly important in light of the expected impact on departmental human resources of the implementation of the deficit reduction action plan.
  • Documentation of discussions and results varies across the Committees. Records of Decision are not prepared for the primary decision making Committee, Executive Committee, and tracking of decisions and follow-up on tasking by Executive Committee is ad-hoc and informal.

4.0 Recommendations

The audit resulted in three recommendations addressed to Privy Council Office through its Executive Committee. It is recommended that:

  • Recommendation # 1 – Privy Council Office, through its Executive Committee, review and re-validate on a cyclical basis (to be determined by Senior Management) the roles, responsibilities, and interrelationships of each of the Committees in the departmental governance structure, and make adjustments as considered appropriate.
  • Recommendation # 2 – Privy Council Office, through its Executive Committee, ensure that Senior Management participates in the agenda setting process for PCO’s governance Committees, and provides sufficient direction to the governance sub-Committees to ensure that they tailor their analysis, options and recommendations to better respond to the needs of Executive Committee.
  • Recommendation # 3 – Privy Council Office, through its Executive Committee, ensure that appropriate Records of Decision are prepared for all Executive Committee meetings, and that resulting actions are followed up and monitored.

5.0 Management Response and Action Plan

Management Response:

Management accepts the report and its recommendations.

Audit of Corporate Governance
Privy Council Office, through its Executive Committee, has overall accountability for the Management Action Plan.
Recommendation Actions to be Taken Responsibility Target Date
Recommendation # 1 - Privy Council Office, through its Executive Committee, review and re-validate on a cyclical basis (to be determined by Senior Management) the roles, responsibilities, and interrelationships of each of the Committees in the departmental governance structure, and make adjustments as considered appropriate. • The ADM Corporate Services Branch (CSB) conducts an annual review of governance with participation by the Corporate Management Advisory Committee (CMAC) & the Human Resources Advisory Committee (HRAC) Chairs. ADM CSB Fall 2012
i. Revisit the terms of reference where required. CMAC & HRAC Fall 2012
ii. Revisit committee procedures for smooth functioning (including guidelines for decks and reports). CMAC & HRAC Fall 2012
• Report the results and recommendations to PCO Executive for approval. ADM CSB December 2012
PCO Executive to review the membership for CMAC and HRAC annually (including list of delegates). PCO Executive December 2012
Recommendation # 2 – Privy Council Office, through its Executive Committee, ensure that Senior Management participates in the agenda setting process for PCO’s governance Committees, and provides sufficient direction to the governance sub-Committees to ensure that they tailor their analysis, options and recommendations to better respond to the needs of Executive Committee. • The ADM Corporate Services continues to manage the PCO Executive Committee's agenda with input from CMAC and HRAC. ADM CSB and Associate Secretary On-going
• The PCO Executive Committee would review its three-month forward agenda and annual overview planning calendar on a quarterly basis. PCO Executive On a quarterly basis (starting Sept. 2012)
• Sub-Committees to align their agenda according to the PCO Executive forward agenda and their own planning calendar. CMAC and HRAC Chairs On-going
ADM Corporate Services to establish standard guidelines for presentations & reports for Committees ADM CSB Summer 2012
• At Executive Committee meetings, presentations to include:
i. The latest discussion and recommendation of the sub-Committee (one slide). OPIs presenting to the PCO Executive On-going
ii. PCO Executive's decision sought (one slide) OPIs presenting to the PCO Executive On-going
iii. OPIs have to return to CMAC or HRAC and provide a debrief to the sub-Committees, on discussions they have had or decisions sought at the PCO Executive (This will allow a constant flow of information between PCO Executive and its sub-Committees). OPIs presenting to CMAC & HRAC On-going
Recommendation # 3 – Privy Council Office, through its Executive Committee, ensure that appropriate Records of Decision are prepared for all Executive Committee meetings, and that resulting actions are followed up and monitored. ADM Corporate Services to propose a standard Records of Decisions template for PCO Executive. ADM CSB Summer 2012
PCO Executive to write up Records of Decision, which are limited to the description of the work that needs to be accomplished, and follow-ups if applicable. The PCO Executive Secretary September 2012
i. Committee Chair to approve these records. Committee Chair September 2012
ii. ADM Corporate Services to monitor progress on commitments. ADM CSB On-going

Appendix A - Lines of Enquiry and Detailed Audit Criteria

Lines of Enquiry and Detailed Audit Criteria1
Criteria Sub-Criteria
Line of Enquiry: Oversight
1.0 Privy Council Office (PCO) has an effective governance framework that ensures adequate oversight of PCO activities and supports the delivery of results.
1.1 PCO has an effective governance framework that sets its strategic direction, and manages and oversees its activities or supports its strategic direction. 1.1.1 PCO’s oversight committees meet regularly, and receive timely information of sufficient quality to support both management decision making and an effective oversight function.
1.1.2 A process exists to inform the oversight bodies of significant issues identified by PCO staff.
1.1.3 PCO’s oversight committees are attended by the appropriate individuals:
  1. Management Committees: appropriate Senior management
  2. DAC: at least two external and independent members
1.1.4 The necessary information to be provided to oversight bodies has been documented and communicated, and its responsibility is clear.
1.2 PCO's governance bodies have clearly communicated mandates that include, as appropriate, roles with respect to both oversight and strategic direction. 1.2.1 PCO oversight bodies have a documented mandate that clearly communicate purpose, composition, frequency of meetings, roles, responsibilities and authority.
1.2.2 The mandates of PCO’s oversight committees are formally communicated to internal and external stakeholders.
1.2.3 The mandates of PCO’s oversight committees are aligned with PCO’s strategic direction.
Line of Enquiry: Strategic Direction
2.0 PCO’s governance mechanisms adequately establish, document and communicate the strategic direction for the organization, and support the continuing alignment of PCO’s strategic and operational plans to its strategic direction through monitoring of their implementation and the results against expectations.
2.1 PCO’s external and internal environments are monitored to obtain information that may signal a need to re-evaluate the organization's objectives, policies and/or control environment. 2.1.1 PCO regularly monitors the results of environmental scans for items that may impact PCO’s strategic direction or operational plans and priorities.
  1. Based on the Office of the Comptroller General's “Audit Criteria related to the Management Accountability Framework: A Tool for Internal Auditors” (March 2011)