City of Auditor General Auditor General, City of Markham...Through partner-led engagements, we...
23
Presented by: Geoff Rodrigues, CPA, CA, CIA, CRMA, ORMP Auditor General, City of Markham City of Markham Presentation to the General Committee Auditor General Services Four Year Audit Plan May 30, 2016
Transcript of City of Auditor General Auditor General, City of Markham...Through partner-led engagements, we...
Pre
sente
d b
y:
Ge
off
Ro
dri
gu
es
, C
PA
, C
A, C
IA, C
RM
A, O
RM
P
Au
dit
or
Gen
era
l, C
ity o
f M
ark
ham
Cit
y o
f M
ark
ham
Pre
sen
tati
on
to
th
e G
en
era
l C
om
mit
tee
Au
dit
or
Ge
ne
ral S
erv
ice
s
Fo
ur
Ye
ar
Au
dit
Pla
n
Ma
y 3
0, 2
01
6
Pa
ge
2
Tab
le o
f C
on
ten
ts
•F
inal A
ud
it C
ha
rte
r
•A
ud
it P
lan A
ppro
ach
•F
our
Year
Audit P
lan
•A
nn
ua
l Aud
it P
lans
–2
01
6
–2
01
7
–2
01
8
–2
01
9
•A
ud
it P
lan E
xecution
Pa
ge
3
Fin
al A
ud
it C
hart
er
•T
he
purp
ose o
f th
e a
ud
it c
hart
er
is to s
erv
e a
s the
form
al
docum
ent
outlin
ing t
he
follo
win
g:
•S
cope o
f A
uditor
Genera
l Audit f
unction;
•A
ccounta
bili
ty;
•A
uth
ority
, A
ccess a
nd S
upport
;
•R
esponsib
ility
;
•In
dependence a
nd O
bje
ctivity;
•R
eport
ing a
nd M
onitoring;
and,
•S
tandard
s.
•T
he
dra
ft A
udit C
ha
rter
was p
rese
nte
d to
and
revie
wed b
y
Coun
cil
in J
anu
ary
/Feb
rua
ry,
201
6.
•A
qu
estio
n p
eri
od w
as p
rovid
ed
by t
he
Auditor
Genera
l (“
AG
”)
to C
ouncil
on
the
au
dit c
hart
er.
N
o e
dits w
ere
made.
•R
efe
r to
Appe
ndix
A for
the
fin
al A
udit C
hart
er.
Pa
ge
4
Au
dit
Pla
n A
pp
roac
h
A s
tro
ng
syste
m o
f in
tern
al co
ntr
ol is
esse
ntia
l to
effe
ctive
en
terp
rise
ris
k m
an
ag
em
en
t….
•E
nte
rpri
se
Ris
k M
an
ag
em
en
t (“
ER
M”)
pla
ys a
n
import
ant
role
in t
he
Auditor
Genera
l’s a
ud
it f
un
ctio
n.
•T
he
app
lica
tio
n o
f ri
sk-b
ased c
oncepts
and t
echniq
ue
s
in b
oth
the s
ele
ctio
n a
nd
execu
tio
n o
f au
dit p
roje
cts
is
cru
cia
l in
supp
ort
ing t
he
str
ate
gic
vis
ion a
nd m
issio
n o
f
the
City o
f M
ark
ham
.
•W
he
n p
rep
ari
ng t
he
aud
it p
lan,
our
firs
t ste
p w
as t
o
co
ndu
ct
an
ente
rprise w
ide
ris
k a
sse
ssm
ent.
Pa
ge
5
Au
dit
Pla
n A
pp
roac
h
•To
co
nduct th
e e
nte
rprise w
ide r
isk a
ssessm
ent, w
e p
erf
orm
ed
the
follo
win
g:
1.
Co
nd
ucte
d o
ne
-on
-one
in
terv
iew
s a
nd
ris
k id
en
tifica
tio
n w
ork
sh
op
s
to g
ath
er
info
rmation a
nd to u
nders
tand the r
isks a
t th
e
de
pa
rtm
en
tal le
ve
l.
a)
On
e-o
n-o
ne
in
terv
iew
s h
eld
with
Co
un
cill
ors
, th
e C
hie
f A
dm
inis
tra
tive
Offic
er
(“C
AO
”) a
nd
Co
mm
issio
ne
rs.
b)
Wo
rksh
op
s h
eld
with
Se
nio
r M
an
ag
em
en
t a
nd
City s
taff.
c)
Ris
k v
otin
g s
essio
ns c
on
du
cte
d w
ith
all
of th
e a
bo
ve
.
d)
In to
tal, th
e A
G h
ad
ove
r 9
0 to
uch
po
ints
be
twe
en
Co
un
cil
an
d
City S
taff.
2.
Co
mp
iled
a p
rio
ritize
d lis
tin
g o
f th
e 4
6 r
isks id
en
tifie
d d
uri
ng
th
e
inte
rvie
ws a
nd
wo
rksh
op
s, w
hic
h fo
rme
d th
e “
Au
dit U
niv
ers
e”.
Pa
ge
6
Au
dit
Pla
n A
pp
roac
h
4.
Ind
ep
en
de
ntly a
sse
sse
d th
e a
ud
it u
niv
ers
e a
nd
bu
ilt t
he
fo
ur
ye
ar
Au
dit P
lan
an
d tim
ing
of a
ud
its, co
nsid
eri
ng
:
5.
Th
e fo
ur
ye
ar
au
dit p
lan
wa
s d
eve
lop
ed
ba
se
d o
n th
e r
esu
lts o
f th
e
recently c
ond
ucte
d r
isk a
ssessm
ent and c
urr
ent in
tern
al/exte
rnal
facto
rs. A
s w
e p
rog
ress w
ith
th
e A
ud
ito
r G
en
era
l se
rvic
es a
nd
ba
se
d o
n s
ub
se
qu
en
t u
pd
ate
s to
th
e r
isk a
sse
ssm
ent, th
e p
lan
is
su
bje
ct to
ch
an
ge
.
1.
Severi
ty o
f each
in
here
nt
risk (
in t
he a
bsen
ce o
f m
itig
ati
ng
co
ntr
ols
).
2.
Str
ate
gic
rele
van
ce t
o t
he o
rgan
izati
on
.
3.
Are
as,
fun
cti
on
s, o
r p
rocesses w
here
th
ere
has b
een
sig
nif
ican
t ch
an
ge
in t
he
past
year
or
exp
ecte
d c
han
ge i
n t
he c
om
ing
years
.
4.
Em
erg
ing
is
su
es o
r tr
en
ds.
5.
Are
as o
f p
art
icu
lar
co
mp
lexit
y.
6.
Fu
nc
tio
nal are
as t
hat
are
co
re t
o t
he C
ity’s
op
era
tio
ns.
Pa
ge
7
Au
dit
Pla
n A
pp
roac
h
•R
isk r
an
kin
g is b
ase
d o
n r
isk
cri
teri
a s
co
res
in th
e r
isk a
sse
ssm
en
t a
nd
th
e in
he
ren
t risks
ide
ntifie
d.
•W
he
n p
rio
ritizin
g w
hic
h r
isks to
au
dit a
nd
tim
ing
of th
e a
ud
it, co
nsid
era
tion
is g
ive
n to
inh
ere
nt
risk, g
ive
n t
ha
t re
sid
ua
lrisk is b
ase
d
on
ma
na
ge
me
nt’s a
sse
ssm
en
t o
f th
e s
tre
ng
th
of m
itig
atin
g c
on
tro
ls, a
nd
th
e r
ole
of th
e
Au
dito
r G
en
era
l co
ntin
ues to
be
an
ob
jective
asse
ssm
ent o
f m
ana
ge
me
nt’s c
on
tro
ls.
•C
onsid
era
tio
n is a
lso
giv
en
to
th
e le
ve
l o
f
eff
ort
req
uire
d fo
r e
ach
au
dit p
roje
ct a
nd
reso
urc
ing
ne
ed
s. T
his
will
allo
w t
he
Au
dito
r
Genera
l to
dete
rmin
e the s
cope o
f th
e p
lanned
au
dits p
er
ye
ar
to b
e b
ase
d o
n p
rio
rity
,
ca
pa
city,
an
d s
kill
s r
eq
uire
d to
co
nd
uct th
e
au
dit.
Ris
k Sc
ore
Leve
l of
Ass
essm
ent
15
-2
5H
igh
/Cri
tica
l
11
-1
4M
od
erat
e
1 -
10
Insi
gnif
ican
t/Lo
w
Effo
rtSc
op
e o
f W
ork
Maj
or
Det
aile
d T
est
ing
Mo
der
ate
Lim
ited
Te
stin
g
Min
or
Rev
iew
Pa
ge
8
Fo
ur
Yea
r A
ud
it P
lan
•W
e h
ave c
om
mitte
d t
o c
om
ple
ting 1
0 a
udits o
ver
4 y
ears
, pla
nned a
s
follo
ws: •
2016 –
2 a
udits
•2017 –
3 a
udits
•2018 –
3 a
udits
•2019 –
2 a
udits
•T
he A
udit P
lan w
ill b
e r
evie
wed a
t le
ast
annually
to c
onfirm
the
upcom
ing y
ear’
s a
udits a
nd m
ake a
dju
stm
ents
accord
ingly
.
•T
he a
udits in 2
017,
201
8 a
nd 2
019 h
ave b
een p
resente
d in t
he p
lan,
how
ever,
we w
ill m
ain
tain
fle
xib
ility
to a
dju
st
the t
imin
g a
nd s
cope o
f
the a
udits,
in o
rder
to a
ddre
ss e
merg
ing issues a
s t
hey a
rise o
r C
ouncil
requests
, if a
ny.
Pa
ge
9
20
16
An
nu
al A
ud
it P
lan
Tim
ing
Dep
t. or
Div
isio
nR
isk
Nam
eR
isk
Des
crip
tion
Prop
osed
Aud
it Sc
ope
Q3
(Jul
y to
Sept
)
Appl
icab
le
Dep
artm
ents
Tax/
Wat
er
Rev
enue
The
risk
that
pro
perty
tax
and
wat
er
reve
nue
is n
ot a
ccur
atel
y an
d tim
ely
invo
iced
, col
lect
ed a
nd a
ccou
nted
for.
Asse
ssm
ent o
f the
City
's p
roce
sses
and
con
trols
rela
ted
to
tax
and
wat
er re
venu
e, in
clud
ing
set u
p of
tax
& w
ater
acco
unt,
billin
gs &
col
lect
ions
, and
reco
ncilia
tions
of
info
rmat
ion
from
dat
abas
es/s
yste
ms.
Thi
s w
ill be
acco
mpl
ishe
d th
roug
h th
e us
e of
var
ious
dat
a po
ints
(i.e
.
MPA
C, r
oll n
umbe
rs, r
egis
tere
d lo
ts, e
tc.)
and
anal
ytic
s.
Q4
(Oct
to D
ec)
Appl
icab
le
Dep
artm
ents
Cas
h
Man
agem
ent
The
risk
of p
oor c
ash
man
agem
ent
proc
esse
s.
Asse
ssm
ent o
f the
cas
h ha
ndlin
g an
d m
anag
emen
t pra
ctic
es
thro
ugho
ut a
repr
esen
tativ
e sa
mpl
e of
the
City
's lo
catio
ns
whe
re p
aym
ents
are
pro
cess
ed.
Incl
udes
reco
mm
enda
tions
rela
ted
to p
aym
ent c
ard
best
pra
ctic
es a
nd s
tand
ards
(i.e
.
PCI).
Pa
ge
10
20
17
An
nu
al A
ud
it P
lan
Tim
ing
D
ep
t. o
r
Div
isio
nR
isk
Nam
eR
isk
De
scri
pti
on
Pro
po
sed
Au
dit
Sco
pe
Q1
(Jan
to
Mar
ch)
ITS
Cyb
er S
ecur
ityT
he r
isk
that
the
orga
niza
tion
does
not h
ave
adeq
uate
mea
sure
s in
plac
e to
pro
tect
its
IT s
yste
ms
and
info
rmat
ion
from
atta
ck.
Ass
essm
ent o
f the
City
's lo
gica
l sec
urity
and
man
agem
ent/m
onito
ring
cont
rols
rel
atin
g to
cyb
ercr
ime
prev
entio
n, d
etec
tion
and
inci
dent
man
agem
ent p
roce
sses
,
polic
ies,
pro
cedu
res
and
gove
rnan
ce a
ctiv
ities
. Foc
us w
ill b
e
on c
yber
crim
e m
anag
emen
t sta
ndar
ds, g
uide
lines
and
proc
edur
es a
s w
ell a
s th
e im
plem
enta
tion
and
gove
rnan
ce o
f
thes
e ac
tiviti
es.
Q2
(Apr
il to
June
)
Pro
cure
men
t
/ Fin
ance
Pro
cure
men
t/
Ven
dor
Man
agem
ent
The
ris
k of
an
inef
fect
ive,
inef
ficie
nt
and
inap
prop
riate
ly c
ontr
olle
d
proc
urem
ent p
roce
ss.
Rev
iew
of v
endo
r m
anag
emen
t pra
ctic
es w
ith r
egar
ds to
initi
al
set u
p to
test
the
effe
ctiv
enes
s of
con
trol
s in
pla
ce to
ens
ure
vend
ors
are
appr
oved
and
aut
horiz
ed (
non-
fictit
ious
),
perf
orm
ance
mea
sure
men
t, an
d us
e of
ana
lytic
s to
mon
itor
and
asse
ss v
endo
r ac
tiviti
es a
nd te
rmin
atio
n (f
inal
con
trac
t
clos
e-ou
t) a
nd p
aym
ent.
The
rev
iew
will
incl
ude
a cr
oss
sect
ion
of la
rge
proc
urem
ents
and
sm
all w
orks
.
Q3
(Jul
y to
Sep
t)
ITS
IT S
yste
m
Effe
ctiv
enes
s
The
ris
k of
the
inad
equa
cy o
r no
n-
inte
grat
ion
of IT
sys
tem
s re
sulti
ng in
an in
abili
ty to
mee
t use
r
requ
irem
ents
.
Pos
t Im
plem
enta
tion
Rev
iew
of t
he H
RIS
sys
tem
for
desi
gn
and
oper
atin
g ef
fect
iven
ess,
incl
udin
g w
heth
er th
e sy
stem
func
tiona
lity
mee
ts u
ser
defin
ed s
cope
/req
uire
men
ts.
Pa
ge
11
20
18
An
nu
al A
ud
it P
lan
Tim
ing
Dep
t. or
Div
isio
nR
isk
Nam
eR
isk
Des
crip
tion
Pro
pose
d Au
dit S
cope
Q1
(Jan
to
Mar
ch)
Appl
icab
le
Dep
artm
ents
Dev
elop
men
t
Cha
rges
The
risk
that
dev
elop
men
t cha
rges
are
not a
ccur
atel
y an
d tim
ely
invo
iced
, col
lect
ed a
nd a
ccou
nted
for.
Asse
ssm
ent o
f the
City
's p
roce
sses
and
con
trols
rela
ted
to
deve
lopm
ent c
harg
es, i
nclu
ding
com
plet
enes
s (i.
e. tr
ansl
atio
n
of a
ll in
com
ing
appl
icat
ions
into
dev
elop
men
t cha
rges
),
colle
ctio
ns a
nd re
mitt
ance
of c
harg
es, a
nd re
conc
iliatio
ns.
Q3
(Jul
y to
Sep
t)
Fina
nce
and
Hum
an
Res
ourc
es
Pay
roll
The
risk
that
the
City
doe
s no
t hav
e
the
appr
opria
te p
roce
sses
and
cont
rols
in p
lace
to e
nsur
e pa
yrol
l is
auth
oriz
ed (n
on-fi
ctiti
ous
empl
oyee
s)
and
accu
rate
.
Rev
iew
of p
ayro
ll pr
oces
ses
and
cont
rols
afte
r the
impl
emen
tatio
n of
the
HR
IS s
yste
m to
eva
luat
e th
e de
sign
and
oper
atin
g ef
fect
iven
ess
of c
ontro
ls.
Q4
(Oct
to D
ec)
Asse
t
Man
agem
ent
Phy
sica
l
Infra
stru
ctur
e &
Asse
ts
The
risk
of a
n in
appr
opria
te o
r
unsu
stai
nabl
e ap
proa
ch to
the
City
’s
phys
ical
infra
stru
ctur
e ar
isin
g fro
m
eith
er in
tern
al o
r ext
erna
l fac
tors
.
Asse
ssm
ent o
f the
City
's p
roce
sses
rela
ted
to p
rope
rty a
nd
asse
t man
agem
ent,
incl
udin
g us
e of
ana
lytic
s/m
etric
s to
asse
ss h
ow e
ffect
ivel
y an
d ef
ficie
ntly
the
asse
ts a
re b
eing
man
aged
aga
inst
pro
perty
man
agem
ent b
est p
ract
ices
.
Pa
ge
12
20
19
An
nu
al A
ud
it P
lan
Tim
ing
Dep
t. or
Div
isio
nR
isk
Nam
eR
isk
Des
crip
tion
Pro
pose
d Au
dit S
cope
Q1
(Jan
to
Mar
ch)
Legi
slat
ive
Ser
vice
s
Info
rmat
ion
Man
agem
ent
The
risk
of th
e in
abilit
y to
man
age
info
rmat
ion
(incl
udin
g ag
reem
ents
,
docu
men
ts a
nd d
ata)
, res
ultin
g in
inco
nsis
tent
pra
ctic
es, i
neffi
cien
t
shar
ing
of in
form
atio
n, a
nd in
abilit
y to
effe
ctiv
ely
resp
ond
to F
reed
om o
f
Info
rmat
ion
("FO
I") re
ques
ts.
Audi
t of c
ompl
ianc
e to
the
Rec
ords
Ret
entio
n B
y-la
w, a
s w
ell
as re
view
of r
ecor
ds m
anag
emen
t pro
cess
es a
nd p
ract
ices
for e
ffici
ency
, inc
ludi
ng F
OI r
eque
st h
andl
ing
and
track
ing,
agai
nst c
omm
only
acc
epte
d pr
actic
es.
Q3
(Jul
y to
Sep
t)
Appl
icab
le
Dep
artm
ents
Bui
ldin
g an
d
Dev
elop
men
t
Rev
iew
Pro
cess
The
risk
of a
n in
effe
ctiv
e, in
effic
ient
and
inap
prop
riate
ly c
ontro
lled
deve
lopm
ent r
evie
w p
roce
ss.
Rev
iew
of t
he b
uild
ing
and
deve
lopm
ent r
evie
w p
roce
ss fo
r
the
exis
tenc
e of
ade
quat
ely
desi
gned
and
effe
ctiv
e in
tern
al
cont
rols
afte
r the
impl
emen
tatio
n of
eP
lans
; to
asse
ss th
e
adeq
uacy
, suf
ficie
ncy,
tim
elin
ess,
and
acc
urac
y of
the
depa
rtmen
t's re
view
pro
cedu
res.
Pa
ge
13
Au
dit
Pla
n E
xec
uti
on
•E
ach indiv
idual audit w
ill b
e s
epara
tely
pla
nned,
and c
om
mence w
ith t
he
com
ple
tion o
f an a
udit p
lannin
g m
em
o (
“AP
M”)
, th
at
will
outlin
e:
Ob
jective,
Scope,
Ris
ks, A
ppro
ach,
Deliv
era
ble
s.
•T
he A
PM
will
be s
hare
d w
ith C
ouncil
in a
dvance o
f th
e s
chedule
d a
udit.
•T
hro
ughout
the c
onduct
of
the a
udit,
info
rmation w
ill b
e g
ath
ere
d f
rom
City
sta
ff thro
ugh inte
rvie
ws,
revie
w o
f re
levant
docum
enta
tio
n,
and independent
testing.
•F
indin
gs w
ill b
e v
alid
ate
d w
ith t
he C
hie
f A
dm
inis
trative O
ffic
er
(“C
AO
”) a
nd
Com
mis
sio
ners
, fo
r fa
ctu
al accura
cy.
•O
nce t
he a
udit h
as b
een c
om
ple
ted,
a form
al audit r
epo
rt w
ill b
e p
repare
d
and p
resente
d t
o C
ouncil.
Pa
ge
14
Q &
A
Pa
ge
15
Co
nta
ct
Info
rmati
on
Ge
off
Ro
dri
gu
es
Na
tio
na
l In
tern
al A
ud
it L
ea
de
r,
En
terp
rise R
isk S
erv
ice
s
416-5
15-3
800
Ge
off.R
od
rigu
es@
mn
p.c
a
FIN
AL
WO
RD
MN
P is
on
e o
f th
e la
rges
t ch
arte
red
acc
ou
nta
ncy
an
d b
usi
nes
s ad
viso
ry f
irm
s in
Can
ada.
Fo
r m
ore
th
an 7
0 y
ears
, we
hav
e p
rou
dly
se
rved
an
d r
esp
on
ded
to
th
e n
eed
s o
f o
ur
mid
-mar
ket
clie
nts
in
the
pu
blic
an
d p
riva
te s
ecto
rs.
Thro
ugh
par
tner
-led
en
gage
men
ts,
we
pro
vid
e a
cost
-eff
ecti
ve a
pp
roac
h t
o d
oin
g b
usi
nes
s an
d
per
son
aliz
ed s
trat
egie
s to
hel
p y
ou
ach
ieve
yo
ur
goal
s.
We
loo
kfo
rwar
dto
gett
ing
tokn
ow
you
and
you
ro
rgan
izat
ion
.
Sc
ott
Cro
wle
y
Re
gio
na
l M
an
ag
ing
Pa
rtn
er,
Ad
vis
ory
Se
rvic
es
416-2
60-3
277
Sco
tt.C
row
ley@
mn
p.c
a
Ve
ron
ica
Bil
a
Se
nio
r M
an
ag
er,
En
terp
rise R
isk S
erv
ice
s
416
-515-3
843
Ve
ron
ica
.Bila
@m
np
.ca
Pa
ge
16
App
endix
A –
Fin
al A
udit C
hart
er
CITY OF MARKHAM
AUDITOR GENERAL SERVICES
AUDIT CHARTER
Reviewed by: General Committee of Council
Date: May 30, 2016
Approved by: City of Markham Council
Date: May 31, 2016
A u d i t C h a r t e r 2 | P a g e
TABLE OF CONTENTS
INTRODUCTION…….….…………………………………………………………………………….3
PURPOSE ………………………….….……………………………………………………………...3
SCOPE……………..………………….……………………………………………………………….3
ACCOUNTABILITY………………….……………………………………………………………….3
AUTHORITY, ACCESS AND SUPPORT…………………………………………………………..4
RESPONSIBILITY.………………….….……………………………………………………………..5
INDEPENDENCE AND OBJECTIVITY.….………………………………………………………...6
REPORTING AND MONITORING.….……………………………………………………………...6
STANDARDS.....…………………………….………………………………………………………..7
ENQUIRIES……….…………………….…………………………………………………………….7
APPROVAL………………………….………………………………………………………………..7
A u d i t C h a r t e r 3 | P a g e
INTRODUCTION
The Auditor General (“AG”) for the City of Markham reports through General Committee to Council. The purpose, scope, authority, responsibilities and accountability of AG activities are described in this Audit Charter ("charter").
This charter shall be periodically reviewed and updated as required, in consultation with the General Committee.
PURPOSE
The purpose of the AG is to provide independent, objective assurance and advice designed to add value and improve the City’s operations. The AG will collaborate with management and help the City accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
In addition to these primary services, the AG shall provide guidance to improve the effectiveness of controls, examine suspected fraudulent or irregular activities, and provide advisory services to assist with the improvement of operational activities.
SCOPE
The scope of the AG is defined annually through the approved Audit Plan and includes all audit activities to assist management in determining whether the City’s network of governance, risk management, and control processes, are adequate and functioning in a manner to ensure:
Risks are appropriately identified and managed.
Interaction with the various governance groups occurs as needed.
Significant financial, managerial, and operating information is accurate, reliable, and timely.
Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
Interactions and arrangements with third parties, including external parties, are in compliance with policies, standards, procedures, and applicable laws and regulations.
Resources and assets are acquired economically, used efficiently, and adequately safeguarded.
Operations and initiatives are conducted to deliver results that are consistent with established objectives and goals.
Quality and continuous improvement are fostered in the City’s control process.
Legislative or regulatory compliance issues impacting the City are recognized and addressed appropriately.
Opportunities for improving management control, financial and operating results, and the City’s structure or performance may be identified during audits. To fulfill its objective of adding value and improving the City’s operations, the AG will validate audit findings and recommendations with the appropriate level of management and obtain management responses and action plans to include in audit reports.
A u d i t C h a r t e r 4 | P a g e
ACCOUNTABILITY
The AG, in the discharge of his duties, shall be accountable to Council through the General Committee to:
Provide coverage of the adequacy and effectiveness of the City’s processes for controlling its activities and managing its risks.
Report important issues related to the processes for managing risk and controlling the activities of the organization, including potential improvements to those processes, and provide information concerning such issues through resolution. This includes coverage of risk management and governance practices.
Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources. This includes ensuring the resources are sufficient in amount and competency, through in-house staff and co-sourcing, to cover the risks in the annual audit plan.
Coordinate with and provide coverage of other control and monitoring functions (risk management, governance, compliance, security, legal, ethics, environmental) and external audit.
Along with management, establish a follow-up process to track and monitor the effective implementation of management actions related to important issues and recommendations.
AUTHORITY, ACCESS AND SUPPORT
For the purpose of this charter, affiliates of the City include, but are not limited to, service providers, subcontractors, consultants or any other party performing work, whereby the City has an oversight role.
The AG shall have access to any functions, meetings, records, physical property, and personnel required to carry out their responsibilities. The AG shall handle confidential information by adhering to the same restrictions that apply to the department that manages it. The AG should also have full and free access to the General Committee and Council.
The Mayor and City councillors, management and staff shall provide full cooperation, access to records, explanations, assistance, and general facilitation to complete audit endeavours.
The Commissioner, Corporate Services or their designate is authorized to:
Coordinate with management to ensure the audit personnel and contracted resources have unrestricted access to all functions, meetings, records, physical property, and personnel required to carry out their responsibilities.
Coordinate with management to allocate internal resources and/or seek from management the necessary assistance of personnel in departments of the City or those contracting with the City in order to accomplish audit objectives.
As part of carrying out his/her responsibilities or at the request of management, provide advice to management on the audit process, as deemed appropriate.
A u d i t C h a r t e r 5 | P a g e
RESPONSIBILITY
The AG’s responsibilities and accountability are defined and approved by Council through the General Committee, which includes all activities that encompass:
The examination and evaluation of the adequacy and effectiveness of the system of internal controls; and,
The quality of performance in carrying out assigned responsibilities and operational activities.
The AG has responsibility to:
Develop a four-year audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan, as well as any recommendations regarding changes to the plan, if required, to the General Committee for review and approval.
Implement each annual audit plan, as approved, including as appropriate any special tasks or projects requested through General Committee for approval by Council.
Maintain professional internal audit resources with internal audit staff and, where appropriate, external resources with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
Evaluate and assess important merging/consolidating functions and new or changing services, business units, processes, systems, operations, and control processes coincident with their development, implementation, and/or expansion.
Evaluate the reliability and integrity of operational and financial information and the means used to identify, measure, classify, and report such information.
Evaluate the systems established to ensure compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
Evaluate the means of safeguarding assets and, as appropriate, verify the existence of such assets.
Evaluate the effectiveness and efficiency with which resources are employed.
Evaluate operations or programs to ascertain whether results are consistent with established objectives and goals.
Evaluate and report on risk management processes, significant risk exposures and control issues.
Consider fraud risks during the planning of audits, alertness to process deficiencies or other red flags which indicate the possibility that fraud could or has occurred, the determination of whether further action is required, and the recommendation of investigations where appropriate.
Assist as appropriate in the investigation of suspected fraudulent activities within the organization and notify management (where appropriate) and Council through the General Committee of the results.
Issue periodic reports summarizing results of audit activities to the Executive Leadership Team and through the General Committee for approval by Council.
Keep General Committee and Council informed of emerging trends and successful practices in internal auditing.
Provide audit measurement goals and results to the General Committee and Council.
Coordinate its plans and efforts with those of the external auditors to avoid duplication of audit effort and to optimize audit coverage.
A u d i t C h a r t e r 6 | P a g e
In discharging its responsibilities or at the request of management, as appropriate, provide advice to management that add value and improve an organization’s governance, risk management, and control processes without the AG assuming management responsibility.
Execute a quality assurance and improvement program to ensure the effective operation of audit activities and annually report the results of the program to the Commissioner, Corporate Services and Council through the General Committee.
INDEPENDENCE AND OBJECTIVITY
The AG is required to be independent and objective. In order to ensure maintenance of its independence and objectivity, the AG will remain free from interference by any element in the City, including matters of audit selection, scope, procedures, frequency, timing, or report content.
To provide for the organizational independence of the audit function, the AG will report functionally to the General Committee with administrative coordination provided by the Commissioner, Corporate Services to support the AG role.
To ensure objectivity, the AG shall not implement procedures or controls, develop records, or engage in any activity that would impair their objectivity. To assist management in discharging their responsibilities, the AG may take an active role in the formulation of policies and procedures, or the development of new systems. However to remain independent and objective, it will be in an advisory capacity, with final decisions and implementation being the responsibility of the appropriate management.
The AG shall not have direct responsibility for or authority over any activities which they review. To the extent that the AG has responsibility or authority over any of the activities being audited, objective assurance will be provided by internal auditors hired outside of the organization, the appointment of which is approved by Council.
The AG will attest to the organizational independence of the AG’s audit activity and identify any unwarranted restrictions on audit scope, communications, access, and resources, including personnel and externally contracted resources to Council through the General Committee, at least annually.
REPORTING AND MONITORING
The AG will submit to the General Committee:
A four-year risk-based audit plan for approval by Council.
Annual audit plans will be developed based on a prioritization of the audit universe using a risk-based methodology, including input from the Mayor, Councillors, the Executive Leadership Team, senior management and other identified City staff. Any significant deviation from the approved audit plan will be communicated to the General Committee through periodic updates. Ultimate approval of the audit plan resides with Council.
Quarterly reports and updates on the status of and/or recommendations to significant changes to the audit plan, regulatory updates, emerging trends, and other relevant matters.
A u d i t C h a r t e r 7 | P a g e
A written report will be prepared and issued following the conclusion of each audit engagement and once discussed with management, will be distributed as appropriate, including the General Committee. To ensure management feedback and to encourage management participation in the process, the audit report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations, including timetable of anticipated completion. All significant findings will remain open and reported quarterly to the General Committee until such time that the issue has been cleared.
An annual report on the audit activities conducted during the preceding year.
Immediate communication of any suspected or known instances of fraud to the General Committee.
STANDARDS
The internal audit profession is covered by the International Professional Practices Framework of The Institute of Internal Auditors. This framework includes mandatory elements consisting of the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing. The AG will meet these mandatory requirements of the profession.
The AG shall employ established and proven frameworks and practices that are appropriate for the City and for the effective performance of AG responsibilities.
The AG will annually discuss the results of the audit quality assurance and improvement program to ensure effective operation of audit activities in accordance with the above standards.
ENQUIRIES
Enquiries about this policy should be directed to the Commissioner, Corporate Services or the AG.
APPROVAL
The charter shall be approved by Council.
