Integrating the MAF Using Fundamental or Core Management Practices to Help Strengthen Management Pra

1
Integrating the MAFUsing Fundamental (or Core)
Management Practices to Help Strengthen
Management Practices

• Mary Ellen McGUIRE
• Director, Corporate Planning and Management
  Practices

FMI PD Week 2006 November 29, 2006
2
MAF and the IRB

• IRB is implementing the MAF throughout the
  organization
• Key to the success of MAF is managers having a
  better understanding of each of the MAF elements
  and applying them
• On-going initiative and a new MAF element is
  introduced every second month

3
MAF and the IRB

• Next phase will be to apply MAF to each
  sub-activity within the PAA
• IRB will use the MAF to introduce and implement
  its Fundamental (or core) Management Controls
• Fundamental Management Controls is a tool,
  designed in line with the MAF, that provides
  greater clarity for each MAF element

4
MAF et la CISR

• La CISR introduit présentement le MAF à travers
  lensemble de son organisation
• La clé du succès de cette introduction se trouve
  dans la meilleure compréhension de chaque
  gestionnaire des éléments du MAF et la manière
  dont ils doivent être appliqués
• Les contrôles de gestion fondamentaux sont des
  outils qui apportent une plus grande clartés à
  chacun des éléments du MAF

5
What is a Fundamental Control?

• A control element is fundamental, if it has
  three criteria and a control can be considered
  fundamental if it passes through all of the
  following three filters.
• Relevance
• The control is aligned with and supports the
  achievement of the common government objectives
  embedded in the MAF
• The control is aligned with and helps to mitigate
  common strategic risks
• The control represents the most relevant control,
  or most pertinent
• Commonality
• The control is common and comparable across all
  organizations, i.e., is applicable to any
  organization
• Auditability
• The control is auditable 1.
• 1 It is important to note that not all
  auditable controls are fundamental, but a control
  is not considered fundamental unless it is
  auditable.

6
What is a Fundamental Control? (Contd)

• Systems of internal controls, guidelines,
  directives that are common but can vary across
  departments in accordance with the mandate,
  objectives and activities of each department of
  agency
• By 2009 all department must have a minimum level
  of control
• TBS is developing a set of common Core Management
  (Fundamental) Controls for the Government of
  Canada
• consistent and aligned with the MAF elements
• provide guidance on the minimum level of controls
  that will be expected of departments and agencies

7
Contrôles fondamentaux Types de contrôles

• Contrôles préventifs réduit loccurrence des
  évènements indésirables
• Contrôles détectifs détecte et corrige les
  évènements indésirables
• Contrôles directifs cause ou encourage la
  production dévènements positifs

8
Fundamental Controls Some Examples by Type

• Preventive Controls
• Segregation of duties
• Effective planning and budgeting
• Security controls (i.e. access to building,
  applications, etc)
• Formal and rigorous approach to policy and
  program design
• Sound risk management practices
• Detective Controls
• Independent oversight/monitoring
• Comparison of actual financial results to
  budget/plan
• Reconciliations of batch balance reports to
  financial control logs
• Reconciliation of subsidiary ledgers with the
  general ledger
• Directive Controls
• Documented policies and procedures
• Documented and communicated values and ethics
  code
• Feedback from users and stakeholders drives
  strategic and operational planning
• Performance results are linked to management and
  staff evaluations

9
Why Fundamental Controls are Important for IRB

• Fundamental controls will assist managers to
  better manage their programs and understanding
  each MAF element as it promotes best practices
• Basis for IRB Chief Audit Executive (CAE) to
  provide annual holistic opinion to deputy heads
  and audit committees on the effectiveness and
  adequacy of risk management, control and
  governance processes in their departments
• Fundamental controls are key to good management
  and business practices

10
Contrôles fondés sur le risque

• Tel quindiqué précédemment, le gouvernement
  sattend minimalement que les ministères
  établissent au moins leurs contrôles fondamentaux
• De plus, vu la spécificité de son mandat et de
  ses objectifs stratégiques, la CISR ajoutera des
  contrôles supplémentaires fondés sur le risque
• La cohérence des décisions est un exemple de
  contrôle fondé sur le risque qui est spécifique à
  la CISR

11
IRBs Fundamental Controls Project Three Phases

• GAP Analysis
• Establish fundamental control working group
• Raise managers awareness and understanding of
  the MAF, risk management and controls.
• Identify the key fundamental and risk-based
  controls at the IRB.
• Identify key fundamental controls required but
  not currently in place at the IRB.
• Validation
• Consolidate and validate the key fundamental and
  risk-based controls in place and required to form
  the foundation for the IRBs Fundamental Control
  Framework.
• Action Plan
• Implement additional key controls required and
  carry out a preliminary assessment of identified
  controls aligned to key IRB risks

12
Lunivers de la vérification interne(conforme à
larchitecture des activités de programme de la
CISR)
13
Approach and MethodologyPhase 1 GAP Analysis

• Raise managers awareness and understanding of
  MAF, risk management and controls through
• Presentations
• Discussions
• Workshops

14
Phase 1 - Approches de collecte de données
Entrevues avec les gestionnaires de haut niveau
et dautres intervenants
Revue des documents et de la littérature.
Ateliers et visites
31
15
Approche et méthodologiePhase 1 Analyse
décart

• Identifier les contrôles fondamentaux et ceux
  axés sur le risque qui sont requis par la CISR,
  mais qui ne sont pas encore en place
• Latelier sur le contrôle dauto-évaluation
  décrit dans létape B servira à identifier des
  enjeux et des possibilités de repérer des
  contrôles clés requis par la CISR

16
Approach and MethodologyPhase 2 Validation

• Identify the key fundamental
• and risk-based controls at the IRB
• Consolidate the key fundamental controls that are
  currently in place and those identified to form
  the foundation for the IRBs strategic
  Fundamental Control Framework.
• Validate the draft IRB strategic Fundamental
  Control Framework with senior management and
  obtain approved at Executive Management
  Committee.
• Present IRB strategic Fundamental Control
  Framework to the Chairpersons Management Board
  for acceptance and approval

17
Approach and MethodologyPhase 3 Action Plan

• Develop a plan to support
• Implementing additional key controls required
• but not currently in place at IRB and
• Carrying out a preliminary assessment of
  identified controls aligned to key IRB risks

18
La méthode globale et le calendrier dévaluation
19
As-Is and To-Be Assessments overview
20
Projet de lélaboration du Cadre des contrôles
fondamentaux, 2006-2009
21

• QUESTIONS
• MERCI
• AND
• THANK YOU