Title: Integrating the MAF Using Fundamental or Core Management Practices to Help Strengthen Management Pra
1Integrating the MAFUsing Fundamental (or Core)
Management Practices to Help Strengthen
Management Practices
- Mary Ellen McGUIRE
- Director, Corporate Planning and Management
Practices
FMI PD Week 2006 November 29, 2006
2MAF and the IRB
- IRB is implementing the MAF throughout the
organization - Key to the success of MAF is managers having a
better understanding of each of the MAF elements
and applying them - On-going initiative and a new MAF element is
introduced every second month
3MAF and the IRB
- Next phase will be to apply MAF to each
sub-activity within the PAA - IRB will use the MAF to introduce and implement
its Fundamental (or core) Management Controls - Fundamental Management Controls is a tool,
designed in line with the MAF, that provides
greater clarity for each MAF element
4MAF et la CISR
- La CISR introduit présentement le MAF à travers
lensemble de son organisation - La clé du succès de cette introduction se trouve
dans la meilleure compréhension de chaque
gestionnaire des éléments du MAF et la manière
dont ils doivent être appliqués -
- Les contrôles de gestion fondamentaux sont des
outils qui apportent une plus grande clartés à
chacun des éléments du MAF
5What is a Fundamental Control?
- A control element is fundamental, if it has
three criteria and a control can be considered
fundamental if it passes through all of the
following three filters. - Relevance
- The control is aligned with and supports the
achievement of the common government objectives
embedded in the MAF - The control is aligned with and helps to mitigate
common strategic risks - The control represents the most relevant control,
or most pertinent - Commonality
- The control is common and comparable across all
organizations, i.e., is applicable to any
organization - Auditability
- The control is auditable 1.
- 1 It is important to note that not all
auditable controls are fundamental, but a control
is not considered fundamental unless it is
auditable.
6What is a Fundamental Control? (Contd)
- Systems of internal controls, guidelines,
directives that are common but can vary across
departments in accordance with the mandate,
objectives and activities of each department of
agency - By 2009 all department must have a minimum level
of control - TBS is developing a set of common Core Management
(Fundamental) Controls for the Government of
Canada - consistent and aligned with the MAF elements
- provide guidance on the minimum level of controls
that will be expected of departments and agencies
7Contrôles fondamentaux Types de contrôles
- Contrôles préventifs réduit loccurrence des
évènements indésirables - Contrôles détectifs détecte et corrige les
évènements indésirables - Contrôles directifs cause ou encourage la
production dévènements positifs
8Fundamental Controls Some Examples by Type
- Preventive Controls
- Segregation of duties
- Effective planning and budgeting
- Security controls (i.e. access to building,
applications, etc) - Formal and rigorous approach to policy and
program design - Sound risk management practices
- Detective Controls
- Independent oversight/monitoring
- Comparison of actual financial results to
budget/plan - Reconciliations of batch balance reports to
financial control logs - Reconciliation of subsidiary ledgers with the
general ledger - Directive Controls
- Documented policies and procedures
- Documented and communicated values and ethics
code - Feedback from users and stakeholders drives
strategic and operational planning - Performance results are linked to management and
staff evaluations
9Why Fundamental Controls are Important for IRB
- Fundamental controls will assist managers to
better manage their programs and understanding
each MAF element as it promotes best practices - Basis for IRB Chief Audit Executive (CAE) to
provide annual holistic opinion to deputy heads
and audit committees on the effectiveness and
adequacy of risk management, control and
governance processes in their departments - Fundamental controls are key to good management
and business practices
10Contrôles fondés sur le risque
- Tel quindiqué précédemment, le gouvernement
sattend minimalement que les ministères
établissent au moins leurs contrôles fondamentaux - De plus, vu la spécificité de son mandat et de
ses objectifs stratégiques, la CISR ajoutera des
contrôles supplémentaires fondés sur le risque - La cohérence des décisions est un exemple de
contrôle fondé sur le risque qui est spécifique à
la CISR
11IRBs Fundamental Controls Project Three Phases
- GAP Analysis
- Establish fundamental control working group
- Raise managers awareness and understanding of
the MAF, risk management and controls. - Identify the key fundamental and risk-based
controls at the IRB. - Identify key fundamental controls required but
not currently in place at the IRB. - Validation
- Consolidate and validate the key fundamental and
risk-based controls in place and required to form
the foundation for the IRBs Fundamental Control
Framework. - Action Plan
- Implement additional key controls required and
carry out a preliminary assessment of identified
controls aligned to key IRB risks
12Lunivers de la vérification interne(conforme à
larchitecture des activités de programme de la
CISR)
13Approach and MethodologyPhase 1 GAP Analysis
- Raise managers awareness and understanding of
MAF, risk management and controls through - Presentations
- Discussions
- Workshops
14Phase 1 - Approches de collecte de données
Entrevues avec les gestionnaires de haut niveau
et dautres intervenants
Revue des documents et de la littérature.
Ateliers et visites
31
15Approche et méthodologiePhase 1 Analyse
décart
- Identifier les contrôles fondamentaux et ceux
axés sur le risque qui sont requis par la CISR,
mais qui ne sont pas encore en place - Latelier sur le contrôle dauto-évaluation
décrit dans létape B servira à identifier des
enjeux et des possibilités de repérer des
contrôles clés requis par la CISR
16Approach and MethodologyPhase 2 Validation
- Identify the key fundamental
- and risk-based controls at the IRB
- Consolidate the key fundamental controls that are
currently in place and those identified to form
the foundation for the IRBs strategic
Fundamental Control Framework. - Validate the draft IRB strategic Fundamental
Control Framework with senior management and
obtain approved at Executive Management
Committee. - Present IRB strategic Fundamental Control
Framework to the Chairpersons Management Board
for acceptance and approval
17Approach and MethodologyPhase 3 Action Plan
- Develop a plan to support
- Implementing additional key controls required
- but not currently in place at IRB and
- Carrying out a preliminary assessment of
identified controls aligned to key IRB risks
18La méthode globale et le calendrier dévaluation
19As-Is and To-Be Assessments overview
20Projet de lélaboration du Cadre des contrôles
fondamentaux, 2006-2009
21- QUESTIONS
- MERCI
- AND
- THANK YOU
-