March 2016 //

Canadian Government Executive /

23

Internal Audit

nate such controls, as they provide man-

agement with a sense of security against

perceived risks.

Another driver of risk aversion is the per-

ceived consequences of non-compliance

with policies and related “rules.” There

are several cases where departmental and

government-wide procedural policies may

be out of date or misinterpreted, particu-

larly with regards to corporate service re-

lated functions such as travel and staffing.

Rather than applying the spirit of a given

policy, burdensome processes are often

created to ensure compliance with rules,

when the rules themselves may be unclear.

An example of this is the varying degree

to which departments and agencies have

interpreted the 2013 Treasury Board Direc-

tive on Travel, Hospitality, Conference and

Event Expenditures (the Directive).

The internal audit community is equally

risk averse. Although identifying efficien-

cies is part of internal audit’s mandate,

auditors may be reluctant to recommend

eliminating excessive controls for fear that

their removal may result in future control

failures as well as potential impacts on

their credibility. Traditionally, internal

auditors have maintained the view that it

is management’s responsibility to identify

risk tolerance levels and establish control

frameworks. As such, auditors often place

a greater emphasis on examining the ef-

fectiveness of existing controls and the

efficiency in administering them, rather

than challenging the established risk tol-

erances or whether the controls should be

maintained based on the current risk envi-

ronment. This is often seen in audits that

focus on procedural compliance, rather

than questioning the existence, relevance,

and value of the procedures themselves.

The pressure is mounting on the fed-

eral government to provide better public

services with fewer resources. This trans-

formation of the public service inherently

conflicts with the current risk averse cul-

ture in our institutions. To continue to be

viewed as a credible and relevant partner,

internal audit must increase its focus on

reducing costly bureaucratic processes,

while still maintaining its credibility

through the provision of assurance on rel-

evant and efficient controls and processes.

The Internal Audit Branch (IAB) within

Natural Resources Canada (NRCan) has

begun its own transformation towards

becoming an enabler of intelligent risk-

taking, in pursuit of greater efficiencies

and a reduction of bureaucratic process-

es. To achieve this transformation IAB

has recruited internal auditors with the

right experience, professional designa-

tions, and necessary leadership compe-

tencies to succeed. Furthermore, building

strong relationships with senior manage-

ment as trusted advisors and value-added

partners has been critical in establishing

ourselves as an effective agent of organi-

zational change, including challenging

management’s appetite for risk. The fol-

lowing are recent examples of when IAB

questioned risk tolerances, resulting in

the elimination of redundancies:

• Challenging the type of files regularly

reviewed by a senior level committee,

resulting in a significant reduction of

files reviewed and a shift towards pro-

viding risk-based advice and decision

making, rather than an informal ‘ap-

proval’ mechanism.

• Questioning mandatory training origi-

nally planned for all employees, result-

ing in targeted training of a number of

employees based on their specialized

responsibilities and job requirements.

• Reducing burdensome reporting and

oversight processes for low-risk funding

transfers to other federal government

departments.

As IAB seeks to further increase its value

to NRCan, we believe opportunities exist

to play a significant role in the early stag-

es of program development. This would

enable IAB to leverage its knowledge and

expertise to support senior management

in the development of controls and pro-

cesses at the onset of new initiatives. Such

an approach could lead to leaner pro-

cesses, a reduction in bureaucracy, and

improved service delivery to Canadians.

It should be noted that in spite of its

contribution towards intelligent risk-

taking, NRCan’s audit function remains

committed to providing assurance on the

effectiveness of relevant controls and pro-

cesses as part of its mandate. Audit recom-

mendations to strengthen controls related

to legislative and government policy re-

quirements are essential to sound stew-

ardship and are areas that will always

benefit from assurance activities.

As part of assurance services; however,

the value of providing recommendations

that challenge risk tolerance levels and re-

sult in the elimination of redundant con-

trols is equally important. Ultimately, this

approach to the provision of audit services

would allow senior management to view

internal audit not just as an ‘assurance’

function, but as an effective mechanism to

reduce and eliminate costly bureaucratic

processes. As an enabler of intelligent risk-

taking, internal audit is well positioned to

support departments in achieving greater

cost savings and efficiencies that Canadi-

ans expect from their government.

Z

iad

S

hadid

is Director of Audit

Operations, Natural Resources Canada.

To continue to be

viewed as a credible

and relevant partner,

internal audit must

increase its focus on

reducing costly

bureaucratic processes,

while still maintaining

its credibility through

the provision of

assurance on relevant

and efficient controls

and processes.