Corporate Audit Plan
The purpose of internal auditing is to provide independent assurance and consulting services. This improves Niagara Region's operations and brings a disciplined approach to the evaluation of:
- Risk management activities
- Internal controls
- Governance processes
The Internal Audit division has a professional obligation to develop a comprehensive risk-based annual audit plan. This is consistent with recommendations by professional associations, including the Institute of Internal Auditors and the Chartered Professional Accountants of Canada.
The 2023-2024 Internal Audit Plan was developed based on:
- Consultation meetings with members of the Audit Committee
- Consultation meetings with members of the Corporate Leadership Team
- A comprehensive risk assessment of processes, programs and functions across the organization
- A jurisdictional scan of hot topics, emerging risks and auditable areas in other local comparable organizations
Internal audit projects
The following projects have been approved by Regional Council as the Internal Audit Plan.
-
Vendor performance management
Scope: Evaluate and provide recommendations to strengthen internal controls on analyzing and documenting vendor performance for large / tier one contracts.
Rationale: Assess current practices and provide a practical cost-effective framework to evaluate, monitor and document feedback on performance for key vendors / contractors.
Risks: Insufficient oversight over performance of vendors could lead to the Region receiving poor quality of services / materials. Poor documentation could affect Region's ability to recover damages from under-performing vendors.
-
Waste management contract compliance audit
Scope: To independently evaluate the performance and compliance of Waste Management's contractor against its contractual obligations. The audit will also examine staff's efficacy at managing their service provider, such as performance measures, enforcement protocols, dispute resolution and contingency plans.
Rationale: Waste Management's contractor is Niagara Region's largest vendor at $21 million in annual spent - eight percent of all purchase orders. It creates in high public attention, complex operational requirements and high financial impact.
Risks: Insufficient service levels by the contractor may directly impact Niagara residents. Financial, legal and reputational risks may also occur if compliance to the service agreement is not maintained.
-
Driver Certification Program audit
Scope: Using the standard Driver Certification Program audit plan, assess compliance to Ontario Ministry of Transportation's regulatory requirements for commercial fleet operators, specifically for 'signing authorities' approved by the Ministry of Transportation to deliver driver training and testing.
Rationale: This is a standard audit performed by multiple Ontario municipal audit teams. Performing the audit in-house will result in cost savings for the Public Works department compared to outsourcing.
Risks: Meeting or exceeding the Ministry of Transportation's regulatory requirements are mandatory to continue participating in the Driver Certification Program. Continued participation in the program has numerous benefits including higher staff engagement and lower driver training and testing costs.
-
Cyber planning, management framework and response recovery strategies
Scope: Focuses on protection, detection, response and recovery if issues occur. This evaluation will include the entire network including SCADA testing.
Rationale: Cyber security audits were proposed to be conducted in two phases. Phase 1 was completed in 2022 which covered penetration and vulnerability assessment. Phase 2 is expected to be completed in 2024-2025 covering governance and data security.
Risks: Security control concerns could effect the reliability, accuracy and security of the enterprise data.
-
Non-competitive procurement audit
Scope: Re-evaluate the management control framework which ensures openness, accountability, transparency and fairness in non-competitive procurement activities.
Rationale: This audit will have a targeted focus on single / sole-sourced procurements which tend to generate a higher degree of public interest, particularly in the public sector.
Risks: Non-compliance to procurement policies, procedures and by-law, or uncompetitive behaviour may lead to financial or legal implications. In addition, a loss of community trust may occur if the procurement process is perceived to be uncompetitive.
-
Medication - EMS narcotic storage
Scope: Assess compliance with applicable laws, policies and procedures related to storage, counting, administration, audits and destruction of narcotics and controlled substances.
Rationale: Controls related to areas such as audits, disposal and discontinuation of narcotic substances were recently added in 2022 to the policies and procedures. Audit would focus on compliance with the new regulations.
Risks: Insufficient monitoring over controlled substances increases the risk to public safety.
-
Vendor management - consultant spend
Scope: Review management control framework ensuring transparency, efficiency, cost effectiveness and performance of vendors providing various management consultancy services to the Region. Compliance with applicable laws, regulations, policies and procedures for changes to the initial scope of agreed work will also be covered in this review.
Rationale: Increased dependence on external consultants has resulted in an increase in change orders. Management wanted an analysis on the efficiency of current processes in place to monitor and issue scope changes / creep.
Risks: Lack of adequate planning at the inception of a project could lead to budget overruns and inefficient use of the Region's resources.
-
Psychological wellness programs
Scope: To consult and advise in a collaborative manner with Human Resources (Health, Safety and Wellness) and EMS divisions to perform an evaluation of Regional Psychological Wellness Programs, with a principle focus on the impact of Bill 163 'Supporting Ontario's First Responders Act', where post-traumatic stress disorder diagnosis for EMS workers is now presumed to be work-related. This will not be a traditional internal audit, but a consulting and advisory project.
Rationale: Requested from management. The financial and human resource pressures on Niagara Region resulting from Bill 163 are high, including increased WSIB costs of around $1.2M each year from 2019.
Risks: There is a financial risk to the Region in that the EMS division is currently experiencing greater than budgeted WSIB costs. In addition, there may be challenges to labour relations and scheduling, which may ultimately impact service levels to the public.