B.7 Management Risk and Control Policy

  1. Management is charged with the responsibility for establishing a network of risk-based processes based on the overall integrated risk management program, with the objective of controlling the operations of the Office of the Auditor General (the Office) in a manner that provides the Auditor General with reasonable assurance that:

    1. the Office’s plans, programs, goals, and objectives are achieved.

    2. resources are acquired economically and employed appropriately;

    3. quality business processes and continuous improvement are emphasized;

    4. the Office’s resources (including its people, systems, data/information bases, and customer goodwill) are adequately protected;

    5. resources are acquired economically and employed appropriately; quality business processes and continuous improvement are emphasized; and

    6. the activities of the Executive Committee, management and employees are consistent with the policies, standards, plans and procedures of the Office, and with relevant legislation and regulations.

  2. Controlling is a function of management and is an integral part of the overall process of managing operations. As such, it is the responsibility of managers at all levels of the Office to

    1. identify and evaluate the exposures to loss that relate to their particular sphere of operations;

    2. specify and establish policies, plans, and operating standards, procedures, systems, and other disciplines to be used to minimize, mitigate, and/or limit the risks associated with the exposures identified;

    3. establish practical controlling processes that require and encourage management and employees to carry out their duties and responsibilities in a manner that achieves the five control objectives mentioned in the preceding bullet point; and

    4. maintain the effectiveness of the controlling processes staff have established and foster continuous improvement to these processes.

  3. Practice Review and Internal Audit is charged with the responsibility for independent assessment of the extent to which ongoing processes for integrated risk management and control of operations throughout the Office are adequately designed and functioning in an effective manner. Practice review and internal audit is also responsible for reporting its findings to management and the Audit Committee on the adequacy and effectiveness of the Office’s systems of integrated risk management and internal control, together with ideas, counsel, and recommendations to improve the systems. This review and appraisal in no way relieves management of the responsibilities assigned to them.

  4. The Audit Committee is responsible for monitoring, overseeing, and evaluating the duties and responsibilities of management, the practice review and internal audit activity, and the external auditors as those duties and responsibilities relate to the Office’s processes for managing risk and control and control over its operations. The Audit Committee is also responsible for determining that all major issues reported by Practice Review and Internal Audit, the external auditor, and other outside advisors have been satisfactorily resolved. Finally, the Audit Committee is responsible for reporting to the Auditor General all important matters pertaining to the Office’s controlling processes.

Last modified:
2018-02-15