B.8 Policy Statement for Controlling the Operations of the Office of the Auditor General

  1. Management is charged with the responsibility of controlling the operations of the Office of the Auditor General of Canada (Office) in a manner that

    1. safeguards the Office’s resources;

    2. ensures the accuracy and reliability of data, information, and reporting;

    3. ensures compliance with applicable laws and regulations;

    4. promotes efficient and effective operations; and

    5. contributes to the attainment of the Office’s objectives.

  2. Controlling is an integral part of managing operations. As such, it is the responsibility of management at all levels of the Office to

    1. identify and evaluate the exposures related to the conduct of its operations;

    2. specify and establish the policies, operating standards, procedures, systems, and other disciplines to be used to limit the risks associated with the exposures identified;

    3. establish practical controlling processes that require and encourage employees to perform their tasks in a manner that achieves a positive control result; and

    4. maintain the adequacy and effectiveness of the controlling processes that have been established.

  3. The role of Practice Review and Internal Audit is to assist management to attain Office goals by providing an independent, objective, assurance and consulting activity designed to add value and improve the Office’s operations through independently reviewing and evaluating the design and effectiveness of risk management, controls, governance, and operations, and by providing objective analyses and constructive recommendations for improvement. Management retains full control over the implementation of these recommendations.

  4. The Office’s policy statement on controlling operations has three dimensions:

    1. The Concept of Controlling

    2. Management's Responsibility for Controlling

    3. Practice Review and Internal Auditing's Responsibility for Evaluating the Process of Controlling

  5. The purpose of this statement is to amplify and clarify the three dimensions of controlling operations in the Office.

I. The Concept of Controlling

  1. Controlling is any action taken by a manager to enhance the probability that established goals and/or objectives will be achieved. Those actions may be either preventive (to deter undesirable events from occurring), detective (to detect and correct undesirable events that have occurred), or directive (to cause or encourage a desirable event to occur).

  2. Whatever form the action takes, controlling is a positive force, exerted through people, to achieve a stated goal or objective.

  3. An expense budget can illustrate the process of controlling. The preparation and approval of an expense budget is a directive action taken by management to cause or encourage an appropriate level of expenditures. Regular monitoring of actual expenditures against the budget is a detective control to detect and correct undesirable levels or nature of expenses that may have been incurred. Finally, any action taken by management to prohibit further expenses (or expenses of a certain type) from being incurred in the future is a preventive control.

  4. The four broad, generic objectives of controlling operations are:

    1. safeguard the resources for which the individual manager is responsible, including human resources and the goodwill of the Office;

    2. ensure the reliability of data and information either used internally or reported externally;

    3. promote efficient and effective operations; and

    4. ensure that management's intentions are carried out, including those outlined in plans, policies, and procedures, and are in compliance with the laws/regulations under which the Office operates.

II. Management’s Responsibility for Controlling

  1. To have an adequate and effective process for controlling operations, managers at all levels of the Office have the following responsibilities:

    1. Foster an environment conducive to controlling. Each manager’s behavior and attitude toward control will influence the attitudes of other employees. The manager who demonstrates high ethical and personal standards, integrity, diligence, loyalty, and honor will create an environment that encourages adequate and effective controlling processes within his or her sphere of influence.

    2. Identify the exposures to loss and calculate the risks involved in conducting operations. Each exposure to loss or impediment to obtaining an objective must be identified for each system and/or sector in the organization. In this case, loss can be interpreted as financial and/or reputational. Each exposure must then be evaluated for its impact on the Office, the probability of occurrence, and its controllability on a cost-effective basis.

    3. Establish an infrastructure of “business fundamentals” comprised of policies, operating and performance standards, budgets, plans, systems, procedures, etc., that addresses the exposures identified and reduces them to an acceptable level of business risk.

    4. Establish practical (cost beneficial) controlling processes that motivate, channel, and/or otherwise direct employees to perform their work in a manner that achieves a positive control result.

    5. Establish an ongoing monitoring program to determine and report on the effectiveness with which the controlling processes accomplish their intended purpose.

III. Practice Review and Internal Auditing’s Responsibility for Evaluating the Process of Controlling

  1. The Office’s practice review and internal audit activity is responsible for periodically evaluating the processes of controlling operations throughout the Office. That responsibility is carried out in three distinct steps:

    1. ascertaining that the design of the process of controlling, as it has been established and represented by management, is adequately designed in relation to the related risk;

    2. determining, through compliance testing and other procedures, that the process is, in fact, operating as intended in an effective and efficient manner; and

    3. reporting to the Audit Committee and management the results of audit work performed and offering recommendations for improving the controlling process.

  2. The frequency and scope of auditing the controlling process is determined by the chief audit executive of the Office, in concert with executive management, and as approved by the Office’s Audit Committee.

Last modified:
2018-02-10