G.7 Review of the Management Improvement Action Plan

  1. Following the finalization of an internal audit or practice review report, the PRIA Director responsible for the report will provide the Service Leader(s) responsible for addressing recommendations with a management action plan template containing the recommendation(s) and management’s response to the recommendation(s). An example of the management action plan is found in G.6.

  2. Following its initial completion, the management action plan is to be placed in PROxI and read only access is to be granted to the PRIA team.

  3. Service Leaders are responsible for ensuring management action plans are completed and that they adequately address the recommendations and observations arising from PRIA’s internal audits and practice review reports.

  4. Normally, the action plan should indicate where there is:

    • agreement with the recommendation and a commitment to undertake corrective action, with timelines; or

    • agreement with the recommendation and an explanation as to why corrective action cannot be taken at this time; or

    • disagreement with the recommendation together with an explanation.

  5. PRIA Directors will review the action plan to determine whether it adequately addresses the recommendations, since the action plan is expected to be a key element of the report that goes forward to the Audit Committee. In particular, the director will ensure that:

    • the proposed action will solve the underlying problem(s) and will produce concrete results at a reasonable cost;

    • the audit client has the capacity and authority to complete the actions; and

    • it is clear who is responsible for doing what and within what time frame.

  6. The responsible Service Leader will be asked to ensure that the action plan regularly updated to demonstrate any progress made or not made against recommendations. Once work on a particular recommendation is completed, Service Leaders are to shade the entire row grey. This will help to quickly identify those recommendations still requiring work.

  7. The action plan will be regularly reviewed by the PRIA Director which will allow the director responsible for the internal audit or the practice review report, to assess whether there is any undue risk in the proposed action plan.

  8. The review of the action plan will also help the director to determine the most appropriate follow-up action, e.g., regular status reports or a scheduled formal follow-up audit activity.

  9. If the director is not satisfied with the response or the action plan (e.g., too high risk that it will not correct the deficiency), a meeting will be scheduled with the responsible manager to present the concerns and suggest means by which the action plan might be improved.

  10. The internal audit director should brief the Chief Audit Executive of the issues prior to meeting with the responsible manager. The CAE may attend the meeting with the responsible manager as required.

  11. In the event that direct discussion with the responsible manager does not lead to a more acceptable plan, the CAE will raise the issue with the Service Leader and may wish to express his/her concerns when the report is presented to the Audit Committee, as long as the intention to do so has been communicated to client. If the matter relates to a level of accepted risk judged to be beyond the risk tolerance or appetite of the Office, the Chief Audit Executive will discuss the matter with the Auditor General and the Audit Committee.

Last modified:
2018-03-22