The URL can be used to link to this page

Home My WebLink AboutFCS-16-097 - 2015 Year In Review REPORT TO: Audit Committee DATE OF MEETING: June 27, 2016 SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 WARD(S) INVOLVED: ALL DATE OF REPORT: June 20, 2016 REPORT NO.: FCS-16-097 SUBJECT: 2015 YEAR IN REVIEW AUDIT STATUS REPORT ___________________________________________________________________________ RECOMMENDATION: No recommendation required. The following information is being provided as an update and assurance on internal audit matters, in accordance with the Audit Committee Terms of Reference. EXECUTIVE SUMMARY: The intent of this report is to give Audit Committee a full picture of the service review work completed, in progress and not started in 2015. This encompasses the work of internal audit and the service review work undertaken within each department. This report provides a summary of the Internal Audit activities during the 2015 calendar year compared to the Audit Committee approved work plan. The 2015 internal audit work plan was approved by the Audit Committee on December 15, 2014 and can be referenced in report FCS- 14-195. Detailed audit reports relating to each item have been or will be presented to Audit Committee during past or future quarterly status updates and are thus not included here. This report also includes a summary of the other service reviews performed within each of the three departments as part of the Integrated Service Review Work Plan which was presented to Audit Committee as part of the report referenced above. Staff committed to reporting back to Audit Committee on an annual basis regarding the status of the plan. *** This information is available in accessible formats upon request. *** Please call 519-741-2345 or TTY 1-866-969-9994 for assistance. REPORT: A significant amount of internal audit and service review work was completed in 2015. Resources in all departments except for Infrastructure Services (INS) were working at full capacity. The Manager of Service Coordination and Improvement and the Business Analyst roles within INS were vacant for most of the year. Internal Audit 83% or 5 of 6 planned 2015 activities were completed, with one review (Hiring Transparency) being deferred until 2017 to ensure the underlying process improvements have been fully implemented before performing a follow-up review. One review (Accounting) is still in progress and on track as planned. There was one confidential investigation performed in 2015. The following chart shows the status of each of the approved 2015 work plan items. Topic Type of Review Status Service Reviews Community Resource Centres Comprehensive Completed May 2016 Accounting Comprehensive In progress and on track Office of Mayor and Council Organizational Complete Controls Reviews Employee Expenses Controls Complete Hiring Transparency Follow-up audit Deferred to 2017 Recurring Internal Audit Activity Cash counts Controls Complete Physical Inventory Count verification Complete Ad hoc Confidential Investigations Investigation 1 Completed *Note: a list of review type definitions is included in Appendix A. Integrated Service Review Work Plan The chart below provides the status of the 2015 integrated service review work plan items assigned to the three departments for completion, including the items assigned to internal audit and mentioned above. Topic Type of Review Status Resources Comments Community Resource Comprehensive Complete Audit, CSD Centres Accounting Comprehensive In progress Audit, FCS Office of the Mayor and Organizational Complete Audit Council Information Technology Risk assessment Partially FCS 5 of 7 sections complete complete Human Resources Process/Service Complete FCS Accommodations Delivery Human Resources Process Complete FCS Recruiting Various INS services Process/Service Not started INS Vacant no work Delivery/Risk completed Assessment Summaries of the Information Technology and the two Human Resources reviews are included below. These did not involve Internal Audit and therefore have not been presented through the quarterly audit status updates. 1. Information Technology (IT) Risk Assessment Objective: To proactively identify corporate risk framework, and to create a prioritized risk register to be a tool for IT management to develop mitigation strategies to address high risk areas. The timing of the risk assessments was aligned with staff providing input to inform the Corporate Technology Strategic Plan refresh (Digital Kitchener Strategy) and as such, two additional goals were identified: 1. To identify topics for cross-functional staff working groups to explore ideas and solutions to be included in the Digital Kitchener Strategy 2. To identify priority areas that cut across IT to include in Digital Kitchener strategy Scope: Based on the scope and different focus areas in IT, assessments were done by section teams. Five of seven IT sections underwent the risk assessment: GIS, Planning and Projects, Network Systems/Telecommunications, Office Services, and Service Desk. Two sections were postponed to 2016 due to staff resources being required to support Project Everest in 2015, namely Development and Database Administration. Methodology: Online survey of 57 IT staff to obtain input on goals, vision of success and risks in the following areas: Service delivery, Employee, Public, Physical Environment, Reputation, Financial, Regulatory Data analysis and creation of a draft risk register document for each section of success, and to assign through a consensus-building approach ratings for the impact and likelihood of each risk Consolidation of section risk registers into one master list to identify key themes and input for Digital Kitchener, and a point-in-time summary of risks for the division Key Findings and Recommendations: Risks were rated and prioritized within IT sections and all input was reviewed to identify ideas used to help inform the four draft priority areas: Infrastructure, Solutions, Information, and Digital Inclusion. Because the risk assessment work is incomplete from a divisional perspective, with two remaining IT sections to undertake this work in 2016, no summary findings or recommendations have been made. Once all risk assessments are complete the IT management team will review, validate and combine risks identified by sections into a single divisional risk register. This will then act as a tool to identify, assess, and assign ownership to mitigate high priority risks across the entire IT division. 2. Human Resources (HR) Accommodations Objective: To perform a program Accommodation program to identify gaps and actions required to enable improvements. Goals included: Understand impact of the new Short Term Disability Support Program on case management, accommodation and return to work processes Update processes as needed to create sustainable service, compliance, efficiencies, communication and timeliness Clarify staff roles in accommodation processes and services Understand current and shifting legal landscape around duty to accommodate and if the irements Identify any technology needs to create efficiencies and comply with reporting and documentation requirements Determine whether current training sufficiently educates management, employees, and union groups on the legal requirements for accommodation Identify if the City has the right business model and resources to provide required return to work and accommodation services for a modern, mid-sized city. Review/understand funding and uses of the WSIB Reserve and Sick Leave Reserve around accommodation services. Scope: The Accommodations program includes three main areas: return to work, disability case management and accommodation planning for employees. All of these areas were included in this review. Methodology: Internal interviews with staff from HR and across the organization Benchmarking with other municipalities on programs and processes Statistical analysis of historical data and trends Process mapping to understand process complexity and identify improvements Discussions with SunLife staff as a key partner in aspects of the program External legal review of current program and practices Key Findings and Recommendations: The review validated the City has a strong and proactive Accommodation Program and identified many positive practices including: The City returns employees to meaningful, safe work much earlier than municipal counterparts, evidenced through SunLife, Human Resource Benchmarking Network, and Workplace Safety and Insurance Claim data. Staff recognize their accountabilities in the program as coworkers, managers, union representatives and employees. Additional findings include: Case numbers and complexity are growing, as a result of: Accessibility Legislation and increased awareness and accountability o Having a clear point of access for staff through the HR Associate roles o New short term sick leave support program with SunLife adjudicating cases and o usage Challenges exist to manage difficult cases, ensure timely communications, and ensure all those with responsibility are aware and informed. New data collection and case management methods, training and communication are required to support and evolve programs. A total of 45 recommendations were made to further advance current effective programs and services, in the areas of: Impact of SunLife processes on City processes Roles and responsibilities Legal review Technology Communications, awareness and training Staffing, support and funding Recommendations will be implemented by HR with the engagement and participation of the affected internal partners. 3. HR Recruiting Review Objective: This second phase of a series of recruiting process reviews focused on hiring processes that were intermittently HR led or supported. As with previous recruiting reviews, this review was undertaken to ensure effective, efficient and legally defensible recruiting processes. Goals included: Establishing greater consistency in recruiting practices Improving the quality of recruiting practices Reducing bottlenecks, delays and cycle-times Improving coordination of work Better defining recruiting roles and responsibilities (HR and hiring managers) Ensuring recruiting processes are transparent and compliant with corporate policies and employment legislation Create new/revised processes and practices to address recommendations from the 2011 Hiring Transparency and Nepotism internal audit Scope: Recruiting functions that intermittently involved HR, with a view to embed the recruiting process into operating departments for some employee classifications in the future. The types of recruiting included: 9000 series, continuous and non-continuous part time Job pool Temporary full time Mass recruits Temporary appointments Expression of interest process Methodology: Review team made up of cross-section of staff with responsibility and experience for hiring these positions Review, mapping and analysis of 19 recruiting processes associated with these recruits Review and identification of appropriate roles and responsibilities Internal consultation with hiring managers regarding current processes External benchmarking to compare practices and identify potential new practices Consideration and incorporation of recommendations from first phase of recruiting review for consistency Identification of new or revised processes and practices Documentation of new/improved processes to respond to Hiring Transparency and Nepotism Audit recommendations Key Findings and Recommendations: Major findings focussed on an inconsistency between operating areas, lack of clarity on HR involvement, and a high degree of administrative tasks and high cycle times for the process. To address the key findings, a total of 36 major recommendations (supported by many more minor process improvements) were made to: reduce cycle times, reduce administration, improve transparency and defensibility, and ensure hiring managers are better equipped to lead hires in a manner that is in line with corporate recruiting philosophy and management best practice. The following are significant recommendations from the review: Written/verbal offer: consistent process and templates to mitigate risk associated with inaccurate verbal and written employment offers by defining key terms and conditions of employment in a standardized form letter, while eliminating process steps, improving cycle times and reducing errors Alternate application method: eliminates systemic barriers associated with the prescriptive process and tools in that it allows applicants to apply to positions outside of the online software system - creating flexibility for hiring managers by allowing non- electronic applications as circumstances warrant Group interviews (mass recruits): by defining accountabilities, hiring managers will be able to use standardized criteria for making hiring decisions, in acknowledgement of the significant amount of staff time associated with these hires HR will retain back-end administration responsibilities such as HireDesk and PeopleSoft system administration, while hiring managers will have greater autonomy to lead and direct recruiting for these positions Incorporate applicable recommendations/outcomes from previous (HR-led) recruiting process review to these recruits where applicable e.g., consistent templates and checklists, optimize An implementation, communication and transition plan will need to be developed to shift responsibility for some aspects of the process to hiring managers in departments CONCLUSION: Many service improvements have been made during 2015 as a result of the work carried out under the Integrated Service Review Work plan by Internal Audit and department staff. While most of the planned reviews were completed or started, lack of resources in INS continue to be a barrier to accomplishing the entire work plan. However, these positions will be fully staffed by mid-2016. Work continues to support a culture of continuous improvement and contributes to more efficient and effective services. ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN: service. FINANCIAL IMPLICATIONS: There are no financial implications related to this report. COMMUNITY ENGAGEMENT: INFORM committee meeting. PREVIOUS CONSIDERATION OF THIS MATTER: Integrated service review work plan approval: FCS-14-195, December 15, 2014. ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services Appendix A Review Type Definitions Capacity A review of the actual transaction or work volume, the average time to complete each transaction and the estimated required resourcing compared to the actual resourcing. Compliance A test to determine if staff is following all rules, regulations and policies associated with the service. Comprehensive An all-encompassing review of the division or service including things like process and functional analysis, organization structure review, controls, compliance, risk assessment, service delivery, customer satisfaction, value for money, capacity, benchmarking and any other analysis required. Controls A review of the adequacy of control points in a process to protect assets from fraud or theft. Debrief A review of the outcomes of a project or event following the completion of the project or event, in comparison to the original goals and objectives. Follow up An additional review of any type, not sooner than 1 year after the original review in order to assess the impact of the original recommendations and proactively identify any new / emerging risks. Impact A review to determine all of the up-stream and down-stream touch points, assessment information flows and dependencies in a process. Operational and A comprehensive review of the strategy and operations of a unit to determine Strategic if the operating model is in alignment with the strategic goals. Process An analysis of what is done in delivering a particular service and where effectiveness could be improved. Risk assessment An identification of all of the possible risks that could affect a service including rating the probability and impact of the risk using the corporate risk matrix. Role clarification Clarification, documentation, and communication of roles and responsibilities of similar roles to ensure there is no overlap in duties. Service delivery A review to determine the optimal method of delivering a service including exploring options of contracting out or not delivering the service at all.