The URL can be used to link to this page

Home My WebLink AboutFCS-16-144 - Service Review Prioritization Refresh REPORT TO: Audit Committee DATE OF MEETING: September 26, 2016 SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 WARD(S) INVOLVED: All DATE OF REPORT: September 19, 2016 REPORT NO.: FCS-16-144 SUBJECT: Service Review Prioritization Refresh ___________________________________________________________________________ RECOMMENDATION: No recommendation required. The following information is being provided as an update and assurance on internal audit matters, in accordance with the Audit Committee Terms of Reference. BACKGROUND: In 2012 Audit Committee approved a risk based framework to prioritize services across the corporation for the purposes of performing service reviews. All 95 services were ranked based on three factors: 1. Total risk score (60% weighting) 2. Operating expense budget (30% weighting) 3. Date of last review (10% weighting) This framework allowed focus to be placed on reviewing the higher risk services first, while adjusting the ranking for services which had recently been reviewed or did not generate high operating expenses. The annual integrated service review work plan was then constructed each year by choosing the next services on the prioritized list. The list is now outdated and needs to be refreshed. A process to gather refreshed risk data from divisions has now been completed. The outcomes of this process include: A refreshed prioritized list of services from which the service review work plan will be based each year. Note that there are now 44 services on this list (instead of 95) to align with the service groupings / nomenclature found in the business plans. Summarized corporate and department risk profiles. Senior management will use the risk profiles to align strategies and resources to address common high risk areas or opportunities in a coordinated fashion in order to meet strategic and business plan objectives. *** This information is available in accessible formats upon request. *** Please call 519-741-2345 or TTY 1-866-969-9994 for assistance. 2 - 1 Audit Committee members are asked to provide their input regarding the prioritized list and bring forward any areas for review they would like considered in the work plan for 2017. REPORT: Total Risk (60%) As part of the process to refresh the prioritization of service reviews, a survey was sent to all divisions to gather information on 22 standard risk areas as shown in the table below. Divisions were also asked to rate their overall risk, taking into consideration the answers to the 22 questions as well as any unique risks that affect their service area. Significant outreach was done with departments and divisions to ensure the requirements for the survey were understood prior to completion. Risk Category Risk Area Financial risks 1 Adequacy of controls 2 Value of daily cash deposits 3 Condition of capital assets managed by the division 4 Future revenue opportunities Service delivery risks 5 Impact of service on citizens 6 State of innovation 7 Adequacy of business continuity plan 8 Data quality and reliability 9 State of change within the division Employee risks 10 Staff turnover in last 12 months 11 Staffing levels as a percentage of full complement 12 Health and safety risks to staff 13 Number of staff grievances in last 12 months 14 Competency of staff 15 Intentions to remain (from 2016 employee culture survey) 16 Growth requirements over next 5 years Regulatory risks 17 Compliance with legislation and policy Reputation risks 18 Image in the media and / or complaints from citizens 19 Impact of claims against the City 20 Consequences of cyber security breach Public risks 21 Public safety Physical environment risks 22 Potential for environmental damage Overall risk 23 Considers all risks above and any unique risks The survey asked divisions to rate their risk for each question on a scale of one to five, with one being low risk and five being high risk. Examples for each of the five possible ratings were included with the survey to ensure consistency of responses across divisions. 2 - 2 The answers for all 23 questions were added together to arrive at a total risk rating. Divisions were then sorted from highest to lowest total risk rating. The lowest risk rating received a score of 0, while the highest rating received a score of 60 (since risk has a 60% weighting in the model), with all others ranging in between. The information was further analyzed to determine common high risk areas within departments and within the corporation as a whole. Senior management will use this information to align strategies and resources to address common high risk areas or opportunities in a coordinated fashion in order to meet strategic and business plan objectives. Operating Budget (30%) Divisions were sorted from highest to lowest 2016 operating expense budget, excluding internal transfers or recoveries. The lowest budget received a score of 0, while the highest budget received a score of 30, with all others ranging in between. Date of last review (10%) This was calculated based on the years since the last review performed by either Internal Audit and/or the Service Coordination and Improvement managers. Score012345678910 Years<112233445566778899+Never Prioritized Service Review List The scores from the risk assessment, operating budget and date of last review (as detailed above) were added together to arrive at a total score for each division. The list was then sorted from highest to lowest score and is included in Appendix A of this report. The scores were validated with all departments to ensure consistency and accuracy. This list, along with input from Council, Department Heads, and Directors, will help to inform the creation of the 2017 integrated service review work plan. Next Steps ActionWhoWhen Share list and solicit Council priorities for AuditSept.26 work plan Committee Discuss workload, risk profiles, and priorities; Staff Early October draft integrated service review work plan Share draft work plan, risk profiles, and Council Directors Late October input; get input on divisional priorities Edit / adjust work plan as required StaffEarly November Meet with department heads for final discussion DepartmentMid November and approval of work plan heads Share work plan with Council and get their final Audit Committee Dec.12 input / approval 2 - 3 ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN: This report supports the achievement of the city’s strategic vision through the delivery of core service. FINANCIAL IMPLICATIONS: There are no financial implications related to this report. COMMUNITY ENGAGEMENT: INFORM – This report has been posted to the City’s website with the agenda in advance of the council / committee meeting. PREVIOUS CONSIDERATION OF THIS MATTER: Report FCS-16-090 presented at Audit Committee on June 27, 2016 indicated that Audit Committee will get the opportunity to review and comment on the refreshed prioritized list of services at the September 26 Audit Committee meeting. They will also then approve the annual work plan as usual at the December meeting. ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services 2 - 4 2 - 5 2 - 6 2 - 7 2 - 8 2 - 9 2 - 10 2 - 11 2 - 12