HomeMy WebLinkAboutFCS-17-008 - 2016 Year In ReviewStaff Report
rR finance and Corporate Services Department www.kitchener.ca
REPORT TO: Audit Committee
DATE OF MEETING: March 20, 2017
SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361
PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361
WARD(S) INVOLVED: ALL
DATE OF REPORT: March 13, 2017
REPORT NO.: FCS -17-008
SUBJECT: 2016 YEAR IN REVIEW — AUDIT STATUS REPORT
RECOMMENDATION:
No recommendation required. The following information is being provided as an update
and assurance on internal audit matters, in accordance with the Audit Committee Terms
of Reference.
EXECUTIVE SUMMARY:
The intent of this report is to give Audit Committee a full picture of the service review work
completed, in progress and not started in 2016. This encompasses the work of internal audit
and the service review work undertaken within each department.
This report provides a summary of the Internal Audit activities during the 2016 calendar year
compared to the Audit Committee approved work plan. The 2016 internal audit work plan was
approved by the Audit Committee on December 14, 2015 and can be referenced in report FCS -
15 -170. Detailed audit reports relating to each item have been or will be presented to Audit
Committee during past or future quarterly status updates and are thus not included here.
This report also includes a summary of the other service reviews performed within each of the
three departments as part of the Integrated Service Review Work Plan which was presented to
Audit Committee as part of the report referenced above. Staff committed to reporting back to
Audit Committee on an annual basis regarding the status of the plan.
*** This information is available in accessible formats upon request. ***
Please call 519-741-2345 or TTY 1-866-969-9994 for assistance.
1-1
REPORT:
A significant amount of internal audit and service review work was completed in 2016.
Resources in all departments were working at full capacity. Resource vacancies in the
Infrastructure Services Department were filled in 2016 and they have ramped up a service
review work plan for that department in 2017.
Internal Audit
75% or 6 of 8 2016 activities were completed as planned within the year. In addition, one review
(Revenue) is still in progress and on track to be completed in 2017 as planned. Of the two
reviews not completed as planned, one has been deferred until the related service improvement
work is complete (Hiring Transparency) and the other was delayed due to difficulty in obtaining
the data needed for the review (Stores — Tool crib). This has since been remedied and is back
on track. There were no confidential investigations in 2016.
The following chart shows the status of each of the approved 2016 work plan items.
Topic
Type of Review
Status
Service Reviews
Community Resource Centres
Comprehensive
Complete
Accounting
Comprehensive
Complete
Legislated Services
Follow-up capacity review
Complete
Welcome Centre
Value for money
Complete
Revenue
Comprehensive
In progress and on track
Controls ,kbvie s ,
Capital Account Balances
Controls
Complete
Stores — Tool Crib
Controls
In progress
Hiring Transparency
Follow-up controls audit
Deferred
Recurring Internal Audit Activity
Physical Inventory
Count verification
Complete
Ad hoc
Confidential Investigations
Investigation
Not applicable
*Note: a list of review type definitions is included in Appendix A.
061
1-2
Integrated Service Review Work Plan
The chart below provides the status of the 2016 integrated service review work plan items
assigned to the three departments for completion, excluding the items assigned to internal audit
mentioned above.
Topic.
Type of Review
Status
Resources
Comments
Operations
Risk assessment
Cancelled
INS
Sanitary Sewer
Risk assessment
Cancelled
INS
Facilities Management
Risk assessment,
Cancelled
INS
process
IT (Database
Risk assessment
Complete
FCS
See summary
Administration and
below
Development)
HR (Job Evaluation)
Process
Complete
FCS
See summary
below
HR (Human Rights)
Process, roles
Complete
FCS
See summary
below
Kitchener Utilities
Follow-up risk
Delayed
INS
On work plan for
assessment
2017
HR (Recruiting —
Process
Delayed
FCS
On work plan for
Phase 3)
2017
Summaries of the Information Technology risk assessments and the two Human Resources
reviews are included below. These did not involve Internal Audit and therefore have not been
presented through the quarterly audit status updates.
The three risk assessments in INS were cancelled due to vacancies in key resources. Based on
the new Council -approved prioritized list of services from 2016, these are no longer a priority to
complete, but may be revisited in future years.
1. Information Technology (IT) Risk Assessment
Objective: To proactively identify risks to the City's information technology environment
including potential impact and likelihood using the City's corporate risk framework, and to create
a prioritized risk register to be a tool for IT management to develop mitigation strategies to
address high risk areas. The timing of the risk assessments was aligned with staff providing
input to inform the Corporate Technology Strategic Plan refresh (Digital Kitchener Strategy) and
as such, two additional goals were identified:
1. To identify topics for cross -functional staff working groups to explore ideas and
solutions to be included in the Digital Kitchener Strategy
2. To identify priority areas that cut across IT to include in Digital Kitchener strategy
Scope: Based on the scope and different focus areas in IT, assessments were done by section
teams. The final two of seven sections were completed in 2016, having been postponed from
1-3
the previous year due to staff resources being required to support Project Everest: Development
and Database Administration.
Methodology:
• Online survey of 22 IT staff to obtain input on goals, vision of success and risks in the
following areas: Service delivery, Employee, Public, Physical Environment, Reputation,
Financial, Regulatory.
• Data analysis and creation of a draft risk register document for each section.
• Workshops with 2 IT staff teams to discuss staff's input on goals, vision of success, and
to assign ratings for the impact and likelihood of each risk, through a consensus -building
approach.
• Consolidation of section risk registers to identify key themes and input for Digital
Kitchener.
Key Findings and Recommendations:
Risks were rated and prioritized within IT sections and all input was reviewed to identify ideas
and priority areas for inclusion in the Digital Kitchener strategy framework. Staff's input was
used to help inform the four strategy themes: Connected, Innovative, On Demand, and
Inclusive.
With all IT section risk assessments complete, a combined divisional risk register was provided
to the IT management team. The register is being used as a tool to proactively identify, assess,
and assign ownership to mitigate high priority risks across the entire IT division. No further
recommendations were made from the risk assessments.
2. Human Resources (HR) Job Evaluation - Service/Process Review
Objective: To review the CUPE 791/Non-Union/Management job evaluation process and
procedures to identify challenges and propose recommendations for improvement to existing
practices. Specific goals included:
1. Review job evaluation system to ensure system is compliant with Pay Equity Act
2. Review policies and processes
3. Ensure customer experience is positive
Scope: Internal process review; review of supporting documentation; review of job evaluation
plan, tools, practices and processes.
Methodology:
• Stakeholder consultation with 66 employees - a random sample of employees who
participated in the job evaluation process in the last two years, members of the corporate
management and corporate leadership teams, and stakeholders identified by the
Director, HR who had expressed an interest in being interviewed.
• External review of job evaluation system, policies and procedures to confirm compliance
with Pay Equity Act.
• Interviews with Rating and Appeal Committee members.
• Review policies, procedures, stakeholder consultation and identification of related
challenges.
il
FSI
Key Findings and Recommendations:
Five common themes were identified by the project team based on the outcome of the
consultations and review of job evaluation processes, policies and procedures. A total of 5
major recommendations were made in the following areas:
1. Ownership of the job description writing process.
2. Development of new tools to support management and employees
3. Update documentation and provide statistics and references to help participants clearly
understand context of job evaluation plan.
4. Communication plan to improve communication throughout the job evaluation process.
5. Training in all facets of the process to be developed to help support continued
• u�TT ii�t'OTORTmi e
Recommendations are currently being communicated and reviewed with key stakeholder
groups including the Corporate Management Team, and joint union -management Job
Evaluation Maintenance Committee. Subject to final approval, the recommendations will be
implemented by HR in partnership with key stakeholders.
3. HR Human Rights - Process and Roles/Responsibilities Review
Objective: As a result of recent legislation (Bill 132: Sexual Violence and Harassment Action
Plan Act (Supporting Survivors and Challenging Sexual Violence and Harassment)), case law
and recent investigations, a comprehensive review of relevant policies, training and
processes/procedures has been undertaken.
Scope: To ensure that there is consistent organizational understanding of respect in the
workplace including: updates to relevant policies, review of investigation procedures and
processes, and updated training requirements.
Methodology:
• Review of training needs across the corporation to ensure consistent organizational
understanding of legislation, rights and responsibilities
• Review of processes and procedures
• Benchmarking of policies, processes and procedures with other municipalities
• Policy review including external legal expertise to incorporate policy standards for both
Respect in the Workplace (retitling of previous Human Rights Policy) and Violence in the
Workplace policy.
• Process mapping to clarify investigation process — identified gaps and improvements
• Presentation of updated policies to senior management/Joint Health & Safety
committees
Key Findings and Recommendations:
Updates to legislation as well as several recent investigations have advanced the need to
review and update policies, processes and procedures. A lack of staff understanding and
personal accountability have created the need for refreshed training across the organization.
Mandatory in -class training for all management staff, and mandatory online training for all staff
will be delivered later in 2017. Updated policies are currently being presented to various internal
staff committees, with final approval to be received from Council. Specific skill building around
1-5
conflict resolution and how to have conversations relating to respect in the workplace will be
given consideration for later in 2017.
CONCLUSION:
Many service improvements have been made during 2016 as a result of the work carried out
under the Integrated Service Review Work plan by Internal Audit and department staff. Work
continues to support a culture of continuous improvement and contributes to more efficient and
effective services.
ALIGNMENT WITH CITY OF KITCHENER STRATEGIC PLAN:
This report supports the achievement of the city's strategic vision through the delivery of core
service.
FINANCIAL IMPLICATIONS:
There are no financial implications related to this report.
COMMUNITY ENGAGEMENT:
INFORM — This report has been posted on the City's website with the agenda in advance of the
committee meeting.
PREVIOUS CONSIDERATION OF THIS MATTER:
Integrated service review work plan approval: FCS -15-170, December 14, 2015.
ACKNOWLEDGED BY: Dan Chapman, Deputy CAO, Finance and Corporate Services
1-6
Appendix A — Review Type Definitions
Capacity
A review of the actual transaction or work volume, the average time to
complete each transaction and the estimated required resourcing compared
to the actual resourcing.
Compliance
A test to determine if staff is following all rules, regulations and policies
associated with the service.
Comprehensive
An all-encompassing review of the division or service including things like
process and functional analysis, organization structure review, controls,
compliance, risk assessment, service delivery, customer satisfaction, value for
money, capacity, benchmarking and any other analysis required.
Controls
A review of the adequacy of control points in a process to protect assets from
fraud or theft.
Debrief
A review of the outcomes of a project or event following the completion of the
project or event, in comparison to the original goals and objectives.
Follow up
An additional review of any type, not sooner than 1 year after the original
review in order to assess the impact of the original recommendations and
proactively identify any new / emerging risks.
Impact
A review to determine all of the up -stream and down -stream touch points,
assessment
information flows and dependencies in a process.
Operational and
A comprehensive review of the strategy and operations of a unit to determine
Strategic
if the operating model is in alignment with the strategic goals.
Process
An analysis of what is done in delivering a particular service and where
effectiveness could be improved.
Risk assessment
An identification of all of the possible risks that could affect a service including
rating the probability and impact of the risk using the corporate risk matrix.
Role clarification
Clarification, documentation, and communication of roles and responsibilities
of similar roles to ensure there is no overlap in duties.
Service delivery
A review to determine the optimal method of delivering a service including
exploring options of contracting out or not delivering the service at all.
1-7
EO
■
f
-8
n� 4-J
W
a -J
N r -I
1-9
Z
w
TMIO
N
1-10
U
C6
i to
4-J to
� N
O
4A
-0 O
C6 CL
to �
WW1 WQ W1 WQ W1 WQ W1 WQ W1 WW1 �^ 0
Q W
1L 0 >� L
E E E E E E
o U U U U U U
•cn cn O U 'cn N
v �
E E ° E S
LL >,
LLU U Co U U U CL
U
cn C6
N N fa U
ateJ
U +.+ O
U•� C C:U ro
U > O Q
-0 U
— ca
m U N 4A
U Q - U oC Ln 2
Ln
I�
r1 N
(1)
C:
Q
Q
�
�
L
fa
to
�
a --J
ai
bn
E
o
.�
U
_
�
Ln
I�
r1 N
^L
W
O Co
O 0L
W
L �
p ca
_0 _0-� 4-J �
+� W W C
4� DC O E 01
V ca N Ln E
— •—
ro Ln
V cry E � � �
�
cn p _
_0_ Ln DC
Co
E aW W w W
Ln u uE
aLn co ._
o n Ln D Ln
ca cn
.Ln ca ca � W ca
._
._ •� •� u
nom_
m 0-m I I I N I I
1-12
F�
Co
L
Ell"
4
•
E
0-
0
0
•
1-13
O
Ln
a�
O
•—
O
•—
>
t
O
�
�
.�
sw0000
�
O
—
},
ca
ca
,
Ln
L
0—
MO
_0 _0
D
•—
•—
�
�
U
_0
_
•
•
F�
Co
L
Ell"
4
•
E
0-
0
0
•
1-13
i�tl
UO
W
Ln
t�
V)
to
ME
W
^�^
W
(
E
.O
W
._
Q
Jc:
cri
C
V
CSA
'IM'
O
V
c6
cn
b.0
CSA
E
E
O
O
E
.0
cn
>o
Q
._
O
• -cz
+,
ca
Fmmm�
O
a)
O
0
cin
0
-ui
un
L
Ln
(1)
O
V)
U
i�tl
1-15
1-16
c
O
}'
X
. _
OE
O
a --
U
E
}'(1)
O
0
_0
U
u
U
(1)O
_0
b.00
.O
O
O
i
},
c
U
O
O
M
M
4J
0-
0
CL
0
cnE
p
+J
U
M
O
.v
O
O
O
j,
E
cn
o
E
W
—
U
0-
-o
E
._
0
0
E
0-
O
o
0-z
:D
u
1-16
IT&J
1-17
1-18
1-19