Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Published byBarbra Maxwell Modified over 7 years ago

Similar presentations

Presentation on theme: "Shared Services and Third Party Assurance: Panel May 19, 2016."— Presentation transcript:

1 Shared Services and Third Party Assurance: Panel May 19, 2016

2 Department to department service provision – Examples: Shared Services Canada, Financial Management System shared clusters and Pay Centre; External service provider. Purpose of the presentation: To present an overview of the shared service (service provider) assurance activities being applied on to the following: 2

3 Definition – Service provider Sourcing arrangements linked to a range of mechanisms in which the Government use organizational partnerships:  between departments, or  outside the public sector, to improve performance in conducting operations or delivering programs services to citizens and businesses. 3

4 Enterprise Approach Benefits Achieved Cost and Effort Optimizing Departmentally Optimize to Government as a Whole Diminishing Returns 4

5 In the Private Sector… Service organization is providing services to one or more user entities. User entity may identify need for assurance over an activity that relies on the controls at a service organization. Specifically: Assurance over whether controls exist and are suitably designed to meet objectives Assurance over whether controls are operating effectively throughout the specified period Under the standards for reporting on controls at a service organization, Canadian Standard on Assurance Engagements (CSAE) 3416, the service auditor obtains assurance: whether the controls at the service organization were suitably designed throughout a specified period (type 1 report); whether the controls at the service organization were suitably designed and were operating effectively throughout a specified period (type 2 report). CSAE 3416 allows service auditors to rely on relevant internal audit work carried out by service organization’s internal audit function. 5

6 In the Federal Government… Areas of consideration:  Internal control over financial reporting  Financial system  Service provision for procurement, HR, Internal Audit  Shared Services Canada  Ministerial accountability 6

7 Service Provider –example ICFR reporting The department relies on other organizations for the processing of certain transactions that are recorded in its financial statements, including: Department A for common administrative services and support to the programs; Public Services and Procurement Canada (PSPC), for centrally administering the payment of salaries and providing accommodations and cheque-issuing services; Department of Justice for legal services; Treasury Board Secretariat for information to calculate various employee benefit amounts; and, Medicare inc. for providing claims administration for the Interim Federal Health Program (IFHP). The department will need to continue working with these organizations to determine how they can assist with our departmental PIC objectives. 7

8 Levels of departmental internal controls System of ICFR System of ICFM System of IC DM as accounting officer Broad system of internal control CFO System of internal control over financial management ADMs System of internal control in their area of responsibility Policy requirements focus on ICFR 8

9 Assessment of Key Controls Assessment Design effectiveness: – key controls documented – in place as designed – aligned with risks Operational effectivenesss: – key controls functioning over time Entity level (tone from the top) General IT level 3 levels of controls Risk-based approach Start with annual financial statements - Identify key accounts - key risks and materiality Business process level 9

10 Consider: Key control objectives following the COSO 2013 framework. Key control objectives from the Control Objectives for Information and Related Technology (COBIT) 5 framework developed by the Institute of Information Systems Audit and Control Association (ISACA). Specific element for Privacy and Security. Control Framework 10

11  Set enterprise governance to establish clear, coherent GoC direction and ensure tight coordination.  Set operational governance for common and shared services  Establish an enterprise portfolio management office to support governance, oversight, plan investments, track savings, etc. Get Governance in Place Getting Started: Service Provider Common procedure and practice changes across GoC  Identify performance indicators.  Identify reporting requirements and information standards.  Develop common business processes for key services  If external, begin new procurement approaches. 11

12 Roles and responsibilities (some examples) Deputy Heads (DH) –As accounting officer, the DH is responsible for measures taken to maintain effective systems of Ics and sign the Statement of Management of Responsibility Chief Financial Officers (CFOs) –Lead departmental role for financial management (incl. a key source of expertise) –Lead and coordinate the planning and execution of the assessments and sign the Statement of Management of Responsibility Senior Departmental Managers –Responsible for maintaining effective systems of ICs in the programs for which they are responsible –Contribute to the assessment of key risks and controls in their area of responsibility Chief Audit Executives (CAE) –Lead departmental role for internal audit (incl. a key source of expertise) –Assessment results can inform future internal audit plans –Internal audit findings can be leveraged to support the assessment Chief Information Officers (CIO) –Lead departmental role for IT infrastructure and system applications (incl. a key source of expertise) –Contribute to assessments of IT systems and application controls Departmental Audit Committees (Where applicable) –Provide objective advice and recommendations to Deputy Heads –Timing and scope of engagement to be determined by the Deputy Head 12

13 Options… At the highest level, to be able to rely on service organizations a user entity could:  Obtain assurance through 3 rd party auditor directly performing audits to gather sufficient and appropriate evidence over the appropriate design and effectiveness of service organization controls;  Directly perform internal or external audits in service organizations;  Rely on internal audit work carried out at service organizations;  Request management attestation. 13

14 Conclusion:  Who approve the scope of the assurance product?  What authority does a user entity have over conducting assurance activities at a service organization (e.g. access to people and records)?  Service level agreement or Memorandum of Understanding?  What would be included in the agreement? (e.g. services being provided, relevant controls at service organization, complementary controls, access rights, etc.)  Who should conduct these engagements?  How should findings be communicated and to whom?  Service organization have a Quality Assurance and Improvement Program?  What avenues of recourse are possible and appropriate? 14

Download ppt "Shared Services and Third Party Assurance: Panel May 19, 2016."

Similar presentations

Debt Management Strategy: Governance and Transparency

Debt Management Strategy: Governance and Transparency
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Office of the Auditor General of Canada CANADA’S ADOPTION OF INTERNATIONAL STANDARDS ON AUDITING 20 FACTS PREPARERS of FINANCIAL STATEMENTS SHOULD KNOW.

Office of the Auditor General of Canada CANADA’S ADOPTION OF INTERNATIONAL STANDARDS ON AUDITING 20 FACTS PREPARERS of FINANCIAL STATEMENTS SHOULD KNOW.
Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept. 2014.

Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept
Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  805 15 th.

Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  th.
Areti Moularas, Senior Manager

Areti Moularas, Senior Manager
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
IS Audit Function Knowledge

IS Audit Function Knowledge
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Moving from money well accounted for to money well spent UK Information Technology Summit May 2005 Helen McDonald A/Chief Information Officer Treasury.

Moving from money well accounted for to money well spent UK Information Technology Summit May 2005 Helen McDonald A/Chief Information Officer Treasury.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Purpose of the Standards

Purpose of the Standards
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.

Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Similar presentations

Ads by Google