2017 Spring Reports of the Auditor General of Canada to the Parliament of Canada Independent Audit ReportReport of the Auditor General of Canada to the Board of Trustees of the Canadian Museum of Nature—Special Examination—2017

2017 Spring Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Trustees of the Canadian Museum of Nature—Special Examination—2017

Independent Audit Report

This report reproduces the special examination report that the Office of the Auditor General of Canada issued to the Canadian Museum of Nature on 13 January 2017. The Office has not performed follow-up audit work on the matters raised in this reproduced report.

Introduction

Background

1. The Canadian Museum of Nature (the Corporation) is a federal Crown corporation established in 1990. It reports to Parliament through the Minister of Canadian Heritage. Its enabling legislation, the Museums Act, sets out the Corporation’s mandate:

to increase, throughout Canada and internationally, interest in, knowledge of and appreciation and respect for the natural world by establishing, maintaining and developing for research and posterity, a collection of natural history objects, with special but not exclusive reference to Canada, and by demonstrating the natural world, the knowledge derived from it and the understanding it represents.

2. Among other things, the Act empowers the Corporation to

3. In the 2015–16 fiscal year, the Corporation had about 135 full-time equivalent employees, organized in five divisions: Research and Collections; Experience and Engagement; Corporate Services; Marketing and Media Relations; and Advancement.

4. The Corporation seeks to position itself as

5. The Corporation’s research and collections focus on four areas: plants (botany), animals (zoology, both vertebrate and invertebrate), minerals (mineralogy), and fossils (paleobiology). As of 31 December 2015, the Corporation estimated that its collections consisted of over 10 million specimens, or 3.2 million lots (Exhibit 1).

Exhibit 1—The Corporation’s collections (number of specimens)

Botany This photo shows a flowering plant

The Corporation’s botany collection contains 1,384,152 specimens.

Vertebrate This photo shows a skeleton of a mule deer

The Corporation’s vertebrate collection contains 1,256,551 specimens.

Invertebrate This photo shows a jar of Arctic sea stars

The Corporation’s invertebrate collection contains 7,363,693 specimens.

Mineralogy This photo shows clear mineral crystals

The Corporation’s mineralogy collection contains 175,000 specimens.

Palaeobiology This photo shows a horned dinosaur skull

The Corporation’s palaeobiology collection contains 83,565 specimens.

Source: Canadian Museum of Nature

6. The Corporation’s exhibits and galleries, public and educational programs, and publications (also known as “public offer” activities) are intended to demonstrate the natural world. In addition, since the Corporation’s mandate has both Canada-wide and international components, public offer includes outreach activities, such as loans of specimens, website content, and travelling exhibitions.

7. The Corporation is responsible for two facilities:

8. The Corporation’s primary source of funding is the federal government. In recent years, the Corporation increased its revenues and decreased its expenses (Exhibit 2).

Exhibit 2—The Corporation’s financial results, 2013–14 to 2015–16

Fiscal year Revenues
($ millions)
Government funding
($ millions)
Expenses
($ millions)
2015–16 9.0 31.0 39.0
2014–15 9.0 33.4 40.8
2013–14 6.9 34.8 40.7

Source: Canadian Museum of Nature annual reports

Focus of the audit

9. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canadian Museum of Nature were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

10. Based on our assessment of risks, we selected systems and practices in the following areas:

The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.

11. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.

Findings, Recommendations, and Responses

Corporate management practices

The Corporation had good corporate management practices, but improvements were needed in governance, risk reporting, and the implementation of its policy on information technology security

Overall message

12. Overall, we found that the Corporation had good management practices in place for strategic and operational planning and for performance measurement and reporting, but that improvements were needed in some areas. We found that the Board of Trustees did not fully perform its compliance monitoring role. We also found weaknesses related to filling positions on the Board of Trustees, which were beyond the control of the Corporation; and in the Corporation’s risk reporting and information technology (IT) security.

13. These findings matter because the Corporation relies on sound management practices to operate efficiently and effectively. Complete and timely information supports decision making by the Corporation’s Board of Trustees. It is in the Corporation’s interests to have in place sound practices, notably on risks and IT. Continuity in the Board membership maintains corporate memory and supports effective oversight.

14. Our analysis supporting these findings discusses the following topics:

15. The Corporation has a Board of Trustees (the Board) with up to 11 members. The Board is supported by an Audit and Finance Committee, and a Governance and Nominating Committee.

16. Strategic and operational planning and risk management are essential for the Corporation in setting its long- and short-term objectives for advancing and sharing knowledge and for promoting public appreciation of natural science, while adhering to the administrative requirements for public-sector organizations. Performance measurement and reporting enable the Corporation to demonstrate the extent to which it achieves its objectives and fulfills its mandate.

17. Information technology facilitates day-to-day operations in support of corporate programs and objectives, in areas such as IT security and service delivery.

18. Our recommendations in this area of examination appear at paragraphs 22, 25, 29, and 33.

19. Corporate governance. Roles and responsibilities of the Board were defined; appropriate and timely information was provided to the Board for oversight and decision making; and Board performance evaluations were performed. However, we found weaknesses related to Board compliance monitoring and Board renewal (Exhibit 3).

Exhibit 3—Corporate governance—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Board structure

The Board and its committees clearly defined and implemented their roles, responsibilities, authorities and accountabilities.

Roles and responsibilities, authorities and accountabilities for the Board and its committees were clearly defined.

The Board structure reflected the nature and complexity of the Corporation’s business and responsibilities.

Check  mark in a green circle, meaning met the criteria

Board oversight and decision making

The Board received timely information necessary to oversee and monitor the Corporation’s activities, results, and management of risk, and for decision making to achieve corporate objectives.

The Board received appropriate and timely information for oversight and decision making.

See, however, the weakness under risk reporting in Exhibit 4.

Check  mark in a green circle, meaning met the criteria

Compliance monitoring

The Board monitored the Corporation’s compliance with laws, regulations, and key corporate policies, as well as with its code of conduct and ethical requirements.

The Board received information on litigation matters. It also approved some corporate policies and the Corporation’s code of values and ethics.

Weakness

The Board did not receive all information needed for compliance monitoring.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Board performance evaluations

The Board assessed its performance as well as the performance of its committees and its members.

The Board assessed its performance annually. Trustees received a summary of the assessment results.

Check  mark in a green circle, meaning met the criteria

Board renewal

The Board communicated its needs for the selection of directors in a proactive and clear manner.

The Corporation had in place processes to proactively identify and communicate Board needs and upcoming vacancies, and to propose potential candidates to the minister responsible.

Weakness

Despite the processes in place for the Board to communicate its needs, Board renewal efforts had not been successful.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

20. Weakness—Compliance monitoring. Management did not provide the Board with all information needed for compliance monitoring:

21. This weakness matters because the Board is responsible for ensuring that the Corporation fulfills its mandate and manages its activities properly. In the absence of more complete information, the Board could not fully perform its monitoring role.

22. Recommendation. To enhance the monitoring of the Board of Trustees, the Corporation should establish a process for ensuring that the Board periodically receives the necessary information on the Corporation’s compliance with laws and regulations, key corporate policies, and its code of values and ethics.

The Corporation’s response. Agreed. The Corporation will ensure the Board receives information periodically on the Corporation’s compliance with laws and regulations, and will ensure documentation properly reflects the ongoing assurance provided to the Board on the compliance with key corporate policies, and its codes of values and ethics. This is expected to be in place by the end of the 2016–17 fiscal year.

Governor in Council—The Governor General, acting on the advice of Cabinet, as the formal executive body that gives legal effect to those decisions of Cabinet that are to have the force of law.

23. Weakness—Board renewal. Board renewal efforts had not been successful. As of the end of April 2016, the terms of six trustees had expired, although they continued in office as provided by the Museums Act while awaiting reappointment or the appointment of successors. In addition, another Board position was vacant. This meant that appointments were pending for 7 of 11 Board positions. The situation occurred even though the Corporation had proactively communicated Board needs and upcoming vacancies, and had proposed potential candidates, to the Minister of Canadian Heritage. It is the role of the Minister to appoint trustees, with the approval of the Governor in Council.

24. This weakness matters because if many incumbent trustees were replaced within a single year, continuity would likely be affected, thus putting at risk the Board’s ability to exercise effective oversight.

25. Recommendation. The Corporation should continue to engage with the Minister of Canadian Heritage on the need for sufficient and timely appointments to the Board of Trustees, continue to provide the Minister with profiles of potential candidates, and reinforce the need for staggered terms of office.

The Corporation’s response. Agreed. Management and the Board will continue to work with the Minister of Canadian Heritage, in a manner that is consistent with the new process established by the government for Governor-in-Council appointments.

26. Strategic and operational planning, risk management, and performance measurement and reporting. We found that the Corporation had good systems and practices in strategic and operational planning and in performance measurement and reporting. However, we found a weakness in risk reporting (Exhibit 4).

Exhibit 4—Strategic and operational planning, risk management, and performance measurement and reporting—key findings and assessment

Strategic and operational planning

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Strategic direction setting

Strategic direction was clearly defined and communicated and was congruent with government priorities and the Corporation’s mandate.

Strategic direction was clearly defined as part of the 2014–15 to 2018–19 Strategic Plan and aligned with the Corporation’s mandate.

The plan’s four outcomes provided the basis for the strategic objectives in the annual Corporate Plan. The Corporation subsequently added one outcome, with an associated strategic objective.

Check  mark in a green circle, meaning met the criteria

Strategic planning process

Strategic planning process took into consideration the internal and external environment, organizational strengths and weaknesses, and identified risks.

The strategic planning process followed for the preparation of the Corporate Plan covering fiscal years 2015–16 to 2019–20 considered internal and external environments, strengths and weaknesses, and identified risks.

Check  mark in a green circle, meaning met the criteria

Operational planning process

Operational plans were aligned with the strategic direction, contained sufficient and appropriate information to guide management action, and were well communicated throughout the organization.

The divisional business plans for 2015–16 were aligned with the Corporate Plan. They contained appropriate information to guide management action, and were well communicated throughout the organization.

Check  mark in a green circle, meaning met the criteria

Risk management

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Risk identification and assessment

The Corporation identified and assessed the potential risks that need to be managed to achieve its strategic and operational objectives.

Through its Corporate Plan and divisional business plans, the Corporation identified corporate and operational risks.

Check  mark in a green circle, meaning met the criteria

Risk mitigation

The Corporation defined and implemented responses to the risks it faces.

The Corporation identified mitigation strategies in its Corporate Plan and divisional business plans, and implemented them.

Check  mark in a green circle, meaning met the criteria

Risk reporting

There was appropriate information on risks provided to senior management and to the Board for decision making and to allow them to manage/monitor risks and update risk mitigation strategies.

Weakness

Senior management and the Board received limited information on the implementation of risk mitigation strategies.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Performance measurement and reporting

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Performance information measurement and reporting framework

The Corporation collected performance indicator data that measured its success in achieving its operational targets as set out in annual corporate plans.

The Corporation established annual performance measures and targets for each corporate objective.

It collected data to report results in the Annual Report.

Check  mark in a green circle, meaning met the criteria

Annual reports communicated key performance information to the management, the Board and the public.

The Annual Report contained performance information covering all strategic objectives.

Performance was compared with targets and was tracked over time.

Check  mark in a green circle, meaning met the criteria

Management used performance information to identify and address performance shortcomings.

The Corporation measured performance against set targets quarterly and identified performance shortcomings.

Check  mark in a green circle, meaning met the criteria

27. Weakness—Risk reporting. The Corporation identified corporate risks, with related mitigation strategies. However, there was limited evidence that those strategies were reported on regularly to senior management and the Board, or that action was taken as needed. For example, to mitigate the risk that information technology might not be available to support organizational objectives, the Corporation reported that it would implement an IT plan. Senior management and the Board received information about IT-related opportunities and challenges. They did not receive information about the implementation of an IT plan.

28. This weakness matters because reporting on mitigation strategies assists management in making decisions about the implementation of such strategies. Also, as part of its stated roles and responsibilities, the Board was responsible for approving and monitoring risk management strategies.

29. Recommendation. The Corporation should ensure that information on the implementation of risk mitigation strategies is provided regularly to senior management and the Board of Trustees.

The Corporation’s response. Agreed. Through the operations update provided at each Board meeting, management will associate each risk with the activities reported and will discuss with the Board the status of risk mitigation strategies, starting in the 2016–17 fiscal year.

30. Information technology. We found weaknesses in the Corporation’s management practices for information technology security. However, we found good systems and practices in IT service delivery (Exhibit 5).

Exhibit 5—Information technology—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

IT security

IT security policies and practices ensured information systems were monitored, available, and usable when required.

The Corporation had an IT security policy that defined its approach for protecting and securing its IT assets and electronic information.

An IT Disaster Recovery Plan was developed, documenting the process and responsibilities for the recovery of the Corporation’s identified critical IT systems. This was aligned with the corporate Business Continuity Plan.

The Corporation’s IT Threat and Risk Assessment identified several risks. During our examination period, the Corporation was working to address the resulting recommendations.

Weaknesses

The Corporation had not put in place some elements required by its IT security policy.

The Corporation had not tested either its IT Disaster Recovery Plan or its draft Business Continuity Plan.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

IT service delivery

IT activities provided quality customer service and operations while ensuring effective management of outsourced IT services.

The Corporation had in place a contract with an external supplier to manage its IT services.

The agreement with the external supplier identified indicators to measure the level of service provided. Monthly service reports enabled the Corporation to determine whether the agreed service levels were met.

Check  mark in a green circle, meaning met the criteria

31. Weaknesses—IT security. The Corporation had not put in place some elements required by its IT security policy. The missing elements included an IT security awareness program, periodic updates to the IT Threat and Risk assessment, vulnerability assessments, and testing of the IT Disaster Recovery Plan. In addition, the Corporation had not tested its draft Business Continuity Plan, which provided the framework for dealing with unplanned interruptions.

32. These weaknesses matter because the Corporation has a responsibility to ensure that its assets and data are secure and protected in accordance with its policies and industry good practices. The lack of security practices and safeguards weakened organizational security and had the potential to make the Corporation more vulnerable to security threats.

33. Recommendation. The Corporation should ensure that its IT security policy requirements are met. It should also test its Business Continuity Plan, as well as the critical information technology applications identified as part of the IT Disaster Recovery Plan.

The Corporation’s response. Agreed. The Corporation will ensure that its IT security policy requirements are met, including testing of its Business Continuity Plan and IT Disaster Recovery Plan. This work is under way and is expected to be completed by the end of the 2017–18 fiscal year.

Operations management practices

The Corporation managed its operations well, but improvements were needed in collections and in project management practices

Overall message

34. Overall, we found that the Corporation had in place good systems and practices for managing its operations. However, we found that the Corporation had not set priorities for reducing the backlogs in identifying and digitizing its collections. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan, and had not fully documented its preservation practices and activities. In the planning of public offer activities, the Corporation had not entirely adhered to its project management process. In addition, there were weaknesses in project management practices followed for the replacement of the admission and collections management systems.

35. These findings matter because the Corporation’s collections have significant scientific value. They therefore need to be conserved and managed in perpetuity, and to be accessible. Good management of public offer activities is important to ensure that the Corporation succeeds in achieving its mandate of increasing knowledge of the natural world, and appreciation and respect for it. Systems used for collections management and admission are important for providing access for researchers and services to visitors.

36. Our analysis supporting these findings discusses the following topics:

37. To fulfill its mandate, the Corporation undertakes research, maintains collections, and organizes public offer activities.

38. For the 2015–16 fiscal year, the Corporation incurred $6.8 million in operating expenses for research and collections, or about 18 percent of the total operating expenses for the year. The Corporation incurred $9.5 million in operating expenses for public offer activities, or about 24 percent of the total operating expenses for the year.

39. In 2015–16, the Corporation had 23 multi-year research projects under way. These drew upon working relationships with external collaborators. Donations, acquisitions, and research field trips added to the collections. The Corporation loaned specimens to research and educational institutions.

40. The Corporation had a project management process that applied to public offer activities. The process covered all steps from project initiation to project completion. In 2015–16, the Corporation was developing an Arctic Gallery and enhancing three of its exhibition galleries. It presented 10 temporary exhibitions. It also offered an educational program for schools and hosted a number of events. The Corporation had over 60 new loan agreements in that year and about 30 contracts for travelling exhibitions.

41. In 2015–16, two projects were undertaken to replace the Corporation’s admission and collections management systems.

42. Our recommendations in this area of examination appear at paragraphs 46, 49, 53, and 58.

43. Research and collections. We found that the Corporation had good systems and practices for managing its research and collections. However, we found weaknesses in management practices for making collections accessible and preserving them (Exhibit 6).

Exhibit 6—Research and collections—key findings and assessment

Research

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Research projects plans (including priority setting and selection of research activities)

Research advisory committee

Research partnerships

Collections-based research projects were planned and prioritized by the Corporation.

The Corporation had a well-developed research planning process in place.

Research proposals reviewed by the Corporation’s internal Research Advisory Committee included sufficient information to guide researchers.

Check  mark in a green circle, meaning met the criteria

Research projects monitoring and reporting (including internal and external reviews of scientific activities)

Research advisory committee

Collections-based research projects were executed, monitored, and reported on by the Corporation.

Research projects were monitored and information on them was reported regularly to senior management.

Publications on research projects were externally peer-reviewed.

Check  mark in a green circle, meaning met the criteria

Collections

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Collections development plan (including gap analyses and priority setting)

A collection of natural history objects for research and posterity was established and developed by the Corporation.

The Corporation had a policy and framework to guide the creation of collection development plans.

The plans identified gaps and priorities, as well as acquisition needs. They were sufficiently detailed to guide actions and were aligned with strategic objectives.

Check  mark in a green circle, meaning met the criteria

Collections development monitoring and reporting

A collection of natural history objects for research and posterity was monitored and reported on by the Corporation.

The Corporation monitored its collections through quarterly reviews of activities undertaken. Information from the reviews was reported regularly to senior management.

Progress on collections development was documented as part of the collection development plans prepared every five years.

Check  mark in a green circle, meaning met the criteria

Collections accessibility (including collections management system and loans management)

A collection of natural history objects for research and posterity was made accessible by the Corporation.

The Corporation made its collections accessible, including through exhibits and its website.

The Corporation had achieved its target for the 2015–16 fiscal year for digitization of specimens in its collections.

Processes were in place for managing loans.

Weakness

The Corporation did not establish a plan, including priorities and achievable milestones, for identification and digitization of specimens in its collections.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Collections preservation management practices and Preservation Committee

A collection of natural history objects for research and posterity was preserved by the Corporation.

The Corporation had performed a risk assessment of its collections. This provided a basis for determining conservation priorities.

Pest management practices were documented and in place.

Weaknesses

The Corporation did not have a conservation plan. It also did not document some of its preservation practices and activities.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

44. Weakness—Collections accessibility. The Corporation had backlogs in the identification and digitization of specimens in its collections. As of 31 December 2015, the Corporation estimated that an average of 14 percent of specimen lots in its collections required identification. The Corporation also estimated that about 75 percent of its collection lots had not been digitized through its collections management system. (Concerning the replacement of the system, see Exhibit 8.) While the annual target for digitization had been achieved, the Corporation did not establish a plan, with set priorities, for reducing the backlogs in identification and digitization.

45. This weakness matters because specimens that have not been identified or digitized are of limited use. As stated by the Corporation, the full scientific value of unidentified specimens cannot be realized. In addition, digitization, which allows Web-based access to specimen data, requires a long-term effort.

46. Recommendation. To reduce backlogs, the Corporation should develop a plan that would establish priorities, with achievable milestones for identification and digitization of specimens in its collections.

The Corporation’s response. Agreed. The Corporation will enhance its current approach and develop a practicable and cost-effective plan establishing priorities, with achievable milestones, for identification and digitization of specimens in its collections. The review of the approach is expected to be completed by the end of the 2017–18 fiscal year and it will be reflected in the operational plan for the 2018–19 fiscal year.

47. Weaknesses—Collections preservation management practices. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan in place, and it had not fully documented its preservation practices and activities. It thus was not following its Collections Conservation Policy, which called for a long-range conservation plan, thorough documentation of conservation activities, and formulation and implementation of operational policies, procedures, and specifications related to conservation.

48. These weaknesses matter because, without formal plans and proper documentation, the Corporation is dependent on the knowledge of individual staff members to ensure that conservation needs are being met. The Corporation has noted that a significant number of employees are eligible for retirement, particularly in the Research and Collections division, and their likely departure raises the risk of loss of corporate memory. A formally documented conservation plan and preservation practices would lessen that risk and better safeguard the Corporation’s collections.

49. Recommendation. The Corporation should develop a plan that would set priorities for addressing conservation needs for its collections, and regularly monitor progress toward implementing the plan. It should also ensure that preservation practices and activities are documented in accordance with its Collections Conservation Policy.

The Corporation’s response. Agreed. The Corporation will review its Collections Conservation Policy to ensure it is still appropriate for its needs, and will ensure that the policy is followed. It will also enhance its conservation planning for its collections. The Corporation expects to update its policy and prepare a plan by the end of the 2017–18 fiscal year.

50. Public offer activities. We found that the Corporation had good systems and practices for executing, evaluating, and reporting on public offer activities. However, we found weaknesses in the project management process (Exhibit 7).

Exhibit 7—Public offer activities—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Planning process

Collaborations with partners

Public Program Planning Committee

Content development

Public offer activities aiming to increase, throughout Canada and internationally, interest in, knowledge of, appreciation and respect for the natural world, were planned by the Corporation.

Planning and content development for public offer activities were included in the project management process. Potential collaborations with partners were considered. The Corporation’s internal Public Program Planning Committee was involved throughout the planning process.

Weaknesses

The project management process was not entirely followed for the planning of public offer activities we examined. Planning and other procedures were incomplete for travelling exhibitions and there was no established process in place for Web content.

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Execution

Public offer activities aiming to increase, throughout Canada and internationally, interest in, knowledge of, appreciation and respect for the natural world, were executed by the Corporation.

At each of its meetings, the Public Program Planning Committee received updates about ongoing public offer activities, including information about project status.

The public offer activities that we examined were executed as planned.

Check  mark in a green circle, meaning met the criteria

Evaluations

Public offer activities aiming to increase, throughout Canada and internationally, interest in, knowledge of, appreciation and respect for the natural world, were evaluated by the Corporation.

At the end of each public offer activity, an internal evaluation was conducted for inclusion in a final project report approved by the Public Program Planning Committee.

External evaluations were also conducted.

Check  mark in a green circle, meaning met the criteria

Reporting

Public offer activities aiming to increase, throughout Canada and internationally, interest in, knowledge of, appreciation and respect for the natural world, were reported on by the Corporation.

Reports were provided to senior management periodically on public offer activities.

Check  mark in a green circle, meaning met the criteria

51. Weaknesses—Planning process and content development. The Corporation had gaps in its management of public offer activities:

52. These weaknesses matter because an important part of the Corporation’s mandate is to demonstrate the natural world. Public offer activities help to achieve this. The Corporation relies on having proper processes in place to ensure that such activities are well managed.

53. Recommendation. The Corporation should review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content, to ensure that they are complete, still appropriate to the Corporation’s needs, and followed.

The Corporation’s response. Agreed. Management will review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content to ensure they are complete, still appropriate for the Corporation’s needs and followed. Management expects this to be completed by the end of the 2017–18 fiscal year.

54. Replacement of the admission and collections management systems. We found weaknesses in project management practices followed for the replacement of the admission and collections management systems (Exhibit 8).

Exhibit 8—Replacement of the admission and collections management systems—key findings and assessment

Systems and practices Criteria used Key findings Assessment against the criteria

Legend—Assessment against the criteria

Check  mark in a green circle, meaning met the criteria

Met the criteria

Exclamation point in a yellow circle, meaning met the criteria, with improvement needed

Met the criteria, with improvement needed

Minus sign in a red circle, meaning did not meet the criteria

Did not meet the criteria

Project management practices

Project management practices provided a framework to identify, monitor, and report on IT projects while ensuring the realization of expected benefits.

Weaknesses

The Corporation had insufficient project management practices to guide the replacement of two systems. Despite this, the Corporation was able to manage admissions and its collections.

Minus sign in a red circle, meaning did not meet the criteria

55. Weaknesses—Project management practices. The Corporation had insufficient project management practices in place to guide two projects undertaken in the 2015–16 fiscal year to replace its admission and collections management systems. The replacements were important as they involved upgrades, but the Corporation was still able to fulfill its mandate despite these weaknesses.

56. The insufficient project management practices resulted in undefined timelines, increased estimated costs, lack of documentation, and limited information for senior management:

57. These weaknesses matter because sound project management practices would help to ensure that replacement of the admission and collections management systems is completed on a timely basis and within set budgets to achieve the expected benefits.

58. Recommendation. The Corporation should put in place formal project management practices for the replacement of systems supporting its operations, including the preparation and approval of a business case, the establishment of project timelines, monitoring of costs, and periodic reporting to senior management.

The Corporation’s response. Agreed. The Corporation will review its current project management approach, including requirements for project documentation and periodic reporting to senior management. In doing so, management will ensure that its practices are cost-effective and appropriate for the nature, complexity, risk, and cost of the projects. This is expected to be completed by end of the 2017–18 fiscal year.

Conclusion

59. In our opinion, based on the criteria established, there were no significant deficiencies in the Canadian Museum of Nature’s systems and practices that we examined for corporate management and operations management. We concluded that the Corporation has maintained these systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.

About the Audit

This independent assurance report was prepared by the Office of the Auditor General of Canada on the Canadian Museum of Nature. Our responsibility was to express

Under section 131 of the Financial Administration Act (FAA), the Canadian Museum of Nature is required to maintain financial and management control and information systems and management practices that provide reasonable assurance that

In addition, section 138 of the FAA requires the Corporation to have a special examination of these systems and practices carried out at least once every 10 years.

All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard for Assurance Engagements (CSAE) 3001—Direct Engagements set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.

The Office applies Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.

In conducting the audit work, we have complied with the independence and other ethical requirements of the Rules of Professional Conduct of Chartered Professional Accountants of Ontario and the Code of Values, Ethics and Professional Conduct of the Office of the Auditor General of Canada. Both the Rules of Professional Conduct and the Code are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.

In accordance with our regular audit process, we obtained the following from management:

Audit objective

The objective of this audit was to determine whether the systems and practices we selected for examination at the Canadian Museum of Nature were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

Scope and approach

Our audit work examined the Canadian Museum of Nature. The scope of the special examination was based on our assessment of the risks the Corporation faces that could affect its ability to meet the requirements set out by the Financial Administration Act.

As part of our examination, we selected and tested samples from a targeted population of items, such as stated roles and responsibilities of the Board of Trustees and its committees, risk mitigation strategies, performance measures, research projects, and public offer activities, to determine whether systems and practices were in place and functioning as intended. Sampling was used to determine whether selected attributes or characteristics of the populations tested were correctly specified and could be relied upon.

In performing our work, we also interviewed trustees, senior management, and other employees of the Corporation. We observed some meetings of the Board of Trustees and its committees during the examination period.

The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.

In carrying out the special examination, we did not rely on any internal audits.

Sources of criteria

The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.

Corporate governance

OECD Guidelines on Corporate Governance of State-Owned Enterprises, Organisation for Economic Co-operation and Development, 2015

Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014

Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013

20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007

Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005

Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Treasury Board Secretariat, 1996

Strategic and operational planning, risk management, and performance measurement and reporting

Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015

Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013

20 Questions Directors Should Ask about Strategy, third edition, Canadian Institute of Chartered Accountants, 2012

20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007

20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006

Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005

Information technology

COBIT 5 Framework—APO09 (Manage Service Agreements), APO10 (Manage Suppliers), APO13 (Manage Security), DSS01 (Manage Operations), DSS04 (Manage Continuity), and DSS05 (Manage Security Services), ISACA

Research and collections

Museums Act

Summary of the Corporate Plan for the 2014–2015 to 2018–2019 Planning Period, Canadian Museum of Nature

Public offer activities

Museums Act

Summary of the Corporate Plan for the 2014–2015 to 2018–2019 Planning Period, Canadian Museum of Nature

Replacement of the admission and collections management systems

COBIT 5 Framework—APO05 (Manage Portfolio), BAI01 (Manage Programmes and Projects), and EDM02 (Ensure Benefits Delivery), ISACA

Period covered by the audit

The special examination covered the period between 1 July 2015 and 30 April 2016. This is the period to which the audit conclusion applies. However, to gain a more complete understanding of the significant systems and practices, we also examined certain matters that preceded the starting date of the special examination.

Date of the report

We obtained sufficient and appropriate audit evidence on which to base our conclusion on 5 January 2017, in Ottawa, Ontario.

Audit team

Principal: Étienne Matte
Director: Nathalie Chartrand

Chantal Desrochers
Caroline Dulude
Marc-André Gervais
Yin-Mei Kwok
William Xu

List of Recommendations

The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.

Corporate management practices

Recommendation Response

22. To enhance the monitoring of the Board of Trustees, the Corporation should establish a process for ensuring that the Board periodically receives the necessary information on the Corporation’s compliance with laws and regulations, key corporate policies, and its code of values and ethics. (19–21)

The Corporation’s response. Agreed. The Corporation will ensure the Board receives information periodically on the Corporation’s compliance with laws and regulations, and will ensure documentation properly reflects the ongoing assurance provided to the Board on the compliance with key corporate policies, and its codes of values and ethics. This is expected to be in place by the end of the 2016–17 fiscal year.

25. The Corporation should continue to engage with the Minister of Canadian Heritage on the need for sufficient and timely appointments to the Board of Trustees, continue to provide the Minister with profiles of potential candidates, and reinforce the need for staggered terms of office. (19, 23–24)

The Corporation’s response. Agreed. Management and the Board will continue to work with the Minister of Canadian Heritage, in a manner that is consistent with the new process established by the government for Governor-in-Council appointments.

29. The Corporation should ensure that information on the implementation of risk mitigation strategies is provided regularly to senior management and the Board of Trustees. (26–28)

The Corporation’s response. Agreed. Through the operations update provided at each Board meeting, management will associate each risk with the activities reported and will discuss with the Board the status of risk mitigation strategies, starting in the 2016–17 fiscal year.

33. The Corporation should ensure that its IT security policy requirements are met. It should also test its Business Continuity Plan, as well as the critical information technology applications identified as part of the IT Disaster Recovery Plan. (30–32)

The Corporation’s response. Agreed. The Corporation will ensure that its IT security policy requirements are met, including testing of its Business Continuity Plan and IT Disaster Recovery Plan. This work is under way and is expected to be completed by the end of the 2017–18 fiscal year.

Operations management practices

Recommendation Response

46. To reduce backlogs, the Corporation should develop a plan that would establish priorities, with achievable milestones for identification and digitization of specimens in its collections. (43–45)

The Corporation’s response. Agreed. The Corporation will enhance its current approach and develop a practicable and cost-effective plan establishing priorities, with achievable milestones, for identification and digitization of specimens in its collections. The review of the approach is expected to be completed by the end of the 2017–18 fiscal year and it will be reflected in the operational plan for the 2018–19 fiscal year.

49. The Corporation should develop a plan that would set priorities for addressing conservation needs for its collections, and regularly monitor progress toward implementing the plan. It should also ensure that preservation practices and activities are documented in accordance with its Collections Conservation Policy. (43, 47–48)

The Corporation’s response. Agreed. The Corporation will review its Collections Conservation Policy to ensure it is still appropriate for its needs, and will ensure that the policy is followed. It will also enhance its conservation planning for its collections. The Corporation expects to update its policy and prepare a plan by the end of the 2017–18 fiscal year.

53. The Corporation should review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content, to ensure that they are complete, still appropriate to the Corporation’s needs, and followed. (50–52)

The Corporation’s response. Agreed. Management will review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content to ensure they are complete, still appropriate for the Corporation’s needs and followed. Management expects this to be completed by the end of the 2017–18 fiscal year.

58. The Corporation should put in place formal project management practices for the replacement of systems supporting its operations, including the preparation and approval of a business case, the establishment of project timelines, monitoring of costs, and periodic reporting to senior management. (54–57)

The Corporation’s response. Agreed. The Corporation will review its current project management approach, including requirements for project documentation and periodic reporting to senior management. In doing so, management will ensure that its practices are cost-effective and appropriate for the nature, complexity, risk, and cost of the projects. This is expected to be completed by end of the 2017–18 fiscal year.