2017 Spring Reports of the Auditor General of Canada to the Parliament of Canada Independent Audit ReportReport of the Auditor General of Canada to the Board of Trustees of the Canadian Museum of Nature—Special Examination—2017
2017 Spring Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Trustees of the Canadian Museum of Nature—Special Examination—2017
Independent Audit Report
Table of Contents
- Introduction
- Findings, Recommendations, and Responses
- Conclusion
- About the Audit
- List of Recommendations
- Exhibits:
- 1—The Corporation’s collections (number of specimens)
- 2—The Corporation’s financial results, 2013–14 to 2015–16
- 3—Corporate governance—key findings and assessment
- 4—Strategic and operational planning, risk management, and performance measurement and reporting—key findings and assessment
- 5—Information technology—key findings and assessment
- 6—Research and collections—key findings and assessment
- 7—Public offer activities—key findings and assessment
- 8—Replacement of the admission and collections management systems—key findings and assessment
This report reproduces the special examination report that the Office of the Auditor General of Canada issued to the Canadian Museum of Nature on 13 January 2017. The Office has not performed follow-up audit work on the matters raised in this reproduced report.
Introduction
Background
1. The Canadian Museum of Nature (the Corporation) is a federal Crown corporation established in 1990. It reports to Parliament through the Minister of Canadian Heritage. Its enabling legislation, the Museums Act, sets out the Corporation’s mandate:
to increase, throughout Canada and internationally, interest in, knowledge of and appreciation and respect for the natural world by establishing, maintaining and developing for research and posterity, a collection of natural history objects, with special but not exclusive reference to Canada, and by demonstrating the natural world, the knowledge derived from it and the understanding it represents.
2. Among other things, the Act empowers the Corporation to
- collect natural history objects and other museum material;
- maintain its collection by preservation, conservation, and restoration, and the establishment of records and documentation;
- undertake and sponsor any research in the natural sciences, and communicate the results of that research;
- create and foster, through programs, functions and facilities, active public involvement and interest in the Canadian Museum of Nature, both at the community level and throughout Canada;
- organize, sponsor, arrange for, and participate in travelling exhibitions; and
- charge for goods, services, and admission, and use the revenue obtained therefrom for its own purposes.
3. In the 2015–16 fiscal year, the Corporation had about 135 full-time equivalent employees, organized in five divisions: Research and Collections; Experience and Engagement; Corporate Services; Marketing and Media Relations; and Advancement.
4. The Corporation seeks to position itself as
- a global museum leader in Arctic knowledge and exploration;
- a national leader and global influencer in advancing and sharing knowledge about species discovery and change;
- a national leader in nature inspiration experiences on- and off-site;
- a global museum leader in natural heritage collections storage, study, preservation, digitization, and dissemination; and
- a national leader in sustainable museum enterprise operations within an international best practice context.
5. The Corporation’s research and collections focus on four areas: plants (botany), animals (zoology, both vertebrate and invertebrate), minerals (mineralogy), and fossils (paleobiology). As of 31 December 2015, the Corporation estimated that its collections consisted of over 10 million specimens, or 3.2 million lots (Exhibit 1).
Exhibit 1—The Corporation’s collections (number of specimens)
Botany
The Corporation’s botany collection contains 1,384,152 specimens.
Vertebrate
The Corporation’s vertebrate collection contains 1,256,551 specimens.
Invertebrate
The Corporation’s invertebrate collection contains 7,363,693 specimens.
Mineralogy
The Corporation’s mineralogy collection contains 175,000 specimens.
Palaeobiology
The Corporation’s palaeobiology collection contains 83,565 specimens.
Source: Canadian Museum of Nature
6. The Corporation’s exhibits and galleries, public and educational programs, and publications (also known as “public offer” activities) are intended to demonstrate the natural world. In addition, since the Corporation’s mandate has both Canada-wide and international components, public offer includes outreach activities, such as loans of specimens, website content, and travelling exhibitions.
7. The Corporation is responsible for two facilities:
- The Victoria Memorial Museum Building in Ottawa, Ontario, houses permanent galleries and special temporary exhibitions. This is where the Corporation delivers public offer activities.
- The Natural Heritage Campus in Gatineau, Quebec, is the Corporation’s collections storage and research centre.
8. The Corporation’s primary source of funding is the federal government. In recent years, the Corporation increased its revenues and decreased its expenses (Exhibit 2).
Exhibit 2—The Corporation’s financial results, 2013–14 to 2015–16
Fiscal year | Revenues ($ millions) |
Government funding ($ millions) |
Expenses ($ millions) |
---|---|---|---|
2015–16 | 9.0 | 31.0 | 39.0 |
2014–15 | 9.0 | 33.4 | 40.8 |
2013–14 | 6.9 | 34.8 | 40.7 |
Source: Canadian Museum of Nature annual reports
Focus of the audit
9. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canadian Museum of Nature were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.
10. Based on our assessment of risks, we selected systems and practices in the following areas:
- corporate management practices, and
- operations management practices.
The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.
11. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.
Findings, Recommendations, and Responses
Corporate management practices
The Corporation had good corporate management practices, but improvements were needed in governance, risk reporting, and the implementation of its policy on information technology security
Overall message
12. Overall, we found that the Corporation had good management practices in place for strategic and operational planning and for performance measurement and reporting, but that improvements were needed in some areas. We found that the Board of Trustees did not fully perform its compliance monitoring role. We also found weaknesses related to filling positions on the Board of Trustees, which were beyond the control of the Corporation; and in the Corporation’s risk reporting and information technology (IT) security.
13. These findings matter because the Corporation relies on sound management practices to operate efficiently and effectively. Complete and timely information supports decision making by the Corporation’s Board of Trustees. It is in the Corporation’s interests to have in place sound practices, notably on risks and IT. Continuity in the Board membership maintains corporate memory and supports effective oversight.
14. Our analysis supporting these findings discusses the following topics:
- corporate governance;
- strategic and operational planning, risk management, and performance measurement and reporting; and
- information technology.
15. The Corporation has a Board of Trustees (the Board) with up to 11 members. The Board is supported by an Audit and Finance Committee, and a Governance and Nominating Committee.
16. Strategic and operational planning and risk management are essential for the Corporation in setting its long- and short-term objectives for advancing and sharing knowledge and for promoting public appreciation of natural science, while adhering to the administrative requirements for public-sector organizations. Performance measurement and reporting enable the Corporation to demonstrate the extent to which it achieves its objectives and fulfills its mandate.
17. Information technology facilitates day-to-day operations in support of corporate programs and objectives, in areas such as IT security and service delivery.
18. Our recommendations in this area of examination appear at paragraphs 22, 25, 29, and 33.
19. Corporate governance. Roles and responsibilities of the Board were defined; appropriate and timely information was provided to the Board for oversight and decision making; and Board performance evaluations were performed. However, we found weaknesses related to Board compliance monitoring and Board renewal (Exhibit 3).
Exhibit 3—Corporate governance—key findings and assessment
Systems and practices | Criteria used | Key findings | Assessment against the criteria |
---|---|---|---|
Legend—Assessment against the criteria Met the criteria Met the criteria, with improvement needed Did not meet the criteria |
|||
Board structure |
The Board and its committees clearly defined and implemented their roles, responsibilities, authorities and accountabilities. |
Roles and responsibilities, authorities and accountabilities for the Board and its committees were clearly defined. The Board structure reflected the nature and complexity of the Corporation’s business and responsibilities. |
|
Board oversight and decision making |
The Board received timely information necessary to oversee and monitor the Corporation’s activities, results, and management of risk, and for decision making to achieve corporate objectives. |
The Board received appropriate and timely information for oversight and decision making. See, however, the weakness under risk reporting in Exhibit 4. |
|
Compliance monitoring |
The Board monitored the Corporation’s compliance with laws, regulations, and key corporate policies, as well as with its code of conduct and ethical requirements. |
The Board received information on litigation matters. It also approved some corporate policies and the Corporation’s code of values and ethics. Weakness The Board did not receive all information needed for compliance monitoring. |
|
Board performance evaluations |
The Board assessed its performance as well as the performance of its committees and its members. |
The Board assessed its performance annually. Trustees received a summary of the assessment results. |
|
Board renewal |
The Board communicated its needs for the selection of directors in a proactive and clear manner. |
The Corporation had in place processes to proactively identify and communicate Board needs and upcoming vacancies, and to propose potential candidates to the minister responsible. Weakness Despite the processes in place for the Board to communicate its needs, Board renewal efforts had not been successful. |
20. Weakness—Compliance monitoring. Management did not provide the Board with all information needed for compliance monitoring:
- Laws and regulations. The Board did not receive confirmation that the Corporation had complied with regulatory requirements. It also did not receive information about whether management had identified instances of non-compliance and, if so, whether the necessary corrective actions had been taken.
- Key corporate policies. The Board approved key policies, such as on hospitality, environmental stewardship, and protecting employees who report wrongdoing. However, it did not receive sufficient information to ensure that the Corporation had complied with the policies.
- Code of values and ethics. The Board did not receive confirmation that employees, management, and trustees had provided all annual declarations required of them to confirm their adherence to the code and to acknowledge their responsibility for declaring actual or potential conflicts of interest. The Board also did not receive information on whether the Corporation had noted deviations from the code and, if so, what measures it had taken to address them.
21. This weakness matters because the Board is responsible for ensuring that the Corporation fulfills its mandate and manages its activities properly. In the absence of more complete information, the Board could not fully perform its monitoring role.
22. Recommendation. To enhance the monitoring of the Board of Trustees, the Corporation should establish a process for ensuring that the Board periodically receives the necessary information on the Corporation’s compliance with laws and regulations, key corporate policies, and its code of values and ethics.
The Corporation’s response. Agreed. The Corporation will ensure the Board receives information periodically on the Corporation’s compliance with laws and regulations, and will ensure documentation properly reflects the ongoing assurance provided to the Board on the compliance with key corporate policies, and its codes of values and ethics. This is expected to be in place by the end of the 2016–17 fiscal year.
Governor in Council—The Governor General, acting on the advice of Cabinet, as the formal executive body that gives legal effect to those decisions of Cabinet that are to have the force of law.
23. Weakness—Board renewal. Board renewal efforts had not been successful. As of the end of April 2016, the terms of six trustees had expired, although they continued in office as provided by the Museums Act while awaiting reappointment or the appointment of successors. In addition, another Board position was vacant. This meant that appointments were pending for 7 of 11 Board positions. The situation occurred even though the Corporation had proactively communicated Board needs and upcoming vacancies, and had proposed potential candidates, to the Minister of Canadian Heritage. It is the role of the Minister to appoint trustees, with the approval of the Governor in Council.
24. This weakness matters because if many incumbent trustees were replaced within a single year, continuity would likely be affected, thus putting at risk the Board’s ability to exercise effective oversight.
25. Recommendation. The Corporation should continue to engage with the Minister of Canadian Heritage on the need for sufficient and timely appointments to the Board of Trustees, continue to provide the Minister with profiles of potential candidates, and reinforce the need for staggered terms of office.
The Corporation’s response. Agreed. Management and the Board will continue to work with the Minister of Canadian Heritage, in a manner that is consistent with the new process established by the government for Governor-in-Council appointments.
26. Strategic and operational planning, risk management, and performance measurement and reporting. We found that the Corporation had good systems and practices in strategic and operational planning and in performance measurement and reporting. However, we found a weakness in risk reporting (Exhibit 4).
Exhibit 4—Strategic and operational planning, risk management, and performance measurement and reporting—key findings and assessment
Strategic and operational planning
Risk management
Performance measurement and reporting
27. Weakness—Risk reporting. The Corporation identified corporate risks, with related mitigation strategies. However, there was limited evidence that those strategies were reported on regularly to senior management and the Board, or that action was taken as needed. For example, to mitigate the risk that information technology might not be available to support organizational objectives, the Corporation reported that it would implement an IT plan. Senior management and the Board received information about IT-related opportunities and challenges. They did not receive information about the implementation of an IT plan.
28. This weakness matters because reporting on mitigation strategies assists management in making decisions about the implementation of such strategies. Also, as part of its stated roles and responsibilities, the Board was responsible for approving and monitoring risk management strategies.
29. Recommendation. The Corporation should ensure that information on the implementation of risk mitigation strategies is provided regularly to senior management and the Board of Trustees.
The Corporation’s response. Agreed. Through the operations update provided at each Board meeting, management will associate each risk with the activities reported and will discuss with the Board the status of risk mitigation strategies, starting in the 2016–17 fiscal year.
30. Information technology. We found weaknesses in the Corporation’s management practices for information technology security. However, we found good systems and practices in IT service delivery (Exhibit 5).
Exhibit 5—Information technology—key findings and assessment
31. Weaknesses—IT security. The Corporation had not put in place some elements required by its IT security policy. The missing elements included an IT security awareness program, periodic updates to the IT Threat and Risk assessment, vulnerability assessments, and testing of the IT Disaster Recovery Plan. In addition, the Corporation had not tested its draft Business Continuity Plan, which provided the framework for dealing with unplanned interruptions.
32. These weaknesses matter because the Corporation has a responsibility to ensure that its assets and data are secure and protected in accordance with its policies and industry good practices. The lack of security practices and safeguards weakened organizational security and had the potential to make the Corporation more vulnerable to security threats.
33. Recommendation. The Corporation should ensure that its IT security policy requirements are met. It should also test its Business Continuity Plan, as well as the critical information technology applications identified as part of the IT Disaster Recovery Plan.
The Corporation’s response. Agreed. The Corporation will ensure that its IT security policy requirements are met, including testing of its Business Continuity Plan and IT Disaster Recovery Plan. This work is under way and is expected to be completed by the end of the 2017–18 fiscal year.
Operations management practices
The Corporation managed its operations well, but improvements were needed in collections and in project management practices
Overall message
34. Overall, we found that the Corporation had in place good systems and practices for managing its operations. However, we found that the Corporation had not set priorities for reducing the backlogs in identifying and digitizing its collections. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan, and had not fully documented its preservation practices and activities. In the planning of public offer activities, the Corporation had not entirely adhered to its project management process. In addition, there were weaknesses in project management practices followed for the replacement of the admission and collections management systems.
35. These findings matter because the Corporation’s collections have significant scientific value. They therefore need to be conserved and managed in perpetuity, and to be accessible. Good management of public offer activities is important to ensure that the Corporation succeeds in achieving its mandate of increasing knowledge of the natural world, and appreciation and respect for it. Systems used for collections management and admission are important for providing access for researchers and services to visitors.
36. Our analysis supporting these findings discusses the following topics:
- research and collections;
- public offer activities; and
- replacement of the admission and collections management systems.
37. To fulfill its mandate, the Corporation undertakes research, maintains collections, and organizes public offer activities.
38. For the 2015–16 fiscal year, the Corporation incurred $6.8 million in operating expenses for research and collections, or about 18 percent of the total operating expenses for the year. The Corporation incurred $9.5 million in operating expenses for public offer activities, or about 24 percent of the total operating expenses for the year.
39. In 2015–16, the Corporation had 23 multi-year research projects under way. These drew upon working relationships with external collaborators. Donations, acquisitions, and research field trips added to the collections. The Corporation loaned specimens to research and educational institutions.
40. The Corporation had a project management process that applied to public offer activities. The process covered all steps from project initiation to project completion. In 2015–16, the Corporation was developing an Arctic Gallery and enhancing three of its exhibition galleries. It presented 10 temporary exhibitions. It also offered an educational program for schools and hosted a number of events. The Corporation had over 60 new loan agreements in that year and about 30 contracts for travelling exhibitions.
41. In 2015–16, two projects were undertaken to replace the Corporation’s admission and collections management systems.
42. Our recommendations in this area of examination appear at paragraphs 46, 49, 53, and 58.
43. Research and collections. We found that the Corporation had good systems and practices for managing its research and collections. However, we found weaknesses in management practices for making collections accessible and preserving them (Exhibit 6).
Exhibit 6—Research and collections—key findings and assessment
Research
Collections
44. Weakness—Collections accessibility. The Corporation had backlogs in the identification and digitization of specimens in its collections. As of 31 December 2015, the Corporation estimated that an average of 14 percent of specimen lots in its collections required identification. The Corporation also estimated that about 75 percent of its collection lots had not been digitized through its collections management system. (Concerning the replacement of the system, see Exhibit 8.) While the annual target for digitization had been achieved, the Corporation did not establish a plan, with set priorities, for reducing the backlogs in identification and digitization.
45. This weakness matters because specimens that have not been identified or digitized are of limited use. As stated by the Corporation, the full scientific value of unidentified specimens cannot be realized. In addition, digitization, which allows Web-based access to specimen data, requires a long-term effort.
46. Recommendation. To reduce backlogs, the Corporation should develop a plan that would establish priorities, with achievable milestones for identification and digitization of specimens in its collections.
The Corporation’s response. Agreed. The Corporation will enhance its current approach and develop a practicable and cost-effective plan establishing priorities, with achievable milestones, for identification and digitization of specimens in its collections. The review of the approach is expected to be completed by the end of the 2017–18 fiscal year and it will be reflected in the operational plan for the 2018–19 fiscal year.
47. Weaknesses—Collections preservation management practices. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan in place, and it had not fully documented its preservation practices and activities. It thus was not following its Collections Conservation Policy, which called for a long-range conservation plan, thorough documentation of conservation activities, and formulation and implementation of operational policies, procedures, and specifications related to conservation.
48. These weaknesses matter because, without formal plans and proper documentation, the Corporation is dependent on the knowledge of individual staff members to ensure that conservation needs are being met. The Corporation has noted that a significant number of employees are eligible for retirement, particularly in the Research and Collections division, and their likely departure raises the risk of loss of corporate memory. A formally documented conservation plan and preservation practices would lessen that risk and better safeguard the Corporation’s collections.
49. Recommendation. The Corporation should develop a plan that would set priorities for addressing conservation needs for its collections, and regularly monitor progress toward implementing the plan. It should also ensure that preservation practices and activities are documented in accordance with its Collections Conservation Policy.
The Corporation’s response. Agreed. The Corporation will review its Collections Conservation Policy to ensure it is still appropriate for its needs, and will ensure that the policy is followed. It will also enhance its conservation planning for its collections. The Corporation expects to update its policy and prepare a plan by the end of the 2017–18 fiscal year.
50. Public offer activities. We found that the Corporation had good systems and practices for executing, evaluating, and reporting on public offer activities. However, we found weaknesses in the project management process (Exhibit 7).
Exhibit 7—Public offer activities—key findings and assessment
51. Weaknesses—Planning process and content development. The Corporation had gaps in its management of public offer activities:
- It did not follow some of the steps in its project management process for the planning of public offer activities, including documentation and formal approvals.
- Procedures for travelling exhibitions had not been finalized and did not cover the entire process, including guidelines for when an exhibition should be returned for maintenance and repair, review of contracts before signature, and completion of required forms by borrowing museums.
- It did not have a documented process for developing and approving Web content, with defined roles and responsibilities.
52. These weaknesses matter because an important part of the Corporation’s mandate is to demonstrate the natural world. Public offer activities help to achieve this. The Corporation relies on having proper processes in place to ensure that such activities are well managed.
53. Recommendation. The Corporation should review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content, to ensure that they are complete, still appropriate to the Corporation’s needs, and followed.
The Corporation’s response. Agreed. Management will review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content to ensure they are complete, still appropriate for the Corporation’s needs and followed. Management expects this to be completed by the end of the 2017–18 fiscal year.
54. Replacement of the admission and collections management systems. We found weaknesses in project management practices followed for the replacement of the admission and collections management systems (Exhibit 8).
Exhibit 8—Replacement of the admission and collections management systems—key findings and assessment
55. Weaknesses—Project management practices. The Corporation had insufficient project management practices in place to guide two projects undertaken in the 2015–16 fiscal year to replace its admission and collections management systems. The replacements were important as they involved upgrades, but the Corporation was still able to fulfill its mandate despite these weaknesses.
56. The insufficient project management practices resulted in undefined timelines, increased estimated costs, lack of documentation, and limited information for senior management:
- Although the Corporation became aware of the need to replace its admission system in 2014, a new system was not in place when technical and development support for the existing system was discontinued in June 2015. From that date, the Corporation no longer could sell admission tickets online except for some events, using an interim solution. In March 2016, the Corporation issued a request for proposals for a new system. As of April 2016, it was in the process of selecting a vendor. A draft business case had been developed, estimating the project cost at $350,000, but no evidence was provided to demonstrate that it had been approved. Timelines had not been defined and records were not available to demonstrate that senior management had been periodically informed about the progress and status of this project.
- In 2014, the Corporation identified a need to replace its collections management system with a new system having enhanced capabilities. The project started in November 2014. No business case was prepared for the project. A project summary prepared in January 2015 included brief information on the scope, milestones, and estimated costs. However, the summary lacked information on the rationale for the system replacement and its expected benefits, an options analysis, key accountabilities, information technology infrastructure costs, and defined timelines for the four phases of the project. Limited records were available to demonstrate that senior management periodically received information about the project status. The project cost, originally estimated at about $300,000, rose to about $450,000 by the end of our examination period.
57. These weaknesses matter because sound project management practices would help to ensure that replacement of the admission and collections management systems is completed on a timely basis and within set budgets to achieve the expected benefits.
58. Recommendation. The Corporation should put in place formal project management practices for the replacement of systems supporting its operations, including the preparation and approval of a business case, the establishment of project timelines, monitoring of costs, and periodic reporting to senior management.
The Corporation’s response. Agreed. The Corporation will review its current project management approach, including requirements for project documentation and periodic reporting to senior management. In doing so, management will ensure that its practices are cost-effective and appropriate for the nature, complexity, risk, and cost of the projects. This is expected to be completed by end of the 2017–18 fiscal year.
Conclusion
59. In our opinion, based on the criteria established, there were no significant deficiencies in the Canadian Museum of Nature’s systems and practices that we examined for corporate management and operations management. We concluded that the Corporation has maintained these systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.
About the Audit
This independent assurance report was prepared by the Office of the Auditor General of Canada on the Canadian Museum of Nature. Our responsibility was to express
- an opinion on whether there is reasonable assurance that during the period covered by the audit, there were no significant deficiencies in the Corporation’s systems and practices that we selected for examination; and
- a conclusion about whether the Corporation complied in all significant respects with the applicable criteria.
Under section 131 of the Financial Administration Act (FAA), the Canadian Museum of Nature is required to maintain financial and management control and information systems and management practices that provide reasonable assurance that
- its assets are safeguarded and controlled;
- its financial, human, and physical resources are managed economically and efficiently; and
- its operations are carried out effectively.
In addition, section 138 of the FAA requires the Corporation to have a special examination of these systems and practices carried out at least once every 10 years.
All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard for Assurance Engagements (CSAE) 3001—Direct Engagements set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.
The Office applies Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.
In conducting the audit work, we have complied with the independence and other ethical requirements of the Rules of Professional Conduct of Chartered Professional Accountants of Ontario and the Code of Values, Ethics and Professional Conduct of the Office of the Auditor General of Canada. Both the Rules of Professional Conduct and the Code are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.
In accordance with our regular audit process, we obtained the following from management:
- confirmation of management’s responsibility for the subject under audit;
- acknowledgement of the suitability of the criteria used in the audit;
- confirmation that all known information that has been requested, or that could affect the findings or audit conclusion, has been provided; and
- confirmation that the findings in this report are factually based.
Audit objective
The objective of this audit was to determine whether the systems and practices we selected for examination at the Canadian Museum of Nature were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.
Scope and approach
Our audit work examined the Canadian Museum of Nature. The scope of the special examination was based on our assessment of the risks the Corporation faces that could affect its ability to meet the requirements set out by the Financial Administration Act.
As part of our examination, we selected and tested samples from a targeted population of items, such as stated roles and responsibilities of the Board of Trustees and its committees, risk mitigation strategies, performance measures, research projects, and public offer activities, to determine whether systems and practices were in place and functioning as intended. Sampling was used to determine whether selected attributes or characteristics of the populations tested were correctly specified and could be relied upon.
In performing our work, we also interviewed trustees, senior management, and other employees of the Corporation. We observed some meetings of the Board of Trustees and its committees during the examination period.
The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.
In carrying out the special examination, we did not rely on any internal audits.
Sources of criteria
The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.
Corporate governance
OECD Guidelines on Corporate Governance of State-Owned Enterprises, Organisation for Economic Co-operation and Development, 2015
Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014
Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013
20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007
Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005
Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Treasury Board Secretariat, 1996
Strategic and operational planning, risk management, and performance measurement and reporting
Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015
Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013
20 Questions Directors Should Ask about Strategy, third edition, Canadian Institute of Chartered Accountants, 2012
20 Questions Directors Should Ask about Crown Corporation Governance, Canadian Institute of Chartered Accountants, 2007
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005
Information technology
COBIT 5 Framework—APO09 (Manage Service Agreements), APO10 (Manage Suppliers), APO13 (Manage Security), DSS01 (Manage Operations), DSS04 (Manage Continuity), and DSS05 (Manage Security Services), ISACA
Research and collections
Summary of the Corporate Plan for the 2014–2015 to 2018–2019 Planning Period, Canadian Museum of Nature
Public offer activities
Summary of the Corporate Plan for the 2014–2015 to 2018–2019 Planning Period, Canadian Museum of Nature
Replacement of the admission and collections management systems
COBIT 5 Framework—APO05 (Manage Portfolio), BAI01 (Manage Programmes and Projects), and EDM02 (Ensure Benefits Delivery), ISACA
Period covered by the audit
The special examination covered the period between 1 July 2015 and 30 April 2016. This is the period to which the audit conclusion applies. However, to gain a more complete understanding of the significant systems and practices, we also examined certain matters that preceded the starting date of the special examination.
Date of the report
We obtained sufficient and appropriate audit evidence on which to base our conclusion on 5 January 2017, in Ottawa, Ontario.
Audit team
Principal: Étienne Matte
Director: Nathalie Chartrand
Chantal Desrochers
Caroline Dulude
Marc-André Gervais
Yin-Mei Kwok
William Xu
List of Recommendations
The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.
Corporate management practices
Recommendation | Response |
---|---|
22. To enhance the monitoring of the Board of Trustees, the Corporation should establish a process for ensuring that the Board periodically receives the necessary information on the Corporation’s compliance with laws and regulations, key corporate policies, and its code of values and ethics. (19–21) |
The Corporation’s response. Agreed. The Corporation will ensure the Board receives information periodically on the Corporation’s compliance with laws and regulations, and will ensure documentation properly reflects the ongoing assurance provided to the Board on the compliance with key corporate policies, and its codes of values and ethics. This is expected to be in place by the end of the 2016–17 fiscal year. |
25. The Corporation should continue to engage with the Minister of Canadian Heritage on the need for sufficient and timely appointments to the Board of Trustees, continue to provide the Minister with profiles of potential candidates, and reinforce the need for staggered terms of office. (19, 23–24) |
The Corporation’s response. Agreed. Management and the Board will continue to work with the Minister of Canadian Heritage, in a manner that is consistent with the new process established by the government for Governor-in-Council appointments. |
29. The Corporation should ensure that information on the implementation of risk mitigation strategies is provided regularly to senior management and the Board of Trustees. (26–28) |
The Corporation’s response. Agreed. Through the operations update provided at each Board meeting, management will associate each risk with the activities reported and will discuss with the Board the status of risk mitigation strategies, starting in the 2016–17 fiscal year. |
33. The Corporation should ensure that its IT security policy requirements are met. It should also test its Business Continuity Plan, as well as the critical information technology applications identified as part of the IT Disaster Recovery Plan. (30–32) |
The Corporation’s response. Agreed. The Corporation will ensure that its IT security policy requirements are met, including testing of its Business Continuity Plan and IT Disaster Recovery Plan. This work is under way and is expected to be completed by the end of the 2017–18 fiscal year. |
Operations management practices
Recommendation | Response |
---|---|
46. To reduce backlogs, the Corporation should develop a plan that would establish priorities, with achievable milestones for identification and digitization of specimens in its collections. (43–45) |
The Corporation’s response. Agreed. The Corporation will enhance its current approach and develop a practicable and cost-effective plan establishing priorities, with achievable milestones, for identification and digitization of specimens in its collections. The review of the approach is expected to be completed by the end of the 2017–18 fiscal year and it will be reflected in the operational plan for the 2018–19 fiscal year. |
49. The Corporation should develop a plan that would set priorities for addressing conservation needs for its collections, and regularly monitor progress toward implementing the plan. It should also ensure that preservation practices and activities are documented in accordance with its Collections Conservation Policy. (43, 47–48) |
The Corporation’s response. Agreed. The Corporation will review its Collections Conservation Policy to ensure it is still appropriate for its needs, and will ensure that the policy is followed. It will also enhance its conservation planning for its collections. The Corporation expects to update its policy and prepare a plan by the end of the 2017–18 fiscal year. |
53. The Corporation should review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content, to ensure that they are complete, still appropriate to the Corporation’s needs, and followed. (50–52) |
The Corporation’s response. Agreed. Management will review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content to ensure they are complete, still appropriate for the Corporation’s needs and followed. Management expects this to be completed by the end of the 2017–18 fiscal year. |
58. The Corporation should put in place formal project management practices for the replacement of systems supporting its operations, including the preparation and approval of a business case, the establishment of project timelines, monitoring of costs, and periodic reporting to senior management. (54–57) |
The Corporation’s response. Agreed. The Corporation will review its current project management approach, including requirements for project documentation and periodic reporting to senior management. In doing so, management will ensure that its practices are cost-effective and appropriate for the nature, complexity, risk, and cost of the projects. This is expected to be completed by end of the 2017–18 fiscal year. |