Introduction

Background

1. The Canadian Museum of Nature (the Corporation) is a federal Crown corporation established in 1990. It reports to Parliament through the Minister of Canadian Heritage. Its enabling legislation, the Museums Act, sets out the Corporation’s mandate:

to increase, throughout Canada and internationally, interest in, knowledge of and appreciation and respect for the natural world by establishing, maintaining and developing for research and posterity, a collection of natural history objects, with special but not exclusive reference to Canada, and by demonstrating the natural world, the knowledge derived from it and the understanding it represents.

2. Among other things, the Act empowers the Corporation to

• collect natural history objects and other museum material;
• maintain its collection by preservation, conservation, and restoration, and the establishment of records and documentation;
• undertake and sponsor any research in the natural sciences, and communicate the results of that research;
• create and foster, through programs, functions and facilities, active public involvement and interest in the Canadian Museum of Nature, both at the community level and throughout Canada;
• organize, sponsor, arrange for, and participate in travelling exhibitions; and
• charge for goods, services, and admission, and use the revenue obtained therefrom for its own purposes.

3. In the 2015–16 fiscal year, the Corporation had about 135 full-time equivalent employees, organized in five divisions: Research and Collections; Experience and Engagement; Corporate Services; Marketing and Media Relations; and Advancement.

4. The Corporation seeks to position itself as

• a global museum leader in Arctic knowledge and exploration;
• a national leader and global influencer in advancing and sharing knowledge about species discovery and change;
• a national leader in nature inspiration experiences on- and off-site;
• a global museum leader in natural heritage collections storage, study, preservation, digitization, and dissemination; and
• a national leader in sustainable museum enterprise operations within an international best practice context.

5. The Corporation’s research and collections focus on four areas: plants (botany), animals (zoology, both vertebrate and invertebrate), minerals (mineralogy), and fossils (paleobiology). As of 31 December 2015, the Corporation estimated that its collections consisted of over 10 million specimens, or 3.2 million lots (Exhibit 1).

6. The Corporation’s exhibits and galleries, public and educational programs, and publications (also known as “public offer” activities) are intended to demonstrate the natural world. In addition, since the Corporation’s mandate has both Canada-wide and international components, public offer includes outreach activities, such as loans of specimens, website content, and travelling exhibitions.

7. The Corporation is responsible for two facilities:

• The Victoria Memorial Museum Building in Ottawa, Ontario, houses permanent galleries and special temporary exhibitions. This is where the Corporation delivers public offer activities.
• The Natural Heritage Campus in Gatineau, Quebec, is the Corporation’s collections storage and research centre.

8. The Corporation’s primary source of funding is the federal government. In recent years, the Corporation increased its revenues and decreased its expenses (Exhibit 2).

Focus of the audit

9. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canadian Museum of Nature were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.

10. Based on our assessment of risks, we selected systems and practices in the following areas:

• corporate management practices, and
• operations management practices.

The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.

11. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.

Findings, Recommendations, and Responses

Corporate management practices

The Corporation had good corporate management practices, but improvements were needed in governance, risk reporting, and the implementation of its policy on information technology security

Overall message

12. Overall, we found that the Corporation had good management practices in place for strategic and operational planning and for performance measurement and reporting, but that improvements were needed in some areas. We found that the Board of Trustees did not fully perform its compliance monitoring role. We also found weaknesses related to filling positions on the Board of Trustees, which were beyond the control of the Corporation; and in the Corporation’s risk reporting and information technology (IT) security.

13. These findings matter because the Corporation relies on sound management practices to operate efficiently and effectively. Complete and timely information supports decision making by the Corporation’s Board of Trustees. It is in the Corporation’s interests to have in place sound practices, notably on risks and IT. Continuity in the Board membership maintains corporate memory and supports effective oversight.

14. Our analysis supporting these findings discusses the following topics:

• corporate governance;
• strategic and operational planning, risk management, and performance measurement and reporting; and
• information technology.

15. The Corporation has a Board of Trustees (the Board) with up to 11 members. The Board is supported by an Audit and Finance Committee, and a Governance and Nominating Committee.

16. Strategic and operational planning and risk management are essential for the Corporation in setting its long- and short-term objectives for advancing and sharing knowledge and for promoting public appreciation of natural science, while adhering to the administrative requirements for public-sector organizations. Performance measurement and reporting enable the Corporation to demonstrate the extent to which it achieves its objectives and fulfills its mandate.

17. Information technology facilitates day-to-day operations in support of corporate programs and objectives, in areas such as IT security and service delivery.

18. Our recommendations in this area of examination appear at paragraphs 22, 25, 29, and 33.

19. Corporate governance. Roles and responsibilities of the Board were defined; appropriate and timely information was provided to the Board for oversight and decision making; and Board performance evaluations were performed. However, we found weaknesses related to Board compliance monitoring and Board renewal (Exhibit 3).

20. Weakness—Compliance monitoring. Management did not provide the Board with all information needed for compliance monitoring:

• Laws and regulations. The Board did not receive confirmation that the Corporation had complied with regulatory requirements. It also did not receive information about whether management had identified instances of non-compliance and, if so, whether the necessary corrective actions had been taken.
• Key corporate policies. The Board approved key policies, such as on hospitality, environmental stewardship, and protecting employees who report wrongdoing. However, it did not receive sufficient information to ensure that the Corporation had complied with the policies.
• Code of values and ethics. The Board did not receive confirmation that employees, management, and trustees had provided all annual declarations required of them to confirm their adherence to the code and to acknowledge their responsibility for declaring actual or potential conflicts of interest. The Board also did not receive information on whether the Corporation had noted deviations from the code and, if so, what measures it had taken to address them.

21. This weakness matters because the Board is responsible for ensuring that the Corporation fulfills its mandate and manages its activities properly. In the absence of more complete information, the Board could not fully perform its monitoring role.

22. Recommendation. To enhance the monitoring of the Board of Trustees, the Corporation should establish a process for ensuring that the Board periodically receives the necessary information on the Corporation’s compliance with laws and regulations, key corporate policies, and its code of values and ethics.

The Corporation’s response. Agreed. The Corporation will ensure the Board receives information periodically on the Corporation’s compliance with laws and regulations, and will ensure documentation properly reflects the ongoing assurance provided to the Board on the compliance with key corporate policies, and its codes of values and ethics. This is expected to be in place by the end of the 2016–17 fiscal year.

23. Weakness—Board renewal. Board renewal efforts had not been successful. As of the end of April 2016, the terms of six trustees had expired, although they continued in office as provided by the Museums Act while awaiting reappointment or the appointment of successors. In addition, another Board position was vacant. This meant that appointments were pending for 7 of 11 Board positions. The situation occurred even though the Corporation had proactively communicated Board needs and upcoming vacancies, and had proposed potential candidates, to the Minister of Canadian Heritage. It is the role of the Minister to appoint trustees, with the approval of the Governor in Council.

24. This weakness matters because if many incumbent trustees were replaced within a single year, continuity would likely be affected, thus putting at risk the Board’s ability to exercise effective oversight.

25. Recommendation. The Corporation should continue to engage with the Minister of Canadian Heritage on the need for sufficient and timely appointments to the Board of Trustees, continue to provide the Minister with profiles of potential candidates, and reinforce the need for staggered terms of office.

The Corporation’s response. Agreed. Management and the Board will continue to work with the Minister of Canadian Heritage, in a manner that is consistent with the new process established by the government for Governor-in-Council appointments.

26. Strategic and operational planning, risk management, and performance measurement and reporting. We found that the Corporation had good systems and practices in strategic and operational planning and in performance measurement and reporting. However, we found a weakness in risk reporting (Exhibit 4).

27. Weakness—Risk reporting. The Corporation identified corporate risks, with related mitigation strategies. However, there was limited evidence that those strategies were reported on regularly to senior management and the Board, or that action was taken as needed. For example, to mitigate the risk that information technology might not be available to support organizational objectives, the Corporation reported that it would implement an IT plan. Senior management and the Board received information about IT-related opportunities and challenges. They did not receive information about the implementation of an IT plan.

28. This weakness matters because reporting on mitigation strategies assists management in making decisions about the implementation of such strategies. Also, as part of its stated roles and responsibilities, the Board was responsible for approving and monitoring risk management strategies.

29. Recommendation. The Corporation should ensure that information on the implementation of risk mitigation strategies is provided regularly to senior management and the Board of Trustees.

The Corporation’s response. Agreed. Through the operations update provided at each Board meeting, management will associate each risk with the activities reported and will discuss with the Board the status of risk mitigation strategies, starting in the 2016–17 fiscal year.

30. Information technology. We found weaknesses in the Corporation’s management practices for information technology security. However, we found good systems and practices in IT service delivery (Exhibit 5).

31. Weaknesses—IT security. The Corporation had not put in place some elements required by its IT security policy. The missing elements included an IT security awareness program, periodic updates to the IT Threat and Risk assessment, vulnerability assessments, and testing of the IT Disaster Recovery Plan. In addition, the Corporation had not tested its draft Business Continuity Plan, which provided the framework for dealing with unplanned interruptions.

32. These weaknesses matter because the Corporation has a responsibility to ensure that its assets and data are secure and protected in accordance with its policies and industry good practices. The lack of security practices and safeguards weakened organizational security and had the potential to make the Corporation more vulnerable to security threats.

33. Recommendation. The Corporation should ensure that its IT security policy requirements are met. It should also test its Business Continuity Plan, as well as the critical information technology applications identified as part of the IT Disaster Recovery Plan.

The Corporation’s response. Agreed. The Corporation will ensure that its IT security policy requirements are met, including testing of its Business Continuity Plan and IT Disaster Recovery Plan. This work is under way and is expected to be completed by the end of the 2017–18 fiscal year.

Operations management practices

The Corporation managed its operations well, but improvements were needed in collections and in project management practices

Overall message

34. Overall, we found that the Corporation had in place good systems and practices for managing its operations. However, we found that the Corporation had not set priorities for reducing the backlogs in identifying and digitizing its collections. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan, and had not fully documented its preservation practices and activities. In the planning of public offer activities, the Corporation had not entirely adhered to its project management process. In addition, there were weaknesses in project management practices followed for the replacement of the admission and collections management systems.

35. These findings matter because the Corporation’s collections have significant scientific value. They therefore need to be conserved and managed in perpetuity, and to be accessible. Good management of public offer activities is important to ensure that the Corporation succeeds in achieving its mandate of increasing knowledge of the natural world, and appreciation and respect for it. Systems used for collections management and admission are important for providing access for researchers and services to visitors.

36. Our analysis supporting these findings discusses the following topics:

• research and collections;
• public offer activities; and
• replacement of the admission and collections management systems.

37. To fulfill its mandate, the Corporation undertakes research, maintains collections, and organizes public offer activities.

38. For the 2015–16 fiscal year, the Corporation incurred $6.8 million in operating expenses for research and collections, or about 18 percent of the total operating expenses for the year. The Corporation incurred $9.5 million in operating expenses for public offer activities, or about 24 percent of the total operating expenses for the year.

39. In 2015–16, the Corporation had 23 multi-year research projects under way. These drew upon working relationships with external collaborators. Donations, acquisitions, and research field trips added to the collections. The Corporation loaned specimens to research and educational institutions.

40. The Corporation had a project management process that applied to public offer activities. The process covered all steps from project initiation to project completion. In 2015–16, the Corporation was developing an Arctic Gallery and enhancing three of its exhibition galleries. It presented 10 temporary exhibitions. It also offered an educational program for schools and hosted a number of events. The Corporation had over 60 new loan agreements in that year and about 30 contracts for travelling exhibitions.

41. In 2015–16, two projects were undertaken to replace the Corporation’s admission and collections management systems.

42. Our recommendations in this area of examination appear at paragraphs 46, 49, 53, and 58.

43. Research and collections. We found that the Corporation had good systems and practices for managing its research and collections. However, we found weaknesses in management practices for making collections accessible and preserving them (Exhibit 6).

44. Weakness—Collections accessibility. The Corporation had backlogs in the identification and digitization of specimens in its collections. As of 31 December 2015, the Corporation estimated that an average of 14 percent of specimen lots in its collections required identification. The Corporation also estimated that about 75 percent of its collection lots had not been digitized through its collections management system. (Concerning the replacement of the system, see Exhibit 8.) While the annual target for digitization had been achieved, the Corporation did not establish a plan, with set priorities, for reducing the backlogs in identification and digitization.

45. This weakness matters because specimens that have not been identified or digitized are of limited use. As stated by the Corporation, the full scientific value of unidentified specimens cannot be realized. In addition, digitization, which allows Web-based access to specimen data, requires a long-term effort.

46. Recommendation. To reduce backlogs, the Corporation should develop a plan that would establish priorities, with achievable milestones for identification and digitization of specimens in its collections.

The Corporation’s response. Agreed. The Corporation will enhance its current approach and develop a practicable and cost-effective plan establishing priorities, with achievable milestones, for identification and digitization of specimens in its collections. The review of the approach is expected to be completed by the end of the 2017–18 fiscal year and it will be reflected in the operational plan for the 2018–19 fiscal year.

47. Weaknesses—Collections preservation management practices. While conservation priorities were based on a risk assessment performed for its collections, the Corporation did not have a conservation plan in place, and it had not fully documented its preservation practices and activities. It thus was not following its Collections Conservation Policy, which called for a long-range conservation plan, thorough documentation of conservation activities, and formulation and implementation of operational policies, procedures, and specifications related to conservation.

48. These weaknesses matter because, without formal plans and proper documentation, the Corporation is dependent on the knowledge of individual staff members to ensure that conservation needs are being met. The Corporation has noted that a significant number of employees are eligible for retirement, particularly in the Research and Collections division, and their likely departure raises the risk of loss of corporate memory. A formally documented conservation plan and preservation practices would lessen that risk and better safeguard the Corporation’s collections.

49. Recommendation. The Corporation should develop a plan that would set priorities for addressing conservation needs for its collections, and regularly monitor progress toward implementing the plan. It should also ensure that preservation practices and activities are documented in accordance with its Collections Conservation Policy.

The Corporation’s response. Agreed. The Corporation will review its Collections Conservation Policy to ensure it is still appropriate for its needs, and will ensure that the policy is followed. It will also enhance its conservation planning for its collections. The Corporation expects to update its policy and prepare a plan by the end of the 2017–18 fiscal year.

50. Public offer activities. We found that the Corporation had good systems and practices for executing, evaluating, and reporting on public offer activities. However, we found weaknesses in the project management process (Exhibit 7).

51. Weaknesses—Planning process and content development. The Corporation had gaps in its management of public offer activities:

• It did not follow some of the steps in its project management process for the planning of public offer activities, including documentation and formal approvals.
• Procedures for travelling exhibitions had not been finalized and did not cover the entire process, including guidelines for when an exhibition should be returned for maintenance and repair, review of contracts before signature, and completion of required forms by borrowing museums.
• It did not have a documented process for developing and approving Web content, with defined roles and responsibilities.

52. These weaknesses matter because an important part of the Corporation’s mandate is to demonstrate the natural world. Public offer activities help to achieve this. The Corporation relies on having proper processes in place to ensure that such activities are well managed.

53. Recommendation. The Corporation should review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content, to ensure that they are complete, still appropriate to the Corporation’s needs, and followed.

The Corporation’s response. Agreed. Management will review its project management process for public offer activities, and its procedures for travelling exhibitions and Web content to ensure they are complete, still appropriate for the Corporation’s needs and followed. Management expects this to be completed by the end of the 2017–18 fiscal year.

54. Replacement of the admission and collections management systems. We found weaknesses in project management practices followed for the replacement of the admission and collections management systems (Exhibit 8).

55. Weaknesses—Project management practices. The Corporation had insufficient project management practices in place to guide two projects undertaken in the 2015–16 fiscal year to replace its admission and collections management systems. The replacements were important as they involved upgrades, but the Corporation was still able to fulfill its mandate despite these weaknesses.

56. The insufficient project management practices resulted in undefined timelines, increased estimated costs, lack of documentation, and limited information for senior management:

• Although the Corporation became aware of the need to replace its admission system in 2014, a new system was not in place when technical and development support for the existing system was discontinued in June 2015. From that date, the Corporation no longer could sell admission tickets online except for some events, using an interim solution. In March 2016, the Corporation issued a request for proposals for a new system. As of April 2016, it was in the process of selecting a vendor. A draft business case had been developed, estimating the project cost at $350,000, but no evidence was provided to demonstrate that it had been approved. Timelines had not been defined and records were not available to demonstrate that senior management had been periodically informed about the progress and status of this project.
• In 2014, the Corporation identified a need to replace its collections management system with a new system having enhanced capabilities. The project started in November 2014. No business case was prepared for the project. A project summary prepared in January 2015 included brief information on the scope, milestones, and estimated costs. However, the summary lacked information on the rationale for the system replacement and its expected benefits, an options analysis, key accountabilities, information technology infrastructure costs, and defined timelines for the four phases of the project. Limited records were available to demonstrate that senior management periodically received information about the project status. The project cost, originally estimated at about $300,000, rose to about $450,000 by the end of our examination period.

57. These weaknesses matter because sound project management practices would help to ensure that replacement of the admission and collections management systems is completed on a timely basis and within set budgets to achieve the expected benefits.

58. Recommendation. The Corporation should put in place formal project management practices for the replacement of systems supporting its operations, including the preparation and approval of a business case, the establishment of project timelines, monitoring of costs, and periodic reporting to senior management.

The Corporation’s response. Agreed. The Corporation will review its current project management approach, including requirements for project documentation and periodic reporting to senior management. In doing so, management will ensure that its practices are cost-effective and appropriate for the nature, complexity, risk, and cost of the projects. This is expected to be completed by end of the 2017–18 fiscal year.

Conclusion

59. In our opinion, based on the criteria established, there were no significant deficiencies in the Canadian Museum of Nature’s systems and practices that we examined for corporate management and operations management. We concluded that the Corporation has maintained these systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.