2020 Spring Reports of the Auditor General of Canada to the Parliament of Canada Independent Auditor’s ReportReport of the Auditor General of Canada to the Board of Directors of the Canadian Commercial Corporation—Special Examination—2019
2020 Spring Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Directors of the Canadian Commercial Corporation—Special Examination—2019
Independent Auditor’s Report
Table of Contents
- Introduction
- Findings, Recommendations, and Responses
- Conclusion
- About the Audit
- List of Recommendations
- Exhibits:
- 1—The Corporation’s finances for the 2014–15 to 2017–18 fiscal years (in $ millions)
- 2—Corporate governance—key findings and assessment
- 3—Strategic planning—key findings and assessment
- 4—Corporate risk management—key findings and assessment
- 5—Business development and contracting—key findings and assessment
This report reproduces the special examination report that the Office of the Auditor General of Canada issued to the Board of Directors of the Canadian Commercial Corporation on 19 March 2019. The Office has not performed follow-up audit work on the matters raised in this reproduced report.
Introduction
Background
1. The Canadian Commercial Corporation is a federal Crown corporation that connects Canadian exporters to global government procurement markets and foreign government buyers. The Corporation reports to Parliament through the Minister of International Trade Diversification.
2. As the Government of Canada’s international contracting agency, the Corporation facilitates government-to-government contracting. The Corporation also helps federal organizations procure goods and services so that the organizations can deliver their programs in other countries. The Corporation charges fees for its services with the exception of sales to the United StatesUS Department of Defense under the Canada–US Defence Production Sharing Agreement.
3. Historically, the Corporation’s operations focused on aerospace, defence, security, and infrastructure. In recent years, the Corporation successfully secured a few large defence contracts that yielded enough revenue to fund operations. The Government of Canada gradually phased out its budget appropriation, with the final $3.5 million appropriation received for the 2016–17 fiscal year (Exhibit 1). In its 2017–18 Statement of Priorities, the Minister of International Trade Diversification directed the Corporation to ensure that it remained fiscally sustainable.
Exhibit 1—The Corporation’s finances for the 2014–15 to 2017–18 fiscal years (in $ millions)
Description | 2014–15 | 2015–16 | 2016–17 | 2017–18 |
---|---|---|---|---|
Value of contracts | $2,440.8 | $2,844.5 | $2,627.0 | $2,387.8 |
Fees charged | $22.8 | $28.6 | $25.3 | $23.1 |
Net loss before parliamentary appropriation | ($5.9) | ($0.8) | ($3.3) | ($5.3) |
Parliamentary appropriation | $14.2 | $8.9 | $3.5 | $0.0 |
Source: Canadian Commercial Corporation annual reports
4. The Corporation developed a diversification strategy in 2017 to address the risk of depending on a few significant contracts in one sector and to contribute to long-term fiscal sustainability. The strategy focused on industries that could leverage the Corporation’s value proposition—that is, the value that the Corporation provides to international buyers.
5. To support the strategy, the Corporation reorganized its business lines to focus on five sectors—aerospace, construction and infrastructure, clean technology, information and communications technology, and defence—under two business units:
- International Commercial Business, for aerospace; construction and infrastructure; clean technology, environment, and energy; information and communications technology; and security; and
- Global Defence and Security, for sales to the US Department of Defense and to other global markets.
The Corporation’s five priority regions include the United States, the Middle East, Latin America and the Caribbean, Asia, and Africa.
6. The Corporation is headquartered in Ottawa and employs approximately 135 people belonging to various disciplines, such as finance, procurement, project management, law, and international trade.
Focus of the audit
7. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canadian Commercial Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.
8. In addition, section 139 of the Financial Administration Act requires that we state an opinion, with respect to the criteria established, on whether there was reasonable assurance that there were no significant deficiencies in the systems and practices examined. A significant deficiency is reported when the systems and practices examined did not meet the criteria established, resulting in a finding that the Corporation could be prevented from having reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.
9. Based on our assessment of risks, we selected systems and practices in the following areas:
- corporate management practices, and
- management of business development and contracting.
The selected systems and practices and the criteria used to assess them are found in the exhibits throughout the report.
10. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.
Findings, Recommendations, and Responses
Overall message
11. Overall, we found no significant deficiencies in the Canadian Commercial Corporation’s systems and practices. We found that the Corporation had well-managed systems and practices for both corporate management and operations; however, we noted areas that could be improved. These areas related to establishing systematic processes at the business unit level for planning operations and identifying risks. Furthermore, we found that the Corporation’s due diligence processes for transactions did not adequately consider human rights issues.
Corporate management practices
The Corporation had good corporate governance practices, but some improvements were needed
12. We found that the Corporation had good corporate governance practices. However, we found that the Corporation did not formally document planning processes and that business units did not prepare operational plans in the same way. We also found that business units did not identify and assess risks systematically.
13. Our analysis supporting this finding discusses the following topics:
14. The Corporation is governed by a Board of Directors, which consists of the Chairperson and nine directors. The Governor in CouncilDefinition i appoints the Chairperson, while the Minister of International Trade Diversification appoints the nine directors with the approval of the Governor in Council. The Governor in Council also appoints the Corporation’s President and Chief Executive Officer. At the start of the period covered by the audit, all nine director positions had expired. By the end of the period, the Minister had appointed six directors, including three who were reappointed to their positions.
15. Our recommendations in this area of examination appear at paragraphs 21, 22, and 26.
16. Analysis. We found that the Corporation had good practices in corporate governance (Exhibit 2).
Exhibit 2—Corporate governance—key findings and assessment
17. Analysis. The Corporation had good practices in performance measurement, monitoring, and reporting. However, it had several weaknesses in its strategic planning processes (Exhibit 3).
Exhibit 3—Strategic planning—key findings and assessment
18. Weaknesses—Strategic planning processes. We found that the Corporation did not formally document its strategic planning processes to ensure consistent application year over year and across business units. Our findings are consistent with those of the Corporation’s internal audit. We also observed that the Corporation’s business units did not prepare operational plans in the same way—and that those plans did not always consider interdependencies between business units.
19. We also found that the Minister of International Trade Diversification did not approve the Corporation’s 2018–19 to 2022–23 corporate plan. The Corporation originally submitted the draft plan in January 2018, and the Minister returned it requesting amendments to reflect the cancellation of a significant contract. The Corporation resubmitted the plan in August 2018, but it remained unapproved at the end of the period covered by the audit. The Corporation attempted to engage the Minister to secure approval of the plan. Government approval of corporate plans is a process outside the Corporation’s control.
20. These weaknesses matter because inconsistent strategic planning processes may not provide the level of detail required to support the Corporation in achieving its strategic objectives. Furthermore, corporate plans outline a five-year strategic and financial direction. Many of the Corporation’s transactions span several years and require long-term planning. The lack of an approved corporate plan limits the ability of the Corporation to assure its suppliers and the foreign governments it works with that it can carry out its contracts to their conclusion.
21. Recommendation. The Corporation should document its strategic planning processes and link them to operational planning. The Corporation should also ensure that its strategic planning processes are consistently applied and integrated across the organization.
The Corporation’s response. Agreed. The Corporation will document its strategic planning processes and provide better linkages to operational planning. The Corporation will continue to strengthen its business plans through increased guidance while also focusing on integration and interdependencies between the respective plans. The Corporation will continue to evolve its business planning process and include regular touch points throughout the year to ensure accountability for deliverables identified within the plans. The strategic process documentation and related improvements will be completed by 30 September 2019.
22. Recommendation. The Corporation should continue to work with the government to ensure that its 2019–20 to 2023–24 corporate plan is approved.
The Corporation’s response. Agreed. The Corporation notes that government stakeholder consultations take place regularly and that the status of the corporate plan is frequently discussed. The Corporation will continue these discussions and work toward having the 2019–20 to 2023–24 corporate plan formally approved.
23. Analysis. We found that the Corporation had good risk management practices. However, we found a weakness in the Corporation’s risk identification and assessment (Exhibit 4).
Exhibit 4—Corporate risk management—key findings and assessment
24. Weakness—Risk identification and assessment. The Corporation’s process for identifying and assessing corporate risks included 14 risks across three categories: strategic, operational, and transactional. However, we found that the Corporation did not have formal processes for systematically collecting risk information at the business unit level. This meant that the process for identifying and assessing risk at the business unit level was not systematic.
25. This weakness matters because without a formal process of collecting risk information from business units, the Corporation might not identify, assess, mitigate, and monitor certain risks.
26. Recommendation. The Corporation’s process for identifying risks should ensure that risk information is collected at the business unit level.
The Corporation’s response. Agreed. The Corporation will provide additional guidance on risk identification and assessment to business units as part of its business plan process. Additional focus on the business plans at the Risk and Opportunities Committee will also be established. These improvements will be completed by 30 September 2019.
Management of business development and contracting
27. Through contracts with foreign government buyers, the Corporation guarantees delivery of a Canadian exporter’s goods or services. The Corporation also holds a contract with the Canadian exporter, which requires the exporter to fulfill its contract with the foreign government buyer. As a result, the Corporation assumes and mitigates risks, such as financial or political, for the Canadian exporter and the foreign government buyer. Before concluding these contracts, the Corporation assesses the risks to the transaction, which include
- the risk of the Canadian exporter not having the technical, managerial, or financial capacity to fulfill the contract;
- the risk of the foreign government buyer not concluding the contract or paying; and
- any other risks associated with the project that could affect its likelihood of success, including reputational risks such as corruption and bribery risks.
28. The Corporation’s transactions can involve exports of controlled goods, such as some military or dual-use goods or technology. Such controlled goods are subject to the Export and Import Permits Act, which requires that an export permit be issued by Global Affairs Canada before the goods can be exported. Once a contract has been signed, the exporter submits an application for an export permit to the Export Controls Operations Division of Global Affairs Canada, for a review of the facts of the export to ensure consistency with Canada’s foreign and defence policies. On the basis of this review, the Minister of Foreign Affairs decides whether to grant an export permit in a particular set of circumstances. The Corporation is not involved in the decision as to whether the export of a controlled good or service can proceed, but assesses the risk associated with the export permit approval as part of the due diligence process.
The Corporation had good business development practices, but there were weaknesses in its contracting processes
29. We found that improvements were needed in the Corporation’s due diligence processes related to managing risk in its contracts. In particular, the Corporation did not adequately consider risks related to human rights in its contracting processes. We also found weaknesses in the Corporation’s monitoring systems that track contract costs.
30. Our analysis supporting this finding discusses the following topic:
31. Our recommendations in this area of examination appear at paragraphs 35 and 38.
32. Analysis. We found that the Corporation had good business development practices. However, we found weaknesses in the Corporation’s contract management and performance monitoring and reporting processes (Exhibit 5).
Exhibit 5—Business development and contracting—key findings and assessment
33. Weakness—Contract management. We reviewed the Corporation’s due diligence processes to assess whether the risks posed by potential contracts were well identified, assessed, and considered before a transaction was approved. In the transactions we examined, we found that the Corporation assessed certain areas of suppliers’ due diligence, such as business integrity (corruption and bribery risks) and suppliers’ technical, managerial, and financial risks associated with a proposed transaction. However, we found that the Corporation did not have a formal process for reviewing human rights issues that related to the transactions. At the time of our audit, the Corporation was implementing due diligence processes to address these issues.
34. This weakness matters because the Corporation has committed to the highest ethical standards in business dealings both in Canada and abroad. Entering into transactions associated with human rights concerns exposes the Corporation to reputational risks and to transactional risks if human rights issues prevent Global Affairs Canada from issuing an export permit.
35. Recommendation. The Corporation should establish and implement due diligence processes for human rights risks. These processes should properly assess and mitigate risks, both as the contract is prepared and for its duration. The Corporation should consult with external partners, such as Global Affairs Canada, as part of these due diligence processes, where relevant.
The Corporation’s response. Agreed. The Corporation is revising its ongoing risk assessment and transactional due diligence to ensure that human rights, transparency, and responsible business conduct (RBC) are core guiding principles. The review will result in modifications to the Corporation’s policy suite to include improved policies and systematic procedures that will constitute an “Enhanced RBC Framework” intended for implementation by June 2019. The framework will assess and develop risk mitigation strategies with respect to human rights risks in the Corporation’s transactions. The Corporation recently established a Human Rights Committee to conduct due diligence reviews for human rights concerns. The Corporation will continue to consult with officials at Global Affairs Canada in its human rights assessments and ensure that human rights risks are reviewed at the outset and throughout a transaction. These improvements will be completed by 30 November 2019.
36. Weakness—Performance monitoring and reporting. The Corporation did not have monitoring systems and practices in place for project costs. As a result, the Corporation was unable to track actual costs incurred on a contract to compare those costs with the estimated pricing, nor could the Corporation be assured that fees charged on contracts covered all related costs.
37. This weakness matters because these systems and practices are needed to validate and inform the pricing for the Corporation’s services and to help the Corporation achieve long-term financial sustainability. The Corporation cannot assess whether its fees on individual contracts contribute to a fiscal sustainability without adequate monitoring information related to fees and profit on contracts.
38. Recommendation. The Corporation should develop and implement monitoring systems and practices that will provide information on contract fees and profit to inform decisions around contract pricing and the Corporation’s fee structure.
The Corporation’s response. Agreed. The Corporation will review options on monitoring systems and practices that could strengthen information gathering on contract costs to better inform decision making around the Corporation’s fee structure. The selected options will be implemented by 31 December 2019.
Conclusion
39. In our opinion, based on the criteria established, there was reasonable assurance there were no significant deficiencies in the Canadian Commercial Corporation’s systems and practices that we examined. We concluded that the Corporation maintained its systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.
About the Audit
This independent assurance report was prepared by the Office of the Auditor General of Canada on the Canadian Commercial Corporation. Our responsibility was to express
- an opinion on whether there is reasonable assurance that during the period covered by the audit, there were no significant deficiencies in the Corporation’s systems and practices that we selected for examination; and
- a conclusion about whether the Corporation complied in all significant respects with the applicable criteria.
Under section 131 of the Financial Administration Act (FAA), the Canadian Commercial Corporation is required to maintain financial and management control and information systems and management practices that provide reasonable assurance that
- its assets are safeguarded and controlled;
- its financial, human, and physical resources are managed economically and efficiently; and
- its operations are carried out effectively.
In addition, section 138 of the FAA requires the Corporation to have a special examination of these systems and practices carried out at least once every 10 years.
All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard for Assurance Engagements (CSAE) 3001—Direct Engagements set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.
The Office applies Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.
In conducting the audit work, we have complied with the independence and other ethical requirements of the relevant rules of professional conduct applicable to the practice of public accounting in Canada, which are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.
In accordance with our regular audit process, we obtained the following from the Corporation’s management:
- confirmation of management’s responsibility for the subject under audit;
- acknowledgement of the suitability of the criteria used in the audit;
- confirmation that all known information that has been requested, or that could affect the findings or audit conclusion, has been provided; and
- confirmation that the audit report is factually accurate.
Audit objective
The objective of this audit was to determine whether the systems and practices we selected for examination at the Canadian Commercial Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively as required by section 138 of the Financial Administration Act.
Scope and approach
We examined the Canadian Commercial Corporation. The scope of the special examination was based on our assessment of the risks the Corporation faces that could affect its ability to meet the requirements set out by the Financial Administration Act.
As part of our examination, we interviewed Board members, senior management, and other individuals throughout the Corporation to gain insights into its systems and practices. We selected and tested sample items, such as transactions, process control activities, risk mitigation strategies, contracts, projects, and reporting, to determine whether systems and practices were in place and functioned as intended.
The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.
In carrying out the special examination, we did not rely on any internal audits.
Sources of criteria
The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.
Corporate governance
Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005
Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013
Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Department of Finance and Treasury Board, 1996
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Performance Management Program for Chief Executive Officers of Crown Corporations—Guidelines, Privy Council Office, 2016
Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014
Strategic planning
Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board Secretariat, 2005
Guidelines for the Preparation of Corporate Plans, Treasury Board Secretariat, 1996
Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Department of Finance and Treasury Board, 1996
Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Corporate risk management
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013
Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Department of Finance and Treasury Board, 1996
Corporate Social Responsibility: An Implementation Guide for Business, International Institute for Sustainable Development, 2007
Business development and contracting
Control Objectives for Information and related TechnologyCOBIT 5 Framework—EDM02 (Ensure Benefits Delivery), Information Systems Audit and Control AssociationISACA
Plan-Do-Check-Act management model adapted from the Deming Cycle
Guidelines for the Preparation of Corporate Plans, Treasury Board Secretariat, 1996
A Guide to the Project Management Body of Knowledge (PMBOK® Guide), fourth edition, Project Management Institute IncorporatedInc., 2008
Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2013
Period covered by the audit
The special examination covered the period between 17 January 2018 and 23 November 2018. This is the period to which the audit conclusion applies.
Date of the report
We obtained sufficient and appropriate audit evidence on which to base our conclusion on 12 December 2018, in Ottawa, Canada.
Audit team
Principal: Lissa Lamarche
Director: Laurie Girard
Daniel Spagnolo
List of Recommendations
The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.
Corporate management practices
Recommendation | Response |
---|---|
21. The Corporation should document its strategic planning processes and link them to operational planning. The Corporation should also ensure that its strategic planning processes are consistently applied and integrated across the organization. (17 to 20) |
The Corporation’s response. Agreed. The Corporation will document its strategic planning processes and provide better linkages to operational planning. The Corporation will continue to strengthen its business plans through increased guidance while also focusing on integration and interdependencies between the respective plans. The Corporation will continue to evolve its business planning process and include regular touch points throughout the year to ensure accountability for deliverables identified within the plans. The strategic process documentation and related improvements will be completed by 30 September 2019. |
22. The Corporation should continue to work with the government to ensure that its 2019–20 to 2023–24 corporate plan is approved. (17 to 20) |
The Corporation’s response. Agreed. The Corporation notes that government stakeholder consultations take place regularly and that the status of the corporate plan is frequently discussed. The Corporation will continue these discussions and work toward having the 2019–20 to 2023–24 corporate plan formally approved. |
26. The Corporation’s process for identifying risks should ensure that risk information is collected at the business unit level. (23 to 25) |
The Corporation’s response. Agreed. The Corporation will provide additional guidance on risk identification and assessment to business units as part of its business plan process. Additional focus on the business plans at the Risk and Opportunities Committee will also be established. These improvements will be completed by 30 September 2019. |
Management of business development and contracting
Recommendation | Response |
---|---|
35. The Corporation should establish and implement due diligence processes for human rights risks. These processes should properly assess and mitigate risks, both as the contract is prepared and for its duration. The Corporation should consult with external partners, such as Global Affairs Canada, as part of these due diligence processes, where relevant. (32 to 34) |
The Corporation’s response. Agreed. The Corporation is revising its ongoing risk assessment and transactional due diligence to ensure that human rights, transparency, and responsible business conduct (RBC) are core guiding principles. The review will result in modifications to the Corporation’s policy suite to include improved policies and systematic procedures that will constitute an “Enhanced RBC Framework” intended for implementation by June 2019. The framework will assess and develop risk mitigation strategies with respect to human rights risks in the Corporation’s transactions. The Corporation recently established a Human Rights Committee to conduct due diligence reviews for human rights concerns. The Corporation will continue to consult with officials at Global Affairs Canada in its human rights assessments and ensure that human rights risks are reviewed at the outset and throughout a transaction. These improvements will be completed by 30 November 2019. |
38. The Corporation should develop and implement monitoring systems and practices that will provide information on contract fees and profit to inform decisions around contract pricing and the Corporation’s fee structure. (32, 36 to 37) |
The Corporation’s response. Agreed. The Corporation will review options on monitoring systems and practices that could strengthen information gathering on contract costs to better inform decision making around the Corporation’s fee structure. The selected options will be implemented by 31 December 2019. |