Internal Audit of Values and Ethics - Internal Audit and Evaluation Directorate

Internal Audit of Values and Ethics - Internal Audit and Evaluation Directorate PDF Version (936 KB)

Executive Summary
1. Introduction
2. Findings, Recommendations And Management Responses
Appendix A: Audit Criteria
Appendix B: References
Footnotes

June 2015

Executive Summary

Background

Public Safety Canada (PS) has in place a wide variety of practices that collectively promote and embed values and ethics (V&E) in its operations. They include the Department's Code of Conduct and departmental values, which are implemented in the context of the Government of Canada Code of Values and Ethics for the Public Service. Complementing these practices are a series of activities, initiatives and control processes that have been put in place to promote, implement and monitor the Department's adherence to their V&E obligations. These practices – some of which are in development or in evolution – rest on the foundation of the organization's culture and operating philosophy and collectively form the V&E management control framework. The V&E management control framework is critical to prevent, detect and correct a variety of risks. Equally important, it helps to ensure the Department is run effectively and efficiently and that the organization's human, financial and reputational assets are safeguarded.

Roles, responsibilities and accountabilities for V&E are shared: fundamentally, all personnel are responsible for adhering to the requirements; as well, leaders at all levels are responsible for setting the “tone at the top” and the “tone at the middle”. The Human Resources (HR) Directorate and the Department's Workplace Wellness Ambassadors also play central roles.

In part because of the shared accountability, but also because of the internal and external operating realities of the Department, PS is exposed to a wide range of V&E risks. In recognition of the risk and importance of V&E, as part of its 2013-14 audit plan, the Internal Audit and Evaluation Directorate conducted an audit of the Department's V&E management control framework.

Audit Objective

The objective of this audit was to provide reasonable assurance that PS's V&E practices, both in existence and in development^{Note 1}, are adequate and effective to ensure:

a departmental culture and leadership that promotes and sustains an environment conducive to V&E;
formal practices that provide foundations for values based and ethical operations; and,
appropriate, timely and meaningful oversight of V&E practices, risks and outcomes.

Summary of Results

The audit found evidence that the Deputy Minister, Associate Deputy Minister and Human Resources (HR) are placing a high degree of emphasis on V&E, setting a positive ‘tone at the top'. These efforts are in response to concerns related to the organizational culture, raised through past surveys and other means.

The Department has a number of good V&E practices in place. Of the formal practices that are in place, many are well designed and working effectively. Strengths include the existence and comprehensiveness of the governmental and departmental Codes of Conduct, formal guidance and training on a wide variety of V&E elements. We found that important operational processes are designed to include protections against conflicts of interest. Further, we noted that some important leadership development practices are in place and well-designed.

In other important areas, improvements are required. They include a need to better clarify and elaborate on the departmental values, including contextualizing them in the basis of the department's day-to-day business. Disclosure processes require greater clarification and actions need to be taken to strengthen employees' trust in them. While many elements are in place or under development, they are not sufficiently integrated into a comprehensive framework, nor have shared outcomes been identified. Therefore, efforts are needed to clarify, consolidate and rationalize the many initiatives and activities that contribute directly or indirectly, to V&E. Once rationalized, the Department needs to more effectively and efficiently monitor the results associated with these activities.

The effectiveness of the Department's formal controls rests squarely on the organization's “control environment”. A critical element of the department's V&E management control framework, the control environment is comprised of elements such as leadership, operating philosophy, communications and trust. If the control environment is weak, more formal controls will never be optimal and the department's overall control framework will not achieve its objectives. The audit found important aspects of the Department's culture and operating philosophy are not providing an appropriate foundation. The recent improvements in leadership and management development will help, but additional efforts must be implemented to transform the organizational culture to one which is management focused. The audit reviewed the departmental realignment exercise and noted that positive attention is being placed on the management of change. Going forward the Department should seize any future change initiatives as further opportunities to advance and reinforce cultural dimensions of good management

Audit Opinion

The department has many well-designed formal controls in place which are generally effective. However, important aspects of the department's culture and operating philosophy are not providing an appropriate foundation. Therefore, at this time the overall V&E management control framework is not adequate or effective.

Statement of Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The opinion is applicable only to the entity examined.

The audit was unable to conclude definitively (i.e., to the level of assurance standards) on some elements of the control environment, notably leadership and operating philosophy. Despite this exclusion, we have sufficient and reliable evidence from other sources to support this opinion. In relation to the items on which we could not conclusively opine, a separate management letter, including recommendations, is being issued to address these important issues.

Summary of Recommendations

The Director General of Human Resources (DG HR) as the Office of Primary Interest (OPI) should consolidate and develop a single V&E frame and action plan that integrates, rationalizes and prioritizes the activities and initiatives that directly or indirectly support the department's V&E objectives, outcomes and expected results.
1. Consider developing a V&E logic model to map and rationalize the priority activities/initiatives.
2. Based on the mapping, leverage existing indicators and where necessary consult with senior management on the development of customized, targeted indicators of risk and performance, for use in monitoring and oversight (see recommendation 3 below)
The DG HR as the OPI and working with the Departmental Management Committee (DMC) should strengthen formal V&E practices by:
1. Further clarifying expectations related to departmental values, including the ways in which they should be operationalized at the working level and the inter-play between them.
2. Further clarifying and communicating the key V&E roles, responsibilities and accountabilities, including the role of the Senior Officer for Disclosure and the Workplace Wellness Ambassador.
3. Further clarifying and communicating the departmental disclosure processes, both formal and informal. Each process will include documenting: the steps to address and resolve workplace issues, the responsibilities of the employee and management, the associated protections available to staff, and the constraints of each process. Mechanisms should be put in place to ensure accountability for the processes working as intended.
The DG HR as the OPI and working with the DMC should improve V&E reporting and oversight by:
1. Reporting regularly on progress against the integrated program (noted above in recommendation 1).
2. Enhancing the robustness of V&E risk assessment, ensuring these V&E risks are tracked and considered as part of key corporate monitoring mechanisms.
3. Developing and tracking formal indicators of the performance and behaviour of leaders in relation to V&E.
The DG HR as the OPI and working with the DMC should strengthen the control environment by taking a systematic, values-based approach to the recruitment and management of current and future leaders. To this end , the Department should:
1. Reinforce management tools such as statement of merit criteria focusing on leadership, interview questions and reference checks that engage the candidates' peers and subordinates as part of leadership recruitment.
2. Based on risk, ensure more rigorous oversight of leadership staffing decisions by HR.
3. Facilitate access to 360 feedback as an element of employee development, ensuring that the assessors are randomly selected and are protected in terms of their anonymity.
4. Equip leaders with the skills and tools they need to effectively and meaningfully have difficult discussions around performance and reinforce to managers their accountabilities regarding performance management and associated disciplinary actions.
5. Ensure that leaders' performance reviews are written objectively and are informed by multiple perspectives, i.e. colleagues, Labour Relations, employees, in order to provide a fair assessment of leaders' interactions, and that performance reviews explicitly reference back to the expectations and targets set out in the PMAs, as well as the leadership competencies, to hold them accountable.
6. In cases of known performance problems for those in leadership/managerial positions, hold their leaders personally and financially accountable, through their performance ratings, for the management of the former's performance.
The DG HR as the OPI and working with the DMC, should support the Deputy Minister in continuing his positive and targeted communications on values and ethics. Together with the broader leadership cadre, ensure consistent outreach and change management efforts, taking advantage of the change initiatives underway to help evolve the organizational culture.

Management Response

Management accepts all recommendations and will implement the actions outlined below. It should be noted that the Deputy Minister (DM), Associate Deputy Minister (AsDM) and broader executive community are committed to ensuring Public Safety Canada (PS) is a workplace that supports values and ethics that are integrated in decision making, actions, policies, processes and systems. Employees can expect to be treated in accordance of values set by our organization, namely those of Respect, Unity, Service and Excellence and in accordance with the Values and Ethics (V&E) Code for the Public Sector.
The V&E Audit report identifies a number of important areas where the practice needs to improve. All members of the Executive Committee are fully committed to implementing a full and successful response to the recommendations included in this report. A fully successful response requires a commitment throughout the organization to learn and improve based on the findings of this report. This commitment has begun with senior executives reviewing these findings together, and discussing what actions they will take individually and collectively to ensure that their work is in full support of values and ethics. We have used the Executive Management Retreat, the Assistant Deputy Minister retreat and separate sessions with executives as forums to inform and discuss the key findings in this report and agree to collective responsibility in improving the overall situation. It is also important that executives continue these discussions with their staff at their regular group meetings, participate actively in various PS forums, and discuss how collective actions can resolve the observations made in the report.
It is recognized that implementing a collective approach to the management of values and ethics will be an iterative process. Several sound management controls have been recently implemented to ensure greater fiscal accountability, however, continued effort and engagement is needed to sustain momentum in the area of human resources management, including activities related to V&E. Values will be clearly articulated, communicated and respected throughout the department. To ensure V&E are managed in a consistent manner, clear and specific expectations for good leadership and management behaviours, including examples of what constitutes exemplary and unacceptable behaviours will be defined. Further, senior leaders will individually and collectively operate and be held to account.
Work to ensure a clear and consistent commitment to employees on supporting V&E has been underway for some months. For instance, a full time Office of Transformation task force led out of the AsDM's office was recently established to ensure a coordinated approach to departmental re-alignment of functions and other change management initiatives including V&E. Additionally, broad based consultation with departmental executives and senior management has confirmed a shared commitment to improving clarity around V&E and to discuss concrete measures on how to realize these on a day to day basis while delivering on our mandate. PS's Workplace Wellness Ambassador and Senior Officer of Disclosure are also contributing to advance initiatives that foster an environment in support of open conversations and collective problem solving. Although individual responsibilities and accountabilities have been identified in this response related to program office functions, Ambassador and organizational roles and broader responsibilities under the Office of Transformation, we are committed to working together to help ensure that PS values are embodied within the organization. This will be achieved through regular engagement with employees, collaboration in defining a way forward and shared accountability in reporting against progress.

CAE Signature

____________________________

Audit Team Members:

Deborah Ann Duhn, CPA, CA
Carmen Abela, CIA, CCSA
Jennifer Smith, CMC
Jill Odell

1.0 Introduction

1.1 Background

In April 2012, the Treasury Board of Canada Secretariat (TBS) released the updated Values and Ethics (V&E) Code for the Public Sector, along with the Policy on Conflict of Interest and Post-Employment. These documents outline a set of five public sector values and expectations in the administration of conflict of interest, and outline the duties, obligations and responsibilities of federal public servants, deputy heads and ministers. In keeping with TBS expectations, in 2012, the Public Safety Canada (PS) developed and adopted its own Code. This complemented the set of departmental values the Department established in 2010. They include: Service, Unity, Respect and Excellence and are intended to coalesce staff around a common set of guiding principles. Collectively, the Codes and the Values establish expectations for all personnel to act in accordance with prescribed V&E and to establish maintain and safeguard the public trust in the Department and the Government.

To adhere to the V&E expectations, the Department has a number of practices and controls in place, both formal and informal.

Formal controls include those practices which are formally and explicitly defined including policies, procedures, repeatable activities and structures.

Informal controls are less tangible, but equally important. They include the organization's operating philosophy, management's attitude or style, employees' commitment and trust as well as communications. Often referred to as the control environment, these informal practices collectively define the organization's culture and provide the foundation for all other formal controls.

It is important to stress that V&E requirements and controls go far beyond the function of Human Resources (HR). As described below, V&E practices are fundamentally the responsibility of all managers and employees. Accordingly, V&E practices should be embedded into day-to-day strategic, operational protocols and decision-making processes, as well as in the organization's governance regime. And while formal practices and policies are critical V&E foundations, on their own they are not enough; institutionalization of the values and ethics into the organization's culture and operating philosophy is imperative to ensuring commitment to the formal practices.

V&E are important in all government organizations, but their importance is heightened in PS. As described below under Risk Analysis, the Department has some unique risk factors for which V&E are critical to helping manage. As well, in light of the history of the Department's formation – notably, the merging of several different organizations and their respective cultures – the existence and acceptance of commonly agreed on values is critical to ensuring a unified and cohesive organization.

1.2 Roles and Responsibilities

Roles, responsibilities and accountabilities for V&E are shared among various parties.

The HR Directorate, through its Labour Relations Group, provides advice to management on legislation, regulations and policies related to values and ethics. They also provide general advice to employees.
The department's Workplace Wellness Ambassador and co-Ambassador are expected to “encourage ongoing dialogue on values and ethics at Public Safety Canada and establish procedures to allow staff to come forward if they have reason to believe that wrongdoing has taken place and provide protection against reprisal when they do so^{Note 2}.”
Oversight of the V&E regime rests primarily with the Deputy Minister (DM) and the Departmental Management Committee (DMC), as well as the Human Resources Departmental Management Committee (HR-DMC). The Departmental Audit Committee (DAC) also plays an oversight and advisory role, mandated as it is to “review and provide advice on the departmental systems and practices established by the deputy head to monitor compliance with laws, regulations, policies and standards of ethical conduct and identify and deal with any legal or ethical violations^{Note 3}.”
Finally, responsibility for applying, in the course of their daily work, the V&E requirements, rests with all employees. Through their performance management agreements, employees and executives alike acknowledge their responsibilities and obligations to abiding by the requirements of the Public Sector and departmental Codes.

1.3 Risk Analysis

Some of the V&E risks are intrinsic to the business in which the Department is engaged. For instance, grants and contributions programs are inherently exposed to conflict of interest risks. Similarly, day-to-day organizational transactions (e.g., staffing, contracting, etc.) will always be accompanied by risk of V&E breaches (including, but not limited to conflict of interest). As well, Departments that handle sensitive information are inherently exposed to risks around its mis-use. These are some of the key factors that define PS's V&E risk landscape.

In addition, PS has some additional, organization-specific risk factors that may compound these generic risks and/or introduce new exposures. First, the Department has been in an almost continuous state of change. Change, even if it is intended to improve conditions, represents a risk factor that may create workplace turmoil and uncertainty, which in turn may translate to an erosion of trust, commitment, unity or excellence. In and of itself, an erosion of these “informal controls” is of concern. However, weaknesses in these areas are also known to have a direct impact on the state of adherence to formal controls (e.g., policy, procedures, etc.). Audit planning consultations indicated that the level of employee trust is low; heightening the risk that adherence to the principles and practices of management and program excellence will be diminished.

Change is not the only factor that appears to be contributing to this; the departmental culture and history is a compounding factor. The Department was created in December 2003 and was formed from a number of separate and independent entities including three Departments. For most of its early years, the organization focused on creating capacity and delivering on what continues to be a highly political and publicly visible mandate. In this context, audit planning consultations indicated that the reactive nature of the Department's business, the lack of an historical emphasis on management practices and the limited integration of the various organizations (and their cultures) that came together to form PS create an environment of V&E-risk. Specifically, in this context, there is a risk that management controls, which are critical for V&E, are neither well entrenched nor highly valued. Importantly, internal departmental “silos” are known to exist and work against important departmental values such as unity. Finally, the organization's small size and composition (i.e., high complement of senior, non-operational personnel), may limit managers' exposure to the challenges associated with larger, more complex organizations. As such, managerial experience and comfort in identifying, managing and resolving V&E issues may be limited.

As a result of these conditions, PS is exposed to a number of important V&E risks which, if they materialized, could have a negative impact on the operations and reputation of the Department. The audit objective and scope was guided by this risk analysis.

1.4 Audit Objective

The objective of this audit was to provide reasonable assurance that PS's V&E practices, both in existence and in development^{Note 4}, are adequate and effective to ensure:

a departmental culture and leadership that promotes and sustains an environment conducive to V&E;
formal practices that provide foundations for values based and ethical operations; and,
appropriate, timely and meaningful oversight of V&E practices, risks and outcomes.

1.5 Scope and Approach

The audit covered the 2013-14 fiscal year and all branches were included. Three broad lines of enquiry were used to target the audit. The practices examined in relation to each are provided below.

The practices examined in relation to each are provided below
Line of Enquiry	Objective	Practices Examined
Culture and Leadership Development Practices	PS organizational culture^{Note 5} and leadership promotes and sustains an environment that is conducive to living the government and departmental values and ethics.	Leadership promotion, development and management Information and communication V&E-based decision-making
V&E Framework and Formal Practices	Formal V&E practices exist and are implemented, laying the foundation for values-based and ethical operations.	Code and supporting guidance Training, outreach and advice Disclosure mechanisms
Oversight	Appropriate mechanisms exist to allow for the timely and meaningful oversight of V&E practices, risks and outcomes.	Governance Monitoring

Appendix A provides a summary of the audit criteria against which the audit was conducted.

WindReach Consulting Services Inc. was retained to conduct the audit. The audit was conducted in accordance with the professional standards of the Institute of Internal Auditors' International Professional Practices Framework (IPPF) and the Treasury Board Policy on Internal Audit. Audit methods included interviews, documentation review and file review to ascertain the adequacy and effectiveness of controls. Complementing these audit methods, the audit conducted a series of workshops with staff from across all Branches and at various levels of seniority. Workshops were held with participants, randomly selected, from the following groups:

Non-executives^{Note 6}
Young professionals^{Note 7}
Middle managers^{Note 8}
Directors

While a workshop with Directors General was planned, insufficient availability of those invited prevented the workshop from going ahead. Therefore, where possible, interviews were used to gather insight from this group. Regional participation was encouraged. Some regional personnel participated in the workshops by phone, while others were interviewed. The purpose of these consultations was to solicit anonymous input on some of the key management practices, such as training, guidance, departmental values and disclosure channels. Participants were asked for their feedback on their awareness of and comfort with these control areas.

In addition to these methods used to gather audit evidence, the audit team also conducted research and consulted with some key external stakeholders. A list of references that informed this audit is provided in Appendix B.

1.6 Audit Opinion

1.7 Statement of Assurance

The audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

2.0 Findings, Recommendations And Management Responses

Because of the complex interplay of the areas of control examined, the audit report is structured thematically, rather than against the specific audit objectives.

2.1 Values and Ethic Framework and Formal Practices

What We Expected to Find:

The foundation of a strong V&E regime is the formal framework that sets direction, establishes accountability and equips all personnel with the information they need to adhere to the V&E requirements. The audit expected to find a cohesive, overarching plan for V&E, including objectives and expected results. This, coupled with clear governance and accountabilities should form a well-articulated vision and direction for the V&E regime. Supporting this broad direction, there should be an efficient and clear infrastructure. Specifically, we expected to find well-developed guidance and training material as well as evidence of V&E considerations integrated directly into decision-making processes.

V&E Directions

The audit found evidence that the Department has a variety of different V&E-related plans and strategies in place. Some are more current than others and some remain in a state of development. The audit found that they were not integrated into a comprehensive or strategic framework or approach nor have shared outcomes been identified. For instance,

until 2012/13, the Department had annual V&E plans, which focused on a series of activities being led by Labour Relations in the HR Directorate. However, the plans did not contain any anchoring information such as vision or objectives, or a commitment to monitoring implementation. It should be noted that PS's last V&E Plan committed to the development and maintenance of a PS Values and Ethics Program. The audit did not find any evidence that the Program was ever developed and since 2012/13, there has been no update to the plan. We understand that cuts made to the HR Directorate as part of the Deficit Reduction Action Plan eliminated a position that would have been responsible for this work.
The Department has an extremely detailed Public Service Employee Survey (PSES) Action Plan which includes numerous commitments.
More recent initiatives have been put in place to support specific elements that enable V&E, including a Management Capacity Strategy, Change Management / Realignment plans, etc. There are important connections between these initiatives and the Department's V&E priorities, yet at the moment, the Department has not drawn them formally. The development of a single, outcomes-based vision and plan in relation to V&E would allow these connections to be efficiently and effectively drawn.

The potential impacts of these findings include:

Misalignment of various V&E roles, responsibilities and activities, which may diminish efficiency or clarity;
The pursuit of initiatives that may not directly support V&E and which therefore may not be needed; and
Greater challenges in monitoring results from investments in V&E and to address risks and gaps before they emerge.

As with any program, the objectives, expected results and vision lay the foundation for success. This is particularly the case in a program like V&E where responsibility is shared. Thus, a more fulsome, strategic and aligned approach is required for the setting of V&E direction across the Department.

Governance Structures and Accountability

Another important foundation for the V&E program is the set of governance structures and related accountabilities that define who is responsible for what, including, but not limited to oversight activities. The audit found that formal departmental governance bodies such as the DMC, Human Resource Management Committee (HRMC) and the DAC are explicitly mandated to oversee and discuss V&E issues. Evidence exists that V&E issues and initiatives are discussed, although not on a regularized basis (i.e., not standing agenda items).

The audit also examined the Department's accountability arrangements in relation to V&E, seeking evidence that there were clear and consistent responsibilities for the V&E program. We found that responsibility and accountability is not clearly enough articulated and documented which poses a risk in organizations like Public Safety where the organization:

Has shared responsibility for V&E;
Is undergoing change;
is operating under high pressure to deliver, and
Is characterized by known issues of mis-trust.

Thus, given these conditions, more formality in accountability arrangements may be required to manage the risk that may come from employees' uncertainty around points of contact or their reluctance to disclose suspected breaches.

Of specific concern is the clarity of the responsibilities assigned to the newly established Workplace Wellness Ambassador and co-Ambassador. These individuals are mandated to “encourage ongoing dialogue on values and ethics at Public Safety Canada and [to] establish procedures to allow staff to come forward if they have reason to believe that wrongdoing has taken place and provide protection against reprisal when they do so^{Note 9}.” The distinction between this role and that of Labour Relations is not clear. As well, while we understand that the Ambassador is considered the Senior Officer for Disclosure^{Note 10}, the audit found that the roles, responsibilities and expectations of the Ambassadors in relation to this role are not sufficiently clear, nor well enough communicated to and understood by employees.

In addition, the audit noted that another key player – the departmental Champion for the Public Service Employee Survey (PSES) – plays an important role in V&E matters and directs and oversees a very detailed action plan. However, the audit did not find any evidence to suggest formal and systematic linkages between this Champion and the new Ambassadors.

As noted later in this report, the audit has confirmed that personnel are not comfortable disclosing V&E breaches. Unclear accountabilities and channels of communication will only exacerbate this problem. While the audit does not feel that all V&E responsibilities need to be centralized in one person or group, we have concluded that greater clarity, alignment and integration of accountabilities and related communication channels is needed.

Codes of Conduct & Values

To determine if employees have specific and clear guidance on their V&E obligations, we examined the adequacy and effectiveness of the codes of values and ethics according to which all employees must abide. These, coupled with the guidance and training discussed in the following section, ensure a common understanding of expectations. The audit found that the Department has a Code of Conduct which, in combination with the Values and Ethics Code for the Public Sector, is expected to guide behaviour and actions at PS. We found that the departmental code is well understood. The workshop consultations revealed that the majority of participants indicated a strong understanding of their commitments and obligations in relation to PS's Code of Conduct (84% strongly agreed or agreed). We also concluded that the Code is comprehensive, appropriate for the objectives and risks of the Department and in line with the Values and Ethics Code for the Public Sector.

Complementing the departmental and public sector codes, the Department also has in place four organizational core values (see inset below). Through workshops and interviews, the audit sought to confirm that staff clearly understood the values and their day-to-day obligations in relation to them.

Public Safety Canada's Departmental Values

Service:
We serve the public. We deliver high quality, timely programs and services that are responsive to the needs of all Canadians, including our employees

Unity:
We bring people together by building trust through teamwork, collaboration and integration.

Respect:
In a diverse society, we demonstrate integrity and respect for each other, our partners, our institutions and Canadians, both as taxpayers and as citizens.

Excellence:
We are driven by professionalism, innovation, and achieving results for Canadians.

Our results suggest that while most (94%) of the employees understand the corporate values; there is more limited understanding as to what they mean to employees in their day-to-day work and decision-making. While the values are regularly communicated, more work needs to be done to clarify the precise meaning of the values in terms of behavioural expectations (both ideal and prohibited) so that employees understand how they apply at the working level.

“Even explicit values statements in organizations often turn out to be nothing more than posters or plaques on the wall. Unless they are formulated in the context of the work that people are doing, and in a meaningful way, they tend to be ignored.”^{Note 11}

This is particularly the case with Unity. For instance, a number of workshop participants assumed unity was akin to collaboration, consultation and agreement. They also noted that they often find themselves challenged by the trade-offs that come from balancing the need to consult internally with the need to make firm decisions and advance the files. This is further demonstrated by the extent to which workshop participants agreed that PS core values are upheld in their work environment. The following graph illustrates the percentage of participants who either strongly agreed or agreed that the values are lived in the Department.

Image Description

This graph shows the percentage of staff agreeing that values are ‘Lived'

88% of workshop participants either strongly agreed or agreed that the value “Service” is lived in the Department
80% of workshop participants strongly agreed or agreed that the value “Excellence” is lived in the Department
59% of workshop participants strongly agreed or agreed that the value “Respect” is lived in the Department
51% of workshop participants strongly agreed or agreed that the value “Unity” is lived in the Department

The workshop discussions revealed that there is a common perception that there is a hierarchy of values with some, notably Service and Excellence, trumping others (i.e., Respect and Unity). Specifically, workshop participants expressed concern that the value of timely service sometimes has to be achieved at the expense of unity and being respectful in carrying out the work. This perception was raised in all workshops and is indicative of the culture and the lack of understanding of the values. Departmental values are mutually supportive, not mutually exclusive.

It is important to note that many of the workshop participants expressed a desire to work in a more integrated and collaborative fashion. Some highlighted the value that networks, like the Young Professional Network, bring to support unity in the organization. Others expressed frustration that while they make attempts to work cohesively across branches, sometimes the direction of their leaders dictates the opposite.

Training

Formal training and awareness sessions are provided and comprehensively address the full scope of V&E, with topics ranging from the Codes, Conflict of Interest (CoI), harassment and the Informal Conflict Management System (ICMS). Training is delivered as part of the orientation for new employees and as part of executive onboarding. The Department also has specified training on some key topics, most notably the recent training on harassment and violence in the work place, which was mandatory for all employees. Information sessions and online training for directors general and managers/supervisors were provided on managing performance (PERFORM).

The above-mentioned training and awareness sessions provide a comprehensive overview of V&E, V&E risks and corresponding obligations. Content focuses on the importance of departmental values and key expected behaviours as well as the consequences of failing to comply with the Codes. Key V&E risks and scenarios such as conflict of interest, harassment, violence in the work place and disclosure of wrongdoing are all appropriately addressed. In summary, we feel the training provided to staff on V&E-related issues is adequate.

Disclosure Processes

Mechanisms such as codes of conduct, departmental values and training all represent important preventative controls, setting direction and increasing awareness and knowledge that help to prevent V&E breaches from occurring. These are complemented by detective controls, which help to identify issues or concerns as they emerge, so that they can be addressed and remedied. Among the most important detective controls are the reporting and disclosure channels that are required under the Public Service Disclosure Protection Act (PSDPA)^{Note 12}. Of these practices, the Senior Officer for Disclosure is critical. As noted earlier under governance, we have concluded that more clarity is needed in accountability and communication of roles. In addition to that finding, others related to the Department's disclosure process are provided below.

First, by way of background, the current disclosure processes include:

The mechanisms^{Note 13} staff have at their disposal to report real or suspected wrongdoing and,
The channels for confidential reporting of conflict of interest, required under the Policy on Conflict of Interest.

The audit found that overall, information on the channels for reporting are relatively well-documented and available to staff, although some improvements could be made in relation to the disclosure process as outlined below.

Conflict of Interest:

Guidance on the reporting of real potential conflicts of interest was well documented and accessible to staff and leadership via the departmental code of conduct and the InfoCentral web site related to conflict of interest and post-employment.

Wrongdoing:

The Values and Ethics Code for the Public Sector, the PS Code of Conduct, the Departmental Disclosure Guidelines and the Values and Ethics Webpage on InfoCentral, all clearly reference the PSDPA and articulate the full set of disclosure channel/mechanisms and reporting procedures at the departmental level. The collective guidance that is provided references channels such as an employee's immediate supervisor, the Department's senior officer for disclosure or the Public Sector Integrity Commissioner (PSIC). However, as noted earlier, easy accessibility to information on the Senior Officer for Disclosure was not in evidence. Also, despite this training, workshops with staff indicated that a number of participants did not fully understand the full options available to them for disclosure. Therefore, more proactive communication of the options for reporting may be needed.

Harassment:

As for harassment in the workplace, information and guidance on the reporting and resolution process is available through the Departmental Code, on InfoCentral and through the Department's Informal Conflict Management System (ICMS) Services.

Workshop data indicates that levels of comfort in using the Department's various channels of disclosure vary. Based on the data provided below, we have concluded that there is insufficient trust in the current disclosure channels. First, in general:

While the majority of workshop participants indicated having a high level of confidence that their immediate supervisor would properly investigate if they reported an ethical breach or wrongdoing (72% strongly agreed or agreed), middle managers (EX minus 1 and 2) were least likely to strongly agree or agree with this statement (33% agreed compared to 67% who disagreed).
60% of participants strongly disagreed or disagreed that those who report/disclose suspected improprieties are protected from reprisal. Within this group, 88% of middle managers strongly disagreed or disagreed with this statement. While the Departmental Disclosure Guidelines clearly specify that employees can use reporting channels confidently and without fear of reprisal, workshop results indicate that the level of trust in these channels is low and that fear of reprisal is high.

The audit also examined comfort with specific reporting channels. The following graph shows the results. (Note that with the exception of the first bar, responses of “strongly disagree” or “disagree” indicate a lack of comfort; while “agree” or “strongly agree” indicates comfort with the specified reporting channels.)

While overall individuals were comfortable reporting, some areas of concern exist:

Image Description

This graph shows the percentage of comfort workshop participants had with specific reporting channels

Not comfortable reporting a V&E breach

30% of workshop participants strongly agree that they are not comfortable reporting a V&E breach
42% of workshop participants agree that they are not comfortable reporting a V&E breach
20% of workshop participants disagree that they are not comfortable reporting a V&E breach
8% of workshop participants strongly disagree that they are not comfortable reporting a V&E breach

Anonymous Reporting

18% of workshop participants strongly disagreed that they would feel comfortable with anonymous reporting of a disclosure.
16% of workshop participants disagreed that they would feel comfortable with anonymous reporting of a disclosure.
36% of workshop participants agreed that they would feel comfortable with anonymous reporting of a disclosure.
30% of workshop participants strongly agreed that they would feel comfortable with anonymous reporting of a disclosure.

Chief Audit Executive/Auditor

20% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to the Chief Audit Executive or an auditor.
35% of workshop participants disagreed that they would feel comfortable with anonymous reporting a disclosure to the Chief Audit Executive or an auditor.
31% of workshop participants agreed that they would feel comfortable with anonymous reporting a disclosure to the Chief Audit Executive or an auditor.
14% of workshop participants strongly agreed that they would feel comfortable with anonymous reporting a disclosure to the Chief Audit Executive or an auditor.

Public Sector Integrity Commissioner

18% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to the Public Sector Integrity Commissioner.
37% of workshop participants disagreed that they would feel comfortable reporting a disclosure to the Public Sector Integrity Commissioner.
35% of workshop participants agreed that they would feel comfortable reporting a disclosure to the Public Sector Integrity Commissioner.
10% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to the Public Sector Integrity Commissioner.

A Friend/Peer

0% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to a friend or a peer.
14% of workshop participants disagreed that they would feel comfortable reporting a disclosure to a friend or a peer.
31% of workshop participants agreed that they would feel comfortable reporting a disclosure to a friend or a peer.
55% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to a friend or a peer.

A Union Representative

8% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to a union representative.
35% of workshop participants disagreed that they would feel comfortable reporting a disclosure to a union representative.
39% of workshop participants agreed that they would feel comfortable reporting a disclosure to a union representative.
18% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to union representative.

Deputy Minister / Assistant Deputy Minister

36% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to the Deputy Minister or the Assistant Deputy Minister.
36% of workshop participants disagreed that they would feel comfortable reporting a disclosure to the Deputy Minister or the Assistant Deputy Minister.
32% of workshop participants agreed that they would feel comfortable reporting a disclosure to the Deputy Minister or the Assistant Deputy Minister.
6% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to the Deputy Minister or the Assistant Deputy Minister.

HR Representative

12% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to an HR representative.
39% of workshop participants disagreed that they would feel comfortable reporting a disclosure to an HR representative,
27% of workshop participants agreed that they would feel comfortable reporting a disclosure to an HR representative.
22% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to an HR representative.

Senior Officer for Disclosure

14% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to a senior officer for disclosure.
36% of workshop participants disagreed that they would feel comfortable reporting a disclosure to a senior officer for disclosure.
30% of workshop participants agreed that they would feel comfortable reporting a disclosure to a senior officer for disclosure.
20% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to a senior officer for disclosure.

Supervisor's Boss

4% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to their supervisor's boss.
37% of workshop participants disagreed that they would feel comfortable reporting a disclosure to their supervisor's boss.
33% of workshop participants agreed that they would feel comfortable reporting a disclosure to their supervisor's boss.
25% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to their supervisor's boss.

Immediate Supervisor

2% of workshop participants strongly disagreed that they would feel comfortable reporting a disclosure to their immediate supervisor.
24% of workshop participants disagreed that they would feel comfortable reporting a disclosure to their immediate supervisor.
33% of workshop participants agreed that they would feel comfortable reporting a disclosure to their immediate supervisor.
41% of workshop participants strongly agreed that they would feel comfortable reporting a disclosure to their immediate supervisor.

Workshop participants were comfortable reporting a disclosure to their immediate supervisor (74%) or their supervisor's boss (58%). This is a positive finding as it indicates that the highest comfort level resides in the individual's immediate work environment. Having said this, other results presented below suggest that trust, more broadly is a problem.
Workshop participants overall have the greatest comfort in reporting issues to a friend or a peer (86%) or through anonymous reporting (66%). In a healthy culture, anonymous reporting is not a preferred reporting mechanism, but it is a necessary one to have available. It is noteworthy that the department had, to the date of this audit, received no formal disclosures of wrongdoing^{Note 14}, but has had one recent anonymous report submitted, which was subsequently investigated. Action plans are presently being developed in response.
Participants indicated a lower comfort level rating in reporting a disclosure to the DM/Assistant Deputy Minister (ADM). Workshop discussion indicated that this is mainly attributable to the high level of these positions.
Other options such as the Public Sector Integrity Commissioner, the Chief Audit Executive and Senior Officer for Disclosure received less agreement (i.e., comfort). Workshop discussions indicate that this is because the individuals in these positions are not well known to the participants or the positions were not known as available channels.
The fact that only 50% of participants felt comfortable reporting to the Senior Officer of Disclosure is of serious concern given that this is an important preventative, detective and corrective mechanism.
In addition, only 49% of participants strongly agreed or agreed that they would feel comfortable reporting a disclosure to HR. Through discussions, participants indicated that HR is viewed as a representative for management, not employees.
Approximately 28% of all workshop participants (all groups) strongly agreed or agreed that they do not feel comfortable reporting a V&E breach. Of this total group, the data from non-executive groups is of particular concern. 44% of all responding non-executives (not shown in graphic) were not comfortable in reporting through any of the disclosure options.

The following graphic suggests possible reasons for the discomfort in reporting:

Image Description

This graph shows Extent of Agreement that any of the Following are Barriers to reporting a V&E Breach

“I have been told by my leadership not to report”

65% of workshop participants strongly disagreed that being told by their leadership not to report would be a barrier to reporting a V&E breach.
29% of workshop participants disagreed that being told by their leadership not to report would be a barrier to reporting a V&E breach.
2% of workshop participants agreed that being told by their leadership not to report would be a barrier to reporting a V&E breach.
4% of workshop participants strongly agreed that being told by their leadership not to report would be a barrier to reporting a V&E breach.

“I don't think I would be supported by my manager”

43% of workshop participants strongly disagreed that their manager would not support them in reporting a V&E breach.
35% of workshop participants disagreed that their manager would not support them in reporting a V&E breach.
18% of workshop participants agreed that they didn't think their manager would support them in reporting a V&E breach.
4% of workshop participants strongly agreed that they didn't think their manager would support them in reporting a V&E breach.

“I'm not sure where to get help”

33% of workshop participants strongly disagreed that not being sure where to get help would be a barrier to reporting a V&E breach.
47% of workshop participants disagreed that not being sure where to get help would be a barrier to reporting a V&E breach.
18% of workshop participants agreed that not being sure where to get help would be a barrier to reporting a V&E breach.
2% of workshop participants strongly agreed that not being sure where to get help would be a barrier to reporting a V&E breach.

“It would be easier for me to keep my head down”

20% of workshop participants strongly disagreed that the notion that it would be easier to keep their head down, would be a barrier to reporting a V&E breach.
39% of workshop participants disagreed that the notion that it would be easier to keep their head down would be a barrier to reporting a V&E breach.
33% of workshop participants agreed that that the notion that it would be easier to keep their head down, would be a barrier to reporting a V&E breach.
8% of workshop participants strongly agreed that that the notion that it would be easier to keep their head down, would be a barrier to reporting a V&E breach.

“I would likely transfer out of the group instead of…”

33% of workshop participants strongly disagreed that the option to transfer out of the group instead of reporting a V&E breach would be a barrier to reporting a V&E breach.
39% of workshop participants disagreed that the option to transfer out of the group instead of reporting a V&E breach would be a barrier to reporting a V&E breach.
24% of workshop participants agreed that that the option to transfer out of the group instead of reporting a V&E breach would be a barrier to reporting a V&E breach.
4% of workshop participants strongly agreed that the option to transfer out of the group instead of reporting a V&E breach would be a barrier to reporting a V&E breach.

“I don't think it would make a difference”

12% of workshop participants strongly disagreed that thinking that it wouldn't make a difference would be a barrier to reporting a V&E breach.
41% of workshop participants disagreed that thinking that it wouldn't make a difference would be a barrier to reporting a V&E breach.
37% of workshop participants agreed that thinking that it wouldn't make a difference would be a barrier to reporting a V&E breach.
10% of workshop participants strongly agreed that thinking that it wouldn't make a difference would be a barrier to reporting a V&E breach.

“I don't think it would be investigated properly”

10% of workshop participants strongly disagreed that thinking that a breach wouldn't be investigated properly would be a barrier to reporting a V&E breach.
38% of workshop participants disagreed that thinking that a breach wouldn't be investigated properly would be a barrier to reporting a V&E breach.
44% of workshop participants agreed that thinking that a breach wouldn't be investigated properly would be a barrier to reporting a V&E breach.
8% of workshop participants strongly agreed that thinking that a breach wouldn't be investigated properly would be a barrier to reporting a V&E breach.

“I think it would limit my future career prospects”

10% of workshop participants strongly disagreed that thinking that reporting a V&E breach would limit their career prospects would be a barrier to reporting a V&E breach.
31% of workshop participants disagreed that thinking that reporting a V&E breach would limit their career prospects would be a barrier to reporting a V&E breach.
43% of workshop participants agreed that thinking that reporting a V&E breach would limit their career prospects would be a barrier to reporting a V&E breach.
16% of workshop participants strongly agreed that thinking that reporting a V&E breach would limit their career prospects would be a barrier to reporting a V&E breach.

“I am fearful of reprisal”

13% of workshop participants strongly disagreed that fear of reprisal for reporting a V&E breach would be a barrier to reporting a V&E breach.
40% of workshop participants disagreed that thinking that fear of reprisal for reporting a V&E breach would be a barrier to reporting a V&E breach.
31% of workshop participants agreed that thinking that fear of reprisal for reporting a V&E breach would be a barrier to reporting a V&E breach.
17% of workshop participants strongly agreed that fear of reprisal for reporting a V&E breach would be a barrier to reporting a V&E breach.

“I do not trust the mechanisms available at Public Safety”

14% of workshop participants strongly disagreed that not trusting the mechanisms available at Public Safety would be a barrier to reporting a V&E breach.
43% of workshop participants disagreed that not trusting the mechanisms available at Public Safety would be a barrier to reporting a V&E breach.
33% of workshop participants agreed that not trusting the mechanisms available at Public Safety would be a barrier to reporting a V&E breach.

10% of workshop participants strongly agreed that not trusting the mechanisms available at Public Safety would be a barrier to reporting a V&E breach.

Positively, a majority of respondents felt that they would be supported by their manager and most knew where they could go if they needed help.

However, we remain concerned by the following results:

59% indicated they thought a disclosure/reporting would limit their future career prospects. Many workshop participants, particularly those in the non-executive and middle manager level noted that reporting a V&E breach would “follow you” throughout your career, reflecting their view that those who report/disclose suspected improprieties are not protected from reprisal.
Indeed, 48% indicated being fearful of reprisal.
52% did not think it would be investigated properly.
47% did not think reporting a breach would make a difference. A number of workshop participants noted that this is because senior management will “close ranks” to protect executives who may be named in disclosures
Almost 45% indicated that they did not trust the mechanisms available at PS to report a values and ethics breach. While the aggregated results are shown in the bar graph above, middle managers (not shown in graphic) had the least amount of trust in the mechanisms (88% strongly agreed or agreed with this statement, i.e., did not trust the mechanisms).

Through the discussions, most workshop participants indicated that they would be more comfortable reporting what they considered “egregious breaches of ethics”, including conflicts of interest, fraud, theft, etc. Indeed, they felt this was their obligation as a public servant, tying this closely to their duty to safeguard taxpayers' dollars and public trust. However, in cases of breaches of values, reluctance was higher; in part due to the fact that values are more amorphous than ethics and accordingly, there is a greater “grey zone” in interpreting whether behaviour is appropriate (or not) in relation to the departmental values.

As reported earlier, the vagueness with which the departmental values are worded contributes to this challenge. As well, many workshop participants felt it would be valuable to have an internal resource that could be accessed for advice (on an as-needed-basis) as to whether certain behaviour was appropriate or not in relation to the Code of Conduct and departmental values. In the absence of such an advisory function, they indicated they would err on the side of non-reporting.

V&E-based Decision Making

Complementing our examination of communications, we assessed the extent to which current governance, decision-making and operational processes were designed to compel adherence to values and ethics requirements. Operationally, we examined the design^{Note 15} of the staffing and grants and contributions processes to see if conflict of interest safeguards were embedded in the business processes.

We found that for staffing, appropriate safeguards are in place to prevent and detect conflicts of interest. In the case of grants and contributions, new and well-designed practices are being implemented on a mandatory basis.

We also assessed some of the Department's higher-order decision-making processes and expected to see that the processes reflected and compelled the adherence to the departmental values, particularly unity and respect. The audit focused on planning, prioritization, pressures management and change management processes related to the Realignment Initiative. These were selected because they are the key points at which leaders must come together as a team, wearing “corporate hats” to make decisions in the long-term and best interest of the entire organization. These are the points at which leaders' adherence to their fiduciary responsibility to the department is most obviously demonstrated.

Fiduciary responsibility, also known as duty of loyalty, refers to the obligations of the organization's governors to act honestly and in good faith, with a view to the best interest of the organization. It is a notion most widely used to outline the oversight duties of Boards of Directors; however, the principles of fiduciary responsibility are embedded many instruments of public sector management, including the Financial Administration Act, the Values and Ethics Code for the Public Sector, the Policy on Conflict of Interest and various elements of the Management Accountability Framework (MAF).

The audit examined these formal processes to determine if they compelled collaboration and integrative thinking. While we have noted positive change since previous audits, some improvements are still needed in these areas. As with other findings in this report, the gaps appear to be related both to process and to culture. For instance, in the pressures exercise, the absence of formal and specific criteria to define a departmental priority for funding allowed leaders to pursue their own branch priorities, rather than reflecting on the greatest value for the Department as a whole. This, coupled with an organizational culture that is already predisposed to siloes makes it extremely challenging to compel leaders to put the organization first, before their own branches.

Recommendations

The Director General of Human Resources (DG HR) as the Office of Primary Interest (OPI) should consolidate and develop a single V&E frame and action plan that integrates, rationalizes and prioritizes the activities and initiatives that directly or indirectly support the department's V&E objectives, outcomes and expected results.
1. Consider developing a V&E logic model to map and rationalize the priority activities/initiatives.
2. Based on the mapping, leverage existing indicators and where necessary consult with senior management on the development of customized, targeted indicators of risk and performance, for use in monitoring and oversight (see recommendation 3 below).
The DG HR as the OPI and working with the Departmental Management Committee (DMC) should strengthen formal V&E practices by:
1. Further clarifying expectations related to departmental values, including the ways in which they should be operationalized at the working level and the inter-play between them
2. Further clarifying and communicating the key V&E roles, responsibilities and accountabilities, including the role of the Senior Officer for Disclosure and the Workplace Wellness Ambassador
3. Further clarifying and communicating the departmental disclosure processes, both formal and informal. Each process will include documenting: the steps to address and resolve workplace issues, the responsibilities of the employee and management, the associated protections available to staff, and the constraints of each process. Mechanisms should be put in place to ensure accountability for the processes working as intended.

Management Response

Management Response
#	Management Action Plan	Planned Completion Date
1	Develop a risk and results-based strategic framework that integrates shared outcomes of the various initiatives related to V&E within the department and that sets out the direction, vision, expected results, responsibilities and accountabilities for an integrated V&E regime. As part of the strategic framework and in consultations with EXs and DMC members: Develop a consolidated action plan; and Develop a monitoring and performance measurement framework, including risk assessment and mitigation strategies and performance indicators, to be approved by DMC and informed by actions under Recommendation 3.	September 30, 2015 March 31, 2016
2	Continue to build on consultations with employees to define “simple rules” for workplace wellness. Integrate in the consolidated action plan engagement and training related-activities by which to consult with departmental managers and employees to clarify departmental values and expectations of good leadership and management behaviours (e.g. – build on the work the “simple rules” for workplace wellness); Communicate and promote best practices to align and support V&E and effective and expected behaviours, V&E roles, responsibilities and accountabilities, and identify and implement discussion forums among EXs and among other levels of employees for learning and awareness building and the promotion of effective V&E behaviours, including, but not limited to: Information sessions on V&E roles, responsibilities and accountabilities; Discussion forums with Executives; Discussion forums with all employees; Introduction of Ethical Dilemmas of the Month with discussion points to assist managers in holding discussions with employees. Review and clarify for employees, through integrated channels, the role of the Senior Officer for Disclosure and the Workplace Wellness Ambassador, the departmental disclosure process, including the associated protections available to staff.	March 31, 2016 March 31, 2016 March 31, 2016

2.2 V&E Monitoring

What We Expected to Find:

An important part of any management control framework is the suite of monitoring practices that exist to provide management with insight into the state of performance. In the case of V&E, we expected to find robust and regularized processes that track and assess not only the state of the Department's values and ethics (e.g., the “pulse”), but also the effectiveness of the V&E programs and initiatives that enable and sustain strong values and ethics over time.

These practices are critical to helping the Deputy Minister, senior management and HR to stay abreast of risks and issues and to discharge their oversight responsibilities in a timely and meaningful fashion.

The audit found that while some specific monitoring is being done, it tends to be in relation to externally-driven compliance requirements (e.g., PSES, APEX survey), rather than against department-specific outcomes. As previously stated no single, cohesive strategy or plan exists to proactively define the Department's V&E objectives and expected results. By extension, there is no overarching monitoring that is taking place^{Note 16}. While the Department did conduct a V&E risk assessment in 2009-10, more recent monitoring of V&E exposures has not been done.

The audit did find that management is monitoring progress against some externally driven initiatives, such as the PSES / APEX surveys, etc. As well, additional strategies are being developed (e.g., Management Capacity Strategy). However, these elements are not sufficiently connected/integrated and therefore do not provide the basis against which cohesive, comprehensive monitoring of V&E risks and performance can be done.

In the absence of formal and regular monitoring, the ability of the Deputy and the governance bodies to obtain an efficient, fulsome picture of the state of the Department's V&E regime will be hampered. By extension, their ability to be proactive and develop effective and efficient solutions to identified problems will also be limited.

Recommendations:

The DG HR as the OPI and working with the DMC should improve V&E reporting and oversight by:
1. Reporting regularly on progress against the integrated V&E action plan (noted above in Recommendation 1).
2. Enhancing the robustness of V&E risk assessment, ensuring these V&E risks are tracked and considered as part of key corporate monitoring mechanisms.
3. Developing and tracking formal indicators of the performance and behaviour of leaders in relation to V&E.

Management Response

Management Response
#	Management Action Plan	Planned Completion Date
3	Provide semi-annual updates to DMC on progress against the consolidated action plan The Associate DM will regularly engage managers and executives, at appropriate committees and fora, to consult on and discuss V&E risks and inform recommendations and follow-up actions. Establish the means by which Senior Management will review, assess, and develop mitigation strategies of V&E risks. The assessment of V&E risks to be informed (but not limited) by the following: Development of a monitoring and performance measurement strategy for the obtainment of timely information on areas of V&E risks and performance against indicators. It will inform the development of the risk-based strategic framework and performance will be reviewed by DMC annually. Consideration of potential V&E risks and mitigation strategies by branch management teams through the conduct of the Corporate Risk Profile, and other corporate planning and reporting exercises. Information on and an assessment of areas of LR risks in the department. Develop, as part of the performance measurement strategy, a V&E monitoring plan of the EX Performance Management Program, to ensure PS values are set out in performance agreements and performance against them is factored in to the evaluation process with the use of formal indicators (i.e. the “how” will be evaluated in equal measure to the “what”).	report on first monitoring cycle of 2015-16 in September 2016 Implemented for the 2016-17 planning cycle

2.3 Control Environment

As noted in the introduction of this report, the department's informal controls, or control environment set the tone of the organization, influencing employees' consciousness of and commitment to controls of all types. In this way, the control environment provides the foundation for all other components of the management control framework. The control environment includes the integrity and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by senior leaders^{Note 17}”.

The notion of the control environment is particularly relevant when examining a V&E regime, where individual commitment to the formal V&E practices is critical to their successful implementation. As noted in the introduction, the risk analysis conducted during the planning phase, as well as previous audits^{Note 18} identified concerns with the state of the control environment, many of which were driven by some specific “cultural” characteristics^{Note 19} of the Department.

Accordingly, the audit examined the practices that should be in place to manage the risks to an eroding control environment and organizational culture. Our focus was on the following:

Information and communications: formal and informal messaging from leaders on V&E is an important preventative mechanism, laying out expectations for behaviour and employee commitment that is so important for a healthy V&E regime.
Leadership development: collectively, the practices used to recruit, develop and manage the performance of leaders are integral to developing the “tone at the top” and the “tone at the middle” of the organization. As well, leaders' ability to manage their own staff – including delivering tough messages around performance and behaviour – are critical detective and corrective controls, helping to identify, manage and resolve behaviour that may be counter with the Department's V&E expectations.
Change management: when an organization's culture or control environment is at risk, an organization's change management processes are powerful instruments by which an organization can remedy the problems. Accordingly, using a case study approach, the audit examined the Department's realignment process as a corrective control.

What We Expected to Find:

In auditing these areas, we expected to find evidence that management's messaging reflects a tone at the top that shows a commitment to control and a clear expectation that all staff will “live” the department's values and ethics. Further, we expected to find that these messages drive and are reflected in, the processes used to develop and manage its leaders. We expected to find evidence that the realignment exercise was being leveraged as a means to adjust and evolve the organizational culture to one which is more management focused.

Informal and Formal Communications

Information and communications (both formal and informal) were examined to assess the degree to which leaders “talk the talk”. As well, the existence and adherence to formal practices that reflect departmental V&E in daily governance and operations were assessed to determine the degree to which leaders “walk the talk”. First, on the communications front, we found that the Department's formal messages to staff around V&E are regularly conveyed, consistent and reflective of the government and departmental codes and values. Examples include regular messaging from the Deputy Minister and Associate Deputy Minister including the announcement of the Realignment exercise and ongoing updates on the exercise that included references to the organizational values. Audit interviews and discussions with the Deputy Minister and Associate Deputy Minister indicate a strong commitment to the principles of V&E and to addressing known weaknesses.

Departmental values and the Code of Conduct are broadly communicated; although, as noted earlier in the report, there exists some opportunity to more specifically define the expected (and prohibited) behaviour associated with each of the departmental values.

While it is important to highlight these strengths, we also note that employees' level of trust in the messages and channels by which they are communicated is very low. Workshop and interview consultations indicated that while trusted communications most often existed between staff and their immediate supervisor, the same is not the case with management beyond immediate supervisors. Inter- and intra-branch trust is low and is having a negative effect on employee morale, commitment and their willingness / comfort to raise issues and concerns within the environment. We understand that communications are always inherently challenging (i.e., it is difficult to control for style and personality of the communicator and for the reception to the message by staff); nonetheless, we remain concerned that the lack of trust is widespread. Strong leadership is a key success factor for effective and trusted communications. Thus, as outlined below, the audit examined the processes in place to recruit, develop and promote strong leaders.

Leadership Development Practices

Practices such as recruitment, training and development, talent and performance management are critical preventative, detective and corrective controls against leadership and culture-related risks. We have concluded that the Department has a number of good practices in place, although some areas of improvement have been identified. Specifically, there is evidence that some management practices have been or are being put in place to try to compel an appropriate focus on people management capacity. This includes the performance development process for staff and executives. However, there is some evidence that the Department's current culture and performance management capacity may be working against the ability of the organization to evolve to a management-focused orientation. This is discussed further below.

Recruitment

From a recruitment perspective, the department follows the government of Canada's approach to executive staffing, which affords certain flexibilities to the hiring managers under the delegation of authorities under the Public Service Employment Act (PSEA). The audit examined^{Note 20} the design of the executive staffing processes to determine if it allowed appropriate consideration of leadership competencies and people management acumen in those that were being considered for leadership positions in PS.

Based on our testing, we understand that process, as designed requires hiring managers to assess leadership competencies where appropriatev. However, interviews and workshop results both indicated a common concern that new leaders are being recruited for their technical expertise rather than their management acumen. Our limited file review noted that leadership competencies were generally only one of many requirements. Because we did not observe the hiring managers as they were recruiting, we were not able to confirm the emphasis that might have been placed on leadership and management matters in interviews.

Under the current staffing regime, we understand that HR helps support the process and is involved with interviews, but the bulk of the control rests with the hiring manager. As a result, if the hiring manager does not value leadership and managerial competencies, depending on the staffing approach taken, there is little in place to prevent them from overlooking these critical competencies. This condition is not uncommon across government where similar challenges exist. It is important to note that the audit is not suggesting the removal of flexibilities afforded under the PSEA. However, we feel that management should consider ways to place additional emphasis on staffing for managerial merit, as opposed to technical, subject-matter expertise. Additional, risk-based monitoring and oversight by HR of the hiring managers' weightings may be warranted to ensure that the future cadre of managers are competent in people management.

Professional Development and Talent Management

Once in place, leaders are developed and managed through a variety of means (e.g., training, talent management and performance management). Among the Department's important leadership development practices are its talent management processes. Talent management is a critical step in leadership development as it helps to establish an effective talent pipeline for the organization. PS has recently introduced a more formal Talent Management process that is initiated every Fall. Using tools and guidance from the Office of the Chief Human Resources Officer, each branch develops and reviews reports on individual leaders, engaging in Branch-wide discussions that involve the ADMs and HR/Labour Relations. The Deputy Minister and the Associate Deputy Minister then meet with ADMs to discuss talent management and to place all executives on a talent map. ADMs are also expected to have one-on-one discussions with each of their executives. The design of this process is sound as it engages the appropriate parties. The process as designed also has good oversight as the approved talent management placements are reviewed by the Talent Management Review Committee^{Note 22} to determine development needs; how to support employees and develop them further; and readiness for lateral or upward mobility.

The outcomes of the talent management plan include action plans for those whose performance is considered low, talent management plans for “high flyers” and individual learning plans for all executives. Thus, the audit found that the talent management process is well designed for managing high performers, as well as those that are not achieving their potential.

While the processes are well designed, the audit found that more explicit attention could be placed on tracking and considering leaders' behaviours as a condition of their advancement. At this stage of implementation, a DG Committee will only be monitoring compliance with the Directive and not the quality or the results from the plans. As well, there is evidence through the senior level interview consultations that the discussions among senior leaders on the Talent Management Review Committee (TMRC) could be more frank and balanced. In addition, the Talent Management Guide does not provide any reference to PS's V&Es; although reference is made to the key leadership competencies which are aligned with the Public Service and the departmental values.

Complementing the talent management process, in 2013-14, all PS executives (EX-01 to EX-05) were required to participate in a 360-degree assessment and targeted follow up coaching. The audit found that the process is a useful and valuable way to support leadership development, although selecting the assessors randomly would have introduced more integrity into the process. As well, we understand this will not be a recurring process, linked to talent management or performance management of executives.

Performance Management

The final element of leadership development is the process by which their performance is managed. This was examined for two reasons: first, to determine if the current performance management practices are adequate to enable and develop V&E-based leadership among existing leaders.

The audit found clear evidence that the performance management program (PMP) for executives in PS has become better established and that important progress has been made tracking individual and the executive cadre's performance over time. Positively, the PMP, which is appropriately integrated with the Talent Management process described above, requires an explicit and balanced focus on leaders' accomplishments and the means by which they realize them. In the 2013-14 fiscal year, the performance review process placed a heavier weighting on how work was performed including assessing how departmental values are upheld and key leadership competencies, particularly people management, are displayed. For this fiscal year and going forward, we understand that if there is a discrepancy between the “results” measure and the “values/leadership” measure, the rating for “values/leadership” is intended to stand as the overall rating and will be reflected in performance pay. In other words, in such situations, high results will not be fully rewarded without a strong demonstration of the PS values and the key leadership competencies. We feel this sets a strong and appropriate tone at the top in relation to behavioural expectations of leaders. It will be important going forward that management overrides not be permitted, to ensure consistency of the process.

As well, the new performance management process for non-executives (PERFORM) is an important and well-designed control that helps to embed V&E and other behavioural considerations into the performance management regime of leaders. It builds on the TB Directive and the current PMP for executives. By design, the new and existing performance management programs and process should result in more effective identification of top talent as well as poor performers. If implemented as designed, it should change how performance is assessed and introduce consequences for actions including financial ones.

Each of the above-noted improvements to the department's leadership development mechanisms will help the department. But we know that the single biggest predictor of control strength is management's commitment, willingness and ability to administer the processes as intended. In the case of leadership development and people management, this means that managers and executives, as well as the talent and performance management review committees, must be willing and able to have uncomfortable discussions, make difficult decisions and take firm action about behaviour and performance.

The workshop results reveal that many participants felt that leaders did not have the skills and/or the willingness to use the performance management process to appropriately address V&E issues: Only 41% strongly agreed or agreed that their leaders have the skills to use performance management process to appropriately address V&E issues. Only 38% strongly agreed or agreed that they have the willingness.

Over the medium term, an investment in leadership development practices will help to change the culture; but in the interim, additional senior management oversight should be put in place to ensure that the department is truly and genuinely moving towards a culture where leadership and management is valued.

Realignment: An Opportunity for Cultural Transformation

Using the departmental realignment as a case study, the audit assessed the extent to which it was being leveraged as a corrective mechanism to help reorient the Department's structure and culture towards greater unity, coherence and management-focus. It is important to note that this was not a fulsome audit of change management; rather, we examined change management as a mechanism by which known issues of culture were being addressed.

Through our examination, we found additional evidence of strong “tone at the top”, most notably evidenced from the senior attention (DM and Associate DM level) that is being placed on leading the change. We have also concluded that the messages and communications around change are in line with and supportive of a commitment to V&E. As well, we have noted that appropriate investments – most notably in the form of an external change management consultant – are being made to enable and sustain culture change.

We understand that the initial goal of the realignment was to enhance organizational effectiveness and efficiency as well as policy and program integration, over time. We further understand that as new issues arose – many of which were related to V&E – the focus of the changes expanded to encompass other priorities (e.g., BP 2020, priorities stemming from recent investigations related to V&E, etc.). Such an evolutionary approach is appropriate and is more efficient than initiating new projects to address each new issue as it emerges. However, with such an approach, the risk of miscommunication and staff confusion is increased. Indeed, the audit found that this risk may be materializing.

Specifically, evidence from interviews and workshops indicated that staff was sometimes unaware of how the various elements of change were inter-related, expressing concerns about coherence and change fatigue. This increases the risk of staff disengagement. Continued effort is needed to define the full scope of the realignment initiative and to clearly articulate the desired end state, including the desired changes in culture and behaviour. This is important to ensure understanding and buy-in to the desired changes.

During the period of the audit fieldwork, we noted that the branches were working in relative isolation of each other in their management of change. We also noted that Branch efforts (individually or collectively) were, at the time, not sufficiently focused on desired outcomes. We further noted that additional opportunity existed to share and apply common concerns and lessons. Because of this, we were concerned that this approach to change management reinforced siloes, rather than eliminated them. However, since the completion of the audit testing, we have seen evidence of Branches working more closely together to address common cultural issues. Targeted executive retreats and the formation of a department-wide transformation team are but two examples. We view these developments positively and encourage such measures to continue.

Finally, we were unable to find evidence of formal attention being placed on identifying and monitoring the risks to change or the achievement of pre-defined outcomes. Such monitoring is critical to ensure common, systemic issues are being identified, managed and resolved, all of which is needed to ensure sustained culture change. Recent discussions with senior management indicate a positive commitment to regular monitoring, which we understand will take place as part of the Transformation Team's scope.

Thus, we found that progress has been made and attention is being devoted to culture change. Indeed, the Realignment initiative provides management with an ideal opportunity to effect needed cultural shifts. Further, recognizing that change is a constant, the department should seize any future change initiatives as further opportunities to advance and reinforce cultural dimensions of good management.

Recommendations

The DG HR as the OPI and working with the DMC should strengthen the control environment by taking a systematic, values-based approach to the recruitment and management of current and future leaders. To this end, the department should:
1. Reinforce management tools such as statement of merit criteria focusing on leadership, interview questions and reference checks that engage the candidates' peers and subordinates as part of leadership recruitment.
2. Based on risk, ensure more rigorous oversight of leadership staffing decisions by HR.
3. Facilitate access to 360 feedback as an element of employee development, ensuring that the assessors are randomly selected and are protected in terms of their anonymity.
4. Equip leaders with the skills and tools they need to effectively and meaningfully have difficult discussions around performance and reinforce to managers their accountabilities regarding performance management and associated disciplinary actions.
5. Ensure that leaders' performance reviews are written objectively and are informed by multiple perspectives, i.e. colleagues, Labour Relations, employees, in order to provide a fair assessment of leaders' interactions, and that performance reviews explicitly reference back to the expectations and targets set out in the PMAs, as well as the leadership competencies, to hold them accountable.
6. In cases of known performance problems for those in leadership/managerial positions, hold their leaders personally and financially accountable, through their performance ratings, for the management of the former's performance.
The DG HR as the OPI and working with the DMC should support the Deputy Minister in continuing his positive and targeted communications on values and ethics. Together with the broader leadership cadre, ensure consistent outreach and change management efforts, taking advantage of the change initiatives underway to help evolve the organizational culture.

Management Response

Management Response
#	Management Action Plan	Planned Completion Date
4	Development and implementation of generic competency profiles and standardized statements of merit criteria, to be implemented progressively as groups (AS, EC, etc.) are completed Implement 360 reference checks for promotional appointments to management and supervisory positions. Implement measures to obtain attestation from hiring managers that their staffing decisions will support PS's values-based culture and from employees of their commitment to V&E Integrate into a Staffing Monitoring and Reporting Control Framework the monitoring of V&E leadership competencies of EX, management and supervisory appointments. Due to privacy concerns and logistical constraints of randomly selecting assessors, 360 feedback for employee development purposes will not be pursued. However, it is believed that the intended objectives of developing core competencies in V&E behaviours will be met through the inclusion of V&E in learning and development activities, such as the Learning Curriculum for Managers. Identify and implement development initiatives to improve managers' competencies in managing conflict, difficult conversations, and disciplinary actions. Review and update PERFORM training materials targeted to managers to reinforce their responsibilities in managing performance. Review and update guidelines for management teams on the conduct of EX PMP calibration meetings to ensure the assessment of leadership competencies, based on formal indicators, and the consideration of multiple perspectives in evaluations. Review and update guidelines for management teams on the conduct of PMP calibration meetings to ensure and provide guidance on holding leaders accountable for the performance of their employees and on recognizing managers that are demonstrating sound values and ethics in managing performance.	March 31, 2018
5	Integrate V&E in the departmental communications framework (see Recommendation 2) Incorporate principles of V&E in the development of communications principles in support of efforts to transform Public Safety's culture.	March 31, 2016

Appendix A: Audit Criteria

Appendix A: Audit Criteria
Line of Enquiry & Objective	Practices Examined	Audit Criteria
Culture and Leadership Development Practices PS organizational culture and leadership promotes and sustains an environment that is conducive to living the government and departmental values and ethics.	Leadership promotion, development and management	The department has formal and effective practices in place to develop and sustain leadership and management competencies.
	Information and communication	Senior management effectively and regularly communicates their expectations for values and ethics and for how V&E ought to be integrated into daily departmental operations.
	V&E-based decision-making	Departmental management and decision-making processes embed V&E considerations and enable adherence to public sector code and departmental values.
V&E Framework and Formal Practices Formal V&E practices exist and are implemented, laying the foundation for values-based and ethical operations.	Code and supporting guidance	A formal code of conduct and supporting guidance exists and is accessible, is comprehensive and addresses the key inherent V&E risks of the department.
	Training, outreach and advice	Formal, comprehensive and relevant mechanisms, including training, outreach and a single point of contact, exist to inform staff and contractors of their V&E obligations.
	Disclosure mechanisms	Appropriate channels exist and are used for confidential reporting of suspected improprieties or for the disclosure of potential conflicts of interest.
Oversight Appropriate mechanisms exist to allow for the timely and meaningful oversight of V&E practices, risks and outcomes.	Governance	Appropriate governance and clear accountability arrangements are in place, providing the foundation for oversight, information sharing and tone at the top.
	Monitoring & reporting	Appropriate monitoring mechanisms exist to provide fulsome, timely information to management on the state of departmental V&E and V&E practices, in support of their oversight responsibilities.

Appendix B: References

AndrewsJane, CameronHelen, HarrisMargaret, All change? Managers' experience of organizational change in theory and practice. Journal of Organizational Change Management,Volume: 21 Issue: 3 (2008).

Brittain, B., The leadership immunity to making things happen. Ivey Business Journal (Leadership | July / August 2012).

Burnes, B. and By, R.T. (2011) Leadership and change: the case for greater ethical clarity. Journal of Business Ethics(published online 2 November 2011.

Burnes, B. and Jackson, P. (2011) Success and failure in organisational change: an exploration of the role of Values. Journal of Change Management, 11(2), pp. 133–162.

Covey, S. First Things First. Chapter 3, “The Urgency Addiction.

Covey, S. The Speed of Trust – the One Thing that Changes Everything. Free Press. 2006

Crossan, Mary, Dana Mazutis, Gerard Seijts and Jeffrey Gandz. Developing Leadership Character in Business Programs. Academy of Management Learning and Education. 2013. Vol 12, No 2. pp 285-305.

Crossan, Mary, Jeffrey Gandz and Gerard Seijts. Developing Leadership Character. Ivey Business Journal. January/February 2012.

Ethics Resource Centre 2009 Business Ethics Survey: Ethics and Employee Engagement. 2010.

External Advisory Committee on the Public Service The Fifth Report of the Prime Minister's Advisory Committee on the Public Service(2012) http://www.clerk.gc.ca/eng/feature.asp?pageid=272#4.1.

Gandz, Jeffrey, Mary Crossan, Gerard Seijts and Mark Reno. Leadership Character and Corporate Governance. Human Capital, Issue 167. May 2013.

Harkins, P., 10 Leadership Techniques for Building High- Performing Teams Linkage, 2008.

Holden, D., Leadership Doorways: A different kind of dialogue can transform the results your organization gets. 2010.

Institute of Internal Auditors Global. Evaluating Ethics-Related Programs and Activities. Practice Guide. June 2012.

Keller, S. and Aiken, C. The Inconvenient Truth About Change Management: Why it isn't working and what to do about it. McKinsey & Company.

Kotter J. Leading Change: Why Transformation Efforts Fail, Harvard Business Review, 1998.

Kotter John, Accelerate: Building Strategic Agility for a Faster-Moving World. Harvard Business Review, 2012. p. 224”

Lencioni, P., The Five Dysfunctions of a Team A Leadership Fable. San Francisco: Jossey-Bass (2002).

May, Kathryn. Fixing the Public Service: Groom Stronger, specialized managers, says Hugh Segal. Ottawa Citizen. September 3, 2014

McKinsey and Company The McKinsey 7S Framework Ensuring That All Parts of Your Organization Work in Harmony. http://www.mindtools.com/pages/article/newSTR_91.htm.

McKinsey and Company Enduring Ideas: The 7-S Framework. McKinsey Quarterly. http://www.mckinsey.com/insights/strategy/enduring_ideas_the_7-s_framework

Molinaro, Vince. The Leadership Contract. John Wiley and Sons. 2013

Soren, E. Become a High- Performing Team. Kollner Group Inc. 2009.

Footnotes

1
During the planning of the audit, management identified a number of V&E practices, which were being implemented or adjusted at the time of the audit. To be most responsive, Internal Audit included these practices in the scope and assessed them as they were being developed. In such cases, the focus was on the adequacy of the practices' design; testing of operational effectiveness was not possible as the mechanisms were not yet implemented.
2
InfoCentral.
3
Public Safety Canada. Departmental Audit Committee Charter.
4
During the planning of the audit, management identified a number of V&E practices, which were being implemented or adjusted at the time of the audit. To be most responsive, Internal Audit included these practices in the scope and assessed them as they were being developed. In such cases, the focus was on the adequacy of the practices' design; testing of operational effectiveness was not possible as the mechanisms were not yet implemented.
5
Strictly speaking, the audit did not assess leadership and culture, but focused rather on the practices that enable a strong, V&E-based culture and leadership philosophy.
6
Non-executive personnel included a range of administrative, financial and other support personnel.
7
Selected from the membership of the Young Professionals Network.
8
Selected from the membership of the Middle Managers Network.
9
PS`s InfoCentral
10
The senior officer for disclosure is a mandatory requirement under the Public Servants Disclosure Protection Act (PSDPA).
11
Crossan, Mary, Jeffrey Gandz and Gerard Seijts. Developing Leadership Character. Ivey Business Journal. January/February 2012.
12
See also V&E Monitoring later in this report, for an analysis of more detective controls.
13
These include the department's Senior Officer for Disclosure and the Government's Public Sector Integrity Commissioner.
14
Research and best practice suggest that the lack of disclosure is not a positive metric – but rather may be indicative of an environment characterized by a reluctance to disclose. As noted in the TBS Annual Report on the Public Servants Disclosure Protection Act 2011-12 “organizations that report findings of wrongdoing are demonstrating that their internal disclosure regimes are working, that these matters are being dealt with in a serious manner, and that corrective measures are being taken”
15
The testing of these controls was limited to an examination of their design only. Operational effectiveness of the practices was not tested through detailed sampling.
16
It should be noted that as part of the Deficit Reduction Action Plan (DRAP), the department cut an HR staff member that was responsible for supporting the department's approach to V&E including developing the V&E plans and supporting proactive V&E activities and monitoring. In the absence of this, the department's current approach to monitoring is primarily focused on compliance.
17
Committee of the Sponsoring Organizations of the Treadway Commission (COSO). Internal Control Framework. Executive Summary.
18
The Internal Audits of Policy, Planning and Priority-setting, Financial Management Governance, Integrated Risk Management and Emergency Management Planning: Leadership & Oversight all identified important gaps in the management culture of the department.
19
As it was beyond the audit's mandate to audit culture, these elements are not outlined specifically in this audit report. Nonetheless, they are important considerations for the examination and action of the Deputy Minister. Accordingly, we have submitted supplementary advice under separate cover.
20
Because this was but one line of enquiry in a comprehensive audit, we were unable to conduct a fulsome audit of leadership staffing actions. Instead, a more limited sampling of staffing actions was done to test the design of the process. This was complemented by interviews and workshops. As much as possible, we relied on the recently completed Public Service Commission Staffing Audit.
21
Leadership competencies are assessed during EX selection processes, although in some cases, such as deployment, no additional verification is needed under the PSEA staffing rules.
22
Talent Management Review Committee is comprised of members of the Departmental Management Committee.

Date modified:: 2022-07-25

Language selection

Search and menus

Search

Internal Audit of Values and Ethics - Internal Audit and Evaluation Directorate

Table of contents

Executive Summary

Background

Audit Objective

Summary of Results

Audit Opinion

Statement of Assurance

Summary of Recommendations

Management Response

1.0 Introduction

1.1 Background

1.2 Roles and Responsibilities

1.3 Risk Analysis

1.4 Audit Objective

1.5 Scope and Approach

1.6 Audit Opinion

1.7 Statement of Assurance

2.0 Findings, Recommendations And Management Responses

2.1 Values and Ethic Framework and Formal Practices

V&E Directions

Governance Structures and Accountability

Codes of Conduct & Values

Training

Disclosure Processes

Conflict of Interest:

Wrongdoing:

Harassment:

V&E-based Decision Making

2.2 V&E Monitoring

2.3 Control Environment

Informal and Formal Communications

Leadership Development Practices

Realignment: An Opportunity for Cultural Transformation

Appendix A: Audit Criteria

Appendix B: References

Footnotes