THE REGIONAL MUNICIPALITY OF PEEL · THE REGIONAL MUNICIPALITY OF PEEL . AUDIT AND RISK COMMITTEE . AGENDA ARC - 1/2017 . ... REPORT HIGHLIGHTS The 2016 Internal Audit Risk Based

THE REGIONAL MUNICIPALITY OF PEEL

AUDIT AND RISK COMMITTEE

AGENDA ARC - 1/2017

DATE: Thursday, February 2, 2017

TIME: 11:00 AM – 12:30 PM

LOCATION: Regional Council Chamber, 5th Floor

Regional Administrative Headquarters

10 Peel Centre Drive, Suite A

Brampton, Ontario

MEMBERS: F. Dale; C. Fonseca; G. Miles; K. Ras; R. Starr; A. Thompson

1. ELECTION OF CHAIR AND VICE-CHAIR

2. DECLARATIONS OF CONFLICTS OF INTEREST

3. APPROVAL OF AGENDA

4. DELEGATIONS

5. REPORTS

5.1. Revised 2016 Internal Audit Risk Based Work Plan (For information)

5.2. Revised 2016 Integrated Risk Management Work Plan (For information)

5.3. 2017 Internal Audit Risk Based Work Plan

5.4. 2017 Integrated Risk Management Work Plan

5.5. 2016 Fraud Information (For information)

5.6 Long Term Care Audit (For information) Presentation by Nancy Polsinelli, Commissioner, Health Services and Jennifer Weinman, Manager, Internal Audit

5.7 Heart Lake Community Recycling Centre Contract Review (For information) Presentation by Jennifer Weinman, Manager, Internal Audit and Mariano Singzon, Acting Manager, Waste Operations

ARC - 1/2017

-2- Thursday, February 2, 2017 5.8 Human Resources Contractor Safety Program Risk Assessment (For information)

Presentation by Mary Killeavy, Director, Human Resources, and Anila Lalani, Advisor, Integrated Risk Management

6.

COMMUNICATIONS

7.

IN CAMERA MATTERS

8.

OTHER BUSINESS

9.

NEXT MEETING Thursday, April 20, 2017, 11:00 a.m. – 12:30 p.m. Council Chamber, 5

th Floor

Regional Administrative Headquarters 10 Peel Centre Drive, Suite A Brampton, Ontario

10.

ADJOURNMENT

REPORT Meeting Date: 2017-02-02

Audit and Risk Committee

For Information

DATE: December 15, 2016

REPORT TITLE: REVISED 2016 INTERNAL AUDIT RISK BASED WORK PLAN

FROM: Michelle Morris, Director, Internal Audit

OBJECTIVE

To inform the Audit and Risk Committee of the changes that has been made to the 2016 Internal Audit Risk Based Work Plan. REPORT HIGHLIGHTS

The 2016 Internal Audit Risk Based Work Plan was approved at the February 4, 2016 Audit and Risk Committee meeting.

The Audit and Risk Committee is responsible for reviewing the status of the approved Internal Audit Work Plan.

This report outlines changes to the work plan to respond to emerging risks and requests for services.

DISCUSSION 1. Background

The Audit and Risk Committee has a responsibility to approve the risk based Internal Audit Work Plan recommended by the Director, Internal Audit and review the status of the work plan. The 2016 Internal Audit Risk Based Work Plan was approved at the February 4, 2016 Audit and Risk Committee meeting. Changes have been made to the original work plan to respond to emerging risks and issues. This report titled “Revised 2016 Internal Audit Risk Based Work Plan” outlines revisions to the plan.

2. Status of 2016 Work Plan and Comments

The approved 2016 Internal Audit Risk Based Work Plan included 13 audit projects, of which six were commenced in 2015 and concluded in 2016. To date, the Internal Audit division has completed or is in the process of completing 13 projects. The status of each audit project is outlined in Appendix I.

5.1 - 1

REVISED 2016 INTERNAL AUDIT RISK BASED WORK PLAN

- 2 -

During 2016, two projects were deferred, while two more were added to the approved work plan. Specific changes are as below:

Hiring Practices Phase II – was deferred. Management is working to implement the management action plans to address the observations from Phase I audit. More value can be added when observations from Phase I are addressed before Phase II work starts. Water Forecasting Model – was deferred. Management is working with Finance to research a new forecasting model. This project will be included in the 2017 work plan. Childcare Fee Subsidies – was added to the work plan. Based on the 2016 risk assessment, high risks related to the distribution of childcare fee subsidies were identified. The audit will assess the controls in place to manage fee subsidies that are distributed to childcare providers. Use of Employment Agencies – was added to the work plan. During the 2016 risk assessment, high risks were identified related to use of employment agencies at the Region. The audit will assess whether related Regional policies are followed and the Region is protected when retaining employment agencies.

CONCLUSION

The Internal Audit Risk Based Work Plan remains flexible in order to address emerging risks and requests for services that occur during the year. Internal Audit will continue to update the Audit and Risk Committee on any significant changes that occur.

Michelle Morris, Director, Internal Audit Approved for Submission:

D. Szwarc, Chief Administrative Officer APPENDICES

Appendix I - Table 1 - Status of 2016 Work Plan Projects For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Lynn Guo MBA, CMA (US), CIA

5.1 - 2

Revised 2016 Internal Audit Risk Based Work Plan APPENDIX I

Table 1 – Status of 2016 Work Plan Projects

Strategic Plan Area of

Focus

Audit Project

Status

Living (People’s l ives are improved in their time of need)

Long Term Care In progress

Childcare Fee Subsidies Added – in progress

TransHelp Operations completed

Thriving (Communities are integrated, safe and complete)

Heart Lake Community Recycling Centre Contract Review

In progress

Community Investment Program Completed

Water Revenue Forecasting Model

Deferred

Leading

(Government is future-oriented and accountable)

Digital Strategy In progress

Peel Living Procurement

In progress

Use of Employment Agencies

Added - in progress

Employee Expense Claims and

Tuition Assistance Program

Completed

Phase II – Fleet

Completed

Driver Certification Program

Completed

Request for Proposal Procurement Process

Completed

Scheduled Standby Duty in Public Health

Completed

Hiring Practices – Phase II

Deferred

5.1 - 3



For Information


REPORT TITLE: REVISED 2016 INTEGRATED RISK MANAGEMENT WORK PLAN


OBJECTIVE

To inform the Audit and Risk Committee of the changes that has been made to the 2016 Integrated Risk Management Work Plan. REPORT HIGHLIGHTS

The 2016 Integrated Risk Management Work Plan was approved at the February 4, 2016 Audit and Risk Committee meeting.

The Internal Audit Charter requires that the Director of Internal Audit provide information to the Audit and Risk Committee on the status of the Integrated Risk Management Work Plan.

This report outlines progress and changes to the work plan to respond to emerging risks and requests for services.


The 2016 Integrated Risk Management Work Plan was presented for approval at the February 4, 2016 Audit and Risk Committee meeting. Changes have been made to the original work plan to respond to emerging risk and issues. The Internal Audit Charter requires that the Director of Internal Audit provide information to the Audit and Risk Committee on the status of the Integrated Risk Management Work Plan. This report titled “Revised 2016 Integrated Risk Management Work Plan” outlines revisions to the plan.

2. Status of 2016 Integrated Risk Management Work Plan and Comments

The 2016 Integrated Risk Management Work Plan focused on advancing risk management practices within existing planning, budgeting, and decision-making processes. Additional time is allotted for in-year requests for operational risk assessments and risk advisory services. The Status of the 2016 Integrated Risk Management Work Plan is summarized herein this report.

5.2 - 1

REVISED 2016 INTEGRATED RISK MANAGEMENT WORK PLAN

- 2 -

Item Status Comments

Define Risk Appetite Complete

Define Risk

Tolerances

In

progress

Risk tolerance involves the application of risk appetite

to specific objectives and strategies. It is tactical and

operational and will set the boundaries of acceptable

performance variability for ToCPs, and will be

consistent with the Council approved risk appetite for

the Strategic Plan.

Integrate risk

management into

decision making

processes

In

progress

Phase I – ELT Reports

Decision reports to Council and the Executive

Leadership Team will have a risk consideration

component to help inform the decision.

Phase II – Council Reports

Work is underway to integrate risk analysis to Council

reports once it is successfully adopted in reports to

Executive Leadership Team and is targeted for Spring

2017.

Identify risk

champions in each

department

Complete

Formalize risk

assessment process

In

progress

Risk assessment process will be embedded within

routine planning processes. Integrated Risk

Management will be working with the Corporate

Strategy Office and Departmental Risk Champions to

formalize this process.

Establish a risk

monitoring and

reporting protocol –

Corporate Risk

Profile

Not

started

Development of a Reginal Corporate Risk Profile to

inform Regional Council, the Audit and Risk

Committee and the Executive Leadership Team of the

significant risks facing the Region and the plans in

place to mitigate these risks.

5.2 - 2

REVISED 2016 INTEGRATED RISK MANAGEMENT WORK PLAN

- 3 -

During 2016, the following two projects were added:

Item Status Comments

Risk Assessment of

Human Resources’

Contractor Safety

Program

Complete The objective of the contractor safety program risk

assessment was to identify health and safety risks to

contractors who perform work on behalf of the

Region. The objective of the program is to help

ensure that safety risk is managed and the Region is

in compliance with the Occupational Health & Safety

Act and Regulations. The risk assessment report will

be presented on February 2, 2017 to Audit and Risk

Committee for information.

Establishing risk

tolerance for energy

commodity

procurement

Complete A framework was developed for energy commodity

procurement to guide the procurement strategies in-

line with the Region’s risk appetite. The framework

was approved by Audit and Risk Committee on

October 6, 2016.

Integrated Risk Management continued to provide risk advisory services to various areas within the Region upon request.

CONCLUSION

Considerable progress has been made on the 2016 Integrated Risk Management Work Plan. Integrated Risk Management will continue to advance risk management practices within the Region’s processes and practices.


D. Szwarc, Chief Administrative Officer

For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Michelle Morris, CPA, CGA, CIA, CRMA and Anila Lalani, CIA CISA

5.2 - 3




REPORT TITLE: 2017 INTERNAL AUDIT RISK BASED WORK PLAN


RECOMMENDATION That the 2017 work plan as outlined in the report of the Director, Internal Audit, titled “2017 Internal Audit Risk Based Work Plan” be approved.

REPORT HIGHLIGHTS

The 2017 Internal Audit Risk Based Work Plan was developed based on risk assessment information gathered from various sources.

The 2017 Work Plan has been aligned with the Terms of Council Priorities and Region’s Strategic Plan where possible.

The 2017 Work Plan will remain dynamic and flexible for emerging risks and issues throughout the year.

Internal Audit is able to independently and objectively carry out the audit projects identified on the 2017 Work Plan.

Completion of the 2017 Work Plan is intended to provide Audit and Risk Committee and senior management reasonable assurance that controls are working as intended in the areas audited.


Internal Audit has a responsibility to develop an annual work plan that reflects the changes and emerging risks within the Region. The 2017 Risk Based Work Plan was developed in alignment with the Region’s strategic goals, and sets the priorities of Internal Audit activities for 2017. Internal Audit commenced the planning process in the summer of 2016 by interviewing Executive Leadership Team members and selected directors. Information collected in these interviews was the major source of information that informed the Work Plan. A comprehensive risk assessment framework was applied to prioritize risks identified in developing the Work Plan.

5.3 - 1

2017 INTERNAL AUDIT RISK BASED WORK PLAN

- 2 -

The 2017 Work Plan will remain flexible to allow for new in year requests. As risks and issues unfold during the year, changes to the Work Plan may be required. Internal Audit will update the Audit and Risk Committee and the Executive Leadership Team of changes to the Work Plan. Details of the Work Plan are presented in the Appendix I. There are three tables in Appendix I:

Table 1 is the audit projects identified that will commence in 2017. Rationale and risks associated with the projects are presented in the table;

Table 2 presents projects that have been started in 2016 and will be concluded in 2017;

Table 3 outlines other services Internal Audit provides and the descriptions of these services.

2. 2017 Work Plan Highlights and Comments

The audit projects in the 2017 Work Plan have been aligned with the Terms of Council Priorities and Region’s Strategic Plan where possible. This alignment ensures audits will be conducted on programs and services where associated risks are significant. In addition to conducting audit projects, Internal Audit also sets aside time in the Work Plan to:

Respond to requests for control advice;

Follow up on outstanding management action plans;

Conduct investigations as needed;

Promote and advance the fraud prevention program; and,

Participate in advisory and governance committees.

An average of 500 hours are allocated to each audit project based on historical experience; however, projects that are carried out regularly or less complex are assigned less hours. Based on the existing resources, Internal Audit will be able to independently and objectively carry out the audit projects presented in the 2017 Internal Audit Risk Based Work Plan.

CONCLUSION Internal Audit 2017 Risk Based Work Plan was developed to continue to add value to the programs and services provided by the Region. Completion of 2017 Work Plan is intended to provide the Audit and Risk Committee and senior management with reasonable assurance that sound management practices are in place and are functioning as intended in the areas audited.

Michelle Morris, Director, Internal Audit

5.3 - 2

2017 INTERNAL AUDIT RISK BASED WORK PLAN

- 3 -

Approved for Submission:


Appendix I - 2017 Internal Audit Risk Based Work Plan For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Lynn Guo, MBA, CMA(US), CA and Jennifer Weinman, CPA, CA, CIA

5.3 - 3

2017 INTERNAL AUDIT RISK BASED WORK PLAN APPENDIX I

Table 1 – 2017 Work Plan Projects

Strategic Plan Area of Focus

Audit

Project

Last Time Audited

Rationale and Risk

Living (People’s lives are improved in their time of need)

Ontario Works 2011 Rationale: The Region, on behalf of the Province, provides financial assistance to eligible families and individuals. The system used for administrating the program was replaced with a new system SAMS in 2014. The Community Access division established a peer group to support and address the challenges and risks associated with the new system. There is an opportunity to review whether measures put in place are effective in mitigating the associated risk. Risk: Without effective mitigating strategy and controls to manage the system related risks, the objective of the program may not be achieved.

Environmental Health

2011 Rationale: Public Health Inspectors inspect retail food services premises, establishments and personal services settings in the Region to ensure the mandated environmental health and food safety requirements are met. The team is also responsible for investigating complaints and concerns about other environmental health issues. Risk: Without effective controls and efficient processes, there is a risk the objective of the program may not be achieved.


Residential Property Management

N/A Rationale: The Region provides residential and facility services to 74 residential properties across the Region. There is an opportunity to review the processes and practices in place in managing the properties. Risk: Ineffective and inefficient processes and practices may impact the quality of services to the residents.

5.3 - 4



Audit

Project

Last Time Audited

Rationale and Risk

Water Billing System

N/A Rationale: A new and enhanced water billing system was deployed in 2015. The system is used to bill water and wastewater charges for residents and businesses in the Region. Effective January 2016 the Region started collecting storm water charges on behalf the City of Mississauga. It is important that customer information is managed properly and water revenue is collected accurately and timely. Risk: Without effective controls in place, there is a risk that customers may be billed incorrectly and payment may not be collected correctly and timely.

Long-term Water Forecasting Model

N/A Rationale: A model is used to forecast long term water infrastructure needs. There is an opportunity to review the forecasting model and methodology to help improve the planning processes and help ensure the Region is investing in the appropriate infrastructure to support growth. Risk: Without an effective forecasting model and methodology, there is a risk that investments in infrastructure will not support growth.

Leading (Government is future-oriented and accountable)

Sewer Inspection and Collection Process

2008 Rationale: The Environmental Control Team is responsible for inspecting industries in the Region and enforcing the By-Law. Discharge of detrimental materials into the wastewater system in the Region must follow a process and must be in compliance with Wastewater By-law 2010. There is an opportunity to review whether the processes and controls are working effectively. Risk: Without effective controls in place, there is a risk that detrimental materials may be released to the wastewater system and industries may not be in compliance with the By-law.

Payroll 2011 Rationale: Payroll is responsible for processing salaries and hourly wages for over 5000 Regional employees. Employee pays are processed and deposited into employee bank accounts bi-weekly. A Time and Labour system is used in administrating timesheet, employee information as well as pay records. It is important that records are correct, employees are paid according to the time worked and pay cheques are processed accurately and timely. Risk: Without effective controls in place, there is a risk that employees may not be paid correctly or in a timely manner.

5.3 - 5



Audit

Project

Last Time Audited

Rationale and Risk

Facility Management

N/A Rationale: The Facility & Occupant Services team provides property and facility management services to Region owned buildings and properties with the objective to provide a safe and productive work environment, at the same time preserve the Region’s physical assets in accordance with engineering sciences. There is an opportunity to review whether the processes in place are working effectively to achieve the objective. Risk: Without effective processes and controls in place, there is a risk that the workplace may not meet the safety and security requirements and the Region’s physical assets may not be preserved.

Construction Project Management – Real Property Assets Management

N/A Rationale: The Construction Project Management section of the Real Property Assets Management division provides contract and project management services for Regional owned facilities and Peel Living buildings. Their services include contract and project management of facility planning, development, and construction. The team manages the scope and budget for each contract to ensure completed facilities meet the operational requirements. Risk: Without effective controls in place, there is a risk that construction projects may not be managed to achieve the objectives of the operational requirements.

Table 2 – 2016 Audit Projects to be Concluded in 2017


Audit

Project

Last Time Audited

Audit Objectives /Rationale and Risk

Living (People’s lives are improved in their time of need)

Long Term Care

2011 Audit objective: to determine whether management has implemented effective and efficient controls in the administrative areas that support the delivery of resident services, specifically:

Controls related to the collection of resident payments

Controls in managing cash on hand and controls in managing supplies and inventory

Controls related to tracking payment of vendor invoices

5.3 - 6



Audit

Project

Last Time Audited

Audit Objectives /Rationale and Risk

Childcare Fee

Subsidies

N/A Rationale: The Region, on behalf of the Province, provides

childcare subsidies to families in Peel. The Early Year System

team manages the distribution of fee subsidies to licensed

childcare providers that meet the eligibility and reporting

requirements. There is an opportunity to review whether fee

subsidies were distributed effectively and in accordance with the

legislation.

Risk: Without effective controls to manage the childcare fee

subsidies, there is a risk the program may not achieve its

objectives.


Heart Lake Community Recycling Centre Contract Review

N/A Audit objective: to assess whether management has implemented effective contract management controls related specifically to:

Qualification and training of vendor staff

Reporting and monitoring vendor performance

Customer service standards

Contract requirements for Environmental Compliance Approval (ECA) and Extended Producer Responsibility (EPR) programs


Digital Strategy

N/A Audit objective: to determine if management has adequate governance processes in place to mitigate the risks to achieving a successful digital strategy implementation

Peel Living Procurement

N/A Audit objective: to assess the effectiveness of procurement practices and processes that are followed to acquire goods and services for Peel Living

Use of

Employment

Agencies

2010 Rationale: Employment agencies are often retained across the

organization to enhance workforce. There is an opportunity to

review whether Regional policies are followed when retaining

employment agencies and whether invoices from the agencies

are accurate.

Risk: There is risk that the Region’s interest may not be protected

should Regional policies not be followed when retaining

employment agencies and when approving invoices.

5.3 - 7


Table 3 – Other Audit Related Services


Audit Service

Description


Control Advice and Advisory

Risks and issues emerge and evolve throughout the year. Internal Audit sets aside time to handle special projects, assignments and advisory work. The objective is to be proactive by addressing client needs on the front-end. In addition, Internal Audit may be asked to sit in on Committees or provide outreaching training as a way to provide proactive control advice to management.

Follow-up on Internal Audit Reports

Audit staff follow up on outstanding audit observations and management action plans from audit reports that have been previously reported to the Audit and Risk Committee.

Fraud Prevention Program

This program is to advance, promote the fraud prevention program as defined in the Fraud Prevention Policy. The Director, Internal Audit has the lead responsibility for advancing, promoting and educating the organization about the fraud prevention program.

Investigation The Region is committed to protecting its revenue, property, proprietary information and other assets. The Region will not tolerate any misuse or misappropriation of those assets. It is the Region’s intent to fully investigate any suspected acts of “fraud” as defined in Fraud Prevention Policy. The Director, Internal Audit has the lead responsibility for conducting fraud related investigations.

5.3 - 8




REPORT TITLE: 2017 INTEGRATED RISK MANAGMENT WORK PLAN


RECOMMENDATION That the 2017 Integrated Risk Management Work Plan as outlined in the report of the Director, Internal Audit, titled “2017 Integrated Risk Management Work Plan” be approved.

REPORT HIGHLIGHTS

The Director, Internal Audit is responsible to develop an annual Integrated Risk Management (IRM) Work Plan.

Integrated Risk Management will allow the Region of Peel (Region) to manage and monitor organizational risks through an integrated and systematic approach once fully implemented.

The Region continues to progress towards a more mature state in IRM with the embedding of risk management principles within existing planning and decision-making processes.

The 2017 IRM Work Plan was developed based on an assessment against a risk management maturity model.


Under the Internal Audit Charter, the Director, Internal Audit, has the responsibility to develop an Integrated Risk Management (IRM) Work Plan. Once fully operationalized, Integrated Risk Management will allow the Region to manage and monitor organizational risks through an integrated and systematic approach with risk management practices embedded within existing planning, budgeting, and decision-making processes. The 2017 Integrated Risk Management Work Plan is designed to fully operationalize risk management and was developed based on an assessment against a risk management maturity model. This enables an organization to determine next steps toward a more structured approach to risk management.

5.4 - 1

2017 INTEGRATED RISK MANAGEMENT WORK PLAN

- 2 -

2. 2017 Integrated Risk Management Work Plan

Significant progress has been made to advance IRM within the Region’s processes and practices. Over the past several years, the IRM Work Plan has included several key deliverables including the risk management framework, process and policy and more recently the development of a Risk Appetite framework for the Regional strategic plan and Term of Council Priorities. The following initiatives will be undertaken in 2017 to fully operationalize IRM:

Item Rationale

Define risk tolerance for Term of Council Priorities (ToCPs)

Risk tolerance involves the application of risk

appetite to specific objectives and strategies.

It is tactical and operational and will set the

boundaries of acceptable performance

variability for ToCPs, and will be consistent

with the Council approved risk appetite for

the Strategic Plan.

Formalize the risk assessment process

Risk assessments will be part of routine strategic and operational activities and form an integral part of strategic, program and service planning.

Refine risk management within decision-

making processes

Phase I – Executive Leadership Reports Refine established guidelines for risk analysis within “Decision Reports” to the Executive Leadership Team. Analysis will include significant risks to the proposed direction and mitigation plans to manage the risks identified. Phase II – Council Reports Establish guidelines for risk analysis within “Decision Reports” to Council. Analysis will include significant risks to the proposed direction and mitigation plans to manage the risk identified. Further, proposed recommendations should be aligned to Council’s risk appetite established for the Strategic Plan.

Risk Management capacity building IRM will continue to build risk management capacity through departmental Risk Champions to advance risk management knowledge and activities across the Region.

5.4 - 2

2017 INTEGRATED RISK MANAGEMENT WORK PLAN

- 3 -

Establish a risk monitoring and reporting protocol – Corporate Risk Profile

Development of a Regional Corporate Risk Profile to inform Regional Council, the Audit and Risk Committee and the Executive Leadership Team of the significant risks facing the Region and the plans in place to mitigate these risks.

Changes to the 2017 Work Plan may be required throughout the year in order to reflect emerging risks and issues as they unfold. Internal Audit will update the Audit and Risk Committee and Executive Leadership Team on the changes to the Work Plan accordingly.

CONCLUSION

Significant progress has been made toward embedding risk management within the Region’s processes and practices. The planned activities for 2017 are focused on moving the Region to a fully operationalized risk management approach.


D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Michelle Morris, CPA, CGA, FCCA, CIA, CRMA and Anila Lalani, CIA, CISA

5.4 - 3



For Information


REPORT TITLE: 2016 FRAUD INFORMATION


OBJECTIVE To provide the Members of the Audit and Risk Committee with information to respond to fraud related enquiries made by the External Auditors.

REPORT HIGHLIGHTS

The External Auditors are required to obtain feedback from members of the Audit and Risk Committee on their perception of fraud risks and fraud allegations at the Region of Peel.

Internal Audit conducted a survey to gather information on fraud allegations that occurred in 2016 and their outcomes. There were a total of two confirmed occupational frauds in 2016.

Fraud prevention training was implemented in 2016 for all employees. Approximately 84% of employees completed the training in 2016.


The External Auditors are required as part of their professional standards to gather feedback from Members of the Audit and Risk Committee on their perspective of fraud risks, fraud allegations and antifraud programs at the Region of Peel (Region). The Audit and Risk Committee Charter (July 2015) outlines the Committee’s role to include the following:

Review the results of the annual fraud survey on fraud risk and fraud allegations, and Respond to the external auditor’s questions related to the Committee’s view of fraud risk,

fraud allegations and the Committee’s role in the Region’s fraud program. Our External Auditor, Trevor Ferguson from Deloitte will be asking Members of the Audit and Risk Committee at the April 6, 2017 Audit and Risk Committee meeting to confirm their understanding of the following: 1. Their views about the risk of fraud; 2. Their knowledge of any actual, suspected or alleged fraud; and,

5.5 - 1

2016 FRAUD INFORMATION

- 2 -

3. The role that they exercise in the oversight of management’s antifraud programs. Internal Audit conducted a survey across the Region to gather the information for the members of the Audit and Risk Committee to effectively address the External Audit questions. This is Internal Audit’s fourth year coordinating and reporting fraud information that has occurred over the past year.

2. Survey Results

A total of 47 Directors across the Region were surveyed. Internal Audit received an excellent response rate of 100 per cent to the survey. A definition of fraud was provided from the Region’s Fraud Prevention policy (G00-22):

“Fraud is an act of using dishonesty as a tool for personal gain. Fraud includes any misuse or attempt to misuse the Region’s assets for personal gain or purposes unrelated to the Region’s business.”

The process to gather information required management to answer three questions as

outlined below. Additional follow-up was conducted where fraud was suspected. The first two questions capture management’s perspective on fraud allegations for their area of responsibility; while the third question captures information on actual or alleged fraud that occurred in 2016. The results of the survey are as follows:

1. There is a high risk of fraud occurring in my area of responsibility?

72 per cent felt the risk of fraud in their area was low;

15 per cent felt the risk of fraud in their area was moderate;

13 per cent felt there was a high risk of fraud in their area of responsibility.

2. There are effective controls and oversight that will detect or prevent fraud in my area?

74 per cent felt that there were effective controls and oversight; 9 per cent were uncertain;

17 per cent felt that there was a risk of fraud due to ineffective controls and oversight.

The response identified that the majority of management believed that the risk of fraud is effectively mitigated through preventive controls and oversight in their areas of responsibility. There is still a probability of fraud occurring in some areas.

3. Has there been any actual suspected or alleged fraud in your area over the past year? Results of the survey indicated that there were two confirmed fraud incidents at the Region in 2016; both involving the theft of time. In addition, there is one fraud allegation involving Child Care Funding which is currently under review. Appropriate action will be taken pending the outcome of this review. This is compared to the three fraud incidents reported in 2013; ten reported in 2014; and one incident reported in 2015.

5.5 - 2


- 3 -

3. Information and Update on 2016 Fraud Allegations

The Internal Audit Charter states that Internal Audit will “Provide an annual report on fraud risk and fraud allegations.” As a result of our fraud survey and follow up discussions with management; the following two frauds and one fraud allegation were identified: Theft of Time fraud: Management became aware of the theft of time by an employee through the falsification of electronic time reporting records. Steps have been taken to strengthen controls including changes to time tracking; as well as increased monitoring of field work. The employee is no longer with the Region. Theft of Time fraud: Management became aware of the theft of time involving the falsification of records by a non-employee Purchase of Service consultant. This consultant is no longer providing services to the Region. Child Care Funding fraud allegation: Reconciliation of invoices and receipts provided by a licensed child care provider led to concerns that the provider may not have used the funds received for their intended purpose. Human Services secured the services of a third-party consultant to conduct a special review. Appropriate action will be taken based upon the outcome of this review.

4. Fraud Prevention Program

In 2016, Internal Audit rolled out Fraud Prevention training for all employees. The E-Learning Fraud Prevention module was developed in-house and included the ability to capture the training for each employee in our Human Resource Management System. Results show that approximately 84 per cent of employees completed the training in 2016. A second e-learning module ‘Fraud Awareness for Leaders’ was developed and rolled out in 2016. This e-learning module is designed to provide those in management positions with additional information about fraud and the best practices for detecting and preventing fraudulent behaviour. The Region’s Fraud Prevention Policy section I. Fraud Reporting Protection states: ‘Employees are encouraged to report suspected acts of fraud. No employee or person shall take action against an individual that in good faith alleges and reports a fraudulent act.’

CONCLUSION

The survey results and information captured in this report will inform members of Audit and Risk Committee of the fraud risks and fraud allegations at the Region of Peel in order to meet the requirements of the External Audit.

5.5 - 3


- 4 -


D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Sean Lee, CPA, CGA, CGAP, CIA, CISA, CRMA, PMP

5.5 - 4



For Information


REPORT TITLE: LONG TERM CARE AUDIT


OBJECTIVE

To inform the Audit and Risk Committee of the results of the Long Term Care Audit REPORT HIGHLIGHTS

The mandate of Long Term Care is to provide service excellence in a safe and compassionate environment where everyone can thrive.

The audit focused on the administrative areas that support the delivery of resident services.

The audit observations are: Effective controls have been implemented in managing inventory of prescription drugs

and controlled substances;

There are opportunities for improvement in the administrative areas that include: o Review the collection policy to help ensure it provides clear directions for staff; o Establish a formal process to periodically review outstanding receivables to help

ensure timely collections; o Implement procedures to safeguard inventory in facilities and nursing supplies areas

to mitigate the risk of misuse, loss and misappropriation, and develop policies and procedures accordingly; and,

o Review delegated authority for approval of low value purchases to gain efficiencies.

Management has developed action plans to address the observations noted in the audit.


The Internal Audit Risk Based Work Plan 2016, developed through the annual risk assessment, included an audit of the Long Term Care division in the Health Services Department. The last time Long Term Care was audited was in 2011. The Long Term Care Division is led by the Director, Long Term Care, and a management team that consists of five Administrators who are responsible for the day-to-day operations of the Long Term Care Centres.

5.6 - 1

LONG TERM CARE AUDIT

- 2 -

Long Term Care is governed by the Long Term Care Homes Act, 2007 and Ontario Regulation 79/10. The mandate of Long Term Care is to provide service excellence in a safe and compassionate environment where everyone can thrive. The Division helps ensure the needs of residents are met, they are treated with respect and have the supports and services they need for health and well-being. The five Long Term Care Centres are home to 703 residents. Information related to the five Centres is presented in the following chart:

Centre Number of Residents Location

Malton Village 160 Mississauga

Peel Manor 177 Brampton

Sheridan Villa 142 Mississauga

Tall Pines 160 Brampton

Vera Davis Centre 64 Caledon

Total 703

2. Audit Objective

The objective of the audit was to determine whether management has implemented effective and efficient controls in the administrative areas that support the delivery of resident care. Specifically the audit assessed whether:

Controls related to the collection of resident payments are effective and efficient;

Controls are effective in managing cash on hand in petty cash and resident trust funds, as well as supplies and inventory; and,

Controls related to tracking payment of vendor invoices are effective and efficient.

The audit focused on business transactions from December 2015 to May 2016 inclusive. This audit was conducted in accordance with the International Standards for Professional Practices of Internal Auditing.

3. Audit Observations

The petty cash and resident trust funds are being managed effectively in accordance with applicable Regional policies. Further, management has implemented effective controls in managing inventory of prescription drugs and controlled substances. There are opportunities for improvement in the administrative areas that include: a) Collection Policy and Outstanding Receivables

5.6 - 2


- 3 -

The Ministry of Health and Long Term Care provides financial assistance to long term care providers by reimbursing 50 per cent of providers’ current year bad debt expense, under the condition that providers demonstrate efforts made to collect the arrears. According to management, in November 2016 the Long Term Care division had an outstanding receivables balance of $514k for all the Centres in the division. Further, management indicated the division charged over $1.25 million in fees to residents for all the Centres for the same month. There is a need to establish a formal process to periodically review outstanding receivables and write off arrears deemed uncollectible. Further there is a need to review the collection policy to ensure it provides clear direction for staff. Without clear direction, collection of outstanding receivables may be delayed. There is also a risk that bad debt may become ineligible for reimbursement in accordance with the Ministry policy. Management will review and update the collection policy and procedures, to be completed by January 2017. A formal process to review outstanding receivables will be included in the updated policy. A centralized collection process will be piloted and implemented by April 2018 pending the result of the pilot.

b) Inventory and Supplies Management Policies and procedures are standards to guide staff in completing their day to day tasks. There is a need to develop policies and procedures for managing inventory and supplies. Further, safeguarding controls in the facilities and nursing supplies areas need to be implemented. There is a need to implement policies and procedures to establish record keeping of in stock items, incoming freight as well as dispersion of supplies to the floors to reduce the risk that inventory and supplies may be misused, misplaced or misappropriated. The 2016 budget for these types of inventory and supplies was approximately $3.9 million, representing five per cent of the total Long Term Care budgeted expenditure. Management will implement a full process review of current inventory management practices in the facilities and nursing department with the objective to update roles and responsibilities and develop policies, procedures and process maps. Appropriate safeguarding measures will be put in place. This action plan will be completed by December 2017.

c) Vendor Invoice and Payment

The majority of Long Term Care goods and services are procured by blanket purchase contracts as goods and services are required frequently and repetitively. A blanket purchase contract has a limit on both dollar value and time period of procurement. Supervisors are responsible for the purchase of goods and services for their areas within the limit of the approved budget. Administrators approve all purchases, regardless of the value and the type of purchases. This second review is a duplication of effort, and may not be an efficient use of management time. Further, seeking the second signature may delay payment, which could potentially compromise the relationship with vendors. There is a need to review the delegated authority for approving low value purchases and

5.6 - 3


- 4 -

the day-to-day common purchases, to ensure efficiency is achieved and good vendor relationships are maintained. Management will review the appropriate spending level that requires a secondary approval. Delegated authority to improve efficiency is being piloted in one of the Centres and will be implemented by March 2017 across all the Centres in the division, subject to the result of the pilot.

CONCLUSION

Long Term Care has implemented effective controls in managing petty cash, resident trust funds, prescription drugs and controlled substances inventories. There is a need to strengthen controls in the administrative areas to ensure the Region’s financial interest is protected, physical assets are safeguarded, and efficiencies are achieved. Management has developed action plans to address the audit observations noted in the audit. Internal Audit has reviewed the action plans and feels comfortable they will address the risks noted during the audit. Internal Audit will follow up on the status of the management action plan implementation and report back to the Audit and Risk Committee.


D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Lynn Guo, MBA, CMA (US), CIA and Jennifer Weinman, CPA, CA, CIA

5.6 - 4

1

Long Term Care Audit

Presented by: Nancy Polsinelli, Commissioner, Health

Services Jennifer Weinman, Manager Internal Audit

5.6 - 5

2

Background • Long Term Care is governed by Long Term

Care Act 2007 and Ontario Regulation 79/10 • The mandate of Long Term Care is to provide

service excellence in a safe and compassionate environment where everyone can thrive

• There are five Long Term Care Centres managed by the Region that serve a total of 703 residents

5.6 - 6

3

Audit Objective • To determine if management has implemented

effective and efficient controls in the administrative areas that support the delivery of resident care.

The audit specifically focused on: – Controls related to the collection of resident payments – Controls in managing cash on hand in petty cash and

resident trust fund, and controls in managing supplies and inventory

– Controls related to tracking payment of vendor invoice

5.6 - 7

4

Audit Scope • The audit focused on business transactions from

December 2015 to May 2016 inclusive • The audit exclude resident care delivery as a

result of annual inspections and other reporting and investigation mechanism implemented by the Ministry of Health and Long Term Care

5.6 - 8

5

Audit Observations • Effective controls are in place for managing

prescription drugs, controlled substances and cash on hand

• Opportunities for improvement in the administrative areas include: – Review the collection policy to help ensure it

provides clear directions for staff – Establish a formal process to periodically

review outstanding receivables to help ensure timely collections

5.6 - 9

6

Audit Observations

– Implement procedures to safeguard inventory in the facilities and nursing supplies area to mitigate the risk of misuse, loss and misappropriation; and develop policies and procedures accordingly

– Review delegated authority for approval of low value purchases to gain efficiency

5.6 - 10

7

Management Actions

• Arrears collection policies are being reviewed and updated to include the implementation of a formal method of processing outstanding receivables consistently across all five Long Term Care homes.

5.6 - 11

8

Management Actions

• A full review of the inventory management program is being undertaken with the objectives to update processes and roles and responsibilities;

• Appropriated inventory safeguarding measures will be established by the end of 2017.

5.6 - 12

9

Management Actions

• Delegated authority for low value invoices($5000 and less) is being piloted in one ofthe Long Term Care Centres and isexpected to be implemented at all Centresin 2017.

5.6 - 13

10

Thank you!

5.6 - 14



For Information


REPORT TITLE: HEART LAKE COMMUNITY RECYCLING CENTRE CONTRACT

REVIEW


OBJECTIVE

To inform the Audit and Risk Committee of the results of the Heart Lake Community Recycling Centre Contract Review.

REPORT HIGHLIGHTS

The Heart Lake Community Recycling Centre is owned by the Region of Peel and managed by an independent vendor Tuff Recycling and Supply Inc.

The audit focused on whether management had implemented effective contract management controls to oversee vendor performance.

The audit observations are:

Management has implemented formalized practices related to invoice review and monitoring which are effective.

There are opportunities to strengthen controls around the following areas: o Develop a formal structure for the role of the Contract Administrator; and, o Develop formal processes to effectively oversee the reporting and monitoring

requirements of the contract.

Management has developed action plans that address the risks identified in the audit observations.


The Internal Audit Risk Based Work Plan 2016 included a review of the Heart Lake Community Recycling Centre contract.

The Region of Peel owns six Community Recycling Centres (Brampton, Battleford, Fewster, Caledon, Bolton and Heart Lake). The Community Recycling Centres provide three main functions: reuse drop off, household hazardous waste, and waste drop off for bulky waste and recyclable items. Five of the Centres are operated by Regional staff and Heart Lake Community Recycling Centre is operated by an independent vendor.

5.7 - 1

HEART LAKE COMMUNITY RECYCLING CENTRE CONTRACT REVIEW

- 2 -

Through the 2013 Budget, Regional Council approved awarding the contract to operate and maintain the Heart Lake Community Recycling Centre to a qualified vendor for a five year term. In August 2014, Tuff Recycling and Supply Inc. was the successful vendor for the request for tender for the five year contract. Tuff Recycling and Supply Inc. began operations of the Heart Lake Community Recycling Centre in Brampton in December 2014.

As reported to Regional Council in September 2014, in the report of the Acting Director titled “Public Works Project/Issue Update”, the contract document for the operation of the Centre was developed with the following objectives:

Provide a community based facility to properly handle and dispose of waste that is generated in the Region of Peel;

Provide excellent customer service;

Provide required maintenance activities to the building and grounds;

Promote the development of economically feasible and sustainable markets for recyclable materials;

Provide a Reuse Drop-off service;

Provide a hazardous waste collection program; and

Maintain maximum diversion of recyclable material.

The Region of Peel’s role is to manage and oversee the vendor’s performance of the contract requirements.

2. Audit Objective

The objective of the audit was to assess whether management has implemented effective contract management controls related specifically to:

Qualification and training of vendor staff; Vendor requirements for Customer Service Standards;

Vendor contractual requirements related to Environmental Compliance Approval, Extended Producer Responsibility programs and Region of Peel Waste Management Program; and,

Reporting and monitoring of vendor performance.

This audit was conducted in accordance with the International Standards for Professional Practices of Internal Auditing.

3. Audit Observations

There are formalized practices in place related to invoice review and monitoring which are effective in ensuring the accuracy of invoices and supporting documentation before submission for payment. There are opportunities to strengthen controls around other areas of the contract management process.

5.7 - 2


- 3 -

Role Clarity The role of the Contract Administrator is to be the Region of Peel’s representative on site at Heart Lake Community Recycling Centre to provide oversight on behalf of management, assist in resolving operational issues and help ensure service objectives are achieved.

The staff currently filling the role of Contract Administrator has not been provided with a formal job description and expectations for the role. While the current approach to informally oversee the operations has been carried out by the Contract Administrator without incident, there are reporting and monitoring requirements of the contract that are not being overseen. Absence of role clarity and contract management expectations can result in contract terms not being fulfilled that would not be addressed by the Region of Peel. Management will work with Human Resources to develop a job description and formalize the role of Contract Administrator. Further, management will work with the Contract Administrator to develop metrics for the oversight of Tuff Recycling and Supply Inc., to be monitored and reported on a regular basis. This work will be completed by December 2017.

Formal Structure for Reporting and Monitoring Processes The contract with Tuff Recycling and Supply Inc. includes specific requirements with regard to:

Maintenance of a Customer Complaints Log;

Monthly Performance Review meetings;

Provision of regular operations reports; and,

Provision of regular weighscale reports.

There are no formal processes in place to effectively oversee these areas of the contract requirements:

A Customer Complaints Log is not maintained or provided to the Region;

A monthly performance review meeting is not held; a monthly meeting centred on operations, review of the vendor’s invoices and the monthly Operational Reconciliation Statement is held; and,

Weighscale and operations reports are prepared by Tuff Recycling and Supply Inc.; however, there is no oversight to ensure the reports are complete, accurate, reviewed and approved.

There is a risk that operating objectives related to diversion and customer service standards may not be achieved when reports are not reviewed. Further, Tuff Recycling and Supply Inc. may not be appropriately monitored to ensure they are meeting their obligations under the contract. Management will work with Tuff Recycling and Supply Inc. to ensure:

A Customer Complaints Log is maintained and reviewed;

5.7 - 3


- 4 -

Performance discussions are incorporated in a formal manner into the monthly meetings between Waste Management staff and Tuff Recycling and Supply Inc.; and,

Key performance indicators are developed and monitored, and the reporting process is enhanced for relevance, functionality, accuracy and format.

This is expected to be completed by December 2017.

CONCLUSION

There are formalized practices in place related to invoice review and monitoring which is effective. Management controls over the role of the Contract Administrator and the reporting and monitoring of vendor performance require further strengthening. Management has developed action plans that address the risks identified. The action plans will be included in our follow-up process and the status reported to the Audit and Risk Committee.


D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Carol Lyons, CPA, CGA, CIA and Jennifer Weinman, CPA, CA, CIA, CRMA

5.7 - 4

1

Heart Lake Community Recycling Centre Contract

Review Presented by:

Jennifer Weinman, Manager Internal Audit Mariano Singzon, Acting Manager Waste Operations

5.7 - 5

2

Background • The Region of Peel owns six Community

Recycling Centres. Five Centres are operated byRegional Staff and Heart Lake CommunityRecycling Centre is operated by an independentvendor.

• Tuff Recycling and Supply Inc. was thesuccessful vendor, they began operations inDecember 2014.

5.7 - 6

3

Background • As reported to Regional Council in September

2014, the contract document was developedwith the following objectives:Provide a community based facility to properly

handle and dispose of waste that is generated inthe Region of Peel;Provide excellent customer service;Provide required maintenance activities to the

building and grounds;

5.7 - 7

4

Background Promote the development of economically

feasible and sustainable markets for recyclablematerials;Provide a Reuse Drop-off service;Provide a hazardous waste collection program;

andMaintain maximum diversion of recyclable

material.• The Region of Peel’s role is to manage and oversee the

vendor’s performance of the contract requirements.

5.7 - 8

5

Audit Objective To assess whether management has implemented effective contract management controls related to: Qualification and training of vendor staffVendor requirements for Customer Service StandardsRequirements related to Environmental Compliance

Approval, Extended Producer Responsibility programsand Waste Management Program

Reporting and monitoring of vendor performance

5.7 - 9

6

Audit Observations • There are formalized practices in place related

to invoice review and monitoring which areeffective in ensuring the accuracy of invoicesand supporting documentation beforesubmission for payment.

• There are opportunities to strengthen controlsaround other areas of the contract managementprocess.

5.7 - 10

7

Audit Observations Role Clarity • Contract Administrator has not been provided

with a formal job description and expectationsfor the role resulting in reporting and monitoringrequirements of the contract not being overseen

5.7 - 11

8

Audit Observations Reporting and Monitoring Processes The contract includes specific requirements for: • Maintenance of a Customer Complaints Log• Monthly Performance Review meetings• Provision of regular operations reports• Provision of regular weighscale reports

5.7 - 12

9

Audit Observations There are no formal processes in place to effectively oversee these areas of the contract requirements: • Customer Complaints Log is not maintained or provided

to the Region.• Monthly performance review meeting is not held• Weighscale and operations reports are prepared by Tuff

Recycling and Supply Inc.; however there is no oversightto ensure the reports are complete, accurate, reviewedand approved.

5.7 - 13

10

Management Actions • Management will work with Human Resources to

develop a job description and formalize the role ofContract Administrator. Further, management will workwith the Contract Administrator to develop metrics for theoversight of Tuff Recycling and Supply Inc., to bemonitored and reported on a regular basis. This work willbe completed by December 2017.

5.7 - 14

11

Management Actions • Management will work with Tuff Recycling and Supply

Inc. to ensure:• A Customer Complaints Log is maintained.• Performance discussions are incorporated in a formal

manner into the monthly meeting between WasteManagement staff and Tuff Recycling and Supply Inc.

• Key performance indicators are developed andmonitored and the reporting process is enhanced forrelevance, functionality, accuracy and format.

This is expected to be completed by December 2017.

5.7 - 15

12

Thank you!

5.7 - 16



For Information


REPORT TITLE: HUMAN RESOURCES CONTRACTOR SAFETY PROGRAM RISK

ASSESSMENT


OBJECTIVE

To provide the Audit and Risk Committee with the results of the Human Resources

Contractor Safety Program Risk Assessment.

REPORT HIGHLIGHTS

A risk assessment of the Human Resources Contractor Safety Program (Program) was requested to address safety concerns for contractors who perform work at Regional sites.

The scope of risk assessment was to identify risks to the Program achieving its core objectives.

Mitigation strategies were also identified to help ensure the risks are appropriately managed.


The 2016 Integrated Risk Management Work Plan allotted time to address the needs for

operational risk assessments as they emerge during the year. Human Resources Contractor Safety Program was undertaken to address safety concerns arising from

contractors who perform work on Regional property. 2. Results of Risk Assessment

The result of the risk assessment is attached as Appendix I to this report. CONCLUSION

The 2016 Integrated Risk Management Work Plan allots time to address the needs for

operational risk assessments as they emerge during the year. The Human Resources Contractor Safety Risk Assessment was conducted at the request of management and

results are attached as Appendix I.

5.8 - 1

HUMAN RESOURCES CONTRACTOR SAFETY PROGRAM RISK ASSESSMENT

- 2 -



Appendix I - Contractor Safety Dashboard Report Appendix II - Presentation For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Michelle Morris, CPA, CGA, CIA, CRMA and Anila Lalani, CIA, CISA

5.8 - 2

Human Resources Contractor Safety Program APPENDIX I

Internal Audit Division

Integrated Risk Management

Risk Assessment: Human Resources Contractor Safety Program Objectives: To reduce the likelihood and severity of possible injury to individuals due to contractor activities on Region of Peel property.

To increase compliance with the Occupational Health & Safety Act and Regulations. To increase the level of safety maturity at the Region of Peel.

The following significant risks may materially and adversely affect contractor safety objectives. Additional risks and uncertainties identified and not deemed significant may also impair contractor safety objectives.

Risks Risk Type Mitigation Strategy Owner Trending

Limited knowledge and understanding of safety practices of both the contractors and Regional staff may expose the Region to safety violations resulting in:

Non-compliance to legislation

Personal injury

Governance - Engage stakeholders to develop RACI chart (Responsible, Accountable, Consulted and Informed) to clarifying roles and responsibilities.

- Develop governance model to clearly articulate responsibilities of contractors and the Region.

- Explore options to develop contractors’ capacity for safety through Certificate of Recognition (COR) program.

Director, Human Resources Target Completion: December 2017

Absence of corporate standards for safety requirements for operational contracts may result in omissions to safety standards and legislated requirements. Consequences may include:

Personal injury as a result of workers negligence, lack of training, inadequate equipment repair and maintenance

Lack of or inadequate safety plan

Lack of or inadequate monitoring and oversight by General Contractors to their sub-contractors

Procurement /Contract Management

- Develop corporate standards for safety requirements for operational contracts.

- Develop guidelines for operational contracts based on nature of work and risk exposure.

- Work with Purchasing to incorporate safety guidelines in operational contracts.


Vendor performance evaluation based on quality alone and not safety practices as well may result in the re-hire of contractors with poor safety records and incidences.

Procurement /Contract Management

- Provide guidelines for staff to evaluate contractors’ safety practices through the vendor performance evaluation process.

- Provide training for Project Managers in Contractor evaluation and issues management with respect to safety.


we succeed helping

you succeed

5.8 - 3

Human Resources Contractor Safety Program APPENDIX I

Limited resources for contractor oversight may limit the Region’s ability to oversee safety practices of the contractor and address safety issues as they arise. Note: General Contractors are responsible for workers’ safety while the Region’s role is limited to oversee the work of the General Contractor.

People - Develop practical tools, templates and guides to assist operating staff to focus on projects with higher risk exposure to oversee safety practices.

- Include Vendor of Record for Ontario Health and Safety Inspection of Construction Sites.

Director, Human Resources Target Completion: September 2017

The arrows in the trending column is an assessment of the potential direction of this risk, i.e. - increasing risk exposure, - risk exposure currently constant, - reduced

risk exposure. All risks are future orientated.

5.8 - 4

1

Human Resources Contractor Safety Program

Risk Assessment Results Audit and Risk Committee

February 2, 2017 Presented by: Anila Lalani, Advisor Integrated Risk Management

and Mary Killeavy, Director Human Resources

5.8 - 5

2

Potential Risks and Mitigation Strategies

Risks Mitigation Strategy Trending Limited knowledge and understanding of safety practices of both the contractors and Regional staff may expose the Region to safety violations resulting in: Non-compliance to legislation Personal injury.

Risk Type – Governance

• Engage stakeholders to develop RACI chart (Responsible,Accountable, Consulted and Informed) to clarifying roles andresponsibilities.

• Develop governance model to clearly articulate responsibilities ofcontractors and the Region.

• Explore options to develop contractors’ capacity for safetythrough Certificate of Recognition (COR) program.

Risk Owner – Director Human Resources Target Completion: December 2017

Absence of corporate standards for safety requirements for operational contracts may result in omissions to safety standards and legislated requirements.

Consequences may include: • Personal injury as a result of workers negligence, lack of

training, inadequate equipment repair and maintenance • Lack of or inadequate safety plan• Lack of or inadequate monitoring and oversight by

General Contractors to their sub-contractors

Risk Type – Procurement /Contract Management

• Develop corporate standards for safety requirements foroperational contracts.

• Develop guidelines for operational contracts based on nature ofwork and risk exposure.

• Work with Purchasing to incorporate safety guidelines inoperational contracts.

• Develop standard operating procedures

Risk Owner - Director Human Resources Target Completion: December 2018

5.8 - 6

3

Potential Risks and Mitigation Strategies

Risks Mitigation Strategy Trending Vendor performance evaluation based on quality alone and not safety practices as well may result in the re-hire of contractors with poor safety records and incidences.

Risk Type – Procurement /Contract Management

• Provide guidelines for staff to evaluate contractors’ safetypractices through the vendor performance evaluationprocess.

• Provide training for Project Managers in Contractorevaluation and issues management with respect to safety.

Risk Owner – Director Human Resources Target Completion: December 2018

Limited resources for contractor oversight may limit the Region’s ability to oversee safety practices of the contractor and address safety issues as they arise.

Note: General Contractors are responsible for workers’ safety while the Region’s role is limited to oversee the work of the General Contractor.

Risk Type – People

- Develop practical tools, templates and guides to assist operating staff to focus on projects with higher risk exposure to oversee safety practices

- Include Vendor of Record for Ontario Health and Safety Inspection of Construction Sites.

Risk Owner – Director Human Resources Target Completion: September 2017

5.8 - 7

4

5.8 - 8

Documents

THE REGIONAL MUNICIPALITY OF PEEL · THE REGIONAL MUNICIPALITY OF PEEL . AUDIT AND RISK COMMITTEE . AGENDA ARC - 1/2017 . ... REPORT HIGHLIGHTS The 2016 Internal Audit Risk Based