The URL can be used to link to this page

Home My WebLink About08.3ca Audit Report 26 September 2018 Public plus Appendices 1 REPORT NO. 4, AUDIT COMMITTEE PUBLIC Wednesday, September 26, 2018 7:00 pm Trustees' Committee Room 133 Greenbank Road Ottawa, Ontario Members Present: Lynn Scott (Trustee), Keith Penny (Trustee), Eric Husband (External) Staff Present: Jennifer Adams, Director; Michael Carson, Chief Financial Officer; Kevin Gardner, Manager of Financial Services; Sandra Lloyd, Manager of Risk and Supply Chain Management; Mary Jane Farrish, Superintendent of Instruction; Katrine Mallan, Manager of Board Services; and Nicole Guthrie, Committee Coordinator. Others Present: Pasquale L'orfano, Regional Internal Auditor (electronic communication); and Diana Swedani, Audit Manager KPMG LLP. 1. Call to Order Acting Chair Scott called the public session to order 7:00 p.m. 2. Approval of Agenda Moved by Trustee Penny, THAT the agenda be approved. - Carried – 3. Delegations There were no delegations. 4. Superintendent's Report Chief Financial Officer (CFO) Carson advised that preliminary enrolment is slightly higher than the projection and revenue projections are on target. He added that staff anticipates further growth and the District has made the 2 necessary changes at school sites to accommodate for further fluctuations and changes. CFO Carson expressed concern for those families affected by the tornado that touched down in Ottawa on 21 September 2018. District staff responded early and all schools with the exception of Knoxdale Public School had returned to business as usual as of 26 September 2018. He noted that Knoxdale PS will reopen on 28 September 2018. The decision to keep Knoxdale PS closed was a result of the risks to the safety of students owing to the debris and broken glass blown into the yard during the tornado. He added that the District is working closely with Ottawa Student Transportation Authority (OSTA) on transportation for those students that have been dislocated from their homes as a result of the tornado. The District and OSTA aim to support the students in their home school where possible. CFO Carson advised that the tree damage to District property is not insurable. The District has begun discussions with the province to apply for disaster relief funding. Staff is currently tallying the costs of the damage. A preliminary review suggests that the majority of the expense is a result of the staff time that was required to supervise schools that were without power. CFO Carson highlighted the efforts of the staff and administration of West Carleton Secondary School which was used as a shelter and provided relief to the Dunrobin community. CFO Carson noted that the elimination of the greenhouse gas funding announced by the province did not affect the District as the funding had already been committed. The changes to the Grants for Student Needs (GSNs) did not impact the District. CFO Carson noted that recent reports identifying opportunities for provincial savings are worrying, and he anticipates the 2019- 2020 budget process will be more difficult than the past two years. CFO Carson advised that the recruitment for the new Regional Internal Audit Manager has begun under the direction of David Leach, Superintendent of Finance & Administration, Ottawa Catholic School Board (OCSB). He noted the District has an excellent relationship with OCSB and that the cooperation of the two school boards was evidenced during the aftermath of the tornado. In response to a query from Mr. Husband regarding the application of the business continuity plan in the wake of the tornado, CFO Carson noted that the formal plan was not implemented, but the response operated as planned. The facilities staff were contacted immediately and, under the direction of the Associate Director, the District activated its processes and formed a plan to manage the incident. Director Adams added that the emergency response team came together to make the decision to close all schools on 24 September 2018. She noted that the plan and processes advised by the emergency response team were followed. CFO Carson indicated that there was no formal emergency declaration by the City of Ottawa. 3 Chair Scott praised the coordination with OSTA staff as well as OCSB to develop alternate routes and pick up points for affected areas. 5. Matters for Action 5.1 Review of Audit Committee Report a. Report 3, 23 May 2018 Moved by Trustee Penny, THAT the Report 3, Audit Committee, dated 23 May 2018 be received. - Carried – b. Business Arising There was no business arising. 5.2 Report 18-082, External Auditor's Audit Plan for the 2017-2018 Year-End Audit Your Committee had before it Report 18-082 seeking approval of KPMG LLP’s plan for the audit of the 2017-2018 Consolidated Financial Statements. Moved by Trustee Penny, THAT KPMG LLP’s plan for the audit of the 2017-2018 Consolidated Financial Statements be approved. During the presentation of the audit plan by KPMG LLP Audit Manager Diana Swedani, and in the ensuing discussion, the following points were noted: • Rob Clayton has taken on the role of Lead Audit Engagement Partner and oversees the District’s external audit process; • There have been no significant changes with regard to the District’s operations and therefore no change in how the external audit is conducted is required; • For the current period, the materiality is 1.3%, the performance materiality is $8,625,000 and the audit misstatement posting threshold is $575,000. All of the amounts are consistent with prior year's audits; • KPMG LLP rebuts the fraud risk as the majority of the District's revenue consists of government funding; • KPMG LLP conducts testing on journal entries, performs a retrospective review of estimates and evaluates the business rationale 4 of unusual transactions to evaluate fraud risk from management override of controls; •KPMG LLP will be integrating data and analytics procedures into the audit and will focus on journal entry testing, and school generated funds. These are consistent with the previous year; •CFO Carson advised that as a result of changes made to the Public Sector Accounting Board (PSAB) standard, asset retirement will be a challenge for school boards across the province as there is no funding source available until the site or asset is disposed of. The liability is typically funded by the sale of the asset. He added that school boards are unlikely to be early adopters of the PSAB standard and are trying to work through options; and •In response to a query from Mr. Husband regarding current developments in internal controls, CFO Carson responded that the District has adequate internal controls but that more of the Committee of Sponsoring Organizations (COSO) framework components as outlined on page 45 could be built into existing management practices. He noted that at present the District relies on the evaluation provided by KPMG. Moved by Trustee Penny, THAT KPMG LLP’s plan for the audit of the 2017-2018 Consolidated Financial Statements be approved (Attached as Appendix A). - Carried – 5.3 Report 18-080, 2017-2018 Annual Report on Internal Audit Activity Your Committee had before it Report 18-080 seeking approval of the annual report to the Board summarizing the work performed by the Regional Internal Audit Team (RIAT) during 2017-2018 in accordance with Ontario Regulation 361/10, Audit Committees. Manager Gardner noted that a summary of the audit activity of the District can be found within the report and that Appendix A to Report 18-080 lists the internal audits that were started and/or completed by August 31, 2018. He added staff has confirmed that no enrolment audit has been identified in the multi-year Internal Audit Plan. Moved by Eric Husband, THAT Appendix A to Report 18-080 be approved as the 2017-2018 Annual Report on Internal Audit Activity. (Attached as Appendix B) - Carried – 5 5.4 Report 18-081, Audit Committee Annual Report for 2017-2018 Your Committee had before it Report 18-081 seeking approval of the 2017-2018 annual report on the work performed by the Audit Committee. CFO Carson noted that as a result of the RIAT audit of school council funds, the District was able to work closely with the Ottawa-Carleton Assembly of School Councils (OCASC) to help further best practices and accountability. He added that the audit of the District's Continuing Education programs has enabled a broader understanding of the business of continuing education. Mr. Husband requested that the report include the work that has been undertaken in the areas of compliance and risk management. CFO Carson responded that the District is currently working towards formalizing compliance measures owing to the ongoing work of Manager Lloyd. He noted that the District is not alone in its response to overall risk management and that many school boards across the province are similarly challenged. The provincial government had provided funding to investigate Strategic Enterprise Risk Management (SERM) and the District had hoped to be part of the pilot which will begin in the fall of 2018. Unfortunately, the District is not included in the pilot but much of the preliminary work has been undertaken by Manager Lloyd and a report should be provided to the committee in January 2019. The department has identified SERM as a goal. He noted that staff in all departments incorporate elements of risk management in their work but there is currently no formal risk management framework. CFO Carson noted that compliance is addressed in paragraph 9 of the report and at the committee's request it could be expanded and re-titled to reference compliance specifically. In response to a query from Trustee Scott regarding the deadline for the report's submission to the Board and the Ministry, Manager Gardner noted that the final report will be brought to the Board in November. Director Adams requested that the CFO work with the Chair of the Audit Committee to ensure the report is rewritten to include reference to both the risk management and compliance practices undertaken by the District. CFO Carson indicated that he would speak with the Ministry liaison to inquire whether or not the deadline for the submission of the report could be extended to ensure the Audit Committee has an opportunity to discuss the amended report. 6 5.5 Report 18-083, Approval of the 2018-2019 Internal Audit Plan (M. Carson ext. 8881) Your Committee had before it Report 18-083 seeking approval of the 2018-2019 Internal Audit Plan. Manager Gardner noted that the plan includes an audit of attendance support, information technology (IT) security management and procurement. The plan also includes a risk assessment update. CFO Carson advised that staff worked closely with the RIAT to identify priorities within the District and noted that four engagements are proposed for audit during the 2018-2019 school year, but indicated that the new Regional Internal Audit Manager may identify alternate priorities. He added that the Audit Committee would be advised of any major changes to the annual plan. In response to a query from Mr. Husband regarding the risk assessment update, CFO Carson responded that system-wide risk assessment is a part of all board operations and that it has guided the audit approach to date but an update is required. CFO Carson noted the process to replace the Regional Internal Audit Manager has begun and he anticipates an announcement will be made in advance of Superintendent Leach's retirement. Moved by Eric Husband, THAT the Regional Internal Audit Manager’s 2018-2019 Internal Audit Plan be approved. (Attached as Appendix C) - Carried - 5.6 Report 18-090, Final Report: Records and Information Management Audit (M. Giroux ext. 8310) Your Committee had before it Report 18-090 presenting the Regional Internal Audit Team (RIAT) manager’s summary regarding the audit of records and information management. CFO Carson thanked Ms. Robitaille, Mr. L'orfano and the internal audit team for their work. He noted that the District is committed to transparency and the RIAT provides an audit summary for the public. He noted that staff has begun to implement an action plan in response to the audit recommendations. Manager Mallan noted that the District has re-established the Privacy Committee and will be hosting a Privacy Awareness Week in the fall of 2018. She added that the District will also be reviewing and updating the 7 records management policy to include advances in technology and digital record keeping. Mr. Husband requested the nature of the findings be further expanded upon for the public. Trustee Penny queried whether or not a moderate rating is a concern. CFO Carson indicated that the RIAT makes a concerted effort to present information to the public in the interest of transparency; however, much of the discussion is reserved for in-camera. Many school boards operate their audit committees entirely in-camera. He added that Board Services staff could provide a follow-up memo with further details on the audit to bolster public assurance. Chair Scott expressed the view that the in-camera report is more detailed as the subject matter involves the security of the property of the Board. She noted that many aspects of the audit such as the classification and retention schedule and the destruction of records could be made public. 6.Matters for Discussion 6.1 Memo 18-108, Regional Internal Audit Team Evaluation Process for 2017- 2018 (M. Carson ext. 8881) Your Committee had before it Memo 18-108 requesting the Committee’s input in preparing a high-level performance evaluation for the regional internal audit team (RIAT). Ratings and comments will be summarized and the evaluation, inclusive of management’s evaluation, will be presented to the Audit Committee for approval in November 2018. Chair Scott noted that the completed evaluations should be returned to Manager Gardner by 19 October 2018. CFO Carson added that the information will be shared with Superintendent Leach of the OCSB. In response to a query from Trustee Penny regarding the education of the newly elected Board members on the role and function of the Audit Committee and whether or not there are plans for an orientation, CFO Carson indicated that he intends to have KPMG LLP and the RIAT make a joint presentation to new members of the Board. Information will be provided to the new Board and a more formal presentation will be made to the members of the Audit Committee. 8 7.Information Items 7.1 Long Range Agenda The long range agenda was provided for information. Trustee Scott requested that the long range agenda include reference to the risk management update. Mr. Husband queried whether or not CFO Carson plans to provide the Audit Committee with year-to-date financial information noting his previous suggestion that year-to-date financials be brought to the committee biannually. CFO Carson indicated that he will provide the information at the January meeting. In response to a query from Trustee Penny regarding succession planning, CFO Carson noted that Superintendent McCoy is working on a formal succession plan. Director Adams noted that senior staff have discussed succession planning and it is an element of the Director's Work Plan. She added that the new Manager of Human Resource has experience with succession planning and she will be involved in the framework. CFO Carson added that although there is no current formal succession plan, each department has undertaken their own reviews. 8.New Business There was no new business. 9. Adjournment The public meeting adjourned at 8:13 p.m. _________________________ Lynn Scott, Acting Chair, Audit Committee KPMG LLP 150 Elgin Street, Suite 1800 Ottawa ON K2P 2P8 Canada Telephone 613-212-5764 Fax 613-212-2896 KPMG LLP is a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. KPMG Canada provides services to KPMG LLP. Mr. Michael Carson Chief Financial Officer Ottawa-Carleton District School Board 133 Greenbank Road Nepean, Ontario K2H 6L3 September 4, 2018 Dear Mr. Carson: The purpose of this letter is to outline the terms of our engagement to audit the consolidated annual financial statements of Ottawa-Carleton District School Board (“the Board”), commencing for the period ending August 31, 2018. This letter supersedes our previous letter to the Entity dated September 6, 2017. The terms of the engagement outlined in this letter will continue in effect from period to period, unless amended or terminated in writing. The attached Terms and Conditions and any exhibits, attachments and appendices hereto and subsequent amendments form an integral part of the terms of this engagement and are incorporated herein by reference (collectively the “Engagement Letter”). Financial Reporting Framework for the Financial Statements The annual financial statements will be prepared and presented in accordance with a basis of accounting described in the notes to the financial statements (hereinafter referred to as the “financial reporting framework”). The annual financial statements will include an adequate description of the financial reporting framework (hereinafter referred to as the “financial statements” or “annual financial statements”). Management's Responsibilities Management responsibilities are described in Appendix A – Management’s Responsibilities. An audit does not relieve management or those charged with governance of their responsibilities. Auditor’s Responsibilities Our responsibilities are described in Appendix B – Auditor’s Responsibilities. If management does not fulfill the responsibilities above, we cannot complete our audit. 2 Auditor’s Deliverables The expected form and content of our report(s) is provided in Appendix C – Expected Form of Report. However, there may be circumstances in which a report may differ from its expected form and content. In addition, if we become aware of information that relates to the financial statements after we have issued our audit report , but which was not known to us at the date of our audit report, and which is of such a nature and from such a source that we would have investigated that information had it come to our attention during the course of our audit, we will, as soon as practicable: (1) communicate such an occurrence to those charged with governance; and (2) undertake an investigation to determine whether the information is reliable and whether the facts existed at the date of our audit report. Further, management agrees that in conducting that investigation, we will have the full cooperation of the Entity’s personnel. If the subsequently discovered information is found to be of such a nature that: (a) our audit report would have been affected if the information had been known as of the date of our audit report; and (b) we believe that the audit report is currently being relied upon or is likely to be relied upon by someone who would attach importance to the information, appropriate steps will be taken by KPMG, and appropriate steps will also be taken by the Entity, to prevent further reliance on our audit report. Such steps include, but may not be limited to, appropriate disclosures by the Entity to the users of the financial statements and audit report thereon of the newly discovered facts and the impact to the financial statements. Income tax compliance and advisory services Tax compliance and advisory services are outside the scope of this letter. These services will be subject to the terms and conditions of a separate engagement letter. Fees Appendix D – Fees for Professional Services to this letter lists our fees for professional services to be performed under this Engagement Letter. *********** W e are available to provide a wide range of services beyond those outlined above. Additional services are subject to separate terms and arrangements. We are proud to provide you with the services outlined above and we appreciate your confidence in our work. We shall be pleased to discuss this letter with you at any time. If the arrangements and terms are acceptable, please sign the duplicate of this letter in the space provided and return it to us. 3 Yours very truly, Rob J. Clayton, CPA, CA Partner responsible for the engagement and its performance, and for the report that is issued on behalf of KPMG LLP, and who, where required, has the appropriate authority from a professional, legal or regulatory body. Enclosure cc: Audit Committee *********** The terms of the engagement for Ottawa-Carleton District School Board are set out are as agreed: Michael Carson, Chief Financial Officer Date (dd/mm/yy) 4 Appendix A – Management’s Responsibilities Management acknowledges and understands that they are responsible for: (a) the preparation and fair presentation of the financial statements in accordance with the financial reporting framework referred to above. (b) providing us with all information of which management is aware that is relevant to the preparation of the financial statements such as financial records, documentation and other matters, including: − the names of all related parties and information regarding all relationships and transactions with related parties − the complete minutes of meetings, or summaries of actions of recent meetings for which minutes have not yet been prepared, of shareholders, board of directors, and committees of the board of directors that may affect the financial statements. (c) providing us with additional information that we may request from management for the purpose of the engagement. (d) providing us with unrestricted access to persons within the Entity from whom we determine it necessary to obtain evidence. (e) such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Management also acknowledges and understands that they are responsible for the design, implementation and maintenance of internal control to prevent and detect fraud. (f) ensuring that all transactions have been recorded and are reflected in the financial statements. (g) providing us with written representations required to be obtained under professional standards and written representations that we determine are necessary. Management also acknowledges and understands that, as required by professional standards, we may disclaim an audit opinion when management does not provide certain written representations required. 5 Appendix B – Auditor’s Responsibilities Our function as auditors of the Entity is: – to express an opinion on whether the Entity's annual financial statements, prepared by management with the oversight of those charged with governance, are, in all material respects, in accordance with the financial reporting framework referred to above – to report on the annual financial statements We will conduct the audit of the Entity's annual financial statements in accordance with Canadian generally accepted auditing standards and relevant ethical requirements, including those pertaining to independence (hereinafter referred to as applicable “professional standards”). We will plan and perform the audit to obtain reasonable assurance about whether the annual financial statements as a whole are free from material misstatement, whether due to fraud or error. Accordingly, we will, among other things: – identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the Entity and its environment, including the Entity's internal control. In making those risk assessments, we consider internal control relevant to the Entity's preparation of the annual financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Entity's internal control – obtain sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks – form an opinion on the Entity's annual financial statements based on conclusions drawn from the audit evidence obtained – communicate matters required by professional standards, to the extent that such matters come to our attention, to the appropriate level of management, those charged with governance and/or the board of directors. The form (oral or in writing) and the timing will depend on the importance of the matter and the requirements under professional standards. 6 Appendix C – Expected Form of Report INDEPENDENT AUDITORS' REPORT To the Board of Trustees of the Ottawa-Carleton District School Board We have audited the accompanying consolidated financial statements of the Ottawa- Carleton District School Board, which comprise the consolidated statement of financial position as at August 31, 2018, the consolidated statements of operations and accumulated surplus, change in net debt and cash flows for the year then ended, and notes, comprising a summary of significant accounting policies and other explanatory information. Management's Responsibility for the Consolidated Financial Statements Management is responsible for the preparation of these consolidated financial statements in accordance with the basis of accounting described in note 1(a) to the consolidated financial statements, and for such internal control as management determines is necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error. Auditors’ Responsibility Our responsibility is to express an opinion on these consolidated financial statements based on our audit. We conducted our audit in accordance with Canadian generally accepted auditing standards. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on our judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, we consider internal control relevant to the entity’s preparation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the consolidated financial statements of the Ottawa-Carleton District School Board as at and for the year ended August 31, 2018, are prepared, in all material respects, in accordance with the basis of accounting described in note 1(a) to the consolidated financial statements. 7 Emphasis of Matter Without modifying our opinion, we draw attention to note 1(a) to the consolidated financial statements which describes the basis of accounting used in the preparation of these consolidated financial statements and the significant differences between such basis of accounting and Canadian public sector accounting standards. Chartered Professional Accountants, Licensed Public Accountants (date) Ottawa, Canada 8 Appendix D – Fees for Professional Services The Entity and KPMG agree to a fee based on actual hours incurred at mutually agreed- upon rates for the audit. The estimated fee is $94,500. Breakdown of fees as follows: Engagement details Estimated Fee August 31st year end audit $78,000 School Generated Fund audit $16,500 Total estimated fee: $94,500 Routine administration expenses, such as long distance telephone calls, photocopies, fax charges, printing, postage, delivery, and secretarial time will be charged on the basis of a percentage of our professional costs. Out-of-pocket costs such as travel will be charged as incurred. Harmonized Sales Tax (HST) will be computed and shown separately on our invoices, together with our firm’s HST registration number, so that you will have the information required to claim input tax credits and input tax refunds, if applicable. The Board agrees, by accepting the terms of this engagement, to pay all invoices to KPMG within 30 days of receipt. TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS MAY 2018 1 These Terms and Conditions are an integral part of the accompanying engagement letter or proposal from KPMG that identifies the engagement to which they relate (and collectively form the “Engagement Letter”). The Engagement Letter supersedes all written or oral representations on this matter. The term “Entity” used herein has the meaning set out in the accompanying engagement letter or proposal. The term “Management” used herein means the management of Entity. 1. DOCUMENTS AND LICENSES. a. All working papers, files and other internal materials created or produced by KPMG in relation to this engagement and all copyright and intellectual property rights therein are the property of KPMG. b. Only in connection with the services herein, Entity hereby grants to KPMG a limited, revocable, non-exclusive, non-transferable, paid up and royalty-free license, without right of sublicense, to use all logos, trademarks and service marks of Entity solely for presentations or reports to Entity or for internal KPMG presentations and intranet sites. Further, Entity agrees that KPMG may list Entity as a customer in KPMG’s internal and external marketing materials, including KPMG websites and social media, indicating the general services rendered (e.g., “Client is an Audit, Advisory, and/or Tax client of KPMG LLP”). 2. ENTITY’S RESPONSIBILITIES. a. Entity agrees that all management responsibilities will be performed and all management decisions will be made by Entity, and not by KPMG. b. Entity's provision of documents and information to KPMG on a timely basis is an important factor in our ability to issue any reports under this Engagement Letter. KPMG is not responsible for any consequences arising from Entity’s failure to deliver documents and information as required. c. To the extent that KPMG personnel are on Entity’s premises, Entity will take all reasonable precautions for their safety. d. Entity understands and acknowledges that KPMG’s independence may be impaired if any KPMG partner, employee or contractor accepts any offer of employment from Entity. e. Except as required by applicable law or regulation, Entity shall keep confidential the terms of this Engagement Letter, and such confidential information shall not be distributed, published or made available to any other person without KPMG’s express written permission. f. Management agrees to promptly provide us with a copy of any comment letter or request for information issued by any securities or other regulatory authority in respect of information on which KPMG reported, including without limitation any continuous disclosure filings. 3. FEE AND OTHER ARRANGEMENTS. a. KPMG's estimated fee is based in part on the quality of Entity's records, the agreed-upon level of preparation and assistance from Entity's personnel, and adherence by Entity to the agreed-upon timetable. KPMG's estimated fee also assumes that Entity's financial statements and/or other financial information, as applicable, are prepared in accordance with the relevant financial reporting framework or the relevant criteria, as applicable, and that there are no significant changes to the relevant financial reporting framework or the relevant criteria, as applicable; no significant new or changed accounting policies; no significant changes to internal control; and no other significant issues. b. Additional time may be incurred for such matters as significant issues, significant unusual and/or complex transactions, informing management about new professional standards, and any related accounting advice. Where these matters arise and require research, consultation and work beyond that included in the estimated fee, Entity and KPMG agree to revise the estimated fee. Our professional fees are also subject to an additional charge to cover information technology infrastructure costs and administrative support of our client service personnel. Disbursements for items such as travel, accommodation and meals will be charged based on KPMG's actual disbursements. c. KPMG's invoices are due and payable upon receipt. Amounts overdue are subject to interest. In order to avoid the possible implication that unpaid fees might be viewed as creating a threat to KPMG's independence, it is important that KPMG's bills be paid promptly when rendered. If a situation arises in which it may appear that KPMG's independence is threatened because of significant unpaid bills, KPMG may be prohibited from signing any applicable report and/or consent. d. Fees for any other services will be billed separately from the services described in this Engagement Letter and may be subject to written terms and conditions supplemental to those in the Engagement Letter. e. Canadian Public Accountability Board (“CPAB”) participation fees, when applicable, are charged to Entity based on the annual fees levied by CPAB. 4. USE OF MEMBER FIRMS AND THIRD PARTY SERVICE PROVIDERS; STORAGE AND USE OF INFORMATION. a. KPMG is a member firm of the KPMG International Cooperative (“KPMG International”). Entity acknowledges that in connection with the provision of services hereunder, KPMG may use the services of KPMG International member firms, as well as other third party service providers or subcontractors, and KPMG shall be entitled to share with them all documentation and information related to the engagement, including Entity’s confidential information and personal information (“information”). KPMG may also: (i) directly, or using such aforementioned KPMG International member firms, third party service providers or subcontractors, perform data analytics in respect of the information; and (ii) retain and disclose to KPMG International member firms the information to share best practices or for knowledge sharing purposes. In all such cases, such information may be used, retained, processed, or stored outside of Canada by such KPMG International member firms, other third party service providers or subcontractors, and may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is used, retained, processed or stored, which laws may not provide the same level of protection for such information as will Canadian laws. KPMG represents that such KPMG International member firms, other third party service providers or subcontractors have agreed or shall agree to conditions of confidentiality with respect to Entity’s confidential information, and that KPMG is responsible to ensure their compliance with those conditions. Any services performed by KPMG International member firms or other third party service providers or subcontractors shall be performed in accordance with the terms of this Engagement Letter, but KPMG remains solely responsible to Entity for the delivery of the services hereunder. Entity agrees that any claims that may arise out of the engagement will be brought solely against KPMG, the contracting party, and not against any other KPMG International member firms or other third party service providers or subcontractors referred to above. b. Certain information (including information relating to time, billing and conflicts) collected by KPMG during the course of the engagement may be used, retained, processed and stored outside of Canada by KPMG, KPMG International member firms or third party service providers or subcontractors providing support services to KPMG for administrative, technological and clerical/organizational purposes, including in respect of client engagement acceptance procedures and maintaining engagement profiles; and to comply with applicable law, regulation or professional standards (including for quality performance reviews). Such information may be subject to disclosure in accordance with the laws applicable in the jurisdiction in which the information is used, retained, processed or stored, which laws may not provide the same level of protection for such information as will Canadian laws. KPMG may also share information with its legal advisers and insurers for the purposes of obtaining advice. c. Entity acknowledges that KPMG aggregates anonymous information from sources including the Entity for various purposes, including to monitor quality of service, and Entity consents to such use. KPMG may also use Entity’s information to offer services that may be of interest to Entity. 5. PERSONAL INFORMATION CONSENTS AND NOTICES. KPMG may be required to collect, use and disclose personal information about individuals during the course of the engagement. Any collection, use or disclosure of personal information is subject to KPMG’s Privacy Policy available at www.kpmg.ca. Entity represents and warrants that (i) it will obtain any consents required to allow KPMG to collect, use and disclose personal information in the course of the engagement, and (ii) it has provided notice to those individuals whose personal information may be collected, used and disclosed by KPMG hereunder of the potential processing of such personal information outside of Canada (as described in Section 4 above). KPMG’s Privacy Officer noted in KPMG’s privacy policy is able to answer any individual’s questions about the collection of personal information required for KPMG to deliver services hereunder. TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS MAY 2018 2 6.THIRD PARTY DEMANDS FOR DOCUMENTATION AND INFORMATION / LEGAL AND REGULATORY PROCESSES. a.Entity on its own behalf hereby acknowledges and agrees to cause its subsidiaries and affiliates to acknowledge that KPMG or a foreign component auditor which has been engaged in connection with an assurance engagement (“component auditor”) may from time to time receive demands from a third party (each, a “third party demand”), including without limitation (i) from CPAB or from professional, securities or other regulatory, taxation, judicial or governmental authorities (both in Canada and abroad), to provide them with information and copies of documents in KPMG’s or the component auditor’s files including (without limitation) working papers and other work-product relating to the affairs of Entity, its subsidiaries and affiliates, and (ii) summons for production of documents or information related to the services provided hereunder; which information and documents may contain confidential information of Entity, its subsidiaries or affiliates. Except where prohibited by law, KPMG or its component auditor, as applicable, will advise Entity or its affiliate or subsidiary of the third party demand. Entity acknowledges, and agrees to cause its subsidiaries and affiliates to acknowledge, that KPMG or its component auditor, as applicable, will produce documents and provide information in response to the third party demand, without further authority from Entity, its subsidiaries or affiliates. b.KPMG will use reasonable efforts to withhold from production any documentation or information over which Entity asserts privilege. Entity must identify any such documentation or information at the time of its provision to KPMG by marking it as “privileged”. Notwithstanding the foregoing, where disclosure of such privileged documents is required by law, KPMG will disclose such privileged documents. If and only if the authority requires such access to such privileged documents pursuant to the laws of a jurisdiction in which express consent of Entity is required for such disclosure, then Entity hereby provides its consent. c.Entity agrees to reimburse KPMG for its professional time and any disbursements, including reasonable legal fees and taxes, in responding to third party demands. d.Entity waives and releases KPMG from any and all claims that it may have against KPMG as a result of any disclosure or production by KPMG of documents or information as contemplated herein. e.Entity agrees to notify KPMG promptly of any request received by Entity from any third party with respect to the services hereunder, KPMG’s confidential information, KPMG’s advice or report or any related document. 7.CONNECTING TO THE ENTITY'S IT NETWORK; EMAIL AND ONLINE FILE SHARING AND STORAGE TOOLS. a.Entity authorizes KPMG personnel to connect their computers to Entity's IT Network and the Internet via the Network while at the Entity’s premises for the purpose of conducting normal business activities. b.Entity recognizes and accepts the risks associated with communicating electronically, and using online file sharing, storage, collaboration and other similar online tools to transmit information to or sharing information with KPMG, including (but without limitation) the lack of security, unreliability of delivery and possible loss of confidentiality and privilege. Entity assumes all responsibility or liability in respect of the risk associated with the use of the foregoing, and agrees that KPMG is not responsible for any issues that might arise (including loss of data) as a result of Entity using the foregoing to transmit information to or otherwise share information with KPMG and, in the case of online tools other than email, KPMG’s access to and use of the same in connection with obtaining Entity information and documents. 8.LIMITATION ON WARRANTIES. THIS IS A SERVICES ENGAGEMENT. KPMG WARRANTS THAT IT WILL PERFORM SERVICES HEREUNDER IN GOOD FAITH WITH QUALIFIED PERSONNEL IN A COMPETENT AND WORKMANLIKE MANNER IN ACCORDANCE WITH APPLICABLE INDUSTRY STANDARDS. SUBJECT TO SECTION 14, KPMG DISCLAIMS ALL OTHER WARRANTIES, REPRESENTATIONS OR CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES, REPRESENTATIONS OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 9.LIMITATION ON LIABILITY AND INDEMNIFICATION. a.Subject to Section 14: (i) Entity agrees that KPMG shall not be liable to Entity for any actions, damages, claims, fines, penalties, complaints, demands, suits, proceedings, liabilities, costs, expenses, or losses (collectively, “Claims”) in any way arising out of or relating to the services performed hereunder for an aggregate amount in excess of the lesser of one million dollars ($1,000,000) or two times the fees paid by Entity to KPMG under the engagement; and (ii) on a multi-phase engagement, KPMG’s liability shall be based on the amount actually paid to KPMG for the particular phase that gives rise to the liability. b.Subject to Section 14, in the event of a Claim by any third party against KPMG that arises out of or relates to the services performed hereunder, Entity will indemnify and hold harmless KPMG from all such Claims, including, without limitation, reasonable legal fees, except to the extent finally determined to have resulted from the intentional, deliberate or fraudulent misconduct of KPMG. c.Subject to Section 14: (i) in no event shall KPMG be liable for consequential, special, indirect, incidental, punitive or exemplary damages, liabilities, costs, expenses, or losses (including, without limitation, lost profits and opportunity costs); (ii) in any Claim arising out of the engagement, Entity agrees that KPMG’s liability will be several and not joint and several; and (iii) Entity may only claim payment from KPMG of KPMG’s proportionate share of the total liability based on degree of fault. d.For purposes of this Section 9, the term KPMG shall include its subsidiaries, its associated and affiliated entities and their respective current and former partners, directors, officers, employees, agents and representatives. The provisions of this Section 9 shall apply regardless of the form of Claim, whether in contract, statute, tort (including, without limitation, negligence) or otherwise. 10.CONSENT TO THE USE OF THE KPMG NAME OR KPMG REPORT. Except as otherwise specifically agreed in this Engagement Letter, KPMG does not consent to: i.the use of our name or our report in connection with information, other than what we have reported on as part of this Engagement Letter or our report thereon, that contains, incorporates by reference, or otherwise accompanies our report or our name; ii.the use of our report in another language, or the use of our report in connection with information that we reported on that has been translated into another language, or the use of our name in connection with information that we reported on that has been translated into another language; iii.the use of our report in connection with an offering document or other securities filing, including continuous disclosure filings; or iv.the use of our name or our report in connection with the interim financial statements (or other interim financial information) or any statement by the Entity regarding the services that we provided on the interim financial statements or other interim financial information. Any communication, report, statement or conclusion on the interim financial statements may not be included in, or otherwise referred to in any public document or public oral statements except when the interim review conclusion contains a modified conclusion, in which case our interim review report will accompany the interim financial statements. If the Entity wishes to obtain KPMG’s consent regarding the matters above or other matters not otherwise specifically covered by this Engagement Letter, we will be required to perform procedures as required by applicable professional standards, and such procedures would be a separate engagement and subject to separate engagement terms. 11.ALTERNATIVE DISPUTE RESOLUTION. Any dispute or claim between the parties arising under or relating to this Engagement Letter or the services provided hereunder (the “Dispute”) shall be submitted to non-binding mediation. If mediation is not successful within 90 days after the issuance by a party of a request for mediation, then the Dispute shall be referred to and finally resolved by arbitration under the Arbitration Rules of the ADR Institute of Canada in force at that time. The Seat of Arbitration shall be the province where KPMG’s principal office performing this engagement is located. The language of the arbitration shall be English. The Arbitral Tribunal shall be made up of a single Arbitrator. The arbitration award shall be final, conclusive and binding upon the parties, and not subject to appeal. 12.POTENTIAL CONFLICTS OF INTEREST. a.KPMG is or may be engaged by entities and individuals who have potentially conflicting legal and business interests to Entity. Entity agrees that, without further notice or disclosure to Entity, KPMG may: (i) accept or continue such engagements on matters unrelated to KPMG’s engagement for Entity; and (ii) provide advice or services to any other person or entity TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS TERMS AND CONDITIONS FOR ASSURANCE ENGAGEMENTS MAY 2018 3 making a competing bid or proposal to that of Entity whether or not KPMG is providing advice or services to Entity in respect of Entity’s competing bid or proposal. b. In accordance with professional standards, KPMG will not use any confidential information regarding Entity in connection with its engagements with other clients, and will establish confidentiality and other safeguards to manage conflicts, which may include, in KPMG’s sole discretion, the use of separate engagement teams and data access controls. c. In no event shall KPMG be liable to Entity, or shall Entity be entitled to a return of fees or disbursements, or any other compensation whatsoever as a result of KPMG accepting or continuing a conflicting engagement in accordance with the terms of this Engagement Letter. d. Entity agrees that KPMG may, in its sole discretion, disclose the fact and nature of its engagement for Entity to (i) KPMG International member firms to inform conflict searches, and (ii) to the extent reasonably required in order to obtain the consent of another entity or individual in order to permit KPMG to act for such entity or individual, or for Entity, in connection with the engagement or any future engagement. e. In the event that circumstances arise that place KPMG into a conflict of interest as between Entity and a pre-existing client, which in KPMG’s sole opinion cannot be adequately addressed through the use of confidentiality and other safeguards, KPMG shall be entitled to immediately terminate the engagement with Entity, without liability. f. Other KPMG International member firms are or may be engaged by entities and individuals who have potentially conflicting legal and business interests to Entity. Entity agrees that (i) it will not assert that other KPMG International member firms are precluded from being engaged by those other entities or individuals, and (ii) those engagements of other KPMG International member firms do not conflict with KPMG’s engagement for Entity. 13. LOBBYING. Unless expressly stated in this Engagement Letter, KPMG will not undertake any lobbying activity, as that term is defined in all applicable federal, provincial and municipal lobbyist registration statutes and regulations, in connection with the engagement. In the event that KPMG and Entity agree that KPMG will undertake lobbying activity in connection with the engagement, such agreement shall be set out in an amendment to this Engagement Letter. 14. SEVERABILITY. The provisions of these Terms and Conditions and the accompanying proposal or engagement letter shall only apply to the extent that they are not prohibited by a mandatory provision of applicable law, regulation or professional standards. If any of the provisions of these Terms and Conditions or the accompanying proposal or engagement letter are determined to be invalid, void or unenforceable, the remaining provisions of these Terms and Conditions or the accompanying proposal or engagement letter, as the case may be, shall not be affected, impaired or invalidated, and each such provision shall remain valid and in effect and be enforceable and binding on the parties to the fullest extent permitted by law. 15. GOVERNING LAW. This Engagement Letter shall be subject to and governed by the laws of the province where KPMG's principal office performing this engagement is located (without regard to such province's rules on conflicts of law). 16. LLP STATUS. KPMG is a registered limited liability partnership (“LLP”) established under the laws of the Province of Ontario and, where applicable, has been registered extra-provincially under provincial LLP legislation. 17. INDEPENDENT LEGAL ADVICE. Entity agrees that it been advised to retain independent legal advice at its own expense prior to signing this Engagement Letter (including without limitation with respect to Entity’s rights in connection with potential future conflicts) and agrees that any failure on its part to retain such independent legal counsel shall not affect (and it shall not assert that the same affects) the validity of the provisions of this Engagement Letter. 18. SURVIVAL. All sections hereof other than Section 7(a) shall survive the expiration or termination of the engagement. Report 18-080, 2017-2018 Annual Report on Internal Audit Activity was approved by Audit Committee as its annual report to the Board summarizing the work performed by the regional internal audit team (RIAT) during 2017-2018 in accordance with Ontario Regulation 361/10, Audit Committees. The following information has been prepared based on the report. District School Board Name: Ottawa-Carleton District School Board Fiscal Year: 2018 Re: Annual Audit Committee report to the Ministry of Education as per Ontario Regulation 361/10 During the 2018 fiscal year, the following internal audits were started and/or completed by August 31, 2018: 1.Report 17-066 – Final Report: School Council Funds Audit As part of the 2016-2017 Internal Audit Plan, an audit of processes supporting school council funds was completed. The final report was presented to Audit Committee on 27 September 2017. 2.Report 17-088 – Final Report: Continuing Education Audit As part of the 2016-2017 Internal Audit Plan, an audit of key processes relating to the management of the District’s Continuing Education department was completed. The final report was presented to Audit Committee on 22 November 2017. 3.Audit of Records and Information Management Policies and Processes As part of the 2017-2018 Internal Audit Plan, the RIAT completed an audit of records and information management policies and processes. The final report will be presented to Audit Committee in 2018-2019. 4.Audit of the Extended Day Program Policies and Processes As part of the 2017-2018 Internal Audit Plan, the RIAT commenced an audit of Extended Day Program policies and processes. The final report will be presented to Audit Committee in 2018- 2019. 5.Follow-up Procedures on the Audit of Patch and Release Management The follow-up review was completed in June 2018 and the findings will be presented to Audit Committee in 2018-2019. Based on the internal audit plan, the District is not expecting an enrolment audit to be performed in the 2019 fiscal year. Approved by Audit Committee on 26 September 2018 _________________________ Sandra Schwartz Audit Committee Chair Appendix A to Report 18-080 613-722-0801 • 893 Admiral Avenue, Ottawa, ON K1Z 6L6 TO: Members of the Audit Committee, Ottawa-Carleton DSB FROM: Line Robitaille, Regional Internal Audit Manager – Ontario East DATE: August 17, 2018 SUBJECT: 2018-19 Regional Internal Audit Activities Update Mandate As per Ministry guidelines, Regional Internal Audit Teams across the province have developed an internal audit mandate, which is posted on their Host Board’s website. No changes have taken place with this mandate since it was presented to the Committee in September, 2017. The mandate has been appended to this memorandum for your review and reference. Annual Plan Following discussions with management and as presented to the Committee at the May, 2018 meeting, the four engagements for the 2018-19 school year will be as follows: - Attendance Support audit – preferred audit start date May 13, 2019 - Manage IT Security audit – outsourced, timing not yet determined - Procurement review - timing not yet determined - Risk Assessment update – timing not yet determined In addition, follow-up procedures to the following audits will be conducted in early 2019: - Health and Safety, dated January, 2016 - Continuing Education, dated June, 2017 - School Council Funds, dated August, 2017 A copy of the two year plan is included below for your reference. Reporting Structure and Independence Independence is an essential component to building public trust and preserving objectivity and integrity associated with the audit function. To ensure this independence, the Regional Internal Audit Team – Ontario East (hereafter RIAT) reports functionally to the nine Audit Committees of the Ontario East region and administratively to the Senior Business Official of the Host Board. As such, the RIAT is not aware of any relationships with the Board that may be thought to bear on their independence. 2 Staffing and Professional Development The RIAT consists of a team of two Internal Auditors, one Audit Senior and one Internal Audit Manager. It is the RIAT’s objective to adequately staff the internal audit function in order to effectively perform its audit activities. 2018-19 will be a transition year as efforts are made to fill the Regional Internal Audit Manager position. The RIAT will continue to conduct scheduled audits, as previously planned and with the same emphasis on quality. The professional designations held by the RIAT include: Certified Professional Accountant (CA, CMA and CGA) and Certified Internal Auditor (CIA). The governing bodies issuing the professional designations require that continuing professional development/education be completed on an annual basis. Below is a summary of the courses/conferences that members of the RIAT have attended this past school year.  Line Robitaille – CPA, CA, CIA, Regional Internal Audit Manager o The Essentials of Risk-based Auditing (Margie Bastolla) – 7 hours o MK Insight (Melissa Dodge) – 4 hours o Internal Audit Conference (Ministry of Education) – 5 hours  SERM, IA Cyber Game, IT Outsourcing o OASBO Annual Conference – 4 hours o Best Practices in Information Systems (CPA) – 2 hours o Ethics for Auditors (CPA) – 4 hours o Excel: logic and lookups (CPA) – 3 hours  Gordon Champagne – CPA, CMA, Senior Internal Auditor o The Essentials of Risk-based Auditing (Margie Bastolla) – 7 hours o MK Insight (Melissa Dodge) – 4 hours o Internal Audit Conference (Ministry of Education) – 9 hours  SERM, IA Cyber Game, IT Outsourcing, Audit Manual o OASBO Annual Conference – 4 hours  Internet of Things, Premises/Occupiers Liability, Keynotes  Pasquale L’orfano – MA, Internal Auditor o The Essentials of Risk-based Auditing (Margie Bastolla) – 7 hours o MK Insight (Melissa Dodge) – 4 hours o Internal Audit Conference (Ministry of Education) – 9 hours  SERM, IA Cyber Game, IT Outsourcing, Audit Manual o Data Analysis for Internal Auditors (IIA) – 8 hours  Portia Marcaida – CPA, CGA, Internal Auditor o The Essentials of Risk-based Auditing (Margie Bastolla) – 7 hours o MK Insight (Melissa Dodge) – 4 hours o Internal Audit Conference (Ministry of Education) – 9 hours  SERM, IA Cyber Game, IT Outsourcing, Audit Manual o CIA Learning System Comprehensive Instructor-led Course (IIA) – 19 hours 613-722-0801 • 893 Admiral Avenue, Ottawa, ON K1Z 6L6 Regional Internal Audit Mandate PURPOSE AND DEFINITION The purpose of the regional internal audit team is to provide independent, objective assurance and consulting services designed to add value and improve the district school boards’ operations in t he Ontario East region. It helps the district school boards accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ROLE The regional internal audit activity is established by the Ministry of Education through the annual Grants for Student Needs funding. The oversight role of the Audit Committee of the Board of Trustees over the regional internal audit activity is established by Regulation 361/10. PROFESSIONALISM The regional internal audit activity will adhere to the Institute of Internal Auditors’ mandatory guidance including the Core Principles for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the regional internal audit activity’s performance. AUTHORITY The regional internal audit activity, with strict accountability for confidentiality and the safeguarding of records and information is authorized full, free and unrestricted access to any and all of the district school boards’ records, physical properties, and personnel pertinent to carrying out any engagement. All school board employees are requested to assist the regional internal audit team in fulfilling its responsibilities. The regional internal audit team will also have free and unrestricted access to school board leaders and to the Audit Committee of the Board of Trustees. Rev. Aug-2016 2 ORGANIZATION The internal audit function follows a regional model. The function consists of a Regional Internal Audit Manager responsible to district school boards in one of the eight regions in the province of Ontario as identified by the Ministry of Education. The Regional Internal Audit Manager will report functionally to their regional audit committees of the Boards of Trustees and administratively are supported by a host school board Senior Business Official. Every effort is made to adequately staff the internal audit function, within available financial resources, in order to perform its audit activities. Each Audit Committee of the Board of Trustees will for their Board:  Approve the regional internal audit mandate;  Recommend for approval the risk based internal audit plan;  Receive information from the Regional Internal Audit Manager about the internal audit activity performance to plan and other relevant matters;  Inquire of the Regional Internal Audit Manager and the Senior Business Official whether there are resource or scoping limitations; and  Review annually the performance of the regional internal audit activity and provide the Board of Trustees with their comments regarding the performance of the Regional Internal Audit Manager. The Regional Internal Audit Manager will interact directly with the Audit Committee of the Boa rd of Trustees, including in-camera sessions and between audit committee meetings as appropriate. INDEPENDENCE AND OBJECTIVITY The regional internal audit activity will remain free from interference by any element in the district school board including matters of audit selection, scope, procedures, frequency, timing or report content to permit maintenance of a necessary independent and objective mental attitude. Regional internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records or engage in any other activity that may impair judgment. Regional internal auditors will exhibit the highest standards of professional objectivity in gathering, evaluating and communicating information about the activity or process being examined. Auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments. The Regional Internal Audit Manager will confirm to the Audit Committee of the Board of Trustees, at least annually, the organizational independence of the internal audit activity. Rev. Aug-2016 3 RESPONSIBILITY The scope of work of the regional internal audit team encompasses but is not limited to:  Evaluating risk exposure relating to the achievement of the district school board’s strategic objectives;  Evaluating the reliability and integrity of information and the means used to identify measure, classify and report information;  Evaluating the systems which ensure compliance with policies, procedures, applicable laws and regulations which impact the district school board;  Evaluating whether resources are acquired economically, used efficiently, and are adequately protected;  Evaluating operations and processes to ascertain whether results are consistent with established objectives and whether processes are functioning as planned;  Performing consulting and advisory services or assessments of specific operations as requested by the Audit Committee of the Board of Trustees or district school board management as appropriate;  Evaluating the effectiveness of the district school board’s risk management and governance processes;  Reporting periodically on the regional internal audit performance against plans; and  Reporting significant risk exposures and control issues, including fraud risks, governance issues and other matters requested by the Audit Committee of the Board of Trustees. INTERNAL AUDIT PLAN Annually, the Regional Internal Audit Manager will submit to district school board management and to the Audit Committee of the Board of Trustees an internal audit plan for recommendation to their Board of Trustees for approval. If there are any resource limitations or interim changes, these will be communicated. The internal audit plan will be developed based on a prioritization of the internal audit universe using a risk based methodology which includes input of district school board management. The Regional Internal Audit Manager will review and adjust the plan as required in response to changes in the risk profile. Any significant deviation from the approved internal audit plan will be communicated through periodic status reports. The Regional Internal Audit Manager or any of his or her team may initiate and conduct any other audit or review deemed necessary for potential illegal acts, fraud, abuse, or misuse of funds. Reasonable notice shall be given to appropriate personnel of intent to audit in their areas except when conditions warrant an unannounced audit. Rev. Aug-2016 4 REPORTING AND MONITORING Opportunities for improving internal control may be identified during audits. A written report will be issued by the Regional Internal Audit Manager at the conclusion of each audit and will be distributed according to the school board’s requirements. (This could include the head of the audited activity or department, the director of education, the audit committee and the external auditor of the district school board.) Each report will describe opportunities to strengthen district school board risk, internal control and governance processes and conclude on the adequacy and effectiveness of the processes. The district school board management will provide action plans and timelines to address each opportunity (observation). The regional internal audit team is responsible to perform appropriate follow-up procedures to attest to the completion of action plans. Significant observations will remain in an open issue status until cleared. QUALITY ASSURANCE The regional internal audit team will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and conformance with the International Standards for the Professional Practice of Internal Auditing. The Regional Internal Audit Manager will communicate to district school board management and the Audit Committee of the Board of Trustees on the internal audit activity’s quality assurance and improvement program, including the results of ongoing internal assessments and external assessments conducted as appropriate, usually on a five year cycle. _________________________________ Regional Internal Audit Manager _________________________________ Audit Committee Chair _________________________________ Director of Education ___________________________ Dated Rev. Aug-2016 5 DEFINITION OF SELECTED TERMS Add Value Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure through both assurance and consulting services. Advisory/Consulting Services Advisory and related client service activities, the nature and scope of which are agreed to with the client and which are intended to add value and improve a school board’s governance, risk management and control processes without the regional internal auditor assuming management responsibility. Examples include counsel, advice, facilitation and training. Assurance An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Results can be relied upon for supporting informed decision making. Board of Trustees A legislative body that that has overall responsibility and accountability for the district school board. For purposes of this Mandate, this also includes committees that support the Board of Trustees including the audit committee. Compliance Conformity and adherence to policies, plans, procedures, laws, regulations, contracts or other requirements. Control Environment The attitude and actions of the Board of Trustees and district board management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: authority and responsibility. Control/Internal Controls Any action taken by district board management and other parties to enhance risk management and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. The system of management controls (business plans, capturing and analyzing data, performance reporting, code of conduct, etc.) that are implemented within a school board to ensure that assets (human, physical and information) are protected and to provide reasonable assurance that its objectives can be achieved. Rev. Aug-2016 6 Control Processes The policies, procedures and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. Fraud Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage. Governance The combination of processes and structures implemented by the Board of Trustees in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives. In-camera A separate discussion between members of the Audit Committee and the (insert title here) promoting open communication and discussion of any sensitive issues or problems. Independence The freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual auditor, engagement, functional and organizational levels. Objectivity An unbiased mental attitude that allows regional internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires regional internal auditors to not subordinate their judgment on audit matters to that of others. Risk Effect of uncertainty on objectives or outcomes. Risk Management A structured and disciplined approach aligning strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the risks an organization faces. Overall, it is about choices made under conditions of uncertainty, balanced by acceptable levels of risk. Audit Area Functional Area Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 1 Health and Safety Human Resources 2 Continuing Education Instruction and Schools 3 School Generated Funds/School Councils Business Services/Schools 4 Records and Information Management Corporate Services 5 Extended Day Program Instruction and Schools 6 Attendance Support Human Resources 7 Manage IT Security Information Technology 8 Procurement Review Business Services 9 Risk Assessment Update All Functional Areas 10 Hiring and Occasional Teachers Human Resources 11 Special Education Instruction and Schools Proposed audit timelines Follow-up on audit recommendations **Timelines subject to change MULTI-YEAR AUDIT PLAN FOR THE OTTAWA-CARLETON DISTRICT SCHOOL BOARD 09/2018-06/2019 09/2019-06/2020 Updated Aug-2018