A governance framework sets an organization’s strategic direction, and manages and oversees its activities or supports the organization’s strategic direction.
VAC has established a clear organizational structure which has been documented and is accessible to employees. The structure generally permits clear and effective lines of communication and reporting between management and staff.
VAC has documented values and ethics policies and guidelines. During interviews, when asked their opinion on values and ethics within the Department, staff often referred to the notion of Care, Compassion, and Respect which was a guiding principle of the Veterans 20/20 initiative and strategic plan.
With respect to performance measurement, the Policy on Results came into effect on July 1, 2016, during the conduct of the audit. The audit team observed that the Department was taking the steps necessary to meet the requirements of the new policy, including development of its first Departmental Results Framework (DRF), establishing the Performance Measurement and Evaluation Committee and developing Program Information Profiles.
Overall, the governance framework at VAC is adequate and functioning. However, the audit team identified opportunities for improvement as described below.
Senior Oversight Committees
Senior oversight committees comprise a group of executives who have been given authorities and responsibilities to manage the affairs of an organization. As noted above, the three main senior oversight committees included in this audit were the following:
- Senior Management Committee (SMC), chaired by the Deputy Minister, provides direction on the management of corporate and government priorities. It is responsible for ensuring timely management responses and information exchange.
- The Corporate Management Committee (CMC) is an oversight and decision-making body comprising Directors General and Directors from across the Department which facilitates engagement on corporate issues before being presented at SMC; and
- Director General Policy and Program Review Committee (DGPPRC) is a recommending body of Directors General or Directors representatives from each sector that reviews and recommends policy and program initiatives before being presented at SMC.
While observing meetings of the three committees, the audit team noted respectful discourse and debate between members during the meetings. There were tools in place to support effective meetings, such as agendas, attendance logs, records of decisions (RoD), and action items. Each of the committees had documented roles and responsibilities in their respective terms of reference (ToR). However, some ToR listed positions which no longer existed or position titles which had changed.
The audit team analyzed a sample of meeting agendas and records of decision from senior level management committees during fiscal year 2016-17 and assessed them against their ToR. All decisions which the audit team reviewed were within the committees’ mandate and were recorded in the meetings’ records of decisions (RoD). None of the committees’ ToR stated whether decisions were by consensus, majority vote, or if decisions were made by the chair alone. When agenda items involved decision making, the audit team found no documented decision-making process for the senior management committees. The lack of a documented and communicated decision-making process could lead to confusion as to when a decision has been made.
Each of the ToR for the three main senior management committees describes when submissions must be received to be presented at upcoming committee meetings. In general, Senior Management Committee members receive meeting documentation within two days, which aligns with the committee’s ToR. However, CMC and DGPPRC members rarely receive documentation one week in advance as required by their ToR. Typically, documentation for those committees is received only one or two days in advance. If documents are not received within sufficient time prior to meetings, there is less time to review the material, consult internally with subordinates, and provide valuable feedback that would inform decisions.
The review of a sample of meeting agendas and records of decision from senior level management committees during fiscal year 2016-17 revealed that, while SMC was well attended by executive staff, both CMC and DGPPRC meetings averaged 39% delegated participants for the sampled meetings.
The team also noted that for the meetings analyzed, 67% of items presented at SMC, CMC, and DGPPRC meetings were for information purposes as opposed to consultation or discussion purposes. In addition, meeting agendas often resulted from requests to present to the committee rather than the committee determining what information it needed to conduct its business or fulfill its mandate.
While the three major senior oversight committees meet regularly and create opportunities for information-sharing across branches, there are opportunities to strengthen their oversight role in support of the achievement of VAC’s strategic and operational objectives.
Recommendation 1
It is recommended the Assistant Deputy Minister, Strategic Oversight and Communications coordinate the reviews of the terms of reference of key senior management committees and institute a process of regular committee review and planning in relation to Departmental strategic and operational objectives. (Essential)
Management Response and Action Plan:
The Assistant Deputy Minister, Strategic Oversight and Communications (SOC), in collaboration with Assistant Deputy Ministers of other branches and the Associate Deputy Minister, will review the terms of reference of key senior management committees (SMS, CMC and DGPPRC) every two years.
A process for biennial committee review and planning will be established to ensure they continue to serve the Department’s strategic and operational objectives.
Completion Date: April 2018
Risk Management
Risk management involves the identification, assessment, and prioritization of risks followed by an application of resources to mitigate the impact of negative events and to maximize possible opportunities. Risk management’s objective is to ensure that uncertainty does not hinder an organization from reaching its goals.
The 2017-18 Departmental Plan lists the following key risks facing the Department:
- Any delays in achieving the required staffing levels may delay implementation of some Departmental commitments.
- Despite the broad range of Veterans’ programs and services available, some CAF members may not transition successfully from military to civilian life; and
- The Department may have difficulty addressing the volume of commitments made to Veterans in a timely manner.
The Plan also highlights the steps taken to mitigate these high-level risks.
As articulated in the VAC’s Integrated Risk Management Policy and Framework (2012), the “ADM, Human Resources and Corporate Services, supported by the Integrated Corporate Management Division, is accountable to the Chief Risk Officer, for the strategic direction and oversight of Corporate Risk activities.”Footnote 4 The Framework also establishes the Integrated Corporate Management Division as responsible for the Corporate Risk Profile (CRP). Recently, this section has transferred to a new branch and accountability for the role of CRO has become unclear.
In 2015, the CRP was discontinued and replaced with the Integrated Business Planning (IBP) process and document in which each division identifies risks. The risk information captured in divisional IBPs is generally for the provision of annual requests for additional funding by program areas in an effort to reduce risks of unfavourable events and/or the risk of missed opportunities to improve service to Veterans and their families. As the IBP process lacks a documented roll-up of risk areas to align them with horizontal strategic risks and does not include a mechanism for ongoing monitoring and reporting, it has not reached a level of maturity enabling officials to determine the effectiveness of risk management at a Departmental level.
The audit team also found that 24.2% of all respondents to the survey conducted during the audit somewhat or strongly agree that risk management is well documented, 22.5% somewhat or strongly agree that risk management is well communicated, and 25.0% somewhat or strongly agree that risk management is well understood. When focusing only on respondents at the manager level and above, the results remain similar (23.1%, 23.1%, and 24.5% respectively). During interviews with VAC management, a common comment was made that VAC is risk averse. 7 of 14 executives stated that VAC was risk averse and 5 of 14 executives indicated VAC did not put enough effort into risk management. These results further support the need for more explicit documentation and discussions around risk.
While certain areas (e.g. Contract Review Board, Departmental Project Management Committee) within VAC have implemented risk management processes and strategies aimed at mitigating operational risks, there is a lack of an up-to-date documented departmental approach to risk identification, assessment, prioritization, and management.
Recommendation 2
It is recommended the Assistant Deputy Minister, Strategic Oversight and Communications in collaboration with the Assistant Deputy Minister, Chief Financial Officer and Corporate Services, coordinate the development and implementation of a documented approach to risk management which includes clear responsibility for risk, regular monitoring, and reporting to senior management on key risks. (Critical)
Management Response
The ADM, Strategic Oversight and Communications, will review and revise VAC’s 2013 Integrated Risk Management Policy and Framework to establish clear responsibility for risk across the Department and outline monitoring and reporting routines.
The framework will be in place by June 2018 and will help inform the inclusion of risk information within 2018-19 Integrated Business Plans, as well as corporate reports going forward (Strategic Plan, Departmental Plan, and Departmental Results Report).
Completion date: June 2018
Departmental Integration and Communication
For control to be effective, an organization needs to have processes capable of supporting two-way, open communication of timely, relevant and reliable information.Footnote 5 By ensuring all employees are aware of strategic and operational priorities, risks, planned changes, and their role in achieving them (including the extent to which they have been achieved), employees have opportunities to have a voice in strategy, risk discussions, and change initiatives.Footnote 6
According to the survey developed by the audit team, 96.1% of management somewhat or strongly agree that there is clear and effective communication with their employees; however considerably fewer (70.2%) non-managers share that view. The NECFootnote 7 Pulse Survey (Autumn 2016) also highlighted the importance of communication as it was a key theme of the responses received from staff. Staff responded that the preferred method of receiving information was directly from their immediate supervisor. The release of information via mass departmental email from varied sources depending on the topic can cause confusion amongst staff. Middle managers play a key role in assisting staff to filter and weigh the importance and relevance of each piece of information sent to them. New processes have been developed in response to these concerns, however, the current tools, guidance, and sequencing of information for front-line staff are not always adequate to enable front-line staff to respond to inquiries or explain the changes to Veterans.
Due to Departmental mandate commitments and government priorities, it can be difficult for staff to match the pace and magnitude of change. As shown in previous Public Service Employee Surveys (2008, 2011 and 2014), there is a substantial percentage of employees (41%, 49% and 50%, respectively) at VAC who feel that their quality of work suffers because of constantly changing priorities and because of a lack of stability in the Department.
During interviews with staff, it was routinely stated that there are limited processes in place for VAC staff to inform senior management of significant issues on a regular basis. Committees and venues exist at upper management levels (such as CMC and DGPPRC) and within branch structures to share information regarding important matters such as policy changes or program re-design. However, integration and coordination of information across branches and below management levels remains a key concern raised by employees. A well-constructed framework for Departmental integration would provide a structured approach for supporting staff to participate in change and effectively support implementation.
Recommendation 3
It is recommended the Assistant Deputy Minister, Strategic Oversight and Communications, establish an approach/framework to improve organizational integration and communication. (Essential)
Management Response
The Communications Division will work collaboratively with the Strategic Planning, Results & Cabinet Business Division to develop clear messages to staff, and for managers to use with staff, on departmental priorities.
The Communications Division will ensure that briefings to managers and front-line staff for major announcements or changes are incorporated into communications planning and are led by the subject matter experts.
Completion Date: October 2017 and ongoing
Transparency and Accountability
In the Government of Canada, departments must ensure that decisions and decision-making processes are documented to account for and support the continuity of departmental operations, permit the reconstruction of the evolution of policies and programs, and allow for independent evaluation, audit, and review. The directorate responsible for information management within VAC has provided training and communicated the importance of information management on a number of occasions.
In terms of the transparency of communications for high-level meetings, minutes for senior management committees are recorded and available to all staff on the intranet. Although their ToR didn’t establish this requirement, the RoD for SMC were posted on VAC’s intranet site and were generally available to all staff within two months of the meeting date, which is a good practice that supports internal communication and transparency. The RoD for CMC and DGPPRC were previously posted but had not been published on the intranet for more than 15 months.
In terms of the availability of information, there is a risk that strategic decisions are not being documented and stored properly. The TBS “Information Management Protocol - Instant Messaging Using a Mobile Device Guidance for Employees,” requires that, when information of business value is transmitted via a mobile device, the information should be documented in another format (e.g., an email message or a Word document) and must be stored and retained in an official corporate repository. The survey prepared for the audit indicates that not all BlackBerry users consistently documented strategic decisions made using the pin-to-pinFootnote 8 or phoneFootnote 9 functions on the device.
The “Directive on Information Management Roles and Responsibilities” assigns senior managers the responsibility of managing information as an integral part of their program and service delivery and as a strategic business resource. The 2016 Spring Reports of the Auditor General of Canada – Report 4 – Drug Benefits – Veterans Affairs Canada identified situations when VAC “did not document the direction it provided to Medavie regarding (…).” The OAG also “reviewed 32 Committee decisions and found that for 17 of them, the Department could not provide evidence that it had appropriately considered (…).” In addition, each morning certain senior managers attend Daily Ops meetings to discuss the issues affecting the Department. Interviews with attendees indicated that strategic discussions are taking place and direction is being provided, but records of discussion or decision are not being kept.
Regardless of the type of decision made or the medium used, under-documentation of management decisions increases the risk of non-compliance with TBS direction in relation to information management and record-keeping. The lack of rigour and discipline in documenting strategic decisions increases the risk that information may be lost without a means of recovery. In addition, this may devalue the federal government’s commitment to transparency in government.
Recommendation 4
It is recommended the Assistant Deputy Minister, Chief Financial Officer and Corporate Services, ensure senior managers are regularly made aware of their responsibilities for documenting decisions of business value in the appropriate corporate repository. (Essential)
Management Response:
The Chief Financial Officer and Corporate Services Branch will provide ongoing training and awareness to senior management on information management responsibilities, including where to save information of business value.
Completion date: December 2017 and annually thereafter
3.1 Audit Opinion
The audit team determined the governance framework at VAC to be adequate and functioning. Strategic oversight, the organizational structure, and values and ethics support governance processes. The audit team identified opportunities to improve governance at VAC in the areas of risk management, documentation of strategic decisions, integration, and oversight committees.
Overall, the audit team determined the oversight and strategic direction functions relating to governance at Veterans Affairs Canada “Requires Improvement.”