ARCHIVED - Audit of the Business Continuity Planning (BCP) Program
This page has been archived
Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
The Canadian Food Inspection Agency's (CFIA) internal audit function provides the President, senior officials and agency managers with an independent capability to perform audits of the resources, systems, processes, structures and operational tasks of the CFIA. It helps the CFIA accomplish its objectives by bringing a systematic, disciplined approach to assessing and improving the effectiveness of risk management, control and governance processes.
The internal audit function is accountable to the CFIA's Audit Committee, of which the President is a member. All internal audit findings and recommendations must be reported to the Audit Committee, and all audits must be carried out in accordance with federal policy and legislative requirements, including the 2012 Policy on Internal Audit and the 2006 Federal Accountability Act.
CFIA internal audit projects are selected based on highest significance during an annual agency planning process, which are then reflected in the Agency's Audit Plan for review by Audit Committee and approval of the President.
The objective of this audit was to assess the CFIA's compliance with Treasury Board's Operational Security Standard - Business Continuity Planning (OSSBCP) program. The scope of the audit covered review of Agency policies, procedures, and activities related to the Business Continuity Plan program and included an examination of the key elements of the BCP Program.
The audit concluded that the BCP program at the CFIA, in its current state, is not compliant with Treasury Board's OSSBCP. However, the audit also noted that the Agency is aware of the program's current state of compliance with Treasury Board requirements and has already commenced actions to address the compliance gaps.
The audit found that:
- The BCP activities and its working groups had generally been inactive for some time.
- Plans were generally incomplete and outdated and some lacked key information.
- Information Management and Information Technology Branch continuity issues were not integrated with the Agency's business continuity plans and arrangements.
Management accepted the conclusions of the audit and has already taken action to respond to the audit's recommendation.
- Date modified: