Language selection

Search

Archived - Audit of the Project Management of the Food Safety Action Plan

This page has been archived

Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

March 2012

Table of Contents

1.0 Executive Summary

1.1 Introduction

On December 17, 2007 the Prime Minister announced the Food and Consumer Safety Action Plan (FCSAP). The Plan introduced new measures on food and product safety to ensure that Canadians have confidence in the quality and safety of what they buy. The FCSAP is a horizontal initiative aimed at modernizing and strengthening Canada's safety system for food, health and consumer products.

The FCSAP is an integrated, risk-based action plan built on the three pillars of active prevention, targeted oversight, and rapid response. It is a joint federal initiative with Health Canada (HC), the Public Health Agency of Canada (PHAC) and the Canadian Institutes of Health Research (CIHR).

The Canadian Food Inspection Agency (CFIA) is the lead federal government organization responsible for delivering on the Government's commitments to enhance food safety. The food portion of the FCSAP was developed jointly by the CFIA, Health Canada and the PHAC.

The Food Safety Action Plan (FSAP) is a five-year (2008-2013) project for the CFIA and it is a major component of the Government of Canada's broader FCSAP. Initiatives under the CFIA's FSAP aim to enhance oversight of imported and domestic food products. They will allow the CFIA to respond more quickly and effectively to food safety threats, while also being able to identify potential risks sooner and with more precision.

Total funding for the CFIA FSAP project is $223.4M over five years (2008-2013). The CFIA is in year four (fiscal year (FY) 2011-12) of implementing the FSAP with a $52.4M budget.

Commencing April 2010, there was a shifting emphasis within the Agency towards a more focused approach on how projects are to be managed. In particular, there was greater engagement by Senior Management and the formal roll-out of an Agency Enterprise Project Management Office (ePMO) providing tools, templates and training on various aspects of Project Management to Agency personnel.

This audit was approved in the Internal Audit Directorate's 2011-12 to 2013-14 Risk-Based Audit Plan.

1.2 Audit Objective

The objective of this audit was to provide assurance that the project management framework used in the design and implementation of the Food Safety Action Plan was in accordance with accepted standards.

1.3 Audit Scope

The scope of the audit was the FSAP five-year project (2008-2013). The audit period initially covered was from April 2008 to December 2010.

Upon the recommendation of the CFIA Audit Committee, the period of the audit was extended to October 2011. This was to allow the Project Management Office an opportunity to implement recently adopted Agency project management practices and to enable a review of the FSAP Transition Plan.

1.4 Main Findings and Recommendations

The Agency has made progress to enhance the overall project management framework for the management of FSAP. Taking into consideration that the FSAP initiative is now in its fourth year, the audit placed particular emphasis on information that could be applied to future initiatives of this type.

Governance

Finding 1.1: There is a clearly defined and active governance structure in place to provide overall direction, decision making and resource commitment to the FSAP project.

Risk Management

Finding 2.1: Significant progress has been made in the development of a rigorous risk management approach but there remains some opportunity for enhancement.

Internal Control

Finding 3.1: A formal project management methodology is in place but the FSAP integrated project plan is still undergoing refinements.

Finding 3.2: Regular reporting and monitoring of FSAP key indicators and high-level financial results is in place; however, there was no formal monitoring of FSAP deliverables and activity results.

Finding 3.3: Initial planning is underway for the management of ongoing Agency funding of $54.9M.

Recommendation: The VP of the Policy and Programs Branch should ensure that a detailed Transition Plan is developed, documented and implemented.

1.5 Statement of Assurance

In my professional judgment as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The opinion is applicable only to the entities examined and within the scope described herein.

1.6 Audit OpinionFootnote 1

In my opinion, the Project Management of the Food Safety Action Plan has an adequate governance structure in place but there are opportunities for improvement related to internal control and risk management processes.

Brian Smith
A/Chief Audit Executive, CFIA

2.0 About the Audit

2.1 Background

On December 17, 2007 the Prime Minister announced the Food and Consumer Safety Action Plan (FCSAP). The Plan introduced new measures on food and product safety to ensure that Canadians have confidence in the quality and safety of what they buy. The FCSAP is a horizontal initiative aimed at modernizing and strengthening Canada's safety system for food, health and consumer products.

The FCSAP is an integrated, risk-based action plan built on three pillars: active prevention; targeted oversight; and rapid response. It is a joint federal initiative with Health Canada (HC), the Public Health Agency of Canada (PHAC) and the Canadian Institutes of Health Research (CIHR).

The Canadian Food Inspection Agency (CFIA) is the lead federal government organization responsible for delivering on the Government's commitments to enhance food safety. The food portion of the FCSAP was developed jointly by the CFIA, Health Canada and the PHAC.

The Food Safety Action Plan (FSAP) is a five-year (2008-2013) project for the CFIA. It is a major component of the Government of Canada's broader Food and Consumer Safety Action Plan. Initiatives under CFIA's FSAP aim to enhance oversight of imported and domestic food products. This will allow the CFIA to respond more quickly and effectively to food safety threats, while also being able to identify potential risks sooner and with more precision.

Total funding for the CFIA FSAP project is $223.4M over five years (2008-2013). The CFIA is in year four (fiscal year (FY) 2011-12) of implementing the FSAP with a $52.4M budget.

Food Safety Action Plan (FSAP)
CFIA Resources Year 1
2008-09
Year 2
2009-10
Year 3
2010-11
Year 4
2011-12
Year 5
2012-13
Ongoing Total $
(Y1-Y5)
FTEs 119.0 185.0 241.0 262.0 290.0 289.0
$M $22.9 $39.3 $52.4 $52.4 $56.4 $54.9 $223.4

CFIA's objectives of the FSAP are to:

Under FCSAP, thirteen interdependent areas of activity have been identified specifically for CFIA's action:

2.2 Objective

The objective of this audit was to provide assurance that the project management framework used in the design and implementation of the Food Safety Action Plan was in accordance with accepted standards.

2.3 Scope

The scope of the audit was the FSAP five-year project (2008-2013). The audit period initially covered was from April 2008 to December 2010.

Upon the recommendation of the CFIA Audit Committee, the period of the audit was extended to October 2011. This was to allow the Project Management Office an opportunity to implement recently adopted Agency project management practices and to enable a review of the FSAP Transition Plan.

2.4 Methodology

Audit criteria identify the standards against which an assessment is made, clarify the audit objectives, and form a basis for the work plan and conduct of the audit. The audit criteria are specific to the audit objective and scope of this project. For each of the criteria, the relationship to governance, control or risk management or a combination of the three has been identified. Detailed sub-criteria can be found in Appendix A.

Audit criteria for this audit were developed based upon a number of authoritative sources. These included the Office of the Comptroller General's Draft Core Management Controls, professional associations' standards, generally recognized industry norms and accepted good practices. In particular, with the audit emphasis on project management, additional sources of criteria for this audit included the following:

Audit criteria for the audit objective were as follows:

Governance

Risk Management

Controls

The following audit approaches were applied during the conduct of the audit to ensure the collection of appropriate audit evidence:

Audit planning was initiated in June 2010. Audit fieldwork began in September 2010 and was restarted in September 2011 with fieldwork ending in October 2011.

3.0 Findings and Recommendations

3.1 Introduction and Context

The FSAP initiative is currently in its fourth year. While there has been much progress to enhance the overall project management framework being employed, we found that some components could not be fully implemented as intended and need more time to mature.

Commencing April 2010, there was a shifting emphasis within the Agency towards a more focused approach on how projects are to be managed. In particular, there was greater engagement by Senior Management on the status, success and progress of large Agency initiatives, such as FSAP. This led to the formal roll-out of an Agency Enterprise Project Management Office (ePMO), which provides tools and templates as well as training on various aspects of Project Management to Agency personnel.

Taking into consideration that the FSAP initiative is now in year four of five, the audit placed particular emphasis on information that could be applied to future initiatives of this type.

3.2 Governance

Finding 1.1: Governance

There is a clearly defined and active governance structure in place to provide overall direction, decision making and resource commitment to the FSAP project.

We expected to find an established project governance structure working effectively to provide overall direction, decision making and resource commitment to the FSAP Project.

The initial governance structure was enhanced commencing September 2010 with the PMO reorganized under an Associate Vice-President. The FSAP governance structure now has three (3) governance committees: FSAP Senior Project Advisory Committee (SPAC), FSAP Steering Committee (SC), and FSAP Management Committee (MC). The revised governance structure has formalized roles and responsibilities for each committee. In addition, weekly updates to senior management have begun and a deliverable dashboard has been implemented.

Based on a sample review of Records of Decisions from the three FSAP governance committees, the committees are meeting on a monthly basis, have the appropriate levels represented at the meetings and are addressing main FSAP components (e.g., issues, risks, and changes).

3.3 Risk Management

Finding 2.1: Risk Management

Significant progress has been made in the development of a rigorous risk management approach but there remains some opportunity for enhancement.

We expected to find a documented risk management process being employed to identify, assess and respond to risk.

As part of the enhanced governance structure, a Project Manager responsible for risk identification and risk management was identified. In addition, a consulting firm was engaged to conduct an assessment of risks to the project and establish a comprehensive baseline risk register for ongoing use. Risks began to be formally tracked in March 2011.

A random sample of identified risks was conducted to determine if risks were being identified in a consistent way and discussed/actioned at the appropriate governance level. We found that risks are being tracked, documented, discussed and actioned at the appropriate governance levels. Further refinement was made to the risk management process through the definition and documentation of formal risk management documents including process flowcharts, risk management procedures and defining roles.

Nevertheless, the methodology used to define risks may be further improved to support a consistent and comprehensive approach; for example, criteria for how probability and impact levels are measured and assigned (high, medium and low) were not included in the description, risk assessment procedures do not take into consideration external and internal factors, and the project risk types are defined against project scope, cost or schedule but do not provide definitions. The documentation for the mitigation strategies could also be amplified.

3.4 Internal Control

Finding 3.1: Project Management Methodology

A formal project management methodology is in place but the FSAP integrated project plan is still undergoing refinements.

We expected to find that a FSAP PMO would be established with project management expertise, tools and processes to guide the project delivery. This includes reporting of activities against an integrated project plan along with key tasks, milestones, deliverables and completion rate identified.

Progress has been made in the development of a project plan for FSAP. In conjunction with the Agency-wide roll-out and adoption of an Enterprise Project Management Office (ePMO) methodology in 2010, the FSAP PMO implemented ePMO templates in Year 3. A FSAP project scope document has since been prepared and a detailed Integrated Project Plan with a defined work breakdown structure, identifying milestones, deliverables and dependencies was still under development at the time of undertaking the audit. The FSAP PMO has now formally documented the core project management processes such as Issues Management, Risk Management, and Change Management.

Roles and responsibilities for FSAP PMO staff were drafted, documented and communicated. Staff received training from the ePMO on core project management principles, processes, tools, techniques and templates. In addition, the FSAP PMO is supplementing these resources with staff that have knowledge of branch activities to assist with overall FSAP integration and planning. Staffing remains a challenge for the FSAP PMO.

Finding 3.2: Reporting and Monitoring

Regular reporting and monitoring of FSAP key indicators and high-level financial results is in place; however, there was no formal monitoring of FSAP deliverables and activity results.

We expected to find the reporting of FSAP activities would include regular status reports and results in order to guide the delivery of the project and to provide the Agency with a clear understanding of the results and achievements of the FSAP activities.

We found that in the first three years of the project, annual reports highlighting the overall achievements of the initiative were produced. With the exception of these reports, status updates and ongoing monitoring of FSAP activities were limited and as such we were not able to conduct a review of the financial data for this period of time. As there was not an overall Integrated Project Plan guiding the project, reporting on the FSAP areas of activity was inconsistent in its level of detail and tracking results was difficult.

There were independent reviews conducted surrounding the IM/IT activity (one of the thirteen activities) of the project in Years 2 and 3 of the initiative. This resulted in increased attention to the FSAP activities and actions were taken to strengthen the overall project management framework including the formalization of core project management processes, and clarifying and defining resource requirements.

Regular monthly dashboard reports are completed and are provided for information at governance committee meetings. The dashboards are completed by area of activity and provide high level project information as well as status indicators on overall project health, scope, cost, schedule, risks and issues. Formal monitoring of the financial variances between the forecasted amounts and the budgeted amounts has also begun. The FSAP PMO is completing its first detailed analysis between the Branch work-plans and the actuals being reported.

However, at the time of our audit, reports did not permit variance analysis between monthly actual and budgeted amounts. Additionally, detailed reports further broken down by deliverable are not able to be produced by the financial system. Management has since indicated that regular activity reporting is underway.

Finding 3.3: Transition Plan

Initial planning is underway for the management of ongoing Agency funding of $54.9M.

We expected to find a Transition Plan covering the wind-down activities of the FSAP PMO and plans for the ongoing activities of FSAP for the future. A Transition Plan identifies the remaining work to be completed as well as resources required to complete the work with clearly defined roles and responsibilities.

We found that the FSAP transition activities are in the initial planning stages with limited documentation available at this time concerning the ongoing management of the $54.9M allocated for FY 2012-13. It is understood that as a direct output from the Program Design activity there will be identification of resources and accountabilities for ongoing FSAP activity (e.g., budget allocation, and number of FTEs).

In recognition of the ongoing activity that will be conducted after Year 5 of the FSAP initiative, the FSAP PMO has identified a transition lead tasked with developing the overall Transition Plan. At the time of our audit an outline for a detailed Transition Plan had been developed.

Recommendation:

The VP of the Policy and Programs Branch should ensure that a detailed Transition Plan is developed, documented and implemented.

Appendix A: Audit Criteria

Governance

Risk Management

Internal Control

Date modified: