Corporate Social Responsibility Final Audit Report

Vewyor - Legedi

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

4 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Sujets

EDC Internal Audit
Driving Excellence in EDC through Assurance and Advice

Corporate Social Responsibility
Final Audit Report
Report Nr. 5/08
August 29, 2008

Distribution:

To:
President & CEO
Senior Vice President, Corporate Secretariat & Legal Services
Senior Vice President, Human Resources
Senior Vice President, Financing Products Group
Senior Vice President and Chief Financial Officer, Finance
General Counsel and Senior Assistant Secretary, Legal Services
Vice President and Chief Economist
Vice President, Organizational Effectiveness
Viident & Corporate Controller
Chief CSR Advisor
Director, Political Risk Assessment
Manager, Learning and Development
Head, Corporate Responsibility
Team Leader, Environmental Advisory Services

CC:
Senior Vice President, Business Development
Senior Vice President, Insurance
Senior Vice President, Business Solutions & Technology
Vice President, Strategic Planning & Corporate Communications
Director, Planning & Government Relations
Principal, Office of the Auditor General

Audit Team: Vice President Internal Audit
J. King M. Ryan
A. Lowe
W. Schwarz
EDC Internal Audit August 29, 2008
Corporate Social Responsibility Audit Page 2 of 4
Report #5/08

Introduction

As per our FY2007 Audit Plan, EDC Internal Audit performed an audit of EDC’s Corporate Social
Responsibility (CSR) program.

CSR has been an operating principle at EDC for several years. In 2004 EDC’s coordinated CSR initiative,
consisting of policies, processes and practices, was first included in the Corporate Plan. The CSR initiative
at EDC is structured and depicted based on the concept of five pillars as follows; Business Ethics,
Environment, Transparency, Community Investment, Organizational Climate. Under the environment
pillar, the Environmental Review Directive (ERD) is a legislative requirement contained in the Export
Development Act and is required to be audited once every five years by the Office of the Auditor General
(OAG). The total dollar value of transactions subject to the ERD in 2007 was $1553.5 million.

A corporate reorganization occurred in 2008 to create the position of Chief CSR Advisor. In addition to
having overall responsibility for all CSR activities at EDC, the Chief CSR Advisor is also responsible for
EDC’s public positioning of CSR, via various international meetings and meetings with the academic and
NGO communities.
Audit Objective & Scope

The objective was to provide assurance with respect to compliance with CSR policies, practices, and
processes and to evaluate if past recommendations made by the OAG were considered and implemented
where appropriate.

IA audit methodology consisted of documentation review, interviews and testing. IA engaged an external
firm, Gartner Lee Limited, with CSR and environmental expertise to complete substantive testing of 45
transactions for the environmental component of this audit. IA performed substantive testing on an
additional 25 transactions. Audit fieldwork was completed during February to June 2008 and the period
under review for the transaction testing was March 2007 to March 2008.

Internal Audit Opinion

1 2In our opinion the CSR initiative within EDC is Well Controlled . No major control issues were found
during the audit work. Overall, IA found compliance with CSR policies, practices and processes.

The legislated ERD process is well documented and executed as designed by the Corporation, specifically
Environmental Advisory Services (EAS). EAS practices such as, requiring environmental impact assessments
to meet industry standards, inclusion of environmental covenants in loan documentation and retaining

1 Our standard audit opinions are as follows:
Strong Controls: Key controls are effectively designed and operating as intended. Best in class internal controls exist.
Objectives of the audited process are most likely to be achieved.
Well Controlled: Key controls are effectively designed and operating as intended. Objectives of the audited process are
likely to be achieved.
Opportunities Exist to Improve Controls: One or more key controls do not exist, are not designed properly or are not
operating as intended. Objectives of the process may not be achieved. The financial and/or reputation impact to the
audited process is more than inconsequential. Timely action is required.
Not Controlled: Multiple key controls do not exist, are not designed properly or are not operating as intended. Objectives
of the process are unlikely to be achieved. The financial and/or reputation impact to the audited process is material.
Action must follow immediately.

2 Our audit findings are ranked as follows:
Major - a key control does not exist, is poorly designed or is not operating as intended and the financial and/or
reputation risk is more than inconsequential. The process objective to which the control relates is unlikely to be
achieved. Corrective action is needed to ensure controls are cost effective and/or process objectives are achieved.
Moderate - a key control does not exist, is poorly designed or is not operating as intended and the financial and/or
reputation risk to the process is more than inconsequential. However, a compensating control exists. Corrective action is
needed to avoid sole reliance on compensating controls and/or ensure controls are cost effective.
Minor - a weakness in the design and/or operation of a non-key process control. Ability to achieve process objectives is
unlikely to be impacted. Corrective action is suggested to ensure controls are cost effective.
EDC Internal Audit August 29, 2008
Corporate Social Responsibility Audit Page 3 of 4
Report #5/08

external expertise when EAS does not have in-house experience with the environmental impacts of a
particular activity, strengthen the control environment in that area.

IA also found that management oversight and assignment of responsibility resulted in the consideration
and implementation of all of the CSR related recommendations that were made in the Export
Development Canada Special Examination Report (2004) and the OAG Audit of Environmental Review at
EDC (2004).

During the course of our audit work IA identified some findings that were considered moderate. These are
detailed below with the associated recommendations.

Audit Findings & Recommendations

As outlined in the previous section, no major control deficiencies were noted during the audit. The audit
findings discussed below have been rated as moderate. The audit findings and recommendations have
been agreed to by management and in most cases, corrective actions are already in progress.

1. Performance Metrics and Reporting

EDC’s 2007 CSR report included reporting on 14 performance measures. IA assessed seven of these
measures in order to determine if they were clearly defined, calculated accurately, and supported by
reliable data. The measures selected by IA for review were considered objective and important from a
risk perspective.

Performance measures are established as a practice in the first quarter of the new performance year. The
measures are established by the corporate ‘owner’ of the CSR practice in consultation with the CSR
Advisor. At that time, ‘owners’ ensure the measure is relevant, meaningful and measurable. Data is
collected at various points throughout the year to track performance. There were findings related to the
documentation of the process and the collection of supporting data for five of the seven measures. IA did
not find that there was any incorrect reporting of metrics in the CSR report however, design of key
processes could be improved to ensure that a formalized process is in place to collect the data and that
evidence is retained to support re-performance of the calculations. IA recommends strengthening controls
relating to the annual performance reporting overall and for the areas of training and the disclosure
process.

2. Risk Assessment Processes and Methodology
CSR risk assessment processes at EDC includes Environmental, Reputation and Human Rights. The most
established of these processes are the environmental risk reviews.
2.1 Environmental Risk Assessments
EDC’s Environmental Policy provides that EDC will apply environmental review processes to assess the
degree of environmental risk associated with a given transaction. The two types of environmental risk
reviews conducted by EAS are the Corporate Environmental Risk Reviews (CERR) and Environmental Risk
Reviews (ERR). The CERR process has been developed for the purpose of assessing environmental risks
associated with general and multi-purpose corporate credit facilities which are not subject to EDC’s
Environmental Review Directive (ERD). The ERR methodology is also designed to assess environmental risks
associated with a given transaction that falls within certain financial thresholds. All CERRs and ERRs use
the risk rating meth