Item - 2021.AU10.3

Tracking Status

  • City Council adopted this item on November 9, 2021 with amendments.
  • This item was considered by Audit Committee on November 2, 2021 and was adopted with amendments. It will be considered by City Council on November 9, 2021.

AU10.3 - Auditor General's Office 2022 Work Plan

Decision Type:
ACTION
Status:
Amended
Wards:
All

City Council Decision

City Council on November 9, 10 and 12, 2021, adopted the following:

 

1.  City Council receive the Auditor General's 2022 Work Plan, as outlined in the report (October 19, 2021) from the Auditor General, for information.

 

2.  City Council request the Auditor General to consider adding an assessment of Toronto Hydro cybersecurity or any other operating technology in any City division, agency or corporation to the Auditor General's 2022 Work Plan.

 

3.  City Council request the Auditor General to consider adding, as part of the Auditor General's 2022 Work Plan, an audit of contract awards and commitments that are at, or near, the $500,000 spending authority limits delegated to the City Manager and/or Division Heads.

 

4.  In order to support the Auditor General's 2022 Work Plan, City Council authorize the Auditor General to negotiate and enter into any necessary non-competitive agreements, including those with a value exceeding $500,000 for which City Council approval would normally be required under City of Toronto Municipal Code Chapter 195, Purchasing, with MNP LLP, the current third party technical professional services firm retained through a competitive process, to perform critical system cybersecurity reviews with the Auditor General, as long as the Auditor General remains within the approved budget.

Background Information (Committee)

(November 1, 2021) Revised report from the Auditor General on Auditor General's Office 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172597.pdf
(October 19, 2021) Report from the Auditor General on Auditor General's Office 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172206.pdf
Attachment 1 - Reports Issued from 2016 to 2021
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172207.pdf
Attachment 2 - Risk Factors Criteria Used in City-Wide Risk Assessment
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172208.pdf
Attachment 3 - Backlog of Audit Projects
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172209.pdf
(October 26, 2020) Attachment 4 - Toronto Public Library Board Approval of Auditor General's Proposed Audit Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172210.pdf
(November 10, 2020) Attachment 5 - Auditor General's Proposed Audit Plan Approved by the Toronto Police Services Board
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172211.pdf
(November 2, 2021) Presentation from the Auditor General on Auditor General's 2022 Operating Budget and 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172619.pdf

Motions (City Council)

1 - Motion to Amend Item (Additional) moved by Councillor Stephen Holyday (Carried)

That:

 

1. In order to support the Auditor General's 2022 Work Plan, City Council authorize the Auditor General to negotiate and enter into any necessary non-competitive agreements, including those with a value exceeding $500,000 for which City Council approval would normally be required under City of Toronto Municipal Code Chapter 195, Purchasing, with MNP LLP, the current third party technical professional services firm retained through a competitive process, to perform critical system cybersecurity reviews with the Auditor General, as long as the Auditor General remains within the approved budget.


2 - Motion to Amend Item (Additional) moved by Councillor John Filion (Carried)

That City Council request the Auditor General to consider adding as part of the Auditor General's 2022 Work Plan, an audit of contract awards and commitments that are at or near the $500,000 spending authority limits delegated to the City Manager and / or Division Heads.


Motion to Adopt Item as Amended (Carried)

AU10.3 - Auditor General's Office 2022 Work Plan

Decision Type:
ACTION
Status:
Amended
Wards:
All

Committee Recommendations

The Audit Committee recommends that:

 

1.  City Council receive the Auditor General's 2022 Work Plan, as outlined in the report (October 19, 2021) from the Auditor General, for information.

 

2.  City Council request the Auditor General to consider adding an assessment of Toronto Hydro cybersecurity or any other operating technology in any City division, agency or corporation to the Auditor General's 2022 Work Plan.

Decision Advice and Other Information

The Audit Committee considered Items AU10.2 and AU10.3 together.

 

The Auditor General gave a presentation on Auditor General's 2022 Operating Budget and 2022 Work Plan.

Origin

(November 1, 2021) Report from the Auditor General

Summary

The purpose of this report is to provide City Council with an overview of the work the Auditor General plans to conduct in 2022. Audit projects included in the Annual Work Plan are identified through a risk assessment process conducted periodically, a review of emerging issues, and an analysis of trends in allegations made to the Fraud and Waste Hotline. The Auditor General also considers the views and experience of City Councillors and City management. The Auditor General may amend the Annual Work Plan if new priorities arise.

 

The Auditor General's 2022 Budget Request is being presented to the Audit Committee at the same meeting as this 2022 Work Plan. The Auditor General is asking for Council's continued support by restoring her office budget to pre-pandemic levels to help address critical emerging issues and an expanded mandate.

 

The Auditor General's budget request reflects funding needed to help address the following:

 

1.  Responding to an expanded mandate and inflow of requests for audits;

 

2.  Providing valuable independent oversight of critical systems to ensure the City is well-positioned to detect, mitigate, and respond to IT and cybersecurity risks;

 

3.  Conducting investigations on serious, time-sensitive issues; and

 

4.  Undertaking the City-wide COVID-19 Continuous Improvement Audit.

 

In light of audit requests from the Toronto Police Services and Toronto Public Library Boards, both of which are restricted boards, an influx of City Council requests for specific audits, and the need to address emerging risks including cyber security, the Auditor General must prioritize the projects she can carry out now (Table 1), versus those that need to be delayed into future years. Projects that can only be considered if additional budget funding is received are included in Table 2. The Auditor General has explained the implications of these additional demands through her 2022 Operating Budget, which is also being tabled at the same Audit Committee. Both reports should be considered together.

 

Where Council requests an audit, the Auditor General considers potential risks to the City before deciding whether it can be prioritized over another project on her Work Plan. However, completing requests in a timely manner is not always feasible with her limited staff resources, so work is prioritized. The Auditor General was able to incorporate some important City Council requests into her 2022 Work Plan, including: cybersecurity critical system reviews, Toronto Police audits and an audit of affordable rental replacement units.

 

The Work Plan includes projects that have been identified through the risk and opportunities assessment. The projects are organized as follows:

 

- projects currently in progress or soon to be initiated (Table 1);

 

- projects that can be added to our 2022 Work Plan if Council approves our budget request to restore to 2020 budget level (Table 2);

 

- projects on the horizon for 2022-2023 (Table 3); and

 

- backlog list of projects that we would like to complete over the longer term (Attachment 3).

Background Information

(November 1, 2021) Revised report from the Auditor General on Auditor General's Office 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172597.pdf
(October 19, 2021) Report from the Auditor General on Auditor General's Office 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172206.pdf
Attachment 1 - Reports Issued from 2016 to 2021
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172207.pdf
Attachment 2 - Risk Factors Criteria Used in City-Wide Risk Assessment
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172208.pdf
Attachment 3 - Backlog of Audit Projects
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172209.pdf
(October 26, 2020) Attachment 4 - Toronto Public Library Board Approval of Auditor General's Proposed Audit Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172210.pdf
(November 10, 2020) Attachment 5 - Auditor General's Proposed Audit Plan Approved by the Toronto Police Services Board
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172211.pdf
(November 2, 2021) Presentation from the Auditor General on Auditor General's 2022 Operating Budget and 2022 Work Plan
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172619.pdf

Speakers

Councillor Paul Ainslie

Motions

1 - Motion to Adopt Item moved by Councillor Frances Nunziata (Carried)

2 - Motion to Reconsider Item moved by Councillor Stephen Holyday (Carried)

That in accordance with the provisions of Chapter 27, Council Procedures, the Audit Committee reconsider Item AU10.3.


3 - Motion to Amend Item (Additional) moved by Councillor Stephen Holyday (Carried)

That:

 

1.  City Council request the Auditor General to consider adding an assessment of Toronto Hydro cybersecurity or any other operating technology in any City division, agency or corporation to the Auditor General's 2022 Work Plan.


Motion to Adopt Item as Amended moved by Councillor Stephen Holyday (Carried)
Source: Toronto City Clerk at www.toronto.ca/council