Internal Audit of Corporate Governance

June 2019

Contents

  1. Executive Summary
  2. Background
  3. Audit Objective, Scope, Risks, and Methodology
  4. Observations, Recommendations, and Management Action Plan
  5. Appendix
  6. Glossary

Executive Summary

1.1 Audit Objective

The objective of the audit was to provide assurance that CIHR's corporate governance activities were operating effectively and providing a strategic direction and oversight function for the organization. The objectives and lines of inquiry are drawn from the Institute of Internal Auditors' guidance on governance in the public sectorFootnote 1 and an assessment of risks and concerns regarding governance as highlighted by CIHR's senior management.

1.2 Audit Scope

The audit assessed three lines of inquiry related to CIHR's corporate governance:

1.3 Findings

The following aspects of corporate governance require Governing Council and management's attention. These are presented along with the proposed actions to be taken by management to address the risks. The detailed observations, recommendations, and action plans are discussed in the report that follows this executive summary.

1.4 Overall Audit Opinion

CIHR has established a functioning system of governance in accordance with the terms of the CIHR Act, featuring a formally defined and documented hierarchal committee structure, supplemented by a variety of support mechanisms. However, the roles and responsibilities defined in this structure require clarification. The fundamental nature of its committees – as well as the interactions among those committees – must be clarified by Governing Council and the Executive Management Committee, and aligned with the CIHR Act, for the system of governance to function more effectively.

Additionally, CIHR needs to more clearly identify the linkages and alignment between its strategic direction setting processes (e.g., Roadmap II) and its accountabilities, in order to clarify how these impact (or translate into) operational priorities and activities that effectively allocate resources.

1.5 Statement of Conformance

The Audit of Corporate Governance conforms with the Directive on Internal Audit, as supported by the results of the quality assurance and improvement program.

1.6 Disclosure of Potential Impairment to Independence and Objectivity

This disclosure is made to comply with IIA Standard 1130, which requires disclosure of potential impairments to independence and objectivity on the part of the Internal Audit function.

In his role of Director General, Performance and Accountability responsible for preparing the Corporate Risk Profile and gathering performance information for the agency, the Chief Audit Executive has a potential impairment of independence and objectivity impacting criteria 2.1, 2.2, and 2.7. As required by the CIHR Internal Audit Conflict of Interest Procedure, these potential impairments were disclosed to CIHR's Audit Committee which mitigated this potential conflict of interest though ongoing monitoring of activities throughout the conducting and reporting phases of the audit.  In addition, the Internal Audit function of the Natural Science and Engineering Research Council/Social Sciences and Humanities Research Council conducted a review of mitigation strategies to address this potential conflict of interest, with the results reported to Audit Committee prior to the approval of this report. Based on these activities, Audit Committee is satisfied that the potential impairments to the objectivity of the Chief Audit Executive did not impact the conduct or conclusions of the audit.

Internal Audit thanks management, staff members, Scientific Directors, and Governing Council members for their assistance and cooperation throughout the audit.

Ian Raskin
Chief Audit and Evaluation Executive
Canadian Institutes of Health Research

Dr. Michael Strong
President
Canadian Institutes of Health Research

Disclaimer

The audit was conducted between September 2016 and September 2017. A draft report was discussed at the March 2018 Audit Committee and it was agreed that a management response would be provided once CIHR’s leadership cadre was renewed.  A number of important organizational changes necessitated a delay in the management response including the arrival of a new President, changes in senior leadership, and Governing Council’s return to full membership. This delay has allowed management to respond to the audit recommendations in a proactive manner that reflects CIHR’s current strategic direction, priorities and focus.

2. Background

2.1 Organizational Context

In addition to the typical changes that are common in any government agency, CIHR has faced an unusually large number of developments over the past three years, which have had a significant impact on its strategic activities and goals.

Changes within CIHR's political landscape during the audit scope period included the election of a new government, the appointment of two Ministers of Health, and the public release of Ministerial Mandate Letters. Additionally, beginning in 2016, a new process for Governor in Council appointments was gradually implemented by the Government of Canada, which created significant delays in the appointment of Governing Council members, though quorum was maintained.

During the period of activities reviewed (April 1, 2014 through March 31, 2016), CIHR had partially implemented the Reform of Open Programs and Peer Review. These Reforms were met with a robust and largely negative reaction from the research community, culminating in a Minister-mandated meeting in July 2016 to discuss their concerns. This resulted in the establishment of an external Peer Review Working Group and numerous changes to the peer review system and its related processes. In February 2017, the International Peer Review Expert Panel Report was published with recommendations for the Government of Canada, CIHR's peer review process, and the structure of CIHR overall, including a recommendation to amend the CIHR Act to separate the role of Chair of Governing Council from that of President and Chief Executive Officer (this recommendation was enacted in June 2018 when Bill C-74 was given royal assent). Shortly thereafter, CIHR's President retired, and an acting President was appointed by Governing Council (with the approval of the Governor in Council) with a mandate to ensure business continuity during the transition and address the immediate concerns of the research community.

Finally, the Government of Canada's research funding landscape was the subject of a Fundamental Science Review. The final report contained recommendations that, if implemented, would impact CIHR governance directly (as well as its activities and interactions with other federal research funding agencies), and present implications for the coordination and administration of CIHR's programs.

2.2 Corporate Governance

Governance is a broad area of inquiry that can, in theory, address nearly every activity undertaken by an organization. According to the Institute of Internal Auditors:Footnote 2

"Governance is defined as the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the organization's activities toward the achievement of its objectives. In the public sector, governance relates to the means by which goals are established and accomplished. It also includes activities that ensure a public sector entity's credibility, establish equitable provision of services, and assure appropriate behavior of government officials – reducing the risk of public corruption."

Based on a risk assessment of CIHR's governance processes and the activities of other assurance providers, the decision was made to focus primarily on three lines of inquiry identified in Section 3.2 – strategic direction setting, monitoring of activities, and the operational aspects of governance.

2.3 Governance at CIHR

CIHR's objective is described by the CIHR Act:

"…to excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system."

("Objective," §4)

To guide and direct activities to achieve its objective, CIHR uses a variety of committees and individual positions and authorities defined in the CIHR Act, CIHR By-Law, and internal documents, to set priorities, oversee activities, review results, and deliver programs. The bodies responsible for governance, oversight, and implementation are detailed and defined in the following figure:

Figure 1 – CIHR Governance, Science and Management Committee Structure

Figure 1 – Long description

CIHR’s highest governing body is Governing Council. It is responsible for:

  • developing strategic directions, goals and policies;
  • evaluating performance and appointments of Scientific Directors and Institute Advisory Board members;
  • approving budgets;
  • providing advice to the Minister of Health; and
  • establishing, maintaining, terminating and providing mandates for CIHR Institutes.

Governing Council is assisted in its work by five governance committees:

  • Executive Committee: Provides oversight of key strategic activities
  • Audit Committee: Provides oversight of areas of risk, control, and accountability
  • Stem Cell Oversight Committee: Provides review of human stem cell research funding applications
  • Standing Committee on Ethics: Provides advice on the ethical, legal and socio-cultural dimensions of CIHR’s mandate, including emerging ethical issues
  • Nominating and Governance Committee: Oversees nomination process for members of Governing Council, governance committees, and Institute Advisory Boards

The President is responsible for the day-to-date management of CIHR.

The President is advised by two committees: Science Council and the Executive Management Committee.

Science Council is made up of the 13 Institute Scientific Directors and other members of CIHR senior management. It provides leadership on research and knowledge translation strategy. It is advised in turn by the Subcommittee on Implementation and Oversight, which oversees the development of research policy initiatives.

Executive Management Committee provides leadership on corporate policy and management. It is advised by the Extended Executive Management Committee, which assesses impacts of and approves operational strategies, policies, and procedures.

Of these committees, only Governing Council's accountabilities and membership are defined by the CIHR Act and By-Law. The rest operate through convention and corporate history with roles and responsibilities defined by each committee's Terms of Reference.

These committees are supported and complemented by a variety of sub-committees, management, or operational committees, the Institutes, and individual positions such as the President and Chief Financial Officer, which are accountable for specific responsibilities and duties defined in various policies, regulations, and laws.

3. Audit Objective, Scope, Risks, and Methodology

3.1 Objective

The objective of the audit was to provide assurance that CIHR's corporate governance activities were operating effectively and providing a strategic direction and oversight function for the organization. The objectives and lines of inquiry were drawn from the Institute of Internal Auditors' guidance on governance in the public sectorFootnote 3 and an assessment of risks and concerns regarding governance as highlighted by CIHR's senior management and executives.

3.2 Scope

The audit assessed three lines of inquiry related to CIHR's corporate governance:

The audit scope largely focussed on activities and materials produced between April 1, 2014 and March 31, 2016. However, as discussed in Section 2.1, CIHR has undergone significant changes in its operating environment, senior leadership, and relationship with its research community, which has necessitated a review of activities and materials before and after this period.

3.3 Risks Addressed by the Audit

Risks specific to corporate governance were identified and assessed by the Internal Audit Function, in consultation with senior management, and were approved by the CIHR Audit Committee. Broadly, these potential risks can be summarized as:

Consideration was also given to organizational risks as documented in CIHR's 2016–17 Corporate Risk Profile and the general risk categories as presented in the Treasury Board Guide to Risk Taxonomies.

3.4 Methodology and Criteria

The Internal Audit of Corporate Governance is part of the 2015–18 Risk-Based Audit Plan, as approved by CIHR's Governing Council at its 94th meeting on June 26, 2015.

The audit was conducted in accordance with the Federal Government's Policy on Internal Audit and related instruments. The principal audit techniques used included:

Controls were assessed as adequate if they were sufficient to minimize the risks that threaten the achievement of objectives. Detailed criteria are contained in the Appendix of this report.

The audit was conducted between September 2016 and September 2017.

3.5 Summary of Strengths

The following strengths were noted related to the overall operations of CIHR's corporate governance:

4. Observations, Recommendations, and Management Action Plan

As part of its response to the audit observations and recommendations, Management has provided the following preamble:

Since 2017, CIHR has undertaken a series of governance-related assessments and events in addition to this internal audit focused on governance activities between the period of April 1, 2014 to March 31, 2016. These have included:

These assessments coincided with numerous other governance-related changes including, but not limited to:

Given the findings of the assessments and the impact of recent events, CIHR has determined that a strengthening and renewal of its organizational governance is required.

Governance renewal is a two-year, CIHR-wide strategic and operational exercise intended to address how CIHR is organized to make decisions and the process for their implementation. The exercise includes:

For the purposes of the exercise, corporate governance, internal governance and supplemental governance are all within scope. Corporate governance refers to the Governor-in-Council appointed Governing Council and its committees. Internal governance refers to the permanent organizational management and operational committees, comprised of staff.

Governance renewal will also consider the ongoing role for the Governance Secretariat within CIHR and will aim to define and strengthen that role.

CIHR Executive Management agrees with all observations made in the Internal Audit of Corporate Governance. In the context of the CIHR governance renewal exercise, all observations made in this Internal Audit will be addressed.

During the course of the audit, other opportunities for improvement were identified that could strengthen systems of internal control, streamline operations, and/or enhance processes related to corporate governance. These observations will be documented in a management letter or incorporated into additional consulting work to occur after the approval of this report.

5. Appendix

The criteria used for this audit are as follows:

6. Glossary

The Audit Committee (AC) is a subcommittee of Governing Council responsible for providing advice and oversight of risk, control, and accountability activities at CIHR. Its membership is comprised of a Governing Council member (Chair), the President, and three external members. Its activities were reviewed as part of this audit.

The CIHR Act is the law enacted by Parliament to establish CIHR's existence in 2000, specifying CIHR's highest-level organizational structure and activities, including CIHR's mandate, the existence, membership, and duties of Governing Council, the Institutes, the President, etc.

The CIHR By-Law is an administrative extension of the CIHR Act to enable it to function as a corporation. It creates and defines a variety of committees, specifies certain delegations, and acts as a guide for agency activities.

Canadian Institutes of Health Research (CIHR) is the Government of Canada's primary source of grant funding for health and medical research, created by the CIHR Act in 2000.

A Corporate Risk Profile is a document that describes an organization's key risks (threats and opportunities), used to enhance senior leadership's analysis and decision making, to increase the likelihood that an organization's objectives will be achieved.

An environmental scan systematically surveys, summarizes, and interprets information relevant to a specific organization, its stakeholders, and its operating environment, to identify current and future risks (opportunities and threats). It is a foundational document for strategic planning.

The Executive Committee (EC) is a subcommittee of Governing Council responsible for setting the agenda for full Governing Council meetings and, subject to approval and appropriate delegations, acting for the whole of Governing Council in case of urgent business arising between full meetings. Its activities were reviewed as part of this audit.

The Extended Executive Management Committee (EEMC) is comprised of Director General-level positions, and is responsible for supporting and contributing to the activities of Executive Management Committee.

The Executive Management Committee (EMC) is made up of the President (Chair) and three CIHR Vice Presidents, whose responsibilities include supporting the strategic direction set by Governing Council, and providing leadership and decision-making for CIHR as an agency. Governance is the process by which an organization's activities are directed toward the achievement of its objectives, as well as being managed, and monitored, by successively higher levels of management and leadership.

Governance is comprised of the process and structures by which senior leadership (for CIHR, Governing Council and the Executive Management Committee) inform, direct, manage, and monitor an organization's activities to ensure objectives are achieved.

Governing Council (GC) is CIHR's highest leadership body made up of the President (Chair) and up to 18 Governor in Council appointed members, whose responsibilities include, among others, setting CIHR's strategic direction, establishing Institutes, and evaluating performance. Its activities were reviewed as part of this audit.

The Governor in Council process is used by the Governor General, in accordance with the Queen's Privy Council for Canada, to make appointment to agencies, crown corporations, and other Canadian institutions, and to perform related activities such as approving By-Laws.

Institute Advisory Boards are a group of advisory committees, with a mandate to provide both Institute-specific and cross-Institute advice to enhance Institute planning and community engagement. The number of Boards varied from 13 (one per CIHR Institute) to 5 (during the period when a smaller number of cross-cutting boards were established) and back to 13 between 2015 and the present. Members are representatives of a variety of external stakeholder groups, selected by the Nominating and Governance Committee. Their activities were not reviewed as part of this audit but changes to the model were discussed by interviewees during the audit.

The International Peer Review Expert Panel Report was produced after the largely negative reaction of the research community to the Reform of Open Programs and Peer Review, culminating in a July 2016 meeting between CIHR and its research stakeholders to address concerns.  Its purpose was to provide an independent, expert assessment of the changes to the design and adjudication of CIHR's investigator-initiated programs.

Management is the collective body of officers charged with directing and monitoring the activities of an organization. It is generally divided into operational management, who directly interact with the front line workers delivering services or support, and senior management, who set strategic and high-level operational direction. At CIHR, senior management is divided into Governing Council, which is responsible for long-term strategic activities, and Executive Management Committee, which operationalizes and delivers against Governing Council's direction.

Management Committee (MC) is responsible for ensuring best practices in management and supporting the activities of Extended Executive Management Committee, comprised of CIHR's Managers.

Nominating and Governance Committee (NGC) is a subcommittee of Governing Council responsible for overseeing the nomination process for members of Governing Council, its standing committees and working groups, and Institute Advisory Boards.

CIHR's Objective is defined in the Act (§4) as "…to excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system".

Operational activities are the aggregate actions taken on a day-to-day basis to ensure the long-term vision is met. Contrast with strategic activities.

Planning and monitoring is annual and granular, down to the activities of individual employees. Contrast with strategic activities.

CIHR's operational committees include Executive Management Committee (which has a bridging strategic role with Governing Council), Extended Executive Management Committee, and Managers' Committee, which meet frequently to set and execute operational strategies, address operational activities, and monitor operational results. Contrast with CIHR's strategic committees.

Operational management: see Management.

Operational planning is the process by which a multi-year strategic plan is converted into annual activities, with linked objectives, priorities, strategies, targets, timelines, and plans that include and allocate financial and human resources. In essence, it is the process by which a desired long-term future state is converted into the day to day activities of employees.

The Reforms, more fully known as the Reform of Open Programs and Peer Review, were a series of changes to the funding opportunity and peer review processes used by CIHR to distribute grant money. Activities ongoing from the Reforms have been continued as the EnaBleS project.

Departmental Results are defined in the Policy on Results as the changes departments seek to influence; they are long-term and often outside of the departments' control, but should be influenced by the short-term outputs at the program level (for CIHR, the specific funding programs, opportunities, and related grants). Results of CIHR's activities can include novel vaccines, pharmaceuticals, guidelines for health and medicine, and ultimately the improved health of Canadians.

A risk, according to the Treasury Board Guide to Risk Taxonomies, is "the effect of uncertainty on objectives". Risks can be positive (opportunities) or negative (threats).  Risk management is the process of systematically identifying, organizing, assessing, communicating, and mitigating or capitalizing on risks to set the best course of action in conditions of uncertainty.

Roadmap II (full title: Health Research Roadmap II: Capturing Innovation to Produce Better Health and Health Care for Canadians) is CIHR's current strategic plan, lasting from 2014-15–2018-19.  Roadmap II was approved by Governing Council in June, 2014, and expires March 31st, 2019. It specifies three strategic directions, and four research priorities.

Science Council (SC) is an advisory committee made up of the 13 Institute Scientific Directors, the President (Chair), and Vice Presidents, whose responsibilities include developing CIHR's scientific direction and recommending funding decisions for approval by the President.

Senior management: see Management.

Stakeholders: Individuals and groups with an interest in CIHR's activities, including but not limited to health researchers, Canadian citizens, health-related organizations, and industry.

The Standing Committee on Ethics (SCE) is a subcommittee of Governing Council that provides high-level strategic advice on ethical, legal, and socio-cultural aspects of CIHR's mandate. Its activities were not reviewed as part of this audit.

The Standing Committee on Implementation and Oversight (SCIO) is a subcommittee of Science Council that oversees research and research policy initiatives on behalf of Science Council. Its membership is comprised of a subset of Scientific Directors and Extended Executive Management Committee members, and its activities were reviewed as part of this audit.

The Stem Cell Oversight Committee (SCOC) is a subcommittee of Governing Council responsible for reviewing research applications using human-derived stem cell lines. Its activities were not reviewed as part of this audit.

Strategic activities are high-level, long-term, and define and monitor a strategic direction for an organization. Contrast with operational activities.

CIHR's strategic committees include Governing Council and its subcommittees, Science Council, and Executive Management Committee (which has a bridging operational role between Governing Council and CIHR's employees). Contrast with CIHR's operational committees.

A strategic direction is a long-term desired state, established and monitored by the highest levels of leadership of an organization, operationalized by management and employees.

Strategic planning is the process by which a strategic direction, a desired future state, is identified and developed into high-level priorities that extend across a multi-year horizon. It is complemented and implemented through annual operational planning.

Terms of reference document, at minimum, a committee or project's mandate, membership, and responsibilities, to ensure a common understanding of the purpose and activities undertaken by its members. It may also specify e.g., identity of the Chair, meeting frequency, quorum. All of CIHR's governance committees have terms of reference.

CIHR's Values are defined in its Code of Conduct, and include excellence in our work, scientific integrity and ethics in the research we fund, open, responsible, fair, and respectful collaboration with stakeholders, innovation and creativity in addressing health challenges, and acting in the public interest.

Date modified: