The objective of the audit was to provide assurance that CIHR's corporate governance activities were operating effectively and providing a strategic direction and oversight function for the organization. The objectives and lines of inquiry are drawn from the Institute of Internal Auditors' guidance on governance in the public sectorFootnote 1 and an assessment of risks and concerns regarding governance as highlighted by CIHR's senior management.
1.2 Audit Scope
The audit assessed three lines of inquiry related to CIHR's corporate governance:
How CIHR sets and operationalizes its strategic direction to achieve CIHR's mandate (Line of Inquiry 1);
How CIHR's governance structures (committees and positions) oversee the execution and results of delivering against the strategic direction (Line of Inquiry 2); and
The design, efficiency, effectiveness, and transparency of the governance process itself (Line of Inquiry 3).
1.3 Findings
The following aspects of corporate governance require Governing Council and management's attention. These are presented along with the proposed actions to be taken by management to address the risks. The detailed observations, recommendations, and action plans are discussed in the report that follows this executive summary.
1.4 Overall Audit Opinion
CIHR has established a functioning system of governance in accordance with the terms of the CIHR Act, featuring a formally defined and documented hierarchal committee structure, supplemented by a variety of support mechanisms. However, the roles and responsibilities defined in this structure require clarification. The fundamental nature of its committees – as well as the interactions among those committees – must be clarified by Governing Council and the Executive Management Committee, and aligned with the CIHR Act, for the system of governance to function more effectively.
Additionally, CIHR needs to more clearly identify the linkages and alignment between its strategic direction setting processes (e.g., Roadmap II) and its accountabilities, in order to clarify how these impact (or translate into) operational priorities and activities that effectively allocate resources.
1.5 Statement of Conformance
The Audit of Corporate Governance conforms with the Directive on Internal Audit, as supported by the results of the quality assurance and improvement program.
1.6 Disclosure of Potential Impairment to Independence and Objectivity
This disclosure is made to comply with IIA Standard 1130, which requires disclosure of potential impairments to independence and objectivity on the part of the Internal Audit function.
In his role of Director General, Performance and Accountability responsible for preparing the Corporate Risk Profile and gathering performance information for the agency, the Chief Audit Executive has a potential impairment of independence and objectivity impacting criteria 2.1, 2.2, and 2.7. As required by the CIHR Internal Audit Conflict of Interest Procedure, these potential impairments were disclosed to CIHR's Audit Committee which mitigated this potential conflict of interest though ongoing monitoring of activities throughout the conducting and reporting phases of the audit. In addition, the Internal Audit function of the Natural Science and Engineering Research Council/Social Sciences and Humanities Research Council conducted a review of mitigation strategies to address this potential conflict of interest, with the results reported to Audit Committee prior to the approval of this report. Based on these activities, Audit Committee is satisfied that the potential impairments to the objectivity of the Chief Audit Executive did not impact the conduct or conclusions of the audit.
Internal Audit thanks management, staff members, Scientific Directors, and Governing Council members for their assistance and cooperation throughout the audit.
Ian Raskin
Chief Audit and Evaluation Executive
Canadian Institutes of Health Research
Dr. Michael Strong
President
Canadian Institutes of Health Research
Disclaimer
The audit was conducted between September 2016 and September 2017. A draft report was discussed at the March 2018 Audit Committee and it was agreed that a management response would be provided once CIHR’s leadership cadre was renewed. A number of important organizational changes necessitated a delay in the management response including the arrival of a new President, changes in senior leadership, and Governing Council’s return to full membership. This delay has allowed management to respond to the audit recommendations in a proactive manner that reflects CIHR’s current strategic direction, priorities and focus.
2. Background
2.1 Organizational Context
In addition to the typical changes that are common in any government agency, CIHR has faced an unusually large number of developments over the past three years, which have had a significant impact on its strategic activities and goals.
Changes within CIHR's political landscape during the audit scope period included the election of a new government, the appointment of two Ministers of Health, and the public release of Ministerial Mandate Letters. Additionally, beginning in 2016, a new process for Governor in Council appointments was gradually implemented by the Government of Canada, which created significant delays in the appointment of Governing Council members, though quorum was maintained.
During the period of activities reviewed (April 1, 2014 through March 31, 2016), CIHR had partially implemented the Reform of Open Programs and Peer Review. These Reforms were met with a robust and largely negative reaction from the research community, culminating in a Minister-mandated meeting in July 2016 to discuss their concerns. This resulted in the establishment of an external Peer Review Working Group and numerous changes to the peer review system and its related processes. In February 2017, the International Peer Review Expert Panel Report was published with recommendations for the Government of Canada, CIHR's peer review process, and the structure of CIHR overall, including a recommendation to amend the CIHR Act to separate the role of Chair of Governing Council from that of President and Chief Executive Officer (this recommendation was enacted in June 2018 when Bill C-74 was given royal assent). Shortly thereafter, CIHR's President retired, and an acting President was appointed by Governing Council (with the approval of the Governor in Council) with a mandate to ensure business continuity during the transition and address the immediate concerns of the research community.
Finally, the Government of Canada's research funding landscape was the subject of a Fundamental Science Review. The final report contained recommendations that, if implemented, would impact CIHR governance directly (as well as its activities and interactions with other federal research funding agencies), and present implications for the coordination and administration of CIHR's programs.
2.2 Corporate Governance
Governance is a broad area of inquiry that can, in theory, address nearly every activity undertaken by an organization. According to the Institute of Internal Auditors:Footnote 2
"Governance is defined as the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the organization's activities toward the achievement of its objectives. In the public sector, governance relates to the means by which goals are established and accomplished. It also includes activities that ensure a public sector entity's credibility, establish equitable provision of services, and assure appropriate behavior of government officials – reducing the risk of public corruption."
Based on a risk assessment of CIHR's governance processes and the activities of other assurance providers, the decision was made to focus primarily on three lines of inquiry identified in Section 3.2 – strategic direction setting, monitoring of activities, and the operational aspects of governance.
"…to excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system."
To guide and direct activities to achieve its objective, CIHR uses a variety of committees and individual positions and authorities defined in the CIHR Act, CIHR By-Law, and internal documents, to set priorities, oversee activities, review results, and deliver programs. The bodies responsible for governance, oversight, and implementation are detailed and defined in the following figure:
Figure 1 – CIHR Governance, Science and Management Committee Structure
Governing Council is made up of the President (Chair) and up to 18 Governor in Council appointed members, whose responsibilities include, among others, setting CIHR's strategic direction, establishing Institutes, and evaluating performance;
Governing Council is advised by five standing committees (Executive, Nominating and Governance, Ethics, Audit, and Stem Cell Oversight) to support its operations and activities in specific domains. The activities of the Stem Cell Oversight Committee and Standing Committee on Ethics were not reviewed as part of this audit.
Executive Management Committee is made up of the President (Chair) and three CIHR Vice Presidents, whose responsibilities include supporting the strategic direction set by Governing Council, and providing leadership and decision-making for CIHR as an agency;
Executive Management Committee is informed by the Director General level Extended Executive Management Committee.
Science Council is made up of the 13 Institute Scientific Directors, the President (Chair), and Vice Presidents, whose responsibilities include developing CIHR's scientific direction and recommending funding decisions for approval by the President;
Science Council is informed by the Standing Committee on Implementation and Oversight, comprised of a subset of Scientific Directors and Extended Executive Management Committee members.
Tri-Agency collaborations are responsible for the governance of programs funded jointly by CIHR and its sister federal research funding agencies (the Social Sciences and Humanities Research Council and Natural Sciences and Engineering Research Council).The inter-agency meetings between the Presidents and Vice Presidents of these agencies to coordinate activities are outside of the scope of the audit.
Of these committees, only Governing Council's accountabilities and membership are defined by the CIHR Act and By-Law. The rest operate through convention and corporate history with roles and responsibilities defined by each committee's Terms of Reference.
These committees are supported and complemented by a variety of sub-committees, management, or operational committees, the Institutes, and individual positions such as the President and Chief Financial Officer, which are accountable for specific responsibilities and duties defined in various policies, regulations, and laws.
3. Audit Objective, Scope, Risks, and Methodology
3.1 Objective
The objective of the audit was to provide assurance that CIHR's corporate governance activities were operating effectively and providing a strategic direction and oversight function for the organization. The objectives and lines of inquiry were drawn from the Institute of Internal Auditors' guidance on governance in the public sectorFootnote 3 and an assessment of risks and concerns regarding governance as highlighted by CIHR's senior management and executives.
3.2 Scope
The audit assessed three lines of inquiry related to CIHR's corporate governance:
How CIHR sets and operationalizes its strategic direction to achieve CIHR's mandate (Line of Inquiry 1);
How CIHR's governance structures oversee the execution and results of delivering against the strategic direction (Line of Inquiry 2); and
The design, efficiency, effectiveness, and transparency of the governance process itself (Line of Inquiry 3).
The audit scope largely focussed on activities and materials produced between April 1, 2014 and March 31, 2016. However, as discussed in Section 2.1, CIHR has undergone significant changes in its operating environment, senior leadership, and relationship with its research community, which has necessitated a review of activities and materials before and after this period.
3.3 Risks Addressed by the Audit
Risks specific to corporate governance were identified and assessed by the Internal Audit Function, in consultation with senior management, and were approved by the CIHR Audit Committee. Broadly, these potential risks can be summarized as:
CIHR's corporate governance activities may not be effectively supported, resulting in wasted effort, loss of corporate memory, failure to document and communicate critical decisions, and possible ethical violations;
CIHR's governance structures may not set a strategic direction, or the strategic direction may not be effectively supported through operational activities, resulting in CIHR failing to fulfil its mandate; and
CIHR may not monitor and react to internal and external activities that influence efforts to achieve its strategic direction, resulting in CIHR failing to fulfil its mandate.
Consideration was also given to organizational risks as documented in CIHR's 2016–17 Corporate Risk Profile and the general risk categories as presented in the Treasury Board Guide to Risk Taxonomies.
3.4 Methodology and Criteria
The Internal Audit of Corporate Governance is part of the 2015–18 Risk-Based Audit Plan, as approved by CIHR's Governing Council at its 94th meeting on June 26, 2015.
The audit was conducted in accordance with the Federal Government's Policy on Internal Audit and related instruments. The principal audit techniques used included:
Interviews with selected current and former management team members, Scientific Directors, Governing Council members, and staff of CIHR; and
The examination of relevant policies, legislation, reports, employee role profiles, meeting minutes, records of decision, organizational charts, and other documentation.
Controls were assessed as adequate if they were sufficient to minimize the risks that threaten the achievement of objectives. Detailed criteria are contained in the Appendix of this report.
The audit was conducted between September 2016 and September 2017.
3.5 Summary of Strengths
The following strengths were noted related to the overall operations of CIHR's corporate governance:
A governance structure exists and operates, comprised of numerous committees with defined Terms of Reference, extensive meeting documentation, and the recording of activities in the form of routine meeting minutes, matters for action, and decision making at the correct accountability level;
It was universally agreed that the Governance Secretariat provided competent and effective administrative support to CIHR's management and advisory committees; and
The broad array of stakeholders involved in CIHR's governance processes allows for thoughtful external reviews and discussions, with positive implications for the resulting decisions.
4. Observations, Recommendations, and Management Action Plan
As part of its response to the audit observations and recommendations, Management has provided the following preamble:
Since 2017, CIHR has undertaken a series of governance-related assessments and events in addition to this internal audit focused on governance activities between the period of April 1, 2014 to March 31, 2016. These have included:
Governance Secretariat Operational Review conducted by StrategyCorp (June 2017);
Governing Council (GC) Exit Interview study conducted by StrategyCorp (September 2017);
Legislative review of the CIHR Act (June 2018); and
External report to the President (Gale Report), A Path to Enhanced Governance (September 2018).
These assessments coincided with numerous other governance-related changes including, but not limited to:
executive leadership changes (appointment of new President, new Vice-President Research Programs, formalization of an Executive Vice-President role, shift in another Vice-President function; establishment of an Associate Vice-President, Research Operations – all in 2018);
considerable acting assignments and turnover in Extended Executive Management (Director General-level);
complete renewal of GC membership as of June 2018 and appointment process in progress for a new GC Chair;
legislative changes to the CIHR Act to separate Chair and President functions (June 2018); and
recruitment of six new Scientific Directors (of a possible 13) since February 2017.
Given the findings of the assessments and the impact of recent events, CIHR has determined that a strengthening and renewal of its organizational governance is required.
Governance renewal is a two-year, CIHR-wide strategic and operational exercise intended to address how CIHR is organized to make decisions and the process for their implementation. The exercise includes:
whose voices are included in the decision-making process and at what points in time;
how those decisions are actually made; and
who is accountable.
For the purposes of the exercise, corporate governance, internal governance and supplemental governance are all within scope. Corporate governance refers to the Governor-in-Council appointed Governing Council and its committees. Internal governance refers to the permanent organizational management and operational committees, comprised of staff.
Governance renewal will also consider the ongoing role for the Governance Secretariat within CIHR and will aim to define and strengthen that role.
CIHR Executive Management agrees with all observations made in the Internal Audit of Corporate Governance. In the context of the CIHR governance renewal exercise, all observations made in this Internal Audit will be addressed.
During the course of the audit, other opportunities for improvement were identified that could strengthen systems of internal control, streamline operations, and/or enhance processes related to corporate governance. These observations will be documented in a management letter or incorporated into additional consulting work to occur after the approval of this report.
5. Appendix
The criteria used for this audit are as follows:
Line of Inquiry 1: Setting Strategic Direction
1.1 There is a process by which a strategic direction for the organization is set, refreshed, and cascades into objectives, priorities, and initiatives.
1.2 CIHR's strategic direction, priorities, and activities align with those set by the Government of Canada.
1.3 CIHR's strategic direction, priorities, and activities are documented and communicated to internal and external stakeholders.
1.4 The strategic direction, policies, and activities are evidence-based, and incorporate input from relevant research, environmental scans, and non-government stakeholders in the medical research, treatment, and patient communities.
Line of Inquiry 2: Oversight
2.1 A systematic risk management process exists to inform corporate and strategic decision making, that includes accountability, authority, setting a risk tolerance, and monitoring.
2.2 There is a process in place to monitor the implementation, progress, and outcome of the strategic plan, including timelines and measurable and realistic results-oriented performance targets that are used to inform ongoing decision making, and dedicated staffing resources to support monitoring.
2.3 Governance entities and their delegates have sufficient authority, information, collective expertise, and time to assess CIHR's and the entity's performance against its mandate and strategic direction.
2.4 A process exists to set an ethical tone at the top, communicate this tone to employees, investigate ethical lapses, and report the results to a governing entity with the mandate and authority to respond.
2.5 There is a process to ensure that the Deputy Head and members of Senior Management meet the obligations found within the laws and policies of the Government of Canada.
2.6 CIHR's external and internal operating environment is monitored for events that may influence its activities or strategic direction.
2.7 Information on high-risk events, the results of audits and evaluations, and other relevant reports are brought to the attention of a governing entity with the mandate and authority to respond in a timely manner.
Line of Inquiry 3: Corporate governance operations
3.1 The authorities, accountabilities, and activities of governance entities are documented, shared with appropriate parties, and comply with the authorities granted in the CIHR Act and Bylaws.
3.2 Existing Terms of Reference, role profiles, or equivalent records, are adequate to address the activities of the governance entity, without overlaps or gaps in accountabilities.
3.3 Governance entity accountability documents are refreshed regularly to reflect existing and new accountabilities.
3.4 Decisions made by a governance entity are within that entity's mandate and authority, and occur within a timely manner.
3.5 Governance members have sufficient expertise and time to prepare for, and discuss items
3.6 Governance members are provided with information and training on their governance obligations.
3.7 Governance member turnover is monitored and timed to minimize the loss of corporate memory and ensure relevant expertise is available.
3.8 Information, discussion, and decision items are shared with the appropriate governance entities in an efficient manner.
3.9 There is a process to ensure governance decisions are adequately documented and recorded for accountability, corporate memory, and ATIP purposes.
3.10 There is a process to ensure governance entity members do not use their positions or access to information for personal gain.
6. Glossary
The Audit Committee (AC) is a subcommittee of Governing Council responsible for providing advice and oversight of risk, control, and accountability activities at CIHR. Its membership is comprised of a Governing Council member (Chair), the President, and three external members. Its activities were reviewed as part of this audit.
The CIHR Act is the law enacted by Parliament to establish CIHR's existence in 2000, specifying CIHR's highest-level organizational structure and activities, including CIHR's mandate, the existence, membership, and duties of Governing Council, the Institutes, the President, etc.
The CIHR By-Law is an administrative extension of the CIHR Act to enable it to function as a corporation. It creates and defines a variety of committees, specifies certain delegations, and acts as a guide for agency activities.
Canadian Institutes of Health Research (CIHR) is the Government of Canada's primary source of grant funding for health and medical research, created by the CIHR Act in 2000.
A Corporate Risk Profile is a document that describes an organization's key risks (threats and opportunities), used to enhance senior leadership's analysis and decision making, to increase the likelihood that an organization's objectives will be achieved.
An environmental scan systematically surveys, summarizes, and interprets information relevant to a specific organization, its stakeholders, and its operating environment, to identify current and future risks (opportunities and threats). It is a foundational document for strategic planning.
The Executive Committee (EC) is a subcommittee of Governing Council responsible for setting the agenda for full Governing Council meetings and, subject to approval and appropriate delegations, acting for the whole of Governing Council in case of urgent business arising between full meetings. Its activities were reviewed as part of this audit.
The Extended Executive Management Committee (EEMC) is comprised of Director General-level positions, and is responsible for supporting and contributing to the activities of Executive Management Committee.
The Executive Management Committee (EMC) is made up of the President (Chair) and three CIHR Vice Presidents, whose responsibilities include supporting the strategic direction set by Governing Council, and providing leadership and decision-making for CIHR as an agency. Governance is the process by which an organization's activities are directed toward the achievement of its objectives, as well as being managed, and monitored, by successively higher levels of management and leadership.
Governance is comprised of the process and structures by which senior leadership (for CIHR, Governing Council and the Executive Management Committee) inform, direct, manage, and monitor an organization's activities to ensure objectives are achieved.
Governing Council (GC) is CIHR's highest leadership body made up of the President (Chair) and up to 18 Governor in Council appointed members, whose responsibilities include, among others, setting CIHR's strategic direction, establishing Institutes, and evaluating performance. Its activities were reviewed as part of this audit.
The Governor in Council process is used by the Governor General, in accordance with the Queen's Privy Council for Canada, to make appointment to agencies, crown corporations, and other Canadian institutions, and to perform related activities such as approving By-Laws.
Institute Advisory Boards are a group of advisory committees, with a mandate to provide both Institute-specific and cross-Institute advice to enhance Institute planning and community engagement. The number of Boards varied from 13 (one per CIHR Institute) to 5 (during the period when a smaller number of cross-cutting boards were established) and back to 13 between 2015 and the present. Members are representatives of a variety of external stakeholder groups, selected by the Nominating and Governance Committee. Their activities were not reviewed as part of this audit but changes to the model were discussed by interviewees during the audit.
The International Peer Review Expert Panel Report was produced after the largely negative reaction of the research community to the Reform of Open Programs and Peer Review, culminating in a July 2016 meeting between CIHR and its research stakeholders to address concerns. Its purpose was to provide an independent, expert assessment of the changes to the design and adjudication of CIHR's investigator-initiated programs.
Management is the collective body of officers charged with directing and monitoring the activities of an organization. It is generally divided into operational management, who directly interact with the front line workers delivering services or support, and senior management, who set strategic and high-level operational direction. At CIHR, senior management is divided into Governing Council, which is responsible for long-term strategic activities, and Executive Management Committee, which operationalizes and delivers against Governing Council's direction.
Management Committee (MC) is responsible for ensuring best practices in management and supporting the activities of Extended Executive Management Committee, comprised of CIHR's Managers.
Nominating and Governance Committee (NGC) is a subcommittee of Governing Council responsible for overseeing the nomination process for members of Governing Council, its standing committees and working groups, and Institute Advisory Boards.
CIHR's Objective is defined in the Act (§4) as "…to excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system".
Operational activities are the aggregate actions taken on a day-to-day basis to ensure the long-term vision is met. Contrast with strategic activities.
Planning and monitoring is annual and granular, down to the activities of individual employees. Contrast with strategic activities.
CIHR's operational committees include Executive Management Committee (which has a bridging strategic role with Governing Council), Extended Executive Management Committee, and Managers' Committee, which meet frequently to set and execute operational strategies, address operational activities, and monitor operational results. Contrast with CIHR's strategic committees.
Operational management: see Management.
Operational planning is the process by which a multi-year strategic plan is converted into annual activities, with linked objectives, priorities, strategies, targets, timelines, and plans that include and allocate financial and human resources. In essence, it is the process by which a desired long-term future state is converted into the day to day activities of employees.
The Reforms, more fully known as the Reform of Open Programs and Peer Review, were a series of changes to the funding opportunity and peer review processes used by CIHR to distribute grant money. Activities ongoing from the Reforms have been continued as the EnaBleS project.
Departmental Results are defined in the Policy on Results as the changes departments seek to influence; they are long-term and often outside of the departments' control, but should be influenced by the short-term outputs at the program level (for CIHR, the specific funding programs, opportunities, and related grants). Results of CIHR's activities can include novel vaccines, pharmaceuticals, guidelines for health and medicine, and ultimately the improved health of Canadians.
A risk, according to the Treasury Board Guide to Risk Taxonomies, is "the effect of uncertainty on objectives". Risks can be positive (opportunities) or negative (threats). Risk management is the process of systematically identifying, organizing, assessing, communicating, and mitigating or capitalizing on risks to set the best course of action in conditions of uncertainty.
Roadmap II (full title: Health Research Roadmap II: Capturing Innovation to Produce Better Health and Health Care for Canadians) is CIHR's current strategic plan, lasting from 2014-15–2018-19. Roadmap II was approved by Governing Council in June, 2014, and expires March 31st, 2019. It specifies three strategic directions, and four research priorities.
Science Council (SC) is an advisory committee made up of the 13 Institute Scientific Directors, the President (Chair), and Vice Presidents, whose responsibilities include developing CIHR's scientific direction and recommending funding decisions for approval by the President.
Senior management: see Management.
Stakeholders: Individuals and groups with an interest in CIHR's activities, including but not limited to health researchers, Canadian citizens, health-related organizations, and industry.
The Standing Committee on Ethics (SCE) is a subcommittee of Governing Council that provides high-level strategic advice on ethical, legal, and socio-cultural aspects of CIHR's mandate. Its activities were not reviewed as part of this audit.
The Standing Committee on Implementation and Oversight (SCIO) is a subcommittee of Science Council that oversees research and research policy initiatives on behalf of Science Council. Its membership is comprised of a subset of Scientific Directors and Extended Executive Management Committee members, and its activities were reviewed as part of this audit.
The Stem Cell Oversight Committee (SCOC) is a subcommittee of Governing Council responsible for reviewing research applications using human-derived stem cell lines. Its activities were not reviewed as part of this audit.
Strategic activities are high-level, long-term, and define and monitor a strategic direction for an organization. Contrast with operational activities.
CIHR's strategic committees include Governing Council and its subcommittees, Science Council, and Executive Management Committee (which has a bridging operational role between Governing Council and CIHR's employees). Contrast with CIHR's operational committees.
A strategic direction is a long-term desired state, established and monitored by the highest levels of leadership of an organization, operationalized by management and employees.
Strategic planning is the process by which a strategic direction, a desired future state, is identified and developed into high-level priorities that extend across a multi-year horizon. It is complemented and implemented through annual operational planning.
Terms of reference document, at minimum, a committee or project's mandate, membership, and responsibilities, to ensure a common understanding of the purpose and activities undertaken by its members. It may also specify e.g., identity of the Chair, meeting frequency, quorum. All of CIHR's governance committees have terms of reference.
CIHR's Values are defined in its Code of Conduct, and include excellence in our work, scientific integrity and ethics in the research we fund, open, responsible, fair, and respectful collaboration with stakeholders, innovation and creativity in addressing health challenges, and acting in the public interest.