Corporate Social Responsibility Final Audit Report
4 Pages
English
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Corporate Social Responsibility Final Audit Report

-

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer
4 Pages
English

Description

EDC Internal Audit Driving Excellence in EDC through Assurance and Advice Corporate Social Responsibility Final Audit Report Report Nr. 5/08 August 29, 2008 Distribution: To: President & CEO Senior Vice President, Corporate Secretariat & Legal Services Senior Vice President, Human Resources Senior Vice President, Financing Products Group Senior Vice President and Chief Financial Officer, Finance General Counsel and Senior Assistant Secretary, Legal Services Vice President and Chief Economist Vice President, Organizational Effectiveness Viident & Corporate Controller Chief CSR Advisor Director, Political Risk Assessment Manager, Learning and Development Head, Corporate Responsibility Team Leader, Environmental Advisory Services CC: Senior Vice President, Business Development Senior Vice President, Insurance Senior Vice President, Business Solutions & Technology Vice President, Strategic Planning & Corporate Communications Director, Planning & Government Relations Principal, Office of the Auditor General Audit Team: Vice President Internal Audit J. King M. Ryan A. Lowe W. Schwarz EDC Internal Audit August 29, 2008 Corporate Social Responsibility Audit Page 2 of 4 Report #5/08 Introduction As per our FY2007 Audit Plan, EDC Internal Audit performed an audit of EDC’s Corporate Social Responsibility (CSR) program. CSR has been an operating principle at EDC for several years. ...

Subjects

Informations

Published by
Reads 20
Language English

Exrait



EDC Internal Audit
Driving Excellence in EDC through Assurance and Advice



Corporate Social Responsibility
Final Audit Report
Report Nr. 5/08
August 29, 2008


Distribution:

To:
President & CEO
Senior Vice President, Corporate Secretariat & Legal Services
Senior Vice President, Human Resources
Senior Vice President, Financing Products Group
Senior Vice President and Chief Financial Officer, Finance
General Counsel and Senior Assistant Secretary, Legal Services
Vice President and Chief Economist
Vice President, Organizational Effectiveness
Viident & Corporate Controller
Chief CSR Advisor
Director, Political Risk Assessment
Manager, Learning and Development
Head, Corporate Responsibility
Team Leader, Environmental Advisory Services

CC:
Senior Vice President, Business Development
Senior Vice President, Insurance
Senior Vice President, Business Solutions & Technology
Vice President, Strategic Planning & Corporate Communications
Director, Planning & Government Relations
Principal, Office of the Auditor General






Audit Team: Vice President Internal Audit
J. King M. Ryan
A. Lowe
W. Schwarz
EDC Internal Audit August 29, 2008
Corporate Social Responsibility Audit Page 2 of 4
Report #5/08


Introduction

As per our FY2007 Audit Plan, EDC Internal Audit performed an audit of EDC’s Corporate Social
Responsibility (CSR) program.

CSR has been an operating principle at EDC for several years. In 2004 EDC’s coordinated CSR initiative,
consisting of policies, processes and practices, was first included in the Corporate Plan. The CSR initiative
at EDC is structured and depicted based on the concept of five pillars as follows; Business Ethics,
Environment, Transparency, Community Investment, Organizational Climate. Under the environment
pillar, the Environmental Review Directive (ERD) is a legislative requirement contained in the Export
Development Act and is required to be audited once every five years by the Office of the Auditor General
(OAG). The total dollar value of transactions subject to the ERD in 2007 was $1553.5 million.

A corporate reorganization occurred in 2008 to create the position of Chief CSR Advisor. In addition to
having overall responsibility for all CSR activities at EDC, the Chief CSR Advisor is also responsible for
EDC’s public positioning of CSR, via various international meetings and meetings with the academic and
NGO communities.
Audit Objective & Scope

The objective was to provide assurance with respect to compliance with CSR policies, practices, and
processes and to evaluate if past recommendations made by the OAG were considered and implemented
where appropriate.

IA audit methodology consisted of documentation review, interviews and testing. IA engaged an external
firm, Gartner Lee Limited, with CSR and environmental expertise to complete substantive testing of 45
transactions for the environmental component of this audit. IA performed substantive testing on an
additional 25 transactions. Audit fieldwork was completed during February to June 2008 and the period
under review for the transaction testing was March 2007 to March 2008.

Internal Audit Opinion

1 2In our opinion the CSR initiative within EDC is Well Controlled . No major control issues were found
during the audit work. Overall, IA found compliance with CSR policies, practices and processes.

The legislated ERD process is well documented and executed as designed by the Corporation, specifically
Environmental Advisory Services (EAS). EAS practices such as, requiring environmental impact assessments
to meet industry standards, inclusion of environmental covenants in loan documentation and retaining

1 Our standard audit opinions are as follows:
Strong Controls: Key controls are effectively designed and operating as intended. Best in class internal controls exist.
Objectives of the audited process are most likely to be achieved.
Well Controlled: Key controls are effectively designed and operating as intended. Objectives of the audited process are
likely to be achieved.
Opportunities Exist to Improve Controls: One or more key controls do not exist, are not designed properly or are not
operating as intended. Objectives of the process may not be achieved. The financial and/or reputation impact to the
audited process is more than inconsequential. Timely action is required.
Not Controlled: Multiple key controls do not exist, are not designed properly or are not operating as intended. Objectives
of the process are unlikely to be achieved. The financial and/or reputation impact to the audited process is material.
Action must follow immediately.

2 Our audit findings are ranked as follows:
Major - a key control does not exist, is poorly designed or is not operating as intended and the financial and/or
reputation risk is more than inconsequential. The process objective to which the control relates is unlikely to be
achieved. Corrective action is needed to ensure controls are cost effective and/or process objectives are achieved.
Moderate - a key control does not exist, is poorly designed or is not operating as intended and the financial and/or
reputation risk to the process is more than inconsequential. However, a compensating control exists. Corrective action is
needed to avoid sole reliance on compensating controls and/or ensure controls are cost effective.
Minor - a weakness in the design and/or operation of a non-key process control. Ability to achieve process objectives is
unlikely to be impacted. Corrective action is suggested to ensure controls are cost effective.
EDC Internal Audit August 29, 2008
Corporate Social Responsibility Audit Page 3 of 4
Report #5/08

external expertise when EAS does not have in-house experience with the environmental impacts of a
particular activity, strengthen the control environment in that area.

IA also found that management oversight and assignment of responsibility resulted in the consideration
and implementation of all of the CSR related recommendations that were made in the Export
Development Canada Special Examination Report (2004) and the OAG Audit of Environmental Review at
EDC (2004).

During the course of our audit work IA identified some findings that were considered moderate. These are
detailed below with the associated recommendations.

Audit Findings & Recommendations

As outlined in the previous section, no major control deficiencies were noted during the audit. The audit
findings discussed below have been rated as moderate. The audit findings and recommendations have
been agreed to by management and in most cases, corrective actions are already in progress.

1. Performance Metrics and Reporting

EDC’s 2007 CSR report included reporting on 14 performance measures. IA assessed seven of these
measures in order to determine if they were clearly defined, calculated accurately, and supported by
reliable data. The measures selected by IA for review were considered objective and important from a
risk perspective.

Performance measures are established as a practice in the first quarter of the new performance year. The
measures are established by the corporate ‘owner’ of the CSR practice in consultation with the CSR
Advisor. At that time, ‘owners’ ensure the measure is relevant, meaningful and measurable. Data is
collected at various points throughout the year to track performance. There were findings related to the
documentation of the process and the collection of supporting data for five of the seven measures. IA did
not find that there was any incorrect reporting of metrics in the CSR report however, design of key
processes could be improved to ensure that a formalized process is in place to collect the data and that
evidence is retained to support re-performance of the calculations. IA recommends strengthening controls
relating to the annual performance reporting overall and for the areas of training and the disclosure
process.

2. Risk Assessment Processes and Methodology
CSR risk assessment processes at EDC includes Environmental, Reputation and Human Rights. The most
established of these processes are the environmental risk reviews.
2.1 Environmental Risk Assessments
EDC’s Environmental Policy provides that EDC will apply environmental review processes to assess the
degree of environmental risk associated with a given transaction. The two types of environmental risk
reviews conducted by EAS are the Corporate Environmental Risk Reviews (CERR) and Environmental Risk
Reviews (ERR). The CERR process has been developed for the purpose of assessing environmental risks
associated with general and multi-purpose corporate credit facilities which are not subject to EDC’s
Environmental Review Directive (ERD). The ERR methodology is also designed to assess environmental risks
associated with a given transaction that falls within certain financial thresholds. All CERRs and ERRs use
the risk rating methodology outlined in the EAS Corporate Manual.
In reviewing the above two processes, areas were identified where additional controls are recommended
to: ensure continual improvement in what are relatively new processes for EDC; achieve consistency in
implementation of processes between EAS personnel; and provide traceable justification for decisions
reached on transactions. EDC Internal Audit August 29, 2008
Corporate Social Responsibility Audit Page 4 of 4
Report #5/08

2.2 Reputation Risk Assessments
Corporate Responsibility has developed a formalized process to conduct Reputation Risk Assessments
(RRAs) with a goal of gauging public reaction to a transaction. Corporate Responsibility employees perform
RRAs using information from a variety of publicly available sources (i.e. Lexis, Nexis, Eureka, ISI, FP
Infomart, etc.). In conducting the audit, IA found that although EDC’s RRA process is formalized, the rigor
and consistency of the process has yet to be approved by the Executive. IA recommends that Corporate
Responsibility research and monitor best practices in preparing RRAs and use the results to improve the
consistency of the RRA process.
2.3 Human Rights Risk Assessments
EDC's Political Risk Assessment Department (PRAD) routinely conducts country- and project-level political
risk assessments that include an analysis of factors that influence human rights conditions in host
countries. An additional layer of due diligence is undertaken for investment projects and countries
assessed to have a higher potential for human rights issues. IA noted that although the HR risk assessment
process seems reasonable, since it is not formalized, controls in this area could be strengthened. IA
recommends that PRAD research, document and monitor best practices in preparing HR assessments and
use the results to seek approval from the Executive Sponsor to formalize the HR assessment process which
is currently in draft form.
3. CSR Training, Methodology and Controls in Transaction Systems
Training, documented methodology and business rules in IT systems are considered key controls in several
of the CSR aspects. Individuals in EDC responsible for conducting transactions have been educated about
Anti-Corruption, Environmental, RRA and HR assessments through the “CSR at EDC” course, through
regional training provided to BD employees, by information posted on Livewire, by the Centres of Expertise
(COEs), and on a transactional basis by experienced BD&O and EAS employees.

While training is conducted, IA noted that there has not been any analysis done with respect to the
adequacy of the content or frequency of that training for the Anti-Corruption program in particular. An
additional supporting control to accompany training is business rules imbedded in transaction systems. IA
noted that while the Anti-Corruption and Environmental review processes have flags in key transaction
systems to help identify potential requirements, the RRA and HR assessment processes do not have flags in
the transaction systems. These flags would assist those completing transactions in identifying when an
assessment is required. IA has recommended strengthening controls relating to training, methodology and
computer controls in the areas of AC, RRA and HR.


Best Practices

A best practice initiative identified during the audit was the establishment of an internal working group
which conducted a CSR Scorecard review in 2007 to assess EDC’s CSR initiative by benchmarking with other
Export Credit Agencies (ECAs) and financial institutions. There was evidence that the recommendations
resulting from that internal diagnostic review have been assigned owners and are being implemented
according to agreed timelines. A report documenting the progress of those recommendations was
prepared in January 2008 and presented to the Executive.
Conclusion

The audit findings and recommendations have been communicated to and agreed by management, who
have developed action plans that are scheduled for implementation no later than Quarter 2 2009. We
would like to thank management for their support throughout the audit.