Meeting Documents Audit and Risk Committee ARC - 4 2017 · 10/5/2017 · Page2 We are providing...

THE REGIONAL MUNICIPALITY OF PEEL

AUDIT AND RISK COMMITTEE AGENDA ARC - 4/2017 DATE: Thursday, October 5, 2017 TIME: 11:00 AM – 12:30 PM LOCATION: Regional Council Chamber, 5th Floor Regional Administrative Headquarters 10 Peel Centre Drive, Suite A Brampton, Ontario MEMBERS: F. Dale; C. Fonseca; G. Miles; K. Ras; R. Starr; A. Thompson Chaired by Councillor Fonseca or Vice Chair Councillor Ras 1.

DECLARATIONS OF CONFLICTS OF INTEREST

2.

APPROVAL OF AGENDA

3.

DELEGATIONS

3.1. Trevor Ferguson, Audit Partner, Deloitte LLP, Presenting the Deloitte 2017 Audit Service Plan (See also Reports - Item 4.1)

4.

REPORTS

4.1. Deloitte 2017 Audit Service Plan (For information) (See also Delegations - Item 3.1)

4.2. Digital Strategy Audit and Assessment (For information) Presentation by Michelle Morris, Director, Internal Audit and Shaifa Kanji, Director, Service Innovation, Information and Technology – Client Delivery; and, David Telka, Managing Director, Public Service Digital Lead and Neil D’Souza, Managing Director, Technology Strategy Lead, Accenture

4.3. Child Care Fee Subsidy Audit (For information)

Presentation by Suzanne Finn, Director, Early Years and Child Care Services, Lynn Guo, Senior Internal Auditor

4.4. Vendor Performance Management Update (For information)

Presentation by Natasha Rajani, Director, Procurement, Finance

ARC-4/2017 -2- Thursday, October 5, 2017 5.

COMMUNICATIONS

6.

IN CAMERA MATTERS

7.

OTHER BUSINESS

8.

NEXT MEETING

December 7, 2017, 11:00 a.m. – 12:30 p.m. Council Chamber, 5th Floor Regional Administrative Headquarters 10 Peel Centre Drive, Suite A Brampton, Ontario

9.

ADJOURNMENT

eRegionIIIof Peelworking with you

Request for Delegation

FOHOFFICE USE ONLY

MEETING DATEYYYY/MM/DD MEETING NAMEAudit and Risk CommitteeOctober 5, 2017

Attention: Regional ClerkRegional Municipality of Peel10 Peel Centre Drive, Suite A

Brampton, ON L6T4B9Phone: 905-791-7800 ext. 4582 Fax: 905-791-1693

E-mail: council@~elregion.ca

REQUESTDATEYYYY/MM/DD

2017/09/07

NAME OF INDIVIDUAL(S)Mr. Trevor Ferguson

POSITION/TITLEAudit Partner

NAME OF ORGANIZATIONDeloitte LLP

E-MAIL

[email protected](416) 643-8282

EXTENSION FAXNUMBER

NAME OF INDIVIDUAL(S)

POSITION/TITLE NAME OFORGANIZATION

E-MAIL TELEPHONENUMBER EXTENSION FAXNUMBER

REASON(S)FORDELEGATIONREQUEST(SUBJECTMAnER TO BEDISCUSSED)To present the 2017 Deloitte Audit Service Plan.

I AM SUBMITIING A FORMAL PRESENTATION TO ACCOMPANY MY DELEGATION

IF YES, PLEASE ADVISE OF THE FORMAT OF YOUR PRESENTATION (ie POWERPOINTj -----------------------------DYES [8J NO

Note:

Delegates are requested to provide an electronic copy of all background material/presentations to the Clerk's Division atleast seven (7) business days prior to the meeting date so that it can be included with the agenda package. In accordancewith Procedure By-law 100-2012, as amended, delegates appearing before Regional Councilor Committee are requestedto limit their remarks to 5 minutes and 10 minutes respectively (approximately 5/10 slides).

Delegates should make every effort to ensure their presentation material is prepared in an accessible format.

Once the above information is received in the Clerk's Division, you will be contacted by Legislative Services staff to confirmyour placement on the appropriate agenda. Thank you.

Notice with Respect to the Collection of Personal Information(Municipal Freedom of Information and Protection of Privacy Act)

Personal information contained on this form is authorized under Section IV-4 of the Region of Peel Procedure By-law 100-2012 as amended, for the purpose ofcontacting individuals and/or organizations requesting an opportunity to appear as a delegation before Regional Councilor a Committee of Council. TheDelegation Request Form will be published in its entirety with the public agenda. The Procedure By-law is a requirement of Section 238(2) of the Municipal Act,2001, as amended. Please note that all meetings are open to the public except where permitted to be closed to the public under legislated authority. AllRegional Council meetings are audio broadcast via the internet and will be video broadcast on the local cable television network where video files will beposted and available for viewing subsequent to those meetings. Questions about collection may be directed to the Manager of Legislative Services, 10 PeelCentre Drive, Suite A, 5th floor, Brampton, ON L6T 4B9, (905) 791-7800 ext. 4462.

V-01-100 2017104

3.1 - 1

mailto:[email protected]

REPORT Meeting Date: 2017-10-05

Audit and Risk Committee

For Information

DATE: August 8, 2017

REPORT TITLE: DELOITTE 2017 AUDIT SERVICE PLAN

FROM: Stephen VanOfwegen, Commissioner of Finance and Chief Financial

Officer John Arcella, Deputy Treasurer, Peel Living

OBJECTIVE

To present the 2017 Audit Service Plan prepared by the Region’s external auditors, Deloitte, for the upcoming fiscal year ending December 31, 2017. REPORT HIGHLIGHTS

The attached 2017 Audit Service Plan has been prepared by the Region of Peel and Peel Housing Corporation’s external auditors, Deloitte, for the audit of fiscal year ending December 31, 2017.

The plan provides detailed information regarding Deloitte’s audit key elements, audit scope, audit approach and communication requirements to the Audit and Risk Committee.

The plan is similar to Deloitte’s 2016 audit approach.

DISCUSSION

Regional Council on June 23, 2016 approved the appointment of Deloitte LLP as the external auditors for fiscal years 2016 to 2020. The Peel Housing Corporation 2017 Annual Meeting of the Shareholder approved the appointment of Deloitte LLP as the Corporation’s Auditors for fiscal year 2017, on June 22, 2017. Deloitte has been the external auditors for both the Region and Peel Housing Corporation for the past seven years. The audit for fiscal 2017 for both the Region of Peel and Peel Housing Corporation will commence in the fall. Deloitte has prepared the attached audit planning report to provide the Audit and Risk Committee with the external audit approach, audit scope, materiality, audit risks and communication requirements. The audit approach is similar to the one presented last year. There are no new accounting standards which will become effective this year, impacting the 2017 financial statements. It is expected that the 2017 consolidated financial statements for

4.1 - 1

DELOITTE 2017 AUDIT SERVICE PLAN

- 2 -

the Region of Peel and the 2017 financial statements for Peel Housing Corporation will be presented to the Audit and Risk Committee in late April or early May 2018.

CONCLUSION

The 2017 external audit is expected to proceed as per the Audit Service Plan, as presented by Deloitte.

Stephen VanOfwegen, Commissioner of Finance and Chief Financial Officer

John Arcella, Deputy Treasurer, Peel Living Approved for Submission:

D. Szwarc, Chief Administrative Officer APPENDICES

Appendix I – Regional Municipality of Peel and Peel Housing Corporation 2017 Audit Service

Plan For further information regarding this report, please contact Monique Hynes, Acting Director, Corporate Finance & Deputy Treasurer, extension 4212, [email protected] Authored By: Monique Hynes

4.1 - 2

mailto:[email protected]

Deloitte

Regional Municipality of Peel and Peel HousingCorporation2017 Audit service planFor the year ending December 31, 2017To be presented to theAudit and Risk Committee

4.1 - 3

APPENDIX I DELOITTE 2017 AUDIT SERVICE PLAN

DeloitteDeloitte LLP400 Applewood CrescentSuite 500Vaughan ON L4K OC3Canada

Tel: 416-601-6150Fax: 416-601-6610www.deloitte.ca

August 22, 2017

Private and confidential

To the Members of the Audit and Risk CommitteeRegional Municipality of Peel10 PeelCentre DriveBrampton ON L6T 4B9

Re: 2017 Audit service plan

Dear Audit and Risk Committee Members,

We are pleased to present our 2017 audit service plan for the Regional Municipality of Peel (the "Region") and Peel Housing Corporation ("PHC"),which describes our audit scope and strategy, our audit approach and our planned communications with you.

Our audit will include:

• Consolidated financial statements of the Region as at, and for the year ending, December 31, 2017, prepared in accordance with Canadian PublicSector Accounting Standards ("PSAS")

• Financial statements of PHCas at, and for the year ending, December 31, 2017, prepared in accordance with Canadian Public Sector AccountingStandards ("PSAS")

• Financial statements of the Regional Municipality of PeelTrust Funds (the "Trust Funds") as at, and for the year ending, December 31,2017, and

• Financial statements of the Regional Municipality of Peel Debt Retirement and Sinking Funds (the "Debt Retirement and Sinking Funds") as at,and for the year ending, December 31, 2017.

herein after, collectively referred to as the "Financial Statements".

4.1 - 4


http://www.deloitte.ca

DeloitteRegional Municipality of PeelAugust 22, 2017Page 2

We are providing this audit service plan to the Regional Council through the Audit and Risk Committee ("the Committee") on a confidential basis. Itis intended solely for the use of the Committee to assist you in discharging your responsibilities with respect to the Financial Statements and is notintended for any other purpose. Accordingly, we disclaim any responsibility to any other party who may rely on it.

We look forward to discussing our Audit service plan with you and to answering any questions that you may have.

Yours truly,

~LLrChartered Professional AccountantsLicensed Public Accountants

4.1 - 5


Regional Municipality of Peel and Peel Housing Corporation I Table of contents

Table of contentsAudit plan at a glance 1

Our audit explained 2

Audit risks 4Appendix 1 - Audit approach 7

Appendix 2 - Communication requirements 14

Appendix 3 - Financial reporting update 16

© Deloitte LLPand affiliated entities.

4.1 - 6


Regional Municipality of Peel and Peel Housing Corporation I Audit plan at a glance

Audit plan at a glance

Audit objectives

Perform high quality audits, enabling us to express opinionson the 2017 Financial Statements

Understand and be responsive to the expectations of theCommittee and management

Communicate regularly and openly with the Committee andmanagement in accordance with professional standardsfocusing on audit risks and matters of special interest

Issue independent auditor's reports as required

Deliver services that assist the Region in meeting current andfuture accounting and regulatory requirements

Key aspects of service distinction

Enhance the value of our communications

Have frank, open and timely communications

Make and meet our commitments to the Region

Assemble the right team

Provide valuable insights from our audits

isk areas

Region of Peel

Revenue and deferred revenue amounts

Year-end cut-off

Tangible capital assets

Year-end accruals and other estimates (including salaries,employee future benefits, landfill closure and post-closureliability, contaminated sites and allowance for doubtfulaccounts)

Management override of controls

Peel Housing Corporation

Tenant and other receivables/revenue


Long-term debt

Key team members Role

Trevor Ferguson Engagement Partner

Scott Finkel Audit Senior Manager

© Deloltte LLP and affiliated entities.

4.1 - 7


Regional Municipality of Peel and Peel Housing Corporation [ our audit explained

Our audit explained

We are not currently aware of anysignificant events that wouldimpact the audits of the FinancialStatements for the December 31,2017 year end.

Audit scope and terms of engagementWe have been asked to perform audits of the financial statements of the Region, PHC, the Trust Funds and the DebtRetirement and Sinking Funds (collectively, the "Region") in accordance with Canadian Public Sector AccountingStandards ("PSAS") as at and for the year ending December 31, 2017.0ur audits will be conducted in accordance withCanadian Generally Accepted Auditing Standards ("Canadian GAAS").The terms and conditions of our engagements are described in our master services agreement dated July 22, 2016.We have scheduled the interim audit the week of October 23, 2017 and the year-end field work commencingFebruary 19, 2018.

MaterialityWe are responsible for providing reasonableassurance that your Financial Statements asa whole are free from materialmisstatement.Our materiality levels will be determinedusing professional judgement, on the basisof total revenues.We will report to the Committee alluncorrected misstatements greater than aclearly trivial amount (5% of materiality)and any misstatements that are, in ourjudgment, qualitatively material. Inaccordance with Canadian GenerallyAccepted Auditing Standards (GAAS), wewill request that misstatements, if any,be corrected.

2

Audit risksThrough our preliminary riskassessment process, we haveidentified the significant audit risks.These risks of material misstatementand related audit responses arediscussed in the "Audit Risks" sectionof this report.

When designing our audit strategy, we also considered:• The financial significance or relative importance of theconsolidated entities to your organization as a whole;

• The complexity and nature of the operations, internal controlsand accounting issues at each of the consolidated entities;

• The degree of centralization or decentralization of processes andcontrols including, the extent of relevant enterprise-levelcontrols; and

• The extent and nature of internal control deflclencies andfinancial statement misstatements identified in current andprevious periods at each of the consolidated entities.


4.1 - 8


Regional Municipality of Peel and Peel Housing Corporation l Our audit explained

We will develop our audit strategy to address the assessed risks of material misstatement due to fraud.Determining this strategy will involve:

1. Asking those involved in the financial reporting process about inappropriate or unusual activity.2. Testing a sample of journal entries throughout the period as well as adjustments made at the end of the

reporting period.

3. Identifying and obtaining an understanding of the business rationale for significant or unusualtransactions that are outside the normal course of business.

4. Evaluating whether your accounting policies may be indicative of fraudulent financial reporting resultingfrom management's effort to manage results.

5. Evaluating whether the judgements and declsions related to management estimates indicate a possiblebias.

6. Incorporating an element of unpredictability in selecting our audit procedures.We will also ask the Committee for their views about the risk of fraud, whether they know of any actual orsuspected fraud affecting the Region and their role in the oversight of management's antifraud programs.If we suspect fraud involving management, we will immediately inform the Committee of our suspicions anddiscuss the nature, timing, and extent of audit procedures necessary to complete the audits.

Use of specialists

Our audit team is supported with online resources as well as practice and national office specialists whoassist our team when dealing with more complex, technical accounting, auditing and reporting issues.We intend to use the work of the Region's actuary in their determination of the Region's post-employmentbenefits. We will review and test any data and assumptions used, ensure the disclosure in the financialstatements is adequate, and that the actuary is in good standing with the Canadian Institute of Actuaries.We also intend to use the work of the Region's specialist to determine the valuation of the Region's postclosure landfill liability and liability for contaminated sites determined in accordance with PSAS3260.

3

Compiete engagemer.t re orting

Under GAAS, we are required tocommunicate certain matters to theCommittee. The primary reports and formalcommunications through which we willaddress these matters are:• This Audit Service Plan• Year End Communication, and

• Our Independent auditor's reports on theFinancial Statements.

Further details on communicationrequirements can be found in Appendix 2.

Audit fees

Our fees are based on the scope of serviceas outlined in our proposal for auditservices dated May 19, 2016.

© Deloitte LLP and affiliated entities.

4.1 - 9


Regional Municipality of Peel and Peel Housing Corporation I Audit risks

Audit risks

During our risk assessment, we identified some areas of audit risk that will require special audit consideration. These areas of risk, together with ourplanned responses, are described below.

The following tables set out certain areas of audit risk that we identified during our preliminary planning activities, including our proposed responseto each risk. Our planned audit response is based on our assessment of the likelihood of a risk's occurrence, the significance should a misstatementoccur, our determination of materiality and our prior knowledge of the Region.

egion of PeelRevenue and deferred revenue amounts*

udit risk

Canadian Auditing Standards include the presumption of a fraud riskinvolving improper revenue recognition.

Year-end cut-off

Audit risk

Determine if cut-off of revenues and expenses is appropriate.


Audit risk

Appropriate accounting and disclosure.

4

Our audit response

• Substantive testing to determine if restricted contributions (i.e.,development charges, gas tax, conditional grants, etc.) have beenrecognized as revenue in the appropriate period.

Our audit response

• Substantive testing on accounts payable, accrued liabilities, deferredrevenue and accounts receivable, and

• Test disbursements subsequent to year-end.

Our audit response

• Test assumptions used in determining completeness, valuation, recordingand cut-off of 2017 additions and disposals, and

• Testing of calculations of amortization.

© Deloitte LLP and affiliated entities.

4.1 - 10


RegionalMunicipalityof Peel and Peel HousingCorporation I Audit risks

Year-end accruals and other estimates (including salaries, employee future benefits, landfill closure and post-closure liability,contaminated sites, and allowance for doubtful accounts)

Audit risk

Estimates require management judgments and assumptions.

Management override of controls*

Audit risk

Management override of controls is a presumed area of risk in a financialstatement audit due to management's ability to override controls thatotherwise appear to be operating effectively.

5

Our audit response

• Obtain documentation on management's control over accountingestimates and assess risk

• Review and assess the consistency of major assumptions used to developsignificant accounting estimates

• Compare actual historical experience to models employed in suchcalculations

• Obtain calculations from experts for accruals such as employee futurebenefit liability and landfill liability, and assess assumptions and data usedto prepare the report, and

• Review actual outcome of prior year estimates.

Our audit response

• Our audit tests the appropriateness of journal entries recorded in thegeneral ledger and other adjustments made in the preparation of financialstatements

• We will obtain an understanding of the business rationale for significanttransactions that we become aware of that are outside of the normalcourse of business, or that otherwise appear to be unusual given ourunderstanding of the Region and its environment

• We will review accounting estimates for bias and evaluate whether thecircumstances producing the bias, if any, represent a risk of materialmisstatement

• In addition, experienced Deloitte personnel will be assigned to the testingand review of journal entries and areas of estimates, and

• Professional skepticism will be maintained throughout the audit.

© Deloltte LLP and affiliated entities.

4.1 - 11


Regional Municipality of Peel and Peel Housing Corporation I Audit risks

Peel Housinq Coruor atioTenant and other receivables/revenue*

Audit r'sk

Canadian Auditing Standards include the presumption of a fraud riskinvolving improper revenue recognition. Valuation of tenant and otherreceivables.


Audit risk


Long-term debt

Audit risk


*These areas have been identified as areas of significant risk.

Our audit response

• Review aging reports and estimate allowance for doubtful tenantreceivables for reasonableness

• Confirm subsidies received from the Service Manager, and• Perform detail testing of tenant and other receivables and relatedrevenue.

Our audit response

• Substantive testing of capital asset additions and disposals, and

• Testing of calculations of amortization.

Our audit response

• Confirm long-term debt balances, and• Recalculate interest.

We will inform you of any significant changes to the areas of audit risk discussed above and the reasons for those changes as part of our year endcommunication, or earlier if deemed necessary.

6 © Deloitte LLP and affiliated entities.

4.1 - 12


Regional Municipality of Peel and Peel Housing Corporation I Appendix 1 - Audit approach

Appendix 1 Audit approach

Deloitte's audit approach is a systematic methodology that enables us to tailor our audit scope and plan to address the unique issues facing theRegion.

The following steps are not necessarily sequential nor are they mutually exclusive. For example, once we've developed our audit plan and the auditsare being performed, we may become aware of a risk that was not identified during the planning phase. Based on that new information, we wouldreassess our planning activities and adjust the audit plan accordingly.

1. Initial planning

The Deloitte's audit approach begins with an extensive planning process that includes:

• Assessing your current business and operating conditions

• Understanding the composition and structure of your business and organization

• Understanding your accounting processes and internal controls

• Understanding your information technology systems

• Identifying potential engagement risks

• Planning the scope and timing of internal control and substantive testing that take into account the specific identified engagement risks, and

• Coordinating our activities with external parties and experts and/or Deloitte specialists.

Our Audit will take into account specific items of particular interest raised by the Committee as well as areas of concern identified by the Committeeor management.

2. Assessing and responding to engagement risk

Our audit approach combines an ongoing identification of risks with the flexibility to adjust our approach when additional risks are identified. Sincethese risks may impact our audit objectives, we consider materiality in our planning to focus on those risks that could be significant to your financialreporting.

7© Deloitte LLP and affiliated entities.

4.1 - 13



Risk assessmentWe compile information from a variety of sources, including discussions with management and the Committee, to identify risks to the Region'sfinancial reporting process that may require attention. Our preliminary risk assessment takes into account:

• Key business developments and transactions (internal and external)

• Current business, regulatory and accounting pronouncements and developments

• Key management strategies and business plans

• Prior years' audit results

• Results of procedures relating to internal control, and

• Areas of significant risk.The risks that we have identified to date, and which will be addressed when conducting the audits, are summarized in the "Audit risks" section. Aswe perform our audits, we will update our risk assessment. We will inform the Committee of any significant changes to our risk assessment, and anyadditional risks that we identified, in our year end communication, or earlier if deemed necessary.

Consideration of the risk of fraudMaintaining an attitude of professional skepticism means that we carefully consider the reasonableness of the responses we receive to our inquiriesfrom the Committee, and evaluate other information obtained from them in light of the evidence we obtain during the audits. When we identify amisstatement or control deficiency, we consider whether it may be indicative of fraud and what the implications of fraud and significant error are inrelation to other aspects of the audits, particularly the reliability of management representations.

Because of the inherent limitations of internal control, including the possibility of collusion or improper management override of controls, it ispossible that material misstatements due to error or fraud may not be prevented or detected on a timely basis. Accordingly, the assurance anauditor provides concerning the lack of misstatements arising from fraud is necessarily lower than the assurance provided concerning those arising

from an error.

Misstatements in the Financial Statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether theunderlying action that results in the misstatement of the Financial Statements is intentional or unintentional.

© De\oitte LLP and affiliated entities.8

4.1 - 14



The following table explains our respective responsibilities towards fraud.

Your responsibilities Our responsibilities

• The primary responsibility for the prevention and detection of fraud restswith management and the Committee, including the responsibility forestablishing and maintaining internal controls over the reliability offinancial reporting, ensuring the effectiveness and efficiency of operations,the identification of fraud risks and compliance with applicable lawsand regulations.

• We are required to obtain representations from management regardinginternal controls, assessment of risk and any known or suspected fraudor misstatement.

• As independent auditors, we will obtain reasonable, but not absolute,assurance that the Financial Statements as a whole are free from materialmisstatement, whether caused by fraud or error.

In determining our Audit strategy to address the assessed risks of material misstatement due to fraud, we will:

• Assign and supervise personnel, taking into account the knowledge, skill and ability of individuals with significant engagement responsibilitiesand our assessment of the risks of material misstatement due to fraud for the engagement

• Evaluate whether the Region's selection and application of accounting policies, particularly those related to subjective measurements andcomplex transactions, may be indicative of fraudulent financial reporting resulting from management's effort to manage results, and

• Incorporate an element of unpredictability when selecting the nature, timing and extent of our audit procedures.

We will inquire directly of the Committee regarding:

• Its views about the risk of fraud

• Whether it has knowledge of any actual or suspected fraud affecting the Region, and

• The role it exercises in the oversight of fraud risk assessment and the establishment of mitigating controls.

We will also inquire if the Committee is aware of tips or complaints regarding the Region's financial reporting and, if so, the Committee's responsesto such tips and complaints and whether it is aware of matters relevant to the audits, including, but not limited to, violations or possible violations oflaws or regulations.

If we suspect fraud involving management, we will communicate these suspicions to the Committee and discuss the nature, timing, and extent ofaudit procedures necessary to complete the audits.


4.1 - 15



Information technologyAn important part of our audit planning process involves gaining an understanding of:

1. The importance of the computer environment relative to the risks to financial reporting

2. The way in which that environment supports the control procedures we intend to rely on when conducting our audits, and

3. The computer-based information that supports our substantive procedures.

The objective of our review of computer controls is to identify potential areas of risk and assess the relevance, reliability, accuracy and completenessof the data produced by the systems. We also assess the design and implementation of controls relevant to the computer environment anddetermine the reliability of the financial information used to generate the Financial Statements. To accomplish this, we gain an up-to-dateunderstanding of the Region's computer processing environment and our understanding of the relevant general computer controls.

We will assess the design and implementation of general computer controls in the following areas:

1. Data centre and network operations

2. System software acquisition, change and maintenance

3. Program change

4. Access security, and

5. Application system acquisition, development, and maintenance.

3. Developing and executing the Audit planThe performance of the audits include evaluating the design and determining the implementation of internal controls relevant to the audit, testingthe operational effectiveness of the controls we intend to rely on and performing substantive audit procedures.

Audit proceduresThe timing of our audit procedures is dependent upon a number of factors including the need to coordinate with management for the provision ofsupporting analysis and other documentation. Generally, we perform our audit procedures to allow us sufficient time to identify significant issues

early, thereby allowing more time for analysis and resolution.


4.1 - 16



Tests of controls

As part of our audits, we will review and evaluate certain aspects of the systems of internal control overfinancial reporting to the extent we consider necessary in accordance with Canadian GAAS. The mainobjective of our review is to enable us to determine the nature, extent and timing of our audit tests andestablish the degree of reliance that we can place on selected controls. An audit of the Financial Statementsis not designed to determine whether internal controls were adequate for management's purposes or toprovide assurance on the design or operational effectiveness of internal control over financial reporting.

The extent to which deficiencies in internal control may be identified through an audit of FinancialStatements is influenced by a variety of factors including our assessment of materiality, our preliminaryassessment of the risks of material misstatement, our audit approach, and the nature, timing and extent ofthe auditing procedures that we conduct. Accordingly, we gain only a limited understanding of controls as aresult of the procedures that we conduct during an audit of Financial Statements.

We will inform the Committee and management of any significant deficiencies that are identified in thecourse of conducting the audits.

Substantive audit proceduresOur substantive audit procedures consist of a tailored combination of analytical procedures and detailedtests of transactions and balances. These procedures take into account the results of our controls tests andare designed to enable us to obtain reasonable assurance that the Financial Statements are free frommaterial misstatements. To obtain this assurance, misstatements that we identify while performingsubstantive auditing procedures will be considered in relation to the Financial Statements as a whole. Anymisstatements that we identify, other than those that are clearly trivial (the threshold has been set at 5% ofmateriality), will be reported to management and the Committee. In accordance with Canadian GAAS, wewill request that misstatements be corrected.

Use of the work of specialistsThe Deloitte audits are distinguished by the use of a broad range of industry and functional specialists whoare integral to the audit team and carry a deeper understanding of specific topics. These specialists augmentthe core engagement audit team in understanding business processes and related risks, and help the auditengagement team apply an appropriate level of professional skepticism to challenge significant managementassumptions.

Our specialists are actively involved in the planning and risk assessment process, and will be available to theaudit team and the Region's management year-round to discuss ongoing risk assessments, industry developments and other matters of interest.

11© Delaitte LLP and affiliated entities.

4.1 - 17



4. eporting and assessing performancePerform post-engagement activitiesWe will analyze the results of the audit procedures performed throughout the year and, prior to rendering our report, we will conclude whether:

• The scope of the audits was sufficient to support our opinion, and

• The misstatements identified during the audits do not result in the Financial Statements being materially misstated.

IndependenceWe have developed important safeguards and procedures to protect our independence and objectivity. If, during the year, we identify a breach ofindependence, we will communicate it to you in writing. Our communication will describe the significance of the breach, including its nature andduration, the action taken or proposed to be taken, and our conclusion as to whether or not the action will satisfactorily address the consequences ofthe breach and have any impact on our ability to serve as independent auditor to the Region.

We continue to be independent of the Region and we will reconfirm our independence, in writing, to the Committee as part of our year-end

communication document.

Complete engagement reportingAfter the satisfactory completion of appropriate audit procedures, we will provide our Independent auditor's reports on the Region's financial

statements as noted in the cover letter to this document.

We also provide reports to the Committee to assist you in fulfilling your responsibilities as required by applicable auditing standards. Appendix 2

summarizes the required communications between Deloitte and the Committee.

Deloitte's client service principles include providing management and the Committee with insights into the condition of the business and offeringmeaningful suggestions for improvement that come to our attention during the audit. We will report these insights and suggestions to theappropriate members of management and/or the Committee for their consideration.

To enable us to determine how well we have achieved our client service objectives, including an assessment of the quality of our audit engagement,we actively solicit feedback from our clients. This feedback will be obtained either through meetings with members of the Committee and

management or their completion of questionnaires.

Your feedback enhances our understanding of your expectations of us through your evaluation of our performance. The information you providehelps us refine our client service objectives to ensure that we remain focused, responsive and proactive in meeting your needs while fulfilling our

professional responsibilities.

© Deloitte LLP and affiliated entities.12

4.1 - 18



5. leveraging technology

Our audit approach utilizes fully automated, paperless audit software where information and supporting schedules are prepared and exchangedelectronically. Our audit software facilitates leveraging what the Region already prepares as part of account analysis and financial closings and allowsus to share files and work papers with our engagement team members. We use other web-based connectivity tools and file interrogation software toquickly and comprehensively analyze data.

Our audit software supports the full lifecycle of an audit engagement. The proprietary software we use is globally connected and allows for real-timetracking, ultimately providing better status reporting to our clients. Our software leverages industry guidance and knowledge so that we tailor ourapproach in a meaningful way to reflect the nuances of our clients' businesses. Our ability to customize our software to each client's specificsituation enables us to have more engaging business conversations. In addition, our software allows us to track findings and observations notedthroughout the course of our audits, enabling us to provide our clients with more meaningful insights and discuss any issues as they arise with fewersurprises.

The tools described in the following table help us determine our audit scope, prepare consistent audit work papers and files, conduct analyticalprocedures, select data for testing, accumulate audit results, and monitor progress to provide for the timely completion of tasks. In addition, weintend to make full use of the Region's own technologies to gain further efficiencies.

Technology Description Benefits

Engagement Management System Deloitte's audit software, incorporating audit-specific templates, reference materials, supportdocuments, and management insights

Rapid and effective electronic transfer ofinformation among the audit team members

Deloitte Technical Library A comprehensive online compilation of accountingand financial disclosure literature that allowsDeloitte to research specific accounting issues andfunctions through access to authoritative literaturefrom pertinent regulatory bodies, as well as ourown interpretations and guidance

The extensive accounting and reporting guidancehelps support the quick and efficient research ofcomplex accounting matters

Deloitte Online A secure, interactive knowledge-sharing andproject collaboration platform for our engagementteams and clients

Allows information, leading practices, and ideas tobe disseminated; supports efficient access,interactive productivity, and communication

13 © Oelortte LLP and affiliated entities.

4.1 - 19


Regional Municipality of Peel and Peel Housing Corporation I Appendix 2 - Communication requirements

Appendix 2 Communication requirements

Required communication eference

Audit service plan

1. Our responsibilities under GAAS, including forming and expressing an opinion on the financial statements. CAS 260.14.

2. An overview of the overall audit strategy, addressing:a. Timing of the auditsb. Significant risks, including fraud risksc. Nature and extent of specialized skill or knowledge needed to perform the planned audit procedures related

to significant risk, andd. Names, locations, and planned responsibilities of other independent public accounting firms or others that

perform audit procedures in the audits.

CAS 260.15.

3. Significant transactions outside of the normal course of business, including related party transactions. CAS 260 App. 2, CAS 550.27.

Enquiries of those charged with governance

4. How those charged with governance exercise oversight over management's process for identifying and CAS 240.20responding to the risk of fraud and the internal control that management has established to mitigate these risks

5. Any known suspected or alleged fraud affecting the Region CAS 240.21

6. Whether the Region is in compliance with laws and regulations CAS 250.14

Year end communication

7. Fraud or possible fraud identified through the audit process. CASl 240.40-.42.

8. Significant accounting policies, practices, unusual transactions, and our related conclusions. CAS 260.16 a.

9. Alternative treatments for accounting policies and practices that have been discussed with management duringthe current audit period.

CAS 260.16 a.

10. Matters related to going concern. CAS 570.23.

1 CAS:CanadianAuditing Standards - CASare issued by the Auditing and AssuranceStandards Board of CPACanada

14 © Deloitte LLP and affiliated entities.

4.1 - 20


Regional Municipality of Peel and Peel Housing Corporation I Appendix 2 - Communication requirements

Required communication Reference

11. Management judgments and accounting estimates. CAS 260.16 a.

12. Significant difficulties, if any, encountered during the audits. CAS 260.16 b.

13. Material written communications between management and us, including management representation letters. CAS 260.16 c.

14. Other matters that are significant to the oversight of the financial reporting process. CAS 260.16d.

15. Modifications to our Independent Auditor's Reports. CAS 260.A18.

16. Our views of significant accounting or auditing matters for which management consulted with other accountants CAS 260.A19.and about which we have concerns.

17. Significant matters discussed with management. CAS 260.A.19.

18. Matters involving non-compliance with laws and regulations that come to our attention. CAS 250.23.

19. Significant deficiencies in internal control, if any, identified by us in the conduct of the audit of the financial CAS 265.statements.

20. Uncorrected misstatements and disclosure items. CAS 450.12-13.

21. Any significant matters arising during the audit in connection with the Region's related parties CAS 550.27

15 © Deloitte LLP and affiliated entitles.

4.1 - 21


Regional Municipality of Peel and Peel Housing Corporation I Appendix 3 - Financial reporting update

Appendix 3 Financial reporting update

The following is a summary of certain new standards, amendments and proposals that will become effective in 2017 and beyond.

To review all recent amendments that will impact your organization in the foreseeable future, we invite you to review our revamped St(l_r1cia__rg-

seW_n_g8_(;_tJvi!lcS_QL~st,included in our Centre for Financial Reporting (ww\N-,cfr.cJQjQI_tte__._Ql).

Title Description Effective date

Section PS 3380 -Contractual rights

This new section was published by PSAB in June 2015. It defines andestablishes disclosure standards on contractual rights; but does notinclude disclosure standards for specific types of contractual rights; anddoes not include those contractual rights to exchange one asset foranother where revenue does not arise.

This section applies to fiscal years beginning onor after April 1, 2017. Earlier adoption ispermitted.

Section PS 3320 -Contingent assets

This new section was published by PSAB in June 2015. It defines andestablishes disclosure standards on contingent assets; but does notinclude disclosure standards for specific types of contingent assets.

This Section applies to fiscal years beginning onor after April 1, 2017. Earlier adoption ispermitted.

Section PS 3420 - Inter-entity transactions

This new section was published by PSAB in March 2015. It establishesstandards on how to account for and report transactions between publicsector entities that comprise a government's reporting entity from both aprovider and recipient perspective.

This Section applies to fiscal years beginning onor after April 1, 2017. Earlier adoption ispermitted.

Section PS 2200 - Relatedparty disclosures

This new section was published by PSAB in March 2015. It defines arelated party and establishes disclosures required for related partytransactions.

This Section applies to fiscal years beginning onor after April 1,2017. Earlier adoption ispermitted.

Section PS 3210 - Assets This new section was published by PSAB in June 2015. It providesguidance for applying the definition of assets and establishes generaldisclosure standards for assets; but does not include standards forrecognition and disclosure of specific types of assets, which are dealt within other Handbook Sections.

This section applies to fiscal years beginning onor after April 1, 2017. Earlier adoption ispermitted.


4.1 - 22


Regional Municipality of Peel and Peel Housing Corporation I Appendix 3 - Financial reporting update

Title Description Effective date

Section PS 3430 -Restructuring transactions

This new section was published by PSAB in June 2015. It establishesstandards on how to account for and report restructuring transactions byboth transferors and recipients of assets and/or liabilities, together withrelated program or operating responsibilities.

This section applies to restructuring transactionsoccurring in fiscal years beginning on or afterApril 1, 2018. Earlier adoption is permitted.

Section PS 1201 - Financialstatement presentation This section is effective when Sections PS 2601

and PS 3450 are adopted.This new section was published by PSAB in June 2011. It revises andreplaces Section PS 1200 Financial statement presentation. It establishesgeneral reporting principles and standards for the disclosure ofinformation in government financial statements.

Section PS 2601 Foreigncurrency translation.

This section establishes standards on how to account for and reporttransactions that are denominated in a foreign currency in governmentfinancial statements.

This Section is effective for fiscal yearsbeginning on or after April 1, 2019 except forgovernment organizations that applied the CPACanada Handbook - Accounting prior toadopting the CPACanada Public SectorAccounting Handbook. Earlier adoption ispermitted when adopting Sections PS 1201 andPS 3450.

Section PS 3041 This section establishes standards on how to account for and reportportfolio investments in government financial statements.

This Section is effective when Sections PS 1201,PS 2601 and PS 3450 are adopted.

Section PS 3450 - Financial This new section was published by PSAB in June 2011. It establishesinstruments standards on how to account for and report all types of financial

instruments including derivatives.

This section is effective for fiscal yearsbeginning on or after April 1, 2019 except forgovernment organizations that applied the CPACanada Handbook - Accounting prior toadopting the CPACanada Public SectorAccounting Handbook. Earlier adoption ispermitted when adopting Sections PS 1201 andPS 2601.


4.1 - 23


Deloittewww.deloitte.caDeloitte, one of Canada's leading professional services firms, providesaudit, tax, consulting, and financial advisory services. Deloitte LLP,anOntario limited liability partnership, is the Canadian member firm ofDeloitte Touche Tohmatsu Umited.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Umited, aUK private company limited by guarantee, and its network of memberfirms, each of which is a legally separate and independent entity. Pleasesee www.deloitte.com/about for a detailed description of the legalstructure of Deloitte Touche Tohmatsu Limited and its member firms.


4.1 - 24


http://www.deloitte.ca

http://www.deloitte.com/about



For Information

DATE: September 25, 2017

REPORT TITLE: DIGITAL STRATEGY AUDIT AND ASSESSMENT

FROM: Michelle Morris, Director, Internal Audit

OBJECTIVE

To inform the Audit and Risk Committee of the results of the Digital Strategy Audit and Assessment. REPORT HIGHLIGHTS

The objective of the audit was to determine if management has adequate governance processes in place to mitigate the risks to achieving a successful digital strategy implementation.

As part of the audit, a consultant was hired to conduct an assessment of the Region of Peel’s approach to implementing the digital strategy.

There are several areas where governance and controls can be strengthened while transitioning the Region of Peel (Region) to digital technology, including: o Defining the digital strategy, goals and outcomes; o Creation of a business technology governance framework; o Improving the digital technology selection process; and, o Formalizing roles and responsibilities for application licensing and management.

As noted in the assessment, these improvements can be leveraged with the organizational commitment to digital as well as the strengths of a dedicated team.

DISCUSSION 1. Background

On February 12, 2015 Regional Council approved the three year Digital Strategy 2015-2017. The Digital Strategy takes into account Regional residents and businesses growing reliance and expectation of digital and online services. As such, the Digital Strategy is based on five key themes:

1. Excellent customer service 2. Improved and secure technology 3. Managing and using the information 4. Agile and responsive systems

4.2 - 1

DIGITAL STRATEGY AUDIT AND ASSESSMENT

- 2 -

5. Cost-effective implementation. The Digital Strategy involved adopting a platform approach to technology rather than individual solutions. A platform is a foundation for running computer applications and storing data, and is run on data centres owned by a third-party service provider accessed via the Internet. One of the goals of the Digital Strategy is to consolidate and streamline applications and data, deliver efficiencies, improve service and over time reduce reliance on the approximately 1,900 computer applications used across the organization. An audit of the Digital Strategy was included in the 2016 Internal Audit Risk Based Work Plan to review the risks and controls with adopting a new platform approach. As part of the audit, a consultant was hired to conduct an assessment of the Region’s method of implementing the digital strategy.

2. Audit Objective

The overall objective of the audit was to determine if management has adequate governance processes in place to mitigate the risks to achieving a successful digital strategy implementation.

Specifically, the audit focused on assessing the efficiency and effectiveness of:

• Vendor contract management to provide assurance the terms and conditions protect the Region;

• Digital software application implementation, including agile project management; and,

• Results reported on the progress of the Digital Strategy to provide assurance the

information is timely, complete, open and transparent. The audit was conducted in accordance with the ‘International Standards for the Professional Practice of Internal Auditing’.

3. Audit Observations and Management Response

There are several areas where governance and controls can be improved and they are noted below. As noted in the assessment, these improvements can be leveraged with the organizational commitment to digital as well as the strengths of a dedicated team. Transitioning to digital technology will also reduce the Region’s infrastructure and application upgrade costs and enable the Region to achieve the five themes identified in the Digital Strategy. i) Digital Vision & Strategy

The purpose of strategic planning is to set overall goals for the business and to develop a plan to achieve them. A clearly defined strategic approach includes a roadmap forward with prioritized projects, as well as key metrics to track progress and benefits to be achieved. One key metric is an estimated cost of the transition to the technology

4.2 - 2


- 3 -

platform which would ensure the financial analysis is available to make an informed investment planning decision. Gaps were identified in the strategic elements of the Digital Strategy, specifically:

A clearer understanding of the business challenges the Region is trying to solve and the opportunities sought by transitioning to digital;

Identification of the benefits and outcomes expected with the transition to digital; Cost analysis of the financial impact of the strategy in terms of investment and

future maintenance costs;

A clearer understanding of what the digitally enabled end state would look like; and,

A clear roadmap to achieve the desired end state.

Without including these strategic elements, there is a risk that the Region may not achieve the objective of transitioning the technological environment to the technology platform and reaching the goal of reducing the Region’s dependence on approximately 1,900 computer applications.

Management Response

The Director, Service Innovation, Information & Technology (SIIT) - Client Delivery will lead the work on the Digital Strategy to address the gaps identified in the assessment. The refresh of the digital strategy work is currently underway and a consultant has been retained to support the refresh, incorporating the business challenges, benefits and outcomes that the Region is expecting to gain. A roadmap to support the digital strategy will also be included. The expected date of completion is December 31, 2017.

ii) Digital Operating Model - Governance Structures, Roles, Processes and Tools

a. Governance

A Digital Operating Model is a representation of how the Region will deliver value to its internal and external clients, with digital technology. The Model requires a formal governance structure. The governance structure will enable systems and processes to help ensure the overall direction, effectiveness, supervision and accountability of the strategy. A formal governance framework should include:

Processes for evaluating and approving projects;

Program owners that are empowered to make strategic decisions;

Legal review of contracts through all stages of contract development;

Tools and processes to track demand and supply of resources and skills required;

A forum to escalate risks and issues; Defined roles and responsibilities, including those for managing and monitoring

licenses or vendor invoice review and approval; and,

Appropriate gating ”go, no-go” decisions on implementation projects at strategic points.

4.2 - 3


- 4 -

When program owners had limited input into the digital strategy it impacted the effectiveness of the achievements. Without a governance structure in place, there is the risk that limited program owner engagement and unclear roles and responsibilities will impact the success of the digital strategy implementation.

Management Response

The Director, SIIT will lead the work on the Digital Operating Model, which will include addressing the governance structure, roles, processes and tools. Best practices around governance models from comparable public sector organizations will be incorporated. The digital operating model will be included as part of the digital strategy refresh. The expected completion date is December 31, 2017.

b. Vendor Management

The Region has contracted with six third-party technology platform vendors to deliver on the Digital Strategy. It is imperative that the vendor relationship is managed in a strategic manner especially as more programs and services migrate to the technology platforms that the Region is now reliant on to provide services. Managing in a strategic manner involves creating a program that proactively monitors vendor relationships, risk, performance and value, which are key to vendor services. Currently there is no formal program to effectively manage technology platform vendor relationships. Without clear direction as to how to effectively manage vendor relationships, there may be a risk of increased costs, interrupted services to residents and internal clients, as well as security issues. Management Response

The Director, SIIT will work with the Purchasing division to develop and implement relationship management processes and the supporting tools for technology platform vendors, including a vendor performance scorecard. The Purchasing division is currently conducting a pilot of a vendor evaluation framework. Also, Purchasing is planning to procure a technology solution that will be used to manage vendor relationships. The Director, SIIT will also lead the work of managing vendors strategically and assigning an owner (from the departments or SIIT). The expected date of completion is February 28, 2018.

iii) Technology Selection Process

The Enterprise Architecture section within SIIT is responsible for the technology selection process. This section researches the digital software application that can most effectively achieve the current and future information and technology objectives. Enterprise Architecture’s process to choose a digital software application involved limited consultation with impacted program owners which resulted in some applications being purchased that did not fully meet business needs and created additional costs to achieve the desired functionality. Establishing working groups with SIIT, affected departments and strategic business partners would facilitate standardization of business processes

4.2 - 4


- 5 -

across the organization to help ensure the digital software applications meet the needs of all stakeholders. Management Response

The Director, SIIT will address the technology selection process through the work conducted on the Digital Strategy. The technology selection process will ensure detailed program requirements are gathered and paired with technology selection criteria to ensure that the Region maximizes the value from technology assets. Industry analysts will be consulted to ensure a robust framework is put in place. The expected date of completion is December 31, 2017.

iv) Project Management Methodology – Agile

The SIIT department introduced agile project management methodology to transition processes and services to the technology platform. This change involves a project management process that rolls out new technology in short sprints and is best suited to smaller program focused projects versus organization wide solutions. As this methodology is new, it represents significant change for the Region. Opportunities for improvement include:

Establishing criteria to determine if agile project management is the most suitable project management process for the proposed project;

Documenting agile project management processes;

Ensuring non-Service Innovation, Information & Technology team members, i.e. the program owner, are trained in agile project management;

Developing a change management strategy and approach; and,

Ensure sufficient time and resources are dedicated to project planning.

Without these changes, there is a risk that project outcomes may not be delivered as intended. Management Response

The SIIT Program Director will lead the work of developing project management, resource management and change management practices, processes, decision-making criteria and tools for agile project management practices. Selection criteria will be established to identify what project management methodology is appropriate for a given project. The expected date of completion is February 28, 2018.

v) Executive Reporting

A regular reporting protocol should be established to enable leaders to track and measure the progress on the digital strategy. Reporting should include: issues requiring decisions, outcomes achieved, an explanation of variances and next steps. Issues should be tracked to help ensure they are followed up to resolution.

4.2 - 5


- 6 -

Reporting on the digital strategy and project progress was not standardized and did not consistently contain the noted elements. Multiple formats were used to track progress. Without a standardized process to monitor, track and report on the digital strategy and the projects supporting the strategy, there is a risk to achieving the outcomes, value and benefits. Management Response

The Director, SIIT and the SIIT Program Director will address this observation through the work conducted on the Digital Strategy and project management, processes and tools. Microsoft project will be adopted as a project management and reporting tool that will be used to plan, monitor and report project issues, outcomes, variances and benefits. The proposed date of completion is February 28, 2018.

vi) Application Licensing – Procurement, Management and Oversight

a. Procurement

As part of moving to the digital strategy, the Region prefers to lease the digital software applications rather than purchase them. One of the benefits to the Region is that the digital software application lessor is responsible for the costs and programming of updates not the Region. The cost to the Region is primarily the annual cost of licenses for every user, whether it is for internal clients or residents. Licenses should be acquired based on needs. At least twice, the quantity of licenses procured exceeded the need or were procured prior to completion of the pilot. There is a risk the Region will incur costs for licenses that are not in use. Management Response The Director, SIIT will lead the development and implementation of processes to ensure that the purchase of application licenses matches the implementation schedule of that application. The expected date of completion is December 31, 2017. Staff are assessing the requirements for existing vendor application licenses with a view to mitigate costs associated with having unnecessary licenses.

b. Management

Roles and responsibilities for managing and monitoring digital software application licenses should be formalized and clearly communicated to stakeholders. The program owner should manage the assignment of licenses in collaboration with SIIT Client Delivery. There was limited collaboration with the program owner during the acquisition of the licenses. Information on the total costs, benefit realization and future costs was not always clearly communicated. There is a risk that the Region will incur costs for licenses not in use.

4.2 - 6


- 7 -

Management Response The Director, SIIT will lead the development and implementation of processes to ensure that application owners have control over the purchase and allocation of new licenses and the negotiation of license agreements, in collaboration with the SIIT department and that governance and roles and responsibilities for these functions are documented in a policy. The expected date of completion is December 31, 2017.

c. Oversight

On February 12, 2015, Council endorsed the Region of Peel’s Digital Strategy through the report of the Commissioner, Service Innovation, Information and Technology. In addition to endorsing the Digital Strategy, purchasing approval was sought and granted to continue with Salesforce, Open Text and Oracle as the customer relationship management, enterprise content management and data warehouse business intelligence platforms respectively. Further authority was granted to procure proprietary applications and/ or services that are built on the Salesforce customer relationship management platform within the approved budgeted amounts and in accordance with the Purchasing By-law 113-2013 which may include direct negotiation with Salesforce Application Partners.

Direct negotiation is a purchasing method that enables the Region to enter negotiations with a vendor through a non-competitive process. When direct negotiation is used as a means of purchasing for the purposes of the Digital Strategy, additional internal controls should be put in place to help ensure that the interests of the Region are protected. The oversight and monitoring of a governance board with business and technical knowledge is a control that may provide assurance of the Region’s interests.

Management Response In addition to the existing procurement controls in place, management will adopt a governance board where decisions regarding the procurement of information technology solutions will be reviewed and approved. The governance board will consist of both the Program area and SIIT members. The expected date of completion is June 30, 2018.

vii) Tangible Capital Asset Management Policy

The Tangible Capital Asset Management policy provides staff with direction for the accounting treatment of tangible capital assets including application licenses. Application license agreements are for a fixed term. The Tangible Capital Asset Management policy states that application licenses “that have a fixed term should not be capitalized as a tangible capital asset.” The present capital budgeting practice is to capitalize the license fees during the development phase and expense the fees once the application is operational. Capitalizing the costs for capital budget purposes is in conflict with the Tangible Capital Asset Management policy. A decision is required as to whether the licenses should be recorded as a capital expenditure or an operating expenditure. The Tangible Capital

4.2 - 7


- 8 -

Asset Management policy should be updated to include and provide direction on the accounting treatment of application licensing fees to mitigate the risk of inconsistent treatment and accounting errors. Management Response

The Director, Corporate Finance will update the Tangible Capital Asset Management policy to address the new technology platform computing environment and software application licenses. The expected date of completion is September 30, 2017.

CONCLUSION

Implementing a digital strategy provides opportunities to gain efficiencies and simplify the Region’s technology environment for the benefit of citizens in terms of service as well as value for money in technology investments. The digital strategy audit and assessment provides guidance on how to achieve these efficiencies while mitigating risk through additional governance controls and increased transparency. Management has developed action plans to address the audit observations noted. Internal Audit has reviewed these plans and is satisfied that the actions planned will address the risks identified. Internal Audit will follow-up on the status of the management action plans related to this audit and will report the status to the Audit and Risk Committee.

Michelle Morris, Director, Internal Audit Approved for Submission:

D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit, Ext. 4247, [email protected]. Authored By: Michelle Morris, CPA, CGA, FCCA, CIA, CRMA and Barb Morris, CIA, CPA, CMA, CFE

4.2 - 8

Presentation to Audit and Risk Committee

Michelle Morris, Director, Internal Audit and Shaifa Kanji, Director, Service Innovation & Information Technology – Client Delivery Region of Peel

Digital Strategy Audit and Assessment

4.2 - 9

Background

• February 12, 2015 Council approved the 3 year Digital Strategy 2015-2017

• Five Key Themes:

1. Excellent Customer Service 2. Improved and Secure Technology 3. Managing and Using the Information 4. Agile and Responsive Systems 5. Cost Effective Implementation

2

4.2 - 10

Background

• Adopts platform approach to technology • Reduce reliance on 1900 computer applications • Scheduled on 2016 Risk Based Audit work plan • Information Technology consultants were hired to

assist with the audit

3

4.2 - 11

Audit Objective and Scope

• Objective – to determine if there were adequate governance processes in place to ensure a successful digital strategy implementation

The Audit specifically looked at: • Vendor contract management to provide assurance

the terms and conditions protected the Region

4

4.2 - 12

Audit Objective and Scope

• The process to implement cloud software applications; including agile project management

• Reporting on the progress of the digital strategy to

provide assurance the information was timely, complete, open and transparent

5

4.2 - 13

Digital Strategy Assessment

• Accenture hired to complete an assessment of the Region’s implementation of the Digital Strategy

• Dave Telka, Neil D’Souza and team worked with Internal Audit, Senior Management, Service Innovation & Information Technology and Program Owners to complete the assessment

6

4.2 - 14

Region of Peel Digital Strategy Assessment - Executive Summary

Dave Telka, Managing Director – Public Service Digital Lead Neil D’Souza, Managing Director – Technology Strategy Lead

4.2 - 15

Copyright © 2017 Accenture & Region of Peel. All rights reserved. 8

Accenture’s mandate was to evaluate the Region’s approach to implementing its Digital Strategy, highlight key risks and provide recommendations to mitigate these risks across four key areas:

Region of Peel Digital Strategy Assessment

Digital Operating Model

Governance Structure and Contract Management for the Digital Strategy

Cloud Migration Suitability

Evaluation Criteria for Application Selection

Agile Project Management

Use of Agile Project Delivery Methodology

Executive Reporting

Reporting & Communication of Project & Program Status

Observations, Risks, Recommendations

4.2 - 16


Over the course of the 9 week Project, the team assessed the Region’s current practices in its Digital Transformation journey and developed recommendations leveraging Accenture’s best practice frameworks and Subject Matter Experts.

Project Approach

Developed recommendations based on best practices & proven frameworks

Reviewed 200+ documents, reports, contracts & communications

Conducted 48 interviews and observed staff meetings to understand current operations

Reviewed observations & risks with key stakeholders to confirm findings

4.2 - 17


During our assessment we identified opportunities for improvement across three key themes:

Executive Summary

2. BUSINESS ENGAGEMENT & ACCOUNTABILITY

1. DIGITAL STRATEGY AND PLANNING

3. GOVERNANCE, PROCESS AND CONTROLS

4.2 - 18


Key Findings: 1. DIGITAL STRATEGY AND PLANNING

Defined demand and supply management process to gain better visibility into future needs

Detailed analysis and tracking of the value and benefits of initiatives to maximize ROI on Digital

Strategic management of vendor partnerships to increase value to the Region

A clearly defined strategy, approach and future goals to set direction and plans

4.2 - 19


Key Findings: 2. BUSINESS ENGAGEMENT & ACCOUNTABILITY

Clarity on how initiatives support department priorities to align with key priorities and build consensus

Buy-in and sense of joint responsibility for initiatives to align organization towards common goals

Business engagement in technology selection to align with business needs

Enterprise wide responsibility for standardizing processes to successfully use common applications

4.2 - 20


Key Findings: 3. GOVERNANCE, PROCESS AND CONTROLS

An Agile Playbook with defined processes, roles and responsibilities to ensure consistent approach

Standardized tools, templates, metrics and reporting to measure progress and highlight risks

A business / technology governance framework to ratify key Digital decisions and mitigate risk

Evaluation of off-platform solutions with weighting of benefits to determine best options for the corporation

4.2 - 21


Top 3 Priority Areas to Build the Foundations for a Successful Digital Strategy

ESTABLISH A GOVERNANCE FRAMEWORK

BUILD THE WORKFORCE, SKILLS AND CULTURE TO

DELIVER DIGITAL SERVICES

COLLABORATE WITH STAKEHOLDERS TO

REDEFINE THE DIGITAL STRATEGY

• The governance frameworkfor the Digital Strategyshould:

‒ Include representationfrom both SIIT and departments to make strategic decisions and oversee program execution (E.g. investment decisions, prioritization of initiatives, business suitability of apps).

• Assess how Digital willimpact the workforce andhow the Region’s skills,organizational structure andculture will need to evolve.

• Ensure the organizationalstructure, governance andculture adapt to build anddeliver cross-departmentalprocesses and applications.

• Align identified needs withspecific initiatives andprioritize based on theRegion’s goals.

• Define metrics and goals toensure accountability andtrack progress.

• Review and update strategicroadmap annually based onprogress and changingneeds.

4.2 - 22

Audit Observations

Region of Peel Digital Strategy Audit

15

Application Licensing

• Procurement•Management•Oversight

Tangible Capital Asset Management

Policy

•Update

4.2 - 23

Audit Observations

Application Licensing • Procure application licenses based on need

• Manage licensing by defining roles andresponsibilities

• Enhance oversight by establishing a formaloversight process for procurement for the DigitalStrategy

16

4.2 - 24

Audit Observations

• Tangible Capital Asset Management Policy – updatethe policy to include technology platformapplication license agreements

17

4.2 - 25

Management Response Digital Vision & Strategy

18

The Director, SIIT Client Delivery, will develop a Digital Strategy for the organization that includes:

• The Digital Vision• The Digital Roadmap• Aligning investment planning to the Digital Strategy• The Digital Strategy Governance Framework

The target date for completion is December 31, 2017

4.2 - 26

Management Response Procurement and Vendor Management

19

The Director, SIIT Client Delivery, will work with the Purchasing division to develop and implement the following processes to support the Digital Strategy:

• Vendor contract management• Vendor relationship management

The target date for completion is February 28, 2018

4.2 - 27

Management Response Technology Selection Process

20

The Director, SIIT Client Delivery, will develop and implement enterprise architecture governance processes and practices that include: • Ensuring business engagement in technology selection • SIIT and the departments jointly assessing business

requirements for maximum corporate benefit • Enterprise-wide application standardization The target date for completion is December 31, 2017

4.2 - 28

Management Response Project Management Methodology - Agile

21

The Program Director, SIIT, will optimize the use of agile project management by developing and implementing processes, practices, decision-making criteria, playbooks and tools covering:

• The selection of the project delivery approach• Agile project management• Project planning• Agile change management• Project resource management


4.2 - 29

Management Response Executive Reporting

22

The Director, SIIT Client Delivery, and the Program Director, SIIT, will standardize executive progress reporting on the Digital Strategy through developing and implementing:

• A reporting strategy• An end to end project management tool• Standardized project management reporting


4.2 - 30

Management Response Application Licensing – Procurement and

Management

23

The Director, SIIT Client Delivery, will develop and implement processes to strengthen the procurement and management of licenses for software applications

The target date for completion is December 31, 2017

4.2 - 31

Management Response Application Licensing - Oversight

24

• Management will adopt a governance board wheredecisions regarding the procurement of informationtechnology solutions will be reviewed and approved

• The governance board will consist of both Program areaand Service Innovation & Information Technology members

The target date for completion is June 30, 2018

4.2 - 32

25

The Digital Strategy identifies: • A digital target state• Business challenges• Opportunities• Benefits• Outcomes• Initiatives• A prioritized and

sequenced roadmap

The Region of Peel’s Digital Strategy outlines our path forward to meet the needs of a digital world.

Digital Strategy Assessment Management Action Plan Overview

Leading In 4 years we will:

create a modernized workplace

modernize service delivery

Digital Strategy & Vision

Digital Operating Model

Enterprise Architecture Governance

Agile Project Management

Executive Reporting

August 2017

The operating model defines how we implement and ensure the principles of the Digital Strategy are maintained and advanced within the organization.

A governance framework with a formal mechanism for SIIT and the departments to jointly assess and determine solutions with the greatest benefit.

A reporting tool to communicate on the progress, risks & roadblocks regarding Digital Strategy projects.

Defined criteria for selecting a project management approach best suited for the solution and Project Management and Change Management Playbooks to guide project execution.

April 2017 – November 2017 April 2017 – February 2018

4.2 - 33

Management Response Cloud Computing – TCA Policy Update

26

The Director, Corporate Finance will update the Tangible Capital Asset Management policy to address the new technology platform computing environment and software application licenses

The target date for completion is September 30, 2017

Internal Audit has verified this management action plan has been completed

4.2 - 34

Next Steps

• Internal Audit is satisfied that the provided actionplans will address the observations in this report

• Internal Audit will follow-up and report on thestatus of management action plans

27

4.2 - 35

Thank You

Questions?

28

4.2 - 36



For Information


REPORT TITLE: CHILD CARE FEE SUBSIDY AUDIT

FROM: Michelle Morris, Director, Internal Audit

OBJECTIVE

To inform the Audit and Risk Committee of the results of the Child Care Fee Subsidy Audit.

REPORT HIGHLIGHTS

The Region of Peel (Region) has a contractual relationship with 165 licensed child careproviders. In 2016, families of 14,736 children were in receipt of fee subsidy.

The Early Years and Child Care Services division and support divisions haveimplemented effective controls in managing payments to service providers; however thereare opportunities for improvement that include:o Periodic review and validation of user access rights to protect privacy and data

integrity.o Reconciliation of fee subsidy overpayments and recoveries to help ensure balances

are accurate and up-to-date.o Monitoring and escalation of non-compliance with Purchase of Services Agreements

to inform future decision making.o Random audit of service providers’ attendance records to help ensure accurate

payment to service providers and accurate reporting to the Province.

Management has developed action plans to address the risk identified through the audit.

DISCUSSION

1. Background

The Revised 2016 Internal Audit Risk Based Work Plan included an audit of Child Care Fee Subsidy. This audit was included after it was identified as a higher risk area by management of the program.

The Region of Peel is designated as municipal service system manager for Early Years and Child Care system in Peel. As part of early learning and child care services, the Region has a contractual relationship with 165 providers to deliver licensed child care services to families requiring fee subsidy. In 2016 the total fee subsidies distributed were approximately $70.5 million. This funding supported 14,736 children to access licensed child care.

4.3 - 1

CHILD CARE SUBSIDY FEE AUDIT

- 2 -

Based on an integrated services delivery model in Human Services, three divisions within the Human Services Department manage the different aspects of the child care fee subsidy program:

The Early Years and Child Care Services division is responsible for distributing subsidies and other provincial funding and managing the contractual relationship with providers.

The Community Access division is responsible for the administration of child care fee subsidies. This team reviews and determines families’ eligibility and calculates fee subsidy amounts.

The Integrated Business Support division issues Purchase of Services Agreements; processes payments to providers, collects overpaid fee subsidies; and provides information and technology services.

The division’s mandate continues to change due to the addition of new provincial programs and initiatives, and as such, the Early Years and Child Care Services division is currently reviewing its existing structure. This will ensure that the structure is aligned with the outcomes. The intent of the review is to ensure the appropriate segregation of duties to strengthen internal controls, while continuing to focus on the delivery of efficient services.

2. Audit Objective

The objective of the audit was to assess if management has implemented effective controls to manage the following aspects of the Child Care Fee Subsidy program:

Processes for evaluating service providers’ applications and monitoring contractual performance of service providers.

Quality monitoring program for internal processes supporting child care fee subsidy payments.

The audit focused on child care fee subsidy related transactions from March 2016 to March 2017. This audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.

3. Audit Observations and Management Response

The Early Years and Child Care Services and support divisions have implemented effective controls over payments to service providers. Effective controls in place include regular review and enhancement of the Purchase of Services Agreement and Service Providers’ Handbook. Additionally staff visits providers to provide consultation and support.

Opportunities for improvement to strengthen two areas of oversight of the program include:

4.3 - 2


- 3 -

a) Increase Oversight of Services Provided by Internal Support Divisions

As Service System Manager, the Region’s Early Years and Child Care Services division is responsible for overseeing and supporting the licensed child care system and has a responsibility to ensure the services provided by internal support divisions meet the needs of the program. This includes having a process in place to monitor the quality of services provided by the Community Access and Integrated Business Support divisions. Specifically, there is a need to:

Review and Validate User Access Rights

System access controls serve as a safeguarding measure to protect data and private information. Access for staff that have changed or left positions should be updated accordingly and in a timely manner. User access rights should be granted based on position requirements. There is a need to develop a process to review and validate user access rights to the system. When there is no process in place to review user access rights, there is a risk that staff may have access to information not required in their job scope and can subsequently lead to non-compliance with privacy legislation. Management Response Management will develop a process to review roles and responsibilities of staff with regards to user access rights to system. User access rights will be documented and reviewed regularly. This action plan is expected to be completed by December 2017.

Review and Reconcile Overpaid Fee Subsidies

Fee subsidy overpayment can occur when the eligibility of a family changes without informing the Region. This can include a change in family composition or family relocation during the year. There is a need to regularly review and reconcile the outstanding overpayment balances to help ensure that the balances are accurate and up-to-date. Management Response Management will develop a process to regularly review overpayment balances to ensure records are up-to date and accurate. This action plan is expected to be completed by December 2017. Further, as part of the work to review the structure of the Early Years and Child Care Services division to ensure appropriate segregation of duties and efficient service delivery, current policies and processes, including those involving the internal support divisions, will be reviewed and updated accordingly. All changes to policies and processes are expected to be rolled out to staff by March 2019.

4.3 - 3


- 4 -

b) Enhance Oversight of Licensed Child Care Providers

The Region has a contractual relationship with 165 providers to deliver licensed child care to families in receipt of fee subsidy. As part of this relationship, the Region has a responsibility to ensure that the providers meet the Region’s expectations as outlined in the Purchase of Services Agreement. As a result, there is a need to:

Monitor and Escalate Non-Compliance with Purchase of Services Agreements The Purchase of Services Agreements hold providers accountable for delivering child care services in the way that meets the expectations of the Region. There should be a process in place to help ensure providers conform to the terms of their Purchase of Services Agreements and issues of non-compliance are monitored and escalated to inform future funding decisions. There is no formal process in place to monitor non-compliance with the requirements of the Purchase of Services Agreements. Without a monitoring process in place, there is a risk providers may not offer inclusive services, which may leave children with special needs and low income families without affordable and inclusive child care spaces. Management Response

Management will update the Purchase of Services Agreement to include specific terms for compliance and to verify participation in Peel Inclusion Resource Services, continuous quality enhancement and the inclusion of children in receipt of fee subsidy. Providers will also be required to sign a letter of compliance every two years verifying fulfillment of these requirements. A formal public complaint process will be developed so non-compliant issues can be reported consistently. This action plan will be completed by June 2018.

Random Audit of Licensed Child Care Provider Attendance Records

Random audit of providers’ onsite attendance records serves as a control to assist with accurate fee subsidy payment to providers. It also encourages providers to submit accurate information and supports accurate reporting to the Province. Random audits of onsite attendance records were suspended in 2016. Management has indicated as a result of resources and workload pressures related to new provincial initiatives such as Wage Enhancement and prioritization of the rate increase process, the onsite attendance audits were suspended. When this control is absent, there is a risk that payments to providers may not accurately reflect the service provided, which could subsequently impact the reporting to the Province. Management Response

Management will develop and implement a process to conduct regular audit of randomly selected providers’ on-site attendance records. The action plan is expected to be completed by June 2018.

4.3 - 4


- 5 -

CONCLUSION

The Early Years and Child Care Services division and support divisions have implemented effective controls to manage payments to service providers. There is a need to strengthen oversight of both internal support divisions and provider compliance to help ensure the program objectives and requirements are achieved. Management has developed action plans to address the audit observations noted in this report. Internal Audit has reviewed the action plans and feels comfortable they will address the risks noted during the audit. Internal Audit will follow up on the status of management action plan implementation and report back to the Audit and Risk Committee as part of the annual follow up process in spring 2018.

Michelle Morris, Director, Internal Audit Approved for Submission:

D. Szwarc, Chief Administrative Officer For further information regarding this report, please contact Michelle Morris, Director, Internal Audit. Ext. 4247, [email protected] Authored By: Jennifer Weinman, CPA, CA, CIA, CRMA, Lynn Guo MBA, CMA (US), CIA

4.3 - 5

Suzanne Finn Director, Early Years and Child Care Services

Lynn Guo Senior Internal Auditor

Child Care Fee Subsidy Audit

4.3 - 6

Background

• 2016 statistics: – The Region has a contract relationship with 165

service providers – $70.5 million were distributed as fee subsidies – 14,736 children were helped to access child care

services

2

4.3 - 7

Background

Three divisions manage different aspects of the child care fee subsidy program:

– Early Years and Child Care Services Division is accountable for the oversight and delivery of the program.

– Community Access Division is responsible for the administration of fee subsidies.

– Integrated Business Support Division processes payments, collects overpayment and provides technology support.

3

4.3 - 8

Audit Objectives and Scope

To assess if management has implemented effective controls to manage the following aspects of the Child Care Fee Subsidy program: • Processes of evaluating service providers’ applications

and monitoring contractual performance • Quality monitoring program for internal processes

supporting child care fee subsidy payments

The audit focused on related transactions from March 2016 to March 2017.

4

4.3 - 9

Audit Observations

• Management has implemented effective controls in managing payments to service providers

• Opportunities for improvement include: – Enhance oversight of services provided by internal

support divisions – Enhance oversight of licensed child care providers

5

4.3 - 10

Observations

• Oversight of services provided by internal support divisions specifically includes: – Periodic review and validation of user access rights

to system to protect data integrity and private information

– Review and reconciliation of overpayments and recoveries to help ensure the balances are accurate and up-to-date

6

4.3 - 11

Observations

• Oversight of licensed child care providers includes: – Monitoring and escalation of non-compliance with

the Purchase of Service Agreements – Random audit of licensed child care provider

attendance records to help ensure accurate payments and Provincial reporting

7

4.3 - 12

Management Action Plans

Enhance Oversight of Internal Support Divisions Improvement Opportunity

Action Plan Date

Quarterly meetings with internal support divisions will be set up

The user access rights process will be improved to move from individual task towards role based security.

Q4 2017

Cleanup of OCCMS user access rights will be conducted. Maintenance will be conducted twice a year.

Q4 2017


Q4 2017

Reconciliation of Fee subsidy Overpayments

Overpayment balances will be reviewed to ensure that they are accurate

Q4 2017

Reconciliation will be conducted. Maintenance will be conducted twice a year.

Q4 2017


Q4 2017

8

4.3 - 13

Management Action Plans

Enhance Oversight of Licensed Child Care Providers Improvement Opportunity

Action Plan Date

Monitoring and escalating non-compliance

The Purchase of Services Agreement will be strengthened to ensure the inclusion of children in receipt of fee subsidy, participation on Peel Inclusion Resource Services, and participation in a quality enhancement initiative.

Q1 2018

Every two years, licensed child care providers will be required to sign a letter of compliance

Q1 2018

A formal public complaint process is being developed to allow consistent non-compliance reporting

Q2 2018

Random Audit of Attendance Records

Regular audit of attendance records will be resumed Q2 2018

9

4.3 - 14

Conclusion

• Internal Audit has reviewed the management action plans and is satisfied they address the risk identified

• Internal Audit will follow up and report back to the Audit and Risk Committee on the status of management action plans

10

4.3 - 15

Thank you!

11

4.3 - 16



For Information


REPORT TITLE: VENDOR PERFORMANCE MANAGEMENT UPDATE

FROM: Stephen VanOfwegen, Commissioner of Finance and Chief Financial

Officer

OBJECTIVE

To update the Audit and Risk Committee on the work being undertaken as part of the Vendor Performance Management Project including the expected benefits, next steps for the program and the new Consultant Performance Evaluation tool and procedures.

REPORT HIGHLIGHTS

The Region has established a Vendor Performance Management Framework to enhance vendor performance and deliver value for money through the Region’s procurement

In addition to enhancing its established Contractor Performance Evaluation process, the Region expanded the Vendor Performance Management Framework to include engineering and professional services contracts on June 30, 2017

Vendor performance management will continue to evolve to include other Regional procurement to ensure the Region continues to receive value for the procurement of goods and services

DISCUSSION

1. Background

Transparent and accountable public sector procurement is one of the ways that trust and confidence in the stewardship of public funds is maintained. The Region, Peel Regional Police and Peel Housing Corporation procure a variety of goods and services to support the delivery of programs to residents and businesses. The Corporation’s procurement spending, approximately $401 million in awarded contracts in 2016 (see Appendix I), has reinforced the importance of sound procurement strategy, policies and procedures. An integral part of that procurement strategy is ensuring that the Corporation receives good value for the services it procures.

The outcome of this work is to develop an enterprise Vendor Performance Management Framework (Framework) that enhances vendor performance and delivers value for money to support evidence-based decision making for the Corporation. This Framework supports the

4.4 - 1

VENDOR PERFORMANCE MANAGEMENT UPDATE

- 2 -

management action plan arising from the April 2014 Audit Report, “Review of Engineering Consultant Contract Extensions”.

Benefits expected as a result of implementing the Framework are as follows:

• Clear expectations for staff and vendor are set, including a pre-established schedule of when evaluations will be completed

• Recognition of strong vendor performance • Reduced risk of contracts being awarded to poorly performing vendors • Streamlined decision-making process • Enhanced language in our procurement documents to better manage scope and

specifications • Reduced subjectivity (through standardized evaluation criteria) in evaluation process

to ensure consistency • Ability to monitor, analyze, and report on Peel’s procurement, and vendor

performance

The Framework will include creating, formalizing, and enhancing processes, procedures, policies, performance measures, decision tools, communication plans, segmentation of vendors, reporting and sharing of data, change management, roles & responsibilities, and dispute resolution with escalation process. The development of the framework is anticipated to be completed in Q1 2018.

2. Current Situation

a) Phase I of vendor performance management included revisions to the Region’s long standing contractor evaluation process. The new contractor evaluation process was launched in 2015 for Public Works and Real Property Asset Management (RPAM) construction projects in 2016. This enhanced process allows Project Managers to rate a Contractor’s performance at regular intervals throughout the lifecycle of a project, as well as providing a final evaluation at project completion.

The total value of all Public Works and RPAM construction projects awarded in 2016 was approximately $231 million (or 58 per cent of newly awarded contracts). While most awarded contractors complete those projects in a satisfactory manner, the Contractor Evaluation (Appendix III) process assists in identifying the few projects for which vendor performance was less than satisfactory. These vendor assessments result in limits being placed on the affected contractor’s eligibility to be awarded future contracts until the conditions of their limited bid eligibility are met.

b) Phase II, the development of a formal consultant evaluation process (Appendix II), commenced as a result of an internal audit in 2014 which revealed that Peel is effectively managing its professional services providers but it was suggested in an action plan that Regional staff regularly report back to Council on the performance of these professional service providers. The Region spends approximately $62 million annually on professional engineering services.

The Region has taken lessons learned from its Contractor Evaluation process and applied this knowledge to the new Consultant Performance Evaluation program. In order to foster buy-in from the consultant community, the Consulting Engineers of

4.4 - 2


- 3 -

Ontario (C.E.O), an organization representing the interests of over 200 Ontario engineering consulting firms, were engaged from the outset as this unique evaluation tool and procedures were developed. The ultimate goal of both the Region and the C.E.O. through this Procedure are similar; to recognize good consultant performance and to provide timely and accurate feedback to consulting firms based on the expectations set out in the Region’s applicable Request For Proposal documents and established at project commencement.

The Consultant Performance Evaluation program was launched on June 30, 2017. Prior to the launch, two information sessions for engineering and professional services firms were held to inform them of the new process and address any concerns or questions they may have had.

Similar to the contractor evaluation process, professional services firms are rated on their performance through the entire life cycle of each project, in addition to the final evaluation at project completion.

At the conclusion of a project, professional services firms may receive one of four final evaluation ratings: Satisfactory (can bid and be awarded new projects with no restrictions), Probation (certain restrictions on bid/award of projects), Suspension (restricted from bidding applicable Peel work for a period of one year), and “Exceeds”.

An “Exceeds” final rating is applied to a firm’s contract performance in cases where they have consistently exceeded Regional expectations on a contract. Firms obtaining an “Exceeds” rating will have their company names published on the Region’s external website.

A firm may appeal their final evaluation score to a committee of Peel staff that were not directly involved in the initial evaluation.

There are currently no firms under suspension as a result of being subject to the Contractor or Consultant Performance Evaluation process.

As the Framework continues to roll out across the organization and performance data is accumulated over time, this data will assist program staff in validating the use of an invitational bidders list for certain procurements.

3. Proposed Direction – Future Phases

Over the next few months, staff will be completing the rollout of the Consultant Performance Evaluation process and implementing processes for monitoring and tracking the completion of vendor performance evaluations. It is anticipated that in the future, this Evaluation Procedure will also be applied to appropriate projects throughout all departments.

For phase III, staff have initiated the development of a Vendor Performance Management Evaluation process to support the management action plan on Vendor Management as detailed in the Digital Strategy Audit and Assessment Report. Finally, phase IV will focus on the development of a formal evaluation process for Facility/Operational Management-type contracts.

4.4 - 3


- 4 -

Maintaining vendor and public trust in the vendor management program will be enhanced through the development of regular public reporting.

CONCLUSION

Staff have developed a comprehensive and effective procedure to monitor and document vendor performance on construction and professional services in Public Works and RPAM. The vendor performance management program will continue to evolve to include other Regional procurement to ensure Peel continues to receive value throughout the lifecycle of its procurement of goods and services.

Stephen VanOfwegen, Commissioner of Finance and Chief Financial Officer

Approved for Submission:

D. Szwarc, Chief Administrative Officer APPENDICES

Appendix I - 2016 Total Awarded Contracts, Contractor Services, and Consultant Services Appendix II - Sample Consultant Evaluation Form Appendix III - Sample Contractor Evaluation Form For further information regarding this report, please contact Neil Baker, Purchasing Advisor, Finance, extension 4551, [email protected] Authored By: Neil Baker, Purchasing Advisor, Finance

4.4 - 4

APPENDIX I VENDOR PERFORMANCE MANAGEMENT UPDATE

2016 Total Awarded Contracts, Contractor Services, and Consultant Services

2016 Year End Procurement Value

The Region awarded 577 new contracts in 2016, valued at $401,494,103.34 (including Peel Housing

Corporation and Peel Regional Police)

Note - This number includes all awarded contracts over $10,000. It does not reflect the total procurement

activity for 2016 that includes PCard amounts, Express Purchase Orders (EPOs), amendments or optional

term Purchase Orders.

Department Totals Based on 2016 Contract Awards

Department Awards Contracts

Corporate Services $8,233,049.22 88

Executive Office $249,000.00 1

Finance $5,321,940.00 10

Health Services $38,837,324.64 50

Human Services (ROP) $21,446,070.12 22

Human Services (PHC) $15,250,763.40 46

Police $15,569,258.72 82

Public Works $290,339,603.08 248

SIIT $6,247,094.16 30

Total $401,494,103.34 577

Contract Award Value for Contractor Services by Department/Division (2016)

Department Division RPAM Client Award Value Contracts

Corporate Services

RPAM $2,349,274.31 6

Health Services $24,457,348.34 13

Human Services, Housing $90,718.00 1

Peel Living $8,635,629.76 17

PW-Operations Support, Facilities $789,000.00 1

SIIT $1,487,458.00 4

Corporate Services Total $37,809,428.41 42

Public Works

Operations Support

$284,267.50 1

Transportation $69,148,817.38 19

Wastewater $36,428,195.64 15

Water $87,471,580.36 46

Public Works Total $193,332,860.88 81

Grand Total $231,142,289.29 123

4.4 - 5

APPENDIX I VENDOR PERFORMANCE MANAGEMENT UPDATE

Contract Award Value for Consultant Services by Department/Division (2016)

Department Division RPAM Client Award Value Count

Corporate Services

RPAM $769,858.00 8

Health Services $99,125.00 3

Human Services, Housing $1,146,500.00 6

PW-Operations Support, Facilities

$55,556.00 2

Corporate Services Total: $ 2,071,039.00 19

Public Works

Development Services $18,655.00 1

Operations Support $679,000.00 1

Transportation $17,720,309.86 30

Waste Management $5,599,405.34 9

Wastewater $12,711,937.95 11

Water $22,994,569.68 32

Water & Wastewater $124,720.75 2

Public Works Total: $59,848,598.58 86

Grand Total $61,919,637.58 105

4.4 - 6

Evaluation ID:Consultant:

Iteration:

Consulting Type:Division:

Item Score Evaluation RemarksValue Add

Specific to Contract:






Sample Consultant Evaluation Form

5

Qualified inspectors available during construction phase6

Consulting Performance EvaluationInstructions: Please select the dropdown to award the appropriate score for each item in the Score column. The total is calculated and the percentage and ranking is displayed on the last page of this evaluation.

For Value Add: Any Item can be granted an additional point up to a maximum of 3 points per evaluation.

Assignment End Date:Contract Start Date:

Document Number:

Department:

3

4

Produced quality tender package (documents, specifications, drawings, and quality) that comply with Region ofPeel standards or required minimal revisions to bring them into compliance

Criteria

Overall Project Management (25%)

Site visits were conducted appropriately and proactively. Any issues observed during visits were resolved

Schedule timelines were managed well to ensure deliverables were completed according to schedule and issuemanagement was timely. Potential delays were identified early

Resources proposed in RFP were available or were replaced with a suitable alternative. An effort was made tominimize resource replacements

1

2

Design support available during project phase

Note: >> For Evaluation Remarks: Always = 100 % of the mark; Usually = 66% of the mark; Sometimes = 33% of the mark; Rarely or Never = 0% of the mark

Project Manager:

Project Number:

Description (as per document):

Evaluation Date:Assignment Size

Phase:

APPENDIX II VENDOR PERFORMANCE MANAGEMENT UPDATE 4.4 - 7


Criteria









7

8

14

Vendor Comments for Overall Project Management Category:

Communications and Cooperation (10%)Conducted effective meetings and meeting minutes including documentation was completed as per requirementsand schedule timelines

Co-ordination strategies were efficient and effective with all stakeholders

Proper QA/QC and knowledge of Regional standards and procedures avoided excess use of Regional resources

Maintained professional and cooperative relationships with all stakeholders (sub consultants, operations and thirdparties) and was accessible and responsive to questions and requests for information

Demonstrated professional conduct with the public during consultations and communications

Maintained detailed and accurate site notes, documentation and files

9

10

11

12

13

Consultant scope changes were valid, accurately documented and were brought to Region's attention in a timelymanner

Ensured safety requirements were met on site

Vendor Comments for Communications and Cooperation Category:



Criteria








15

16

17Traffic management plans and studies were effective and complied with the most current traffic regulations

Efficient and effective Commissioning and Training plans provided a smooth transition to Operations

Drawings (including record drawings) were provided to the Region according to scheduled timelines

Utility identification (including conflict), relocations were assessed and completed according to schedule

20

21

Property acquisition process was followed and documentation/drawings were provided and met Regionalstandards

Planning and Scheduling (18%)

Studies and reports were accurate and complete for project phase and schedule

Permits and approvals obtained in timely manner to accomplish scheduled activities and to avoid project delays19

18

Vendor Comments for Planning and Scheduling Category:



Criteria










Deliverables displayed the level of quality required

28

24

26

29

30

Maintained professional and ethical conduct throughout assignment

Ensured construction complies with approved design

Worked with quality sub-consultants and third parties and appropriately co-ordinated project tasks with theseparties

Quality of work displayed comprehensive knowledge of Regional standards

22

23

27

25

Minimal Contract changes during project phase as a result of producing accurate and quality drawings andspecifications

Compliance to Regional CAD design standards with minimal resubmissions

Value engineering demonstrated through constructability in design, life cycle costing, time savings, etc. and/orbased on value engineering requested.

Produced complete reports (including design reports, deficiency lists and Warranty items) and studies on agreedupon schedule and as per project requirements

Quality of Work (30%)

Vendor Comments for Quality of Work Category:



Criteria








Specific to Contract:38

33

34

37

36

35

32

31Budgets and costs managed to successfully accomplish project outcomes

Construction and long-term operation and maintenance costs were considered through effective and efficient lifecycle costing to provide the best value for the solution

Project and Financial Administration (12%)

Ensured site met environmental compliance and was maintained as per Regional and other agency and governingauthority requirements

Project invoices, including resource invoices, submitted to the Region were accurate and as per scheduled timelines

Risk and Issue Management (5%)Early identification of issues critical to completion of the project

Accountability and responsibility accepted for work produced and tasks assigned

Resolved issues efficiently and effectively, determining causes and identifying solutions with minimal long termimpacts to the Region

Ensured scope changes for contractors/sub consultants or additional work for existing consultants included properbackup documents and appropriate extension of time required as part of change

Vendor Comments for Risk and Issue Management Category:

Vendor Comments for Project and Financial Administration Category:



Criteria

Date:

Date:

Legend: Consultant Rating

Exceeds = 86% - 100%Satisfactory = 70% - 85%Probation = 60% - 69%Suspension = 59% and under

Approval Required

Region's Project Manager Name:

Region's Project Manager Signature:

TOTAL PERCENTAGE

Comments:Maximum Points Available Points Earned

Contractor Rating

Approval Name:

Approval Signature:


FinalItem Weight Score Evaluation Guide Comments

5 0.0

1 2 0.0

2 3 0.0

13 0.0

3 3 0.0

4 3 0.0

5 4 0.0

6 3 0.0

31 0.0

7 3 0.0

8 3 0.0

9 2 0.0

10 2 0.0

11 3 0.0

Sample Contractor Evaluation Form

Evaluation Type:Contract Start Date:

Document Number:

Description (as per document):

Contractor Performance Evaluation

Substantial Performance Date:

Contractor Name:Division:

Workmanship (31%)Did the Contractor comply with all permit requirements and agreements (e.g. RoadOccupancy, MTO Encroachment, etc)?

Did the Contractor cause any damage to existing facilities, properties (City, Regionor private), sites, etc?Did the Contractor comply with the allowable working hours as specified in theContract or as approved by the Agency?Was the equipment utilized by the Contractor for the completion of the workappropriate for the required work?

Did the Contractor provide timely notification to appropriate stakeholders, asrequired (e.g. all Peel Operations, residents, etc)?

Criteria

Did the Contractor meet the project milestones by the contractually obligated date orany other agreed-upon dates?

Did the Contractor submit the required shop drawings and submittals on-time and inthe proper formats (e.g. mix designs, commissioning plan, etc.)?

Did the Contractor maintain comprehensive schedule updates and provide updates asrequired?

Project Management (13%)

Did the Contractor install and maintain all environmental measures as per Contractand Permit requirements (e.g. Conservation Authority, PTTW, MNR, MOE, etc.),and mitigate all identified environmental site issues in a timely manner?

Did the project commence by the contractually obligated date or Regionagreed/revised start date?Was an acceptable baseline schedule (inclusive of key tasks, activities, subs, etc.)provided at the pre-construction meeting (or within the agreed upon timeframe)?

Project Commencement (5%)

APPENDIX IIIVENDOR PERFORMANCE MANAGEMENT UPDATE

4.4 - 13

12 3 0.0

13 3 0.0

14 3 0.0

15 3 0.0

16 3 0.0

17 3 0.0

21 0.0

18 3 0.0

19 2 0.0

20 1 0.0

21 1 0.0

22 1 0.0

23 2 0.0

24 2 0.0

25 3 0.0

26 2 0.0

27 2 0.0

28 2 0.0

Did the Contractor keep the site (and access roads) reasonably clean and organizedthroughout the duration of the project?

Did the materials (including equipment to be installed) supplied by the Contractormeet the Contract specifications?Did the Contractor stage the work in an appropriate manner to achieve the Contractrequirements?

Safety (21%)

Did the Contractor consistently follow the submitted Traffic Control Plan (asamended throughout Contract) which was inclusive of OTM Book 7 TemporaryConditions? Did the Contractor submit a acceptable Safety Plan in a timely manner prior tocommencement and keep a copy on-site for the Contract duration?

Did the Contractor keep these notices in an accessible location on site; OH&SA,Construction Regs, Nearest MOL office, First Aid Regs, WSIB Poster (Form 82),H&S Policy, MSDS, Emergency Procedures, etc.?

Did the Contractor obtain up to date locates for all utilities and were they kept up todate throughout project duration, while adhering to all locate conditions?

Did the Contractor resolve deficiencies identified during construction in a timelymanner and to the satisfaction of the Agency?

Did the Contractor supply appropriate staff for the required work and / or did thestaff have the appropriate skills, training and licenses required? Did the Contractor effectively coordinate with other Contractors, Consultants, Sub-Contractors and Suppliers as applicable?

Did the Contractor pass the minimum testing requirements (e.g. pressure testing,leakage test, FAT, SAT, Compaction, Material Testing, etc.)?

Did the Contractor maintain, as required, clear emergency Routes and control publicaccess?As required, did the Contractor deal with incidents / accidents to the General Publicand report to the Region in a timely manner?Did the Contractor comply with any stop work orders issued by the Region, MOL,TSSA, other Agencies?

Did all Contractor and sub-contractor staff wear the required PPE at all times?

Did the Contractor take immediate Action to rectify safety issues?

Did the Contractor keep the NOP and Form 1000 for each sub-contractor in anaccessible location on site?


4.4 - 14

16 0.0

29 3 0.0

30 3 0.0

31 2 0.0

32 3 0.0

33 2 0.0

34 3 0.0

6 0.0

35 3 0.0

36 3 0.0

8 0.0

37 4 0.0

38 4 0.0

Project Completion (8%)

Did the Contractor have the appropriate authority on site to make decisions andprovide continuous on-site supervison to workers?

Did the Contractor submit on schedule complete Operations and MaintenanceManuals as well as accurate and / or complete record documents and drawings?Did the Contractor meet the Substantial Performance by the contractually obligateddate or revised agreed-upon date?

Contract Management and Supervision (16%)

Did the Contractor submit an unjustifiable number of invalid change order requests?

Did the Contractor submit reasonable and competitive quotations for extra work, in atimely manner?Did the Contractor follow the contractual claims procedure?

Did the Contractor submit payment requests accurately which were inclusive ofWSIB and Statutory declaration for each invoice submitted?

Client and Public Relations (6%)Did the Contractor respond appropriately to service delivery issues (complaints,inquiries, third party claims, etc.)?Was the Contractor fair and did they conduct themselves with common courtesy andappropriate business manner when dealing with the Public, Agency staff /representatives, and own employees (including; properly identifing themselves to thePublic and Agency staff as required)?

Did the Contractor comply with any written notices by the Agency in a timelymanner (e.g. site instructions, change directives, etc.)?


4.4 - 15

0.00%

V 2017 05 15

Approval Name:

Approval Signature:

TOTAL PERCENTAGE Contractor RatingApproval Required

Region's Project Manager Name:

Region's Project Manager Signature:

Date:

Date:

Comments:

Please send all signed Final Evaluations to zzg-ContractorEvaluations


4.4 - 16

mailto:[email protected]?subject=Final%20Contractor%20Evaluation

Vendor Performance Management (VPM) Audit and Risk Committee

October 5, 2017

Presented By: Natasha Rajani Director, Procurement

4.4 - 17

Phase II – Consultant Evaluation Process • The program was launched on June 30, 2017 • Development of vendor evaluation tool • Formalized an appeals process for vendors

Phase II – Consultant Evaluation Process • The program was launched on June 30, 2017 • Development of vendor evaluation tool • Formalized an appeals process for vendors

Phase I – Contractor Evaluation Process • Revised contractor evaluation process: 2015 Public Works and 2016 RPAM • Updated the Region’s long standing contactor evaluation process

Phase I – Contractor Evaluation Process • Revised contractor evaluation process: 2015 Public Works and 2016 RPAM • Updated the Region’s long standing contactor evaluation process

Current Situation

4.4 - 18

Vendor Evaluation Tool Benefits of this Change • Enhanced Transparency • Creates Consistency • Clear Evaluation • Limits Subjectivity

4.4 - 19

Vendor Evaluation Rating

4

• Final rating is where a firm has consistently exceeded Regional expectations on a contract

• Vendors obtaining an “Exceeds” rating will have their company names published on the Region’s external website.

Exceeds (New)

• Can bid and be awarded new projects with no restrictions

Satisfactory

• Certain restrictions on bid/award of projects

Probation

• Restricted from bidding applicable Peel work for a period of one year

Suspension

4.4 - 20

Rationale for Change

$231.1

$61.9

$6.2

$102.3

Value of 2016 Newly Awarded Contracts ($401M)

Phase I - Contractors

Phase II - Consultant

Phase III - SIIT

Phase IV - Other

123

105

30

319

Number of 2016 Newly Awarded Contracts (577)

Phase I - Contractors

Phase II - Consultant

Phase III - SIIT

Phase IV - Other

• Ensure the Region receives good value for the services it procures • Working with our vendors to improve outcomes • Enhanced transparency promotes trust and confidence • Support evidence-based decision making

4.4 - 21

Region Vendor

Reduce risk of contract being

awarded to poorly performance

vendors

Consistent enterprise

approach to vendor

performance

Project and service outcomes meeting intended

requirements

Clear and transparent

process

Recognition of strong vendor

performance

Preferred Vendor of

Record opportunities

Outcome and Benefits

Vendor Partnership

The outcome is to enhance vendor performance, deliver value for money, and support evidence-based decision making for the Corporation.

Enhanced quality

product or service

(scoping)

4.4 - 22

Program shall help feed Emergency work in the future

Program shall determine which vendors get invitational work

Privileges to bid on as many contracts as the vendors would like (to the limit of the their capacity)

Good vendors do not have to bid against “poor performers”

Incentives for Vendors

4.4 - 23

Future Phases

Phase IV - Planning and implementation for Operational Maintenance contracts (Q4 2018)

Phase III – Planning and implementation for SIIT contracts (Q2 2018) in progress

Finalize operational processes and technology review (Q1 2018) in progress

Phase II – Consultant Evaluation launched (July 2017) complete

Phase I - Contractor Evaluation launched (2015 – PW and 2016 RPAM) complete

Low Level of Maturity

Medium Level of Maturity

4.4 - 24

Date post:	27-May-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times