Table 1(b) - Knowledge of business questions for an audit of efficiency focused on application processes
Note: Additions to the questions and risks in the Practice Guide are shown in italics.
Potential Risks to Efficiency
Knowledge of Business Questions
- The verification strategy (for information included on applications and submission of additional information) is not based on a thorough analysis of risk and the criteria as defined in legislation and policy.
- Opportunities for shared services have not been explored.
- Senior management challenge of the status quo is not sufficiently rigorous.
- Is there a high-level strategy setting out the approach to risk assessment, when and how information on the application should be verified, and when it is appropriate to have the applicant submit additional information?
- Does program management have information on the number of applications where information has been found to be incorrect, incomplete, or fraudulent? (Such information may help auditors understand the level of risk associated with the application process.)
- Is the error rate on applications consistent with a defined risk tolerance?
- How does the strategic plan reflect the importance that the organization is placing on efficiency? Does the plan reflect specific, strategic efficiency initiatives in key areas such as shared services, human resources, procurement, asset management, IT systems, and business process redesign?
- Has the organization assessed the risks and potential consequences of inefficient operations?
- Has the organization assessed the feasibility of switching to less costly methods, including shared services (particularly with other application-processing functions in government), rationalizing the range of goods or services provided, and restructuring the organization, where appropriate, to function more efficiently?
- To what extent does the government promote shared services among similar functions? Does it have service or access centres (for example, does it follow the Service Canada model), common call centres, or shared IT systems for common functions? Do staff process applications for multiple programs?
- How often do licences need to be renewed? How often do applicants apply for the program? Is the renewal period set out in legislation or policy? Is it based on risk analysis? (Note that the frequency of renewal or reapplication will have a major impact on program efficiency.)