Key Process Areas - Level 2

Organization Control Environment
Internal Controls Management
Data Management
General Accounting
Stewardship Reporting
Planning and Budgeting
Funding
Operations Control

Organization Control Environment

PURPOSE	The purpose of the Organization Control Environment KPA is to establish within an organization a climate or culture that will help it to achieve its control objectives. This would include, for example, a set of guiding principles according to which the organization conducts its affairs.
	A supportive climate consists of such things as a shared common understanding of, and commitment to, the control objectives established for the organization.
OCE-GO-1	To develop a senior management team that is responsible and accountable for promoting standards, ethics and integrity, and for establishing a culture throughout the organization that emphasizes the importance of the organization's control framework.
OCE-AC-1	Senior management defines and communicates clearly and precisely the organization's core values and its expectations.
OCE-AC-2	Senior management demonstrates and promotes high standards for ethics, values and integrity.
	Senior management is the role model for an organization's values and beliefs.
	Senior management demonstrates to its employees, customers, suppliers, and other key stakeholders that the organization's ethics are soundly managed and that the organization is trustworthy.
	Senior management demonstrates its commitment to integrity.
OCE-AC-3	Senior management establishes a control framework that enables it to determine whether objectives are being met.
	Establishing the framework typically includes:
	determining the approach to achieving control (e.g., through guiding principles or rules);
	setting the tone for the control environment in terms of co-operation and responsibility; and
	appealing to the good judgement, good will and reputation of the organization and its employees.
OCE-AC-4	Senior management endorses and conveys its support for the control framework.
	Management clearly states the organization's commitment to ethical conduct on the part of its managers and employees.
OCE-AC-5	Senior management supports these statements by ensuring that managers and employees act in an ethical way.
	Explicit components of the framework include a code of ethics, policy manuals, training materials, ethics seminars and senior management's decisions and communications.
	Implicit components include culture, a reward structure, valued behaviours, the examples set by management, general practice, performance measures and promotion policies.
OCE-GO-2	To institute an organizational structure, policies and control systems that provide assurance to the deputy minister or CEO and other senior officials that accountability relationships are clear.
OCE-AC-6	An organizational structure is established that includes, for example, segregation of duties and clear lines of communication and accountability.
OCE-AC-7	The organization develops an effective internal audit function which provides assurance to senior management that the control framework is working as intended.
OCE-AC-8	The organization monitors and evaluates the effectiveness of its control framework. This includes: performing control self-assessments and internal audits.
OCE-GO-3	To ensure that all employees both understand the control framework and their role in it, and are fully involved and committed to the process.
OCE-AC-9	The organization clearly communicates its values and the ground rules for behaviour.
OCE-AC-10	The organization provides a training program for employees on the principles, values, practices and behaviour it considers appropriate.
OCE-AC-11	The organization accepts input from employees and promotes the idea that all employees are responsible for the control framework.
OCE-AC-12	The organization listens and learns from past experience and incorporates suggestions for improvement.
OCE-GO-4	To ensure that the resources and authority assigned to managers are commensurate with delegated responsibilities and the results expected.
OCE-AC-13	The organization develops methods for both assigning authority and responsibility, and ensuring that everyone in the organization clearly understands his or her reporting relationships and responsibilities.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
OCE-CO-policy	The organization establishes, communicates and follows policies for developing a control environment. These policies promote a culture characterized by integrity and sound ethics and values.
OCE-CO-sponsorship	Senior management demonstrates its commitment to an effective control environment in the organization.
	Ability to Perform
OCE-AB-plan	The organization establishes, communicates and maintains a plan for managing the organization's control environment.
	This plan typically covers resources required, roles and responsibilities, developing a budget and issuing organizational directives.
OCE-AB-resources	The organization provides adequate resources (human, physical, technical and financial) for managing and implementing the control environment.
OCE-AB-responsibility	It assigns responsibility, accountability and authority for managing the control environment.
OCE-AB-training	Individuals managing and using the organization's control environment receive adequate training. Examples of topics include organizational values and principles, the code of conduct, business ethics and compliance standards.
	Measurement
OCE-ME-measurement	Performance indicators are used to monitor the effectiveness of the organization's control framework in ensuring compliance with external legal standards, stakeholders' expectations or the organization's own values. Indicators include the number of reported incidents involving misconduct, or the amount of fraud or loss reported annually.
	Verification
OCE-VE-assurance	The activities and outputs of the organization's control environment are independently reviewed to ensure that controls meet the organization's needs and are working as intended.
OCE-VE-manager reviews	Responsible managers review and approve the activities for managing the organization's control on a continuous and an event-driven basis.
OCE-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that the procedures for managing the organization's control environment have been followed.

Internal Controls Management

PURPOSE	*The purpose of the Internal Controls Management* KPA is to establish an internal control framework that will provide management with reasonable assurance that:**
	all transactions are completely and accurately recorded on a timely basis;
	assets are safeguarded and protected from fraud and losses of all kinds; and
	resources are received and used in accordance with applicable laws and regulations.
ICM-GO-1	To design an internal control framework that meets the needs of the organization and its key stakeholders, and which complies with legislative and/or central agency requirements.
ICM-AC-1	The organization defines and documents its internal control requirements, which are based on the needs of the organization and its key stakeholders.
	This exercise typically involves:
	identifying the organization's control requirements (e.g., the appropriate level of control, sensitivity to risk, costs);
	understanding and complying with legislative and central agency requirements;
	identifying areas of risk;
	considering how internal control requirements will affect other parties;
	involving key stakeholders (e.g., employees, taxpayers, auditors and related parties such as other levels of government)
ICM-AC-2	The organization develops and documents an internal control framework that outlines the control activities for all business levels. This framework would include policies, procedures, roles and responsibilities.
	Internal control activities would typically include:
	top level reviews;
	activity controls for different departments or divisions;
	physical controls;
	monitoring for compliance with policies;
	a system of approvals and authorizations;
	a system of verification and reconciliation;
	an accountability and reporting system; and
	an independent system for providing assurance to senior management.
ICM-AC-3	The designated senior financial officer is involved in developing or making significant changes to systems and procedures to ensure that the appropriate controls are designed into the systems and practices.
ICM-AC-4	Senior management reviews and approves the internal control framework.
ICM-AC-5	The internal control framework is implemented throughout the organization and communicated to all employees, so that they understand that internal control is everyone's responsibility.
	This typically includes communicating policies, providing staff training, demonstrating senior management support.
ICM-AC-6	The internal control framework is monitored to ensure that control activities are working as intended and continue to be relevant.
ICM-AC-7	Action is taken when control weaknesses are identified.
ICM-AC-8	Those responsible for managing internal controls review and maintain any changes to internal control requirements.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
ICM-CO-policy	The organization establishes, communicates and follows policies for managing internal controls. These policies establish expectations for ensuring that appropriate internal controls are in place for the organization.
ICM-CO-sponsorship	Senior management, through its actions, demonstrates its commitment to maintaining effective internal control.
	Ability to Perform
ICM-AB-plan	The organization establishes, communicates and maintains a plan for managing the organization's internal control framework.
	This plan typically covers the resources required, establishing roles and responsibilities, developing a budget and issuing directives.
ICM-AB-resources	Adequate resources (human, physical, technical and financial) are provided for managing internal control activities.
ICM-AB-responsibility	Responsibility, accountability and authority for managing the internal control framework are established.
ICM-AB-training	Individuals managing and using the internal control framework receive appropriate training. Examples of topics include resource and cost estimating, basic accounting policies and procedures, risk assessment, the organization's corporate values, guidelines on conducting business and legislative and regulatory requirements.
	Measurement
ICM-ME-measurement	Performance indicators are used to monitor the effectiveness of the organization's internal control activities. Indicators include the number of incidents of non-compliance, number of errors detected through control activities, hours spent on control activities and the cost of safeguards.
	Verification
ICM-VE-assurance	The activities and outputs of the internal control framework are independently reviewed to ensure that controls meet the organization's needs and are working as intended.
ICM-VE-manager reviews	The responsible managers review and approve the activities of the internal control framework on a continuous and an event-driven basis.
ICM-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that the internal control framework is working as intended.

Data Management

PURPOSE	The purpose of the Data Management KPA is to control and safeguard both financial and non-financial data as assets of the organization to ensure their integrity, reliability and availability. This involves instituting controls over accessing, processing, storing, purging and manipulating data in accordance with the internal control framework and the data management structure.
DAT-GO-1	To ensure that data management systems are designed to collect and protect data, and ensure their integrity and that these data systems meet users' needs.
DAT-AC-1	Data requirements and data-classification structures are defined and documented in accordance with users' needs.
	Data requirements describe the characteristics of data to be maintained in the data management systems. Characteristics include the level of aggregation, how often data are to be collected and linkages with other data in other systems.
	Examples of data-classification structures include transactions, summary information, operational information, program information and a reporting structure.
DAT-AC-2	The organization designs and maintains a framework that reflects its data requirements.
	This task would typically include developing data standards and systems, identifying data sources, creating a data-coding structure, setting up data libraries, specifying roles and responsibilities and documenting systems.
DAT-AC-3	The organization establishes a system administration group to maintain the database systems and manage application-level security and data storage for the entire system.
DAT-AC-4	Controls are established over changes to program applications, database structures or supporting systems. This ensures that only authorized personnel make these changes, that changes are in response to approved requests, and that the changes reflect the new requirements.
DAT-GO-2	To ensure that financial and non-financial data are collected and processed completely and accurately on a timely basis.
DAT-AC-5	The organization builds processing controls into computer applications to prevent errors from entering the system, to detect and correct them once they have been identified and to ensure that data are complete, accurate and authorized. Controls would include for example:
	restricting access to the computer application to authorized personnel;
	ensuring that data input is accurate, complete and that data are entered only once;
	isolating, analyzing and correcting rejected data properly; and
	ensuring that no bona fide transactions are lost and that they are completely processed and reported.
DAT-AC-6	Financial and non-financial data are securely maintained. This would typically include setting security policies, providing security training programs, documenting security guidelines, ensuring physical security, segregating duties, maintaining access rules and profiles, determining password security practices, controlling exterior access to databases (e.g., installing firewalls and developing backup / disaster-recovery procedures).
DAT-AC-7	The organization reviews masterfiles as well as transactional and operational data periodically to ensure the completeness and accuracy of data.
DAT-AC-8	Information systems and organization records, both manual and automated, are independently reviewed to ensure that controls over the processing and maintenance of data are working as intended.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
DAT-CO-policy	The organization establishes, communicates and follows policies for data management. These policies ensure that the integrity of financial and non-financial data is properly controlled, maintained and safeguarded.
DAT-CO-sponsorship	Senior management sponsors data-management activities.
	Ability to Perform
DAT-AB-plan	The organization establishes, communicates and maintains a plan for managing data and the organization's databases.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and issuing organizational directives.
DAT-AB-resources	Adequate resources (e.g., human, physical, technical and financial) are provided for data-management activities.
DAT-AB-responsibility	Responsibility, accountability and authority for performing these activities are assigned.
DAT-AB-training	Individuals performing data-management activities receive appropriate training. Examples of topics include an orientation to the organization's hardware and software products, training on data systems, understanding control frameworks and processing controls and technology / industry changes.
	Measurement
DAT-ME-measurement	Performance indicators are used to monitor the status and effectiveness of data-management activities. Indicators include the accuracy of permanent records, the number of errors detected during processing, the quality of data captured (e.g., their accuracy, completeness, relevance and timeliness) and access violations.
	Verification
DAT-VE-assurance	The activities, outputs and controls of data management are independently reviewed to ensure that they meet the organization's needs and are working as intended.
DAT-VE-manager reviews	The responsible manager reviews data-management activities on a periodic and an event-driven basis.
DAT-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that the procedures for managing the organization's data and databases have been followed.

General Accounting

PURPOSE	The purpose of the General Accounting KPA is to ensure that the organization maintains proper books of account that record its financial transactions accurately, completely and in a timely manner.
	This involves collecting, analyzing and recording transactions and preparing financial reports for management and other interested parties. The financial data that result from this process provides the basis for timely and effective business decisions.
ACC-GO-1	To ensure that the financial data, books of account and financial reports are complete, accurate and prepared on a timely basis.
ACC-AC-1	The organization establishes, documents and clearly communicates its general accounting policies.
ACC-AC-2	The organization defines its requirements for accounting records and implements a general accounting system to record transactions and meet its accounting requirements. This system typically incorporates control activities, which ensure that the organization's financial data are complete, accurate and authorized.
ACC-AC-3	A Finance group is available to provide functional guidance and advice for managers in carrying out their financial activities.
ACC-AC-4	Procedures are established and responsibilities are assigned for processing accounting transactions such as accounts payable, payroll, accounts receivable, credit and collection and benefits.
ACC-AC-5	General accounting activities (e.g., recording transactions, issuing payments, depositing cash, maintaining accounting records, managing cash flows, preparing financial reports) are performed on a regular basis.
ACC-AC-6	Accounting transactions are processed completely, accurately and on a timely basis. Processing steps would typically include verifying authorization, ensuring continuity of transaction processing, reviewing edit or exception reports, and reconciling output reports to original documents to ensure the completeness and accuracy of processing.
ACC-AC-7	The organization follows standard period-end procedures to close the accounting books when preparing financial statements or reports.
ACC-AC-8	The general accounting process is monitored and controlled to ensure timely and accurate collection, payment and recording of transactions.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
ACC-CO-policy	The organization establishes, communicates and follows policies for general accounting. These policies are designed to ensure that proper books of account are maintained.
ACC-CO-sponsorship	Senior management sponsors general accounting policies and activities.
	Ability to Perform
ACC-AB-plan	The organization establishes, communicates and maintains an operating plan for managing the general accounting function.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and issuing organizational directives.
ACC-AB-resources	Adequate resources (e.g., human, physical, technical and financial) are provided for general accounting activities.
ACC-AB-responsibility	Responsibility, accountability and authority for performing general accounting activities are assigned.
ACC-AB-training	Individuals performing general accounting activities receive appropriate training. Examples of topics include orientation to accounting principles, financial accounting, accrual accounting, control frameworks and the use of computer applications.
	Measurement
ACC-ME-measurement	Performance indicators are used to monitor the completeness, accuracy and timeliness of general accounting records. Indicators include the number of days to close accounts, the number of adjusting entries, volume of backlogs, error rates and the number of re-submissions or rejections.
	Verification
ACC-VE-assurance	The activities, outputs and controls of general accounting are independently reviewed to ensure that they meet the requirements of central agencies and the organization and are working as intended.
ACC-VE-manager reviews	The responsible manager reviews the general accounting activities on a periodic and an event-driven basis.
ACC-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that the procedures for managing the books of account have been followed.

Stewardship Reporting

PURPOSE	The purpose of the Stewardship Reporting KPA is to satisfy legislative or statutory reporting requirements and support decision making by both:
	requiring managers to account for the use of resources; and
	producing timely and reliable operational and financial reports to account for the use of resources.
REP-GO-1	To ensure that stewardship reports are complete, accurate, timely and approved and that they comply with legislative and statutory requirements.
REP-AC-1	Mechanisms are established to ensure statutory and/or central agency reporting requirements are understood and communicated throughout the organization.
REP-AC-2	The organization develops, communicates and maintains a plan for ensuring that it meets its reporting obligations. This would typically include assigning resources and responsibilities, setting production deadlines and milestones and identifying key outputs.
REP-AC-3	Reports are prepared in accordance with statutory and/or regulatory reporting requirements.
	Data and information needed to generate stewardship reports are identified, acquired and verified to ensure their completeness, accuracy and timeliness.
REP-AC-4	The organization monitors its progress in producing the reports and ensures that adequate resources are available, requirements continue to be met and reporting deadlines are met.
REP-AC-5	Staff review reports for completeness, accuracy and compliance with requirements.
REP-AC-6	Senior management approves reports.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
REP-CO-policy	The organization establishes, communicates and follows organizational and central agency policies for stewardship reporting. These policies establish the requirements for providing statutory and central agency reports.
REP-CO-sponsorship	Senior management sponsors stewardship reporting activities by communicating the importance of the accuracy, completeness and timeliness of the reports the organization produces.
	Ability to Perform
REP-AB-plan	The organization establishes, communicates and maintains a plan for preparing statutory and central agency reports.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and compliance with central agency directives.
REP-AB-resources	Adequate resources (e.g., human, physical, technical and financial) are provided for stewardship reporting activities.
REP-AB-responsibility	Responsibility, accountability and authority for stewardship reporting activities are established.
REP-AB-training	Individuals performing stewardship reporting activities receive appropriate training. Examples of topics include orientation to accounting policies and principles, central agency directives and guidelines and the role of reporting in discharging accountability obligations.
	Measurement
REP-ME-measurement	Performance indicators are used to monitor the status of stewardship reporting activities. Indicators include how often milestones are met.
	Verification
REP-VE-assurance	The activities, controls and outputs of stewardship reporting are independently reviewed to ensure that they follow central agency and departmental policies, procedures and meet requirements and are working as intended.
REP-VE-manager reviews	The responsible managers review and approve stewardship reporting activities on a periodic and an event-driven basis.
REP-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that procedures for stewardship reporting have been followed.

Planning and Budgeting

PURPOSE	The purpose of the Planning and Budgeting KPA is to support strategic planning and decision making and to serve accountability by enabling managers to plan for the resources they need to deliver a product or service.
	This KPA provides a basis for allocating financial resources based on operational plans and the organization's objectives.
PAB-GO-1	To ensure that operational results, such as expected outputs and desired outcomes, are established and communicated.
PAB-AC-1	The organization establishes and communicates its operational goals and objectives. This typically includes having them approved by senior management to ensure that they are achievable and support the organization's broader goals.
PAB-AC-2	Key stakeholders are consulted when defining expected operational results and setting priorities.
	Key stakeholders include customers, taxpayers, beneficiaries, other affected levels of government, regulatory bodies and employees performing the work.
PAB-AC-3	Expected results are established, documented and communicated according to a documented procedure.
	This procedure typically specifies that:
	The size of all major tasks are estimated.
	Historical data are used where available.
	Assumptions are documented.
	Estimates are documented, reviewed and approved.
PAB-AC-4	Risks and sensitivities that may affect the achievement of expected operational results are assessed and documented.
PAB-GO-2	To prepare a documented financial plan that includes supporting estimates and assumptions, is approved by senior management, and which complies with legislated requirements, justifies the resources needed, provides a basis for control and can be used to hold managers accountable.
PAB-AC-5	The organization develops a work plan that lists the activities, time requirements and resources needed to achieve expected operational results. This plan typically includes the following:
	Operational activities to be performed in producing a product or delivering a service are identified and planned.
	A realistic schedule is developed that estimates the time needed to carry out the activities and indicates the key milestones to be achieved.
	Resources needed to carry out the activities are estimated according to the size of the project. Resources include people, physical assets, technology and dollars.
PAB-AC-6	The organization establishes and documents accountability agreements with internal and external parties involved in producing its products or in delivering its programs. This exercise may involve negotiating with the parties involved to get them to agree that milestones and deliverables are achievable.
	Accountability agreements may be in the form of either partnership or third-party agreements, or a memorandum of understanding or contracts that specify the terms and conditions and deliverables.
PAB-AC-7	The operational financial plan / budget is developed according to a documented procedure, based on the expected operational outputs and resource requirements (e.g., financial, technical, human and physical). The plan typically includes:
	Key outputs and work products.
	Key milestones for monitoring progress against the plan.
	Reporting requirements for tracking actual against planned activities.
	Assigning key responsibilities for carrying out the plan.
	Commitments (what done / by whom) required to carry out the financial plan.
	Key Assumptions
	Risks and sensitivities
	Planned approaches to the operations.
PAB-AC-8	Senior management reviews and approves operational financial plans and budgets according to a documented procedure. This ensures that the plan is feasible and that expected results are consistent with the organization's objectives.
PAB-GO-3	To ensure that a realistic corporate/organizational budget is prepared, negotiated and approved and that it provides for enough resources to achieve the intended objectives.
PAB-AC-9	The organization establishes and communicates its goals and objectives. This typically means that senior management must define the organization's priorities and long-term direction.
PAB-AC-10	Budgetary assumptions and risks are documented.
PAB-AC-11	Budgetary assumptions and risks are monitored for any significant changes, and action is taken when needed.
PAB-AC-12	Budgetary constraints -- for example, legislative and regulatory requirements -- are documented.
PAB-AC-13	All budgetary estimates are reviewed for reasonableness and to ensure that they are supported by adequate analysis. Reasonableness checks typically include comparisons against historical data. Anomalies, if any, are followed up.
PAB-AC-14	The organization prepares, according to a documented procedure, a consolidated budget that reflects operational financial plans and budgets, corporate overhead costs and revenues for the planned financial period. This budget typically includes:
	operating costs: salaries and wages, travel costs, professional services;
	overhead costs: office rent, renovations, depreciation, deferred taxes, functional support groups such as Finance, Personnel, IT, library, administrative staff; and
	revenues: including user fees, tax revenues, cost-recovery fees, interest income, grants or subsidies, charitable donations, proceeds from the sale of assets
PAB-AC-15	Senior management prioritizes and critically reviews the consolidated budget in accordance with a documented procedure to ensure that it reflects organizational strategy.
	This task typically includes negotiating with affected parties, deciding on tradeoffs between costs and outputs and identifying other sources of revenue.
PAB-AC-16	The budget, and significant changes to the budget, are approved by senior management for each financial cycle and communicated to all parties affected.
PAB-AC-17	Operational work plans are adjusted to reflect revised budget amounts.
PAB-AC-18	Variances between timing of cash requirements and budget are balanced according to a documented procedure.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
PAB-CO-policy	The organization establishes, communicates and follows organizational and central agency policies for planning and budgeting. These policies guide the organization's efforts to prepare realistic financial plans and budgets and to allocate resources to achieve its objectives.
PAB-CO-sponsorship	Senior management sponsors planning and budgeting activities.
	Ability to Perform
PAB-AB-plan	The organization establishes, communicates and maintains a plan for preparing financial / operational plans and budgets.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and compliance with central agency and organizational directives.
PAB-AB-resources	Adequate resources (e.g., human, physical, technical and financial) are provided for financial planning and budgeting activities.
PAB-AB-responsibility	Responsibility, accountability and authority for preparing financial plans and budgets are assigned.
PAB-AB-training	Individuals performing planning and budgeting activities receive appropriate training. Examples of topics include the use of historical data, government policies and procedures, fundamentals of financial management and the use of project-management tools.
	Measurement
PAB-ME-measurement	Performance indicators are used to monitor the status of planning and budgeting activities. Indicators include the cost of the planning and budgeting exercise, cycle time to prepare budgets and resources devoted to the process.
	Verification
PAB-VE-assurance	The activities, outputs and controls of planning and budgeting are independently reviewed to ensure that they meet the organization's needs and are working as intended.
PAB-VE-manager reviews	The responsible manager reviews planning and budgeting activities on a continuous and an event-driven basis.
PAB-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that procedures for planning and budgeting have been followed.

Funding

PURPOSE	*The purpose of the Funding* KPA is to ensure that the organization has the necessary funds (resources) to carry out its mandate and meet its operational requirements.**
FN-GO-1	To ensure that the organization has enough funds to meet its needs.
FN-AC-1	The organization estimates its funding requirements based on historical expenditures, financial plans and budgetary information.
FN-AC-2	Funding requests are reviewed for consistency with organizational requirements.
FN-AC-3	Senior management approves funding requests.
FN-GO-2	To control organizational funding.
FN-AC-4	Funding requests are followed up to ensure that funding needs are met, or appropriate action is taken, such as adjusting the budget if there is a shortfall in funding.
FN-AC-5	Funding stipulations, e.g., terms and conditions for using the funds are documented.
FN-AC-6	Conditions specified in the funding requirements are monitored for compliance, and appropriate action is taken when anomalies occur.
FN-AC-7	The organization monitors and controls changes to funding according to a documented procedure.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
FN-CO-policy	The organization establishes, communicates and follows organizational and central agency policies for funding. These policies establish expectations for ensuring that enough funds are available to the organization and that conditions for keeping the funds are fulfilled.
FN-CO-sponsorship	Senior management sponsors funding activities.
	Ability to Perform
FN-AB-plan	The organization establishes, communicates and maintains a plan for requesting and controlling funds.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and compliance with central agency directives.
FN-AB-resources	Adequate resources (human, technical, physical and financial) are provided for funding activities.
FN-AB-responsibility	Responsibility, accountability and authority for performing funding activities are assigned.
FN-AB-training	Individuals performing funding activities receive appropriate training. Examples of topics include sources of funding, regulatory requirements and the use of computer applications.
	Measurement
FN-ME-measurement	Performance indicators are used to monitor the status of funding activities. Indicators include the volume of funding requests, overall time spent on funding, funds spent relative to completion of work and unused funds available.
	Verification
FN-VE-assurance	The activities, outputs and controls of funding are independently reviewed to ensure that they meet the requirements of the organization and central agencies and are working as intended.
FN-VE-manager reviews	The responsible manager reviews funding activities on a periodic and an event-driven basis.
FN-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that procedures for funding have been followed.

Operations Control

PURPOSE	The purpose of the Operations Control KPA is to enable the organization to track its progress toward achieving desired results (e.g., producing a product or delivering a service) against resources used to ensure that adequate resources are available to achieve the planned results.
	The intent of this KPA is to ensure that managers are always aware of the organization's ability to deliver products or services as planned, and that the resources required to achieve established objectives are available.
	*The Operations Control* KPA includes, for example:**
	budgetary / commitment control
	tracking hours spent
	product schedule tracking
	controls that monitor the quality and timeliness of service or product delivery.
OC-GO-1	To monitor the activities of the operating units, including the quality of products and services produced against resources used to ensure that managers can meet their planned objectives.
OC-AC-1	Actual operating results, schedule and resources used are tracked and compared against operational and financial plans to assess progress in meeting goals and objectives.
	Actual results achieved are tracked against the operational and financial plan.
	The production schedule is tracked against the operational plan.
	Resources (e.g., people, dollars, assets) used are tracked against budgets and plans.
	Financial commitments are regularly tracked.
	Estimating assumptions are monitored for their continuing validity.
	The risks and sensitivities associated with achieving key results are monitored
OC-AC-2	When significant variances occur, managers act according to a documented procedure. The financial implications of these actions are determined.
OC-AC-3	The quality of work, products and services is monitored to ensure it meets standards or specifications.
OC-GO-2	To ensure that the financial implications of any changes to plans can be quickly assessed.
OC-AC-4	When significant changes occur, management assesses, documents and reviews them to determine how they will affect resources, risk, the achievement of operational objectives and the control framework.
	Operational plans define expected results (e.g., specifications of quality, functionality, quantity) and indicate planned resources, the expected schedule and activities.
OC-AC-5	Senior management approves all significant changes to the operational plan according to a documented procedure. This exercise ensures that the changed plan is feasible and that the results are consistent with the organization's objectives.
OC-AC-6	When operational plans change, all other related plans, budgets and work products are updated so that any financial implications are understood.
OC-AC-7	Operational financial issues that are outside the control of operational managers are referred to senior management for resolution, according to a documented procedure.
	INSTITUTIONALIZATION COMMON FEATURES:
	Commitment to Perform
OC-CO-policy	The organization establishes, communicates and follows specific policies for operations control. These policies are designed to both ensure that actuals are tracked against operational plans (which are kept current), and assess how any variances will affect financial plans.
OC-CO-sponsorship	Senior management sponsors operations-control activities by indicating clearly the importance of achieving planned operational results.
	Ability to Perform
OC-AB-plan	The organization establishes, communicates and maintains a plan for controlling the organization's operational resources.
	This plan typically covers the resources required, roles and responsibilities, developing a budget and compliance with central agency directives.
OC-AB-resources	Adequate resources (human, technical, physical and financial) are provided for operations-control activities.
OC-AB-responsibility	Responsibility, accountability and authority for operations control are assigned.
OC-AB-training	Individuals performing operations-control activities receive appropriate training. Examples of topics include project management, the fundamentals of financial management, risk assessment, government policies and procedures and the use of computer applications.
	Measurement
OC-ME-measurement	Performance indicators are used to monitor the efficiency and effectiveness of operations control. Indicators include the time spent on tracking, the cost of operations control, status against planned milestones, variation between actuals and budget, percentage of tasks completed or services delivered on-schedule.
	Verification
OC-VE-assurance	The activities and outputs of operations control are independently reviewed to ensure that they meet the needs of the organization and are working as intended.
OC-VE-manager reviews	The responsible manager reviews the activities of operations control on a continuous and an event-driven basis.
OC-VE-senior management oversight	The organization has mechanisms for providing senior management with assurance that procedures for operations control have been followed and are working as intended.