Audit of Private Pension Plans – Management Action Plan

Publication type
Audit
Date

Template

Recommendation

As per audit report.

Planned actions to support the recommendation

Individual milestone should be focused on results and demonstrate how they address the recommendation. For long-term actions, interim controls should be identified to outline how the risk will be mitigated.

The number of milestones may vary based on the actions required.

Target milestone completion

Each item must have its own milestone completion date. It is suggested to use ends of quarters and fiscal years (ex. “Q4 2022-2023”) rather than specific dates.

Accountability

The individual accountable for completion – usually the person with budgetary authority over the area.

Target overall completion

The overall completion date should be aligned with the final target milestone date.

 

Management response to the audit

Management accepts the findings and has identified Management Action Plans with associated timelines for each recommendation as outlined in the report.

Recommendation 1 (High risk)

Management should establish and document a process that enables identification, reporting and oversight over resource capacity of planned supervisory activities. In addition, management should revisit existing requirements to track and approve plan changes during the year.

Planned actions to support the recommendation

The Private Pension Plan (PPP) Supervision Team within the Insurance and Pensions Group is focussed on making decisions driven by OSFI’s risk appetite. This will include aligning planning with OSFI’s formally defined risk appetite and cascading that to the Supervision Sector (led across OSFI by ERM). The completion of the Supervision Section RTF is estimated to be July 2023, per ERM.

It is recognized that with the integration of PPPD into the Supervision Sector, supervisory processes should in principle be consistent across the entire sector, including with respect to procedure manuals and guides. As an example, PPPDs selection of plans to examine will be part of a broader supervision process and the PPPD procedures / manuals will be discontinued.

With the integration of pensions into Supervision, pension plan supervision is now within the scope of the Supervisory Framework Renewal initiative and will include the transition of PPPD to Vu (RASP will be discontinued). To move forward, enhancements to existing systems within Supervision (unless critical) have been paused in order to focus time, dollar and resources on future state. This also includes the migration of RASP to Vu F25/26.

Milestone 1
For Fiscal 2023-2024 and interim quarterly planning process was developed, per a test and learn approach for banking, insurance and pension. Once the supervision RTF is developed, the impact on the supervisory planning processes will be reassessed and adjusted accordingly.
Milestone 2
Longer term, with the development and roll-out of the new Supervisory Framework, and the approval of the Supervision RTF, a planning approach will be finalized. Relevant policy instruments and processes will be updated including approaches to risk based-planning. Training/info sessions will be provided to Supervision staff.

Target milestone completion

  • Milestone 1: Q3 2023-2024 (planning for fiscal 2024-2025)
  • Milestone 2: Q2 2024-2025

Accountability

Head, Supervision Methods, Standards and Controls (SMSC)

Target overall completion

Q2 2024-2025

Recommendation 2 (Medium risk)

Management should revisit communication and training to staff on the existing requirements for the adequate and timely creation of recommendations.

Planned actions to support the recommendation

Guidance and training should be consistent across Supervision. Supervisory expectations regarding recommendations for FRFI’s are currently captured within the Supervisory Letters and Issues Management Standards. For pensions they are included in the PPP Procedure Manual. SMSC recognizes that these will need to be updated and integrated with the roll-out of the new Supervisory Framework and related Vu updates. The timeframe for roll-out of Vu to PPPD has yet to be determined.

Milestone 1
Baseline documentation standard will be developed as part of the rollout of the new Supervisory Framework. Training/info sessions will be provided to Supervision staff.
Milestone 2
SMSC will develop a plan, including an implementation schedule,for assessing and updating relevant policy instruments to include PPPD and Vu (as appropriate).

Target milestone completion

  • Milestone 1: Q4 2023-2024
  • Milestone 2: Q2 2024-2025 (dependant upon other Vu specific timelines)

Accountability

Head, SMSC

Target overall completion

Q2 2024-2025

Recommendation 3 (Medium risk)

Management should establish and document a process to track and monitor key milestones dates against target dates and ensure evidence of approval of target date extension is obtained and retained.

Planned actions to support the recommendation

Guidance and training should be consistent across Supervision. Supervisory expectations regarding recommendations for FRFI’s are currently captured within the Supervisory Letters and Issues Management Standards. For pensions they are included in the PPP Procedure Manual. SMSC recognizes that these will need to be updated and integrated with the roll-out of the new Supervisory Framework and related Vu updates. The timeframe for roll-out of Vu to PPPD has yet to be determined.

Milestone 1
Given the similarity of this recommendation with SIB Audit Recommendation 3, the developed interim addendum will be reviewed for applicability, recognizing that Vu related elements cannot be applicable.
Milestone 2
SMSC to develop a plan, including an implementation schedule, that considers the roll out of Vu to PPPD and updating of relevant Policy instruments.

Target milestone completion

  • Milestone 1: Q2 2023-2024
  • Milestone 2: Q1 2024-2025

Accountability

Head, SMSC

Target overall completion

Q1 2024-2025

Recommendation 4 (High risk)

Management should establish and document a process to support consistent assessment and integration of industry monitoring risks for effective oversight of PPPs. The results of the PPP risk profiles should be monitored and reported to senior management on an ongoing basis.

Planned actions to support the recommendation

Milestone 1
The interim planning process for Supervision is intended to integrate BRC, ARO and idiosyncratic risks. The process will continue to be enhanced throughout Fiscal 2023/24 and will consider alignment with the Supervision RTF once it is finalized.
Milestone 2
The Business Risk assessment in the new Supervisory Framework will provide an opportunity for the Strategy, Risk and Governance Sector to provide Supervisors with a direct link to the BRC risks. Details are under development. Training to all supervision staff will include the approach related to Business Risk.

Target milestone completion

  • Milestone 1: Q3 2023-2024 (planning for 2024-2025 cycle).
  • Milestone 2: Q1 2024-2025

Accountability

Head SMSC

Target overall completion

Q1 2024-2025

Recommendation 5 (Medium risk)

Management should revisit the metrics and thresholds on an ongoing basis to remain relevant to monitor performance of supervisory activities and align with expected objectives. Where applicable, data validation controls should be established to support accurate and complete reporting.

Planned actions to support the recommendation

Monitoring of metrics will be impacted by the new Supervisory Framework and the rollout of Vu to PPPD. Proposed metrics for FRFI monitoring and reporting have been presented to the Supervisory Framework Renewal Steering Committee, and the rollout of Vu to PPPD will take these into consideration for the development of pension metrics.

Milestone 1
SMSC will develop a plan, including an implementation schedule, to incorporate relevant pension metrics, to monitor performance, and include training to support accurate and complete reporting.

Target milestone completion

Milestone 1: Q2 2024-2025

Accountability

Head, SMSC

Target overall completion

Q2 2024-2025

Recommendation 6 (Medium risk)

Management should revisit the current Supervision procedure manuals to reflect existing processes and that appropriate training is provided to staff to promote adherence to these requirements.

Planned actions to support the recommendation

Guidance should be consistent across Supervision. Existing/industry specific supervision procedure manuals/operating guides will be assessed for alignment with Supervisory Policy Instruments, the new Supervisory Framework and the rollout of Vu 2.0.

Milestone 1
SMSC will develop a plan, including an implementation schedule, to ensure pension plan supervisory processes are incorporated within the broader Supervision processes and include training to promote adherence to the expectations.

Target milestone completion

Milestone 1: Q2 2024-2025

Accountability

Head, SMSC

Target overall completion

Q2 2024-2025

Recommendation 7 (Medium risk)

Management should revise the user access review controls, including ad-hoc user and periodic access reviews for timely oversight of access to sensitive and confidential information within RASP.

Planned actions to support the recommendation

The PPP Supervision Team within the Insurance and Pensions Group recognizes the importance of maintaining the integrity and security of pension plan data.

Milestone 1
Review and update the Risk Assessment System Access Management procedural manual
Milestone 2
Implement and document formal periodic monitoring as per the Risk Assessment System Access Management procedural manual

Target milestone completion

  • Milestone 1: Q1 2023-2024
  • Milestone 2: Q2 2023-2024

Accountability

Senior Director, Insurance and Pension Sector

Target overall completion

Q2 2023-2024

Date modified: