Internal Audit Performance Results
This information is being reported in compliance with Appendix A of the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit. It states:
"The objective of the Treasury Board Policy on Internal Audit is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management."
Heads of organizations are responsible ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the policy or directive will prevail.
Departments with internal audit functions are required to publish key attributes of compliance as per section A.18.104.22.168 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
These attributes have been selected because they demonstrate to an external audience that, at a minimum, the fundamental elements necessary for oversight are in place, are operating as intended and are achieving results. The key attributes of compliance with the policy and standards are:
- internal auditors that are trained to effectively perform the work;
- audit work that is performed in conformance with the international standards for the profession;
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations; and
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives.
Publishing departmental key compliance attributes provides pertinent information to Canadians and parliamentarians regarding the professionalism, performance and impact of the internal audit function in departments. These are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
Date of information: As at June 30, 2019.
Internal Audit Division qualifications
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?
- Staff with CIA or CPA designation: 44%
- Staff with CIA or CPA designation in progress: 17%
Staff holding other designations:
- CGAP: 33%
- CRMA: 22%
- CISA: 6%
- CGEIT: 6%
- Staff holding CIA, CPA or other designation: 72%
- Average number of years of experience: 7 years
Each auditor completed a minimum of 5 days of training (operational and career development) during fiscal year 2018-19. Note: This excludes employees who were on a leave of absence during the year.
- Certified Internal Auditor
- Chartered Professional Accountant
- Certified Government Auditing Professional
- Certification in Risk Management Assurance
- Certified Information Systems Auditor
- Certified in the Governance of Enterprise IT
Conformance to professional standards
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
- Date of last comprehensive briefing:
(to Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program (QAIP))
- Date of last external assessment:
- Date of last comprehensive briefing:
Active audits and status of Management Action Plans (MAPs)
Are the Risk Based Audit Plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?
- This table is to be updated regularly, at a minimum twice annually. Audits shall remain on the active table as long as the MAP is in progress. Once the MAP is completed, the audit shall remain on the active list for an additional six months.
- This requirement applies only to internal audits that will begin in the 2018-19 fiscal year and after.
- Additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization.
Internal audits Internal audit title Audit status Report approved date Report published date Original planned MAP completion date Implementation status 1. Audit of Enterprise Architecture In progress N/A N/A N/A N/A 2. Audit of Project Management In progress N/A N/A N/A N/A 3. Audit of Lookouts In progress N/A N/A N/A N/A 4. Audit of the International Program In progress N/A N/A N/A N/A 5. Follow-up Audit of Professional Standards Planned N/A N/A N/A N/A 6. Audit of OGD IT Outsourced Services (e.g. SSC, CRA) Planned N/A N/A N/A N/A 7. Audit of Compensation Processes and Controls Planned N/A N/A N/A N/A 8. Audit of the Management of Written Collaborative Arrangements (WCAs) Planned N/A N/A N/A N/A
Credibility and value
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?
Average overall usefulness rating from senior management:
(percentage of responding auditees from post-audit survey results per section “09-Satisfaction” of the most recent Capacity Assessment Template (CAT).)
- Excellent: 43%
- Good: 57%
- Date modified: