The Internal Audit and Evaluation Office at the Office of the Auditor General of Canada completed an audit of information technology security and cyber security in 2025.
The audit assessed the adequacy and effectiveness of information technology security and cyber security controls used to effectively safeguard the organization’s information and systems from IT security and cyber security risks.
Management accepted the findings and is addressing the audit recommendations to strengthen the management control framework over its current IT security and cyber security. The Internal Audit and Evaluation Office will continue to work with management to monitor and report on the implementation of management action plans.
Due to the sensitivity of the findings and the need to safeguard the Office’s information and IT systems, the full report is not publicly available.
All work in the information technology security and cyber security audit was performed to a reasonable level of assurance in accordance with the Global Internal Audit Standards set out by the Institute of Internal Auditors and with the Treasury Board Policy on Internal Audit and the Directive on Internal Audit.
