Key compliance attributes of Internal Audit
Why publish key compliance attributes of Internal Audit
The objective of the Treasury Board Policy on Internal Audit is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.
Heads of organizations are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the Policy or Directive will prevail.
Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3.1 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
These attributes have been selected because they demonstrate to an external audience that, at a minimum, the fundamental elements necessary for oversight are in place, are operating as intended and are achieving results. The key attributes of compliance with the Policy and standards are:
- internal auditors that are trained to effectively perform the work
- audit work that is performed in conformance with the international standards for the profession
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives
Publishing departmental key compliance attributes provides pertinent information to Canadians and parliamentarians regarding the professionalism, performance, and impact of the internal audit function in departments. These are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
| Performance Measure | Key compliance attributes | Results |
|---|---|---|
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? |
% of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) |
74 % |
% of staff with an internal audit or accounting designation in progress (CIA, CPA) |
0% |
|
% of staff holding other professional designations (Certified Government Auditing Professional [CGAP], Certification in Risk Management Assurance [CRMA], etc. |
32 % |
|
Is internal audit work performed in conformance with the international standards for the profession of internal audit and as required by Treasury Board policy? |
Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program (QAIP) |
Results of the Quality Assurance and Improvement Program were presented to the Departmental Audit Committee (DAC) on December 13, 2024 Footnote 1 |
Date of last external assessment |
April 28, 2022 |
|
Are the Risk-based Audit and Evaluation Plans (RBAEPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? |
Risk-Based Audit Plan (RBAP) and related information
|
Refer to Table 2 – Audit plan and related information. *Audits from past fiscal years remain listed in the table until 100% of the Management Action Plan (MAP) implementation is achieved. Audit engagements will remain listed on the site for a minimum six-month period after 100% implementation has been achieved and published. |
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? |
Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. |
Senior management of areas audited rated the overall usefulness of our work as "Good". |
| Engagement Title | Status | Report Approved Date | Report Published Date | Original Planned MAP Completion Date | Implementation Status |
|---|---|---|---|---|---|
| Ongoing Engagements | |||||
Audit of Fire Safety |
In progress |
N/A |
N/A |
N/A |
N/A |
Audit of Conditions of Confinement |
In progress |
N/A |
N/A |
N/A |
N/A |
Audit of the Procurement and Contracting Process- Phase I |
In progress |
N/A |
N/A |
N/A |
N/A |
| Audit of Injury on Duty Leave | In progress |
N/A |
N/A |
N/A |
N/A |
Review of the Port-Cartier Evacuation |
In progress |
N/A |
N/A |
N/A |
N/A |
| Other Planned Engagements 2025-2027* | |||||
Audit of the Management of the Aging Offender Population |
Planned |
N/A |
N/A |
N/A |
N/A |
Audit Engagement – Health Centre of Excellence |
Planned |
N/A |
N/A |
N/A |
N/A |
Institutional Reviews – Pilot |
Planned |
N/A |
N/A |
N/A |
N/A |
| Completed Audits with Open MAPs | |||||
Review of the Complaint and Grievance Resolution Review Committee |
Report approved - MAP not yet finalized. |
May 5, 2025 | N/A |
TBC |
N/A |
Audit of the Mother-Child Program |
Completed – Not yet published |
May 8, 2025
|
Within 90 business days of approval. |
March 31, 2027 |
N/A** |
Joint Audit and Evaluation of Structured Intervention Units |
Completed – Not yet published |
June 8, 2025 | Within 90 business days of approval. |
March 31, 2026 |
N/A** |
Completed – MAP not fully implemented |
January 19, 2025 |
March 11, 2025 |
September 30, 2026
|
N/A** |
|
Completed – MAP not yet approved |
April 10, 2024 | May 17, 2024 |
March 31, 2027 |
N/A** |
|
Audit of Offender Management System Modernization – Systems Under Development Phase II |
Completed – MAP fully implemented |
March 17, 2024 |
July 25, 2024 |
March 31, 2026 |
100 % |
Completed – MAP fully implemented |
March 7, 2023 |
July 14, 2023 |
June 30, 2024 |
100 % |
|
Completed – MAP not fully implemented |
March 1, 2024 |
July 11, 2024 |
February 27, 2026 |
33 % |
|
Completed – MAP not fully implemented |
August 5, 2022 |
December 9, 2022 |
June 30, 2025 |
82% |
|
* In order to address emerging risks and departmental priorities, we may adjust the internal audits planned in the risk-based audit plan.
** This MAP was approved after the deadline for the last follow-up exercise. An update on the implementation progress will be provided during the next follow-up cycle.
You might also be interested in
Page details
- Date modified: