Key compliance attributes of internal audit

The department of Employment and Social Development Canada (the Department) publishes key performance results for its internal audit function. This is done in accordance with the Treasury Board Directive on Internal Audit.

These results, or key compliance attributes, demonstrate that, at a minimum, the fundamental elements necessary for oversight are:

Publishing internal audit key performance results informs Canadians regarding the professionalism, performance and impact of the internal audit function. These are not performance measures and there are no targets attached.

More information on the publication of these attributes is available on the Office of the Comptroller General’s website through the following link:

"Why publish key compliance attributes of internal audit?"

Internal audit performance results as of June 2021

Do the Department’s internal auditors have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?

Yes. The Department’s internal audit function staff have the knowledge, skills and other competencies required to fulfill their responsibilities. As of April 1, 2021:

  • 38% of staff hold the Certified Internal Auditor (CIA) or Chartered Professional Accountant (CPA) professional designation
  • 25% of staff are pursuing an internal audit or accounting designation (CIA, CPA)
  • 19% of staff hold other professional designations:
    • 2 hold a Certified Government Auditing Professional (CGAP)
    • 1 hold a Certification in Risk Management Assurance (CRMA)
    • 2 hold a Certified Information Systems Auditor (CISA)
    • 4 hold a Certified Fraud Examiner (CFE)
  • overall, 47% of staff hold a professional designation

These percentages are not cumulative as audit staff could be in any, all, or none of these categories. For the purposes of this report, the staff composition of the Department’s internal audit function includes 34 staff members. This staff includes:

  • Senior management team (Chief Audit Executive and directors)
  • Audit Operations (audit principals and auditors)
  • Professional Practices and Special Examinations
  • Departmental Audit Committee (DAC), Liaison and management action plans monitoring

Internal Audit favours the hiring of staff who have wide-ranging backgrounds. This brings to the function a diverse skill sets in addition to auditing or accounting. For example, the internal audit function includes:

  • 29 auditors with varied master’s or bachelor’s degrees
  • 2 auditors with advanced knowledge of data analytics
  • 1 auditor with IT security-related professional designations

Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?

Yes. The internal audit work conforms to international standards for the profession. On December 1, 2020, the internal audit function provided a comprehensive briefing to the DAC on:

  • the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ Code of Ethics and Standards
  • the results of the Quality Assurance and Improvement Program

In addition, in January 2021, the internal audit function completed an external assessment confirming that audit work performed is in conformance with the standards.

Are the risk-based audit plans submitted to the audit committee and approved by the Deputy Minister implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?

Risk-based audit plans identify all proposed engagements. The DAC recommends the audit plans for approval by the Deputy Minister.

Engagements are itemized in the table and the lists below:

Table 1. Completed internal assurance engagements identifying progress in implementing recommendations as of June 30, 2021
Engagement title Status Report approved date Report published date Original planned MAP completion date MAP implementation status
Audit of Canada Pension Plan Program Delivery approved, to be published July 2021 upcoming June 2020 5 recommendations in progress
Audit of Controls around Payment Processes — Operations and MaintenanceFootnote 1 published Aug. 2019 Jan. 2020 Mar. 2020 1 recommendation in progress
Audit of Costing PracticesFootnote 2 published Sep. 2020 Dec. 2020 no recommendation issued no recommendation issued
Audit of Identity Management PracticesFootnote 3 published Jun. 2019 Jan. 2020 Mar. 2022 3 recommendations in progress
Audit of IT Security of Content and Collaboration will not be published Mar. 2021 will not be published Nov. 2019 7 recommendations in progress
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2020Footnote 4 published Sep. 2020 Dec. 2020 no recommendation issued no recommendation issued
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2021 approved, to be published July 2021 upcoming no recommendation issued no recommendation issued
Independent Review of Benefits Delivery Modernization will not be published Dec. 2020 & Apr. 2021 will not be published no recommendation issued no recommendation issued

List 1. Internal assurance engagements previously identified and/or in progress as of June 30, 2021

  • Audit of Controls around Payment Processes: Program and Plan Payments — Phase 1
  • Audit of Controls around Payment Processes: Program and Plan Payments — Phase 2
  • Audit of Controls around Payment Processes: Program and Plan Payments — Phase 3
  • Audit of Departmental Payroll Administration — Phase 1
  • Audit of Departmental Payroll Administration — Phase 2
  • Audit of Departmental Payroll Administration — Phase 3
  • Audit of the Information Technology Continuity Planning
  • Old Age Security Service Improvement Strategy Project Post Mortem and Lessons Learned Advisory ReviewFootnote 5
  • Review of Contracts Management
  • Review of the Design of the Identity and Access Management Solution (including Privileged Access)

List 2. Planned internal assurance engagements as of June 30, 2021

  • Audit of the Identification, Security and Protection of Sensitive Information
  • Review of Program Design for Grants and Contributions
  • Audit of IT Supply Chain Management
  • Audit of Program Performance Measurement
  • Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2022
  • Audit of User Activity Monitoring for Selected Programs
  • Independent Review of the Canada Pension Plan Enhancement Project
  • Review of the Financial Transactions and Financial Statements of the Interprovincial Computerized Examination Management System (ICEMS)

Is internal audit credible and adding value in support of the mandate and strategic objectives of the Department?

Yes. 100% of the Department’s senior management provided a “Good” or “Excellent” rating of the overall usefulness of the engagements completed by the function. The internal audit function uses post-engagement client feedback responses received during the 2020 to 2021 fiscal year to measure satisfaction.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: