Key compliance attributes of internal audit

The department of Employment and Social Development Canada (the Department) publishes key performance results for its internal audit function. This is done in accordance with the Treasury Board Directive on Internal Audit.

These results, or key compliance attributes, demonstrate that, at a minimum, the fundamental elements necessary for oversight are:

Publishing internal audit key performance results informs Canadians regarding the professionalism, performance and impact of the internal audit function. These are not performance measures and there are no targets attached.

More information on the publication of these attributes is available on the Office of the Comptroller General’s website through the following link:

"Why publish key compliance attributes of internal audit?"

Internal audit performance results as of December 31, 2023

Do the Department’s internal auditors have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?

Yes. The Department’s internal audit function staff have the knowledge, skills and other competencies required to fulfill their responsibilities. As of December 31, 2023:

  • 49% of staff hold the Certified Internal Auditor (CIA) or Chartered Professional Accountant (CPA) professional designation
  • 18% of staff are pursuing an internal audit or accounting designation (CIA, CPA)
  • 41% of staff hold other professional designations:
    • 6 hold a Certified Government Auditing Professional (CGAP)
    • 4 hold a Certification in Risk Management Assurance (CRMA)
    • 3 hold a Certified Information Systems Auditor (CISA)
    • 3 hold a Certified Fraud Examiner (CFE)
  • overall, 92% of staff hold a professional designation

These percentages are not cumulative as audit staff could be in any, all, or none of these categories. For the purposes of this report, the staff composition of the Department’s internal audit function includes 39 staff members. This staff includes:

  • Senior management team (Chief Audit Executive and directors)
  • Audit Operations (audit principals and auditors)
  • Professional Practices
  • Special Examinations
  • Departmental Audit Committee (DAC), Liaison and management action plans monitoring
  • Special Projects (Agile Audit)

Internal Audit favours the hiring of staff who have wide-ranging backgrounds. This brings to the function a diverse skill sets in addition to auditing or accounting. For example, the internal audit function includes:

  • 34 auditors with varied master’s or bachelor’s degrees
  • 2 auditors with advanced knowledge of data analytics
  • 1 auditor with IT security-related professional designation

Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?

Yes. The internal audit work conforms to international standards for the profession. On December 1, 2022, the internal audit function provided a comprehensive briefing to the DAC on:

  • the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ Code of Ethics and Standards
  • the results of the Quality Assurance and Improvement Program

In addition, in January 2021, the internal audit function completed an external assessment confirming that audit work performed is in conformance with the standards.

Is internal audit credible and adding value in support of the mandate and strategic objectives of the Department

Yes. 100% of the Department’s senior management provided a “Good” or “Excellent” rating of the overall usefulness of the engagements completed by the function. The internal audit function uses post-engagement client feedback responses received during the 2023 to 2024 fiscal year to measure satisfaction.

Are the risk-based audit plans submitted to the audit committee and approved by the Deputy Minister implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?

Risk-based audit plans identify all proposed engagements. The DAC recommends the audit plans for approval by the Deputy Minister.

Engagements are itemized in the table and the lists below:

Table 1. Completed internal assurance engagements identifying progress in implementing recommendations as of December 31, 2023
Engagement title Status Report approved date Report published date Original planned MAP completion date MAP implementation statusFootnote 1
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2022Footnote 2 published August 2022 February 2023 no recommendation issued no recommendation issued
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2023Footnote 3 published August 2023 December 2023 no recommendation issued no recommendation issued
Neutral Assessment of the Evaluation FunctionFootnote 4 approved – to be published May 2023 to be published no recommendation issued no recommendation issued
Audit of Controls around Payment Processes: Program and Plan Payments — Phase 1 approved - to be published November 2023 to be published March 2024 2 recommendations in progress
Audit of Departmental Payroll Administration — Phase 1Footnote 5 published March 2022 July 2022 September 2022 1 recommendation in progress
Internal audit of federal government consulting contracts awarded to McKinsey & CompanyFootnote 6 published March 2023 March 2023 June 2024 1 recommendation in progress
Audit of Identity Management PracticesFootnote 7 published June 2019 January 2020 March 2022 2 recommendations in progress
Audit of the Information Technology Continuity PlanningFootnote 8 published March 2022 July 2022 March 2023 1 recommendation in progress
Audit of IT Security of Content and Collaboration will not be published March 2021 will not be published January 2022 1 recommendation in progress
Review of Contract ManagementFootnote 9 published March 2022 July 2022 June 2024 3 recommendations in progress
Review of the Design of the Identity and Access Management Solution (including Privileged Access) will not be published August 2022 will not be published December 2024 10 recommendations in progress

List 1. Internal assurance engagements previously identified and/or in progress as of December 31, 2023

  • Audit of Business Continuity Management
  • Audit of Controls around Payment Processes: Program and Plan Payments — Phase 2
  • Audit of Departmental Payroll Administration — Phase 2
  • Audit of the Identification, Security and Protection of Sensitive Information
  • Audit of Information Sharing Agreements
  • Audit of IT Supply Chain Risk ManagementFootnote 10
  • Audit of Program Design for Grants and ContributionsFootnote 11
  • Audit of Program Performance Measurement
  • Audit of Retention and Promotion of Persons with DisabilitiesFootnote 12
  • Audit of User Activity Monitoring and Event LoggingFootnote 13
  • Independent Review of the Canada Pension Plan Enhancement ProjectFootnote 14
  • Review of the Financial Transactions and Financial Statements of the Interprovincial Computerized Examination Management System (ICEMS)Footnote 15

List 2. Planned internal assurance engagements to March 31, 2024, as of December 31, 2023

  • Audit of the Common Experience Payment Designated Amount Fund
  • Audit of Application Security VulnerabilitiesFootnote 16
  • Audit of Design Effectiveness of the Departmental Migration and Operations to the Cloud
  • Audit of Enterprise Risk ManagementFootnote 17
  • Audit of Occupational Health and SafetyFootnote 18
  • Audit of Post-Implementation of the Identity and Access Management and the Privileged Access Management SolutionsFootnote 19
  • Audit of Workforce PlanningFootnote 20
  • ESDC’s Accessibility Agenda - Audit of Accessible Design and Delivery of ESDC’s programs and servicesFootnote 21
  • ESDC’s Accessibility Agenda - Audit of IT Accessibility

Page details

Date modified: