Key compliance attributes of internal audit
The department of Employment and Social Development Canada (the Department) publishes key performance results for its internal audit function. This is done in accordance with the Treasury Board Directive on Internal Audit.
These results, or key compliance attributes, demonstrate that, at a minimum, the fundamental elements necessary for oversight are:
- in place
- operating as intended
- achieving results
Publishing internal audit key performance results informs Canadians regarding the professionalism, performance and impact of the internal audit function. These are not performance measures and there are no targets attached.
More information on the publication of these attributes is available on the Office of the Comptroller General’s website through the following link:
"Why publish key compliance attributes of internal audit?"
Internal audit performance results as of December 31, 2023
Do the Department’s internal auditors have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?
Yes. The Department’s internal audit function staff have the knowledge, skills and other competencies required to fulfill their responsibilities. As of December 31, 2023:
- 49% of staff hold the Certified Internal Auditor (CIA) or Chartered Professional Accountant (CPA) professional designation
- 18% of staff are pursuing an internal audit or accounting designation (CIA, CPA)
- 41% of staff hold other professional designations:
- 6 hold a Certified Government Auditing Professional (CGAP)
- 4 hold a Certification in Risk Management Assurance (CRMA)
- 3 hold a Certified Information Systems Auditor (CISA)
- 3 hold a Certified Fraud Examiner (CFE)
- overall, 92% of staff hold a professional designation
These percentages are not cumulative as audit staff could be in any, all, or none of these categories. For the purposes of this report, the staff composition of the Department’s internal audit function includes 39 staff members. This staff includes:
- Senior management team (Chief Audit Executive and directors)
- Audit Operations (audit principals and auditors)
- Professional Practices
- Special Examinations
- Departmental Audit Committee (DAC), Liaison and management action plans monitoring
- Special Projects (Agile Audit)
Internal Audit favours the hiring of staff who have wide-ranging backgrounds. This brings to the function a diverse skill sets in addition to auditing or accounting. For example, the internal audit function includes:
- 34 auditors with varied master’s or bachelor’s degrees
- 2 auditors with advanced knowledge of data analytics
- 1 auditor with IT security-related professional designation
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
Yes. The internal audit work conforms to international standards for the profession. On December 1, 2022, the internal audit function provided a comprehensive briefing to the DAC on:
- the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ Code of Ethics and Standards
- the results of the Quality Assurance and Improvement Program
In addition, in January 2021, the internal audit function completed an external assessment confirming that audit work performed is in conformance with the standards.
Is internal audit credible and adding value in support of the mandate and strategic objectives of the Department
Yes. 100% of the Department’s senior management provided a “Good” or “Excellent” rating of the overall usefulness of the engagements completed by the function. The internal audit function uses post-engagement client feedback responses received during the 2023 to 2024 fiscal year to measure satisfaction.
Are the risk-based audit plans submitted to the audit committee and approved by the Deputy Minister implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?
Risk-based audit plans identify all proposed engagements. The DAC recommends the audit plans for approval by the Deputy Minister.
Engagements are itemized in the table and the lists below:
Engagement title | Status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation statusFootnote 1 |
---|---|---|---|---|---|
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2022Footnote 2 | published | August 2022 | February 2023 | no recommendation issued | no recommendation issued |
Audit of the Consolidated Statement of Administrative Costs Charged to the Canada Pension Plan Account by Employment and Social Development Canada, March 31, 2023Footnote 3 | published | August 2023 | December 2023 | no recommendation issued | no recommendation issued |
Neutral Assessment of the Evaluation FunctionFootnote 4 | approved – to be published | May 2023 | to be published | no recommendation issued | no recommendation issued |
Audit of Controls around Payment Processes: Program and Plan Payments — Phase 1 | approved - to be published | November 2023 | to be published | March 2024 | 2 recommendations in progress |
Audit of Departmental Payroll Administration — Phase 1Footnote 5 | published | March 2022 | July 2022 | September 2022 | 1 recommendation in progress |
Internal audit of federal government consulting contracts awarded to McKinsey & CompanyFootnote 6 | published | March 2023 | March 2023 | June 2024 | 1 recommendation in progress |
Audit of Identity Management PracticesFootnote 7 | published | June 2019 | January 2020 | March 2022 | 2 recommendations in progress |
Audit of the Information Technology Continuity PlanningFootnote 8 | published | March 2022 | July 2022 | March 2023 | 1 recommendation in progress |
Audit of IT Security of Content and Collaboration | will not be published | March 2021 | will not be published | January 2022 | 1 recommendation in progress |
Review of Contract ManagementFootnote 9 | published | March 2022 | July 2022 | June 2024 | 3 recommendations in progress |
Review of the Design of the Identity and Access Management Solution (including Privileged Access) | will not be published | August 2022 | will not be published | December 2024 | 10 recommendations in progress |
List 1. Internal assurance engagements previously identified and/or in progress as of December 31, 2023
- Audit of Business Continuity Management
- Audit of Controls around Payment Processes: Program and Plan Payments — Phase 2
- Audit of Departmental Payroll Administration — Phase 2
- Audit of the Identification, Security and Protection of Sensitive Information
- Audit of Information Sharing Agreements
- Audit of IT Supply Chain Risk ManagementFootnote 10
- Audit of Program Design for Grants and ContributionsFootnote 11
- Audit of Program Performance Measurement
- Audit of Retention and Promotion of Persons with DisabilitiesFootnote 12
- Audit of User Activity Monitoring and Event LoggingFootnote 13
- Independent Review of the Canada Pension Plan Enhancement ProjectFootnote 14
- Review of the Financial Transactions and Financial Statements of the Interprovincial Computerized Examination Management System (ICEMS)Footnote 15
List 2. Planned internal assurance engagements to March 31, 2024, as of December 31, 2023
- Audit of the Common Experience Payment Designated Amount Fund
- Audit of Application Security VulnerabilitiesFootnote 16
- Audit of Design Effectiveness of the Departmental Migration and Operations to the Cloud
- Audit of Enterprise Risk ManagementFootnote 17
- Audit of Occupational Health and SafetyFootnote 18
- Audit of Post-Implementation of the Identity and Access Management and the Privileged Access Management SolutionsFootnote 19
- Audit of Workforce PlanningFootnote 20
- ESDC’s Accessibility Agenda - Audit of Accessible Design and Delivery of ESDC’s programs and servicesFootnote 21
- ESDC’s Accessibility Agenda - Audit of IT Accessibility
Page details
- Date modified: