Report: Key compliance attributes of the Department’s internal audit function as of March 31, 2025 - Employment and Social Development Canada

On this page

Overview

The 4 key compliance attributes relate to the following areas and are reported below:

For the purpose of this report, the staff composition of the Department's internal audit function includes 32 indeterminate auditors, comprising:

Table 1. Key compliance attributes of the Department's internal audit function as of March 31, 2025

Key Compliance Attributes Departmental Results as of March 31, 2025
1. (a). % of staff with an internal audit or accounting designation (Certified Internal Auditor [CIA], Chartered Professional Accountant [CPA]).
1. (b). % of staff with an internal audit or accounting designation in progress (CIA, CPA).
1. (c). % of staff holding other designations (Certified Government Auditing Professional [CGAP], Certification in Risk Management Assurance [CRMA], etc.).
1. (a) 50% of staff have an internal audit or accounting designation (Certified Internal Auditor (CIA) or Chartered Professional Accountant (CPA)).
1. (b) 19% of staff have an internal audit or accounting designation in progress (CIA, CPA).
1. (c) 28% of staff hold other professional designations (CGAP, CISA etc.)
2. (a). Date of last comprehensive briefing to the Departmental Audit Committee (DAC) on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program (QAIP).
2. (b). Date of last external assessment.
2. (a). The last briefing to the DAC on the internal processes, tools, information necessary to evaluate conformance with the IIA Standards and the Quality Assurance and Improvement Program (QAIP) was on December 5, 2024.
2. (b). The last external quality assessment was completed in January 2021.
3. Risk-Based Audit Plan (RBAP) and related information:
  1. name/status of audit for the current fiscal year of the RBAP
  2. date the audit report was approved
  3. date the audit report was published
  4. original planned date for completion of all management action plan (MAP) items
  5. status of MAP items
3. The 2024-25 RBAP was approved in June 2024. Please refer to Table 1 below for progress in implementing the current RBAP and to Table 2 for information on MAPs still in progress.
4. Average overall usefulness rating from senior management of areas audited. 4. 85% of the Department's senior management provided a "Good" or "Excellent" rating of the overall usefulness of internal audit engagements. The internal audit function uses post-engagement client feedback responses received during the 2024-2025 fiscal year to measure satisfaction.

Table 2. Progress in Implementing the 2024-25 RBAP, as of March 31, 2025

Engagement title Status Report approved date Report published date Original planned MAP completion date MAP implementation status
Technical Debt Remediation Initiative (TDRI): Review of Deep Dive Assurance on Budget Forecasting and Funding Projections Approved - Not published 2024/10/02 not applicable 2024/12/31 0%
Review of ESDC's Program Delivery Fraud LandscapeFootnote 1 Approved - Not published 2024/06/11 not applicable not applicable not applicable
Audit of the Common Experience Payment Designated Amount FundFootnote 1 Published - MAP not applicable 2024/06/11 2024/12/13 not applicable not applicable
Audit of Business Continuity Management Published - MAP not fully implemented 2024/12/05 2025/07/15 2027/06/30 0%
Review of Procurement - Phase 1 Approved - Not published 2024/08/27 not applicable 2026/12/31 0%
Review of the Design of the Readiness Assessment Framework for the Launch of Release 2/3 of Old Age Security on Benefit Delivery Modernization (BDM) (Phase 1) Approved - Not published 2024/08/06 not applicable 2025/05/31 100%
Audit of ESDC Passport Revolving Fund Cost Recovery Published - MAP not fully implemented 2024/12/05 2025/07/18 2025/03/31 0%
Audit of the Consolidated Statement of Administrative Costs charge to the Canada Pension Plan Accounts by ESDC as of March 31, 2024Footnote 1 Published - MAP not applicable 2024/12/05 2025/07/11 not applicable not applicable
Audit of Information Sharing Agreements Published - MAP not fully implemented 2024/12/05 2025/07/11 2028/03/31 0%
Review of the Design of the Readiness Assessment Framework for the Launch of Release 2/3 of Old Age Security on BDM (Phase 2) In progress not applicable not applicable not applicable not applicable
Review of Labour Program Complaints ManagementFootnote 2 In progress not applicable not applicable not applicable not applicable
Review of TDRI Commitments and ResultsFootnote 3 In progress not applicable not applicable not applicable not applicable
Review of Remediation of Technical Debt Plans Post TDRIFootnote 4 In progress not applicable not applicable not applicable not applicable
Audit of the Employee Offboarding In progress not applicable not applicable not applicable not applicable
Review of Social Insurance NumberFootnote 5 In progress not applicable not applicable not applicable not applicable
Review of Internal Controls over Fraud Risks in ESDC's Grants and Contribution ProgramsFootnote 6 In progress not applicable not applicable not applicable not applicable
Audit of ESDC's Employee Access Monitoring ProgramFootnote 7 In progress not applicable not applicable not applicable not applicable
Audit of Passport Service Delivery In progress not applicable not applicable not applicable not applicable
Agile Review -Network Modernization IT Project Review In progress not applicable not applicable not applicable not applicable
Audit of the Security Design Effectiveness of the Departmental Adoption of Operations of the CloudFootnote 8 In progress not applicable not applicable not applicable not applicable
Audit of Application Security Vulnerabilities In progress not applicable not applicable not applicable not applicable
Audit of Cyber Security Incident Response Planned not applicable not applicable not applicable not applicable
Audit of Post-Implementation of the Identity and Access Management and the Privileged Access Management Solutions Planned not applicable not applicable not applicable not applicable

Table 3. Engagements with Management Action Plans (MAPs) in progress, as of March 31, 2025Footnote 9

Engagement title Status Report approved date Report published date Original planned MAP completion date MAP implementation status
TDRI: Deep Dive Assurance on TDRI Scope Definition and Management Approved - Not published not applicableFootnote 10 not applicable 2024/12/01 0%
TDRI Deep Dive Assurance on Portfolio Management Approved - Not published not applicableFootnote 10 not applicable 2025/01/31 29%
Audit of Departmental Payroll Administration - Phase 2 Published - MAP not fully implemented 2024/04/09 2024/09/27 2026-03-31 33%
Audit of Program Design for Grants and Contributions Published - MAP not fully implemented 2024/06/11 2024/12/06 2025/03/31 0%
Audit of Program Performance Measurement Published - MAP not fully implemented 2023/11/28 2024/05/01 2026/12/31 0%
Audit of Identification, Security and Protection of Sensitive Information Approved - Not published 2023/08/24 not applicable 2025/03/31 33%
Audit of Controls Around Payment Processes - Program Payments - Phase 1 Published - MAP not fully implemented 2023/06/06 2024/04/19 To be completed upon the completion of the Government-wide solution (+/- 2 years). 50%
Internal Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company Published - MAP fully implemented 2023/03/22 2023/03/30 2024/06/30 100%
Review of the Design of the Identity and Access Management Solution (including Privileged Access) Approved - Not published 2022/08/25 not applicable 2024/12/31 40%
Review of Contract Management Published - MAP not fully implemented 2022/01/28 2022/07/28 2024/06/30 75%
Audit of IT Security of Content and Collaboration Approved - Not published 2021/03/23 not applicable 2022/01/11 100%
Audit of Identity Management Practices Published - MAP fully implemented 2019/06/18 2022/04/21 2022/03/31 100%
Integrated Management Action Plan for Audit of Access Controls Initiative Approved - Not published 2018/11/20 not applicable 2019/08/31 0%Footnote 11

Page details

2025-10-16