Key compliance attributes of the Internal Audit Function at ECCC Fiscal year 2024 to 2025
Download the alternative format
(PDF format, 33.78 KB, 8 pages)
List of acronyms and abbreviations
- CIA
- Certified Internal Auditor
- CISA
- Certified Information Systems Auditor
- CGAP
- Certified Government Auditing Professional
- CPA
- Chartered Professional Accountant
- ECCC
- Environment and Climate Change Canada
- FY
- Fiscal year
- IIA
- Institute of Internal Auditors
- MAP
- Management action plan
- OCG
- Office of the Comptroller General of Canada
- QAIP
- Quality assurance and improvement program
- RBAP
- Risk-based audit plan
1. Introduction
The Treasury Board Directive on Internal Audit requires that departments with an internal audit function publish departmental internal audit performance results in the form of key compliance attributes. The objective of publishing these results is to provide pertinent information to stakeholders, such as Canadians and parliamentarians, on the professionalism, performance and impact of the internal audit function in departments. As well, it is important that the public be aware that heads of government organizations are receiving independent assurance and that departmental activities are managed in a way that demonstrates responsible stewardship.
This report presents the state of compliance in fiscal year (FY) 2024 to 2025 of the internal audit function at Environment and Climate Change Canada (ECCC) on attributes determined by the Office of the Comptroller General of Canada (OCG). These attributes address questions that stakeholders may have related to the sound management and the oversight of public resources.
2. Key compliance attributes
The internal audit function at ECCC was assessed on the following 4 key compliance attributes:
- Professional designations and training
- Conformance with international standards
- Implementation of the risk-based audit plan
- Credibility and adding value
2.1. Professional designations and training
Questions that stakeholders may have about oversight of public resources:
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?
| Key compliance attribute | Result |
|---|---|
| 1(a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 70% |
| 1(b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress | 30% |
| 1(c) % of staff holding other professional designations (CGAP, CISA, etc.) | 50% |
2.2. Conformance with international standards
Questions that stakeholders may have about oversight of public resources:
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
| Key compliance attribute | Result |
|---|---|
| 2(a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) | June 3, 2024 |
| 2(b) Date of last external assessment | March 28, 2024 |
2.3. Implementation of the risk-based audit plan
Questions that stakeholders may have about oversight of public resources:
Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?
| Key compliance attribute | Result |
|---|---|
3. RBAPs and related information: (a) name of engagement for the current fiscal year of the RBAP (b) status of engagement for the current fiscal year of the RBAP (c) date the engagement report was approved (d) date the engagement report was published (e) original planned date for completion of all management action plan (MAP) items (f) status of MAP items |
See Table 1 for details. |
| # | Engagement title | Engagement status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|---|
| 1 | Management Practices Review of the Public Affairs and Communications Branch | Published – MAP not fully implemented | May 8, 2023 | August 30, 2023 | March 31, 2024 | 71% |
| 2 | Audit of ECCC risk management practices | Published – MAP not fully implemented | June 26, 2023 | November 10, 2023 | April 30, 2024 | 71% |
| 3 | Internal audit of the system of internal controls over financial reporting | Published – MAP not fully implemented | April 11, 2024 | June 26, 2024 | December 31, 2024 | 67% |
| 4 | Audit of the administration of grants and contributions programs at ECCC | Published – MAP not fully implemented | June 28, 2024 | September 12, 2024 | March 31, 2027 | 0% |
| 5 | Audit of cyber security at ECCC | Published - MAP not fully implemented | November 27, 2024 | February 27, 2025 | September 30, 2026 | 12% |
| 6 | Review of the implementation of ECCC’s Diversity, Inclusion and Employment Equity Plan - Progress to date | In progress | N/A | N/A | N/A | N/A |
| 7 | Review of the use of scientific advice in support of policy development and decision making | Approved – Not published | February 6, 2025 | N/A | N/A | N/A |
| 8 | Audit of IT governance | In progress | N/A | N/A | N/A | N/A |
2.4. Credibility and adding value
Questions that stakeholders may have about oversight of public resources:
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?
| Key compliance attribute | Result |
|---|---|
| 4. Average overall usefulness rating of areas audited | Good |