Key compliance attributes of the Internal Audit Function at ECCC Fiscal year 2024 to 2025

Download the alternative format
(PDF format, 33.78 KB, 8 pages)

List of tables
List of acronyms and abbreviations
CIA
Certified Internal Auditor
CISA
Certified Information Systems Auditor
CGAP
Certified Government Auditing Professional
CPA
Chartered Professional Accountant
ECCC
Environment and Climate Change Canada
FY
Fiscal year
IIA
Institute of Internal Auditors
MAP
Management action plan
OCG
Office of the Comptroller General of Canada
QAIP
Quality assurance and improvement program
RBAP
Risk-based audit plan

1. Introduction

The Treasury Board Directive on Internal Audit requires that departments with an internal audit function publish departmental internal audit performance results in the form of key compliance attributes. The objective of publishing these results is to provide pertinent information to stakeholders, such as Canadians and parliamentarians, on the professionalism, performance and impact of the internal audit function in departments. As well, it is important that the public be aware that heads of government organizations are receiving independent assurance and that departmental activities are managed in a way that demonstrates responsible stewardship.

This report presents the state of compliance in fiscal year (FY) 2024 to 2025 of the internal audit function at Environment and Climate Change Canada (ECCC) on attributes determined by the Office of the Comptroller General of Canada (OCG). These attributes address questions that stakeholders may have related to the sound management and the oversight of public resources.

2. Key compliance attributes

The internal audit function at ECCC was assessed on the following 4 key compliance attributes:

2.1. Professional designations and training

Questions that stakeholders may have about oversight of public resources:
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?

Key compliance attribute Result
1(a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 70%
1(b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress 30%
1(c) % of staff holding other professional designations (CGAP, CISA, etc.) 50%

2.2. Conformance with international standards

Questions that stakeholders may have about oversight of public resources:
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?

Key compliance attribute Result
2(a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) June 3, 2024
2(b) Date of last external assessment March 28, 2024

2.3. Implementation of the risk-based audit plan

Questions that stakeholders may have about oversight of public resources:
Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?

Key compliance attribute Result

3. RBAPs and related information:

(a) name of engagement for the current fiscal year of the RBAP

(b) status of engagement for the current fiscal year of the RBAP

(c) date the engagement report was approved

(d) date the engagement report was published

(e) original planned date for completion of all management action plan (MAP) items

(f) status of MAP items

See Table 1 for details.
Table 1. Status of completed internal audits with an outstanding management action plan from previous risk-based audit plans, as well as status of internal audits engagements planned for tabling in fiscal year 2024 to 2025 as of March 31, 2025
# Engagement title Engagement status Report approved date Report published date Original planned MAP completion date MAP implementation status
1 Management Practices Review of the Public Affairs and Communications Branch Published – MAP not fully implemented May 8, 2023 August 30, 2023 March 31, 2024 71%
2 Audit of ECCC risk management practices Published – MAP not fully implemented June 26, 2023 November 10, 2023 April 30, 2024 71%
3 Internal audit of the system of internal controls over financial reporting Published – MAP not fully implemented April 11, 2024 June 26, 2024 December 31, 2024 67%
4 Audit of the administration of grants and contributions programs at ECCC Published – MAP not fully implemented June 28, 2024 September 12, 2024 March 31, 2027 0%
5 Audit of cyber security at ECCC Published - MAP not fully implemented November 27, 2024 February 27, 2025 September 30, 2026 12%
6 Review of the implementation of ECCC’s Diversity, Inclusion and Employment Equity Plan - Progress to date In progress N/A N/A N/A N/A
7 Review of the use of scientific advice in support of policy development and decision making Approved – Not published February 6, 2025 N/A N/A N/A
8 Audit of IT governance In progress N/A N/A N/A N/A

2.4. Credibility and adding value

Questions that stakeholders may have about oversight of public resources:
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?

Key compliance attribute Result
4. Average overall usefulness rating of areas audited Good

Page details

2025-09-08