Report on key compliance attributes of the internal audit function 2017 to 2018
1. Introduction
The Treasury Board Directive on Internal Audit requires that departments with an internal audit function publish departmental internal audit performance results in the form of key compliance attributes. The objective of publishing these results is to provide pertinent information to stakeholders, such as Canadians and parliamentarians, on the professionalism, performance and impact of the internal audit function in departments. As well, it is important that the public be aware that heads of government organizations are receiving independent assurance on the effectiveness and soundness of departmental activities.
This report provides Environment and Climate Change Canada’s (ECCC) responses to the compliance attributes determined by the Office of the Comptroller General of Canada (OCG). These responses answer the questions that stakeholders may have about the oversight of public resources.
The responses relate to the internal audit function at ECCC for fiscal year 2017 to 2018.
Departmental context
ECCC is the lead federal department on a wide range of environmental issues, including action on clean growth and climate change. The Department is also engaged in activities aimed at preventing and managing pollution, conserving nature and predicting weather and environmental conditions. ECCC addresses these issues through various actions, namely the implementation of the Pan-Canadian Framework on Clean Growth and Climate Change; engagement of our strategic partners, including provinces, territories and Indigenous peoples; monitoring; science-based research, policy and regulatory development; and the enforcement of environmental laws and regulations. The Department's program focus reflects the interdependence between environmental sustainability and economic well-being.
Role of internal audit
The role of ECCC’s internal audit function is to provide the Deputy Minister, in conjunction with advice from the Departmental Audit Committee (DAC), with independent assurance on whether departmental activities are managed in a way that demonstrates responsible stewardship to Canadians. The internal audit function fulfills this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the Department's risk management, control and governance processes.
The scope of work of the internal audit function is to assess if ECCC’s network of risk management, control and governance processes designed and represented by management is adequate and functioning, such that:
- risks are appropriately identified and managed
- managerial, financial and operational information is accurate, reliable and timely
- compliance with policies, standards, procedures and applicable laws and regulations is achieved
- resources are acquired economically, used effectively and adequately protected
- program plans and objectives are achieved
- quality and continuous improvement are fostered in the Department’s control processes
- legislative or regulatory issues affecting the Department are recognized and addressed properly
Compliance attributes
The internal audit function at ECCC was assessed on the following four key compliance attributes:
Internal audit training and team
These key attributes answer the following questions that stakeholders may have about the oversight of public resources:
- Do internal auditors in departments have the training required to do the job effectively?
- Are multidisciplinary teams in place to address diverse risks?
ECCC’s response: Yes to both questions
ECCC’s internal audit team is multidisciplinary and comprises staff from different specialities and holding multiple designations. ECCC’s internal audit function consists of nine staff members: the Chief Audit Executive (CAE), a Director of Internal Audit, four auditors and three staff working in the area of professional practices. A staff member is defined as an indeterminate employee.
Of these nine staff members:
- 67% or six staff members hold an internal audit or accounting designation (Certified Internal Auditor [CIA] and Chartered Professional Accountant [CPA]). One of these six also holds a Certification in Risk Management Assurance (CRMA), while another also holds a Certified Government Auditing Professional (CGAP)
- 11% or one staff member holds only another designation (Credentialed Evaluator [CE])
The internal audit function also draws from other resources and expertise within the branch to support its operations.
Internal auditors at ECCC have opportunities for training to help them do their job efficiently and effectively. Examples include language training, career development training and training course and conferences organized by the Institute of Internal Auditors (IIA) or the Financial Management Institute of Canada (FMI). Three staff (33%) have been formally registered and accepted by the certifying body to complete the requirements of the Certified Internal Auditor (CIA) designation.
Conformance with international standards
These key attributes answer the following question that stakeholders may have about the oversight of public resources:
- Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
ECCC’s response: Yes
The Audit and Evaluation Branch conforms to international standards. The last comprehensive briefing to DAC on the conformance of internal audit functions with international standards was completed on December 6, 2017. This briefing included information on internal and external assessments, the qualifications and independence of the assessor, the conclusion of the assessor and areas for improvement.
The last external assessment (practice inspection) was completed on February 14, 2014. The next external assessment is scheduled for 2019, since one must be conducted at least once every five years by a qualified, independent external assessor or assessment team.
Implementation of the Risk-based Audit Plan
These key attributes answer the following questions that stakeholders may have about the oversight of public resources:
- Are the Risk-based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published?
- Is management acting on audit recommendations for improvements to departmental processes?
ECCC’s response: Yes to both questions
Overall, the Risk-based Audit Plan (RBAP) for fiscal year 2017 to 2018, submitted to DAC and approved by the Deputy Minister, was implemented as planned.
ECCC management is actively working to address audit recommendations.
Table 1 outlines the status of audits planned for approval during fiscal years 2017 to 2018 and 2018 to 2019, as well as the implementation status of management action plans (MAP), where applicable.
Internal Audit Title |
Audit Status |
Report Approved Date |
Report Published Date |
Original Planned MAP Completion Date |
Implementation Status |
Audit of staffing and classification |
Published: MAP not fully implemented |
August 15, 2017 |
September 8, 2017 |
September 30, 2018 |
80% |
Audit of business continuity planning |
Published: MAP not fully implemented |
December 8, 2017 |
January 19, 2018 |
December 31, 2018 |
40% |
Review of governance |
Published |
August 21, 2017 |
September 8, 2017 |
N/A - No recommendations were issued |
N/A - No recommendations were issued |
Audit of vote netted revenue (VNR) |
Cancelled |
N/A |
N/A |
N/A |
N/A |
Audit of HR planning and management (OCG horizontal audit) |
Postponed |
N/A |
N/A |
N/A |
N/A |
Audit of expenditure management and controls |
In progress |
N/A |
N/A |
N/A |
N/A |
Audit of enforcement management and operations |
In progress |
N/A |
N/A |
N/A |
N/A |
Audit of the management of grants and contributions |
In progress |
N/A |
N/A |
N/A |
N/A |
Audit of infrastructure renewal within the Meteorological Service of Canada |
In progress |
N/A |
N/A |
N/A |
N/A |
Joint Audit/Evaluation of the management of the Pan-Canadian Framework |
Planned |
N/A |
N/A |
N/A |
N/A |
Credibility and value-add of internal audit
These key attributes answer the following question that stakeholders may have about the oversight of public resources:
- Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?
ECCC’s response: Yes
Responses to the post-audit surveys distributed to senior management following the completion of audits were positive. ADMs indicated that the overall usefulness of the audits were either fair or good.
Work continues to promote the internal audit function as a key element to support evidence-based decision making at ECCC.
Page details
- Date modified: