Report on key compliance attributes of the internal audit function 2017 to 2018

1. Introduction

The Treasury Board Directive on Internal Audit requires that departments with an internal audit function publish departmental internal audit performance results in the form of key compliance attributes. The objective of publishing these results is to provide pertinent information to stakeholders, such as Canadians and parliamentarians, on the professionalism, performance and impact of the internal audit function in departments. As well, it is important that the public be aware that heads of government organizations are receiving independent assurance on the effectiveness and soundness of departmental activities.

This report provides Environment and Climate Change Canada’s (ECCC) responses to the compliance attributes determined by the Office of the Comptroller General of Canada (OCG). These responses answer the questions that stakeholders may have about the oversight of public resources.

The responses relate to the internal audit function at ECCC for fiscal year 2017 to 2018.

Departmental context

ECCC is the lead federal department on a wide range of environmental issues, including action on clean growth and climate change. The Department is also engaged in activities aimed at preventing and managing pollution, conserving nature and predicting weather and environmental conditions. ECCC addresses these issues through various actions, namely the implementation of the Pan-Canadian Framework on Clean Growth and Climate Change; engagement of our strategic partners, including provinces, territories and Indigenous peoples; monitoring; science-based research, policy and regulatory development; and the enforcement of environmental laws and regulations. The Department's program focus reflects the interdependence between environmental sustainability and economic well-being.

Role of internal audit

The role of ECCC’s internal audit function is to provide the Deputy Minister, in conjunction with advice from the Departmental Audit Committee (DAC), with independent assurance on whether departmental activities are managed in a way that demonstrates responsible stewardship to Canadians. The internal audit function fulfills this role by bringing a systematic, disciplined approach to assessing and improving the effectiveness of the Department's risk management, control and governance processes.
The scope of work of the internal audit function is to assess if ECCC’s network of risk management, control and governance processes designed and represented by management is adequate and functioning, such that:

  • risks are appropriately identified and managed
  • managerial, financial and operational information is accurate, reliable and timely
  • compliance with policies, standards, procedures and applicable laws and regulations is achieved
  • resources are acquired economically, used effectively and adequately protected
  • program plans and objectives are achieved
  • quality and continuous improvement are fostered in the Department’s control processes
  • legislative or regulatory issues affecting the Department are recognized and addressed properly

Compliance attributes

The internal audit function at ECCC was assessed on the following four key compliance attributes:

Internal audit training and team

These key attributes answer the following questions that stakeholders may have about the oversight of public resources:

  • Do internal auditors in departments have the training required to do the job effectively?
  • Are multidisciplinary teams in place to address diverse risks?

ECCC’s response: Yes to both questions

ECCC’s internal audit team is multidisciplinary and comprises staff from different specialities and holding multiple designations. ECCC’s internal audit function consists of nine staff members: the Chief Audit Executive (CAE), a Director of Internal Audit, four auditors and three staff working in the area of professional practices. A staff member is defined as an indeterminate employee.
Of these nine staff members:

  • 67% or six staff members hold an internal audit or accounting designation (Certified Internal Auditor [CIA] and Chartered Professional Accountant [CPA]). One of these six also holds a Certification in Risk Management Assurance (CRMA), while another also holds a Certified Government Auditing Professional (CGAP)
  • 11% or one staff member holds only another designation (Credentialed Evaluator [CE])

The internal audit function also draws from other resources and expertise within the branch to support its operations.
Internal auditors at ECCC have opportunities for training to help them do their job efficiently and effectively. Examples include language training, career development training and training course and conferences organized by the Institute of Internal Auditors (IIA) or the Financial Management Institute of Canada (FMI). Three staff (33%) have been formally registered and accepted by the certifying body to complete the requirements of the Certified Internal Auditor (CIA) designation.

Conformance with international standards

These key attributes answer the following question that stakeholders may have about the oversight of public resources:

  • Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?

ECCC’s response: Yes

The Audit and Evaluation Branch conforms to international standards. The last comprehensive briefing to DAC on the conformance of internal audit functions with international standards was completed on December 6, 2017. This briefing included information on internal and external assessments, the qualifications and independence of the assessor, the conclusion of the assessor and areas for improvement.
The last external assessment (practice inspection) was completed on February 14, 2014. The next external assessment is scheduled for 2019, since one must be conducted at least once every five years by a qualified, independent external assessor or assessment team.

Implementation of the Risk-based Audit Plan

These key attributes answer the following questions that stakeholders may have about the oversight of public resources:

  • Are the Risk-based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published?
  • Is management acting on audit recommendations for improvements to departmental processes?

ECCC’s response: Yes to both questions

Overall, the Risk-based Audit Plan (RBAP) for fiscal year 2017 to 2018, submitted to DAC and approved by the Deputy Minister, was implemented as planned.
ECCC management is actively working to address audit recommendations.
Table 1 outlines the status of audits planned for approval during fiscal years 2017 to 2018 and 2018 to 2019, as well as the implementation status of management action plans (MAP), where applicable.

Table 1: Status of audits planned for approval in fiscal years 2017 to 2018 and 2018 to 2019

Internal Audit Title

Audit Status

Report Approved Date

Report Published Date

Original Planned MAP Completion Date

Implementation Status

Audit of staffing and classification

Published: MAP not fully implemented

August 15, 2017

September 8, 2017

September 30, 2018

80%

Audit of business continuity planning

Published: MAP not fully implemented

December 8, 2017

January 19, 2018

December 31, 2018

40%

Review of governance

Published

August 21, 2017

September 8, 2017

N/A - No recommendations were issued

N/A - No recommendations were issued

Audit of vote netted revenue (VNR)

Cancelled

N/A

N/A

N/A

N/A

Audit of HR planning and management (OCG horizontal audit)

Postponed

N/A

N/A

N/A

N/A

Audit of expenditure management and controls

In progress

N/A

N/A

N/A

N/A

Audit of enforcement management and operations

In progress

N/A

N/A

N/A

N/A

Audit of the management of grants and contributions

In progress

N/A

N/A

N/A

N/A

Audit of infrastructure renewal within the Meteorological Service of Canada

In progress

N/A

N/A

N/A

N/A

Joint Audit/Evaluation of the management of the Pan-Canadian Framework

Planned

N/A

N/A

N/A

N/A

Credibility and value-add of internal audit

These key attributes answer the following question that stakeholders may have about the oversight of public resources:

  • Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?

ECCC’s response: Yes

Responses to the post-audit surveys distributed to senior management following the completion of audits were positive. ADMs indicated that the overall usefulness of the audits were either fair or good.

Work continues to promote the internal audit function as a key element to support evidence-based decision making at ECCC.

Page details

Date modified: