Audit and evaluation
The Office of Audit and Evaluation (OAE) within the Privy Council Office (PCO) supports the department’s senior management by providing internal audit and evaluation services and advice, as well as managing a secretariat for the PCO’s Departmental Audit Committee.
Internal Audit
Assurance services
- Internal Audits: Provide reasonable assurance against defined criteria, following professional internal auditing standards. Scope is defined via a formal planning phase that includes a comprehensive risk assessment of the entity being audited.
- Targeted Control Audits: Provide reasonable assurance that key controls within an audit entity are designed and working as intended. These audits adhere to professional internal auditing standards. Relative to a typical internal audit, scope is defined using less intensive approaches and is much narrower than an internal audit.
Consulting services
- Reviews: Provide an objective assessment of a particular area without the same rigour of examination and/or testing of an audit. This can provide management with moderate assurance and sufficient information for decision-making purposes. Reviews may be requested by management or initiated by Internal Audit.
- Lessons Learned: Outline lessons from past experiences, on a given topic or topics. Data gathering typically limited to interviews and document review. This service may be requested by management or initiated by Internal Audit.
- Risk Management Support: Includes a range of services to support enterprise risk management (ERM), such as championing ERM in the organization or supporting risk identification and assessment.
- Advice: Encompasses formal and informal advisory services, which may be planned or ad hoc. Advice may be requested by management or initiated by Internal Audit. Scope may include identification of control weaknesses and/or significant risks.
- Other Consulting Engagements: Formal engagements requested by management who plays a major role in defining objective and scope.
Evaluation
Program improvement services
- Standard Evaluations: These evaluations are used to conduct a comprehensive, neutral and formal assessment of a program, policy or an organization’s relevance and performance.
- Calibrated Evaluations: Calibrated evaluations are similar to standard evaluations in terms of credibility and objectivity; however, they may not include the depth and detail of a full evaluation. They may also have reduced methodologies and/or lighter reports. These evaluations can be conducted at any stage of program delivery.
- Developmental Evaluations: This type of evaluation involves early engagement, perhaps before an evaluation may normally be possible. The evaluator is embedded into the operations, questioning and researching in real time to inform implementation, delivery and decisions-making, as well as documenting innovations, tracking progress and facilitating needs for adjustment.
Consulting services
- Targeted Research: Offers management with insights on global trends or new practices. This service may involve specialized skills or services from externals. This type of research is discretionary and can supplement other services such as performance measurement.
- Performance Measurement: Supports creation of logic models, performance measures/indicators and frameworks as part of Performance Information Profiles to outline intended outcomes and the ways to achieve these. Led by the Head of Performance Measurement, evaluators are involved to ensure logic models, performance measures/indicators and targets are valid, reliable and useful for evaluation and decision making purposes.
Performance results
Key Compliance Attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit:
- A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
- A.2.2.3.1 Performance results for the internal audit function
- A.2.2.3.2 A list of planned audit engagements for the coming fiscal year
These results, or key attributes, demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.
| Performance indicators | Key compliance attribute | 2021–2022 Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | (a) % of staff with an internal audit or accounting designation [Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)] | 0% |
| (b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress | 0% | |
| (c) % of staff holding other designations (CGAP, CISA, etc.) | 20% Collectively, the combination of certifications and experience ensures that PCO’s internal audit function can address diverse risks. Should skills or expertise beyond the capacity of the function be identified, external expertise would be retained. |
|
| Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | (a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) | November 23, 2020 |
| (b) Date of last external assessment | April 15, 2019 The next External Quality Assurance Review is planned for 2024. |
|
| Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? |
Risk-Based Audit Plan (RBAP) and related information
|
The RBAP was discussed with Audit Committee members periodically during the FY. Management acted on recommendations; as of March 31, 2022, there were no late recommendations. Audit projects are listed below. |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | N/A Senior management satisfaction surveys were not launched during the FY. |
| Engagement title | Engagement status | Report approved date | Published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|
| Review of Database Backup and Recovery Policies | Completed | December 16, 2021 | N/A | N/A | N/A |
| Review of PCO’s Employee Onboarding Process | In Progress | N/A | N/A | N/A | N/A |
| Fraud Risk Assessment | Planned | - | - | - | - |
| Review of Emergency Response and Resiliency | Planned | - | - | - | - |
| Review of Handling of Sensitive Documents | Planned | - | - | - | - |
| Audit of PCO’s Governor in Council Appointments Process | Planned | - | - | - | - |
| Follow-up Evaluation of the Impact and Innovation Unit | In Progress | N/A | N/A | N/A | N/A |
| PSC Cyclical Staffing Assessment | Planned | - | - | - | - |
| Audit of Data Management Phase II | Planned | - | - | - | - |
Note: Additions and adjustments to the engagements listed above may have occurred in order to address emerging risks and priorities of the organization.
Publications
Publications
- Internal Audit of Federal Government consulting contracts awarded to McKinsey & Company (March 23, 2023)
- Privy Council Office Departmental Audit Committee Charter (May 2021)
- Mid-term evaluation of the Impact Canada Fellowship Program (November 12, 2020)
- Evaluation of the PCO Central Innovation Hub (October 7, 2020)
- Audit of Data Management (September 30, 2020)
- Internal Audit Charter (October 2019)
- Joint audit of the Access to Information and Privacy consultation process in Cabinet Confidences (January 28, 2019)
- Audit of the Parliamentary Returns Process (October 13, 2017)
- Self-Assessment of Staffing Activities (September 19, 2017)
- PCO Audit Committee Charter (July 2017)
- Review of PCO's Performance Management Framework for Employees (January 20, 2017)
- Audit of PCO’s Accounts Payable Function (January 16, 2017)
- Annual Audit Committee Report to the Clerk of the Privy Council 2016-2017
- Chief Audit Executive Annual Report 2016-2017
- Risk-Based Internal Audit Plan 2016-2017 to 2018-2019
Proactive disclosure
Report a problem or mistake on this page
- Date modified: