Audit and evaluation

The Office of Audit and Evaluation (OAE) within the Privy Council Office (PCO) supports the department’s senior management by providing internal audit and evaluation services and advice, as well as managing a secretariat for the PCO’s Departmental Audit Committee.

Internal Audit

Assurance services

  • Internal Audits: Provide reasonable assurance against defined criteria, following professional internal auditing standards. Scope is defined via a formal planning phase that includes a comprehensive risk assessment of the entity being audited.
  • Targeted Control Audits: Provide reasonable assurance that key controls within an audit entity are designed and working as intended. These audits adhere to professional internal auditing standards. Relative to a typical internal audit, scope is defined using less intensive approaches and is much narrower than an internal audit.

Consulting services

  • Reviews: Provide an objective assessment of a particular area without the same rigour of examination and/or testing of an audit. This can provide management with moderate assurance and sufficient information for decision-making purposes. Reviews may be requested by management or initiated by Internal Audit.
  • Lessons Learned: Outline lessons from past experiences, on a given topic or topics. Data gathering typically limited to interviews and document review. This service may be requested by management or initiated by Internal Audit.  
  • Risk Management Support: Includes a range of services to support enterprise risk management (ERM), such as championing ERM in the organization or supporting risk identification and assessment.
  • Advice: Encompasses formal and informal advisory services, which may be planned or ad hoc. Advice may be requested by management or initiated by Internal Audit. Scope may include identification of control weaknesses and/or significant risks.
  • Other Consulting Engagements: Formal engagements requested by management who plays a major role in defining objective and scope.

Program improvement services

  • Standard Evaluations: These evaluations are used to conduct a comprehensive, neutral and formal assessment of a program, policy or an organization’s relevance and performance.
  • Calibrated Evaluations: Calibrated evaluations are similar to standard evaluations in terms of credibility and objectivity; however, they may not include the depth and detail of a full evaluation. They may also have reduced methodologies and/or lighter reports. These evaluations can be conducted at any stage of program delivery.
  • Developmental Evaluations: This type of evaluation involves early engagement, perhaps before an evaluation may normally be possible. The evaluator is embedded into the operations, questioning and researching in real time to inform implementation, delivery and decisions-making, as well as documenting innovations, tracking progress and facilitating needs for adjustment.

Consulting services

  • Targeted Research: Offers management with insights on global trends or new practices. This service may involve specialized skills or services from externals. This type of research is discretionary and can supplement other services such as performance measurement.
  • Performance Measurement: Supports creation of logic models, performance measures/indicators and frameworks as part of Performance Information Profiles to outline intended outcomes and the ways to achieve these. Led by the Head of Performance Measurement, evaluators are involved to ensure logic models, performance measures/indicators and targets are valid, reliable and useful for evaluation and decision making purposes.
Performance results

Key Compliance Attributes 2022-23 (March 31, 2023)

Key Compliance Attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit:

  • A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
    • A. Performance results for the internal audit function
    • A. A list of planned audit engagements for the coming fiscal year

These results, or key attributes, demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.

Key Compliance Attributes for 2022-2023

Performance indicators Key compliance attribute 2022–2023 results
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? (a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 33%
(b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress 33%
(c) % of staff holding other designations (CGAP, CISA, etc.) 33%

Collectively, the combination of certifications and experience ensures that PCO’s internal audit function can address diverse risks. Should skills or expertise beyond the capacity of the function be identified, external expertise is retained.
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? (a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) April 2023
(b) Date of last external assessment April 15, 2019

The next External Quality Assessment is planned for 2024.
Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? Risk-Based Audit Plan (RBAP) and related information

  1. name/status of audit for the current fiscal year of the RBAP
  2. date the audit report was approved
  3. date the audit report was published
  4. original planned date for completion of all management action plan (MAP) items
  5. status of MAP items
The 2022/23 RBAP was discussed with DAC members periodically during the FY.

Management acted on recommendations; as of March 31, 2023, there were no late recommendations.

The 2023/24 RBAP was approved on June 14, 2023. Engagements are listed below in Annex A.
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. Based on the post-audit survey results, senior management generally agreed that projects were useful and added value overall.

Annex A: Engagements

Engagement title Engagement status Report approved date Published date Original planned MAP completion date MAP implementation status
Impact Canada Evaluation Completed August 2022 N/A N/A N/A
Cyclical Staffing Assessment Completed May 2023 N/A - In progress
Departmental Risk Profile Completed December 2022 N/A N/A N/A
Review of Employee Onboarding Completed January 2023 N/A September 2023 In progress
Audit of McKinsey & Company Contract Completed March 2023 March  2023 December 2023 In progress
Fraud Risk Assessment Completed April 2023 N/A - In progress
Review of Communications Services In progress - - - -
Review of Departmental Key Performance Indicators (KPIs) - Part 1 Planned - - - -
Review of Employee Offboarding Planned - - - -

Note: Adjustments to the engagements listed above may occur in order to address emerging risks and priorities of the organization.



Proactive disclosure

Page details

Date modified: