Audit and evaluation
The Office of Audit and Evaluation (OAE) within the Privy Council Office (PCO) supports the department’s senior management by providing internal audit and evaluation services and advice, as well as managing a secretariat for the PCO’s Departmental Audit Committee.
- Internal Audits: Provide reasonable assurance against defined criteria, following professional internal auditing standards. Scope is defined via a formal planning phase that includes a comprehensive risk assessment of the entity being audited.
- Targeted Control Audits: Provide reasonable assurance that key controls within an audit entity are designed and working as intended. These audits adhere to professional internal auditing standards. Relative to a typical internal audit, scope is defined using less intensive approaches and is much narrower than an internal audit.
- Reviews: Provide an objective assessment of a particular area without the same rigour of examination and/or testing of an audit. This can provide management with moderate assurance and sufficient information for decision-making purposes. Reviews may be requested by management or initiated by Internal Audit.
- Lessons Learned: Outline lessons from past experiences, on a given topic or topics. Data gathering typically limited to interviews and document review. This service may be requested by management or initiated by Internal Audit.
- Risk Management Support: Includes a range of services to support enterprise risk management (ERM), such as championing ERM in the organization or supporting risk identification and assessment.
- Advice: Encompasses formal and informal advisory services, which may be planned or ad hoc. Advice may be requested by management or initiated by Internal Audit. Scope may include identification of control weaknesses and/or significant risks.
- Other Consulting Engagements: Formal engagements requested by management who plays a major role in defining objective and scope.
Program improvement services
- Standard Evaluations: These evaluations are used to conduct a comprehensive, neutral and formal assessment of a program, policy or an organization’s relevance and performance.
- Calibrated Evaluations: Calibrated evaluations are similar to standard evaluations in terms of credibility and objectivity; however, they may not include the depth and detail of a full evaluation. They may also have reduced methodologies and/or lighter reports. These evaluations can be conducted at any stage of program delivery.
- Developmental Evaluations: This type of evaluation involves early engagement, perhaps before an evaluation may normally be possible. The evaluator is embedded into the operations, questioning and researching in real time to inform implementation, delivery and decisions-making, as well as documenting innovations, tracking progress and facilitating needs for adjustment.
- Targeted Research: Offers management with insights on global trends or new practices. This service may involve specialized skills or services from externals. This type of research is discretionary and can supplement other services such as performance measurement.
- Performance Measurement: Supports creation of logic models, performance measures/indicators and frameworks as part of Performance Information Profiles to outline intended outcomes and the ways to achieve these. Led by the Head of Performance Measurement, evaluators are involved to ensure logic models, performance measures/indicators and targets are valid, reliable and useful for evaluation and decision making purposes.
Key Compliance Attributes 2022-23 (March 31, 2023)
Key Compliance Attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit:
- A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
- A.126.96.36.199 Performance results for the internal audit function
- A.188.8.131.52 A list of planned audit engagements for the coming fiscal year
These results, or key attributes, demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.
Key Compliance Attributes for 2022-2023
|Key compliance attribute
|Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?
|(a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA))
|(b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress
|(c) % of staff holding other designations (CGAP, CISA, etc.)
Collectively, the combination of certifications and experience ensures that PCO’s internal audit function can address diverse risks. Should skills or expertise beyond the capacity of the function be identified, external expertise is retained.
|Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
|(a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP)
|(b) Date of last external assessment
|April 15, 2019
The next External Quality Assessment is planned for 2024.
|Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?
|Risk-Based Audit Plan (RBAP) and related information
|The 2022/23 RBAP was discussed with DAC members periodically during the FY.
Management acted on recommendations; as of March 31, 2023, there were no late recommendations.
The 2023/24 RBAP was approved on June 14, 2023. Engagements are listed below in Annex A.
|Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?
|Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited.
|Based on the post-audit survey results, senior management generally agreed that projects were useful and added value overall.
Annex A: Engagements
|Report approved date
|Original planned MAP completion date
|MAP implementation status
|Impact Canada Evaluation
|Cyclical Staffing Assessment
|Departmental Risk Profile
|Review of Employee Onboarding
|Audit of McKinsey & Company Contract
|Fraud Risk Assessment
|Review of Communications Services
|Review of Departmental Key Performance Indicators (KPIs) - Part 1
|Review of Employee Offboarding
Note: Adjustments to the engagements listed above may occur in order to address emerging risks and priorities of the organization.
- Internal Audit of Federal Government consulting contracts awarded to McKinsey & Company (March 23, 2023)
- Mid-term evaluation of the Impact Canada Fellowship Program (November 12, 2020)
- Evaluation of the PCO Central Innovation Hub (October 7, 2020)
- Audit of Data Management (September 30, 2020)
- Joint audit of the Access to Information and Privacy consultation process in Cabinet Confidences (January 28, 2019)
- Date modified: