Audit and evaluation

The Office of Audit and Evaluation (OAE) within the Privy Council Office (PCO) supports the department’s senior management by providing internal audit and evaluation services and advice, as well as managing a secretariat for the PCO’s Departmental Audit Committee.

Internal Audit

Assurance services

  • Internal Audits: Provide reasonable assurance against defined criteria, following professional internal auditing standards. Scope is defined via a formal planning phase that includes a comprehensive risk assessment of the entity being audited.
  • Targeted Control Audits: Provide reasonable assurance that key controls within an audit entity are designed and working as intended. These audits adhere to professional internal auditing standards. Relative to a typical internal audit, scope is defined using less intensive approaches and is much narrower than an internal audit.

Consulting services

  • Reviews: Provide an objective assessment of a particular area without the same rigour of examination and/or testing of an audit. This can provide management with moderate assurance and sufficient information for decision-making purposes. Reviews may be requested by management or initiated by Internal Audit.
  • Lessons Learned: Outline lessons from past experiences, on a given topic or topics. Data gathering typically limited to interviews and document review. This service may be requested by management or initiated by Internal Audit.  
  • Risk Management Support: Includes a range of services to support enterprise risk management (ERM), such as championing ERM in the organization or supporting risk identification and assessment.
  • Advice: Encompasses formal and informal advisory services, which may be planned or ad hoc. Advice may be requested by management or initiated by Internal Audit. Scope may include identification of control weaknesses and/or significant risks.
  • Other Consulting Engagements: Formal engagements requested by management who plays a major role in defining objective and scope.

Program improvement services

  • Standard Evaluations: These evaluations are used to conduct a comprehensive, neutral and formal assessment of a program, policy or an organization’s relevance and performance.
  • Calibrated Evaluations: Calibrated evaluations are similar to standard evaluations in terms of credibility and objectivity; however, they may not include the depth and detail of a full evaluation. They may also have reduced methodologies and/or lighter reports. These evaluations can be conducted at any stage of program delivery.
  • Developmental Evaluations: This type of evaluation involves early engagement, perhaps before an evaluation may normally be possible. The evaluator is embedded into the operations, questioning and researching in real time to inform implementation, delivery and decisions-making, as well as documenting innovations, tracking progress and facilitating needs for adjustment.

Consulting services

  • Targeted Research: Offers management with insights on global trends or new practices. This service may involve specialized skills or services from externals. This type of research is discretionary and can supplement other services such as performance measurement.
  • Performance Measurement: Supports creation of logic models, performance measures/indicators and frameworks as part of Performance Information Profiles to outline intended outcomes and the ways to achieve these. Led by the Head of Performance Measurement, evaluators are involved to ensure logic models, performance measures/indicators and targets are valid, reliable and useful for evaluation and decision making purposes.
Performance results

Key Compliance Attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit:

  • A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
    • A. Performance results for the internal audit function
    • A. A list of planned audit engagements for the coming fiscal year

These results, or key attributes, demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.

Key Compliance Attributes for 2020-2021
Performance indicators Key compliance attribute 2020-2021 Results
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? 1. (a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 20%
1. (b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress 0%
1. (c) % of staff holding other designations (CGAP, CISA, etc.) 40%
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? 2. (a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) November 23, 2020
2. (b) Date of last external assessment April 15, 2019
Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? 3. Risk-Based Audit Plan (RBAP) and related information
  1. name/status of audit for the current fiscal year of the RBAP
  2. date the audit report was approved
  3. date the audit report was published
  4. original planned date for completion of all management action plan (MAP) items
  5. status of MAP items
See Status of Current Risk-Based Assurance Plan Table
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? 4. Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. 100%
Status of Current Risk-Based Assurance Plan (RBAP)
Project Title Audit Status Date Report Approved Date Report Published Planned date for completion of all management action plans (MAPs) Implementation Status
Consulting Engagement of Transition Readiness Completed July 17, 2019 N/A N/A N/A
Evaluation of the PCO Central Innovation Hub Report Completed August 17, 2020 October 7, 2020 N/A N/A
Audit of Data Management Completed August 24, 2020 October 2, 2020 Q4 2020-2021 100%
Mid-term evaluation of the Impact Canada Fellowship Program Completed August 24, 2020 November 17, 2020 N/A N/A
Consulting Engagement of IM/IT User Behavior Completed September 4, 2020 N/A N/A N/A
Safe Return to the Office Risk Assessment Completed March 26, 2021 N/A N/A N/A
Risk Assessment of Backup and Retention Policies for PCO Databases In Progress N/A N/A N/A N/A
Evaluation of PCO’s Employee Onboarding Process Planned - - - -
Fraud Risk Assessment Planned - - - -
Review of Emergency Response and Resiliency Planned        
Review of Handling of Sensitive Documents Planned - - - -
Audit of PCO’s Governor in Council Appointments Processes Planned - - - -
Follow-up Evaluation of the Impact and Innovation Unit Planned - - -  
PSC Cyclical Staffing Assessment Planned - - - -
Audit of Data Management (Phase II) Planned - - - -


Proactive disclosure

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: