Audit and evaluation
The Office of Audit and Evaluation (OAE) within the Privy Council Office (PCO) supports the department’s senior management by providing internal audit and evaluation services and advice, as well as managing a secretariat for the PCO’s Departmental Audit Committee.
- Internal Audits: Provide reasonable assurance against defined criteria, following professional internal auditing standards. Scope is defined via a formal planning phase that includes a comprehensive risk assessment of the entity being audited.
- Targeted Control Audits: Provide reasonable assurance that key controls within an audit entity are designed and working as intended. These audits adhere to professional internal auditing standards. Relative to a typical internal audit, scope is defined using less intensive approaches and is much narrower than an internal audit.
- Reviews: Provide an objective assessment of a particular area without the same rigour of examination and/or testing of an audit. This can provide management with moderate assurance and sufficient information for decision-making purposes. Reviews may be requested by management or initiated by Internal Audit.
- Lessons Learned: Outline lessons from past experiences, on a given topic or topics. Data gathering typically limited to interviews and document review. This service may be requested by management or initiated by Internal Audit.
- Risk Management Support: Includes a range of services to support enterprise risk management (ERM), such as championing ERM in the organization or supporting risk identification and assessment.
- Advice: Encompasses formal and informal advisory services, which may be planned or ad hoc. Advice may be requested by management or initiated by Internal Audit. Scope may include identification of control weaknesses and/or significant risks.
- Other Consulting Engagements: Formal engagements requested by management who plays a major role in defining objective and scope.
Program improvement services
- Standard Evaluations: These evaluations are used to conduct a comprehensive, neutral and formal assessment of a program, policy or an organization’s relevance and performance.
- Calibrated Evaluations: Calibrated evaluations are similar to standard evaluations in terms of credibility and objectivity; however, they may not include the depth and detail of a full evaluation. They may also have reduced methodologies and/or lighter reports. These evaluations can be conducted at any stage of program delivery.
- Developmental Evaluations: This type of evaluation involves early engagement, perhaps before an evaluation may normally be possible. The evaluator is embedded into the operations, questioning and researching in real time to inform implementation, delivery and decisions-making, as well as documenting innovations, tracking progress and facilitating needs for adjustment.
- Targeted Research: Offers management with insights on global trends or new practices. This service may involve specialized skills or services from externals. This type of research is discretionary and can supplement other services such as performance measurement.
- Performance Measurement: Supports creation of logic models, performance measures/indicators and frameworks as part of Performance Information Profiles to outline intended outcomes and the ways to achieve these. Led by the Head of Performance Measurement, evaluators are involved to ensure logic models, performance measures/indicators and targets are valid, reliable and useful for evaluation and decision making purposes.
Key Compliance Attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit:
- A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
- A.126.96.36.199 Performance results for the internal audit function
- A.188.8.131.52 A list of planned audit engagements for the coming fiscal year
These results, or key attributes, demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.
|Performance indicators||Key compliance attribute||2020-2021 Results|
|Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?||1. (a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA))||20%|
|1. (b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress||0%|
|1. (c) % of staff holding other designations (CGAP, CISA, etc.)||40%|
|Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?||2. (a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP)||November 23, 2020|
|2. (b) Date of last external assessment||April 15, 2019|
|Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?||3. Risk-Based Audit Plan (RBAP) and related information
||See Status of Current Risk-Based Assurance Plan Table|
|Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?||4. Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited.||100%|
|Project Title||Audit Status||Date Report Approved||Date Report Published||Planned date for completion of all management action plans (MAPs)||Implementation Status|
|Consulting Engagement of Transition Readiness||Completed||July 17, 2019||N/A||N/A||N/A|
|Evaluation of the PCO Central Innovation Hub Report||Completed||August 17, 2020||October 7, 2020||N/A||N/A|
|Audit of Data Management||Completed||August 24, 2020||October 2, 2020||Q4 2020-2021||100%|
|Mid-term evaluation of the Impact Canada Fellowship Program||Completed||August 24, 2020||November 17, 2020||N/A||N/A|
|Consulting Engagement of IM/IT User Behavior||Completed||September 4, 2020||N/A||N/A||N/A|
|Safe Return to the Office Risk Assessment||Completed||March 26, 2021||N/A||N/A||N/A|
|Risk Assessment of Backup and Retention Policies for PCO Databases||In Progress||N/A||N/A||N/A||N/A|
|Evaluation of PCO’s Employee Onboarding Process||Planned||-||-||-||-|
|Fraud Risk Assessment||Planned||-||-||-||-|
|Review of Emergency Response and Resiliency||Planned|
|Review of Handling of Sensitive Documents||Planned||-||-||-||-|
|Audit of PCO’s Governor in Council Appointments Processes||Planned||-||-||-||-|
|Follow-up Evaluation of the Impact and Innovation Unit||Planned||-||-||-|
|PSC Cyclical Staffing Assessment||Planned||-||-||-||-|
|Audit of Data Management (Phase II)||Planned||-||-||-||-|
- Privy Council Office Departmental Audit Committee Charter (May 2021)
- Mid-term evaluation of the Impact Canada Fellowship Program (November 12, 2020)
- Evaluation of the PCO Central Innovation Hub (October 7, 2020)
- Audit of Data Management (September 30, 2020)
- Internal Audit Charter (October 2019)
- Joint audit of the Access to Information and Privacy consultation process in Cabinet Confidences (January 28, 2019)
- Audit of the Parliamentary Returns Process (October 13, 2017)
- Self-Assessment of Staffing Activities (September 19, 2017)
- PCO Audit Committee Charter (July 2017)
- Review of PCO's Performance Management Framework for Employees (January 20, 2017)
- Audit of PCO’s Accounts Payable Function (January 16, 2017)
- Annual Audit Committee Report to the Clerk of the Privy Council 2016-2017
- Chief Audit Executive Annual Report 2016-2017
- Risk-Based Internal Audit Plan 2016-2017 to 2018-2019
- Risk Assessment of Personal Information Holdings (August 19, 2016)
- Audit of the Management and Use of Acquisition Cards (May 20, 2016)
- Charter for the PCO Audit Committee (2016)
Report a problem or mistake on this page
- Date modified: