Report on the key compliance attributes of Public Services and Procurement Canada’s Internal Audit Function: December 2023 update

April 1, 2023 to December 31, 2023

Office of the Chief Audit, Evaluation and Risk Executive

Introduction

The Policy on Internal Audit (hereon referred to as the Policy) and its associated Directive on Internal Audit (Directive) came into effect on April 1, 2017. The objective of the Policy is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.

The Policy sets out the responsibilities for Deputy Heads of large and small departments related to internal audit, which contributes to sound risk management, control and governance processes, as well as the role and responsibilities of the Comptroller General of Canada as the head of the function government-wide.

Deputy Heads are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework (Standards) unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the Policy or Directive will prevail.

The Directive outlines specific requirements of the Chief Audit Executive (CAE) and the associated mandatory procedures for internal auditing in the Government of Canada in subsection A.2.2.3. These procedures include public reporting requirements as prescribed by the Comptroller General of Canada, including performance results for the internal audit function and a list of planned audit engagements for the coming fiscal year. It is important that the public is aware that heads of government organizations are receiving assurance that activities are managed in a way that demonstrates responsible stewardship.

In order to comply with the requirement to publicly report on the performance of the internal audit function, the Comptroller General issued a technical bulletin on publishing key compliance attributes that outlined, among other things, key compliance attributes. These attributes were selected in order to provide pertinent information regarding the professionalism, performance and impact of the internal audit function within the department. The key attributes of compliance with the Policy and Standards are:

It should be noted that these are not performance measures, and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.

Within this technical bulletin, the Comptroller General requires that the list of audit engagements be updated twice annually. In accordance with the Policy and the technical bulletin issued by the Office of the Comptroller General (OCG), Public Services and Procurement Canada’s (PSPC) Office of the Chief Audit, Evaluation and Risk Executive (OCAERE) presents the following update to key compliance attribute number 3 for the internal audit function: the internal audit plan and related information, as of December 31, 2023.

3. Internal audit plan and related information

In order to demonstrate that management is acting on recommendations made by internal audit to improve departmental practices, public reporting requirements, as prescribed by the Comptroller General of Canada, requires internal audit functions to publish a list of completed engagements including the date by which all management actions were to have been implemented and the status of that implementation. This information is to be updated regularly and remain on the list of engagements for 6 months after the management action plan has been fully implemented. Internal audit functions also list all engagements scheduled for the coming fiscal year and their status in the spirit of demonstrating open and transparent information on the government’s intentions to conduct engagements in areas of higher risk to departments and to demonstrate responsible stewardship to Canadians.

All assurance engagements conducted by OCAERE are published as per the Policy on Internal Audit and requirements set out by the Office of the Comptroller General. Advisory engagements are not published as there is no requirement to do so.

Engagement information

Engagement titles and statuses
Engagement title Engagement status Report approved date Report published date Original planned Management Action Plan (MAP) completion datetable 1 note 1 Implementation statustable 1 note 2
Office of the Comptroller General Horizontal Audit of Business Continuity Planning (BCP) Published – MAP not fully implemented October 30, 2017 August 2018 March 2019 88%
Review of Staffing Published – MAP not fully implemented June 11, 2019 October 16, 2020 September 2020 50%
Audit of Information Technology (IT) Security Published – MAP not fully implemented January 28, 2020 October 16, 2020 March 2021 32%
Audit of Staffingtable 1 note 3 Published – MAP not fully implemented February 4, 2020 October 16, 2020 September 2021 86%
Audit of the Management of Engineering Assets Published – MAP not fully implemented June 1, 2020 October 16, 2020 September 2020 89%
Targeted Review of the Phased Bid Compliance Process Published – MAP fully implemented October 8, 2020 March 22, 2021 September 2020 100%
BDO Independent Third Party Review (ITPR) of PSPC Electronic Procurement Solution (EPS) Project Review: Frozen Allotment Gate #2 Approved – not published March 9, 2021 Not applicable (n/a) September 2021 70%
Health Check of Energy Services Acquisition Program Approved – not published February 2, 2021 n/a September 2021 85%
Industrial Security Systems Transformation (ISST) Approved – not published December 16, 2020 n/a March 2022 76%
Follow-up to the Audit of IT Security Published – MAP not fully implemented December 20, 2021 May 2022 March 2025 9%
Audit of the Charging model Published – MAP fully implemented December 20, 2021 May 2022 November 2022 100%
Laboratories Canada: Joint Advisory on Governance : Emerging Issues and Risks Approved – not published June 30, 2022 n/a October 2023 0%
Accrual Budgeting Published – MAP not fully implemented November 22, 2022 April 2023 June 2023 80%
Audit of PSPC’s Vaccination Process: Phase II Published – MAP not applicable April 4, 2023 August 22, 2023 n/a n/a
Health Check on change management for the EPS Phase II Approved – not published April 17, 2023 n/a June 30, 2023 25%
EPS ITPR Gate #3 frozen allotment (Milestone 6 to 8) Approved – not published February 21, 2023 n/a March 31, 2024 0%
Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company Published – MAP not fully implemented March 26, 2023 March 30, 2023 January 31, 2025 10%
Health Check of procurement authorities Approved – not published November 8, 2023 n/a n/a n/a
Advisory on Project Management practices (PMP) for Infrastructure In progress To be determined (TBD) TBD TBD TBD
Advisory of OneHR In progress TBD TBD TBD TBD
Transformation Assurance and Consulting Strategy: ISST In progress TBD TBD TBD TBD
Transformation Assurance and Consulting Strategy: Government of Canada Trusted platform (GCTP) In progress TBD TBD TBD TBD

Table 1 Notes

Table 1 Note 1

The majority of the MAP owner requested an extension to the original planned MAP completion date.

Return to table 1 note 1 referrer

Table 1 Note 2

The implementation status included in this report includes information from the March 2023 update, which was debriefed at the Departmental Audit Committee in September 2023.

Return to table 1 note 2 referrer

Table 1 Note 3

This report is related to the Review of Staffing, and the reports were published together as they refer to one another.

Return to table 1 note 3 referrer

Page details

Date modified: