Public Services and Procurement Canada
Key compliance attributes of the internal audit function
The Policy on Internal Audit and the Directive on Internal Audit support the oversight of public resources throughout the federal public administration through the application of a professional and objective internal audit function that is independent of departmental management.
The Directive outlines specific requirements of the Chief Audit Executive and mandatory procedures for internal auditing in the Government of Canada in subsection 4.1. These procedures include public reporting requirements in the form of key compliance attributes as prescribed by the Comptroller General of Canada. These attributes were selected in order to provide Canadians pertinent information regarding the professionalism, performance and impact of the internal audit function within Government departments. The key attributes of compliance with the Policy and Standards are designed to support and produce:
- internal auditors that are trained to effectively perform the work
- audit work that is performed in conformance with the international standards for the profession
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives
It should be noted that these are not performance measures, and as such, no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
Key compliance attributes of internal audit
In accordance with the Directive, Public Services and Procurement Canada’s (PSPC) Office of the Chief Audit, Evaluation and Risk Executive presents the key compliance attributes for the internal audit function. The compliance attributes pertain to staff professional certifications and designations, the quality assurance and improvement program, and execution of the audit plan.
|
Performance indicators |
Key compliance attributes |
Results as of August 31, 2025 |
|---|---|---|
|
Internal auditors in departments have the training required to do the job effectively. Multidisciplinary teams are in place to address diverse risks. |
Percent of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) |
50% |
|
Percent of staff with an internal audit or accounting designation (CIA, CPA) in progress |
15% |
|
|
Percent of staff holding other professional designations (Certified Government Auditing Profession, Certified Information Systems Auditor, etc.)Footnote 1 |
25% |
|
|
Internal audit work is performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy. |
Date of last comprehensive briefing to the Departmental Audit Committee (DAC) on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program |
May 29, 2024 |
|
Date of last external assessment |
June 7, 2025 |
|
|
The risk-based audit plans (RBAP) are submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published. Management is acting on audit recommendations for improvements to departmental processes. |
RBAP and related Information
|
Refer to Table 2: Internal audit plan and related information |
|
Internal audit is credible and adding value in support of the mandate and strategic objectives of the organization. |
Average overall usefulness rating from respondents of areas audited |
Good (75%) |
Footnotes for table 1
|
||
|
Engagement title |
Engagement status |
Report approved date |
Report published date |
Original planned Management Action Plan completion dateFootnote 3 |
Implementation statusFootnote 4 |
|---|---|---|---|---|---|
|
Office of the Comptroller General Horizontal Audit of Business Continuity Planning |
Published – MAP fully implemented |
October 30, 2017 |
August 2018 |
March 2019 |
100% |
|
Review of Staffing |
Published – MAP fully implemented |
June 11, 2019 |
October 16, 2020 |
September 2020 |
100% |
|
Audit of Information Technology (IT) Security |
Published – MAP not fully implemented |
January 28, 2020 |
October 16, 2020 |
March 2021 |
50% |
|
Audit of the Management of Engineering Assets |
Published – MAP fully implemented |
June 1, 2020 |
October 16, 2020 |
September 2020 |
100% |
|
Industrial Security Systems Transformation |
Approved – Not published |
December 16 2020 |
Not applicable (N/A) |
March 2022 |
76% |
|
Follow-up to the Audit of IT Security |
Published – MAP not fully implemented |
December 20, 2021 |
May 2022 |
March 2025 |
18% |
|
Laboratories Canada: Joint Advisory on Governance: Emerging Issues and Risks |
Approved – Not published |
June 30, 2022 |
N/A |
October 2023 |
74% |
|
Accrual Budgeting |
Published – MAP fully implemented |
November 22, 2022 |
April 2023 |
June 2023 |
100% |
|
Health Check on change management for the Electronic Procurement Solution (EPS): Phase II |
Approved – Not published |
April 17, 2023 |
N/A |
June 30, 2023 |
83% |
|
EPS Independent Third Party Review Gate #3 frozen allotment (Milestone 6 to 8) |
Approved – Not published |
February 21, 2023 |
N/A |
March 31, 2024 |
82% |
|
Audit of Federal Government Consulting Contracts Awarded to McKinsey & Company |
Published – MAP not fully implemented |
March 26, 2023 |
March 30, 2023 |
January 31, 2025 |
90% |
|
Audit of Pay Validation: Phoenix Database Migration |
Published – MAP not applicable |
May 7, 2025 |
July 3, 2025 |
N/A |
N/A |
|
Horizontal Office of the Comptroller General Audit of Procurement Governance |
Published – MAP not fully implemented |
February 25, 2025 |
March 7, 2025 |
March 31, 2027 |
To be determined (TBD) |
|
Risk Based Assurance Strategy (RBAS) - Human Resources and Pay portfolio 2024-25 |
Approved – Not published |
November 20, 2024 |
N/A |
N/A |
N/A |
|
Advisory on Project Management Practices for Infrastructure Projects |
In progress |
TBD |
TBD |
TBD |
TBD |
|
Health Check on the OneHR Service PSPC Project |
In progress |
TBD |
TBD |
TBD |
TBD |
|
Health Check on the Feasibility Project |
In progress |
TBD |
TBD |
TBD |
TBD |
|
Targeted Advice and Support on Human Resources (HR) and Pay Governance |
In progress |
TBD |
TBD |
TBD |
TBD |
|
Audit of Departmental Information Management |
In progress |
TBD |
TBD |
TBD |
TBD |
|
RBAS - HR and Pay portfolio 2025-26 |
Planned |
TBD |
TBD |
TBD |
TBD |
Footnotes for table 2
|
|||||