CSIS Internal Audit and Evaluation Branch / Disclosure of Wrongdoing and Reprisal Protection

The Internal Audit and Evaluation (IAE) Branch is composed of two sections: the Internal Audit and Evaluation Sections. The Internal Audit Section supports the branch mission by providing risk-based and objective assurance, advice and insight on risk management strategies and practices. Whereas the Evaluation Section provides neutral and credible information to inform decision-making, manage results and improve programs. The IAE Branch is led by the Chief Audit and Evaluation Executive (CAEE), who reports to the CSIS Director and to the CSIS Departmental Audit Committee (DAC) for internal audit activities and to the Performance Measurement and Evaluation Committee (PMEC) as Head of Evaluation. The CAEE is also the Senior Officer for Disclosure of Wrongdoing.

The IAE Branch is subject to the Treasury Board Policy on Internal Audit, the Treasury Board Directive on Internal Audit, the Treasury Board Policy on Results, the IAE Branch’s mission and the mandatory elements of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).

The DAC, comprised of both internal and external members, examines CSIS’ performance in the areas of risk management, control and governance processes relating to both operational activities and administrative services. By maintaining high standards in relation to its review function, in particular following-up on the implementation of management action plans derived from audit recommendations, the DAC supports and enhances the independence of the audit function.

The PMEC, comprised of internal Senior Officials, provides the Director with advice and recommendations on the respective availability, quality, utility, and use of performance information including evaluation. The evaluation function is supported by PMEC in areas such as follow-up on management action plans resulting from evaluation recommendations.

In the capacity of Senior Officer for Disclosure of Wrongdoing, the CAEE is responsible for administering the Internal Disclosure of Wrongdoing and Reprisal Protection Policy. The Policy provides a confidential mechanism for employees to come forward if they believe that wrongdoing has taken place. It also provides protection against reprisal when employees come forward, and ensures a fair and objective process for those against whom allegations are made.

Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks?
  • 33% of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 
  • 66% of staff with an internal audit or accounting designation (CIA, CPA) in progress
  • 33% of staff holding other designations (CGAP, CISA, etc.)
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?
  • March 2021: Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP)
  • December 2020: Date of last external assessment
Are the risk-based audit plans (RBAPs) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?

This requirement applies only to internal audits that will begin in the 2018-19 fiscal year and after. Departments have the option, as applicable, to include a statement to the effect that “additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization.

Going forward, internal audits from past fiscal years will remain listed in the table until 100% Management Action Plan (MAP) implementation is achieved. Audit engagements will remain listed on the site for a minimum six-month period after 100% implementation has been achieved and published.

Table 1 - Overview of internal audits planned or conducted
Internal audit title Audit status Report approved date Report published date Original planned MAP completion date Implementation status
Audit 1 Complete 2017-11-28 December 2017 2019-03-31 100%
Audit 2 Complete 2018-09-28 October 2018 2019-05-31 100%
Audit 3 Complete 2018-11-15 November 2018 2019-03-31 80%
Audit 4 Complete 2018-12-17 December 2018 2020-03-31 80%
Audit 5 Postponed        
Audit 6 Complete 2020-06-26 June 2020 2021-04-30 80%
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?

Average overall usefulness rating of good from senior management (ADM-level or equivalent) of areas audited.

Page details

Date modified: