Report on Key Compliance Attributes of the Internal Audit Function for the 2018 to 2019 Fiscal Year

The internal audit function at the Treasury Board of Canada Secretariat

The Internal Audit and Evaluation Bureau (IAEB) was created in February 2009 as a dedicated service to the Treasury Board of Canada Secretariat (TBS). The IAEB provides independent and objective assurance services to add value in managing TBS operations.

The IAEB conducts its audit work in accordance with:

  • the Policy on Internal Audit
  • the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (the Standards)

The internal audit function at TBS is composed of an engaged and dedicated group of professionals whose roles are defined by the function's vision, mission and values. The IAEB helps TBS meet its objectives by providing valued advice for decision-making to senior management. The IAEB provides this advice by taking a systematic, disciplined approach to improving the effectiveness of processes for governance, risk management and control.

This report informs Canadians and parliamentarians about the professionalism, performance and impact of the internal audit function at TBS.

The Directive on Internal Audit requires that all departments:

  • provide information on key compliance attributes
  • demonstrate that the internal audit function is in place and operating as intended

Compliance attribute questions and answers

1. Do internal auditors at TBS have the training required to do the job effectively, and are multidisciplinary teams in place to address diverse risks?

Yes, collectively, IAEB staff have the knowledge, skills and other competencies required to fulfill their responsibilities. The compliance attribute used to measure whether TBS has the training required is the percentage of staff:

  • who have Certified Internal Auditor (CIA) or Chartered Professional Accountant (CPA) designations
  • who are working to obtain a CIA or CPA designation
  • who have other designations, such as:
    • Certified Government Auditing Professional (CGAP)
    • Certification in Risk Management Assurance (CRMA)
    • Certified Fraud Examiner (CFE)

For the purposes of this report, 7 IAEB staff members are considered part of the TBS internal audit function. This staff includes:

  • the chief audit executive
  • the manager of the Government of Canada Audit Committee Secretariat
  • professional practices staff
  • internal audit managers
  • auditors
  • members who perform data analytics to support internal audits

Figure 1 shows the internal audit staff members by the designation or designations that they hold.

Figure 1: Internal Audit staff by the designation or designations they hold as of May 31, 2019
Internal audit staff composition as of May 31, 2019. Text version below:

Legend
CIA: Certified Internal Auditor
CPA: Chartered Professional Accountant

Figure 1 - Text version

The pie chart shows the internal audit staff by the designation or designations that they hold as of May 31, 2019.

Certified Internal Auditor or Chartered Professional Accountant designations 43%
Both Certified Internal Auditor and Chartered Professional Accountant designations 29%
Other designations 14%
Remaining staff 14%

The IAEB values staff who have multidisciplinary backgrounds. The IAEB encourages the recruitment and development of talent who have diverse skill sets and backgrounds outside of auditing or accounting. Such talent includes staff who have:

  • master’s degrees
  • advanced knowledge of data analytics

2. Does the internal audit work performed conform with the international standards for the profession as required by Treasury Board policy?

Yes, the internal audit work performed by the IAEB conforms to the Standards. The IAEB maintains conformance by performing key activities such as the yearly quality assurance self-assessment exercise and the external quality assurance review, which occurs every 5 years. The IAEB periodically reports compliance attributes to the Government of Canada Audit Committee as part of a comprehensive briefing. A comprehensive briefing consists of an update on:

  • the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ Code of Ethics and the Standards
  • the results of the IAEB’s Quality Assurance and Improvement Program

The IAEB’s last briefing to the committee about the results of the Quality Assurance and Improvement Program was in September 2018; the next briefing will be in June 2019.

Figure 2: timeline of comprehensive briefings, external assessments and validation
timeline of comprehensive briefings, external assessments and validation. Text version below:
Figure 2 - Text version

This timeline presents the key dates of the comprehensive briefings, external assessments and validation.

Key Dates Related Activities
December 2016 An externally validated self-assessment
February 2017 A comprehensive briefing to the Government of Canada Audit Committee, including the results of the externally validated self-assessment exercise
September 2018 A comprehensive briefing to the Government of Canada Audit Committee, including the results of the quality assurance self-assessment exercise
June 2019 A quality assurance self-assessment exercise and a comprehensive briefing to the Government of Canada Audit Committee, including the results of the quality assurance self-assessment exercise (planned)
December 2021 An external validation (planned)

3. Are Risk-Based Audit Plans (RBAPs) submitted to audit committees and approved by deputy heads? Are they implemented as planned and are the resulting reports published? Is management acting on audit recommendations?

The internal audits conducted by the IAEB are planned based on the approved, multi-year Integrated Audit and Evaluation Plan. Projects are listed in a table that is maintained to track:

  • planned internal audits
  • progress in implementing actions as a result of internal audits
Table 1: internal audits planned or completed by the IAEB as of
Project name Audit status Date the report was approved Date the report was published Planned completion date of management action plan Implementation status of management action plan
Completed
Joint audit and evaluation of privacy practices Reporting phase completed Pending Pending    
Planned
TBS pay controls Fiscal year 2019 to 2020, second quarter to fourth quarter        
Acquisition cards Fiscal year 2019 to 2020, third quarter to fourth quarter        
Information management Fiscal year 2019 to 2020, starting in the fourth quarter        

4. Is internal audit credible and adding value in support of TBS's mandate and strategic objectives?

The IAEB collects post-audit survey results to gauge management sentiments on the value of the internal audit services rendered. Due to timing, post-audit survey results for the joint audit and evaluation of privacy practices will be available later in the year and will be reported in next year’s key compliance attributes report.

The compliance attribute used to measure the credibility and value added by internal audit is an average overall usefulness rating from senior management, which is information gathered in the post-audit surveys issued to senior management.

© Her Majesty the Queen in Right of Canada, represented by the President of the Treasury Board, 2019,
Catalogue No.BT1-55E-PDF, ISSN: 2562-7449

Page details

Date modified: