Technical bulletin 2019: Internal audit key compliance attributes
Why publish key compliance attributes of internal audit
The objective of the Treasury Board Policy on Internal Audit is “to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management”. It is important that the public know that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
Departments with internal audit functions are required to meet public reporting requirements as prescribed by the Comptroller General of Canada (section A.2.2.3 of the Treasury Board Directive on Internal Audit) including:
- A.2.2.3.1 Performance results for the internal audit function
- A.2.2.3.2 A list of planned audit engagements for the coming fiscal year
The attributes in this report have been selected because they demonstrate to an external audience that, at a minimum, the fundamental elements necessary for oversight are in place, are operating as intended and are achieving results. The key attributes of compliance with the policy and standards are:
- internal auditors who are trained to effectively perform the work
- audit work that is performed in conformance with the international standards for the profession
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives
Publishing departmental key compliance attributes provides information to Canadians and parliamentarians about the professionalism, performance and impact of the internal audit function in departments. The attributes are not performance measures, and no targets are attached to them. Under the policy, the Comptroller General has the authority to amend these attributes in response to changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
| Performance indicator | Key compliance attribute | Fiscal year 2019 to 2020 (First quarter) | Definition or comments |
|---|---|---|---|
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? |
Number of internal audit employees | 21 | The number of current full-time equivalent positions |
| Percentage of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 57% | n/a | |
| Percentage of staff with an internal audit or accounting designation (CIA, CPA) in progress | 24% | In progress: The staff member (an indeterminate employee) has formally registered with and has been accepted by the certifying body to complete the requirements of the professional designation in a prescribed time frame and has registered for at least one component of the certification process. | |
| Percentage of staff holding other designations (for example, Certified Government Auditing Professional, Certified Information Systems Auditor) | 33% | Several staff also held other designations, for example:
|
|
| Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the standards and the results of the quality assurance and improvement program (QAIP) | May 2019 June 2019 |
Last comprehensive briefing: A comprehensive briefing includes updates on all pertinent elements of the QAIP. In accordance with IIA Standard 1320, this comprehensive briefing would include:
External assessments (practice inspections) must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. |
| Date of last external assessment | March 2019 | ||
Are the risk-based audit plans submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? |
Refer to table below for internal audit status and related information for fiscal year 2019 to 2020. | n/a | n/a |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (assistant deputy minister-level or equivalent) of areas audited | Good | Average “overall usefulness” rating: Post-audit surveys to senior management of the area audited should include a question on the overall usefulness of the audit and should be done for all audits approved in the applicable fiscal year. Only three post-audit surveys were sent out during the last fiscal year, and only one was returned. The rating is therefore based on the results of only that survey. |
Internal audit status and related information for fiscal year 2019 to 2020
Additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization.
Internal audit engagements |
Audit status |
Report approved date |
Report published date |
Original planned management action plan (MAP) completion date |
MAP implementation status |
|---|---|---|---|---|---|
Core Control Audit: Administrative Tribunals Support Services of Canada Phase I |
Published – MAP not fully implemented |
Audit report was consolidated to include phases I and II June 26, 2019 |
July 29, 2019 |
Fiscal year 2019 to 2020 Second quarter |
Validation in progress |
Core Control Audit: Administrative Tribunals Support Services of Canada Phase II |
Published – MAP not fully implemented |
June 26, 2019 |
July 29, 2019 |
Fiscal year 2019 to 2020 Second quarter |
Validation in progress |
Office of the Comptroller General Special Internal Audit (Due to the nature of this audit, the details cannot be released at this time) |
In progress |
n/a |
n/a |
n/a |
n/a |
Blended Horizontal Engagement on Information Technology (IT) Security Phase II Part 1: Review of IT Security Risks Related to the Government of Canada IT Strategic Direction |
In progress |
n/a |
n/a |
n/a |
n/a |
Blended Horizontal Engagement on IT Security Phase II Part 2: Small Departments IT Security Self‑Assessment |
In progress |
n/a |
n/a |
n/a |
n/a |
Blended Horizontal Engagement on IT Security Phase II Part 3: Review of the Effectiveness of User Awareness and Training, and Incident Detection |
In progress |
n/a |
n/a |
n/a |
n/a |
Audit of Project Management Phase I |
In progress |
n/a |
n/a |
n/a |
n/a |
Regional Development Agency: Atlantic Canada Opportunities Agency Assessment of Innovation Capacity (Advisory) |
Approved – Not published |
July 11, 2019 |
n/a |
n/a |
n/a |
Regional Development Agency: Canada Economic Development for Québec Regions Assessment of Innovation Capacity (Advisory) |
Approved – Not published |
October 8, 2019 |
n/a |
n/a |
n/a |
Departmental Implementation of Digital Standards |
Planned |
n/a |
n/a |
n/a |
n/a |
Treasury Board Submission Information for Decision‑Making |
Planned |
n/a |
n/a |
n/a |
n/a |
Departmental Performance Measurement |
Planned |
n/a |
n/a |
n/a |
n/a |
Human Resource Planning |
Planned |
n/a |
n/a |
n/a |
n/a |
Regional Development Agency: Audit of the Management Control Framework over Monitoring and Reporting for Transfer Payments |
In progress |
n/a |
n/a |
n/a |
n/a |
Core Control Audit: Veterans Review and Appeal Board |
In progress |
n/a |
n/a |
n/a |
n/a |
Regulatory Compliance and Enforcement Frameworks |
In reservetable 1 note 1 |
n/a |
n/a |
n/a |
n/a |
Project Management Phase II |
In reservetable 1 note 1 |
n/a |
n/a |
n/a |
n/a |
Table 1 Notes
|
|||||
Page details
- Date modified: