Key Compliance Attributes of Internal Audit
Why publish key compliance attributes of internal audit?
The objective of the Treasury Board Policy on Internal Audit is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.
Heads of organizations are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the policy or directive will prevail.
Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3.1 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
These attributes have been selected because they demonstrate to an external audience that, at a minimum, the fundamental elements necessary for oversight are in place, are operating as intended and are achieving results. The key attributes of compliance with the policy and standards are:
- internal auditors that are trained to effectively perform the work;
- audit work that is performed in conformance with the international standards for the profession;
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations; and
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives.
Publishing departmental key compliance attributes provides pertinent information to Canadians and parliamentarians regarding the professionalism, performance and impact of the internal audit function in departments. These are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
| Key Compliance Attributes | Results as of June 30, 2024 |
|---|---|
| % of staff with an internal audit or accounting designation (Certified Internal Auditor [CIA], Chartered Professional Accountant [CPA]) | 55% |
| % of staff with an internal audit or accounting designation in progress (CIA, CPA) | 0% |
| % of staff holding other professional designations (Certified Government Auditing Professional [CGAP], Certification in Risk Management Assurance [CRMA], etc. | 9% |
| Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program (QAIP) | March 2024 |
| Date of last external assessment | March 2024 |
Risk-Based Audit Plan (RBAP) and related information
|
Refer to Table 2 – Audit plan and related information. |
| Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited | Average overall usefulness rating from senior management:
|
| Internal audit engagements | Audit status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|
| Joint Audit and Evaluation of the Disaster Financial Assistance Arrangements Program | Approved/MAP not fully implemented | June 2022 | November 2022 | March 2024 | 25% |
| Internal Audit of COVID-19 Response Fund Management | Approved/MAP not fully implemented | June 2023 | October 2023 | June 2025 | 75% |
| Internal Audit of Integrated Risk Management | Approved/MAP not fully implemented | September 2023 | January 2024 | March 2025 | 33.3% |
| Nimble Advisory Engagement of the Assault-Style Firearms Compensation Program (Business Stream) | Ongoing | N/A | N/A | N/A | N/A |
| Nimble Advisory Engagement of the Assault-Style Firearms Compensation Program (Individual Stream) | Ongoing | N/A | N/A | N/A | N/A |
| Internal Audit of Procurement – Phase 1 | Approved/MAP not fully implemented | July 2024 | October 2024 | June 2025 | 0% |
| Internal Audit of Information Technology Security | Approved/MAP not fully implemented | July 2024 | Not published | June 2027 | 0% |
| Internal Audit of the National Risk Profile | Approved/MAP not fully implemented | September 2024 | November 2024 | N/A | N/A |
| Advisory Engagement of Grants and Contributions – Process Review | In progress | N/A | N/A | N/A | N/A |
| Internal Audit of Values and Ethics | In progress | N/A | N/A | N/A | N/A |
| Advisory Engagement of Human Resources Recruitment and Retention Practices | Not started | N/A | N/A | N/A | N/A |
Notes:
- Audit engagements from past fiscal years will remain listed in the table until 100% MAP implementation is achieved.
- In order to address emerging risks and departmental priorities, we may adjust the internal audits planned in the risk-based audit plan.
- Date modified: