Compliance Attributes for the Internal Audit Function - December 2021

Date: December 2021

PDF Version (131 Kb, 3 Pages)

 

Key compliance attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2018-1: Policy on Internal Audit. It states that:

A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:

A.2.2.3.1 Performance results for the internal audit function.

These key compliance attributes demonstrate that the fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.

Key Compliance Attributes

Professional Qualifications

Members of the internal audit team are trained to do their job effectively. Multidisciplinary teams are in place to address diverse risks. The breakdown of the internal audit staff professional qualifications is shown in Figure 1.

Figure 1. Internal audit staff qualifications as of December 31, 2021

Figure 1. Internal audit staff qualifications as of December 31, 2021

Figure 1 – Text version

The bubble chart shows the breakdown of the internal audit staff qualifications as of December 31, 2021.

Certified Internal Auditor (CIA)/Chartered Professional Accountant (CPA) Designations 71%
Accounting or other designation in progress 14%

Other Designations

  • CRM: Canadian Risk Management
  • CRMA: Certification in Risk Management Assurance
  • CISA: Certified Information Systems Auditor
  • CGAP: Certified Government Auditing Professional
  • PMP: Project Management Professional
0%

Conformance with the International Standards

The Audit and Assurance Services Branch’s internal audit work conforms to international standards for the profession. The last external audit assessment was completed in May 30, 2017. The most recent internal assessment was presented on December 13, 2021, at the Departmental Audit Committee. The presentation consisted of an update on:

  • The scope and frequency of both the internal and external assessments
  • The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest
  • Conclusions of assessors
  • Corrective action plans
  • Internal process, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditor’s Code of Ethics and Standards
  • Results of the Internal Audit Branch’s Quality Assurance and Improvement Program

The internal audits conducted by the Audit and Assurance Services Branch are planned and based on the approved Risk-Based Audit Plan. The audits and the implementation status of their Management Action Plan (MAP) are listed in Table 1. Additions and adjustments to the internal audits may occur in order to address emerging risks and priorities of the organization.

Table 1. Risk-Based Audit Plan and Related Information
Internal Audit Title Status Report
Approved
Date
Report
Published
Date
Original
planned
MAP Completion date
MAP Implementation status
Audit of the Implementation of the Staffing Frameworks Published: MAP not fully implemented December 14, 2020 March 12, 2021 June 30, 2021 33%
implemented
Audit of the Selection Processes for Recipient Audits Published: MAP not fully implemented March 16, 2021 June 23, 2021 March 31, 2022 0%
Audit of IT Security
(Focus on Cybersecurity)
Approved – Not published September 24, 2021 N/A June 30, 2022 38%
implemented
Audit of Internal Controls Over Financial Reporting In progress - Not Available - Not Available - Not Available - Not Available
Audit of the Management of Service Level Agreements to Provide Shared Internal Services between CIRNAC and ISC In progress - Not Available - Not Available - Not Available - Not Available
Audit of Oversight Mechanisms for Self-Government Financial Mandating Planned - Not Available - Not Available - Not Available - Not Available
 

Overall Usefulness of Internal Audits

Based on the post-audit survey results received, senior management agreed that overall the audits conducted were useful.

 
 

Did you find what you were looking for?

What was wrong?

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Thank you for your feedback

Date modified: