Department of Finance Canada’s Internal Audit Directorate: Key Compliance Attributes of Internal Audit 

Report – March 31st, 2019

Directive on Internal Audit  

Appendix A: Mandatory Procedures for Internal Auditing in the Government of Canada

A.2.2.3  Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including: 

A.2.2.3.1  Performance results for the internal audit function

The objective of publishing departmental internal audit performance results, in the form of key compliance attributes, is to provide pertinent information to stakeholders (Canadians, parliamentarians) regarding the professionalism, performance and impact of the function in departments.

The key compliance attributes detailed below have been selected to show an external audience that an internal audit function is in place within the Department and is operating as intended.

Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3.1 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that the heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.

More information regarding the rationale behind publishing these attributes can be found under the OCG web page.  

2018-2019 Performance Results
Compliance Attributes will answer questions that stakeholders may have about the oversight of public resources Key Compliance Attribute Results – April 1st 2018 to March 31st 2019
Do internal auditors in departments have the training to do the job effectively? Are multidisciplinary teams in place to address diverse risks? 1(a)   % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA))

1(b)   % of staff with an internal audit or accounting designation (CIA, CPA) in progress

1(c)   % of staff holding other designations (CGAP, CISA, etc.)

1(a)   67% of staff have an internal audit or accounting designation (CIA, CPA)

1(b)  33% of staff with an internal audit or accounting designation (CIA, CPA) in progress

1(c)   1 staff member is also holding other designations (CGAP, CRMA, etc.)

Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? 2(a)   Date of last comprehensive briefing to the Departmental Audit Committee (DAC) on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP)

2(b)   Date of last external assessment

2(a)   The last comprehensive briefing to DAC on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the QAIP was on July 5th, 2018.

2(b)   The last external assessment was completed on July 15, 2017.

Are the RBAPs submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? 3   RBAPs and related information

(a) name / status of audit for the current fiscal year of the RBAP

(b) date the audit report was approved

(c) date the audit report was published

(d) original planned date for completion of all management action plan (MAP) items

(e) status of MAP items

The 2018–19 to 2020–21 RBAP* was submitted to DAC on July 5, 2018 and approved by the Deputy Minister on July 12, 2018. See Table 1 – Audit plan and related information for details on the execution of the plan.

*Adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization.
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? 4   Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. Senior management of areas audited rated the overall usefulness of our work as "Good" out of potential rankings of Poor, Fair, Good, and Excellent.
Table 1 – Audit plan and related information
  Internal audit Audit status Report approved date Report published date Original planned MAP completion date Implementation status
1 Audit of Web Posting Published: MAP fully implemented 2016/06/06 2016/07/15 March 2017 100%
2 Audit of Business Continuity Planning Program Published: MAP not fully implemented 2016/08/29 2016/11/22 March 2018 67%
3 Coordinated Audit of Physical Security Access at The James Michael Flaherty Building Published: MAP not fully implemented 2017/11/22 2018/01/10 March 2018 60%
4 Audit of Information Management of the Federal Budget Process Published: MAP not fully implemented 2018/10/24 2019/01/25 March 2019 50%
5 Audit of Safeguarding of Sensitive Information Published: MAP not fully implemented 2018/12/14 2019/02/25 March 2019 75%
6 Review of the Reserves Management Systems In progress        
7 Review of Information Technology (IT) Governance and IT Project Management In progress        
8 Audit of the  Indigenous Tax Administration Agreements' Governance Framework[1] In progress        
9 Review of Project Management – G7 Presidency Cancelled[2]        
10 Audit of IT Security Cancelled[3]        
11 Audit of the Department’s Information and Records Management System (SharePoint) Planned        
12 Audit of the International Financial Institution’s Governance Framework Planned        
1 This assurance engagement was requested by the Deputy Minister after the approval of the 2018–19 to 2020–21 RBAP.
2 In light of the results of the planning phase, the client and the Internal Audit Directorate concluded that there was no need to proceed with the engagement.
3 This engagement was cancelled as the Department of Finance was scoped in the OCG Horizontal Audit of IT Security – Phase 2.