Department of Finance Canada’s Internal Audit Directorate: Key Compliance Attributes of Internal Audit
Report – March 31st, 2019
Directive on Internal Audit
Appendix A: Mandatory Procedures for Internal Auditing in the Government of Canada
A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
A.220.127.116.11 Performance results for the internal audit function
The objective of publishing departmental internal audit performance results, in the form of key compliance attributes, is to provide pertinent information to stakeholders (Canadians, parliamentarians) regarding the professionalism, performance and impact of the function in departments.
The key compliance attributes detailed below have been selected to show an external audience that an internal audit function is in place within the Department and is operating as intended.
Departments with internal audit functions are required to publish key attributes of compliance as per section A.18.104.22.168 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that the heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
More information regarding the rationale behind publishing these attributes can be found under the OCG web page.
|Compliance Attributes will answer questions that stakeholders may have about the oversight of public resources||Key Compliance Attribute||Results – April 1st 2018 to March 31st 2019|
|Do internal auditors in departments have the training to do the job effectively? Are multidisciplinary teams in place to address diverse risks?||1(a) % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA))
1(b) % of staff with an internal audit or accounting designation (CIA, CPA) in progress
1(c) % of staff holding other designations (CGAP, CISA, etc.)
|1(a) 67% of staff have an internal audit or accounting designation (CIA, CPA)
1(b) 33% of staff with an internal audit or accounting designation (CIA, CPA) in progress
1(c) 1 staff member is also holding other designations (CGAP, CRMA, etc.)
|Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy?||2(a) Date of last comprehensive briefing to the Departmental Audit Committee (DAC) on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP)
2(b) Date of last external assessment
|2(a) The last comprehensive briefing to DAC on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the QAIP was on July 5th, 2018.
2(b) The last external assessment was completed on July 15, 2017.
|Are the RBAPs submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes?||3 RBAPs and related information
(a) name / status of audit for the current fiscal year of the RBAP
(b) date the audit report was approved
(c) date the audit report was published
(d) original planned date for completion of all management action plan (MAP) items
(e) status of MAP items
|The 2018–19 to 2020–21 RBAP* was submitted to DAC on July 5, 2018 and approved by the Deputy Minister on July 12, 2018.
See Table 1 – Audit plan and related information for details on the execution of the plan.
*Adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization.
|Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization?||4 Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited.||Senior management of areas audited rated the overall usefulness of our work as "Good" out of potential rankings of Poor, Fair, Good, and Excellent.|
|Internal audit||Audit status||Report approved date||Report published date||Original planned MAP completion date||Implementation status|
|1||Audit of Web Posting||Published: MAP fully implemented||2016/06/06||2016/07/15||March 2017||100%|
|2||Audit of Business Continuity Planning Program||Published: MAP not fully implemented||2016/08/29||2016/11/22||March 2018||67%|
|3||Coordinated Audit of Physical Security Access at The James Michael Flaherty Building||Published: MAP not fully implemented||2017/11/22||2018/01/10||March 2018||60%|
|4||Audit of Information Management of the Federal Budget Process||Published: MAP not fully implemented||2018/10/24||2019/01/25||March 2019||50%|
|5||Audit of Safeguarding of Sensitive Information||Published: MAP not fully implemented||2018/12/14||2019/02/25||March 2019||75%|
|6||Review of the Reserves Management Systems||In progress|
|7||Review of Information Technology (IT) Governance and IT Project Management||In progress|
|8||Audit of the Indigenous Tax Administration Agreements' Governance Framework||In progress|
|9||Review of Project Management – G7 Presidency||Cancelled|
|10||Audit of IT Security||Cancelled|
|11||Audit of the Department’s Information and Records Management System (SharePoint)||Planned|
|12||Audit of the International Financial Institution’s Governance Framework||Planned|
|1 This assurance engagement was requested by the Deputy Minister after the approval of the 2018–19 to 2020–21 RBAP.
2 In light of the results of the planning phase, the client and the Internal Audit Directorate concluded that there was no need to proceed with the engagement.
3 This engagement was cancelled as the Department of Finance was scoped in the OCG Horizontal Audit of IT Security – Phase 2.