Internal audit key compliance attributes

Key compliance attributes provide pertinent information to Canadians and parliamentarians on the professionalism, performance and impact of the internal audit function in departments. These are not performance measures and no targets are attached.  

Publishing key compliance attributes of internal audit

The oversight of resources used throughout the federal government is conducted by professional and objective internal auditors that are independent of departmental management.

Heads of organizations are responsible for ensuring that internal audits in the department are carried out. The process complies with the Institute of Internal Auditors International Professional Practices Framework.

Departments with an internal audit function are required to publish key attributes of compliance. These attributes have been selected because they demonstrate that, at a minimum, the fundamental elements necessary for oversight are:

  • in place
  • operating as intended
  • achieving results

The key attributes of compliance with the policy and standards are:

  • internal auditors trained to effectively perform the work
  • audit work that comply with the international standards for the profession
  • audit work performed according to a systematically developed risk-based audit plan:
    • which has been approved by the head of the organization
    • that results in management actions being taken in response to report recommendations
  • audit work perceived as adding value in the pursuit of organizational objectives
Table 1: Key Compliance Attributes Results
Key compliance attributes Results as of June 30, 2019
% of staff with an internal audit or accounting designation [Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)] 50%
% of staff with an internal audit or accounting designation (CIA, CPA) in progress 15%
% of staff holding other designations (CGAP, CISA, etc.) 20%
Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) June 2019
Date of last external assessment March 2016
Risk-based Audit Plan and related information Refer to Table 2: Risk-based audit plan and related information.
Average overall usefulness rating from upper senior management of areas audited 100% of senior management rated the overall usefulness of the audits as ‘Good’ to ‘Excellent’.

The Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.

Table 2: Risk-based Audit Plan and related information
Internal audit title Audit status Report approved
Report published
Original planned Management Action Plan (MAP) completion date Implementation status
Audit of Oceans Management Published – MAP not fully implemented May 13, 2016 June 30, 2016 March 2017 90%
Audit of Information Technology Security Published – MAP not fully implemented December 9, 2016 March 22, 2017 September 2017 75%
Audit of the Canadian Shellfish Sanitation Program Published – MAP not fully implemented June 9, 2017 July 25, 2017 March 2018 60%
Audit of Partnerships and Collaborative Arrangements with Other Government Departments and External Groups Published – MAP fully implemented May 26, 2017 June 19, 2017 March 2018 100%
Audit of the Management of Laboratories Published – MAP not fully implemented January 15, 2018 May 14, 2018 March 2019 60%
Audit of Occupational Health and Safety Published – MAP not fully implemented March 22, 2018 June 19, 2018 December 2019 70%
Audit of Fraud Management Published – MAP not fully implemented October 25, 2018 January 16, 2019 March 2019 80%
Audit of Material Management: Disposal of Assets Published – MAP not fully implemented October 25, 2018 January 16, 2019 September 2019 80%
Audit of Icebreaking Services Approved – Not published May 28, 2019 - March 2020 -
Audit of Physical Security Approved – Not published June 26, 2019 - October 2020 -
Audit of IT Asset Management Approved – Not published June 26, 2019 - March 2021 -
Continuous Auditing (Pilot Project – Travel Business Processes – Travel Claims) In progress - - - -
Audit of Firearms In progress - - - -
Audit of the Incident Command System In progress - - - -
Audit of Information Management / lnformation Technology (IM/IT) Governance and Integrated Planning In progress - - - -

Additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization. Going forward, audits from past fiscal years will remain listed in the table until 100% MAP implementation is achieved. Audit engagements will remain listed on the site for a minimum period of 6 months after 100% implementation has been achieved and published.

Related links