Language selection

Search

Internal audit key compliance attributes

Key compliance attributes provide pertinent information to Canadians and parliamentarians on the professionalism, performance and impact of the internal audit function in departments. These are not performance measures and no targets are attached.

Publishing key compliance attributes of internal audit

The oversight of resources used throughout the federal government is conducted by professional and objective internal auditors that are independent of departmental management.

Heads of organizations are responsible for ensuring that internal audits in the department are carried out. The process complies with the Institute of Internal Auditors International Professional Practices Framework.

Departments with an internal audit function are required to publish key attributes of compliance. These attributes have been selected because they demonstrate that, at a minimum, the fundamental elements necessary for oversight are:

The key attributes of compliance with the policy and standards are:

Table 1: Key Compliance Attributes Results
Key compliance attributes Results as of March 31, 2023
% of staff with an internal audit or accounting designation [Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)] 31%
% of staff with an internal audit or accounting designation (CIA, CPA) in progress 8%
% of staff holding other designations (CGAP, CISA, etc.) 31%
Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) June 16, 2022
Date of last external assessment March 23, 2021
Risk-based Audit Plan and related information Refer to Table 2: Status of Open Internal Audits Approved in the Risk-based Audit Plan.
Average overall usefulness rating from upper senior management of areas audited 83% of senior management rated the overall usefulness of the audits as ‘Good’ to ‘Excellent’.
 

The Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.

Table 2: Status of Open Internal Audits Approved in the Risk-based Audit Plan
Internal audit title Audit status Report approved date Report published date Original planned Management Action Plan (MAP) completion date Implementation status
Audit of Occupational Health and Safety Published – MAP not fully implemented March 22, 2018 June 19, 2018 December 2019 80%
Audit of Icebreaking Services Published – MAP not fully implemented May 29, 2019 October 3, 2019 March 2020 80%
Audit of Physical Security Published – MAP not fully implemented June 26, 2019 October 3, 2019 October 2020 89%
Audit of IT Asset Management Published – MAP not fully implemented June 26, 2019 October 3, 2019 March 2021 82%
Audit of the Incident Command System Published – MAP not fully implemented March 17, 2021 June 25, 2021 March 2023 67%
Audit of Revenue Management Published – MAP not fully implemented June 17, 2021 December 3, 2021 May 2022 90%
Audit of Information Technology (IT) General Controls Published- MAP not fully implemented April 14, 2022 -July 20, 2022 December  2023 56%
Audit of Implementation of Fisheries Act Published MAP not fully implemented April 14, 2022- July 13, 2022 March 2023 25%
Audit of Management of Grants and Contributions In progress N/A N/A N/A N/A
Audit of the Implementation of the Arctic Region In progress N/A N/A N/A N/A

Additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization. Accordingly, the list above does not include a number of consulting engagements that were carried out. Going forward, audits from past fiscal years will remain listed in the table until 100% Management Action Plan (MAP) implementation is achieved. Audit engagements will remain listed on the site for a minimum six-month period after 100% implementation has been achieved and published.

Related links

Date modified: