Public Services and Procurement Canada
Report on the key compliance attribute number 3 of Public Services and Procurement Canada’s Internal Audit Function: December 2022 update
Office of the Chief Audit, Evaluation, and Risk Executive
On this page
Introduction
The Policy on Internal Audit (hereon referred to as the Policy) and its associated Directive on Internal Audit (hereon referred to as the Directive) came into effect on April 1, 2017. The objective of the Policy is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.
The Policy sets out the responsibilities for Deputy Heads of large and small departments related to internal audit, which contributes to sound risk management, control and governance processes, as well as the role and responsibilities of the Comptroller General of Canada as the head of the function government-wide.
Deputy Heads are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework (hereon referred to as the Standards) unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the Policy or the Directive will prevail.
The Directive outlines specific requirements of the Chief Audit Executive (CAE) and the associated mandatory procedures for internal auditing in the Government of Canada in subsection A.2.2.3. These procedures include public reporting requirements as prescribed by the Comptroller General of Canada including performance results for the internal audit function and a list of planned audit engagements for the coming fiscal year. It is important that the public is aware that heads of government organizations are receiving assurance that activities are managed in a way that demonstrates responsible stewardship.
In order to comply with the requirement to publicly report on the performance of the internal audit function, the Comptroller General issued a technical bulletin on why key compliance attributes of the internal audit are published that outlined, among other things, key compliance attributes. These attributes were selected in order to provide pertinent information regarding the professionalism, performance and impact of the internal audit function within the department. The key attributes of compliance with the Policy and Standards are:
- internal auditors that are trained to effectively perform the work
- audit work that is performed in conformance with the international standards for the profession
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives
It should be noted that these are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
Within this technical bulletin, the Comptroller General requires that the list of audit engagements be updated twice annually. In accordance with the Policy and the technical bulletin issued by the Office of the Comptroller General (OCG), Public Services and Procurement Canada’s (PSPC) Office of the Chief Audit, Evaluation and Risk Executive (OCAERE) presents the following update to key compliance attribute number 3 for the internal audit function: the internal audit plan and related information, as of December 31, 2022.
Internal Audit Plan and related information
In order to demonstrate that management is acting on recommendations made by internal audit to improve departmental practices, public reporting requirements, as prescribed by the Comptroller General of Canada, requires internal audit functions to publish a list of completed engagements including the date by which all management actions were to have been implemented and the status of that implementation. This information is to be updated regularly and remain on the list of engagements for 6 months after the management action plan has been fully implemented. Internal audit functions also list all engagements scheduled for the coming fiscal year and their status in the spirit of demonstrating open and transparent information on the government’s intentions to conduct engagements in areas of higher risk to departments and to demonstrate responsible stewardship to Canadians.
| Engagement title | Engagement status | Report approved date | Report published date | Original planned Management Action Plan completion datetable 1 note 1 | Implementation status of the Management Action Plantable 1 note 2 |
|---|---|---|---|---|---|
| Audit of Real Property (RP)-1 and RP-2 Contract Oversight Control Framework (Phase 1: Expenditures) | Completed | October 30, 2018 | March 11, 2019 | October 2019 | 100% |
| Office of the Comptroller General Horizontal Audit of Business Continuity Planning (BCP) | Completed | October 30, 2017 | August 2018 | March 2019 | 53% |
| One report title is redacted and is listed as 3 asterisks *** table 1 note 3 | Completed | October 30, 2018 | Not applicable (N/A) | March 2019 | 80% |
| Review of Staffing | Completed | June 11, 2019 | October 16, 2020 | September 2020 | 50% |
| Audit of Information Technology (IT) Security | Completed | January 28, 2020 | October 16, 2020 | March 2021 | 23% |
| Audit of Staffingtable 1 note 4 | Completed | February 4, 2020 | October 16, 2020 | September 2021 | 86% |
| Audit of the Management of Engineering Assets | Completed | June 1, 2020 | October 16, 2020 | September 2020 | 67% |
| Targeted Review of the Phased Bid Compliance Process | Completed | October 8, 2020 | March 22, 2021 | September 2020 | 80% |
| Health Check of Performance Measurement of Electronic Procurement Solution Project: Phase I | Completed | November 10, 2020 | N/A | April 2021 | 0% |
| BDO Independent Third Party Review of PSPC E-Procurement Solution (EPS) Project Review: Frozen Allotment Gate #1 | Completed | November 10, 2020 | N/A | July 2023 | 60% |
| BDO Independent Third Party Review of PSPC EPS Project Review: Frozen Allotment Gate #2 | Completed | March 9, 2021 | N/A | September 2021 | 30% |
| Health Check of Energy Services Acquisition Program | Completed | February 2, 2021 | N/A | September 2021 | 54% |
| Health Check of the EPS: Project Management Framework | Completed | October 26, 2020 | N/A | November 2020 | 60% |
| Industrial Security Systems Transformation (ISST) | Completed | December 16, 2020 | N/A | March 2022 | 71% |
| Follow-up to the Audit of IT Security | Completed | December 20, 2021 | May 2022 | March 2025 | 9% |
| Audit of the Charging model | Completed | December 20, 2021 | May 2022 | November 2022 | 67% |
| Health Check of EPS Organizational Change Management and Readiness | Completed | April 25, 2022 | N/A | N/A | N/A |
| Laboratories Canada: Joint Advisory on Governance: Emerging Issues and Risks | Completed | June 30, 2022 | N/A | To be determined (TBD) | TBD |
| Accrual Budgeting | Completed | November 22, 2022 | TBD | June 2023 | 0% |
| Audit of PSPC’s Vaccination Process: Phase I | Completed | October 17, 2022 | TBD | N/A | N/A |
| Audit of PSPC’s Vaccination Process: Phase II | In progress | TBD | TBD | TBD | TBD |
| Placeholder: Laboratories Canada | On holdtable 1 note 5 | TBD | N/A | TBD | TBD |
| Health Check of Government of Canada Trusted Platform’s (GCTP) governance | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Health Check on change management for the EPS: Phase II | In progress | TBD | N/A | TBD | TBD |
| Health Check of ISST Organizational Change Management and Readiness | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Independent Third-party Review (ITPR) ISST milestones 7 to 9 | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Health Check of the ISST’s Security Controls | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Health check of GCTP’s security controls Phase I | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Health check of GCTP’s security controls Phase II | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| Health check of ISST organizational change management and readiness for release 1.2 | On holdtable 1 note 6 | TBD | N/A | TBD | TBD |
| EPS ITPR Gate #3 frozen allotment (milestone 6 to 8) | In progress | TBD | N/A | TBD | TBD |
| Advisory on project management Practices (PMP) for infrastructure | Planned | TBD | N/A | TBD | TBD |
| Advisory on staffing and recruitment processes (before employees are hired) | Planned | TBD | N/A | TBD | TBD |
| Health check of procurement authorities | In Progress | TBD | N/A | TBD | TBD |
Table 1 Notes
|
|||||
- Date modified: