Public Services and Procurement Canada
Report on the key compliance attributes of Public Services and Procurement Canada’s Internal Audit Function
On this page
April 1, 2019 to March 31, 2020
Office of the Chief Audit Executive
Introduction
The Policy on Internal Audit (hereon referred to as the Policy) and its associated Directive on Internal Audit (directive) came into effect on April 1, 2017. The objective of the Policy is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.
The Policy sets out the responsibilities for Deputy Heads of large and small departments related to internal audit, which contributes to sound risk management, control and governance processes; as well as the role and responsibilities of the Comptroller General of Canada as the head of the function government-wide.
Deputy Heads are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework (Standards) unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the Policy or directive will prevail.
The Directive on Internal Audit outlines specific requirements of the Chief Audit Executive (CAE) and the associated mandatory procedures for internal auditing in the Government of Canada in subsection A.2.2.3. These procedures include public reporting requirements as prescribed by the Comptroller General of Canada including performance results for the internal audit function and a list of planned audit engagements for the coming fiscal year. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
In order to comply with the requirement to publically report on the performance of the internal audit function, the Comptroller General issued a technical bulletin that outlined, among other things, key compliance attributes. These attributes were selected in order to provide pertinent information regarding the professionalism, performance and impact of the internal audit function within the department. The key attributes of compliance with the Policy and Standards are:
- internal auditors that are trained to effectively perform the work
- audit work that is performed in conformance with the international standards for the profession
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives
It should be noted that these are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
Key compliance attributes of Internal Audit
In accordance with the Policy and the technical bulletin issued by the Office of the Comptroller General (OCG), Public Services and Procurement Canada’s (PSPC) Office of the Chief Audit Executive (OCAE) presents the following key compliance attributes for the internal audit function for the reporting period April 1, 2019 to March 31, 2020. The compliance attributes noted below pertain to staff professional certifications and designations, the quality assurance and improvement program, and execution of the audit plan.
1) Professional Certifications and Designations
Professionalism of the internal audit function is referenced several times in the applicable policy instruments. In accordance with the Policy, the OCG is responsible for determining the professional requirements for internal audit in the federal public administration. The OCG relies on the certification and training for the profession provided by the Institute of Internal Auditors. Within departments with internal audit functions, the Chief Audit Executive (CAE) is responsible for ensuring that internal auditors have the appropriate qualifications, skills, and opportunities to maintain and develop their internal auditing competencies, and the Deputy Head is responsible for supporting this professional development and certification. The professional certifications and designations for staff employed in PSPC’s OCAE are as follows:
| Key compliance attribute table 1 note 1 | Percentage |
|---|---|
| 1(a) Percent of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 54% |
| 1(b) Percent of staff with an internal audit or accounting designation (CIA, CPA) in progress | 19% |
| 1(c) Percent of staff holding other designations (Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA), etc.) | 23% |
Table 1 Note
|
|
2) Quality Assurance and Improvement Program
In accordance with the International Standards for the Professional Practice of Internal Auditing, the Chief Audit Executive must develop and maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity (standard 1300) and must include both internal and external assessments (standard 1310). The status of the OCAE’s QAIP is as follows:
| Key compliance attribute | Response |
|---|---|
| 2(a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the Institute of Internal Auditors (IIA) Code of Ethics and the Standards and the results of the QAIP. | The OCAE completed its last periodic Internal Assessment, of Internal Audit Governance at PSPC on October 30, 2018. |
| 2(b) Date of last external assessment. | The OCAE’s last external assessment was tabled at the January 28, 2020 Departmental Audit Committee meeting. |
3) Internal Audit Plan and related information
In order to demonstrate that management is acting on recommendations made by internal audit to improve departmental practices, public reporting requirements, as prescribed by the Comptroller General of Canada, requires internal audit functions to publish a list of completed engagements including the date by which all management actions were to have been implemented and the status of that implementation. This information is to be updated regularly and remain on the list of engagements for six months after the management action plan has been fully implemented. Internal audit functions also list all engagements scheduled for the coming fiscal year and their status in the spirit of demonstrating open and transparent information on the government’s intentions to conduct engagements in areas of higher risk to departments and to demonstrate responsible stewardship to Canadians.
| Engagement Title | Engagement Status | Report Approved Date | Report Published Date | Original Planned MAP Completion Date | Implementation Status |
|---|---|---|---|---|---|
| Review of Staffing | Completed | June 11 2019 | TBD | September 2021 | 20% |
| Attest Audit of the Financial Statements of Departmental Revolving Funds for the FY ended March 31, 2019 | Completed | August 20 2019 | 30-Dec-19 | N/A | N/A |
| Annual Attest Audit of Administrative Costs Charged to the Canada Pension Plan for year ended March 31, 2019 | Completed | October 23 2019 | TBD | N/A | N/A |
| Audit of IT Security | Completed | October 23 2019 | TBD | March 2021 | 9% |
| Federal Science through Infrastructure Initiative: Governance Health Check | Completed | October 23 2019 | N/A | N/A | N/A |
| Engagement to Collect Observations from Recent Investments in Collaborative Scientific Infrastructure to Inform the Federal Science through Infrastructure Initiative | Completed | October 23 2019 | N/A | N/A | N/A |
| Audit of PeopleSoft 9.2 Upgrade Stakeholder Engagement (Phase 1) | Completed | January 28 2020 | TBD | October 2020 | 0% |
| Audit of Staffing | Completed | March 6 2020 | TBD | September 2021 | 0% |
| Audit of the Management of Engineering Assets | In Progress | TBD | TBD | September 2020 | 0% |
| Audit of Land, Aerospace, and Marine Procurement | In Progress | TBD | TBD | TBD | TBD |
| Targeted Review of PSPC's Phased-Bid Compliance Process | In Progress | TBD | TBD | TBD | TBD |
| Allen Lands | In Progress | N/A | N/A | N/A | N/A |
| Risk Management in HR to Pay (Phase 1) | In Progress | TBD | N/A | N/A | N/A |
| Health Check on E-Procurement Solution Project Outcomes/Benefits Realization | In Progress | TBD | N/A | N/A | N/A |
| Health Check of the Centre Block Rehabilitation Program Execution Plan | In Progress | TBD | N/A | N/A | N/A |
| Health Check of Energy Services Acquisitions Program | In Progress | TBD | N/A | N/A | N/A |
| Audit of PeopleSoft 9.2 Upgrade Stakeholder Engagement (Phase 2) | In Progress | TBD | TBD | TBD | TBD |
| Annual Attest Audits of the Financial Statements of Revolving Funds for year ended March 31, 2020 | In Progress | TBD | TBD | TBD | TBD |
| Review of Industrial Security Systems Transformation IT Controls | Planned | TBD | TBD | TBD | TBD |
| Placeholder - Federal Science through Infrastructure Initiative | Planned | TBD | TBD | TBD | TBD |
| Follow-up to the Audit of IT Security | Planned | TBD | TBD | TBD | TBD |
| Audit of E-Procurement Solution Project | Planned | TBD | TBD | TBD | TBD |
| Pre-project launch Health Check of SAP Transformation | Planned | TBD | N/A | N/A | N/A |
| Charging model | Planned | TBD | TBD | TBD | TBD |
| Accrual Budgeting | Planned | TBD | TBD | TBD | TBD |
| Lessons Learned from PSPC’s Response to COVID-19 | Planned | TBD | N/A | N/A | N/A |
| Advisory Engagement on Selected Elements of PSPC’s Response to COVID-19 | Planned | TBD | N/A | N/A | N/A |
| Review of Low Dollar Value Contracts | Planned | TBD | TBD | TBD | TBD |
| Annual Attest Audit of the Financial Report of Administrative Costs Charged to the Canada Pension Plan Account for year ended March 31, 2020 | Planned | TBD | TBD | N/A | N/A |
4) Usefulness
In order to determine if the internal audit function is credible and adding value in support of the mandate and strategic objectives of the organization, internal audit functions are required to conduct post-audit surveys with senior management of the areas that have been audited.
| Key compliance attribute | Response table 4 note 1 |
|---|---|
| 4. Average overall usefulness rating from respondents of areas audited. | 89% of respondents rated the overall usefulness of audits as "Agree" to "Strongly Agree". |
Table 4 Note
|
|
- Date modified: