2024-2025 Report on Key Compliance Attributes of the Internal Audit Function
Table of Contents
1. Introduction
The Internal Audit and Evaluation Directorate provides independent objective assurance. It also provides consulting and evaluation services to add value and improve the Public Service Commission of Canada’s (PSC) operations.
The directorate conducts its audit work in accordance with:
- the Treasury Board of Canada Secretariat’s Policy on Internal Audit
- the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing
The directorate’s mission is to enhance and protect organizational value by providing risk-based objective assurance, advice and insight. The internal audit function allows the PSC to meet its goals, using a systematic and disciplined approach to evaluating and improving the adequacy and effectiveness of the PSC’s processes for risk management, control and governance.
This report provides information on the professionalism, performance and impact of the internal audit function.
The Treasury Board of Canada Secretariat’s Directive on Internal Audit requires all departments and agencies to provide information on key compliance attributes to show that the internal audit function is in place and working as intended.
2. Compliance attributes
The internal audit function at the PSC was assessed on the following 4 key compliance attributes:
- internal audit training and team
- conformance with international standards
- implementation of the risk-based audit plan
- credibility and value of internal audit
3. Internal team and audit training
Questions that stakeholders must have about oversight of public resources
- Do internal auditors have the training needed to do the job effectively?
- Are multidisciplinary teams in place to deal with diverse risks?
Yes. Collectively, the directorate’s staff have the knowledge, skills and abilities needed to do their work and fulfill their duties. For this report, 6 directorate staff members make up the internal audit function. This includes the Chief Audit Executive, 4 members of the internal audit team and 1 professional practices practitioner. The internal audit staff is made up of people with diverse backgrounds, qualifications and education.
Designation status as of June 6, 2024 |
Staff percentage |
|---|---|
% of staff with an internal audit or accounting designation (Certified Internal Auditor, Chartered Professional Accountant) |
16.6% |
% of staff with an internal audit or accounting designation in progress |
50% |
% of staff holding other designations (Internal Audit Practitioner, Certified Government Auditing Professional, Certified Information Systems Auditor) |
33.3% |
As of June 6, 2024, 3 staff members have accreditations (2 staff members are internal audit practitioners and 1 is a chartered professional accountant). Three staff members are currently working to obtain the Certified Internal Auditor designation and one is working towards the Internal Audit Practitioner designation.
4. Conformance with international standards
Questions that stakeholders must have about oversight of public resources
- Is internal audit work performed in conformance with the international standards, as required by Treasury Board of Canada Secretariat policy?
Yes. The directorate’s internal audit work meets international standards for the profession. The compliance attribute for measuring compliance is the date of the last briefing on the performance of the internal audit function to the Internal Audit Committee (including the results of internal assessments and any changes to audit methods, guidance and procedures) and the date of the directorate’s last external assessment.
Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ Code of Ethics and the Standards and the results of the Quality Assurance and Improvement Program |
June 6, 2024 |
|---|---|
Date of last external assessment |
March 2023 |
5. Implementation of risk-based audit plan
Questions that stakeholders must have about oversight of public resources
- Are risk-based audit plans submitted to audit committees, approved by deputy heads and implemented as planned with resulting reports published?
- Is management acting on audit recommendations for improvements to departmental processes?
Yes. The internal audits conducted by the directorate were planned based on the approved Risk-based Internal Audit and Evaluation Plan 2023-25. An update on the implementation of year 1 of the plan is provided in Table 1. A list of internal audit engagements in progress or planned for tabling in fiscal year 2024 to 2026 is provided in Table 2.
Audit title |
Audit status |
Report approved date |
Report published date |
Original planned management action plan completion date |
Implementation status |
|---|---|---|---|---|---|
Review of Technical Debt |
Unpublished; management action plan (MAP) not fully implemented |
June 2022 |
Not applicable |
Q4 2022 to 2023 |
90% |
Published; MAP not fully implemented |
March 2023 |
July 2023 |
Q3 2023 to 2024 |
20% |
|
Audit of IT Security |
Unpublished; MAP not fully implemented |
June 2023 |
Not applicable |
Q1 2025 to 2026 |
0% |
Published; MAP not fully implemented |
November 2023 |
February 2024 |
Q3 2022 to 2023 |
70% |
|
Health Check of GC Jobs Transformation - Estimation |
Unpublished; MAP not applicable |
November 2023 |
Not applicable |
Not applicable |
Not applicable |
Consultation on data and incident management for the Veterans Hiring Act |
Unpublished; MAP not fully implemented |
In progress |
Not applicable |
Not applicable |
Not applicable |
Audit of PSC Human Resources Planning |
Cancelled |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Joint Audit and Evaluation of the PSC’s Oversight and Monitoring Activities |
Cancelled |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Joint Audit and Evaluation on PSC Well-being Initiatives |
Cancelled |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Audit title |
Audit status |
|---|---|
Consultative engagement on PSC’s data landscape |
In progress |
Consultative engagement on operational governance |
Planned |
6. Credibility and value of the internal audit
Questions that stakeholders must have about oversight of public resources
- Is internal audit credible and does it add value in support of our mandate and strategic objectives?
Yes. Based on the results of the internal audit self-assessment tabled at the June 2024 Internal Audit Committee meeting, the internal audit function is credible, meets the expectations of the President, the Internal Audit Committee and senior management, and adds value to the organization.
Successful audit practices were identified in the internal audit assessment. They included the overall strong level of support across the PSC on the importance of maintaining an internal audit function. As well, the internal assessment identified clear and agile communications (preliminary findings meetings, interviews and opportunities to provide feedback) between the internal audit team, offices of primary interest and stakeholders throughout the engagements, which ensured that the final products were delivered to achieve favourable satisfaction ratings. Furthermore, the update of the management and response action plan template that included a new progress rating system, guidelines and SMART principles for preparing new plans, was identified as a good audit practice.
The most recently completed external assessment, which was tabled at the March 2023 Internal Audit Committee meeting, found that the function continues to generally conform to all applicable internal audit standards.
Page details
- Date modified: