Performance Measurement Results for the Office of Audit and Evaluation
Introduction
The Policy on Internal Audit and its associated Directive on Internal Audit came into force on April 1, 2017. The Directive on Internal Audit stipulates, “Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including: Performance results for the internal audit function (A.2.2.3, A.2.2.3.1)”.
The compliance attributes detailed below are intended to show an external audience that an internal audit function is in place and operating as intended.
The objective of the Policy on Internal audit is to “ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management."Footnote 1
Heads of government organizations are responsible for “ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors’ International Professional Practices Framework unless the framework is in conflict with this policy or its related directive; if there is a conflict, the policy or directive will prevail".Footnote 2
On March 9, 2018, the Office of the Comptroller General issued Technical Bulletin 2018-1: Policy on Internal Audit, which provided additional guidance on the Policy and Directive. One element of the bulletin was the requirement to post performance results commencing June 30, 2018.
Furthermore, the Office of the Comptroller General provided departments with a document titled, Why publish key performance compliance attributes of internal audit? to provide additional context for the request.
In accordance with the Office of the Comptroller General’s request and with the Policy, we are pleased to provide Shared Service Canada’s (SSC) Office of Audit and Evaluation key compliance attributes as defined by the Office of the Comptroller General.
Key compliance attributes of Internal Audit
Departments are required to publish selected key compliance attributes in order to provide pertinent information to stakeholders (Canadians, parliamentarians) regarding the professionalism, performance and impact of the internal audit function in departments. The compliance attributes noted below address staff designations and training, as well as quality assurance and improvement programs in internal audit.
Professional certifications and designations
The Office of Audit and Evaluation leverages multidisciplinary teams to ensure identified engagement risks are sufficiently and appropriately addressed. This is achieved by hiring staff with diverse backgrounds and experience, together with the engagement of technical experts and specialists on an as-needed basis.
As of March 31, 2021
Key compliance attribute | Response |
---|---|
1(a) Percent of staff with an internal audit or accounting designation (Certified Internal Auditor, or Chartered Professional Accountant). | Of the 18 staff at the Office of Audit and Evaluation who are auditors or do audit related work, 5 people, or 28%, have an internal audit or accounting designation. |
1(b) Percent of staff with an internal audit of accounting designation (Certified Internal Auditor or Chartered Professional Accountant) in progress. | Of the 18 staff at the Office of Audit and Evaluation who are auditors or do audit related work, 6 person, or 33%, have an internal audit or accounting designation in progress. |
1(c) Percent of staff holding other designations (e.g., Certified Government Auditing Professional, Certified Information Systems Auditor). | Of the 18 staff at the Office of Audit and Evaluation who are auditors or do audit related work, 5 people, or 28%, hold other relevant designations. |
Quality assurance and improvement program
As of March 31, 2021
Key compliance attribute | Response |
---|---|
2(a) Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluation conformance with the Institute of Internal Auditors’ Code of Ethics and the Standards and the results of quality assurance and improvement program. | On July 27, 2020, the OAE reported on its annual Internal Assessment of the internal audit practices at SSC performed for year 2020. The report details were shared with the DAC through the External Practice Inspection Report at the February 2021 DAC meeting. |
2(b) Date of the last external assessment. | The External Practice Inspection Final Report for SSC is dated February 8, 2021. |
Internal audit plan and related information
The following table is updated regularly, at a minimum twice annually to show the implementation status of the audit plan. Additions and adjustments to the internal audits listed in the Departmental Plan may occur in order to address emerging risks and priorities.
As of March 31, 2022
Internal Audit Status | Status | Date of approval | Date of Publication | Original planned date of Management Action Plan (MAP) | Status of completion of MAP (% of MAP completed) | |
---|---|---|---|---|---|---|
Audit Engagements from the 2017–18 Risk-based Audit Plan | ||||||
1 | Coordinated Audit of Cyber Security with Canada Revenue Agency | Approved - Not published | April 24, 2017 | N/A | March 31, 2018 | 83% |
2 | Coordinated Audit of IT Security with Treasury Board of Canada Secretariat | Approved - Not published | June 30, 2017 | N/A | March 31, 2018 | 100% |
3 | Coordinated Audit of IT Security with Employment Security and Development Canada | Approved - Not published | October 12, 2018 | N/A | March 31, 2023 | 83% |
Audit Engagements from the 2018-19 Risk-based Audit Plan | ||||||
4 | Audit of Patch Management | In Progress | — | — | — | — |
5 | Audit of Logical Access Controls | Approved - Not published | July 27, 2020 | N/A | March 30, 2023 | 35% |
Audit Engagements from the 2019–20 Risk-based Audit Plan | ||||||
6 | Information Supporting Governance Committees | Published - MAP not fully implemented | May 3, 2021 | July 14, 2021 | March 31, 2023 | 0% |
7 | Audit of Wide Area Network Bandwidth / Capacity Planning and Operation | In Progress | — | — | — | — |
8 | Audit of the Management of Customer Revenue Agreements | Published - MAPs fully implemented | September 22, 2020 | December 20, 2020 | December 31, 2020 | 100% |
9 | Audit of Security Assessment and Authorization | Published - MAP not fully implemented | June 6, 2020 | December 18, 2020 | September 30, 2021 | 67% |
Audit Engagements from the 2020–21 Risk-based Audit Plan | ||||||
10 | Audit of Workload Migration (WLM) | In Progress | — | — | — | — |
11 | Audit of IT Continuity | In Progress | — | — | — | — |
Adding value
As of March 31, 2021
Senior management perception of the added value of audit recommendations and processes to improve controls, governance and risk management.
For the reporting period of October 1st, 2020 to March 31st, 2021, of 4 respondents to 2 surveys, 50% reported them as excellent, 25% reported them as good and 25% reported them as poor.
The Office of Audit and Evaluation will continue its efforts to improve these ratings.
Page details
- Date modified: