Key Compliance Attributes of Internal Audit

Key Compliance Attributes are published as required under the Directive on Internal Audit.

  • A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
  • A. Performance results for the internal audit function.

These results, or key attributes demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit and are achieving results.

Performance indicators Key compliance attribute Results Internal Audit comments
(as necessary)
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 100%
% of staff with an internal audit or accounting designation (CIA, CPA) in progress 0%
% of staff holding other designations. 100% Other designations held by internal audit staff:

Certified Fraud Examiner (CFE)
Certified Financial Crime Specialist (CFCS)
Certificate in Risk Management Assurance (CRMA)
Certified Information Systems Auditor (CISA)
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) May 2019
Date of last external assessment May, 2019
Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? RBAPs and related information:
  • name/status of audit for the current fiscal year of the RBAP
  • date the audit report was approved
  • date the audit report was published
  • original planned date for completion of all management action plan (MAP) items
  • status of MAP items
See table below
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. N/A Due to the small size of the internal audit team and CGC’s ADM-level equivalent positions posting of result would limit confidentiality of satisfaction surveys. Ongoing dialogue with senior management occurs to ensure internal audit engagements are relevant and useful

“additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization”.

Why Publish Key Compliance Attributes of Internal Audit?

Execution of the Audit Plan as of June 30, 2021
Internal audit title Audit status Report approved date Report published date Original planned MAP completion date MAP implementation status
Review of Analytical Services Approved – Not published November 5, 2020 N/A March 31, 2021 17%
Audit of Cybersecurity Practices In progress - - - -
Audit of Entity Level Controls In progress - - - -
Information Technology General Controls Review Planned - - - -
Review of Data Classification and Open Data Processes Planned - - - -
Audit of Grain Research Lab Project Selection Planned - - - -
Date modified: