Key Compliance Attributes of Internal Audit
Key Compliance Attributes are published as required under the Directive on Internal Audit.
- A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
- A.2.2.3.1 Performance results for the internal audit function.
These results, or key attributes demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit and are achieving results.
| Performance indicators | Key compliance attribute | Results | Internal Audit comments (as necessary) |
|---|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 100% | |
| % of staff with an internal audit or accounting designation (CIA, CPA) in progress | 0% | ||
| % of staff holding other designations. | 100% | Other designations held by internal audit staff: Certified Fraud Examiner (CFE) Certified Financial Crime Specialist (CFCS) Certificate in Risk Management Assurance (CRMA) Certified Information Systems Auditor (CISA) |
|
| Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) | May 2019 | |
| Date of last external assessment | May, 2019 | ||
| Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? | RBAPs and related information:
|
See table below | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | N/A | Due to the small size of the internal audit team and CGC’s ADM-level equivalent positions posting of result would limit confidentiality of satisfaction surveys. Ongoing dialogue with senior management occurs to ensure internal audit engagements are relevant and useful |
“additions and adjustments to the internal audits listed in the Departmental Plan may have occurred in order to address emerging risks and priorities of the organization”.
| Internal audit title | Audit status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|
| Review of Analytical Services | Approved – Not published | November 5, 2020 | N/A | March 31, 2021 | 17% |
| Audit of Cybersecurity Practices | In progress | - | - | - | - |
| Audit of Entity Level Controls | In progress | - | - | - | - |
| Information Technology General Controls Review | Planned | - | - | - | - |
| Review of Data Classification and Open Data Processes | Planned | - | - | - | - |
| Audit of Grain Research Lab Project Selection | Planned | - | - | - | - |
- Date modified: