Key Compliance Attributes of Internal Audit

Key Compliance Attributes are published as required under the Directive on Internal Audit.

  • A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
  • A. Performance results for the internal audit function.

These results, or key attributes demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit and are achieving results.

Performance indicators Key compliance attribute Results Internal audit comments
(as necessary)
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 100%  
% of staff with an internal audit or accounting designation (CIA, CPA) in progress 0%  
% of staff holding other designations. 100% Other designations held by internal audit staff:

Certified Fraud Examiner (CFE)
Certified Financial Crime Specialist (CFCS)
Certificate in Risk Management Assurance (CRMA)
Certified Information Systems Auditor (CISA)
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) May 2019  
Date of last external assessment May 2019  
Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? RBAPs and related information:
  • name/status of audit for the current fiscal year of the RBAP
  • date the audit report was approved
  • date the audit report was published
  • original planned date for completion of all management action plan (MAP) items
  • status of MAP items
See table below  
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. N/A Due to the small size of the internal audit team and CGC’s ADM-level equivalent positions posting of result would limit confidentiality of satisfaction surveys. Ongoing dialogue with senior management occurs to ensure internal audit engagements are relevant and useful.

Note: Additions and adjustments to the internal audits listed in the Departmental Plan may occur in order to address emerging risks and priorities of the organization.

Why publish key compliance attributes of internal audit?

Execution of the Audit Plan as of June 30, 2022
Internal audit title Audit status Report approved date Report published date Original planned MAP completion date MAP implementation status
Audit of cybersecurity practices Complete March 1, 2022 Details will not be released due to security considerations - -
Audit of design and operating effectiveness of entity level controls Complete November 9, 2021 February 9, 2022 March 31, 2023* 25%
Information technology general controls review Complete November 30, 2021 N/A April 15, 2023* 50%
Review of data classification and open data processes Planned - - - -
Review of Grain Research Laboratory project selection In progress - - - -
Audit of external and internal communication practices Planning underway - - - -

*Where multiple management action plans exist, the latest date has been displayed.

Date modified: