Key Compliance Attributes of Internal Audit
Key Compliance Attributes are published as required under the Directive on Internal Audit.
- A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
- A.2.2.3.1 Performance results for the internal audit function.
These results, or key attributes demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit and are achieving results.
| Performance indicators | Key compliance attribute | Results | Internal audit comments (as necessary) |
|---|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 100% | |
| % of staff with an internal audit or accounting designation (CIA, CPA) in progress | 0% | ||
| % of staff holding other designations. | 100% | Other designations held by internal audit staff: Certified Fraud Examiner (CFE) Certified Financial Crime Specialist (CFCS) Certificate in Risk Management Assurance (CRMA) Certified Information Systems Auditor (CISA) |
|
| Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) | May 2019 | |
| Date of last external assessment | May 2019 | ||
| Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? | RBAPs and related information:
|
See table below | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | N/A | Due to the small size of the internal audit team and CGC’s ADM-level equivalent positions posting of result would limit confidentiality of satisfaction surveys. Ongoing dialogue with senior management occurs to ensure internal audit engagements are relevant and useful. |
Note: Additions and adjustments to the internal audits listed in the Departmental Plan may occur in order to address emerging risks and priorities of the organization.
| Internal audit title | Audit status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|
| Audit of cybersecurity practices | Complete | March 1, 2022 | Details will not be released due to security considerations | - | - |
| Audit of design and operating effectiveness of entity level controls | Complete | November 9, 2021 | February 9, 2022 | March 31, 2023* | 25% |
| Information technology general controls review | Complete | November 30, 2021 | N/A | April 15, 2023* | 50% |
| Review of data classification and open data processes | Planned | - | - | - | - |
| Review of Grain Research Laboratory project selection | In progress | - | - | - | - |
| Audit of external and internal communication practices | Planning underway | - | - | - | - |
*Where multiple management action plans exist, the latest date has been displayed.
- Date modified: