Key Compliance Attributes of Internal Audit

Key Compliance Attributes are published as required by the Treasury Board Directive on Internal Audit.

These results, or key compliance attributes, demonstrate that the fundamental elements necessary for oversight are in place in the organization, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.

Performance indicators Key compliance attribute Results Internal audit comments
(as necessary)
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) 100% There are 2 staff members, including the Chief Audit and Evaluation Executive, dedicated to the internal audit function of the Audit and Evaluation division. Both staff members have multiple designations.
% of staff with an internal audit or accounting designation (CIA, CPA) in progress 0%  
% of staff holding other designations. 100% Other designations held by internal audit staff:

Certified Fraud Examiner (CFE)
Certified Financial Crime Specialist (CFCS)
Certificate in Risk Management Assurance (CRMA)
Certified Information Systems Auditor (CISA)
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) November 2022 In preparation for the external practice assessment, the external consultant conducted a preliminary internal assessment in fall 2022, which concluded that the CGC’s Audit Services work falls within the standards required.
Date of last external assessment May 2019 The next external assessment is planned for Q1 of the 2023 to 2024 fiscal year.
Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? RBAPs and related information:
  • name/status of audit for the current fiscal year of the RBAP
  • date the audit report was approved
  • date the audit report was published
  • original planned date for completion of all management action plan (MAP) items
  • status of MAP items
See table below  
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. N/A Due to the small size of the internal audit team and CGC’s ADM-level equivalent positions, posting of result would limit confidentiality of satisfaction surveys. Ongoing dialogue with senior management occurs to ensure internal audit engagements are relevant and useful.
Execution of the risk-based audit and evaluation plan as of June 30, 2023
Internal audit title Audit status Report approved date Report published date Original planned MAP completion date MAP implementation status
Audit of cybersecurity practices Approved – Not published March 1, 2022 Details will not be released due to security considerations - -
Audit of entity-level controls Published – MAP not fully implemented November 9, 2021 February 9, 2022 March 31, 2023* 63%
Information technology general controls review Approved – Not published November 30, 2021 - April 15, 2023* 88%
Review of data classification and open data processes PostponedFootnote 1 - - - -
Review of Grain Research Lab project selection Approved – Not published November 3, 2022 - March 31, 2023* 100%
Audit of external and internal communication practices In progress - - - -
Project health check review In progress - - - -
Service fees calculation methodology review In progress - - - -

*Where multiple MAPs exist, the latest date is displayed.

Date modified: