Compliance Attributes for the Internal Audit Function - December 2024
PDF Version (861 KB, 3 pages)
Key compliance attributes are published in accordance with the Office of the Comptroller General of Canada (OCG) Technical Bulletin 2023-1: Policy on Internal Audit. It states that:
A.2.2.3 Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada.
These key compliance attributes demonstrate that the fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit, and are achieving results.
Key Compliance Attributes
Professional Qualifications
Members of the internal audit team are trained to do their job effectively. Multidisciplinary teams are in place to address diverse risks. The breakdown of the internal audit staff professional qualifications is shown in Figure 1.
The bubble chart in Figure 1 shows the breakdown of the internal audit staff qualifications as of December 31, 2024.
- Certified Internal Auditor (CIA)/Chartered Professional Accountant (CPA) Designations: 43%
- Accounting or other designation in progress: 14%
- Other Designations: 0%
- CRM: Canadian Risk Management
- CRMA: Certification in Risk Management Assurance
- CISA: Certified Information Systems Auditor
- CGAP: Certified Government Auditing Professional
- PMP: Project Management Professional
Text alternative for Figure 1. Internal audit staff qualifications as of December 31, 2024
- 43% of the audit team has CIA/CPA Designations
- 14% of the audit team has an accounting or other designation in progress
- 0% of the audit team has another designation (CRM/CRMA/CISA/CGAP/PMP)
Conformance with the International Standards
The Audit and Assurance Services Branch's internal audit work conforms to international standards for the profession. The last external audit assessment was completed in May 2022. The most recent internal assessment was presented on January 24, 2024, at the Departmental Audit Committee. The presentations consisted of an update on:
- The scope and frequency of both the internal and external assessments
- The qualifications and independence of the assessor(s) or assessment team, including whether or not there were any potential conflicts of interest
- Conclusions of assessors
- Corrective action plans
- Internal process, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditor's Code of Ethics and Standards
- Results of the Internal Audit Branch's Quality Assurance and Improvement Program
The internal audits conducted by the Audit and Assurance Services Branch are planned and based on the approved Risk-Based Audit Plan. The audits and the implementation status of their Management Action Plan (MAP) are listed in Table 1. Additions and adjustments to the internal audits may occur in order to address emerging risks and priorities of the organization.
| Internal Audit Title | Status | Report Approved Date |
Report Published Date |
Original Planned MAP Completion Date |
MAP Implementation Status as of Q1 2024-25 |
|---|---|---|---|---|---|
| Audit of Indigenous Services Canada's Information Technology Security (Focus on FNIHB Systems) | Approved – Not published: MAP not fully implemented | March 16, 2021 | N/A | September 1, 2021 | 80% implemented |
| Audit of the Implementation of Jordan's Principle | Published: MAP fully implemented | October 21, 2019 | October 28, 2020 | September 30, 2021 | 100% implemented |
| Audit of IT Security (Focus on Cybersecurity) | Approved – Not published: MAP not fully implemented | September 14, 2021 | N/A | June 30, 2022 | 90% Implemented |
| Audit of ISC's Processes to Support Participation in the 10-year Grants | Published: MAP fully implemented | September 27, 2022 | April 12, 2023 | December 31, 2023 | 100% implemented |
| Compliance Audit of the Terms and Conditions of the Income Assistance Program for COVID-19 Funding | Published: MAP not fully implemented | September 27, 2022 | April 12, 2023 | March 31, 2024 | 33% implemented |
| Audit of the Monitoring and Oversight of the Contribution Agreements Process | Published: MAP not fully implemented | December 15, 2022 | September 28, 2023 | March 31, 2024 | 63% implemented |
| Audit of the First Nations and Inuit Home and Community Care Program | Published: MAP not fully implemented | September 26, 2023 | January 12, 2024 | March 31, 2026 | 43% implemented |
| Audit of Assisted Living Program | Published: MAP not fully implemented | September 26, 2023 | January 31, 2024 | March 31, 2026 | 43% implemented |
| Audit of Data Governance | Published: MAP not fully implemented | September 26, 2023 | January 19, 2024 | March 31, 2026 | 71% implemented |
| Audit of Land Management | Published: MAP not fully implemented | January 24, 2024 | May 29, 2024 | March 31, 2026 | 71% implemented |
| Audit of the Mental Wellness Program | Published: MAP not fully implemented | May 14, 2024 | September 23, 2024 | March 31, 2026 | 0% implemented |
| Audit of the Elementary and Secondary Education and Education Facilities | In Progress | ||||
| Audit of Jordan's Principle | In Progress | ||||
| Audit of Litigation Management | In Progress | ||||
| Audit of the Procurement Strategy for Indigenous Business | In Progress |
Overall Usefulness of Internal Audits
Based on the post-audit survey results received, senior management agreed that overall the audits conducted were useful.