This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
1.1 This policy takes effect on April 1, 2006, replacing the 2001 Policy on Internal Audit.
1.2 The implementation of this policy will be phased in between the effective date of the policy and April 1, 2009. A review of the implementation will be conducted six months prior to Aprilá1, 2009, to determine if changes to the policy are required.
2.1 This policy applies to departments and agencies defined as departments within the meaning of section 2 of the Financial Administration Act. Throughout this policy, the terms "government-wide" and "across government" refer to these departments.
2.2 For the purposes of this policy, Treasury Board has established criteria for designating departments as small departments and agencies (SDAs). These criteria are provided in section 5.4.1 below. All other departments are referred to as large departments and agencies (LDAs).
3.1 This policy is issued pursuant to paragraph 7.(1) (a) of the Financial Administration Act.
3.2 This policy is designed to ensure that, at both departmental and government-wide levels, internal audit and audit committees provide deputy heads and the Comptroller General, respectively, with added assurance, independent from line management, on risk management, control, and governance processes. (The terms risk management, control, and governance processes are defined in The Professional Practices Framework published by the Institute of Internal Auditors, January 2004.)
3.3 While deputy heads, in the context of the Treasury Board Secretariat Management Accountability Framework, are responsible for the systems of internal controls in their departments, this policy provides a clear and integrated assignment of responsibilities for internal auditing between deputy heads and the Comptroller General that supports strong internal auditing across government.
4.1 The objective of the policy is to strengthen public sector accountability, risk management, resource stewardship and good governance by reorganizing and bolstering internal audit on a government-wide basis.
4.2 In that context, Treasury Board has decided that:
4.2.1 The Government of Canada sustain a strong, credible internal audit regime that has the confidence of the government, contributes directly to effective risk management, sound resource stewardship and good governance, and is repositioned as a key underpinning of governance within departments and agencies and across government.
4.2.2 The government ensure the real and perceived independence of internal audit from line management by introducing:
4.2.3 All departments and agencies, and the government as a whole, be supported by professional and comprehensive internal audit coverage through a changed delivery model in which:
4.2.4 The Comptroller General is responsible for focused, sustained functional leadership of internal audit across government in order to build and develop capacity; ensure adequate levels of professionally qualified resources; and ensure adherence to professional standards and rigorous methodology in the delivery of internal audits.
4.2.5 Chief audit executives provide annual holistic opinions to deputy heads and audit committees on the effectiveness and adequacy of risk management, control, and governance processes in their departments, as well as reporting on individual risk-based audits. Similarly, it was decided that the Comptroller General report annually to Treasury Board on the state of risk management, control and governance processes across government, addressing fundamental controls, including basic reporting controls for financial statements, thematic or sectoral controls, and the results of risk-based internal audit work carried out within departments.
5.1 The term "deputy head" is used in this policy in the broad sense assigned to it by sectioná11 of the Financial Administration Act. It includes deputy ministers, heads of agencies, chief executive officers, and statutory or designated deputy heads.
5.2 This policy recognizes that departments are diverse in size and risk. The requirements below distinguish among those applicable to deputy heads of large departments, deputy heads of SDAs, and those that apply to all deputy heads.
5.3 Deputy heads of large departments (all departments other than those designated as SDAs) are responsible for:
5.3.1 Establishing an internal audit function that is appropriately resourced and that operates in accordance with this policy and professional internal auditing standards.
5.3.2 Establishing an independent departmental audit committee that includes a majority of external members who are not currently in the federal public service. (Requirements relating to the role, responsibilities and membership of the departmental audit committee are described in Directive on Departmental Audit Committees.)
5.3.3 Appointing a qualified chief audit executive at a senior executive level, reporting to the deputy head, to lead and direct the internal audit function. (Directive on Chief Audit Executives, Internal Audit Plans, andáSupportáto theáComptroller General sets out additional requirements for chief audit executives. The Comptroller General's Guidelines on the Responsibilities of Chief Audit Executives and Guidelines on Expected Qualifications of Chief Audit Executives provide advice on the responsibilities and expected qualifications of chief audit executives.)
5.3.4 Approving a departmental internal audit plan that addresses all areas of higher risk and significance, including audits identified by the Comptroller General as part of government-wide or sectoral coverage, and designed to support an annual opinion from the chief audit executive on departmental risk management, control, and governance processes. (Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General sets out additional requirements for departmental internal audit plans.)
5.3.5 Ensuring appropriate internal audit coverage for special operating agencies and other entities within their departments and under their control.
5.4.1 For the purpose of designating departments as SDAs under this policy, the two criteria of fewer than 500 full-time equivalents and a reference-level of less than $300 million per year will apply for all departments except agents of Parliament (Office of the Auditor General, Office of the Chief Electoral Officer, Office of the Commissioner of Official Languages, Office of the Information Commissioner and Office of the Privacy Commissioner), which are treated as LDAs. Any exclusions to the application of these criteria will require the approval of the Treasury Board, providing the SDA has the demonstrated capacity to fully meet the expectations set out in this policy for LDAs, on an ongoing basis, either on its own or via the provisions of such capacity by the leadership of the portfolio of the departments/agencies to which the SDA is accountable. Similarly, any exceptional additions to the list of SDAs will require the approval of Treasury Board and will be treated on a case-by-case basis. For both exclusions and additions, the Comptroller General will provide an independent assessment.
5.4.2 The Comptroller General will conduct horizontal and other audits on SDAs each year and will provide deputy heads with copies of all relevant audit reports. Recognizing that SDAs vary in terms of size and risk, in many cases deputy heads may decide that the work performed by the Comptroller General fully meets their internal audit requirements. However, considering the risk profile and control environment of their departments, deputy heads must decide whether further internal audits are necessary. If further work is needed, the deputy head shall approve an internal audit plan.
5.4.3 When deputy heads of SDAs need internal auditing work beyond that conducted by the Comptroller General, but do not have enough work or resources to sustain a credible, professional internal audit function, the Comptroller General will facilitate access to independent, qualified internal auditing resources.
5.4.4 When an SDA conducts an internal audit, the deputy head must ensure that the internal auditing work meets the Internal Auditing Standards of the Government of Canada as prescribed by the Comptroller General.
5.4.5 When an SDA conducts an internal audit, the deputy head must ensure that the audit work is overseen and guided by an independent audit committee. The deputy head must establish a departmental audit committee in accordance with Directive on Departmental Audit Committees, or a joint independent audit committee with other portfolio-related departments, or arrange with the Comptroller General to have access to the SDA Audit Committee.
5.5.1 Putting in place effective procedures to ensure systematic review of control and accountability processes in their departments.
5.5.2 Taking into account the results of internal audits conducted by the Comptroller General.
5.5.3 Ensuring that the audit committee receives all of the information and documentation needed or requested to fulfill its responsibilities, subject to applicable legislation.
5.5.4 Ensuring that management action plans are prepared that adequately address the recommendations and findings arising from internal audits, and that the action plans have been effectively implemented.
5.5.5 Ensuring that completed audit reports are:
5.5.6 Ensuring that the respective Minister is briefed periodically on significant items arising from the work of internal audit and the audit committee. It is expected that the Minister would meet annually in camera with the Internal Audit Committee for assurance regarding risk management, control and audit systems. It is also expected that the deputy head would routinely be briefed by the Audit Committee on their assurance findings.
5.5.7 Ensuring that the Office of the Comptroller General and its agents, for the purpose of carrying out assigned responsibilities, are given:
5.6.1 Treasury Board has assigned specific responsibilities to the Comptroller General for the functional leadership and monitoring of internal auditing across government, for horizontal auditing in LDAs and SDAs, and for the support of information technology and forensic auditing. These responsibilities are described in the Appendix.
5.6.2 Treasury Board also requires the Comptroller General to report annually to the Board on:
5.6.3 Treasury Board has delegated to the Comptroller General the authority to issue such operational directives, standards and guidelines as are necessary to support this policy.
5.7.1 Deputy heads are responsible for monitoring adherence to this policy in their departments. Departments should have measures in place, as appropriate, to ensure:
5.7.2 Departmental audit committees will prepare annual reports to their deputies on their activities, including assessments of the internal audit functions. These reports will be made available to the Comptroller General.
5.7.3 The Comptroller General is responsible for government-wide leadership of internal audit, and for directing horizontal audits, including focused horizontal and other audits in SDAs.At a minimum, the Comptroller General should have measures in place to ensure:
5.7.4 The Comptroller General will report annually to Treasury Board on the implementation of this policy and on the effectiveness of the internal audit function across government, based on the analysis of internal audit plans and reports, practice inspections of departmental internal audit functions, audit committee reports and work undertaken directly by the Comptroller General.
5.7.5 The Comptroller General will establish a framework to guide the evaluation of the policy; Treasury Board Secretariat will make sure an evaluation is conducted within five years.
6.1 If, as a result of this monitoring, it is apparent that a department has not complied with this policy, consequences that are applicable to all Treasury Board policies, and as set out in the Financial Administration Act, will apply.
Institute of Internal Auditors (IIA): The Professional Practices Framework
Canadian Institute of Chartered Accountants (CICA) Handbook
Results for Canadians: A Management Framework for the Government of Canada
Treasury Board of Canada Secretariat Management Accountability Framework
Treasury Board of Canada Secretariat Integrated Risk Management Framework
Please send any questions about this policy to:
Office of the Assistant Comptroller General, Internal Audit
Treasury Board of Canada Secretariat
300 Laurier Avenue West
Fax: (613) 952-3698
As directed by the Treasury Board, the Comptroller General must: