Directive on Internal Audit

The Directive on Internal Audit supports the objectives of the Policy on Internal Audit by setting out the responsibilities for Chief Audit Executives related to internal audit and providing the mandatory procedures for internal auditing in the Government of Canada that supplement the Institute of Internal Auditors Professional Practices Framework. The Directive also provides the mandatory attributes of the composition and the operations of Departmental Audit Committees and details on requirements for their operations.
Date modified: 2017-04-01

More information

Policy:

Hierarchy

Archives

This directive replaces:

View all inactive instruments
Print-friendly XML

1. Effective date

  • 1.1This directive takes effect on .
  • 1.2This directive replaces the following Treasury Board policy instruments:
    • Directive on Internal Auditing in the Government of Canada ()
    • Internal Auditing Standards for the Government of Canada ()

2. Authorities

  • 2.1This directive is issued pursuant to the authorities indicated in section 2 of the Policy on Internal Audit.

3. Objectives and expected results

  • 3.1The objectives indicated in section 3 of the Policy on Internal Audit apply to this directive.
  • 3.2The expected results indicated in section 3 of the Policy on Internal Audit apply to this directive.

4. Requirements

  • 4.1The chief audit executive is responsible for the following:
    • 4.1.1Applying the Institute of Internal Auditors’ International Professional Practices Framework in the department, unless the framework is in conflict with the Treasury Board Policy on Internal Audit or this directive; if there is a conflict, the policy or directive will prevail;
    • 4.1.2Establishing at least annually, and updating as required, a departmental risk-based audit plan that: spans multiple years; focuses primarily on providing assurance services; is recommended by the departmental audit committee and approved by the deputy head; and which considers the following:
      • 4.1.2.1Departmental areas of high risk and significance;
      • 4.1.2.2Horizontal audits led by the Comptroller General;
      • 4.1.2.3Planned audits led by external assurance providers and other departments as appropriate; and
      • 4.1.2.4Other oversight engagements, including, where the necessary expertise and capacity are in place, the option to provide consulting services to the organization, as a supplement to the assurance role and in accordance with the Institute of Internal Auditors’ International Professional Practices Framework.
    • 4.1.3Ensuring that the deputy head and the departmental audit committee are aware of the resource requirements for the internal audit function and the impact of resource decisions;
    • 4.1.4Ensuring the timely completion of internal audit engagements;
    • 4.1.5Reporting at least annually to the deputy head on whether the actions scheduled by management in response to audit recommendations, both internal and external, have been implemented; and
    • 4.1.6Ensuring that internal auditors have the appropriate qualifications, skills, and opportunities to maintain and develop their internal auditing competencies.

5. Roles of other government organizations

  • 5.1Not applicable.

6. Application

  • 6.1This directive applies to the organizations as listed in section 6.1 of the Policy on Internal Audit.

7. References

  • 7.1Legislation
    • Access to Information Act (section 22)
    • Financial Administration Act (section 16)
    • Privacy Act (sub-section 8(2)h)
    • Public Service Employment Act (section 30)
  • 7.2Related policy instruments
    • Foundation Framework for Treasury Board Policies
    • Policy on Communications and Federal Identity (subsections 6.3.1, 6.3.2, 6.3.4, 6.3.5 and 6.3.7)

8. Enquiries


Appendix A: Mandatory Procedures for Internal Auditing in the Government of Canada

A.1 Effective date

  • A.1.1These procedures take effect on .
  • A.1.2These procedures replace the Internal Auditing Standards for the Government of Canada ().

A.2 Procedures

  • A.2.1These procedures provide details on the requirements set out in section 4 of the Directive on Internal Audit.
  • A.2.2Internal audit in the federal public administration is carried out in accordance with the Institute of Internal Auditors’ International Professional Practices Framework and the following mandatory procedures:
    • A.2.2.1Departments must undertake internal audits of programs or services that are identified by the Comptroller General of Canada or the Secretary of the Treasury Board.
    • A.2.2.2Results of internal audit engagements must be finalized in a written report. An internal audit engagement report is considered completed when:
      • A.2.2.2.1It sets out the engagement’s objectives, scope and context, the criteria applied in the audit, the risks and opportunities for improvement identified by the audit, the recommendations, the statement of conformance, and the management response to recommendations;
      • A.2.2.2.2It has been reviewed and recommended by the departmental audit committee to the deputy head for approval; and
      • A.2.2.2.3It has been approved by the deputy head.
    • A.2.2.3Departments must meet public reporting requirements as prescribed by the Comptroller General of Canada and using Treasury Board of Canada Secretariat prescribed platforms, including:
      • A.2.2.3.1Performance results for the internal audit function; and
      • A.2.2.3.2A list of planned audit engagements for the coming fiscal year.

Appendix B: Mandatory Attributes of the Composition and Operations of Departmental Audit Committees

B.1 Attributes

  • B.1.1These attributes provide details on the requirements related to audit committees set out in section 4 of the Policy on Internal Audit.
  • B.1.2Mandatory attributes are as follows:
    • B.1.2.1Departmental audit committees are to reflect Canada’s diversity in terms of gender, official languages, Indigenous Canadians, minority groups and regional representation;
    • B.1.2.2Committee members are to execute their duties as described in section 4.5 of the Policy on Internal Audit. The Comptroller General of Canada has prescribed a list of the areas of management for committee review and established detailed responsibilities for each. These areas are:
      • Values and ethics
      • Risk management
      • Management control framework
      • Internal audit function
      • External assurance providers
      • Follow-up on management action plans
      • Financial statements and public accounts reporting
      • Accountability reporting
    • B.1.2.3 Committee members are to be familiar with financial reporting or are to become familiar with such reporting within the first year of their appointment. At least one external member is to be a financial expert holding a professional accounting designation in good standing, unless an exception is granted by the Comptroller General of Canada;
    • B.1.2.4 Committee members from within the federal public administration are to be limited to individuals at the level of deputy head, unless an exception is granted by the Comptroller General of Canada;
    • B.1.2.5 The chair of the departmental audit committee is to be from outside the federal public administration unless an exception is granted by the Comptroller General of Canada;
    • B.1.2.6 An external member of a departmental audit committee is to serve no more than two terms and up to a maximum of six years. A single term must not exceed four years;
    • B.1.2.7 Departments are to disclose proactively remuneration and expenses (including travel and hospitality) of individual external departmental audit committee members, in the time and manner prescribed by the Comptroller General of Canada; and
    • B.1.2.8 Audit committee members must disclose all new activities, interests or appointments in order for the department to assess whether they may impair, or be seen to impair, the member’s ability to discharge his or her duties in an independent and objective manner. This should be done at least annually and for the duration of the member’s term.

Appendix C: Definitions

Definitions to be used in the interpretation of this directive can be found in the appendix section of the Policy on Internal Audit.

Date modified: