NSERC
2024-2025 Key Compliance Attributes of the Corporate Internal Audit Division

Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3.1 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.

More information regarding the rationale behind publishing these attributes can be found on the Office of the Comptroller General’s website through the following link, Why publish key compliance attributes of internal audit?

Table 1 – Key compliance attributes – April 1, 2024 to March 31, 2025
Table 1 – Key compliance attributes – FY 2024-2025
Performance indicators Key compliance attributes Results
1. Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risk? 1a. % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional accountant (CPA)) (a) 100% of internal audit staff have either a CIA or a CPA.
1b. % of staff with an internal audit or accounting designation (CIA, CPA) in progress (b) Not applicable
1c. % of staff holding other professional designations (Certified Government Audit Professional (CGAP), Certified Information Systems Auditor (CISA), etc.) (c) 50% of internal audit staff have other professional designations (CGAP, CRMA, CISA, CFE).
2. Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? 2a. Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP). (a) The last comprehensive briefing to the Audit Committee was in April 2024.
2b. Date of last external assessment. (b) The last external assessment was completed in April 2024.
3. Are Risk-based Audit Plans submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? 3. Risk-based Audit Plan and related information:
  1. name of engagement for the current fiscal year of the Risk-based Audit Plan
  2. status of engagement for the current fiscal year of the Risk-based Audit Plan
  3. date the engagement report was approved
  4. date the engagement report was published
  5. original planned date for completion of all management action plan (MAP) items
  6. status of MAP items

The 2025-26 to 2027-28 RBAP was submitted to the audit committee on June 18, 2025, and approved by the deputies in July 2025.

For a) to f), refer to Table 2.

4. Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? 4. Average overall usefulness rating of areas audited. Senior management of areas audited rated the overall usefulness of our work as excellent (90%).
Table 2 – Audit plan and related information
Table 2 – Audit plan and related information
Internal audit Engagement status Report approved date Report published date Original planned MAP completion date Implementation Status
Audit of the Tri-Agency Grants Management System Published: MAP not fully implemented December 2021 April 2022 December 2022 67%
Consulting Engagement – Departmental Security Plan Approved: not published November 2022 n/a July 2023 100%
Audit of IT Security Published: MAP not fully implemented July 2021 October 2021 July 2022 80%
Advisory engagement – Lessons Learned on Workplace Renewal Approved: not published May 2024 n/a n/a n/a
Advisory Engagement – Assessment of Governance Approved: not published July 2024 n/a n/a n/a
Advisory Engagement – Data Centre Move Readiness Assessment Presented to Audit Committee: not published November 2024 (Date of presentation) n/a n/a n/a
Audit of Procurement Approved: Will be published July 2025 TBD March 2026 n/a
Advisory Engagement – Tri-Agency Grants Management Solution (TGMS) Examination n/a n/a n/a n/a