Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3.1 of the
More information regarding the rationale behind publishing these attributes can be found on the Office of the Comptroller General’s website through the following link,
| Performance indicators | Key compliance attributes | Results |
|---|---|---|
| 1. Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risk? | 1a. % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional accountant (CPA)) | (a) 100% of internal audit staff have either a CIA or a CPA. |
| 1b. % of staff with an internal audit or accounting designation (CIA, CPA) in progress | (b) Not applicable | |
| 1c. % of staff holding other professional designations (Certified Government Audit Professional (CGAP), Certified Information Systems Auditor (CISA), etc.) | (c) 50% of internal audit staff have other professional designations (CGAP, CRMA, CISA, CFE). | |
| 2. Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | 2a. Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP). | (a) The last comprehensive briefing to the Audit Committee was in April 2024. |
| 2b. Date of last external assessment. | (b) The last external assessment was completed in April 2024. | |
| 3. Are Risk-based Audit Plans submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? | 3. Risk-based Audit Plan and related information:
|
The 2025-26 to 2027-28 RBAP was submitted to the audit committee on June 18, 2025, and approved by the deputies in July 2025. For a) to f), refer to |
| 4. Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | 4. Average overall usefulness rating of areas audited. | Senior management of areas audited rated the overall usefulness of our work as excellent (90%). |
| Internal audit | Engagement status | Report approved date | Report published date | Original planned MAP completion date | Implementation Status |
|---|---|---|---|---|---|
| Audit of the Tri-Agency Grants Management System | Published: MAP not fully implemented | December 2021 | April 2022 | December 2022 | 67% |
| Consulting Engagement – Departmental Security Plan | Approved: not published | November 2022 | n/a | July 2023 | 100% |
| Audit of IT Security | Published: MAP not fully implemented | July 2021 | October 2021 | July 2022 | 80% |
| Advisory engagement – Lessons Learned on Workplace Renewal | Approved: not published | May 2024 | n/a | n/a | n/a |
| Advisory Engagement – Assessment of Governance | Approved: not published | July 2024 | n/a | n/a | n/a |
| Advisory Engagement – Data Centre Move Readiness Assessment | Presented to Audit Committee: not published | November 2024 (Date of presentation) | n/a | n/a | n/a |
| Audit of Procurement | Approved: Will be published | July 2025 | TBD | March 2026 | n/a |
| Advisory Engagement – Tri-Agency Grants Management Solution (TGMS) | Examination | n/a | n/a | n/a | n/a |