Chapter 2.9: Internal audit

Context

Internal audit is an independent and objective professional evaluation function that employs a rigorous evidence-based approach. Its purpose is to evaluate and improve the effectiveness of the risk management, control and governance processes.

The objective of internal audit is therefore to help improve public sector management by providing a solid, credible, effective and viable internal audit function within departments and in the government as a whole. The end goal is to ensure the probity and good governance of public expenditures.

Internal audit provides added value by evaluating the risk management, control and governance processes and contributing to their improvement. It also helps the agency to effectively meet its objectives and make enlightened, ethical and responsible decisions.

Internal audit, like program evaluation (see Chapter 2.8), is part of a sound management cycle, helping provide managers with information so that they can improve the programs for which they are responsible.

Internal audit at Statistics Canada enables the chief statistician, as deputy head of the agency, to receive independent assurance and advice from the Departmental Audit Committee about the effectiveness of the risk management process and of the internal control and governance systems in place. The committee is made up of people who do not work for the Canadian public service. This assurance is provided by gathering evidence and conducting systematic, objective and independent analysis of that evidence. The results are then reported to management.

Several, laws, policies and directives are used to support the development strategies of the internal audit function and government priorities, in particular:

Strategies, mechanisms and tools used

Implementation of the independent internal audit process at Statistics Canada follows the steps below:

• Implementation of the Departmental Audit Committee, whose members are outside the Government of Canada;
• Development and implementation of a three-year risk-based audit plan;
• Creation of work teams with sufficient knowledge and qualifications to achieve the internal audit objectives;
• Development of internal audit frameworks and calibration of their scope to satisfy client needs;
• Conduct of audits and preparation of report recommendations by the Departmental Audit Committee for approval by the chief statistician;
• Publication of internal audit reports on the Internet in compliance with the Access to Information Act and the Privacy Act;
• Preparation by the chief audit executive of the annual audit report on governance mechanisms, risk management and internal control systems;
• Follow-up on recommendations and on the progress of internal and external audit action plans and Departmental Audit Committee reports;
• Observance and compliance with standards and professional rigour in conducting internal audits.

With respect to governance, the chief statistician, as deputy head of Statistics Canada, is responsible for establishing and maintaining an independent Departmental Audit Committee. Most members of this committee were recruited from outside the federal public administration. The Departmental Audit Committee is an essential component of governance and the internal audit regime. The role of the Committee is to formulate objective recommendations and advice for the deputy head regarding the relevance and functioning of the department's risk management, control and governance frameworks and processes. The committee's activities include promoting and providing advice on the recruitment and development of human resources needed to conduct statistical analyses, and providing advice on the methodological, IT and communication aspects of analytical activities at Statistics Canada. The Committee is also a forum for communication and mutual enrichment and makes recommendations on general analysis and development priorities across the agency.

The Committee meets in person three to four times a year, and holds two to three meetings by teleconference, if needed.

Key success factors

The hierarchical independence of the chief audit executive and the creation of a Departmental Audit Committee made up of members external to the government consolidate the credibility and trust in the internal audit function.

Furthermore, because this function has the engagement and support of senior management, it receives the resources needed to fulfill its role and the associated responsibilities.

Achieving important mandates in a timely manner, while taking into account the resources available and targeting the greatest risks facing the agency, reinforces the importance and relevance of the function within Statistics Canada.

Lastly, external activities such as the establishment of partnerships, maintenance of interpersonal relationships, outreach with the audit community and support of the Comptroller General strengthen the function within the government and make it possible to share best practices.

Challenges

Given the risks and manager expectations, the scope of audit is somewhat delicate to implement. Some situations can create a dilemma or uneasiness, since key messages must be communicated within a complex environment and information on improvements to be made to existing risk management and control processes is published externally.

The last challenge pertains to the difficulty of recruiting internal auditors, given the shortage of this profile in the labour market and the certifications and language profile required for staffing.

Bibliography

Government of Canada (2013). Policy on Internal Audit.Consulted on the 31st of March 2016 and retrieved from http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16484.

Government of Canada (2012). Directive on Internal Auditing in the Government of Canada.Consulted on the 31st of March 2016 and retrieved from http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=25610.