ARCHIVED - Internal Audit Committee
The Standard on Web Usability replaces this content. This content is archived because Common Look and Feel 2.0 Standards have been rescinded.
Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Terms of Reference
The Internal Audit Committee is an advisory body that is chaired by the Chairperson of the Military Police Complaints Commission. The Committee will provide an oversight and facilitation role on key aspects of audit, as well as on internal and quality control systems. Specifically, the Committee will:
- provide advice to assist the MPCC Chairperson in discharging his responsibilities for risk management, the design and operation of management control frameworks and the quality of financial and other performance information for decision-making and reporting;
- review and recommend approval of annual internal audit plans and budgets;
- review the scope, level of effort and timing of proposed internal audits;
- monitor timely conclusion of work and then review significant findings and recommendations, as well as comment on management's response to recommendations and monitor actual implementation of remedial plans;
- promote effectiveness of internal audit and highlight any unwarranted restrictions or limitations;
- if requested, facilitate communication with the Office of the Auditor General; and
- if requested, provide advice on external accountability reporting, whether the Annual Report or various reports to central agencies e.g. Public Accounts plates, Report on Plans and Priorities, Departmental Performance Report.
The MPCC will comply with the Internal Audit Policy Suite issued in October, 2005 by the Treasury Board Secretariat (TBS). To facilitate compliance, a copy of that policy document along with appendices, as amended from time to time, will comprise an addendum to these Terms of Reference. At least annually MPCC's Chief - Financial Services will highlight for the Committee any changes to TBS policy or any exceptions in compliance/variances in practice.
In compliance with the TBS Internal Audit Policy Suite of October 2005- Appendix C - the MPCC Chairperson will determine membership from time to time. Membership is as follows:
- MPCC Chairperson: Committee Chair;
- General Counsel and Secretary;
- Chief of Staff and Special Advisor to the Chairperson; and
- Independent advisor on internal audit matters.
The Committee reports to the Executive Committee. As a practical matter the Committee will meet, on an occasional agenda item, within the Executive Committee's regular monthly meetings. The MPCC Chairperson chairs the proceedings and, accordingly, no further reporting is required. The record of decisions will be embodied in minutes of the Executive Committee.
Frequency of Meetings
The Committee will meet as required at the call of Chair, but expects to meet at least twice a year: first to recommend approval of the annual internal audit plan and again following completion of audits to consider the auditor's findings/recommendations.
All completed internal audit reports, in both official languages, will be forwarded to the Comptroller General and posted on the MPCC website.
Policy on Internal Audit
Please note that the following document is not in effect until April 1, 2006. The current Internal Audit Policy remains in effect until March 31, 2006.
Table of Contents
- Effective Date
- Policy Statement
- Policy Requirements
- Appendix - Responsibilities of The Comptroller General for Internal Audit
1. Effective Date
1.1 This policy takes effect on April 1, 2006, replacing the 2001 Policy on Internal Audit.
1.2 The implementation of this policy will be phased in between the effective date of the policy and April 1, 2009. A review of the implementation will be conducted six months prior to April 1, 2009, to determine if changes to the policy are required.
2.1 This policy applies to departments and agencies defined as departments within the meaning of section 2 of the Financial Administration Act. Throughout this policy, the terms “
government-wide” and “
across government” refer to these departments.
2.2 For the purposes of this policy, Treasury Board has established criteria for designating departments as small departments and agencies (SDAs). These criteria are provided in section 5.4.1 below. All other departments are referred to as large departments and agencies (LDAs).
3.1 This policy is issued pursuant to paragraph 7.(1) (a) of the Financial Administration Act.
3.2 This policy is designed to ensure that, at both departmental and government-wide levels, internal audit and audit committees provide deputy heads and the Comptroller General, respectively, with added assurance, independent from line management, on risk management, control, and governance processes. (The terms risk management, control, and governance processes are defined in The Professional Practices Framework published by the Institute of Internal Auditors, January 2004.)
3.3 While deputy heads, in the context of the Treasury Board Secretariat Management Accountability Framework, are responsible for the systems of internal controls in their departments, this policy provides a clear and integrated assignment of responsibilities for internal auditing between deputy heads and the Comptroller General that supports strong internal auditing across government.
4. Policy Statement
4.1 The objective of the policy is to strengthen public sector accountability, risk management, resource stewardship and good governance by reorganizing and bolstering internal audit on a government-wide basis.
4.2 In that context, Treasury Board has decided that:
4.2.1 The Government of Canada sustain a strong, credible internal audit regime that has the confidence of the government, contributes directly to effective risk management, sound resource stewardship and good governance, and is repositioned as a key underpinning of governance within departments and agencies and across government.
4.2.2 The government ensure the real and perceived independence of internal audit from line management by introducing:
- Independent audit committees that will include competent and experienced members drawn from outside the federal public service; and
- The organizational independence of chief audit executives who lead audit functions.
4.2.3 All departments and agencies, and the government as a whole, be supported by professional and comprehensive internal audit coverage through a changed delivery model in which:
- Deputy heads remain fully responsible for the adequacy of internal audit coverage in their departments;
- The Comptroller General takes on responsibility for horizontal and sectoral audits; and
- As part of this mandate, the Comptroller General undertakes focused horizontal or sectoral auditing in SDAs and facilitates access to professional internal audit resources for SDAs that need additional audit work.
4.2.4 The Comptroller General is responsible for focused, sustained functional leadership of internal audit across government in order to build and develop capacity; ensure adequate levels of professionally qualified resources; and ensure adherence to professional standards and rigorous methodology in the delivery of internal audits.
4.2.5 Chief audit executives provide annual holistic opinions to deputy heads and audit committees on the effectiveness and adequacy of risk management, control, and governance processes in their departments, as well as reporting on individual risk-based audits. Similarly, it was decided that the Comptroller General report annually to Treasury Board on the state of risk management, control and governance processes across government, addressing fundamental controls, including basic reporting controls for financial statements, thematic or sectoral controls, and the results of risk-based internal audit work carried out within departments.
5. Policy Requirements
5.1 The term “
deputy head” is used in this policy in the broad sense assigned to it by section 11 of the Financial Administration Act. It includes deputy ministers, heads of agencies, chief executive officers, and statutory or designated deputy heads.
5.2 This policy recognizes that departments are diverse in size and risk. The requirements below distinguish among those applicable to deputy heads of large departments, deputy heads of SDAs, and those that apply to all deputy heads.
5.3 Deputy heads of large departments (all departments other than those designated as SDAs) are responsible for:
5.3.1 Establishing an internal audit function that is appropriately resourced and that operates in accordance with this policy and professional internal auditing standards.
5.3.2 Establishing an independent departmental audit committee that includes a majority of external members who are not currently in the federal public service. (Requirements relating to the role, responsibilities and membership of the departmental audit committee are described in Directive on Departmental Audit Committees.)
5.3.3 Appointing a qualified chief audit executive at a senior executive level, reporting to the deputy head, to lead and direct the internal audit function. (Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General sets out additional requirements for chief audit executives. The Comptroller General's Guidelines on the Responsibilities of Chief Audit Executives and Guidelines on Expected Qualifications of Chief Audit Executives provide advice on the responsibilities and expected qualifications of chief audit executives.)
5.3.4 Approving a departmental internal audit plan that addresses all areas of higher risk and significance, including audits identified by the Comptroller General as part of government-wide or sectoral coverage, and designed to support an annual opinion from the chief audit executive on departmental risk management, control, and governance processes. (Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General sets out additional requirements for departmental internal audit plans.)
5.3.5 Ensuring appropriate internal audit coverage for special operating agencies and other entities within their departments and under their control.
5.4 Small departments and agencies
5.4.1 For the purpose of designating departments as SDAs under this policy, the two criteria of fewer than 500 full-time equivalents and a reference-level of less than $300 million per year will apply for all departments except agents of Parliament (Office of the Auditor General, Office of the Chief Electoral Officer, Office of the Commissioner of Official Languages, Office of the Information Commissioner and Office of the Privacy Commissioner), which are treated as LDAs. Any exclusions to the application of these criteria will require the approval of the Treasury Board, providing the SDA has the demonstrated capacity to fully meet the expectations set out in this policy for LDAs, on an ongoing basis, either on its own or via the provisions of such capacity by the leadership of the portfolio of the departments/agencies to which the SDA is accountable. Similarly, any exceptional additions to the list of SDAs will require the approval of Treasury Board and will be treated on a case-by-case basis. For both exclusions and additions, the Comptroller General will provide an independent assessment.
5.4.2 The Comptroller General will conduct horizontal and other audits on SDAs each year and will provide deputy heads with copies of all relevant audit reports. Recognizing that SDAs vary in terms of size and risk, in many cases deputy heads may decide that the work performed by the Comptroller General fully meets their internal audit requirements. However, considering the risk profile and control environment of their departments, deputy heads must decide whether further internal audits are necessary. If further work is needed, the deputy head shall approve an internal audit plan.
5.4.3 When deputy heads of SDAs need internal auditing work beyond that conducted by the Comptroller General, but do not have enough work or resources to sustain a credible, professional internal audit function, the Comptroller General will facilitate access to independent, qualified internal auditing resources.
5.4.4 When an SDA conducts an internal audit, the deputy head must ensure that the internal auditing work meets the Internal Auditing Standards of the Government of Canada as prescribed by the Comptroller General.
5.4.5 When an SDA conducts an internal audit, the deputy head must ensure that the audit work is overseen and guided by an independent audit committee. The deputy head must establish a departmental audit committee in accordance with Directive on Departmental Audit Committees, or a joint independent audit committee with other portfolio-related departments, or arrange with the Comptroller General to have access to the SDA Audit Committee.
5.5 Deputy heads of all departments are responsible for:
5.5.1 Putting in place effective procedures to ensure systematic review of control and accountability processes in their departments.
5.5.2 Taking into account the results of internal audits conducted by the Comptroller General.
5.5.3 Ensuring that the audit committee receives all of the information and documentation needed or requested to fulfill its responsibilities, subject to applicable legislation.
5.5.4 Ensuring that management action plans are prepared that adequately address the recommendations and findings arising from internal audits, and that the action plans have been effectively implemented.
5.5.5 Ensuring that completed audit reports are:
- Issued in a timely manner and made accessible to the public with minimal formality; and
- Posted on departmental web sites in a timely manner, in both official languages. Reports posted on the departmental web site must respect the Access to Information Act and the Privacy Act.
5.5.6 Ensuring that the respective Minister is briefed periodically on significant items arising from the work of internal audit and the audit committee. It is expected that the Minister would meet annually in camera with the Internal Audit Committee for assurance regarding risk management, control and audit systems. It is also expected that the deputy head would routinely be briefed by the Audit Committee on their assurance findings.
5.5.7 Ensuring that the Office of the Comptroller General and its agents, for the purpose of carrying out assigned responsibilities, are given:
- Full access to departmental records, databases, workplaces and employees, and have the right to obtain information and explanations from departmental employees and contractors; and
- Management representations needed to support the planning, conduct, and reporting of audits by the Comptroller General.
5.6 Responsibilities of the Comptroller General
5.6.1 Treasury Board has assigned specific responsibilities to the Comptroller General for the functional leadership and monitoring of internal auditing across government, for horizontal auditing in LDAs and SDAs, and for the support of information technology and forensic auditing. These responsibilities are described in the Appendix.
5.6.2 Treasury Board also requires the Comptroller General to report annually to the Board on:
- Significant issues of risk, control or management arising from internal auditing across government;
- Horizontal and SDA auditing; and
- The overall state of risk management, control, and governance processes across government.
5.6.3 Treasury Board has delegated to the Comptroller General the authority to issue such operational directives, standards and guidelines as are necessary to support this policy.
5.7 Monitoring and Reporting
5.7.1 Deputy heads are responsible for monitoring adherence to this policy in their departments. Departments should have measures in place, as appropriate, to ensure:
- The independence, professionalism and performance of the internal audit function;
- The extent to which internal audit activities address areas of higher risk and significance;
- The timeliness of the internal audit process and reporting on internal auditing engagements;
- The effectiveness of follow-up action;
- The independence, competence and performance of the audit committee; and
- The adequacy of support to the Comptroller General in carrying out horizontal or directed audits.
5.7.2 Departmental audit committees will prepare annual reports to their deputies on their activities, including assessments of the internal audit functions. These reports will be made available to the Comptroller General.
5.7.3 The Comptroller General is responsible for government-wide leadership of internal audit, and for directing horizontal audits, including focused horizontal and other audits in SDAs.At a minimum, the Comptroller General should have measures in place to ensure:
- The adequacy and skill capacity of the internal audit community across government;
- The effectiveness of internal audit methodology;
- The performance of departmental and Comptroller General internal audit functions;
- The effectiveness of liaison with departments and in addressing and resolving issues; and
- The level of satisfaction of deputy heads with internal auditing services conducted by the Office of the Comptroller General.
5.7.4 The Comptroller General will report annually to Treasury Board on the implementation of this policy and on the effectiveness of the internal audit function across government, based on the analysis of internal audit plans and reports, practice inspections of departmental internal audit functions, audit committee reports and work undertaken directly by the Comptroller General.
5.7.5 The Comptroller General will establish a framework to guide the evaluation of the policy; Treasury Board Secretariat will make sure an evaluation is conducted within five years.
6.1 If, as a result of this monitoring, it is apparent that a department has not complied with this policy, consequences that are applicable to all Treasury Board policies, and as set out in the Financial Administration Act, will apply.
7.1 Other Relevant Legislation
7.2 Related Publications
- Institute of Internal Auditors (IIA)
- The Professional Practices Framework
- Canadian Institute of Chartered Accountants (CICA) Handbook
- Results for Canadians: A Management Framework for the Government of Canada
- Treasury Board of Canada Secretariat Management Accountability Framework
- Treasury Board of Canada Secretariat Integrated Risk Management Framework
Please send any questions about this policy to:
Office of the Assistant Comptroller General, Internal Audit
Treasury Board of Canada Secretariat
300 Laurier Avenue West
Appendix - Responsibilities of The Comptroller General for Internal Audit
As directed by the Treasury Board, the Comptroller General must:
- Provide effective functional leadership of internal auditing across government;
- Develop and support an effective human resources strategy to ensure that the government has sufficient, well-trained, professional internal audit resources;
- Determine the professional standards to be used for internal auditing in the federal government;
- Develop and support the implementation of standard internal auditing methodology and procedures to be used across government;
- Support the implementation of suitably qualified audit committees, and develop and support expected committee practices to be used across government;
- Conduct ongoing practice inspections and assessments of the entire spectrum of departmental internal audit activities as set out in the Policy on Internal Audit. These inspections to be carried out by independent and qualified professionals who will communicate the results to respective deputy heads, departmental audit committees and chief audit executives;
- Identify, and indicate to deputy heads, which audits are to be included in departmental internal audit plans as part of government-wide coverage;
- Conduct horizontal and other internal audits focused on SDAs, and communicate the results to the appropriate deputy heads and the SDA audit committee;
- Establish an independent SDA audit committee to provide oversight and guidance on internal auditing in SDAs. (Requirements relating to the role, responsibilities and membership of the SDA audit committee are set out in Directive on Small Departments and Agencies Audit Committee);
- Undertake or lead horizontal audits that address government-wide, sectoral or thematic issues in accordance with approved Treasury Board Audit Committee government-wide audit plans;
- Support departments in undertaking internal audits of information technology and forensic audits;
- Confer with, and provide advice to, deputy heads, audit committees, chief audit executives and internal auditors on the application of the Policy on Internal Audit and professional internal auditing standards;
- Maintain an active liaison with chief audit executives and deputy heads on significant issues of risk, control or management practices in departments, and ensure that effective and timely action is taken where there are serious issues to be resolved; and
- Maintain effective liaison with agents of Parliament and central agencies on audit issues.
Directive on Departmental Audit Committees
Please note that the following document is not in effect until April 1, 2006. The current Internal Audit Policy remains in effect until March 31, 2006.
1.1 This document provides direction to deputy heads on the responsibilities, membership and operations of departmental audit committees.
2.1 The departmental audit committee is an essential part of the audit regime established by the Policy on Internal Audit. The Policy calls for the deputy head of each department, other than small departments and agencies (SDAs), to establish an independent departmental audit committee that includes experienced, competent external members. Deputy heads of SDAs may also choose to establish a departmental audit committee when their departments are undertaking internal audits.
2.2 This directive is issued pursuant to paragraph 7.(1) (a) of the Financial Administration Act.
3. Effective Date
3.1 This directive will take effect on April 1, 2006. (See Policy 1.1)
4.1 Role of Departmental Audit Committees
The audit committee shall ensure that the deputy head has independent, objective advice, guidance, and assurance on the adequacy of the department's control and accountability processes. In order to give this support to the deputy head, the audit committee should exercise active oversight of core areas of departmental control and accountability in an integrated and systematic way.
4.2 Responsibilities of Departmental Audit Committees
The key areas of responsibility that shall be addressed by the departmental audit committee are:
4.2.1 Values and Ethics: The audit committee shall review, at least annually, the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies, and standards of ethical conduct.
4.2.2 Risk Management: The audit committee shall review, at least annually, the corporate risk profile and departmental risk management arrangements.
4.2.3 Management Control Framework: The audit committee shall review, at least annually, departmental internal control arrangements, including the adequacy of management-led audit.
4.2.4 Internal Audit Function
The audit committee shall:
- Recommend, and regularly review, a departmental internal audit charter or internal audit policy for approval by the deputy head;
- Regularly review the adequacy of resources of the internal audit function;
- Review and recommend for approval the risk assessment and the internal audit plan prepared by the chief audit executive;
- Regularly review the performance of the internal audit function;
- Advise the deputy head on the appointment and performance appraisal of the chief audit executive;
- Receive and recommend for approval internal auditing reports and management action plans to address recommendations; and
- Be aware of audit engagements or tasks that do not result in a report to the committee, and be informed of all matters of significance arising from such work.
4.2.5 Office of the Auditor General and Central Agencies
The audit committee shall:
- Ensure that management has adequate arrangements to support the Office of the Auditor General (OAG) and central agencies in doing audit work in the department;
- Be fully briefed on all audit work relating to the department to be undertaken by the OAG, other agents of Parliament or central agencies;
- Review the audit reports of the OAG and central agencies that have departmental or government-wide implications and recommend for approval departmental responses and action plans;
- Periodically meet with the OAG and seek its comments and advice on matters of departmental risk, control, and governance;
- Be briefed on audit-related issues and priorities raised by central agencies and advise the deputy head on required action; and
- Be briefed on, and advise the deputy head on, the impact of government-wide initiatives to improve management practices.
4.2.6 Follow-up on Management Action Plans
188.8.131.52 The audit committee shall:
- Ensure that there are effective arrangements in place to monitor and follow-up on management action plans responding to recommendations from internal audits, the OAG, or other sources; and
- Periodically receive reports from management on actions taken.
184.108.40.206 The chief audit executive shall report periodically to the audit committee on whether management's action plans have been implemented and whether the actions taken have been effective. The chief audit executive's report shall identify any areas where he or she believes management has accepted a level of risk that is unacceptable to the department or to the government.
4.2.7 Financial Statements and Public Accounts Reporting
220.127.116.11 The audit committee shall review the departmental financial statements with management and all significant accounting estimates and judgments therein and recommend to the deputy head whether they should be accepted.
18.104.22.168 When the departmental financial statements are audited, the audit committee shall review:
- The audited financial statements with the external auditor and senior management, discuss any significant adjustments to the statements required as a result of the audit, and any difficulties or disputes with management encountered in the course of the audit;
- Management letters arising from the external audit of the department's financial statements or the Public Accounts;
- The auditor's findings and recommendations relating to the internal controls in place for financial statement reporting; and
- The performance of the external auditor.
4.2.8 Risk and Accountability Reporting
The audit committee shall review the departmental Corporate Risk profile and the Report on Plans and Priorities, the Departmental Performance Report and other significant accountability reports, to ensure that, to the best of their knowledge, there are no material misstatements or omissions.
4.3 Membership of the Departmental Audit Committee
4.3.1 Audit committees must include independent, external members who are not currently in the federal public service. By April 1, 2009, all audit committees must have a majority of external members. Members from the federal public service shall be limited to the deputy heads, and associate deputy ministers and assistant deputy ministers from other departments. The deputy head would be the only internal representative on the audit committee if he or she elects to chair the committee. The preferred model would be a committee comprised entirely of external members with the deputy head as an ex-officio member.
4.3.2 Deputy heads are responsible for establishing an independent departmental audit committee that includes a majority of external members who are not currently in the federal public service. Deputy heads and the Comptroller General shall jointly select audit committee members for approval by the Treasury Board.
4.3.3 The Comptroller General shall also establish competency profiles for external audit committee members and standards for tenure, terms of service, conditions for removal, conflict of interest, liability indemnification, security clearance, remuneration, and protocols to address disagreements.
4.3.4 Members of an audit committee shall be selected so that their collective skills, knowledge, and experience will allow the committee to competently and efficiently undertake its duties. Members of the audit committee should be free of any real or perceived conflict of interest.
4.3.5 The audit committee shall have three to five members. External members shall be engaged by the deputy head for a term of four years.
4.3.6 A member shall serve no more than two terms. To ensure adequate continuity, engagements can be staggered and initial terms may be for less than four years.
4.3.7 All members of the audit committee shall be familiar with private or public sector financial reporting, or undertake to become familiar within the first year after appointment. At least one member shall be a financial expert who possesses:
- An understanding of generally accepted accounting principles and financial statements;
- Experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the department's financial statements, or experience actively supervising one or more persons engaged in such activities;
- An understanding of internal controls and procedures for financial reporting; and
- An understanding of audit committee functions.
4.3.8 The deputy head or an external member shall chair the audit committee. If the deputy head is chair, an external member shall be vice-chair. The preferred model is for the chair to be an external member.
4.3.9 The quorum for the committee shall be a majority of the members. No alternates shall be permitted.
4.3.10 The deputy head, the senior financial officer, and the chief audit executive shall be expected to attend all meetings of the audit committee. The chair may request the attendance of other departmental officials.
4.3.11 The chair shall, as necessary, ask a senior representative of the OAG to attend the audit committee meeting to discuss the OAG's plans, findings and other matters of mutual concern.
4.3.12 The chair may, as necessary, ask Treasury Board Secretariat officials to attend the audit committee meeting.
4.3.13 Audit committee members shall receive formal orientation and training on the committee's responsibilities and objectives, and on the business of the department.
4.4 Operations of the Departmental Audit Committee
4.4.1 The role, responsibilities, and operations of the audit committee shall be documented in an audit committee terms of reference or charter, approved by the deputy head. The document shall be reviewed periodically by the audit committee and reaffirmed by the deputy head.
4.4.2 The chair of the audit committee shall prepare a plan to ensure that the annual and ongoing responsibilities are scheduled and fully addressed. The plan shall be presented to the committee for its approval.
4.4.3 The audit committee shall meet at least four times a year. Audit committees are encouraged to schedule their meetings one year in advance so that departmental management and auditors can prepare the information and reports required to support the committee's work. Rescheduling of audit committee meetings would be by exception only.
4.4.4 As part of each meeting of the audit committee, the committee shall meet individually in camera with each of the deputy head (if not a committee member), the departmental senior financial officer, the chief audit executive, the representative of the OAG when in attendance, and any other officials the committee may determine.
4.4.5 The audit committee shall prepare an annual report to the deputy head that shall:
- Summarize the committee's activities undertaken and the results of its reviews;
- Provide the committee's assessment of the department's system of internal controls;
- Document any significant concerns the committee may have in relation to the department's risk management, controls and accountability processes;
- Provide the committee's assessment of the capacity and performance of the internal audit function; and Provide, as needed, recommendations for the improvement of risk management, controls and accountability processes, including recommendations for the improvement of the departmental internal audit function.
Please send any questions about this directive to:
Office of the Assistant Comptroller General, Internal Audit
Treasury Board of Canada Secretariat
300 Laurier Avenue West
- Date modified: