CIHR IA Function Key Attributes: Compliance with Treasury Board Policy/Directive on Internal Audit
The objective of the Treasury Board Policy on Internal Audit is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management.
Heads of organizations are responsible for ensuring that internal audit in the department is carried out in accordance with the Institute of Internal Auditors International Professional Practices Framework unless the framework is in conflict with the Treasury Board Policy or its related directive; if there is a conflict, the policy or directive will prevail.
Departments with internal audit functions are required to publish key attributes of compliance as per section A.2.2.3 of the Treasury Board Directive on Internal Audit. It is important that the public is aware that heads of government organizations are receiving assurance and that activities are managed in a way that demonstrates responsible stewardship.
These attributes have been selected because they demonstrate to an external audience that, at a minimum, the fundamental elements necessary for oversight are in place, are operating as intended, and are achieving results. The key attributes of compliance with the policy and standards are:
- internal auditors that are trained to effectively perform the work;
- audit work that is performed in conformance with the international standards for the profession;
- audit work that is performed according to a systematically developed risk-based audit plan, which has been approved by the head of the organization, and that results in management actions being taken in response to report recommendations; and
- audit work that is perceived by stakeholders as adding value in the pursuit of organizational objectives.
Publishing departmental key compliance attributes provides pertinent information to Canadians and parliamentarians regarding the professionalism, performance, and impact of the internal audit function in departments. These are not performance measures and no targets are attached. Under the Policy, the Comptroller General has the authority to amend these attributes, should there be changes in the internal audit environment and/or due to the evolving maturity of the internal audit function.
| Internal Audit Compliance Attributes | CIHR Compliance Reporting |
|---|---|
Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? |
As of March 31st, 2024, CIHR's internal audit function collectively has the training required to perform the necessary functions effectively:
Collectively, the combination of certifications and experience ensures that CIHR's internal audit function can address diverse risks. Should skills or expertise beyond the capacity of the function be identified, external expertise would be retained. |
Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? |
Internal audit work is performed in conformance with the international standards for the profession of internal audit and IIA Code of Ethics as required by the Treasury Board Policy on Internal Audit. CIHR has a documented quality assurance improvement program (QAIP) which regularly monitors compliance with these standards for all audit products. CIHR's last External Quality Assurance Review was conducted in 2020 and was approved by CIHR's Audit Committee at its 56th meeting (2020-12-03). CIHR achieved the highest rating stated as "Generally Conforms". The next External Quality Assurance Review is planned for 2025. |
Are the Risk-Based Audit Plans (RBAP) submitted to audit committees and approved by deputy heads implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? |
CIHR's 2022-2024 RBAP was approved by the deputy head and Governing Council on July 13, 2022. CIHR’s 2024-25 RBAP was approved by the deputy head and Governing Council on March 27, 2024 CIHR’s 2024-26 RBAP will be presented for approval by the deputy head in December 2024 and by Governing Council in March 2025. Please refer to Appendix A for a list of planned and ongoing engagements for 2024-25 as found in the 2024-25 and 2023-24 RBAPs, and the status of Management Action Plans (MAPs). |
Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? |
Satisfaction surveys indicated that senior management was satisfied with the usefulness of the internal audit engagements. |
Appendix A: Engagements and MAP completion
| Engagement title | Engagement status | Report approved date | Report published date | Original planned MAP completion date | MAP implementation status |
|---|---|---|---|---|---|
| Audit of SAP Implementation | Planned | N/A | N/A | N/A | N/A |
| Audit of Partnerships Framework | Planned | N/A | N/A | N/A | N/A |
| Audit of Integrated Planning | In Progress | N/A | N/A | N/A | N/A |
| Audit of Procurement | In Progress | N/A | N/A | N/A | N/A |
| Employee Pulse Survey Consulting Engagements | Completed | March 15, 2023 | N/A | N/A | N/A |
| Internal Audit of Cybersecurity | Completed: MAP not fully implemented | 2024-01-11 | N/A – Report not published for security reasons | 2025-01-11 | 0% |
| Review of Barriers to Staffing | Completed: MAP not required | 2024-01-11 | N/A | N/A | N/A |
| Internal Audit of Funding Opportunities Design and Delivery | Completed: MAP not fully implemented | 2024-06-24 | 2024-08-19Footnote * | 2025-12-24 | N/A |
| Audit of People Management | Planned | N/A | N/A | N/A | N/A |
| Audit of TGMS Implementation | Planned | N/A | N/A | N/A | N/A |
| Public Service Employee Survey 2022 Risk Analysis | Completed: MAP not required | 2023-11-23Footnote * | N/A | N/A | N/A |
| Annual assessment of Internal Control over Financial Management (2022-23) | Completed: MAP not fully implemented | 2023-07-04Footnote * | N/A, ICFM reports are not published online | 2024-03-31 | Responsibility for ICFM and Follow-up Transferred to CFO |
| Annual assessment of Internal Control over Financial Management (2018-19) | Completed: MAP fully implemented | 2019-06-19Footnote * | N/A, ICFM reports are not published online | 2020-12-31 | Responsibility for ICFM and Follow-up Transferred to CFO |
| Internal Audit of Conflicts of Interest | Published: MAP fully implemented | 2021-07-20 | 2021-10-25 | 2022-05-31 | 100% |
| Internal Audit of the Research In Priority Areas Program | Published: MAP not fully implemented | 2019-11-12 | 2020-02-21 | 2020-03-31 | 0% |
| Internal Audit of Compliance with the Treasury Board Transfer Payment Policy Suite | Published: MAP not fully implemented | 2019-09-15 | 2018-10-01 | 2018-03-31 | 100% |
| Internal Audit of Corporate Governance | Published: MAP not fully implemented | 2019-03-27 | 2019-06-01 | 2021-02-28 | 50% |
| Internal Audit of Physical Security | Published: MAP fully implemented | 2017-03-29 | 2017-07-25 | 2018-03-31 | 100% |
Audits from past fiscal years will remain listed in the table until 100% MAP implementation is achieved. Audit engagements will remain listed on the site for a minimum six-month period after 100% implementation has been achieved and published.
Additions and adjustments to the engagements listed in Appendix A may have occurred in order to address emerging risks and priorities of the organization.
- Date modified: