February 2016 //

Canadian Government Executive /

13

The Interview

dit can help senior management establish

risk tolerances that address policy require-

ments but that still leave room for innova-

tion.

We need to think critically about risk

and risk tolerances. I want to encourage

an open discussion across the public ser-

vice to ensure we are focusing on the right

risks. Through these discussions, public

service managers will better understand

their risk environments and Chief Finan-

cial Officers will be able to ensure their

departments’ compliance with the appro-

priate control frameworks.

Q:

How should these “open

discussions” be framed?

Internal Audit can help, but sound man-

agement is a collective responsibility. I

like the Institute of Internal Auditors’

model that positions the relationship be-

tween internal audit and programs and

services as part of three lines of defense

in effective risk management and control.

In this model, the first line of defence is

line management, which puts in place and

monitors the system of internal controls

that helps to manage risks and achieve

objectives. This makes sense: operational

management naturally serves as the first

line of defense because controls are de-

signed into systems and processes under

their guidance.

The second line of defence is corporate

management: it needs to build and re-

inforce the first line of defence controls.

These functions encompass risk manage-

ment frameworks; compliance with appli-

cable laws and regulations; financial and

operational risks; and reporting, including

performance measurement and program

evaluation. Each of these management

functions possesses some degree of inde-

pendence from the first line of defence.

Lastly, the third line of defence is inter-

nal audit with its mandate for the inde-

pendent and objective examination of the

organization’s system of governance, risk

management and control. Internal audit’s

view of the organization and its manage-

ment systems provides not only assurance

on the integrity of operations in the orga-

nization but also trusted advice to man-

agement on how to sustain and improve

these lines of defence.

.

Q:

The government is putting a

priority on increasing the rigour

of costing information. Does IA

have a role to play here?

Absolutely. Internal Audit has a critical

role to play in ensuring that decision-mak-

ers have access to sound, evidence-based

assurance on controls and control frame-

works. Internal Audit assists managers

by asking fundamental questions such

as: whether managers have the necessary

financial and non-financial information;

what is the quality of this information; and

is it being used to inform decision-making?

I come back to culture--this forms the basis

of strengthening the culture wherein in-

ternal audit and managers work together

to address tough questions such as the ef-

ficiency and effectiveness of government

business processes and whether Canadi-

ans are receiving value-for-money in how

government policies and programs are be-

ing managed.

Q:

Is there a role for Internal

Audit in supporting innovation?

I think auditors should ask themselves

how they can innovate audit processes

while continuing to focus on providing ev-

idence-based assurance on programs and

services. I think we have to leverage tech-

nological advances such as data analytics.

Internal Audit also plays a broader role

in contributing to innovation in the pub-

lic service by assisting managers achieve

their innovation goals for their organiza-

tion. For example, readiness audits can

aid senior management in identifying

whether the necessary conditions are

in place in order to facilitate innovation

in a given entity and enable a culture of

change.

Q:

What are the core values of

internal audit that should not get

lost in this change?

For me, there are two: integrity and pro-

fessional judgement. Integrity allows us to

maintain audit rigour and fairness. One of

the objectives of the Policy on Internal Au-

dit is a “strong, credible” function; in other

words, serve as a trusted advisor. The au-

dit function is trusted by deputy heads and

line management due to its independence

from external influences.

A trusted and independent audit func-

tion must be delivered by objective audi-

tors who demonstrate professional judge-

ment. This judgement is being fostered

through the professionalization of the

internal audit function, which is a priority

of my office. Talent management, succes-

sion planning, Chief Audit Executive De-

velopment, and a pilot program for Comp-

trollership Leadership Development are

among the initiatives that contribute to

maintaining and enhancing the quality of

the professional practice of internal audit

in the Government of Canada.

Q:

What is the most enjoyable

aspect of being the Comptroller

General of Canada?

For me, working with the teams of knowl-

edgeable, dedicated professionals that

combine to make up the comptrollership

community is the best part. These people

work every day to strengthen investment

planning, project management, procure-

ment and asset management. They ensure

the availability of appropriate frameworks,

policies, accounting standards and guid-

ance on financial management and accu-

rate reporting across government. They fo-

cus on promoting the overall effectiveness

and efficiency of government operations

and the transparency of decision- making

supporting the government’s efforts to pro-

vide value and accountability to Canadians.

None of this is easy, but what never ceases

to impress me is the passion they bring to

the work; the energy and enthusiasm not

just to do this right, but to do it better than

we did it yesterday.

The Policy on Internal Audit goes into

detail concerning the responsibilities of

internal audit shops with regard to risk.

What’s not explicitly included in the Policy

is the need for organizations to identify

their risk thresholds.