May 2016 //

Canadian Government Executive /

23

Internal Audit

to address risks to Canadians in a crisis

situation such as a natural disaster, most

Canadians (including politicians, public

servants and civilians) would accept a cer-

tain level of low risk non-compliance to

certain administrative policies.

Oversight Bodies Can Help:

Here’s how

The third was in seeking the advice of the

many assurance providers in the Govern-

ment of Canada that provide services in

helping departments understand and

manage risk and controls. This group in-

cludes Internal Audit, the Office of the

Auditor General, the Privacy Commis-

sioner, the Information Commissioner

and others.

They have common approaches, though

they have different stakeholders and

mandates. When they conduct assurance

engagements and look at compliance

with policies, however, they need to un-

derstand the context and environment in

which decisions are made. In most cases,

oversight bodies will accept a valid reason

for non-compliance, especially in a situa-

tion where there is a sufficient audit trail

and evidence to support the decision that

was made.

Their objective is also to provide ad-

vice on how to balance controls and risk.

When making recommendations to man-

agement, oversight bodies must consider

whether the corrective actions are ap-

propriate to the circumstances. Oversight

bodies should be just as concerned about

an over-controlled, and consequently inef-

fective or inefficient environment, as they

are about an under-controlled environ-

ment. Too many controls lead to unnec-

essary red tape that in turn creates ineffi-

ciencies and diverts resources away from

higher risk areas.

We challenge all assurance providers

to be aware of the environment in which

decisions are made and be able to advise

public service managers on the best con-

trols to use in light of risks and risk toler-

ance. This begins by avoiding recommen-

We challenge all

assurance providers

to be aware of the

environment in which

decisions are made

and be able to advise

public service

managers on the best

controls to use in light

of risks and risk

tolerance.

Minto Business Centre is a serviced, Flexible rental plans that save you time and money Professional management Variety (110 sq. ft. to 2300 sq. ft.) Over 6,000 sq. ft. of meeting and conference room space YOUR FLEXIBLE OFFICE SOLUTION FREE iPad Mini when you sign a 12-month lease! * www.innovativeprofessionaloffices.com 440 Laurier Avenue W., Suite 200 for details. E. & O.E. (613) 232-1110 CALL TODAY FOR A TOUR!

dations that address risks that are already

well below their tolerance level. Assur-

ance providers must also make efforts to

identify areas that will improve efficien-

cies while still maintaining an effective

risk management balance.

L

ouis

S

eabrooke

is the Director of

Internal Audit at the Canada Revenue

Agency and

G

reg

N

esbitt

is the

Director of Audit at the Public

Service Commission of Canada.