22

/ Canadian Government Executive

// December 2016

Audit

Other tools and examples

Public sector managers and auditors who are confronting the challenge of

providing horizontal assurance for the first time can obtain guidance and examine

examples from several sources.

Since 2008 the Office of the Comptroller General of the Government of Canada

has conducted numerous horizontal internal audits. The examples below provide

an indication of the range of topics these audits cover:

• Horizontal Internal Audit of Information Technology Security in Large and Small

Departments

• Regional Development Agencies Internal Audit of Receivables Management for

Contribution Programs

• Horizontal Internal Audit of Integrated Business and Human Resources Planning

in Small Departments

• Horizontal Internal Audit of Electronic Recordkeeping in Large Departments and

Agencies.

These and other audits can be found online at

http://www.tbs-sct.gc.ca/hgw-cgf/

oversight-surveillance/ae-ve/hia-aih/index-eng.asp.

In addition, the internal audit groups in some federal departments have conducted

horizontal audits. For example:

• Industry Canada: Horizontal Audit of the Management of Funding

Agreements – Single Recipient Transfer Payments

• Agriculture and Agri-Food Canada: Horizontal Audit of Grants and

Contributions.

The Institute of Internal Auditors has published two documents that are relevant

to this topic:

•

Auditing Outsourced Functions: Risk Management In An Outsourced World

(October 2012), by Mark Salamasick for The Institute of Internal Auditors

•

Practice Guide: Reliance by Internal Audit On Other Assurance Providers

(December 2011) by The Institute of Internal Auditors.

scope and that may be able to self-assess,

consider potential relevance/impacts, and

take necessary actions. This approach also

allows for internal audit to consider any

better practices identified in the course of

horizontal audit work, so that these too can

be shared for the benefit and consideration

of other organizations not in scope.

Pay attention to the details

In complex situations, such horizontal

collaboration requires that all parties un-

derstand why the parties are collaborat-

ing, who is responsible for doing what,

and within what timeframes. Issues that

may need to be addressed include:

• A clear understanding of shared objec-

tives and expected results

• An articulation of roles and responsibili-

ties

• The tailoring of assurance activities to

meet the differing needs of the parties,

such as differing risk tolerances

• Coordination and integration of audit

planning and assurance activities

• An agreed decision-making process

• The provision of human and financial

resources

• Agreed upon audit and evaluation pro-

cedures

• Agreed upon audit criteria that are rele-

vant to shared definitions of a successful

initiative and a common understanding

of risks

• Agreed upon information sharing ar-

rangements during the audit process

• Provisions for problem-solving and dis-

pute resolution

• Shared approaches for consulting stake-

holders

• Timelines for the completion of differ-

ent phases of an audit

• Agreed upon mechanisms for reporting

audit results

• Shared public information strategies.

• Consideration for leveraging a corpo-

rate or enterprise-wide audit committee

that can oversee the approval of a hori-

zontal audit plan and reporting of hori-

zontal assurance activities.

• Agreed upon mechanism to assign own-

ership of taking action on recommenda-

tions.

Often a Memorandum of Understanding

(MOU) or Service Line Agreement (SLA)

may be the best tool for ensuring that all

parties are on the same page on these is-

sues.

Ideally, the MOU or SLA would be part

of a broader strategy covering all three

lines of defence: assurance relies not only

on auditing but also on effective manage-

ment and oversight. Each line of defence

plays a distinct role in a horizontal assur-

ance framework, and each may need to

apply different tools, practices or methods

to fulfill their distinct roles.

Sorting such issues out in advance can

greatly simplify and strengthen horizon-

tal assurance efforts. And if agreement

can be achieved at the beginning of an

initiative, human and financial resources

can be lined up in advance. As horizon-

tal delivery of programs and services be-

comes more prevalent, auditors will need

to learn how best to audit such arrange-

ments.

D

eidre

G

reen

is the Assistant Comp-

troller – Audit and Consulting for

the Province of New Brunswick. She is

a member of the Government Internal

Auditors Council of Canada, which

brings together the heads of internal

audit of Canada’s federal, provincial

and territorial governments.