In 2006 the world was feeling the aftershocks of a number of major accounting frauds. The fallout left investors and the general public unsure about the security of the financial system and led to significant changes in the financial control environment. As a major trading nation, Canada has always been influenced by global economic conditions, but, largely because of a system of strong government controls and regulation, it has also been somewhat protected from the devastating effects of this financial turmoil.
The government took additional steps to maintain Canada’s strong position with the introduction of the Federal Accountability Act. The Act strengthens accountability, increases transparency and oversight in government, and enhances the effectiveness of management practices. It covers a wide range of actions, including limiting political donations, protecting whistle blowers, expanding the Access to Information Act, and strengthening auditing and accountability in departments.
The Policy on Internal Audit, which came into effect in April 2006, was a key element of the Federal Accountability Act Action Plan. It strengthened the governance framework in the Government of Canada by enhancing the oversight, monitoring and reporting role of the internal audit function. In particular, the policy solidified two important structures to assist deputy ministers in discharging their responsibilities: an independent internal audit function and departmental audit committees with a majority of external members.
The policy provides additional assurance and supports sound decision making for heads of departments and agencies, and improved reporting to Parliament. With the implementation of the policy, chief audit executives in departments are expected to have the foundation pieces in place to provide assurance to deputy heads with respect to the governance, risk management and control processes in the department. The Comptroller General of Canada is expected to report on the overall state of governance, risk management and control processes, the efficiency and effectiveness of internal audit, and the implementation of the policy.
The policy also encourages and supports a comprehensive, government-wide approach to the planning and conduct of internal audit activities in departments, including the development of rigorous common methodology, the conduct of external practice inspections of departmental internal audit functions, and the delivery of horizontal audits by the comptroller general. It increases the independence of the internal audit function from departmental operations in order to ensure that deputy heads have the information they need to exercise oversight, manage risk, ensure control and improve performance.
The two elements most crucial in this regard were the establishment of independent audit committees and the creation of a chief audit executive position, which would report directly to the deputy head. The policy also strengthened and further professionalized the internal audit function across government. It called for increased investment in the function to ensure the government will have a sufficient pool of well-trained audit practitioners who are capable of producing the quality of products and services expected by a world-class public administration.
The Federal Accountability Act enshrined the requirement to establish audit committees in departments as a matter of law. As a result, the Office of the Comptroller General put processes in place to recruit and select external members of these audit committees; and, today, virtually every large department has an audit committee in place – there are 45 audit committees with approximately 140 external members. Audit committees have also been established to look at horizontal issues that cut across government, and to support small departments and agencies.
In addition to working with audit committees, the Office of the Comptroller General is assisting with the development and support of the internal audit community. Since the advent of the Policy on Internal Audit, we have worked closely with the community to build a comprehensive human resource management framework for internal audit. The framework includes a plan to ensure that recruitment and capacity-building activities continue to meet the needs of the community and that targeted professional and management development programs for chief audit executives are in place, including training for auditors and mentoring and coaching.
Given the wide-ranging scope of the 2006 policy, a three-year transition period was established. A mid-course review of policy implementation was conducted at the end of this transition period. This review, completed in June 2009, recognized the designation of deputy ministers as accounting officers, within the framework of ministerial responsibility, and identified amendments required to reflect lessons learned over the first three years of implementation.
The Policy on Internal Audit continues to be monitored and assessed. A future key date is April 2011, by which time five years will have passed since the introduction of the policy. At that time, a full evaluation of the policy will be completed and reported to the Treasury Board. The objective of the evaluation is to examine the four main evaluation issues: relevance; success; cost-effectiveness; and design and delivery of the Policy on Internal Audit.
Internal audit will only be successful if it synchronizes itself with the governance, risk management and control landscape, of which it is part, and helps management to respond to the emerging challenges and opportunities. The Policy on Internal Audit is an important enabling tool, and much has already been accomplished. But the hard work has just begun, and it is important that we stay the course.
The policy in action
In response to the worldwide financial crisis in 2009, a stimulus package was developed that was designed to be responsive and responsible. It was recognized that actions must be taken within a framework that identifies the risks, puts appropriate controls in place, and meets program objectives. A key priority for the comptroller general was, and continues to be, assisting chief audit executives and chief financial officers in providing strategic and value-added advice to their departments as the government implements the Economic Action Plan.
To this end, the Office of the Comptroller General organized risk assessment sessions for audit executives, financial officers and line management. The focus of these sessions was to identify emerging risks related to the implementation of the stimulus measures and to consider effective mitigation strategies. Rather than internal audit coming in after-the-fact to identify risks and control weaknesses, the Office of the Comptroller General is assisting with the formulation of advice, and the development of timely, front-end, risk-targeted approaches and tools. Chief audit executives are also being encouraged to develop, and enhance, a solid working relationship with management, and to be proactive and engaging in early discussions on risk mitigation strategies.
The early identification of risks allowed for internal audit to work with management to determine mitigation strategies for key risks. The key mitigation strategies included establishing a robust accountability and reporting framework; ensuring that selection criteria are defined, documented, clearly understood and consistently applied; and ensuring that the risk assessment process is clearly documented, objectives are clearly stated and communicated, performance measures are established and results monitored, and that oversight systems and practices are established.
James Ralston was appointed Comptroller Gener