Archived [2012-10-01] - Internal Auditing Standards for the Government of Canada
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
1. Purpose
1.1 To prescribe the internal auditing standards to be applied in all departments subject to the Policy on Internal Audit.
2. Context
2.1 The Treasury Board has delegated to the Comptroller General the authority to issue standards relating to the implementation of the Policy on Internal Audit and responsibility to determine the professional standards for internal auditing in the federal government.
3. Effective Date
3.1 These standards will take effect on April 1, 2006. (See Policy 1.1)
4. Requirements
4.1 IIA Standards
4.1.1 The Professional Practices Framework, published and maintained by the Institute of Internal Auditors (IIA), contains a definition of internal auditing and the International Standards for the Professional Practice of Internal Audit (IIA Standards).
4.1.2 The Government of Canada has adopted the IIA Professional Practices Framework and departments are required to meet IIA Standards in undertaking their internal auditing responsibilities, unless the Standards are in conflict with this policy or any related directives or guidelines provided by the Comptroller General or Treasury Board.
4.2 Government of Canada Internal Auditing Standards
4.2.1 In addition to the standards contained in the IIA Standards, the following Government of Canada standards for reporting on internal auditing activities are to be met:
4.2.1.1 Communication of results of internal auditing engagements shall be communicated in written reports.
4.2.1.2 Reports on internal auditing engagements must:
- Provide sufficient context by describing the area that has been examined, how it fits into the organization, its importance, and the relevant laws, policies and standards; and
- Clearly identify risks and opportunities for improvement to be addressed by management.
4.2.1.3 Reports on assurance engagements must:
- Identify the criteria used in the engagement;
- Include a statement of assurance which describes the level of assurance the auditor is providing; and
- Include a management action plan that clearly identifies actions to be taken by management to address recommendations and findings, the timing of such actions, and who is responsible for their implementation.
4.2.1.4 Reports on internal auditing engagements are to be presented to, and reviewed by, the audit committee with minimum delay; completed reports are those that have been reviewed by the audit committee and approved by the deputy head.
4.2.1.5 Internal audit functions at the departmental and government-wide levels are expected to provide a holistic opinion on the effectiveness and adequacy of risk management, control and governance processes.
4.2.2 For the purpose of 4.2.1.3, the terms level of assurance and statement of assurance should be interpreted in the following context.
4.3 Level of Assurance
4.3.1 It is not possible for an internal auditor to have absolute confidence in the conclusions reached in an assurance engagement. The auditor's confidence is unavoidably limited by factors such as the awareness that conclusions may ultimately be based on professional judgement, that data collection may rely on sampling that may not be representative, that control testing is limited, that controls relied on may have inherent limitations, and that evidence may be persuasive rather than conclusive.
4.3.2 The recognition of the risk that the auditor's conclusion may be inappropriate is captured in the notion of level of assurance. The level of assurance that an auditor can provide is normally within the auditor's control. A high level of assurance (variously referred to as reasonable assurance or audit assurance) can usually be provided by designing procedures and following standards that reduce the risk of an inappropriate conclusion to a low level. Engagements commonly referred to as "audits" and "internal audits" are assurance engagements designed to provide this high level of assurance. The expectation is that the bulk of assurance engagements undertaken by internal auditors in the federal government will provide a high level of assurance. Other assurance engagements that do not provide a high level of assurance should not be referred to as audits or internal audits.
4.4 Statement of Assurance
4.4.1 The auditor must clearly indicate to users the level of assurance being provided. Users need to be informed of the auditor's judgement about the confidence that may be placed on the auditor's opinion or conclusions. A statement of assurance must be included in the auditor's written report.
4.4.2 Normally a statement of assurance will inform the reader that the auditor has conducted the engagement in accordance with professional internal auditing standards, and has examined sufficient, relevant evidence and obtained sufficient information and explanations to a provide a high level of assurance on the reported opinion or conclusions.
4.4.3 As mentioned above, however, not all assurance engagements are designed to provide, or result in providing, a high level of assurance. When this is the case, the auditor's statement of assurance shall identify the circumstances (e.g. limited procedures, inconclusive evidence etc.) that affect the level of assurance and shall indicate the auditor's caution on reliance on these opinions or conclusions.
5. Enquiries
Please send any questions about these standards to:
Office of the Assistant Comptroller General, Internal Audit
Treasury Board of Canada Secretariat
L'Esplanade Laurier
300 Laurier Avenue West
Ottawa, Ontario
K1A 0R5
Email: ias-svi@tbs-sct.gc.ca
Fax: (613) 952-3698