Internal Audit Charter
The Office of the Chief Electoral Officer (OCEO) footnote 1 Internal Audit (IA) Charter has been revised and updated as part of a regular review process and in response to the revised Treasury Board Policy Suite on Internal Audit, which became effective on April 1, 2017.
The IA Charter reflects the requirements of the Treasury Board Policy on Internal Audit (TB Policy) and the Institute of Internal Auditors (IIA) International Standards for the Professional Practice.
The objective of the Internal Audit (IA) Charter is to define the purpose, authority and responsibility of the internal audit function at the OCEO. This Charter is complementary to the Audit Committee (AC) Terms of Reference. The AC has the responsibility to review annually the IA Charter and to recommend it for approval to the Chief Electoral Officer (CEO).
2. Effective Date
This IA Charter takes effect on October 18, 2022. It replaces the IA Charter that came into effect on November 1, 2020.
3. Mission and Scope of the Internal Audit Function
The mission of internal audit is to provide independent and objective assurance, consulting and advisory services that add value and improve OCEO operations. This helps the Agency to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of:
- Risk management strategies and practices;
- Management control frameworks, systems and practices; and
- Governance processes.
The OCEO Chief Audit Executive is the Chief Planning and Audit Officer (CPAO), who reports directly to the CEO in this capacity.
The CEO and senior management are responsible for ensuring that management controls promote goal achievements and risk mitigations. The internal audit function is important in assisting the CEO and senior management to fulfill this responsibility.
The internal audit function will conduct selected examinations of activities that are judged to pose a higher than average risk, or where the CEO requires added assurance that controls are effective.
The internal audit function's scope of work is to determine whether the OCEO's network of risk management, control and governance processes, as designed and represented by management, is adequate given the agency's size, risk and resources, as well as to determine whether these processes achieve their objectives.
When audits identify opportunities for improving control, governance and risk management, these opportunities will be communicated to the appropriate level of management.
4. Policy Authorities
The revised Treasury Board Policy Suite on Internal Audit, which includes the Directive on Internal Audit in the Government of Canada, took effect on April 1, 2017.
The revised policy suite introduced a number of changes applicable to all federal institutions that served to streamline the instruments, remove conflicting audit requirements and clarify the roles and responsibilities of the Comptroller General.
Under the new policy instruments, Agents of Parliament (AoPs) continue to be excluded from the application of a number of requirements. In some instances, the OCEO decided to act within the spirit of these requirements.
As a result, the OCEO identified several key changes that potentially impacted the operation of its audit function and audit committee, and warranted further examination.
The policy changes were discussed with the Audit Committee members at their August 2017 meeting, which resulted in the following decisions:
Mandatory internal audit function:
The policy suite states that the internal audit function is mandatory only in departments that have a reference level of more than $300 million per year. Given the OCEO's environment and its status as an AoP (with limited oversight by central agencies), the OCEO will continue to have an internal audit function.
Qualifications of the Chief Audit Executive (CAE):
CAEs designated by AoPs are specifically exempted from having internal audit certification or professional accounting designation.
The CAE and staff of the internal audit division are responsible for:
- Establishing at least annually, and updating as required, a flexible departmental risk-based audit plan that: spans multiple years; focuses primarily on providing assurance services; is recommended by the Audit Committee and approved by the CEO; and which considers the following:
- Input of the agency's senior management and the Audit Committee to address any risk or control concerns identified by management or external auditors.
- Horizontal audits led by the Comptroller General.
- Planned audits led by external assurance providers and other departments as appropriate to ensure suitable coverage and minimize duplication of effort.
- Other oversight engagements, including, where the necessary expertise and capacity are in place, the option to provide consulting services to the OCEO, as a supplement to the assurance role and in accordance with the IIA' International Professional Practices Framework.
- Ensuring that the CEO and the Audit Committee are aware of the resource requirements for the internal audit function and the impact of resource decisions.
- Ensuring the timely completion of internal audit engagements and provision of reports to the Audit Committee.
- Reporting at least annually to the CEO and the Audit Committee on whether the actions scheduled by management in response to audit recommendations, both internal and external, have been implemented.
- Ensuring that internal auditors have the appropriate qualifications, skills, and opportunities to maintain and develop their internal auditing competencies.
- Establishing appropriate policies and procedures to guide the internal audit function and IA Charter ensuring that the Internal Auditing Standards for the Government of Canada are followed.
- Developing and maintaining a quality assurance and improvement program that covers all aspects of the internal audit function and continuously monitors its effectiveness.
- In consultation with the CEO and the Audit Committee, ensuring that a qualified, independent reviewer or external review team periodically conducts a practice inspection or other external review of the internal audit function and that the results of this external assessment are communicated to the CEO and the Audit Committee.
- Publishing the IA Charter, internal audit reports and the Audit Committee's terms of reference on the website as appropriate.
- Collaborating with the external members of the Audit Committee to conduct periodic self-assessments on the Committee's performance in support of continuous improvement.
- Ensuring the disclosure at least annually by individual external Audit Committee members of all new activities, interests or appointments that may impair, or be seen to impair, each member's independence and objectivity.
- Ensuring the disclosure and online publication of the external Audit Committee members' remuneration, as per the mechanism established by the Office of the Comptroller General of Canada.
The CAE and staff of the internal audit function are authorized to:
- Have unrestricted access to all functions, records, property and personnel, and obtain information and explanations from the OCEO's employees and contractors, subject to applicable legislation.
- Have full and free access to the Audit Committee members as well as, at least annually, have an in-camera discussion with external Audit Committee members.
- Allocate resources, set frequencies, propose subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain assistance as required from personnel in units of the agency where they perform audits, as well as other specialized services from within or outside the OCEO.
- Carry out audit responsibilities free of any impairment, including reporting findings to the CEO and the Audit Committee.
7. Independence and Conflicts
The CAE is appointed by the CEO to lead the OCEO's internal audit function. The CAE reports to the CEO and has access to the Audit Committee. As part of his interactions with the Audit Committee, the CAE will regularly report on audit activities.
The CAE will monitor the reporting structure to ensure that he or she is not impaired in the operations of the internal audit function. Any impairment will be brought to the attention of the CEO and the Audit Committee.
The CAE will advise the CEO when she concludes that management has accepted a level of residual risks that may be unacceptable to the OCEO. If the decision regarding residual risk is not resolved, the CAE will report the matter to the Audit Committee for resolution.
At each of its meetings, members of the Audit Committee will normally meet in camera. Representatives of external assurance providers and/or any other senior officials may be requested to attend. The CAE and the Chief Financial Officer will also meet in camera with the Audit Committee members at least once per year.
The CAE, in the discharge of her duties, shall be accountable to the CEO and the Audit Committee to:
- Report significant issues related to the processes for controlling the OCEO's activities, including potential improvements to those processes, and provide information concerning such issues through to resolution.
- Provide information periodically on the status and results of the annual audit plan and the adequacy of internal audit resources.
- Coordinate with and oversee other assurance control and monitoring functions (risk management, evaluation, compliance, security, legal, ethics, environment, and external audit).
- Submit an annual summary of the achievements of work in the internal audit plan.
Back to footnote 1 The Office of the Chief Electoral Officer includes Elections Canada and the Office of the Commissioner of Canada Elections.