Internal Audit and Evaluation Documents
Charter for Internal Audit Function
Report tabled and approved by the Audit Committee
[ Printable Version ]
The purpose of establishing an internal audit charter is to set out the mission, responsibilities and authorities of the Parks Canada's internal audit function. The Charter defines:
- The purpose and scope of internal audit activities
- Accountabilities and independence of the function
- Roles and responsibilities of the Chief Audit Executive, audit staff and program managers (i.e., auditees)
To provide independent and objective assurance and consulting services designed to add value and improve the Agency's operations. It helps the Agency accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of:
- Governance processes
- Risk management strategies and practices, and
- Management control frameworks, systems and practices
Scope of Activities
The internal audit function conducts assurance and consulting activities to determine whether the Agency's network of risk management, control and governance processes, as designed and represented by management, is adequate and functioning in a manner that ensures:
- Risks are appropriately identified and managed
- Interaction with various governance groups occurs
- Significant financial, managerial and operating information is accurate, reliable and timely
- Activities and actions are in compliance with policies, standards, procedures and applicable laws and regulations
- Resources are acquired economically, used efficiently, and adequately protected
- Programs, plans and objectives are achieved
- Quality and continuous improvement are fostered in the Agency's control processes
- Significant legislative or regulatory issues impacting the Agency are recognized and addressed
Accountability and Independence
The internal audit function is under the responsibility of the Chief Audit Executive who is accountable and reports directly to the Chief Executive Officer. This organizational structure is essential to ensure that the wide range of internal audit activities is unrestricted and that appropriate attention is given to the audit findings and recommendations.
The Chief Audit Executive shall have direct and unimpaired access to all members of the Agency's Audit Committee to report findings and issues and to request advice, opinions and instructions.
To ensure the objectivity and independence, an external contracted third party will perform any audit audits of functions for which the CAE has responsibility (i.e., evaluation).
Internal Auditors are expected to adhere to the Code of Ethics of the Institute of Internal Auditors and declare any conflicts of interest or other matters that would affect their ability to provide independent objective observations, conclusions and recommendations.
Audit independence requires that resourcing of the function be done independently from the activity or process being audited.
The internal audit function will be subject to independent practice inspection consistent with GOC Internal Audit Policy every four years to ensure that it meets the standards of the TB Policy on Internal Audit and the Professional Practice Framework of the Institute of Internal Auditors (IIA).
Roles and Responsibilities
Chief Audit Executive and staff are responsible for:
- Develop an annual risk based Audit Plan consistent with Government of Canada and Institute of Internal Auditors Policies, Standards and Directives (i.e., risk based, taking into account the work of other assurance providers, and central Agencies requirements, and in support of an annual holistic opinion on overall risk management, control and governance processes)
- Implementing the Plan as approved including as required any special tasks or projects requested by the CEO or the Audit Committee
- Identifying and communicating to the CEO and the Agency Audit Committee the resource requirements of the internal audit function, including significant interim changes, and the impact of resource limitations
- Supporting the Agency Audit Committee operations including preparing the Agenda, providing documents and material and recording the committee's discussion and decisions
- Ensuring resources are appropriate, sufficient, and effectively deployed to achieve the approved plan
- Ensuring timely completion of engagements and that reports are provided directly to the CEO and audit committee with minimum delay
- Maintaining a professional audit staff with sufficient knowledge skills, experience and professional certification to meet the requirements of the job, as well as providing opportunities for training and development to maintain and improve internal auditing competence
- Establishing appropriate policies, procedures, and quality control and improvement processes to guide and improve the function (including periodic independent practice inspection consistent with GOC Internal Audit Policy)
- Reporting at least annually to the CEO and the Audit Committee on the
- Results of audit activities and the performance of the audit function
- Relevance and effectiveness of governance, risk management and control processes and possible improvements
- Providing an annual holistic opinion on the Agency's risk management, control and governance processes
- Assisting in investigation of suspected fraudulent activities within the Agency and notifying management and the Audit Committee of the results
- Submitting to the Office of the Controller General annually, the Internal Audit Plan and Reports of completed audit engagements including management responses and action plans
- Posting internal audit reports along with management responses and action plans on the Agency website in both official languages within 90 days of their approval by the deputy head.
CEO and Audit Committee
The CEO is an ex-officio member of the Audit Committee composed of three
members external to the Agency as set out in the Audit Committee Terms of
Reference. The Audit Committee is responsible to oversee and make recommendations
to the CEO with regard to:
- Internal audit functions (i.e., budgets, plans, audit reports and management responses and performance of the function).
- The work of the Office of the Auditor General of Canada (OAG) and other central agencies audit related work
- Follow-up on management action plans
- Financial statements and Public Accounts reporting
- Risk management
- Agency accountability reporting
- Values and ethics
- The management control framework
The Chief Executive Officer is responsible to:
- Approve resources for and budgets of the internal audit function as well as internal audit plans, reports and associated management responses;
- Approve financial statements, risk management and control arrangements in the Agency and accountability reporting by the Agency.
Agency Managers (Auditees)
Are responsible for
- Developing and implementing appropriate governance, risk management and internal controls mechanisms to achieve Agency and government results
- Ensuring that their staff cooperate fully with the work of the internal auditors
- Preparing management responses to specific audit recommendations within 15 working days from the date on which the final draft audit report was sent requesting a management response. The management response must address each of the recommendations contained in the report. In exceptional circumstances Chief Audit Executive may provide more time for completion of the management response
- Determining if a communications plan related to audit findings is required and preparing the plan for tabling at the Internal Audit Committee along with the management response
- Preparing reports on progress in implementing management response items as required for up to five years after the original internal audit.
The CAE and staff of the internal audit function are authorized to:
- Have unrestrictive access to all functions, records, property and personnel and have the right to obtain information and explanations from Agency employees and contractors, subject to applicable legislation
- Have full and free access to the Agency Audit Committee and to the Committee chair and vice-chair
- Allocate resources, set frequencies, select subjects, determine scope of work, and apply techniques required to accomplish audit objectives
- Obtain the necessary assistance of personnel in units of the Agency where they perform audits, as well as other specialized services from within or outside the Agency
- Have unimpaired ability to carry out their responsibilities, including reporting findings to the CEO, the Agency Audit Committee and, as appropriate, to the Controller General
The CAE and staff of the internal audit function are not authorized to:
- Perform any operational duties for the Agency
- Initiate or approve accounting transactions external to the internal audit function
- Direct the activities of any departmental employee not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to audit teams or to otherwise assist the internal auditors.
Standards of Audit Practice
The internal audit function will meet or exceed the Government of Canada's Policy on Internal Audit and standards, including the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors.
Chief Audit Executive
(Submits for approval)
Audit Committee (Vice) Chair
Chief Executive Officer
Chief Audit Executive: the official responsible for directing and leading the internal audit function in the Agency
Internal auditor: Employee or any other designated Parks Canada Agency official carrying out internal audit duties.
Program Manager (Auditee): Employee, or any other designated Parks Canada official whose operations, program, Field Unit, Service Centre, or Directorate are being audited.
Assurance activities: Objective examination of evidence to provide an independent assessment of the risk management, control or governance processes. Examples include, but are not limited to, operational, financial, compliance, systems security and due diligence audits.
Consulting activities: Advisory and related services where the nature and scope are agreed to with a client and which are intended to add value and improve the Agency's governance, risk management or control processes. Examples include consulting, advice, facilitation and training.
Controls: Any action by management or employees to manage risk, and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
Governance: The combination of processes and structures implemented by the Executive Board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives.
Risk: The possibility of an event occurring that will have an impact on the achievement of objectives.
Risk Management: A process to identify, assess, manage, and control potential events or situations, to provide reasonable assurance regarding the achievement of the organization's objectives.
[ Printable Version ]