Performance results for the internal audit function
December 2021
| Compliance attributes | Key compliance attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation, such as Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) | 67% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 0% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA) | 50% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | September 2021 |
| Date of last external assessment | April 2019 | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 100% |
Table 1 – Risk-based audit plan (FY 2021–2022) and related information
December 2021
| Audit title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Review of the Management of the Time Reporting System | Approved | July 27, 2020 | N/A | October 2020 | Delayed to December 2021 |
| Targeted Audit of the Assignment Process | Approved | February 8, 2021 | June 1, 2021 | November 2021 | In progress |
| Audit of the Participant Funding Program (PFP) | In progress | TBC | TBC | ||
| Fraud Risk Assessment | In progress | April 14–15, 2022 | TBC | ||
| Harmonized Plan Steering Committee Review | Approved | September 27, 2021 | N/A | November 30, 2021 | Complete |
| Director Collective Lessons Learned | In progress | TBC | TBC | ||
| Reimagine the Workplace Initiative Readiness Assessment | Cancelled | N/A | N/A | ||
| Audit of Crisis Communications | In progress | TBC | TBC | ||
| Audit of Cyber Security – CNSC Oversight of Licensees | In progress | TBC | TBC | ||
| Audit of Technical Training | Delayed | TBC | TBC | ||
| Office of the Auditor General of Canada Audit of Nuclear Waste Management | In progress | TBC | TBC |
June 2021
| Compliance attributes | Key compliance attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation, such as Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) | 50% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 0% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA) | 25% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | October 2020 |
| Date of last external assessment | April 2019 | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 90% |
Table 1 – Risk-based audit plan (FY 2021–2022) and related information
June 2021
| Audit title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Audit of the Management of Personal Information | Approved | July 27, 2020 | N/A | March 2020 | Fully implemented |
| Review of the Management of the Time Reporting System | Approved | July 27, 2020 | N/A | October 2020 | Delayed to September 2021 |
| Review of the Directorate of Security and Safeguards’ Inspection Processes | Approved | July 27, 2020 | August 4, 2020 | August 2020 | Fully implemented |
| OCG Horizontal Audit of Physical Security | Approved | July 27, 2020 | N/A | March 2021 | Fully implemented |
| OCG Horizontal Blended Engagement of Information Technology Security – Phase II | Approved | October 19, 2020 | N/A | March 2021 | Fully implemented |
| Business Continuity Plan Lessons Learned | Approved | October 26, 2020 | N/A | N/A | |
| Return to the Workplace (RTWp) Readiness Assessment | Approved | October 26, 2020 | N/A | N/A | |
| Targeted Audit of the Assignment Process | In progress | February 8, 2021 | June 1, 2021 | November 2021 | In progress |
| Audit of the Participant Funding Program (PFP) | In progress | October 26, 2020 | TBC | ||
| Fraud Risk Assessment | In progress | TBC | TBC | ||
| Harmonized Plan Steering Committee Review | In progress | TBC | TBC | ||
| Director Collective Lessons Learned | In progress | TBC | TBC | ||
| Reimagine the Workplace Initiative Readiness Assessment | Planned | TBC | TBC | ||
| Audit of Crisis Communications | Planned | TBC | TBC | ||
| Audit of Cyber Security – CNSC Oversight of Licensees | Planned | TBC | TBC | ||
| Audit of Technical Training | Planned | TBC | TBC | ||
| Office of the Auditor General of Canada Audit of Nuclear Waste Management | Planned | TBC | TBC |
November 30, 2020
| Compliance attributes | Key compliance attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation such as Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) | 57% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 0% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA) | 28% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | October 2020 |
| Date of last external assessment | April 2019 | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 90% |
Table 1 – Risk-based audit plan (FY 2019–2020) and related information
November 30, 2020
| Audit title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Follow-up on the 2016 report by the Office of the Auditor General’s Commissioner of the Environment and Sustainable Development on the audit of the Directorate of Power Reactor Regulation Nuclear Power Plants Audit | Approved | July 27, 2020 | N/A | N/A | Fully implemented |
| Audit of the Management of Personal Information | Approved | July 27, 2020 | N/A | March 2020 | On track |
| Review of the Management of the Time Reporting System | Approved | July 27, 2020 | N/A | October 2020 | On track |
| Review of the Directorate of Security and Safeguards’ Inspection Processes | Approved | July 27, 2020 | August 4, 2020 | August 2020 | Substantially implemented |
| Review of the Directorate of Environmental and Radiation Protection’s Assessment Inspection Processes | Approved | October 19, 2020 | October 21, 2020 | August 2020 | Fully implemented |
| OCG Horizontal Audit of Physical Security | Approved | July 20, 2020 | N/A | March 2021 | On track |
| OCG Horizontal Blended Engagement of Information Technology Security – Phase II | Approved | October 19, 2020 | N/A | March 2021 | On track |
| Business Continuity Plan Lessons Learned | Approved | October 26, 2020 | N/A | September 2021 | |
| Return to the Workplace (RTWp) Readiness Assessment | Approved | October 26, 2020 | N/A | N/A | |
| Targeted Audit of the Assignment Process | In progress | TBC | TBC | ||
| Small Modular Reactor (SMR) Regulatory Readiness Assessment | In progress | October 26, 2020 | TBC | ||
| Participant Funding Program (PFP) | Planned | October 26, 2020 | TBC | ||
| Audit of Cyber Security – CNSC Oversight of Licensees | Postponed |
April 30, 2020
| Compliance Attributes | Key Compliance Attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation such as (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) | 60% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress. | 20% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional, Certified Information Systems Auditor | 40% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | April 2019 |
| Date of last external assessment. | April 2019 | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 90% |
Table 1 – Risk-based audit plan (FY 2019–2020) and related information
April 30, 2020
| Audit Title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Follow-up on the 2016 report by the Office of the Auditor General’s Commissioner of the Environment and Sustainable Development on the audit of the Directorate of Power Reactor Regulation Nuclear Power Plants | In progress | ||||
| Audit of the Management of Personal Information | In progress | ||||
| Review of the Management of the Time Reporting System | In progress | ||||
| Review of the Directorate of Security and Safeguards’ Inspection Processes | In progress | ||||
| Review of the Directorate of Environmental and Radiation Protection’s Assessment Inspection Processes | In progress | ||||
| OCG Horizontal Audit of Physical Security | In progress | ||||
| OCG Horizontal Blended Engagement of Information Technology Security – Phase II | In progress | ||||
| Audit of Cyber Security – CNSC Oversight of Licensees | Planned |
January 15, 2020
| Compliance attributes | Key compliance attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation, such as Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) | 62.5% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 12.5% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA) | 37.5% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | April 2019 |
| Date of last external assessment | April 2019 | |
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 90% |
Table 1 – Risk-based audit plan (FY 2019–2020) and related information
January 15, 2020
| Audit title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Management Audit of the Western (Calgary) Regional Office | Approved | Jul. 3, 2018 | Nov. 8, 2018 | Sep. 2018 | Substantially implemented |
| Audit of the Directorate of Nuclear Cycle and Facilities Regulation’s Inspection Processes | Approved | Jun. 14, 2019 | Jun. 29, 2019 | Dec. 2019 | Substantially implemented |
| Audit of the Directorate of Nuclear Substance Regulation’s Inspection Processes | Approved | Jun. 14, 2019 | Jun. 29, 2019 | Jun. 2019 | Substantially implemented |
| Follow-up on the 2016 report by the Office of the Auditor General‘s (OAG) Commissioner of the Environment and Sustainable Development on the audit of the Directorate of Power Reactor Regulation Nuclear Power Plants | In progress | ||||
| Audit of the management of personal information | In progress | ||||
| Audit of the Management of the Time Reporting System | In progress | ||||
| Review of the Directorate of Security and Safeguards’ (DSS) Inspection Processes | In progress | ||||
| Review of the Directorate of Environmental and Radiation Protection’s Assessment Inspection Processes | In progress | ||||
| OCG Horizontal Audit of Physical Security | In progress | ||||
| OCG Horizontal Blended Engagement of Information Technology Security – Phase II | Planned | ||||
| Audit of Cyber Security – CNSC Oversight of Licensees | Planned |
June 30, 2019
| Compliance attributes | Key compliance attribute | Results |
|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Percentage of staff who have an internal audit or accounting designation, such as Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA) Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 71.4% |
| Percentage of staff whose internal audit or accounting designation (CIA, CPA) is in progress | 14% | |
| Percentage of staff who hold other designations, such as Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA) | 43% | |
| Is internal audit work performed in accordance with the international standards for the internal audit profession, as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools and information considered necessary to evaluate conformance with the Institute of Internal Auditors’ (IIA) Code of Ethics and the IIA’s Standards, as well as with the results of the quality assurance and improvement program | April 2019 |
| Date of last external assessment | April 2019 | |
| Is internal audit credible and does it add value to the organization’s mandate and strategic objectives? | Average rating of the usefulness of areas audited, as rated by senior management (ADM level or equivalent) | Overall satisfaction 90% |
Table 1 – Risk-based audit plan (FY 2019–2020) and related information
June 30, 2019
| Audit title | Status | Report approval date | Report publication date | Original management action plan completion date | Implementation status |
|---|---|---|---|---|---|
| Audit of Financial Guarantees | Approved | Jul. 3, 2018 | Nov. 8, 2018 | Dec. 2018 | Fully implemented |
| Audit of Contracting and Procurement | Approved | Aug. 1, 2018 | Nov. 8, 2018 | Feb. 2019 | Fully implemented |
| Management Audit of the Western (Calgary) Regional Office | Approved | Jul. 3, 2018 | Nov. 8, 2018 | Sep. 2018 | Substantially implemented |
| Audit of the Nuclear Emergency Management Program | Approved | Jul. 3, 2018 | Nov. 8, 2018 | Apr. 2018 | Fully implemented |
| Audit of the Directorate of Nuclear Cycle and Facilities Regulation’s Inspection Processes | Approved | Jun. 14, 2019 | Jun. 29, 2019 | Dec. 2019 | Substantially implemented |
| Audit of the Directorate of Nuclear Substance Regulation’s Inspection Processes | Approved | Jun. 14, 2019 | Jun. 29, 2019 | Jun. 2019 | Substantially implemented |
| Follow-up on the 2016 report by the Office of the Auditor General‘s (OAG) Commissioner of the Environment and Sustainable Development on the audit of the Directorate of Power Reactor Regulation Nuclear Power Plants | In progress | ||||
| Audit of the management of personal information | In progress | ||||
| Audit of the Management of the Time Reporting System | Planned | ||||
| Review of the Directorate of Security and Safeguards’ (DSS) Inspection Processes | In progress | ||||
| Review of the Directorate of Environmental and Radiation Protection’s Assessment Inspection Processes | Planned | ||||
| OCG Horizontal Audit of Physical Security | In progress | ||||
| OCG Horizontal Blended Engagement of Information Technology Security – Phase II | Planned | ||||
| Audit of Cyber Security – CNSC Oversight of Licensees | Planned |
- Date modified: