Print Version   
May 11, 2005

SHARED CONCERNS SPARK INTERNAL AUDIT FORUM DISCUSSION
The chief internal auditors of Canada's provincial and territorial governments attended the National Forum for Government Chief Internal Auditors in Victoria, B.C. in October 2004. Their discussions focused on strategic and operational issues affecting internal audit's ability to contribute to improved governance and accountability in the public sector.

Bernie Lodge
Director, Internal Audit Services
Department of Finance, Government of Nunavut

Bernie Lodge is the Director of the Internal Audit Services Branch within the Government of Nunavut. This Branch provides financial and operational assurance audits, and advisory services to the government and its agencies.

Bernie has 25 years of audit experience within the public sector, with the last 20 years being in internal audit. He has conducted audit work in a variety of sectors, including the federal and territorial governments, and in the international arena. Bernie contributed in initiating a decentralized audit model within a federal government department, and initiated internal audit functions within the Government of Guyana and within a Canadian territorial government.

In addition to conducting financial and efficiency-effectiveness audit work, Bernie's experience includes such work in the areas of critical infrastructures, allocation of assets during an electrical utility split, code of conduct policy assessments, ethical and security issues, and departmental performance evaluations.

Bernie's experience has taught him that behavioral (soft) controls are every bit as important as traditional (hard) controls, and that a careful balance needs to be maintained between the two. The challenge for organizations is to maintain this balance in environments that are fluid and in constant evolution.. That balance is fundamental for improving governance and accountability within the public sector.

Following the forum, we asked Bernie Lodge to discuss some of the highlights of the event.

UPDATE: The forum looked at best practices for internal audit groups. How did you approach this subject and what best practices were you able to identify?

Lodge: We looked at the results of two legislative audits of internal audit functions as our window into best practices. The Auditor General of British Columbia had just completed a review of internal audit in B.C. health authorities, and the Office of the Auditor General of Canada was wrapping up an audit of internal audit in departments and agencies across the federal government.

The B.C. audit included extensive research into best and expected practices from numerous jurisdictions and professional associations. The final report identified best practices in several areas, including roles, responsibilities and authorities and board oversight of internal audit, resourcing the internal audit function, planning internal audit's activities, audit processes, and evaluating internal audit's performance.

The federal audit assessed the extent to which six internal audit groups had met professional standards and complied with the Treasury Board Policy on Internal Audit. Its report listed factors that would, if implemented, have a positive effect on the quality of internal audit, including:

  • Clear support from senior management;
  • Audit committees that include external members, independent of management;
  • A clear human resources strategy aimed at strengthening and professionalizing the function;
  • An increased focus on audit rather than on management consulting; and
  • A strategy to ensure internal audit coverage and capacity in small entities.

These reports led to further discussion about changes to the internal audit function in the federal government, the role and composition of audit committees, and internal audit independence. At the end of the session we agreed that research is needed to identify the ideal circumstances and factors that support internal audit independence in a governmental setting.

UPDATE: You also talked about the application of standards to the government internal audit function.

Lodge: All provincial and territorial internal audit groups promote adherence to the Standards of the Institute of Internal Auditors (IIA). There was some discussion about whether Canada should develop its own standards for internal auditing. But we noted there would be challenges in developing standards that could apply to the various levels of government – federal, provincial, municipal – and in identifying an appropriate Canadian organization to set standards.

UPDATE: Reporting relationships for the internal audit function vary among provinces and territories and within the federal government. The Chief Internal Auditors in Alberta and the Yukon report to the Secretary of the Cabinet, while all others report to either a Deputy or Assistant Deputy Minister. In the federal government, it is recommended that a chief audit executive report administratively to a department's deputy head, with a functional reporting relationship to the Comptroller General of Canada. Did you reach any conclusions on the link between reporting relationship and independence?

Lodge: Some participants felt that reporting level is only one of several important factors in the independence of the audit function. Other factors include the role of the audit committee, where these exist; the adequacy of funding; and the authority and mandate of the internal audit group. It is also important that the person to whom the CAE reports, wherever that person is located, be supportive of the function. Ideally there should be a balance between support and independence. The essence of internal audit is, after all, to support the organization achieve its immediate and longer term goals and objectives.

UPDATE: Should non-management bodies, such as Parliamentary committees and the public, have access to internal audit reports?

Lodge: In most provincial, territorial and federal jurisdictions, internal audit reports are accessible through access to information laws. Though this contributes to transparent government, we noted in our discussion that it could also lead to delays in finalizing draft reports and possible sanitizing of reports. It also creates the potential for people to confuse internal audit with the legislative auditor. So there are advantages and disadvantages.

UPDATE: What did your discussions reveal about the role risk assessment plays in audit planning?

Lodge: Most of our jurisdictions use risk-based information in developing internal audit plans. Some identify risk factors informally; others use a more structured approach. Some conduct risk assessments annually, others less often. Interestingly, audit planning software tools are not used extensively by chief internal auditors. Participants agreed that it is very important to have management buy-in to the risk assessment process.

In addition to consulting managers about risk factors, many chief internal auditors take into account the concerns and interests of legislative auditors, either by contacting them directly or by reading their reports and plans. Some share their risk assessment conclusions with the legislative auditor to reduce duplication and improve working relationships and audit results.

UPDATE: Proper resourcing – both in terms of dollars and people – has been identified as a key to the success of an internal audit function. What did participants say about resource levels for internal audit?

Lodge: They said it is difficult to determine the resources needed for an effective internal audit function and then to secure the necessary funding. Resource needs vary depending on factors such as organizational positioning, client challenges, the internal and external environment, and the like. Tools such as the Capability Maturity Model (see box) that the IIA and other stakeholders are examining should help internal audit organizations identify their needs and then make the case for the required resources.

UPDATE: On behalf of the members of CCAF, thank you for sharing with us your perspective on the National Forum.

An Executive Summary and the full Highlights of Discussion on the forum can be found on the CCAF website.


A "Capability Maturity Model"

The International Government Relations Committee of The Institute of Internal Auditors has discussed the possibility of developing a Capability Maturity Model that describes the characteristics and establishes standards of performance for government internal audit functions at five different stages of evolution. The stages track the development of an audit function from start up, to a mature function, and finally to a world-class, best practice operation. A key principle of the model lies in the premise that effective implementation of the elements at each level is necessary to build the capacity and systematic infrastructure to support growth to the next level.

The uses of this model include:

  • Self-assessment tool for government audit organizations to set goals and identify gaps in their processes;
  • Targeted training to guide audit entities as they seek to evolve upward to a more optimized functionality;
  • Criteria for government audit legislation, training programs, and funding, to ensure that desired levels of audit functionality are properly supported;
  • Criteria for legislators, executive managers, and others evaluating the need for and type of government audit function to be established in their jurisdiction.

Next Forum: Quebec City, October 2005

The October 2004 CCAF National Forum for Government Chief Internal Auditors in Victoria, B.C. was the second such event, following the inaugural forum held in November 2003 in Toronto. According to Executive Director Michael Eastman, CCAF is hard at work planning the next forum, which will take place in Quebec City in October 2005.

"Our organization is well placed to bring chief internal auditors together to compare notes and look for ways to improve the internal audit function collectively," Michael said. "We can apply our research capacity to pursue issues the auditors identify as priorities for them."

Participants at the 2004 Forum identified several areas for further study or consideration, including:

  • Best practices for internal audit committees in government – mandate and charter, roles and responsibilities, size, composition, frequency of meetings;
  • Best practice benchmarks and appropriate levels of internal audit resources to effectively carry out the internal audit mandate;
  • The relationship between the internal auditor and the legislative auditor and connection points and areas for mutual support;
  • Internal audit processes and best practices for providing broad-level assurance and reporting on the adequacy of internal controls;
  • Internal audit processes in public and private sectors for factoring in new audit, control and reporting requirements when determining the major areas of risk for the organization;
  • Interest in Canadian-specific internal audit guidance, e.g. principles, standards, advice;
  • Best practices for public reporting of internal audit performance;
  • Best practices for internal audit conduct and capacity in the broader public sector, e.g. crown corporations, agencies;
  • Best practices for the role of internal audit in enterprise risk management.

"Some or all of these will be on the agenda in Quebec City," Michael said. "In the meantime, our staff is researching sources of information likely to facilitate informed discussion of these topics at the next forum."

Return To Top of Page

Copyright © 2006 CCAF-FCVI
Privacy Policy