CPPM Policy Chapter 17: Internal Audit

This Core Policy and Procedures Manual chapter describes policy with respect to the role and scope of internal auditing in government.

• 17.0 Internal Audit
  • 17.1 Objective
  • 17.2 General
  • 17.3 Policy
  • 17.4 Information and References

17.1 Objective

The objective of the internal audit function is to work co-operatively with Executive Council (Cabinet) and Treasury Board, a committee of Cabinet, as well as senior ministry management and staff across government to improve the economy, efficiency, effectiveness, and accountability of public sector programs and operations. The scope of work of the internal audit function is to determine whether the governance, risk management and internal control processes, as designed and represented by management, are adequate and functioning in the following manner:

• risks to achieving government's goals are appropriately identified, managed and effectively controlled;
• programs and operations are delivered in an efficient and effective manner, and government goals and objectives are achieved;
• adequate information is provided to Cabinet, Treasury Board and senior ministry management, as well as their staff to facilitate effective decision making and accountability;
• ethical conduct and sound business practices are supported and promoted;
• legislative, regulatory or contractual requirements are recognized and met; and
• government assets are safe guarded.

While the majority of internal audit effort is focused on the corporate internal audit work plan, a portion of internal audit's resources is directed at a ministry-specific internal audit work plan. In addition, internal audit investigates allegations of loss and inappropriate or illegal activity in government.

17.2 General

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve the government's ability to meet its service goals and objectives. It uses a systematic and disciplined approach to evaluate and recommend improvements in the effectiveness of risk management, internal control, decision support and governance processes.

The internal audit function does not relieve ministry management of responsibility to establish and support an adequate internal control environment within their organization. It is ministry management's responsibility to plan, organize and direct the undertaking of sufficient controls to provide reasonable assurance that government goals and objectives will be accomplished in the most effective, efficient and economical manner.

Authority and Responsibility

The authority to undertake internal audits is derived from sections 4, 8 and 9 of the Financial Administration Act. Responsibility for the internal audit function within government has been delegated to the Office of the Comptroller General (OCG) and is administered by the Internal Audit and Advisory Services Branch (IAAS).

Cabinet:

• receives through Treasury Board, a presentation from IAAS on risks to the achievement of government's goals
• provides guidance to Treasury Board on its priorities to assist IAAS in developing the Annual Corporate Audit Plan
• receives through Treasury Board an Annual Corporate Audit Plan which responds to guidance provided
• approves the Annual Corporate Audit Plan
• receives through Treasury Board copies of all corporate and ministry audit reports prepared by IAAS, other than ad hoc and forensic audit reports
• endorses Treasury Board recommendations for actions required to address significant issues arising through the corporate audit reports
• receives through Treasury Board an annual report indicating the status of implementation of recommendations

Treasury Board:

• provides direction to IAAS on Cabinet's guidance, for inclusion in the annual audit planning process
• receives the Annual Corporate Audit Plan prepared by IAAS based on direction received
• receives all audit reports prepared by IAAS, other than ad hoc and forensic audit reports, and makes specific recommendations to Cabinet on actions arising from the audit reports
• directs IAAS, through the Comptroller General, to examine and report on whether public money, as defined in the Financial Administration Act, has been disbursed for the purpose intended, and to examine the financial management of government corporations
• receives an Annual Report from the Comptroller General which summarizes the effectiveness of financial management and administration across government

Comptroller General:

• responsible for providing an effective Internal Audit function for government
• directs IAAS to examine the disbursements of public monies and the financial management of government corporations, as requested by Treasury Board
• directs IAAS to investigate and monitor loss incidents in government, where appropriate
• provides an Annual Report to Treasury Board which outlines recommendations for improvements to financial management across government

Deputy Ministers:

• provide input into the annual corporate risk assessment and audit planning processes
• a committee of deputy ministers will be established to review an Annual Audit Plan for ministry-specific projects arising from the annual risk assessment. This committee will also receive copies of all ministry-specific audit reports
• receive copies of corporate audit reports that impact their organization
• will provide timely responses to corporate or ministry-specific audit reports that involve the deputy minister's accountability

Ministries:

• provide input into the annual risk assessment process and audit planning process
• request IAAS to perform ad hoc services
• report significant loss incidents, including suspicions of illegal activity, to the Comptroller General

Internal Audit and Advisory Services Branch (IAAS):

• provides an independent and objective assessment of the operations of ministries, agencies, boards and commissions and advises on improvements resulting from internal audit activities
• provides a continuum of services ranging from assurance regarding the effectiveness of internal controls and compliance to comprehensive assessments of program performance and information systems
• provides ongoing support and advice to ministry management through the conduct of special investigations, performance reviews and consulting services that support core activities

17.3 Policy

1. Internal Audit and Advisory Services (IAAS) will exclusively provide the internal audit function within government.
2. IAAS will provide Cabinet through Treasury Board an annual assessment of risks to the achievement of government's goals.
3. IAAS will provide Cabinet through Treasury Board an annual corporate audit plan.
4. IAAS will prepare, for a committee of deputy ministers' approval, an annual ministry-specific audit plan.
5. IAAS will be given direct and ready access to all ministry functions, records, reports, files, contracts, vouchers, and other documents, as well as people or premises, as they consider necessary, for the proper conduct of their audits.
6. As directed by Treasury Board, IAAS must be given unrestricted, direct and ready access to all functions, records, reports, files, contracts, vouchers, other documents, people or premises of organizations in the broader public sector.
7. At the conclusion of every investigative assignment, IAAS will issue a written report to the Comptroller General and the deputy minister for the responsible ministry.
8. IAAS will submit an Annual Report on the implementation of audit recommendations to the Cabinet, through Treasury Board, for their consideration.
9. The Comptroller General will submit an Annual Report to Treasury Board which summarizes the effectiveness of financial management and administration across government.

17.4 Information and References

More information on IAAS can be obtained via OCG's intranet address: http://gww.fin.gov.bc.ca/gws/ocg/index.stm. This site is limited to users that have Government of British Columbia intranet access only.

All readers can obtain additional information through the IAAS internet site or by contacting IAAS at 250 387-6303

Business Continuity Management < Previous | Next > Administration