291 Olmstead Street
Ottawa (Vanier), ON
K1L 7J9 Canada

Tel: 613-241-6713
Fax: 613-241-6900


Copyright © 2017 CCAF-FCVI
Privacy Policy

The Evolution of Internal Audit in the Federal Government
Friday, 18 June 2010 20:00


Chief Audit Executives must respond to changing expectations, experts say

James Ralston
Jim Ralston

Internal auditors in the federal public service need to “audit smarter” and make better use of technology, according to Comptroller General of Canada Jim Ralston.

Ralston, a member of CCAF’s Board of Governors, was speaking at a May 14, 2010 event on The Evolution of Internal Audit in the Federal Government, organized by the accounting firm PricewaterhouseCoopers LLP (PwC) in Ottawa.

He said the internal audit function is increasingly focusing on risk-based planning and auditing. Auditors have to determine where risks are and then determine what coverage is required. To do this effectively, they must understand their organizations and evaluate risks. He suggested that, to strengthen their operations, Chief Audit Executives (CAEs) place increased emphasis on practice inspections and other independent reviews of the function.

In the past, he said, audits were periodic. They may need to become more timely and continuous to serve senior management well. He noted that the use of IT tools can facilitate continuous auditing.

Ralston said he sees the Departmental Audit Committee as helpful to internal audit and as elevating the role and importance of the function.

Three elements to CAE assessments

Ronald Thompson
Ronald Thompson

CCAF Chair Ronald Thompson, who chairs the Departmental Audit Committee at Statistics Canada, told conference attendees that he expects in the future to see all CAEs in the federal public sector reporting directly to their deputy heads, focusing entirely on their internal audit functions and having a clear understanding of how they will be assessed.

He said the assessment of CAEs is an evolving art, but will come to focus on three things:

  1. selecting and scoping relevant audits
  2. conducting the audits professionally, on time and within budget
  3. reporting the audits to both inform the deputy head fairly and encourage change.

Thompson argued against CAEs being given other tasks, such as Chief Risk Officer. “CAEs are busy, and running an internal audit shop is a full time job,” he said. Besides, he noted, “How can the CAE provide objective and credible assurance to the deputy on risk management if the same CAE developed the risk management plan? You can’t audit your own work.”

In the future, Thompson also argued that internal audit would focus almost entirely on assurance engagements, with consulting work virtually disappearing. The exception is when programs are being designed – here the advice of internal audit can help reduce costs and prevent problems.

Making it to the senior management table

Bill Austin
Bill Austin

Bill Austin, a member of the Audit Committees of Natural Resources Canada and Public Safety
Canada, said the CAE should be at the senior management table when investments, performance and evaluations are discussed.

The former Assistant Secretary of the Treasury Board of Canada offered several suggestions on how CAEs could make it to the management table, including:

  • Be a strategic leader – pick carefully and contribute. Use your influence, expertise and products to improve management.
  • Talk to stakeholders and listen to their needs.
  • Be proactive and help managers design strong management frameworks. Provide advice and counsel to win their respect.
  • For corrective action, make recommendations that are effective and reasonable.
  • Coordinate with other assurance agents to reduce burden.
  • Most importantly, be an innovator – find ways to test compliance, internal controls and risk management that are cost effective, minimize administrative burden and add value.

The event was hosted by Roxanne Anderson, Lead Partner, Federal Government Services Practice with PwC and a CCAF Governor. It was moderated by Darren Budd, Leader of PwC Ottawa's, Internal Audit, Risk and Controls practice.

Roxanne Anderson Darren Budd Joanne Gorenstein
Roxanne Anderson Darren Budd
Joanne Gorenstein

In summing up the event, PwC's Joanne Gorenstein, spoke to 5 areas of focus as CAE's continue to support the evolution of internal audit functions:

  • Focusing on governance opportunities
  • Elevating the quality and timelines of risk assessments
  • Integrating various risk and compliance activities
  • Closing the skills gap; and
  • Using technology as an enabler.


Eight Key Attributes of a "high performing" Internal Audit Function

8 Attributes