Office of the Auditor General of Canada—Practice Review and Internal Audit Plan
Description
Office of the Auditor General of Canada Practice Review and Internal Audit Plan Long-term audit plan, fiscal years 2009–10 to 2011–12 June 2009 FA3-60/2010E-PDF 978-1-100-15962-1 Table of Contents 1 Executive Summary 1 2 Introduction 3 3 External and Internal Review 3 3.1 Practice Review and Internal Audit team 3.2 External and internal reviews of Office audit products and management systems, and external audit of financial statements 4 4 Developing the 2009–10 Practice Review and Internal Audit Plan 5 4.1 Risk management and control framework of the Office of the Auditor General 5 4.2 Focus of the 2009–10 Practice Review and Internal Audit Plan 7 5 Reporting 8 6 Resourcing 8 7 Performance Audit Practice 10 7.1 Background and overview of key changes 7.2 Practitioners 7.3 2009–10 plan 11 8 Annual Audit Practice 8.1 Background and overview of key changes 11 8.2 Practitioners 13 8.3 2009–10 plan 9 Special Examination Practice 14 9.1 Background and overview of key changes 9.2 Practitioners 15 9.3 2009–10 plan 10 Assessments of Agency Performance Reports 16 10.1 Background and overview of key changes 10.2 Practitioners 16 10.3 2009–10 plan 11 Internal Audit 11.1 Background 11.2 Internal audit, risk assessment, and alignment of risks with key systems and practices 17 11.3 Where we spend our dollars 18 Practice ...
Informations
| Publié par | Usle |
| Nombre de lectures | 35 |
| Langue | English |
Extrait
Office of the Auditor General of Canada
Practice Review and Internal Audit Plan
Long-term audit plan, fiscal years 200910 to 201112
June 2009
FA3-60/2010E-PDF 978-1-100-15962-1
1 2 3 4 5 6 7 8 9 10 11
Table of Contents
Executive Summary Introduction External and Internal Review 3.1 Practice Review and Internal Audit team 3.2 External and internal reviews of Office audit products and management systems, and external audit of financial statements Developing the 200910 Practice Review and Internal Audit Plan 4.1 Risk management and control framework of the Office of the Auditor General 4.2 Focus of the 200910 Practice Review and Internal Audit Plan Reporting Resourcing Performance Audit Practice 7.1 Background and overview of key changes 7.2 Practitioners 7.3 200910 plan Annual Audit Practice 8.1 Background and overview of key changes 8.2 Practitioners 8.3 200910 plan Special Examination Practice 9.1 Background and overview of key changes 9.2 Practitioners 9.3 200910 plan Assessments of Agency Performance Reports 10.1 Background and overview of key changes 10.2 Practitioners 10.3 200910 plan Internal Audit 11.1 Background 11.2 Internal audit, risk assessment, and alignment of risks with key systems and practices 11.3 Where we spend our dollars
Practice Review and Internal Audit
1 3 3 3 4 5 5 7 8 8 10 10 10 11 11 11 13 13 14 14 15 15 16 16 16 16 16 16 17 18
iii
11.4 Office’s strategic challenges 11.5 Types of audit we will perform 11.6 200910 plan Appendix 1 Office of the Auditor General Practice Review and Internal Audit Charter Appendix 2 Integrated Risk Management FrameworkIdentification and Risk Assessment Worksheet Appendix 3 Overview of OAG Key Systems and Practices Appendix 4 Alignment of the Office s Risk Profile with OAG Systems and ’ Practices Appendix 5 Systems and Practices Not Scheduled for Audit ’ Appendix 6 Overview of the Office s Legislative Auditing Practice Appendix 7 Coverage of Quality Management Framework Elements Appendix 8 Expenses of the Office of the Auditor General
Practice Review and Internal Audit
18 18 18 20 24 25 26 28 29 31 32
iv
1 Executive Summary
The Practice Review and Internal Audit team conducts practice reviews of audit products and internal audits of management and administration within the Office of the Auditor General (OAG). The objective of the activity is to provide the Auditor General with timely information, advice, and assurance about whether Office management systems, both for audit and administrative activities, are suitably designed and effectively operated. Practice reviews and internal audits are part of an external and internal review regime of Office products and management systems. The regime consists of peer reviews of audit products, reviews by provincial institutes, practice reviews, internal audits, management reviews, and external audits. This document focuses on the Practice Review and Internal Audit Plan for the 200910 fiscal year and recommends internal audits for the 201011 and 201112 fiscal years. The Auditor General, with the advice of the Audit Committee, approves the scope, coverage, and resourcing of this practice review and internal audit plan. In the context of a rapidly changing environment that is characterized by new standards, methodologies, and audit tools, the Practice Review and Internal Audit Plan takes into consideration the following factors: • Our risk assessment indicates that the Office has good controls in place and has no high-risk areas that practice review and internal audit must address. • we follow Canadian Institute of Chartered Accountants (CICA) quality control Because standards, we must conduct a certain number of practice reviews every year. As well, our audit products represent areas of higher risk when compared with our management and administrative practices. As a result, we devote most of our resources to practice reviews of audit products, and normally conduct one or two internal audits a year. The work of OAG principals is one of the key elements of audit quality. The review • coverage of our legislative auditing practice is based on systematic monitoring of the work of all principals on a cyclical basis. We will continue to generally review at least one product of every principal who completes a legislative audit product every four years. Regional offices are included in our plan. • Each practice review focuses on higher-risk areas. • audits are selected based on an annual risk assessment. Internal We will conduct practice reviews that involve eight performance audit principals, seven financial audit principals, and three special examinations. We will not do any reviews of the assessments of agency performance reports. We will also follow up on previous years’ observations and recommendations for improvement for all product lines and internal audits. Our coverage may be reduced if the peer review work includes the conduct of a review of an audit product file as part of their scope of work.
Practice Review and Internal Audit
1
We will be monitoring the activities conducted by the Office leading to the adoption of Canadian Auditing Standards beginning in 2010 and International Financial Reporting Standards beginning in 2011. We therefore are keeping abreast of the approaching changes in accounting and auditing professional standards. We will be adjusting our review programs accordingly. We will conduct a practice-wide review of the role of the Information Technology team in assisting annual audit teams in carrying out their work. We will also conduct a practice review of the extent of involvement of senior management in conducting audits in all product lines, and will follow up on previous internal audits. A detailed follow-up of the hospitality and staffing internal audits will be performed. We have implemented most of the requirements of the Treasury Board of Canada Policy on Internal audit which follows the Institute of Internal Auditors’ Standards for Professional Practice of Internal Auditing. We will continue progressing toward full implementation of these standards. We operate with a core complement of five full-time equivalents. We currently have a full complementa principal, two directors, and two audit project leaders. To deliver the 200910 plan, we require additional resources on a temporary basis. As in the past, we count on senior management to provide resources at the principal and director levels so that we can carry out practice reviews. All practice reviews will be carried out internally. External resources are retained to assist us in areas of special expertise (such as information technology) and for internal audits. Estimated resource requirements for practice review and internal audits for the 200910 fiscal year are about $50,000. This plan will be disclosed on the Office’s website and summarized in the Office’s Report on Plans and Priorities. A summary of our results will be presented in the Office’s Performance Report.
Practice Review and Internal Audit
2
2 Introduction
The Office of the Auditor General of Canada (OAG) conducts independent audits and provides objective information, advice, and assurance to Parliament, territorial legislatures, government, and Canadians. The Office has several product lines, including performance audits, financial audits, and special examinations. Its audit work is guided by a rigorous methodology and a quality management framework. This document outlines the external and internal review regime of OAG audit products and management systems. It presents the Office’s Practice Review and Internal Audit Plan for the 200910 fiscal year. The Auditor General, with the advice of the Audit Committee, approves the scope, coverage, and resourcing of the Practice Review and Internal Audit Plan. Several sections of this planincluding those on external and internal review, developing the audit plan, reporting, and resourcesprovide background information on OAG products and practices, and outline our approaches to planning and conducting practice reviews and internal audits. The remainder of the document describes our plans for • audit practice, performance • audits of summary financial statements and Crown corporations, • examination practice, special •assessments of agency performance reports, and • audit. internal
3 External and Internal Review
External and internal reviews based on our Quality Management Framework provide independent assurance that our audits are conducted according to established standards of professional practice. Management control systems guide the Office’s management and administration. The Office’s external and internal review regime consists of practice reviews, internal audits, peer reviews, reviews by provincial institutes, and external audit of financial statements.
3.1 Practice Review and Internal Audit team
The Practice Review and Internal Audit team is responsible for conducting practice reviews of the Office’s audit products, as well as internal audits of the Office’s management and administrative practices. The team’s goal is to provide the Auditor General with timely information and advice, and to offer assurance that important OAG management systems for audit products and administrative activities are suitably designed and effectively operated, as described in the OAG Practice Review and Internal Audit Charter (Appendix 1). The team also provides administrative support to the Office’s Audit Committee and assists with the peer review process when required.
Practice Review and Internal Audit
3
Internal practice reviews of audit products.The Practice Review and Internal Audit team conducts practice reviews of selected performance audits, financial audits, special examinations, and assessments of agency performance reports. These reviews are conducted according to the monitoring section of The Canadian Institute of Chartered Accountants (CICA) General Standards of Quality Control for Firms Performing Assurance Engagements(CICA Handbook Section GSF-QC, December 2005). They are used to monitor compliance with quality control policies and procedures in a view to provide an evaluation of: •whether professional standards and regulatory and legal requirements have been adhered to; •control system has been appropriately designed and effectively the quality whether implemented; and • whether the Office quality control policies and procedures have been appropriately applied, so that reports that are issued are appropriate in the circumstances. Internal audits of management and administration.The Practice Review and Internal Audit team audits management and administration within the Office. This work is conducted according to the Office’s Practice Review and Internal Audit Charter, which is based on the standards of the Institute of Internal Auditors and the Treasury Board Policy on Internal Audit, and which takes into account the Office’s mandate and ability to maintain its independent status. The internal audits are conducted mainly by consultants, where appropriate. They also provide managers with recommendations.
3.2 External and internal reviews of Office audit products and management systems, and external audit of financial statements
External review of audit products.In 1999 the Office hired an audit firm to assess the Quality Management System for annual financial audits. In 2003, an international team of legislative auditors carried out a peer review of the Office’s Quality Management Framework for performance auditing. The reviews found that the system and framework were suitably designed and operating effectively. The reviews also highlighted some good practices and made suggestions for improvement. The action plans to address these recommendations is posted on the OAG website. The Office is now in the planning stage for the next external peer review of the Office’s Quality Management Framework for all audit practices and related services. The review is expected to begin in summer 2009, with a report to be submitted in 2010. In addition, about every four years, the provincial institutes of chartered accountants visit OAG headquarters and regional offices to determine whether the Office is compliant with professional standards and whether the training of chartered accounting students meets the institutes ’ requirements. The most recent reviews concluded that the Office was following professional standards and met the provincial institutes’ requirements.
Practice Review and Internal Audit
4
External audit of financial statements.Each year, an external auditor appointed by the Treasury Board audits the Office’s financial statements. The most recent auditor’s opinion stated that the financial statements were presented fairly, in all material respects, the financial position of the Office as at 31 March 2008 and the results of its operations and its cash flows for the year then ended in accordance with Canadian generally accepted accounting principles. The auditor also stated that the Office was in compliance with its authorities. The financial audit for the 200809 fiscal year is currently under way and will be reported to the Audit Committee at its July 2009 meeting. Results of the audit will be reported in the OAG Departmental Performance Report. Participation in peer reviews of international audit offices.The Office also conducts peer reviews of international legislative audit offices, and uses these reviews as an opportunity to learn and improve OAG practices and procedures.
4 Developing the 200910 Practice Review and Internal Audit Plan
In preparing the plan for the 200910 fiscal year, Practice Review and Internal Audit consulted with the audit product leaders, corporate service leaders, and selected individuals, including those with responsibility for audit methodology and strategic planning. We requested their input to better understand their activities and identify whether they had any particular areas of concern that should be included in our reviews and audits. Our 200910 plan builds on the experiences and lessons learned from previous years. It also builds on the key changes in each product lines. For more information about the key changes in the various audit practices, see sections 7 to 11.
4.1 Risk management and control framework of the Office of the Auditor General
Risk management.This plan was developed taking into consideration the Office’s Integrated Risk Management Framework. The major elements of the framework are outlined in Appendix 2. In compliance with the spirit of the Treasury Board Policy on Internal Audit, the OAG’s Practice Review and Internal Audit Charter requires us to prepare an internal audit plan that is based on a systematic identification of business risks. This plan identifies relevant key systems and practices (Appendix 3). Auditable components are identified in Appendix 4, along with a risk and control assessment. Appendix 5 identifies low-risk activities and activities not scheduled for audit, as well as the reasons they are not included for audit. This forms the basis for selecting internal audits annually.
Practice Review and Internal Audit
5
Our 200910 Practice Review and Internal Audit Plan also takes into consideration the following factors: •indicates that the Office has good controls in risk assessment and review of controls Our place, and has no high-risk areas that Practice Review and Internal Audit should address. Because we follow Canadian Institute of Chartered Accountants quality control standards, we must conduct a certain number of practice reviews every year. As well, our audit products represent areas of higher risk compared with our management and administrative practices. As a result, we devote most of our resources to practice review of audit products, and normally conduct one or two internal audits a year. •of an audit team) is one of work done by the principal (the senior audit professional The the key elements of audit quality. The practice review coverage of the legislative auditing practice is based on systematic monitoring of the work of all principals on a cyclical basis. Our selection also considers higher-risk audit products, as well as principals who are newly appointed. • Currently the Office employs 57 principals, 48 of whom produce one audit product or more each year (Appendix 6). We plan to do about 12 practice reviews each year so that we can cover all principals in a four-year cycle. • regional offices will to be covered over the same four-year cycle for practice review All and internal audit work. We will integrate the focus of practice review and internal audit work where possible. Integration helps to ensure effective coverage, on a cyclical basis, of all Quality Management Framework elements (Appendix 7). We also consider new professional standards, Office practice advisories, and new methodology when we annually update our review methodology for all product lines. Management controls.The Office has a strong internal control system. For example, leadership is provided from the top by the Auditor General. The Executive Committee sets policy and provides overall professional and administrative direction for the Office. An Audit Committee has been established; the majority of its voting members are external. The Auditor General and the Commissioner of the Environment and Sustainable Development receive advice from a number of committees with external members on the objectives, approach, and reports of many audit products. The Office has a clearly defined vision, focus areas, and values that align with its mandate. It also has operational plans in place that align with its objectives. The Office monitors external and internal environments through surveys of parliamentarians, audited organizations, and employees. The Office has a Code of Values, Ethics, and Professional Conduct that sets out in detail the values and the ethical, professional, and other standards that guide staff, on a daily basis, in their work for the Office. Employees formally acknowledge compliance with the Code annually. The Office also has a documented approach to risk management that includes both a risk management policy and profile, and an Integrated Risk Management Framework. Controls over audit products.An Assistant Auditor General is appointed product leader for each product line. The Office establishes policies and procedures to guide its work in accordance with the standards of The Canadian Institute of Chartered Accountants. This includes a manual and a Quality Management Framework for each product line, to build quality
Practice Review and Internal Audit
6
into the examination process. The framework guides auditors through a set of required steps to ensure that audits are conducted according to professional standards and Office policies. The manual and the framework are complemented by templates and checklists for each product line. Process controls, such as a quality reviewer and committees that review key documents and decisions, help to build quality into the process.
4.2 Focus of the 200910 Practice Review and Internal Audit Plan
Activities planned for the 200910 fiscal year include the following: • We will continue to review at least one product of every principal who completes a legislative audit product every four years. We will review performance audits, annual audits, special examinations, and assessments of agency performance reports. We plan to conduct a total of 18 practice reviews in 200910. Our coverage may be reduced if the peer review work includes the conduct of a review of an audit product file as part of their scope of work. For details on the plan for each product line, see sections 7 to 10. • For each practice review, we will strive to conduct a review that focuses on key elements of the Quality Management Framework. We will do more in-depth work only when circumstances warrant. We will also strive to identify potential opportunities to improve efficiencies in the audits that are being carried out. • A practice wide review of the extent of involvement of senior management in audit products will be carried out across all product lines. Another review of the role of the Information Technology team in assisting annual audit teams will also be performed. • Internal audits are selected based on an annual risk assessment. Based on our risk assessment, we will not carry out any internal audit of an administrative process in 200910. In 201011, we plan to conduct a review of the implementation of the new Electronic Document Management System implemented in 200809, followed by a review of contracting in 201112. For details on the internal audit plan, see Section 11. • will Wecontinue to follow up on the implementation of previous years’ recommendations. •We will be monitoring the activities conducted by the Office leading to the adoption of Canadian Auditing Standards beginning in 2010 and International Financial Reporting Standards beginning in 2011. We will be adjusting our review programs accordingly. During the past year, Internal Audit and an external consulting firm performed a joint assessment of the design of the Office’s quality management system for all product lines based on the General Standards of Quality Control for Firms Performing Assurance Engagements CICA Handbook SectionGSF-QC and the CICA handbook section 5030Quality Control Procedures for Assurance Engagements. The report made several recommendations. Management has committed to bring about improvements in all areas mentioned in the report and has developed an action plan. We will monitor the implementation of recommendations coming out of this assessment.
Practice Review and Internal Audit
7
© 2010-2024 YouScribe
