Report of the Audit Committee to the Auditor General of Canada for the 2017–18 Fiscal Year
Introduction
The Audit Committee serves in an oversight capacity with respect to significant operational areas within the Office of the Auditor General of Canada. These include the oversight of financial statements, accountability reporting, internal control, practice reviews and internal audits, external audits, compliance with legislative and professional requirements, and reporting responsibilities. As necessary, the Committee provides advice and recommendations to the Auditor General of Canada, and it reviews reporting documents and processes. Through this advisory role, the Committee forms an essential component of the Office’s governance framework.
In keeping with provision 19a of the Audit Committee Charter, the Committee has prepared this report summarizing the Committee’s activities, issues, and related recommendations for the fiscal year ended 31 March 2018.
Membership and meetings
The Audit Committee Charter, which was revised and approved by the Audit Committee during the year, requires that the Committee be composed of three voting members, all of whom must be external members who are financially literate and independent of the Office of the Auditor General of Canada. Bruce Joyce, Chair; Brian Aiken; and Suzanne Morris were continuing members from the previous year. Michael Ferguson, the Auditor General of Canada, and Sylvain Ricard, Assistant Auditor General—Corporate Services and Chief Financial Officer, continued as ex officio, non-voting members. Anne-Marie Smith, Senior General Counsel, who had been an ex officio, non-voting member, retired during the year and was replaced on the Committee by Andrew Hayes, the new Senior General Counsel.
Louise Bertrand, Chief Audit Executive, and Lucie Cardinal, Comptroller, attended the Committee’s meetings as observers to respond to questions from members.
The Committee held four regular meetings during the fiscal year (24 May, 13 July, 19 October, and 5 and 8 January). There was also one special meeting of the Audit Committee on 13 September. In addition to holding an in camera session of the voting members before each regular meeting, the Committee allocated time for the voting members to have individual in camera sessions with the Chief Audit Executive, Chief Financial Officer, and the Auditor General. The Committee also had in camera sessions with the external auditor (Collins Barrow Ottawa Limited Liability PartnershipLLP) during the meetings that the external auditor attended. Furthermore, the Chair had regular email exchanges, meetings, and phone conversations with the Chief Audit Executive, Comptroller, and external auditor. The Chair also encouraged external members to work with Office staff to support them in meeting their objectives.
Committee charter
On a regular basis, the Audit Committee reviews its terms of reference as it continues to develop operating routines to serve the Auditor General of Canada effectively. Annually, the Audit Committee updates its charter to ensure the charter aligns with the Treasury Board’s policy, standards, and directives on internal auditing, the Auditor General Act, and the Financial Administration Act. In the current year, the charter was updated to align with the Treasury Board’s Policy on Internal Audit and its Directive on Internal Audit, both of which took effect on 1 April 2017. The Committee recommended the charter for approval to the Auditor General at the October 2017 meeting, and he subsequently approved it. An annual work plan, which was developed to cover each area of the Committee’s responsibilities as set out in the charter, was presented at each meeting to ensure that the Committee would meet its objectives.
The Committee considers that its charter and work plan align suitably with the Treasury Board’s guidance, and it has structured this report to demonstrate how it has addressed the Treasury Board’s key areas of responsibility for departmental audit committee members.
Eight key areas of responsibility
1. Values and ethics
At the July 2017 meeting, the Committee was provided with an annual update on any complaints the Office received regarding accounting, internal controls, and auditing matters, including employees’ confidential, anonymous submissions of concerns. The Committee was also informed of the Office’s procedures for dealing with these types of complaints.
During its October 2017 meeting, the Committee was briefed on the process the Office used to obtain an annual declaration on conflict of interest and independence from all active employees as well as the follow-up procedures the Office employs when a potential conflict is identified. The Committee was also briefed on the separate process the Office uses to confirm independence on each of its specific audit engagements.
In addition, the Senior General Counsel updated the Committee on compliance matters at each meeting.
2. Risk management
The Committee received and reviewed the 2017 Corporate Risk Profile that resulted from the Office’s annual risk review. One voting Committee member also attended the meeting between the Executive Committee and the practice and service leaders to review the high residual risk areas and next steps regarding oversight, management, and resources required to supplement mitigation strategies.
At the January 2018 meeting, the Committee reviewed the Office of the Auditor General of Canada’s Strategic Plan in Relation to Fraud—2017-19 as well as the Guide on Managing Fraud Risks at the Office of the Auditor General of Canada. Subsequently, the Committee also received the scorecard that was completed as part of the Office’s fraud risk management framework; this scorecard presents the annual assessment of the Office’s control environment for fraud risk management.
As part of its assessment of the Practice Review and Internal Audit—Risk-Based Plan for the 2017–18 to 2019–20 Fiscal Years, the Committee also considered and reviewed how the Office addresses risk management issues from an audit perspective.
As part of the Committee’s oversight and monitoring responsibilities, the Committee dedicated additional time during the fiscal year to the Office’s technological issues and environment. This included reviewing and discussing the Office’s information technology self-assessment as well as increasing members’ overall knowledge of cybersecurity through presentations to the Committee on emerging issues and technology.
3. Management control framework
Each year, management updates the Committee on its key issues and on how it has adopted procedures to mitigate concerns and produce desired results. The Office addresses issues concerning the delivery of professional services and products separately from issues concerning administrative and financial activities.
By providing briefings on the results of the annual practice reviews, the Practice Review and Internal Audit (PRIA) team continues to inform the Committee of its progress and challenges in the area of management control.
The Committee stays informed of ongoing activities by reviewing copies of the most recent summary management reports and selected other reports at each meeting. In particular, the Committee examines quarterly reports that summarize the Auditor General’s spending on travel, leave, and hospitality. The Committee also reviews quarterly reports outlining major contracts and contracting exceptions.
In July 2017, the Committee also received the summary findings of both the Office’s review of its executive compensation and its annual assessment of internal controls over financial reporting.
Also in July 2017, management provided the Committee with an overview of the Commentary on the 2015–2016 Financial Audits, which highlighted the value of the Office’s financial audits. Management also discussed the proposed content of the 2016–2017 commentary report with the Committee.
In October 2017, the Committee received an overview of the conclusions from the Monitoring Report on the System of Quality Control—2015–16 Fiscal Year, which the Office prepares in accordance with the requirements of the Canadian Standard on Quality Control 1, as well as an update on the ongoing work for the 2016–17 fiscal year.
4. Practice Review and Internal Audit function
The Office’s hallmark is the reliability and integrity of its reports for its various audits and other examinations. Accordingly, the Office focuses on ensuring that the System of Quality Control for all product lines is operating and is effective. Each year, the Office conducts systematic and rigorous practice reviews that cover all senior practitioners over a multi-year cycle to assess the design of the quality management systems.
During the year, the PRIA Charter was updated and aligned with updated professional standards and guidance. The Committee recommended the revised charter for approval to the Auditor General at the October 2017 meeting, and he subsequently approved it.
In October 2017, the Committee received the report on findings and recommendations arising from the Internal Audit Report—Managing Information Technology Security. The Committee was satisfied with the report and with management’s response to recommendations, and it recommended the report for approval by the Auditor General at the January 2018 meeting.
In January 2018, the Committee received the Report on a Review of the Financial Audit Practice. The Committee recommended the report for approval to the Auditor General, who subsequently approved it.
At each meeting, the Chief Audit Executive updates the Committee on audits in progress, staffing issues, and other matters affecting PRIA.
The Committee considers that the internal audit function
- includes appropriate practice review activities;
- employs professionally qualified people and has sufficient capacity;
- is objective and independent;
- uses a risk-based methodology in planning its work;
- applies a professional approach to planning, executing, supervising, and reporting on its work;
- follows up systematically on management’s actions in response to findings and recommendations; and
- respects the principles of the Treasury Board’s Policy on Internal Audit.
The Committee is satisfied that the PRIA team continues to operate in line with relevant guidance and performs its role in a satisfactory manner.
5. External assurance providers
The Committee is briefed on the findings of any examination by external oversight bodies and of any annual report on the status of management action plans. In addition, this year, the Committee received regular updates regarding the status of the Office’s upcoming international peer review that will start in the 2018–19 fiscal year.
The external auditor (Collins Barrow Ottawa LLP) met with the Committee in April 2017 and in July 2017 to brief the Committee on the plans for and results of the audit of the Office’s 31 March 2017 financial statements.
During the year, the Committee performed an assessment of the external auditor, and the Chair discussed the results with the external auditor in October 2017.
6. Follow-up on management action plans
The Committee prioritizes assessing the responsiveness and timeliness of management action plans and monitors their implementation. Accordingly, the Committee uses a systematic and thorough approach to ensure it receives progress reports until each action item is resolved. Management provides the Committee with regular updates on plans to address findings from internal audits until all items are cleared.
7. Financial statements and Public Accounts of Canada reporting
Management briefed the Committee on the preparation of the financial statements, including the preparation of estimates and the choices of accounting policies. The Committee recommended the approval of the audited financial statements for the fiscal year ended 31 March 2017 to the Auditor General, who subsequently approved them.
8. Accountability reporting
In July 2017, the Committee was briefed on the Office of the Auditor General of Canada’s 2016–17 Departmental Results Report, including the related audited financial statements. The Committee recommended the final report for approval to the Auditor General, who subsequently approved it.
At the April 2017, October 2017, and January 2018 meetings, the Committee received the most recent versions of the quarterly financial statements. These reports are prepared on an expenditure basis of accounting, rather than on the accrual basis of accounting that is used for year-end reporting.
In addition, at the January 2018 Committee meeting, Committee members reviewed the draft Office of the Auditor General of Canada 2018–19 Departmental Plan and provided comments. The Committee recommended the final report for approval to the Auditor General at this meeting, and he subsequently approved it.
Management also provided the Committee with quarterly briefings on the Office’s project to review compliance with all applicable legislation, regulations, Treasury Board policies and directives, and Treasury Board of Canada Secretariat standards. Management also briefed the Committee on the Policy on Access to Information as it applies to the Office and on how the Office handles requests.
Future priorities
Based on the Committee’s assessment of emerging issues that are relevant to their responsibility to serve in an oversight capacity with respect to significant operational areas, the following future priorities have been identified:
- succession planning, both for executives and for the role of the Auditor General;
- funding and the impact on the Office’s work;
- cybersecurity; and
- international peer review.
Conclusion
The briefings and reports presented to the Audit Committee during the 2017–18 fiscal year, together with the experience of previous years, have provided the Committee with a sound understanding of the key issues the Office of the Auditor General of Canada faces. The Committee found management and staff were candid and clear on the challenges they face and were receptive to the Committee members’ comments and suggestions.
The Committee notes that the Office sets high standards for the quality of its audit products and that it has a satisfactory methodology to conduct reliable audits and studies. In addition, the Committee believes that the system of internal controls is satisfactory for the Office’s needs.
Overall, the Committee concludes that the Office has a rational and systematic approach to addressing its mandate, to monitoring results, and to reporting to Parliament and the public.
April 2018