Executive Council Office

Audit Policy and Act

Printable version of the Audit Policy 

General Adminstration Manual
VOLUME 1: Corporate Policies, General
TITLE: Internal Audit Services and Activities
EFFECTIVE: 04/05/06

1 SCOPE
1.1 Authority
1.1.1 This policy is issued under authority of Cabinet meeting No. 04-12, dated May 6, 2004 and pursuant to Section 4 and 9 of the Financial Administration Act.

1.2 Application
1.2.1. This policy applies to all departments as defined by Section 1 of the Financial Administration Act.

1.3 Purpose and Principles

Purpose
1.3.1 Internal auditing is an objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps support management by identifying where the organization is most at risk and how business practices, governance processes and the overall control can be strengthened.

Independence and Objectivity
1.3.2 Internal auditors should be independent of the activities they audit and of the management directly responsible for the activities they audit. Internal auditors may provide advice but must not install procedures or systems, prepare records, or engage in any line activity that would compromise their independence and objectivity.

Standards
1.3.3 Government Audit Services shall conduct its activities in accordance with the Standards for the Professional Practice of Internal Auditing, issued by The Institute of Internal Auditors. The Branch may also, as it deems appropriate to each specific audit, apply additional standards set out by various professional auditing associations such as the Canadian Institute of Chartered Accountants, Certified Forensic Investigators/Fraud Examiners of Canada, Canadian Comprehensive Auditing Foundation, and the Information Systems Audit and Control Association, etc.

Proficiency and Due Professional Care
1.3.4 Internal audits should be performed with proficiency and due professional care. Internal auditors should enhance their knowledge, skills and other competencies through continuing professional development.

Access to Information
1.3.5 The professional integrity of internal audit practices must be assured at all times including the ability of internal auditors to have full, free and unrestricted access to all government records (paper and electronic), systems, information, property and personnel.

Access to Audit Committee
1.3.6 To help assure independence, the Director of Government Audit Services shall have full and free access to the Audit Committee.

Coordination
1.3.7 Government Audit Services shall share information and coordinate its activities with other providers of assurance services and the Office of the Auditor General to ensure proper audit coverage and minimize duplication of efforts.

Transparency
1.3.8. The Yukon Government shall endeavor to issue final audit reports in a timely manner making them available to the public, as appropriate, with little formality.

1.4 Scope of Audit Services and Activities

1.4.1 Government Audit Services shall provide the following types of services and activities:

    1. Compliance audits – to assess compliance with specific legislation, regulations, other statutory requirements, policies or directives
    2. Operational audits – to assess the economy, efficiency and effectiveness of government programs, operations or activities.
    3. Financial audits – to assess management’s financial practices, the adequacy of internal controls, the safeguarding of assets and the reliability of financial information
    4. Information management and information technology (IT) audits – to assess the adequacy of the controls and risks of systems including new systems under development, IT project management, information and infrastructure security and IT operations
    5. Performance audits – to assess the adequacy and comprehensiveness of an entity’s performance management and accountability framework, performance measures and disclosure.
    6. Investigations – to assess the validity of allegations of fraud, negligence, impropriety or wrongdoing.

1.4.2 At the request of the Audit Committee and/or Deputy Heads, Government Audit Services shall from time to time provide advisory services to departments. Such engagements will be based on the potential to improve management risks, add value, and improve an organization’s operations. Advisory services that have been accepted should be included in the annual audit plan.

1.4.3 Advisory services may include:

    1. risk and control assessments including related systems;
    2. review of revised and/or new corporate or departmental policies, before and after implementation;
    3. governance, organizational or program reviews;
    4. internal control reviews to assist in process improvements; and
    5. reviews of business plans, financial projections and forecasts, and capital project plans and budgets.

2 ROLES AND RESPONSIBILITIES

2.1 Management Board
2.1.1 The Management Board, pursuant to Section 4 of the Financial Administration Act, has oversight responsibilities for internal audit. In setting priorities and goals on internal audit it is responsible for:

  1. providing strategic direction to the Audit Committee; and
  2. ensuring that the Audit Committee’s roles and responsibilities are fulfilled in an effective manner.

2.2 Audit Committee

Purpose
2.2.1 The Audit Committee reports to Management Board. Its purpose is to enhance accountability and controllership in the Yukon public service and ensure government risks are being appropriately addressed through a strong control environment. The Audit Committee also serves to promote an effective and independent internal audit function that meets corporate and department needs.

Authority
2.2.2 The Audit Committee has sole authority to direct the conduct of internal audits, investigations and any matters it deems necessary within the Government of Yukon. All employees are to co-operate as requested by the Committee.

Responsibilities
2.2.3 The Audit Committee, on behalf of the Management Board, is responsible for:

    1. approving annual internal audit plans and reviewing budgets;
    2. reviewing decisions affecting the appointment, retention or dismissal of the Director of Government Audit Services;
    3. concurring in any changes to the direction of the internal audit function and ensuring that the function has adequate resources;
    4. retaining independent counsel, accountants, consultants or other professional services to advise the Committee; 
    5. monitoring and reviewing corporate policies and processes relating to legal compliance with laws and regulations, risk management, code of ethics or conduct, and fraud prevention; 
    6.  reviewing reports prepared by the Public Accounts Committee, Auditor General, departments and Corporations, or any matter referred to it;
    7. approving internal audit reports and the management action plans developed to address the recommendations made in these reports;
    8. ensuring that remedial action is taken in response to any audit, investigation, report, or other matter;
    9. assessing the effectiveness of internal audit services and activities; and
    10. determining its own procedures, subject to this policy and other Cabinet and Management Board decisions.

Composition
2.2.4 The Audit Committee shall consist of three and no more than six members:

    1. the Deputy Minister of the Executive Council Office, who shall serve as Chair;
    2. the Deputy Minister of the Department of Finance, who shall serve as Vice-chair; and
    3. at least one, and no more than four, other Deputy Heads who shall serve as members at large.

2.2.5 The Management Board, with the advice from the Chair of the Audit Committee, shall appoint the members at large for a term of two years. Such members may not sit for more than two consecutive terms.

Meetings
2.2.6 The Audit Committee shall meet at least four times a year, with authority to convene additional meetings as circumstances warrant. Each meeting will require a quorum of at least half the members. One of either the Chair or Vice-chair must be present at each meeting.

2.2.7 The Audit Committee can invite employees, auditors, evaluators or third parties to attend meetings, as deemed necessary.

2.2.8 The Deputy Cabinet Secretary shall serve as Secretary to the Committee.

Reporting
2.2.9 Minutes of all meetings of the Audit Committee are to be provided to the Management Board.

2.2.10 Annually the Audit Committee will report to Management Board on its activities and how it achieved its objectives.

2.3 Executive Council Office

2.3.1 The Executive Council Office is responsible, through Government Audit Services, for:

  1. providing internal audit services consistent with government goals and objectives; and
  2. advising the Audit Committee on matters related to its internal audit activities.

2.4 Government Audit Services Branch

2.4.1 Government Audit Services, as a branch of the Executive Council Office, is responsible for providing internal audit services to all departments in accordance with the approved internal audit plans and, as appropriate, any special tasks or projects requested by the Audit Committee.

2.5 Director of Government Audit Services

2.5.1 The Director of Government Audit Services, serving as the Internal Auditor of the Yukon Government and advisor to the Audit Committee, has authority under Section 9 of the Financial Administration Act to audit:

    1. public money, trust money and public property that are the responsibility of any department or public officer;
    2. the accounts and financial transactions of any department;
    3. securities belonging to the government;
    4. systems of financial management, control and reporting to the government;
    5. the organization, management and operations of any department; and
    6. compliance of any department with legislation and the directives of the Management Board.

2.5.2 The Director of Government Audit Services is responsible for:

  1. establishing an annual audit plan and budget;
  2. ensuring that internal audit resources are appropriate and effectively deployed to achieve the approved plan;
  3. establishing and maintaining a follow-up system to monitor the disposition of results communicated to management;
  4. establishing guidelines and procedures to direct the internal audit activity;
  5. maintaining the integrity of the internal audit function including the quality of service and adherence to professional standards;
  6. adopting a process to monitor and assess the overall effectiveness of its quality assurance and improvement programs; and
  7. reporting periodically to the Audit Committee and senior management on the internal audit activity’s purpose, authority, responsibility and performance relative to its plan.

Reporting should include significant risk exposures and control issues, corporate governance issues, and other matters needed or requested by the Audit Committee and senior management.

2.6 Deputy Heads

2.6.1 Deputy Heads are responsible for:

  1. participating in the development of the annual internal audit plan;
  2. assisting in reviewing the terms of reference and in providing support for audit projects within their area of responsibility;
  3. participating at any Audit Committee meeting at which a submission relating to their department or corporation is to be considered;
  4. preparing a management response to audit findings and recommendations and submitting those responses to Government Audit Services within 30 days of receipt of a draft audit report;
  5. preparing an action plan in response to audit recommendations outlining corrective actions to be taken, responsible parties and deadlines for implementing each recommendation; and
  6. ensuring that internal auditors have open and free access to all information including records, reports, files, property and personnel required in the conduct of an audit within their area of responsibility.

3 INTERNAL AUDIT PROCESS

3.1 Audit Planning

3.1.1 Based on ongoing risk assessment and consultation with Deputy Heads of departments, Government Audit Services shall prepare an annual internal audit plan complete with projected budget. This plan should identify the objectives, proposed timing targets, and the staffing and other resource requirements of each planned audit.

3.1.2 Deputy Heads may on occasion request, in writing to the Deputy Minister of the Executive Council Office, an unplanned audit, advisory service or investigation, an increase in the scope of a planned audit, or a change in audit schedule.

3.1.3 Government Audit Services shall provide a project plan to each Deputy Head and/or key contact for each audit and/or advisory project to be carried out within a particular area. The project plan is an agreement setting out the overall purpose, scope, objectives, resources to be utilized and scheduling of the audit.

3.1.4 Deputy Heads or their designates are required to review and approve the project plan and their terms of reference.

3.2 Conducting and Reporting on Results

3.2.1 Internal auditors may conduct interviews, surveys, lead focus groups, review documentation, analyze reports, prepare calculations, consult experts and employ any number of other techniques and methodologies that will help them to obtain sufficient, relevant and reliable information.

3.2.2 During the conduct of an audit, internal auditors shall maintain full communication with the managers and key departmental contacts of the entity under examination. They will also advise the Deputy Head and/or key contact of any major issues that arise, internally or externally, that may impact changes to the project plan.

3.2.3 Before finalizing an audit report, Government Audit Services will provide the Deputy Head and/or key contacts with a draft report requesting written comments to each of the report’s audit findings and recommendations, where appropriate.

3.2.4 Deputy Heads will provide their official management response to the draft report within 30 days following receipt. They shall include within their response a corrective action plan that shows how and when each recommendation shall be implemented and the person responsible.

3.2.5 Reports or management letters prepared as an advisory service do not require an official management response. Government Audit Services, however, may monitor the disposition of the results of an advisory service to the extent agreed upon with the client department.

3.2.6 Serious disagreements as to fact or content of any draft report should first be addressed between management and Government Audit Services. If they cannot resolve the dispute, then the issue should be heard before the Audit Committee who shall act as mediator in the dispute.

3.3 Accountability

3.3.1 Members of the Management Board and Audit Committee shall receive all final internal audit reports.

3.3.2 Members of the Deputy Ministers’ Review Committee shall receive all final internal audit reports of a corporate or government-wide nature.

3.3.3 Reports or management letters prepared as an advisory service will be issued to the individual Deputy Head that made the initial request for the work. Copies of these reports or management letters will also be distributed to members of the Audit Committee for information purposes. However, if the result of an advisory service raises issues of potential corporate interest, these results may be formally reported to the Audit Committee and used to form the basis of a government-wide audit.

3.3.4 Government Audit Services shall report the results of every investigation to the appropriate Deputy Head, Deputy Minister of Finance and Chair of the Audit Committee, recommending, where appropriate, corrective internal controls, further investigation, and/or recovery action.

BACK TO THE TOP