Performance results for the internal audit function – March 31st, 2025
© His Majesty the King in Right of Canada, as represented by the Minister of Innovation, Science and Industry, .
ISSN 2816-7384
| Number | Questions on Compliance Attributes of Internal Audit | Answers on Compliance Attributes of Internal Audit |
|---|---|---|
| 1. | Do internal auditors at the CSA have the training required to do the job effectively? |
The organizational chart of the audit function consists of five employees who occupy the following positions:
|
1 a) Percentage of staff with a professional designation:
|
||
1 b) Percentage of staff with a professional designation in progress:
|
||
1 c) Percentage of staff holding other designations:
|
||
| Are multidisciplinary teams in place to address diverse risks? | The internal audit function has the necessary skills and experience to carry out the risk-based internal audit plan. The audit function employees have many years of experience and general knowledge of risk management, project management, controls, and governance processes. | |
| 2. | Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | 2 a) Audit committee members received an update on the Quality Assurance and Improvement Program at the meeting of . |
2 b) In , the Audit Committee members were informed of the results of the external assessment of professional practices carried out in . The conclusion was that the internal audit function generally complies with the Institute of Internal Auditors' Standards, Definition and Code of Ethics and related government directives. |
||
| 3. | Are Risk-based Audit Plans submitted to the audit committee and approved by the deputy head implemented as planned with resulting reports published? Is management acting on audit recommendations for improvements to departmental processes? | The - Risk-based Audit Plan has been approved in and is implemented. One of the projects in the audit plan was not launched in order to respond to an emerging priority. See table below. |
3 a) Name and status of audits for the current fiscal year of the Risk-Based Audit Plan
|
||
3 b) Date on which the audit report was approved
|
||
3 c) Date on which the audit report was published
|
||
3 d) Original planned date for completion of all management action plan items
|
||
3 e) Status of management action plan items:
|
||
| 4. | Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | The internal audit aims to add value in support of the organization's objectives and conducts a survey of the audited entity after each audit to measure the effectiveness and to identify opportunities for improvement. |
4 a) A satisfaction survey of the audited entity was conducted for one audit in . To the question of whether, in general, the audit was useful, the rating was:
|
| Number | Internal Audit Title | Audit Status | Report Approval Date | Report Publication Date | Original Planned MAP Completion Date | Implementation Status |
|---|---|---|---|---|---|---|
| 1. | Audit of Cybersecurity practices | The action plan is being implemented. | N/A | 95% | ||
| 2. | Audit of the Management of Business Continuity | The action plan is being implemented. | N/A | 75% | ||
| 3. | Audit of Security Management Framework | The action plan is being implemented. | N/A | 60% | ||
| 4. | Audit of contracts awarding and management practices | The action plan is being implemented. | In progress | Follow up will be provided at a later date | ||
| 5. | Review of the CSA's Investments Governance | Project completed. | In progress | N/A | N/A | N/A |
| 6. | Risk Assessment of the Radarsat Constellation Mission (RCM) | Project ongoing. | - | - | - | - |