Internal Audit submits proposal to President in February to carry out internal audits. Proposal based on audit coverage; risks (materiality, impact on CIDA's credibility/visibility, level of change, issues of concerns, TBS/PCO information requirements); availability of resources and budget;
President and senior management identify in February areas for audit coverage over coming year;
Audits proposed are co-ordinated with evaluations, financial compliance activities , OAG and/other central agency audits as well as DFAIT audit activities;
Minister is briefed on the proposed audit and evaluation annual plan;
Annual plan presented to Audit and Evaluation Committee (AEC) prior to March 31 for approval as required by TBS Policy.
A copy of the plan is forwarded to TBS and to OAG.
Preliminary survey report. This report concludes the planning phase of the audit where the audit entity is described, issues for further consideration by VP and others are identified and recommended, resources and costs related to audit options are identified.
Draft report reviewed by program managers and subsequently the VPs. The level and significance of the information available at this time may be sufficient for management to take immediate action.
AEC decides whether to proceed with all or some of the issues or not to proceed at all.
If decision is not to proceed, management's actions are included as part of the survey report. (Proceed to reporting phase)
When the AEC approves the continuation of the audit, an audit plan is implemented.
Managers are kept abreast of audit developments. A "no surprise" approach is used.
Audit findings are based on what should exist; what does exist; why the difference exists and what are the risks or exposure. This information constitutes the basis of the audit report.
Once the audit work is completed in the field, a debriefing is prepared for the Head of Aid and Ambassador, where requested, based on the preliminary.
Audit information is further refined and validated at headquarters.
Verbal debriefings and feedback occur with headquarters program managers involved in the audit.
Responsible VP(s) is kept informed on an ongoing basis through program managers.
Internal Audit provides a formal debriefing to responsible VP(s) and D.G. of Communications, where required.
Managers may start to take corrective actions.
Internal audit standards and TB Policy require that an audit report include: the objectives of the audit, the scope and methodology used, the significant findings (cause and effect), recommendations, conclusions and management's responses.
Pending their significance, preliminary audit findings may be brought to the attention of AEC.
Draft audit report is reviewed by program manager(s) and the responsible VP(s) for tone, balance, accuracy and completeness of information. Corrections and/or clarification are brought to the report, where required. Management responses to the recommendations are incorporated in draft audit report along with the date when the action will be completed and returned to Internal Audit. Response time: one month.
Communications Branch informed of findings.
Web page is prepared and revised by Communications Branch but not posted at this time.
President is briefed and subsequently, the Minister and/or staff.
Draft audit report is reviewed for Access to Information and Privacy requirements either by Internal Audit staff who have been trained or by the Access to Information experts. Legal advice is sought where needed.
Draft audit report is sent to translation.
Draft audit report is sent to Communications Branch with Questions, where pertinent. Communications Branch prepares, in collaboration with the concerned branch, the response and the media lines. CIDA Communications informs PCO Communications of tentative date of availability of audit report. Response time: 2 weeks
Internal Audit requests President's office to table draft audit report at a forthcoming AEC. Internal audit informs TBS of date when draft audit report will be tabled.
Draft audit report is submitted to AEC for review and approval.
Once approved, the audit report is NOW COMPLETE, that is, deemed accessible to the public.
Summary of the audit report is put on the Web, as prepared by Internal Audit Division.
A copy of the audit report is provided to AEC members, Corporate Memory, TBS and OAG.
FOLLOW UP will occur as follows: Recommendations will be forwarded electronically to the respective branches on a monthly basis by the Corporate Secretariat. Branches will report back to the Corporate Secretariat within a week on progress achieved (implemented or with a new deadline and reason for delay). The Corporate Secretariat will then prepare a monthly report on the status of recommendations for the President, the Minister and the Internal Audit.
CIDA will continue to strike an appropriate balance between corporate information needs and individual branches information needs. To support the corporate information needs as identified its Plans and Priorities, CIDA will plan and conduct audits and evaluations at the program, sectoral and/or thematic basis to maximize the use of the information in its decision making and policy development.
CIDA's Audit and Evaluation plan will not be put on CIDA Web but will be provided to the OAG and the TBS as required by the TBS Review Policy. The issue of putting a complete audit and evaluation plan on the WEB will be re-visited in the context of E-Government.
Lessons learnt and best practices will be incorporated in the audit report.
All audit survey reports and audit reports will be reviewed by AEC.
Audit survey reports will be made available through Access to Information request.
An audit report is considered complete when all of the audit processes have been followed and the report is approved by AEC.
A delay of six months is deemed acceptable between the draft and the final audit report.