Public Health Agency of Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > About the Agency > The Audit Services Division > PHAC Internal Audit Charter

Institutional links

Diseases & Conditions

E-mail this page





Close

The Audit Services Division

PHAC Internal Audit Charter

April 19, 2007

The Public Health Agency of Canada Internal Audit Policy

The Treasury Board (TB) Policy on Internal Audit (the TB Policy) and related Directives, Standards and Guidelines require the Public Health Agency of Canada (PHAC) Audit Committee (PHAC-AC) to recommend and regularly review an internal audit policy (or charter) approved by the CPHO.1

This PHAC Internal Audit Charter fully reflects2 the TB Policy and should be read in conjunction with the TB Policy and itsrelated Directives, Standards and Guidelines. If this PHAC Internal Audit Charter differs from the TB Policy and its related directives or standards, TB expectations prevail.

PHAC commits to fully implementing the expectations of the TB Policy by April 01 2009 including expectations for the PHAC-AC as described in the PHAC-AC Charter.

Purpose of the Internal Audit Function

The PHAC Internal Audit function provides the Chief Public Health Officer (CPHO) and the Minister, and agency management with an independent capability to perform audits that are consistent with agency and central agency policies; respond to agency priorities; and enhance the efficiency, effectiveness, and economy of operations. The function provides independent, professional and high quality audit services, founded on sound values and ethics, to support informed decision making and accountability across the Agency. Internal audit activity helps PHAC accomplish its objectives by bringing a systematic, disciplined approach to support and improve the effectiveness of risk management, control, and governance processes.

Internal Audit Authorities

PHAC internal audit authorities are derived from the TBPolicy. In planning, conducting and reporting internal audit work, the TBPolicy conveys the following authorities to the PHAC Chief Audit Executive (CAE) and to PHAC internal audit function staff as required:

  • Unfettered access to the PHAC-AC and to the Committee's chair and vice‑chair;
  • Access to all PHAC records, databases,workplaces and employees, and has the right to obtain information and explanations from agency employees and contractors, subject to applicable legislation; and
  • Unimpaired ability to carry out responsibilities, including reporting findings to the CPHO, to the PHAC-AC, as appropriate, to the Comptroller General.

Independence of the Internal Audit Function

PHAC internal audit personnel have no direct responsibility or authority over any PHAC activity or employees (other than accorded for internal audit purposes) and do not engage in audit activity that would constitute an audit of work that they were previously responsible for or otherwise could reasonably be construed to compromise their independence and objectivity.

The PHAC-CAE is independent from management and operations, allowing for objective assurance services on all areas of  PHAC responsibility. PHAC internal audit personnel report functionally and administratively to the PHAC-CAE who, for matters related to PHAC internal auditing, reports functionally to the PHAC Audit Committee and administratively to the CPHO.

The PHAC internal audit function adheres to, and meets or exceeds the Internal Auditing Standards for the Government of Canada as published by the Treasury Board. Public Health Agency of Canada internal audit function personnel subscribe to the IIA Professional Code of Ethics.Back to top

Responsibilities Related to Internal Audit

Responsibilities related to internal audit for the CPHO and the PHAC-CAE comply with the TB Policy; and are described below. Specific responsibilities of the PHAC-AC are described in the Public Health Agency of Canada Audit Committee Charter.

Chief Public Health Officer (CPHO)

The CPHO, in the context of the Treasury Board Secretariat Management Accountability Framework, is responsible for the systems of internal controls in PHAC and is fully responsible for the adequacy of PHAC internal audit coverage. The CPHO is expected to:

  • Put in place effective procedures to ensure systematic review of control and accountability processes in PHAC;
  • Establish an internal audit function that is appropriately resourced and that operates in accordance with the TBPolicy and professional internal auditing standards;
  • Establish an independent audit committee that includes a majority of external members who are not currently in the federal public service. (Requirements relating to the role, responsibilities and membership of the agency audit committee are described in Directive on Departmental Audit Committees);
  • Appoint a qualified CAE at a senior executive level, reporting to the CPHO, to lead and direct the internal audit function (see the TB Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General; the TB Guidelines on the Responsibilities of Chief Audit Executives; and the TB Guidelines on Expected Qualifications of Chief Audit Executives for further information on the responsibilities and qualifications of CAEs);
  • Ensure that, in addition to the authorities described above, the CAE:
    • Is independent from agency and operations allowing objective assurance services on all areas of agency responsibility; and
    • Provides an annual holistic opinion to the CPHO and PHAC-AC on the effectiveness and adequacy of PHAC risk management, control, and governance processes;
  • Approve the PHAC internal audit plan that addresses all areas of higher risk and significance, including audits identified by the Comptroller General as part of government-wide or sectoral coverage, and designed to support an annual opinion from the CAE on PHAC risk management, control, and governance processes (Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General sets out requirements for internal audit plans);
  • Ensure that management action plans prepared to address recommendations and findings arising from internal audits are effectively implemented; and
  • Ensure that the Minister is briefed periodically on significant items arising from the work of internal audit and the PHAC-AC. It is expected that the Minister will meet annually in camera with the PHAC-AC for assurance regarding risk management, control and audit systems. It is expected that the PHAC-AC will routinely brief the CPHO on their assurance findings.

Chief Audit ExecutiveBack to top

The CAE provides an annual holistic opinion to the CPHO and PHAC-AC on the effectiveness and adequacy of risk management, control, and governance processes in PHAC, as well as reporting on individual risk-based audits. The TBPolicy holds the Deputy responsible for the elements below as they relate to internal audit operations and are handled by the CAE:

  • Take into account the results of internal audits conducted by the Comptroller General.
  • Ensure appropriate internal audit coverage for special operating agencies and other entities within PHAC and under its control.
  • Ensure that the PHAC-AC receives all of the information and documentation needed or requested to fulfill its responsibilities, subject to applicable legislation.
  • Ensure the preparation of management action plans that adequately address the recommendations and findings arising from internal audits.
  • Ensure that completed audit reports are:
    • Issued in a timely manner and made accessible to the public with minimal formality; and
    • Posted on the PHAC website in a timely manner, in both official languages. Reports posted on the web site respect the Access toInformation Act and the Privacy Act.
  • Ensure that the Office of the Comptroller General and its agents, for the purpose of carrying out assigned responsibilities, are given:
    • Full access to departmental records, databases, workplaces and employees, and have the right to obtain information and explanations from departmental employees and contractors; and
    • Management representations needed to support the planning, conduct, and reporting of audits by the Comptroller General.
  • Monitor adherence to the TBPolicy in PHAC and put measures are in place, as appropriate, to ensure:
    • The independence, professionalism and performance of the internal audit function;
    • The extent to which internal audit activities address areas of higher risk and significance;
    • The timeliness of the internal audit process and reporting on internal auditing engagements;
    • The effectiveness of follow-up action;
    • The independence, competence and performance of the audit committee; and
    • The adequacy of support to the Comptroller General in carrying out horizontal or directed audits.
  • Ensure that the PHAC-AC prepares an annual report to the CPHO on its activities, including assessments of the internal audit function and make the report available to the Comptroller General.
  • Ensure that the Comptroller General is provided:
    • Copies of the Annual Internal Audit Plan as approved by the CPHO;
    • Copies of any management letters resulting from the audits of the OAG;
    • Electronic copies of reports on all completed internal audits before they are posted on the PHAC website;
    • Access to internal auditing staff and their working papers; and
    • The Annual Report of the PHAC-AC, including the Committee's assessment of the internal audit function.

Nature and Scope of Public Health Agency of Canada Internal Audit 3

Assurance services involve the internal auditor's objective assessment of evidence to provide an independent opinion or conclusions regarding a process, system or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor.Back to top

Risk Management

The PHAC internal audit function assists PHAC by identifying and assessing significant exposures to risk and contributing to the improvement of risk management and control systems:

  • The PHAC internal audit function monitors and assesses the effectiveness of PHAC risk management systems.
  • The PHAC internal audit function assesses risk exposures relating to PHAC governance, operations, and information systems regarding the:
    • Reliability and integrity of financial and operational information
    • Effectiveness and efficiency of operations
    • Safeguarding of assets
    • Compliance with laws, regulations, and contracts

Control

The PHAC internal audit function assists PHAC in maintaining effective controls by assessing the effectiveness and efficiency of controls and by promoting continuous improvement:

  • Based on the results of the risk assessment, the PHAC internal audit function assesses the adequacy and effectiveness of controls encompassing the PHAC's governance, operations, and information systems. This includes:
    • Reliability and integrity of financial and operational information
    • Effectiveness and efficiency of operations
    • Safeguarding of assets
    • Compliance with laws, policies, regulations and contracts
  • PHAC internal auditors ascertain the extent to which operating and program goals and objectives have been established and conform to those of the department as a whole.
  • PHAC internal auditors review operations and programs to ascertain the extent to which results are consistent with established departmental and program goals and objectives to determine whether operations and programs are being implemented or performed as intended.
  • Adequate criteria are needed to assess controls. PHAC internal auditors ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors use such criteria in their assessment.

Governance

  • The PHAC internal audit function assesses and makes appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
    • Promoting appropriate values and ethics within PHAC.
    • Ensuring effective PHAC performance management and accountability.
    • Effectively communicating risk and control information to appropriate areas of PHAC.
    • Effectively coordinating the activities of, and communicating information among the PHAC-AC,   external and internal auditors and PHAC management.
  • The PHAC internal audit function assesses the design, implementation, and effectiveness of the PHAC's ethics-related objectives, programs and activities.

1 TBS 2006 Policy on Internal Audit associated Directive on Departmental Audit Committees, Section 4.2.4.

2 An internal audit charter must include a formal definition of the purpose, authority, and responsibility of the IA function as well as a description of the nature of assurance services provided (IIA: Implementation Standard 1000.A1 - Assurance Engagements; and Attribute Standard 1000 – Purpose, Authority and Responsibility).

3 Based on The Institute of Internal Auditors'
International Standards for the Professional Practice of Internal Auditing.

Date Modified: 2007-08-24

Top of Page
Important Notices