Public Health Agency of Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > About the Agency > The Audit Services Division > PHAC Internal Audit Charter

Institutional links

Search Box

Share this page

To share this page just click on the social network icon of your choice.


Close

The Audit Services Division

PHAC Internal Audit Charter

September 29, 2009

The Public Health Agency of Canada Internal Audit Policy

The Treasury Board (TB) Policy on Internal Audit (the TB Policy) and related Directives, Standards and Guidelines require the Public Health Agency of Canada (PHAC) Audit Committee (PHAC-AC) to recommend and regularly review an internal audit policy (or charter) approved by the CPHO.1

This PHAC Internal Audit Charter fully reflects the TB Policy 2 and should be read in conjunction with the TB Policy and itsrelated Directives, Standards and Guidelines. If this PHAC Internal Audit Charter differs from the TB Policy and its related directives or standards, TB expectations prevail.

PHAC commits to fully implementing the expectations of the TB Policy by April 01 2010 including expectations for the PHAC-AC as described in the PHAC-AC Charter.

Purpose of the Internal Audit Function

The PHAC Internal Audit function provides the Chief Public Health Officer (CPHO) and the Minister, and agency management with an independent capability to perform audits that are consistent with agency and central agency policies; respond to agency priorities; and enhance the efficiency, effectiveness, and economy of operations. The function provides independent, professional and high quality audit and consulting / advisory services, founded on sound values and ethics, to support informed decision making and accountability across the Agency.  Internal audit activity helps PHAC accomplish its objectives by bringing a systematic, disciplined approach to support and improve the effectiveness of risk management, control, and governance processes.

Internal Audit Authorities

PHAC internal audit authorities are derived from the TB Policy. In planning, conducting and reporting internal audit work, the TB Policy conveys the following authorities to the PHAC Chief Audit Executive (CAE) and to PHAC internal audit function staff as required:

  • Unfettered access to the PHAC-AC and to the Committee’s chair and vice‑chair;
  • Access to all PHAC records, databases, workplaces and employees, and has the right to obtain information and explanations from agency employees and contractors, subject to applicable legislation; and
  • Unimpaired ability to carry out responsibilities, including reporting findings to the CPHO, to the PHAC-AC, as appropriate, to the Comptroller General.

Independence of the Internal Audit Function

PHAC internal audit personnel have no direct responsibility or authority over any PHAC activity or employees (other than accorded for internal audit purposes) and do not engage in audit activity that would constitute an audit of work that they were previously responsible for or otherwise could reasonably be construed to compromise their independence and objectivity.

The PHAC-CAE is independent from management and operations, allowing for objective assurance and consulting / advisory services on all areas of PHAC responsibility. PHAC internal audit personnel report functionally and administratively to the PHAC-CAE who, for matters related to PHAC internal auditing, reports functionally to the PHAC Audit Committee and administratively to the CPHO.

The PHAC internal audit function adheres to, and meets or exceeds the Internal Auditing Standards for the Government of Canada as published by the Treasury Board. Public Health Agency of Canada internal audit function personnel subscribe to the IIA Professional Code of Ethics.


Top of Page

Responsibilities Related to Internal Audit

Responsibilities related to internal audit for the CPHO and the PHAC-CAE comply with the TB Policy; and are described below. Specific responsibilities of the PHAC-AC are described in the Public Health Agency of Canada Audit Committee Charter.

Chief Public Health Officer (CPHO)

The CPHO, in the context of the Treasury Board Secretariat Management Accountability Framework, is responsible for the systems of internal controls in PHAC and is fully responsible for the adequacy of PHAC internal audit coverage. The CPHO is expected to:

  • Put in place effective procedures to ensure systematic monitoring and assurance regarding the soundness of risk management, control and accountability processes within PHAC;
  • Ensure an internal audit capacity appropriate to the needs of the department and that operates in accordance with the TB Policy and professional internal auditing standards;
  • Establish an independent audit committee that includes a majority of external members who have been recruited from outside the federal public service. (Requirements relating to the role, responsibilities and membership of the agency audit committee are described in Directive on Departmental Audit Committees);
  • Appoint a qualified CAE at a senior executive level, reporting directly to the CPHO, to lead and direct the internal audit function (see the TB Directive on Chief Audit Executives, Internal Audit Plans, and Support to the Comptroller General; the TB Guidelines on the Responsibilities of Chief Audit Executives; and the TB Guidelines on Expected Qualifications of Chief Audit Executives for further information on the responsibilities and qualifications of CAEs);
  • Ensure that, in addition to the authorities described above, the CAE:
    • Is independent from agency and operations allowing objective assurance and consulting/ advisory services on all areas of agency responsibility; and
    • Establishes plans and perform risk-based internal audits necessary to provide an independent annual assurance report to the on the adequacy and effectiveness of risk management, control and governance processes within PHAC;
  • Approves the PHAC internal audit plan that appropriately addresses areas of higher risk and significance. This internal audit plan will also address risks and incorporate audits that may be identified by the Comptroller General as part of government-wide or sectoral coverage. The plan will include individual internal audit engagements as well as being designed to support separate annual assurance overview from the CAE on PHAC risk management, control, and governance processes;
  • Ensures that management action plans prepared that adequately address the recommendations and findings arising from audits and that the action plans have been effectively implemented; and
  • Ensures that the Minister is briefed periodically on significant matters arising from the work of internal audit and the PHAC-AC. It is expected that the PHAC-AC will routinely provide the CPHO with advice and recommendations on the sufficiency, quality and results of assurances respecting PHAC risk management, control and governance (including accountability and auditing systems) framework and processes. Further, it is expected that the Minister will be offered the opportunity to meet with the PHAC-AC, along with the CPHO, at least annually, to discuss the annual report of the PHAC-AC and any significant concerns that may raise therein or that may otherwise arise.

Top of Page

Chief Audit Executive

The CAE establishes plans and perform risk-based internal audits necessary to provide an independent annual assurance report to the CPHO on the adequacy and effectiveness of risk management, control and governance processes in PHAC,.  The CAE also provides consulting / advisory services to management that add value and promote the best interests of PHAC. The TB Policy holds the Deputy responsible for the elements below as they relate to internal audit operations and are handled by the CAE:

  • Take into account the results of internal audits directed, led and/or performed by the office of the Comptroller General. This includes a requirement to ensure that PHAC internal audit plans appropriately address horizontal risks indentified by the office of the Comptroller General.
  • Ensure appropriate internal audit coverage for special operating agencies and other entities within PHAC and under its control.
  • Ensure that the PHAC-AC receives all of the information and documentation necessary to fulfill its responsibilities, subject to applicable legislation.
  • Ensure the preparation of management action plans that adequately address the recommendations and findings arising from audits.
  • Ensure that completed internal audit reports are:
    • Issued in a timely manner and made accessible to the public with minimal formality; and
    • Posted on the PHAC website in a timely manner, in both official languages. Reports posted on the web site respect the Access to Information Act and the Privacy Act.
  • Ensure that the Office of the Comptroller General and its agents, for the purpose of carrying out assigned responsibilities, are given:
    • Full access to departmental records, databases, workplaces and employees, and have the right to obtain information and explanations from departmental employees and contractors; and
    • Management representations pertinent to support the planning, conduct, and reporting of audits by the Comptroller General.
  • Monitor adherence to the TB Policy in PHAC and put measures are in place, as appropriate, to ensure:
    • The independence, professionalism and performance of the internal audit function;
    • That internal audit activities address areas of higher risk and significance;
    • The timeliness of the internal audit process and reporting on internal auditing engagements;
    • The effectiveness of follow-up action;
    • The independence, competence and performance of the audit committee; and
    • The adequacy of support to the Comptroller General in carrying out horizontal or directed audits.
  • Ensure that the PHAC-AC prepares an annual report to the CPHO on its activities, including assessments of the internal audit function and make the report available to the Comptroller General.
  • Ensure that the Comptroller General is provided:
    • Copies of the Annual Internal Audit Plan as approved by the CPHO;
    • Copies of any management letters resulting from the audits of the OAG;
    • Electronic copies of reports on all completed internal audits before they are posted on the PHAC website;
    • Access to internal auditing staff and their working papers; and
    • The Annual Report of the PHAC-AC, including the Committee’s assessment of the internal audit function.

Top of Page

Nature and Scope of Public Health Agency of Canada Internal Audit 3

Assurance

Assurance services involve the internal audit function’s objective assessment of evidence to provide an independent opinion or conclusions regarding a process, system or other subject matter. The nature and scope of the assurance engagement are determined by the CAE.

Risk Management

The PHAC internal audit function assists PHAC by identifying and assessing significant exposures to risk and contributing to the improvement of risk management and control systems:

  • The PHAC internal audit function monitors and assesses the effectiveness of PHAC risk management systems.
  • The PHAC internal audit function assesses risk exposures relating to PHAC governance, operations, and information systems regarding the:
    • Reliability and integrity of financial and operational information.
    • Effectiveness and efficiency of operations.
    • Safeguarding of assets.
    • Compliance with laws, regulations, and contracts.

Control

The PHAC internal audit function assists PHAC in maintaining effective controls by assessing the effectiveness and efficiency of controls and by promoting continuous improvement:

  • Based on the results of the risk assessment, the PHAC internal audit function assesses the adequacy and effectiveness of controls encompassing the PHAC’s governance, operations, and information systems. This includes:
    • Reliability and integrity of financial and operational information.
    • Effectiveness and efficiency of operations.
    • Safeguarding of assets.
    • Compliance with laws, policies, regulations and contracts.
  • PHAC internal auditors ascertain the extent to which operating and program goals and objectives have been established and conform to those of the department as a whole.
  • PHAC internal auditors review operations and programs to ascertain the extent to which results are consistent with established departmental and program goals and objectives to determine whether operations and programs are being implemented or performed as intended.
  • Adequate criteria are needed to assess controls. PHAC internal auditors ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors use such criteria in their assessment.

Governance

  • The PHAC internal audit function assesses and makes appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
    • Promoting appropriate values and ethics within PHAC.
    • Ensuring effective PHAC performance management and accountability.
    • Effectively communicating risk and control information to appropriate areas of PHAC.
    • Effectively coordinating the activities of, and communicating information among the PHAC-AC,   external and internal auditors and PHAC management.
  • The PHAC internal audit function assesses the design, implementation, and effectiveness of the PHAC’s ethics-related objectives, programs and activities.

Top of Page

Consulting (Advisory)

The nature of consulting services is defined as follows: Advisory and related client service activities, the nature and scope of which are agreed with the management and which are intended to add value and improve PHAC’s risk management, control process and governance without the internal audit function assuming management responsibility. Examples include counsel, advice, facilitation, and training.

Most consulting projects are initiated by managers communicating directly with the CAE. For these requests, the CAE will:

  • Collaborate with managers to develop a preliminary statement of work to be performed.
  • Assess whether the internal audit function can perform the work. Considerations include: expertise of auditors, expected resource commitment, risk of activities and impact on the audit activity’s independence and objectivity.
  • If the assessment reveals that the internal audit function can perform the work, the CAE must consult PHAC-AC for each request for projects requiring more than 60 hours.
  • If the assessment reveals that the internal audit function should not perform the work, the CAE will notify the appropriate managers. The CAE will also discuss options, such as assisting with the selection of outside consultants.

Recipient Audit

The Chief Audit Executive is responsible for:

  • Monitoring compliance with the PHAC Policy on Recipient Audit through independent, objective periodic audits and other assessments to ensure overall effectiveness and efficiency of operations by ensuring implementation and reporting of findings to the CPHO and the Audit Committee in a timely manner to ensure corrective action is taken when needed.
  • Performing recipient audits as identified by the Centre for G&C or the CPHO
  • Performing, as required, forensic audits and special investigations.

PHAC internal audit function is responsible for:

  • Auditing the existing Management Control Framework for Grant and Contribution and ensuring that it meets PHAC and TB requirements.
  • Following up on the implementation of the measures taken in response to the audit recommendations and that  Branch Programs implement proposed corrective measures within a reasonable time frame (i.e. follow-up of the action plans).

Top of Page

1 TBS 2009 Policy on Internal Audit associated Directive on Departmental Audit Committees, Section 4.2.4.

2 An internal audit charter must include a formal definition of the purpose, authority, and responsibility of the IA function as well as a description of the nature of assurance and consulting / advisory services provided (IIA: Attribute Standard 1000 – Purpose, Authority and Responsibility).  The internal audit function is focused primarily on the provision of assurance services, and consulting (advisory) services are provided on an exception basis only. Consulting services should not exceed 10% of PHAC internal audit plan resources.

3 Based on The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.

Date Modified: 2010-01-05

Top of Page
Important Notices