Internal Audit Charter
OFFICE OF THE INFORMATION COMMISSIONER OF CANADA
AUDIT AND EVALUATION COMMITTEE CHARTER
This document outlines the purpose, responsibilities, membership and operating policies of the Audit and Evaluation Committee (AEC) of the Office of the Information Commissioner of Canada (OIC). This document reflects the April 2017 changes to the Government of Canada Policy on Internal Audit and Directive on Internal Auditing as well as the Policy on Results and the Directive on Results. This document comes into effect upon approval.
The AEC's role is to provide the Commissioner with independent and objective advice, guidance and recommendations on the adequacy of the OIC's control and accountability processes, as well as the use of evaluation within the OIC, in order to support management practices, decision-making and program performance.
To offer this support, the AEC exercises active oversight of core areas of the OIC's control and accountability framework. In so doing, the AEC will address high-level strategic issues, as well as ongoing operational issues, in the broad areas of both audit and evaluation.
This serves as an important element to support the independence of the internal audit (IA) activity within the OIC and the neutrality of the evaluation function, and helps ensure that the results of internal audits and evaluations are incorporated into the OIC’s priority-setting and business and planning processes.
The AEC, as a strategic resource to the Commissioner, also provides such advice and recommendations as may be requested by the Commissioner on specific emerging priorities, concerns, risks, opportunities and/or accountability reporting.
The responsibilities of the AEC are specifically identified in the OIC's Policy on Internal Audit and Policy on Evaluation and are reflective of both Treasury Board's directives on Departmental Audit Committees and on the Evaluation Function for the Government of Canada.
There are nine (9) key areas of responsibility that the AEC is intended to address. They are:
1. Values and ethics
Review, with an appropriate risk-guided focus and cycle, the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations and policies, and standards of ethical conduct.
2. Risk management
Review, with an appropriate risk-guided focus and cycle, the corporate risk profile and OIC risk management arrangements.
3. Management control frameworks
Review, with an appropriate risk-guided focus and cycle, the OIC's internal control mechanisms, including adequacy of management-led audits.
4. Internal Audit Function
Review and recommend, with an appropriate risk-guided focus and cycle, the Policy on Internal Audit.
Review and recommend the IA plan, including risk assessment.
Receive and recommend for approval IA reports and follow up on management action plans.
Be aware of all audit engagements and tasks, including those not resulting in a report.
5. Evaluation Function
Review the Policy on Results and how it applies to Evaluation at the OIC and advise on its approval.
Review and recommend the Evaluation Plan, including risk/priority assessment.
Receive and recommend for approval evaluation reports and follow up on management action plans.
Review regular reports on the implementation of management action plans.
Be aware of all evaluation and performance measurement activities, including those not resulting in a report.
Review the use of evaluation to support the OIC’s performance measurement strategy.
6. Follow-up of management action plans
Ensure adequate arrangements to monitor and follow-up on management action plans, OAG recommendations, etc.
Receive updates from management on action plans.
CAE to report on the status and effectiveness of management follow-up action.
7. Financial statements and public accounts reporting
Review the OAG audit reports on the OIC's financial statements and recommend their acceptance to the Commissioner.
8. Accountability Reporting
Review the Risk based Audit and Evaluation Plan (RBAEP), Departmental Plan (DP) and Departmental Results Report (DRR) and any other accountability reports to provide advice to the Commissioner and identify any material misstatement or omissions coming to the Commissioner's attention.
9. External Assurance Provider
Objective assessment of evidence and data to provide an independent opinion or conclusions regarding the OIC’s operations, results, risks, stewardship and governance.
The main responsibilities of the AEC are :
- Provision of advice and recommendations to the Commissioner:
- TBS Policies on Results and Internal Audit
- The OIC's Risk-based Audit and Evaluation Plan;
- Reports on internal audit engagements and evaluations, and the management action plans developed to address the recommendations made in these reports.
- Active oversight of core areas of OIC control and accountability through the following:
- Monitoring the adequacy and timeliness of actions taken in relation to management action plans;
- Monitoring the performance of the OIC's IA activity and its evaluation function, including the performance of the Chief Audit Executive (CAE);
- Considering matters raised by the OAG, other parliamentary or audit agencies and the Treasury Board Secretariat (TBS) in respect of audit and evaluation issues;
- Reviewing relevant plans and reports of the OAG, central agencies and the relevant standing committees of the House of Commons and the Senate, and providing advice on OIC responses and actions plans, as appropriate;
- Reviewing the OIC's financial statements and related management letters;
- Reviewing the Risk based Audit and Evaluation Plan (RBAEP), Departmental Plan (DP), Departmental Results Report (DRR) and other significant accountability reports, within the framework approved by the OIC's Senior Management Committee;
- Establishing a forward agenda for its members.
- Assessing its own performance and advising the Commissioner on what it considers to be key observations and recommendations, through the preparation of an annual report on:
- Its activities;
- Its assessment of the OIC's internal control measures;
- Any concerns on risk management, control and governance framework and processes;
- An assessment of the IA activity;
- An assessment of the evaluation function;
- Any recommendations on risk management, controls and accountability processes.
The AEC has the authorityto:
- Request the information and documentation needed to fulfill its responsibilities;
- Meet in camera for briefings with the Commissioner, the Chief Financial Officer (CFO), the OAG representative and any other officials the AEC may designate.
The Commissioner has the responsibility for the appointment of all members of the AEC, including external members.
The Commissioner has the right to establish the following with respect to AEC members:
- Conditions and terms of tenure;
- Professional qualifications, so as to ensure the continuity of operations and the appropriate collective skills and experience;
In the case of significant, irreconcilable differences of opinion between external members of the AEC and the Commissioner, the external members have the right to report their disagreement to the CAE who will report to the Office of the Comptroller General (OCG), if necessary.
5.1 External members
The AEC for the OIC will include two (2) external members.
Members of the AEC shall be selected so that their collective skills, knowledge and experience will allow the AEC to competently and efficiently undertake its duties. It is preferable that one of the external member possess financial management, governance and government operations experience.External members of the AEC shall be:
- Independent of government operations;
- Free of any real or perceived conflict of interest (any conflicts are to be discussed with the Chair of the AEC);
- Willing and able to obtain the appropriate security clearance;
- Subject to the term of duty established by the Commissioner;
- Willing to receive formal orientation on the AEC's responsibilities and objectives and the OIC's operations;
- Willing to have their remuneration and expenses (including travel and hospitality) proactively disclosed in a manner prescribed by the Comptroller General of Canada;
- Reflective of Canada’s diversity in terms of gender, official languages, Indigenous Canadians, minority groups and regional representation.
An external member shall serve no more than two terms. A full term of office is four years. However, to ensure continuity within the AEC, engagement of members by the Commissioner can be staggered.
The Chair of the AEC is one of the external members.
5.3 Required attendees
- The two (2) external committee members (alternates are not allowed), one of whom is the Chair;
- The Commissioner (alternates are not allowed);
- The CFO (non-voting member);
- The CAE.
In addition to the required attendees, the following officials may be asked to attend meetings as needed:
- Deputy Chief Financial Officer
- The Deputy Commissioner(s)
- Other persons identified by the Commissioner
In addition to regular members of the AEC, functional specialists (e.g. from Human Resources or other specific sectors) may be invited to attend an AEC meeting for specific agenda items where their expertise may be required. A representative of the OAG is always invited to the meetings.
The CAE, or designate, will serve as Secretary of the AEC.
Meeting summaries will be presented to the AEC for approval at the following meeting, unless otherwise indicated by the AEC.
6.1 Frequency of meetings
The AEC will normally meet four (4) times a year (in person or via conference call). Additionally, AEC members may be consulted by the Commissioner on an “as needed” basis to provide written or verbal feedback on various elements that fall within the AEC's mandate.
6.2 Scheduling of meetings
Meetings will be scheduled at least six months in advance. A pre-determined schedule of meetings will also aid external members in meeting requirements for Committee meetings. Rescheduling of meetings will be by exception only.
Between regular meetings, AEC approval can be obtained by means of “hard copy” memoranda and/or email exchanges among members when a situation requires immediate consideration and an in-person meeting of members is not feasible.
A quorum in attendance will be the Commissioner plus one external member.
6.4 Review of AEC Terms of Reference
The role, responsibilities and activities of the AEC are documented in this charter of the OIC Audit and Evaluation Committee and approved by AEC members. This document will be revised annually.
I have reviewed the Audit and Evaluation Committee Charter Terms of Reference and approve them.
Information Commissioner of Canada
Chair, Audit and Evaluation Committee
November 7, 2019