2022–23 Audit and Evaluation Committee Annual Report

June 2023 – Fourteenth Annual Report
For the year ended March 31, 2023


Annual Plan and Annual Report

The Audit and Evaluation Committee (AEC) carries out its activities in accordance with an annual plan that is prepared by the Chair and approved by the Commissioner. The document specifies the number of meetings planned for the coming year and the topics to be covered at the meetings. At the end of each fiscal year, the Chair of the AEC, in consultation with other external members, prepares a report (this document) for the Commissioner that describes the AEC’s activities during that year and provides an assessment of the systems, controls and other management tools that are in place at PSIC.

Membership

The Chair and members are selected by the Commissioner. The membership of the 2022–23 AEC was as follows:

Chair

  • Josée De La Durantaye, External

Members

  • Joe Friday, Commissioner
  • Jacques Paquette, External

Regular non-member attendees

  • Denis Bilodeau, Deputy Commissioner and Chief Audit Executive (CAE)
  • Ludovic Noubissi, Chief Financial Officer (CFO)
  • Heidi Bartman, Chief Results Delivery Officer

Meetings

The Committee met on the following dates during the 2022–23 fiscal year:

  • May 16, 2022
  • October 3, 2022
  • December 12, 2022
  • February 24, 2023

This year, all meetings were held by teleconference. At each AEC meeting, the external members held an in-camera session with the Commissioner. There was also an in-camera session with representatives from the Office of the Auditor General (OAG).

Support for the Committee

The AEC received information and support from management to help it carry out its duties and responsibilities effectively. The Commissioner also made his reports to Parliament, including his Annual Report and Case Reports, available to the AEC.

With the help of the AEC Chair, the Chief Results Delivery Officer prepared the agendas and minutes for the 2022–23 meetings and supported the AEC’s work.

Summary of 2022–23 AEC Meeting Topics

The AEC considered the following items in 2022–23.

OAG audit of financial statements

  • The OAG audited PSIC’s annual financial statements.
  • On October 3, 2022, OAG staff members Julie Tremblay, Riowen Abgrall, Xiao Shenglong and Josiane Sarrazin presented the results of the audit of the 2021–22 financial statements to the AEC. Ms. Tremblay told the AEC that the independent auditor’s report provided an unqualified audit opinion and that the financial statements were free of material misstatements.
  • She said that two risks were identified in the annual audit plan: (1) management’s circumvention of controls, and (2) completeness and accuracy of salaries.
  • In the first case, there was nothing to report. In the case of the second risk, the OAG reported that there was nothing to report on the risk relating to the completeness and accuracy of salaries, with the exception of a few uncorrected misstatements.
  • Ms. Tremblay thanked PSIC staff for their full cooperation.
  • The OAG representatives asked the AEC members and participants whether they were aware of any fraud at PSIC. The members and participants replied that they were not aware of any fraud.
  • Committee members were satisfied with the report.
  • External AEC members and OAG representatives held an in-camera meeting.
  • The audit cycle continued with a presentation by OAG staff members Louiselle Otis and Riowen Abgrall on February 24, 2023, on the audit plan for the 2022–23 financial statements.
  • Ms. Otis informed the Committee of the change to Canadian Auditing Standard 315, which is used primarily for identifying and assessing the risks of material misstatement. This standard had impacted the nature and scope of the OAG’s assessment procedures this year, resulting in additional demands on internal control. However, no additional risks had been identified.
  • With regard to risks, the OAG audit plan included only one audit risk, which was management override of controls.
  • The Committee has informed the OAG that a significant focus on internal controls had been added to the work program, thereby clarifying the roles between the OAG and PSIC regarding the audits to be carried out.

PSIC Risk-based Audit and Evaluation Plan (RBAEP)

  • The AEC discussed the PSIC RBAEP at each of its meetings. The discussions focused in part on implementing the activities identified in the plan.
  • Discussions were held on the orderly planning of audits and evaluations to ensure an appropriate distribution of the workload over the years.
  • The RBAEP has incorporated a Multi-Year Ongoing Monitoring Plan of Internal Controls over Financial Reporting into the schedule of planned audits and evaluations. This addition allows the AEC to have an integrated plan that covers all its responsibilities.

AEC 2022–23 annual plan

  • The AEC discussed the annual plan for the current year and planned future meeting agendas accordingly to ensure that all parts of the plan were covered. Some parts of the plan have been clarified to specify expectations and timelines.

AEC mandate

  • The AEC regularly reviews its mandate to ensure that it is both complete and relevant. Given that the Office is a small agency whose financial statements are audited annually by the OAG and the flexibility afforded by its status as an agent of Parliament, certain changes were made to the AEC mandate. As a result, it was decided that a professional accounting designation in good standing would be considered an asset, rather than a requirement, for an external member. In addition, the total term of office has been clarified to stipulate that members may not serve more than two terms, and that each term may not exceed four years.

Audit and Evaluation Dashboard

  • The PSIC Audit and Evaluation Dashboard was discussed at each of the AEC meetings. The discussions included the status of each audit and evaluation and any proposed changes to the schedule when necessary.
  • The Committee discussed the panel results on outreach and engagement initiatives. It also discussed the next exercise, which will focus on communications via the PSIC’s website and will take into account feedback from the panel discussions. The result of this work will be presented to the AEC at the beginning of the 2023–24 fiscal year.
  • The Committee reviewed preparations for the threat and risk assessment of the physical security of staff.
  • The Committee discussed the schedule for the audit of the various components of the cyclical internal controls, which will be staggered over the next few years.

LEAN exercise

  • The Committee was informed of the results of the LEAN exercise. During this exercise, participants went through the investigation and analysis process with the objective of providing the best response to clients as quickly as possible. Various actions are under way to monitor the results of the exercise.

Update from general counsel

  • The General Counsel provided an update to the AEC on certain specific legal cases, so that it could better understand the implications of certain recent Court decisions and clarified for the AEC certain aspects of the PSIC’s mandate.

Situation following COVID-19

  • At each meeting, the Committee received an update on operations and the gradual and partial return to the office.
  • The Committee was informed that the business continuity plan had been updated by the PSIC to reflect the new situation.

Corporate values and ethics

  • The Committee received a presentation of a reference tool on values and ethics at the PSIC. The tool, which was used at a recent annual staff-wide values and ethics session, serves as a guide and reminder to employees. It includes the PSIC’s values and useful resources.
  • The Committee was also informed that it had been ten years since the corporate code of values and ethics was finalized. A number of departments had decided to review their codes and the Office was also undertaking this exercise. This time, the entire code would be reviewed and the impact of COVID-19 and the hybrid work model would be considered.

Budget

  • The AEC reviewed quarterly financial reports prepared by the Office and provided comments to the CFO. At each meeting, the CFO gave members a comprehensive report and analysis of expenditures and forecasts.

Human resources

  • The AEC discussed human resources issues, including staffing, staff turnover, training and planning.

Information Technology

  • The AEC had regular discussions on the risks associated with the delivery of IT services by the Canadian Human Rights Commission (CHRC), including cyber threats. The risks are reflected in both the RBAEP and the business continuity plan.
  • The Committee discussed the three main IT projects, namely the mapping of the IT environment, the implementation of the new case management system and compliance with government security measures.

PSIC reports

  • The Committee provided advice, where necessary, on PSIC’s Departmental Plan, Departmental Results Report and Annual Report.

Audit and Evaluation personnel changes

  • No changes were made to the committee membership during the period of this report.

Orientation and Learning Activities

Treasury Board Symposium for Departmental Audit Committees (DACs)

  • On November 29 and 30, 2022, Jacques Paquette and Denis Bilodeau attended the DAC symposium. The symposium was virtual and was held over two half-days. The symposium covered a number of themes, including hybrid work, the challenges of cybersecurity, and the challenges of measuring progress in sustainable development, diversity and inclusion.

Agenda for Upcoming Committee Meetings

Some AEC activities take place every year, including the following:

  • Providing the Commissioner with advice and recommendations on issues related to service delivery, including performance measurement and communication with stakeholders;
  • Reviewing audit and evaluation reports;
  • Following up on management action plans, including recommendations made in reports from other agents of Parliament;
  • Cooperating with the OAG and the Office of the Comptroller General (OCG), if necessary, in view of PSIC’s status as an agent of Parliament;
  • As a committee, acquiring a better understanding of PSIC’s administration and activities through briefings on PSIC operations given by knowledgeable PSIC employees so that members are better able to provide advice regarding risks;
  • Reviewing quarterly financial statements and providing comments where appropriate on the Report on Plans and Priorities, the Departmental Performance Report and the Commissioner’s Annual Report to Parliament; and
  • Participating, if necessary, in audit community learning events in order to exchange views with audit committee members in other departments and agencies.

Evaluation of PSIC’S Internal Controls and Risk Management and Governance Mechanisms

The AEC meets as a committee with PSIC staff three to five times a year. As a result, it can be difficult for the AEC to fulfil its role of providing sound advice to the Commissioner regarding the functioning of internal controls and risk management and governance mechanisms.

To increase the reliability of the advice provided by the AEC to the Commissioner during the reporting period and in this report, the following steps were taken.

  • At each AEC meeting, external members held in-camera sessions with the Commissioner.
  • During the reporting period, the Chair was in periodic contact with the CAE and the CFO.
  • External members reviewed PSIC’s quarterly financial statements, and at each AEC meeting, the CFO was asked questions on financial matters (and provided satisfactory answers).
  • An evaluation of internal financial controls by an outside firm was added to the audit and evaluation plan to complement existing audit mechanisms.
  • On October 3, 2022, external members met in camera with the OAG Principal responsible for the audit of PSIC’s 2021–22 financial statements. The audit did not identify any material misstatements or concerns that needed to be brought to the attention of the AEC, the CFO, the CAE or the Commissioner.

After taking these steps, the AEC’s external members said that in their view and to the best of their knowledge, PSIC’s system of internal controls and risk management and governance mechanisms were sound.

Assessment of the Capacity and Performance of the Internal Audit and Evaluation Functions

The Committee noted that:

  • The AEC meets regularly and it was led by an external Chair. Its membership is reviewed annually and renewed when required.
  • There is an OAG audit every year, and OAG staff have expressed appreciation for the cooperation of the PSIC representatives with whom they worked in carrying out the audits and for the cooperation of CHRC representatives, PSIC’s financial service providers.
  • An RBAEP was developed and reviewed by the AEC and approved by the Commissioner; it is revised as necessary. The Audit and Evaluation Dashboard is prepared by the CAE and is reviewed at least once every fiscal year by the AEC.
  • PSIC brings in external consultants who provide professional services in the areas of risk assessment, audits and evaluations, and audit and evaluation planning. The AEC will continue to monitor the results of these services.
  • Sufficient funds are available to carry out the approved RBAEP.

The Committee will continue to review the capacity and performance of PSIC’s internal audit and evaluation functions.

(Original signed by)

Jacques Paquette, Chair
On behalf of the PSIC Audit and Evaluation Committee


Appendix A

Audit committees

The requirement for public sector organizations to establish independent audit committees in which a majority of members are from outside the federal public administration is an essential component of the Treasury Board (TB) Policy on Internal Audit. The fundamental role of such committees is to ensure that the deputy head has independent, objective advice and assurance on the adequacy of the department’s control and accountability processes.

The importance of audit committees was further highlighted in legislation when the Federal Accountability Act amended the Financial Administration Act to include the following requirements:

Internal audit measures (under the Financial Administration Act)

16.1 The deputy head or chief executive officer of a department is responsible for ensuring an internal audit capacity appropriate to the needs of the department.
2006, c. 9, s. 259.

Audit committees

16.2 Subject to and except as otherwise provided in any directives issued by the Treasury Board under paragraph 7(1)(e.2), the deputy head or chief executive officer of a department shall establish an audit committee for the department.
2006, c. 9, s. 259.

Appointment

16.21(1) A person who does not occupy a position in the federal public administration but who meets the qualifications established by directive of the Treasury Board may be appointed to an audit committee by the Treasury Board on the recommendation of the President of the Treasury Board.

Audit committees and parliamentary agencies

The TB Policy on Internal Audit makes specific reference to offices of agents of Parliament, including the Office of the Public Sector Integrity Commissioner. Deputy heads of these organizations may, subject to compliance with sections 16.1 and 16.2 of the Financial Administration Act, authorize such departures from the specific policy requirements contained in the Policy as they may deem appropriate in light of the governance arrangements, statutory mandate and risk profile of the organization of which they are deputy heads.

Audit and evaluation

Although audit and evaluation are the subjects of separate policies in the federal government, the management of these functions is closely linked, particularly in small agencies. In the interest of efficiency, PSIC’s audit committee is also responsible for evaluation, in accordance with the TB Policy on Results, and is consequently named the Audit and Evaluation Committee (AEC).

Accountability of the AEC

The AEC’s role is advisory in nature. The AEC’s sole accountability is to the Public Sector Integrity Commissioner of Canada (Commissioner). In this regard, members are accountable for the objectivity, quality and timeliness of their advice and for the fulfilment of their contractual responsibilities. In addition, the AEC conducts an annual self-assessment of its work.

Responsibilities of the AEC

The AEC’s responsibilities under the TB Policy on Internal Audit (April 1, 2017) are as follows:

  • Provide objective advice and recommendations to the Commissioner regarding the sufficiency, quality and results of internal audit engagements related to the adequacy and functioning of PSIC’s frameworks and processes for risk management, control and governance;
  • Using a risk-based approach, review all areas of responsibility for departmental audit committees related to departmental management, control and accountability processes as determined by the Comptroller General of Canada. These include the following:
    • Values and ethics
    • Risk management
    • Internal audit function
    • Internal assurance providers
    • Follow-up on management action plans
    • Financial statements and public accounts reporting
    • Accountability reports
  • Provide advice and recommendations on matters for which the Commissioner, as accounting officer, is responsible and on other related matters as needed or requested by the Commissioner.

With respect to evaluations, the AEC will do the following:

  • Provide advice to the Commissioner, through review of the PSIC’s RBAEP, regarding PSIC programs or operations that should be evaluated;
  • Review and advise on the terms of reference, scope and timing of any planned evaluation;
  • Review the findings of evaluations and monitor subsequent management action plans.