Internal Audits Charter

February 2021

Publication History

Date	Version
January 2008	First draft of the CNSC Internal Audit Charter
September 2009	Updated version tabled at CSNC Audit Committee
January 2010	Approved by President and Audit Committee Members
May 12, 2011	Updated version tabled at Audit Committee
June 4, 2013	Updated in accordance with the Treasury Board Secretariat Policy on Internal Audit, effective April 1, 2012
October 26, 2017	Updated in accordance with the Treasury Board Secretariat Policy on Internal Audit, effective April 1, 2017
March 2, 2018	Updated to incorporate comments from CNSC Audit Committee members received in November 2017.
April 7, 2020	Updated to capture the organizational move of the Office of Audit and Ethics (OAE) from the Commission Secretary to the President’s Office, the restructuring of OAE as the Internal Audit Division (IAD), the removal of Values and Ethics from the roles and responsibilities of the CAE, and to remove duplication
May 14, 2020	Approved by CNSC President and Departmental Audit Committee Members
February 8, 2021	Added wording on the responsibilities for appointment or removal of the CAE in section 6.1, in line with the 2019–20 IA self-assessment recommendation.

1. Introduction

1.1 The Treasury Board Policy on Internal Audit^{Footnote 1}dated April 1, 2017, and the Canadian Nuclear Safety Commission (CNSC) Internal Audit Charter (IA Charter) recognize and directly support the roles and responsibilities of the office of the CNSC President in the President’s capacity as deputy head and accounting officer, as defined in part I.1, sections 16.4 (1) and 16.4 (2) of the Financial Administration Act (FAA).

1.2 The objective of the PIA is to ensure that the oversight of public resources throughout the federal public administration is informed by a professional and objective internal audit function that is independent of departmental management. This function provides assurance that government activities are managed in a way that demonstrates responsible stewardship to Canadians.

1.3 The purpose of the CNSC’s IA Charter is to define the CNSC’s internal audit function including its mission, role, governance, method for maintaining independence and objectivity, authority under which it operates, and the responsibilities and duties of those involved in supporting the function.

1.4 The IA Charter reflects the PIA and the Treasury Board Directive on Internal Audit in the Government of Canada. The PIA requires the CNSC Departmental Audit Committee (DAC) to periodically review the CNSC’s IA Charter and recommend it for approval to the CNSC President and Chief Executive Officer (CEO).

1.5 If the IA Charter conflicts with the Treasury Board internal audit policy suite and the FAA, the policy suite and FAA will prevail.

2. Role of the internal audit function

2.1 Internal audit in the Government of Canada is a professional, independent and objective assurance and consulting activity that uses a disciplined, evidence-based approach to assess and improve the effectiveness of risk management, control and governance processes. The results of internal audit engagements are meant to assist decision makers in exercising oversight and control over the organization and in applying sound risk management.

2.2 Internal audit adds value by assessing and contributing to the improvement of risk management, control and governance processes. In doing so, it helps ensure that the CNSC achieves its objectives efficiently and in a way that demonstrates informed ethical and accountable decision making.

2.3 Additionally, within the sphere of its expertise, the internal audit function provides advisory consulting services to management on an exceptional basis in areas of risk, control and governance. The advisory services are generally performed at the specific request of an engagement client and with the approval of the President. When performing advisory services, internal auditors will maintain objectivity and will not assume management responsibilities.

3. Scope of the audit function

3.1 The internal audit function for the CNSC is located within the President’s Office (PO). The work of the internal audit function covers the activities required to determine whether the risk management, control and governance processes of the CNSC, as designed and represented by its senior management, are adequate and functioning in a manner that ensures:

• risks are appropriately identified and managed
• interaction with the various governance groups occurs as needed
• significant financial, managerial and operating information is accurate, reliable and timely
• activities and actions are in compliance with policies, standards, procedures, and applicable laws and regulations
• resources are acquired economically, used efficiently and adequately protected
• CNSC program objectives and plans are achieved
• quality control and continuous improvement are fostered in the CNSC’s control processes
• significant legislative or regulatory issues impacting the CNSC are recognized and addressed properly

3.2 Consistent with the requirements of the Treasury Board PIA, the majority of the internal audit function’s resources will be dedicated to audit engagements, which call for a high degree of rigour and result in a high-level assurance product.

3.3 In addition to audit engagements^{Footnote 2}, advisory engagements may be provided to meet the needs of management. These advisory engagements are meant to add value and improve the CNSC’s risk management, control and governance processes without the internal audit function assuming management responsibility.

3.4 The results of all audit engagements will be formally documented and communicated within the CNSC to the management of the area audited, the President and the DAC.

4. Independence, objectivity and impartiality

4.1 The internal audit activity must be independent and internal auditors must be objective in performing their work. To provide for the independence and objectivity of the internal audit function, its staff report to the Chief Audit Executive (CAE), who reports functionally and administratively to the President. The CAE also has unfettered access to the DAC and is responsible for providing information needed or requested by DAC members to support them in carrying out their mandate. The internal audit function is independent from line management.

4.2 To maintain impartiality, the internal audit function will not be involved in CNSC operations, or in selecting, implementing or managing risk management, control or governance processes. However, internal auditors may provide recommendations for strengthening these processes and give advice and opinions on specific matters related to risk management, control or governance processes, as requested by management.

4.3 The CAE and staff of the internal audit function are not authorized to:

• perform any operational duties for the CNSC that may compromise their independence and objectivity with respect to their internal audit responsibilities
• initiate or approve accounting transactions external to the internal audit function

4.4 Objectivity is defined as an impartial, unbiased attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made. Objectivity requires internal auditors to not subordinate their judgment on audit matters. Internal auditors must avoid any potential, apparent or real conflicts of interest. Accordingly, internal auditors do not engage in any activity that may impair their judgment including:

• assessments of specific operations for which they had responsibility within the previous year
• performance of any operational duties for the CNSC
• initiation or approval of transactions external to the internal audit division
• direction of the activities of any staff not in the internal audit division, except to the extent that such employees have been appropriately assigned to work on the audit team or to otherwise assist internal auditors

5. Authority

As a deputy head, the President and CEO of the CNSC must consider the risk profile and control environment of the CNSC and decide whether the work performed by the Office of the Comptroller General (OCG) fully meets the internal audit requirements or whether further assurance engagements are necessary. For the CNSC, the President, in consultation with the Comptroller General of Canada, has decided to establish and maintain an internal audit function pursuant to section 16.1 of the FAA to conduct focused internal assurance work in addition to what is provided by the OCG.

The President designates the CAE to manage the internal audit function, and authorizes the CAE and staff of the internal audit function to:

• have unrestricted access to all CNSC functions, records, property and staff and have the right to obtain information from CNSC employees and contractors, subject to applicable legislation
• have full and free access to the CNSC Audit Committee and to the Audit Committee Chair
• allocate resources, determine scopes of work and apply the techniques required to accomplish audit objectives
• obtain the necessary assistance of personnel in units of the area where they perform audits, as well as other specialized services from within or outside the CNSC
• have unimpaired ability to carry out their responsibilities, including reporting findings to the President, the Audit Committee and, as appropriate, to the OCG

6. Responsibilities

In compliance with the PIA and the Directive on Internal Audit in the Government of Canada, responsibilities related to the internal audit function as they apply to the President, the CAE, CNSC management and the CNSC DAC are described below.

6.1 President and Chief Executive Officer

The President and CEO is responsible for:

• establishing an independent internal audit function that is appropriately resourced and that operates in accordance with the government’s Policy on Internal Audit and the Institute of Internal Auditors’ (IIA) International Professional Practices Framework
• in consultation with the Comptroller General of Canada, establishing and maintaining an independent departmental audit committee that includes a majority of external members recruited from outside the federal public administration and appointed by the Treasury Board
• in consultation with the Comptroller General of Canada, designating a CAE to manage the internal audit function; the CAE meets the Treasury Board Executive Group Qualification Standards and determining criteria for the appointment or removal of the CAE
• in the event that the CAE is being considered for removal, decide on the matter in consultation with the DAC members, as well as the Comptroller General of Canada
• approving a departmental Risk-Based Audit Plan (RBAP) that spans multiple years and focuses primarily on areas of high risk and significance and on the provision of assurance services
• ensuring that management action plans which address the recommendations and findings arising from internal audit engagements are prepared and implemented
• investigating and acting when significant issues regarding policy compliance arise and ensuring that appropriate remedial action is taken to address these issues
• briefing the Governor in Council on matters arising from the work of internal audit that merit the Governor in Council’s attention
• ensuring that audit reports are made accessible to the public with minimal formality and in a timely manner as prescribed by the Treasury Board and within the time frame prescribed by the Comptroller General of Canada
• ensuring that the OCG is informed of any issue that may be of significance and/or may require the Treasury Board’s involvement and that the OCG is provided with the information necessary to carry out its assigned responsibilities (per the PIA)

6.2 Chief Audit Executive

The CAE, in the discharge of their duties, is accountable to the President for:

• ensuring the Government of Canada Directive on Internal Audit is followed
• applying the Institute of Internal Auditors’ International Professional Practices Framework
• establishing and updating, at least annually, a multi-year RBAP of internal audit engagements focused predominantly on the provision of assurance services
• coordinating internal audit activities and plans with other assurance providers to minimize duplication of effort and demands on CNSC management
• communicating the engagement plan and resource requirements for the internal audit function, including any variances with this plan and the impact of resource limitations to the President and the Audit Committee
• ensuring that internal audit resources are appropriate and effectively deployed to achieve the approved plan
• ensuring the timely completion of internal audit engagements, including internal audits led by the OCG
• ensuring that internal audit engagement reports are provided to the Audit Committee in a timely manner
• reporting to the Audit Committee on whether management action plans are implemented; this report to the committee will include an assessment of the impact of the proposed actions including their effectiveness in addressing the risks identified
• ensuring that internal auditors have and develop appropriate professional qualifications, skills and certification, as well as opportunities to maintain and develop their internal audit competence
• developing and maintaining a quality assurance and improvement program that covers all aspects of the internal audit function and continuously monitors its effectiveness
• in consultation with the President and the Audit Committee, ensuring that a practice inspection of the internal audit function is conducted, at least once every five years, by a qualified independent reviewer competent in the professional practice of internal audit; the results of these external assessments with an accompanying action plan are to be communicated to the President, the Audit Committee and the OCG
• preparing an annual written report to the President and the Audit Committee that meets the requirement of the PIA
• providing the RBAP, internal audit reports and any other requested material to the OCG
• preparing and publishing performance results of the audit function and a list of planned audit engagements for the coming fiscal year as prescribed by the OCG

6.3 CNSC Management

CNSC management is responsible for providing internal audit staff with timely access to information and personnel, as needed for the performance of their duties; preparing management responses and action plans to address the recommendations and findings arising from internal audits; and ensuring the action plans are effectively implemented. Plans and strategies for external communications related to published audit reports are the responsibility of CNSC management.

6.4 Departmental Audit Committee

The DAC will provide objective advice and recommendations to the President regarding the sufficiency, quality and results of assurance work on the adequacy and functioning of the CNSC's risk management, control and governance frameworks and processes (including accountability and auditing systems). The roles, responsibilities and operations of the CNSC DAC are documented in the approved CNSC Departmental Audit Committee Charter

7. Standards of audit practice

The internal audit function will be compliant with the Treasury Board of Canada Policy on Internal Audit and the Directive on Internal Audit in the Government of Canada. The CNSC’s internal audit function will meet the standards of the International Professional Practices Framework published by the IIA, and adopt and comply with the Code of Ethics of the IIA.

8. Related policies and references

• Government of Canada Financial Administration Act
• The Treasury Board of Canada Policy on Internal Audit 2017
• The Treasury Board of Canada Directive on Internal Audit
• The Institute of Internal Auditors International Professional Practices Framework
• The Institute of Internal Auditors Code of Ethics