Administrator: Office of the Comptroller General
Applies to: GNWT departments and public agencies (as defined in the FAA)
Approved by: Financial Management Board (on recommendation of the Audit Committee, per FAM 206)
Review cycle: Annual Audit Committee review

PURPOSE

This Charter defines the purpose, authority, independence, scope, and responsibilities of the Internal Audit Bureau (IAB). It affirms conformance with the Global Internal Audit Standards (2024) issued by The Institute of Internal Auditors (IIA) and establishes the IAB as an independent, objective assurance and advisory function that adds value and improves GNWT operations.

LEGAL AND POLICY BASIS (AUTHORITY)

The IAB’s authority is derived from:

• The Financial Administration Act (FAA), section 7(1)(h) (FMB authority to establish financial management policies) and sections 37–41 (Internal Audit Bureau, internal controls, delegation of financial authority, and Audit Committee under s.40).
• FAM 206 – Internal Audit Policy, approved by the Financial Management Board (FMB), which provides policy authority and safeguards FMB control over the internal audit mandate.
• Audit Committee review and recommendation of this Charter, with final approval by the FMB, and ongoing functional oversight as set out in IB 206.01 – Audit Committee Terms of Reference.

Under this authority, the IAB has full, free, and unrestricted access to all records, systems, premises, data, and personnel required to perform its work.

INDEPENDENCE AND OBJECTIVITY

• The IAB is independent of the activities it audits.
• The IAB Director reports functionally to the Audit Committee and administratively to the Comptroller General.
• The Audit Committee protects IAB independence, including freedom from undue influence over audit selection, scope, procedures, timing, and reporting.
• Internal auditors must be objective and avoid conflicts of interest. If actual or perceived impairments arise, they are disclosed to the Audit Committee.
• Roles outside internal auditing (if any) require Audit Committee approval and documented safeguards to preserve independence and objectivity.

MISSION AND PRINCIPLES

The IAB’s mission is to enhance and protect organizational value by providing risk-based assurance, advice, and insight. The IAB supports GNWT objectives by evaluating and improving the effectiveness of governance, risk management, and internal control.

The IAB operates in conformance with the IIA Global Internal Audit Standards (2024) and the IIA Code of Ethics, and in compliance with applicable laws, regulations, and GNWT policies, including the NWT Financial Administration Act and FAM 206.

SCOPE OF ACTIVITIES

The IAB delivers services—across departments and public agencies, including activities delivered by third parties under contract—that may include:

• Assurance engagements that provide independent conclusions on risk management, control, and governance.
• Advisory engagements that provide insight and recommendations without assuming management responsibility.
• Fraud risk and integrity work: identifying indicators, and, at the direction of the Comptroller General, conducting investigations of suspected fraud, negligence, or impropriety and reporting results.
• Follow-up on management’s implementation of agreed actions and reporting on unresolved, significant issues and accepted risks.
• Coordination with external and internal oversight bodies to optimize coverage and avoid duplication.

STANDARDS OF PRACTICE AND METHODOLOGY

All IAB work conforms to the IIA Standards (2024) and the IIA Code of Ethics. Where appropriate, the IAB applies additional recognized guidance (e.g., ACFE for forensic work, ISACA for IT audits, PMI for project audits).

IAB’s methodology includes:

• Risk-based planning and development of an Internal Audit Plan for Audit Committee review and approval.
• Engagement planning (objectives, scope, criteria, and risk assessment).
• Examination and evidence-based evaluation.
• Reporting clear, balanced, and actionable results.
• Follow-up until actions are implemented or risk acceptance is confirmed and reported.

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

The IAB maintains a QAIP comprising:

• Ongoing internal quality reviews and periodic self-assessments.
• Independent external assessments at least once every five years, with results reported to the Audit Committee.
• Annual confirmation to the Audit Committee on conformance with IIA Standards and the adequacy of purpose, authority, and responsibility as defined in this Charter.

ORGANIZATION AND REPORTING

• Functional reporting to the Audit Committee includes,
  • Approval of the internal audit plan and any in-year changes.
  • Review of resource considerations, significant findings, accepted risks, QAIP results, and independence confirmations,
  • Recommendation of this Charter to the FMB for approval.
• FMB approval is required for internal audit policy instruments (FAM 206, IB 206.01, IB 206.02).
• Administrative reporting to the Comptroller General includes HR, budget, and organizational support necessary for IAB to operate effectively.
• The IAB may communicate directly with Deputy Heads, senior management, the Comptroller General, and the Audit Committee as required.

ROLES AND RESPONSIBILITIES

Audit Committee (see IB 206.01 for full TOR):

• Recommends approval of the Charter to the FMB, approves Internal Audit Plan,
• Protects independence, enquires into limitations, and oversees QAIP results.

COMPTROLLER GENERAL:

• Ensures IAB has administrative support and resources to function
• May direct investigations consistent with the FAA and GNWT policy.

DEPUTY HEADS:

• Provide timely, unrestricted access to information, systems, and personnel
• Ensure management action on recommendations.

IAB DIRECTOR:

• Leads IAB in conformance with this Charter and IIA Standards.
• Develops and delivers the risk-based plan; ensures staffing competence and due professional care.
• Reports significant risks, issues, accepted risks, and limiters of scope or access to the Audit Committee.
• Conducts or coordinates investigations, as directed.
• Coordinates with other assurance providers to reduce overlap and enhance assurance coverage.
• Provides secretariat support to the Audit Committee as directed by the Chair.

ACCESS, PRIVACY, AND CONFIDENTIALITY

• The IAB is authorized to obtain unrestricted access to information required for audit purposes, including personal information, subject to the Access to Information and Protection of Privacy Act (ATIPP) and applicable regulations.
• The IAB safeguards records, information and exercises strict confidentiality and information security in all activities.

REVIEW AND MAINTENANCE

• The Audit Committee reviews this Charter at least annually (or more frequently as needed) to confirm continued relevance, independence safeguards, and alignment with the IIA Standards (2024) and GNWT governance expectations.
• The IAB Director will notify the Audit Committee of any material change that may affect the purpose, authority, or responsibility defined herein. The Audit Committee will recommend any necessary amendments to the FMB for approval.