PURPOSE AND MISSION  

The purpose of the Internal Audit Bureau (IAB) is to provide independent, objective assurance and management consulting services.  The internal audit services are designed to add value and improve the Government of Northwest Territories (GNWT) operations consistent with fiscal responsibility, accountability and transparency, as indicated in the Financial Administration Act (FAA).

The IAB's mission is to enhance and protect the GNWT assets by providing risk-based and objective assurance, advice, and insight.

The IAB helps the GNWT accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the GNWT's governance structure and processes by assessing the internal controls necessary to manage the risks by the first line responsible for strategy and performance (departments and public agencies) and second line for implementation and monitoring (central agency) effectively.

ROLE

The FAA establishes the Internal Audit Bureau.  The FAA directs the Financial Management Board (FMB) to act on all matters related to the IAB functions.  The FAA provides for the FMB to establish an Internal Audit Committee to oversee the IAB function.

The Financial Administration Manual (FAM) Directive and Interpretation Bulletins provide information on the Internal Audit Committee terms of reference and IAB processes.  The IAB is the third line of defence for the protection of public assets for the GNWT whereby the front line management in each department and public agency is responsible for internal controls of their respective areas.

SCOPE OF WORK

The FAA defines the scope of work of the IAB to be all GNWT departments.  The IAB can also provide internal audit services to public agencies at the responsible Minister's request.  The Comptroller General can direct the IAB to protect all public sector assets in the departments and public agencies. 

The IAB mandate, as defined by the FAA:

• reviewing and assessing systems and procedures established to ensure
  • compliance with government legislation such as FAA, Access to Information and Protection of Privacy, Public Service Act, Archives Act
  • financial and administrative management practices
  • applicable accounting policies and practices, and
  • contractual obligations

• • reviewing and evaluating the
    • achievement of objectives established for government
    • effectiveness and efficiency of programs, services and operations
    • processes for risk management and means of safeguarding assets
    • controls over operations, and
    • financial, management and operational reporting
  • conducting, at the direction of the Comptroller General, investigations in respect of allegations of fraud, negligence and other impropriety against departments, public agencies and other reporting bodies, and any follow-up required because of these investigations.

Internal audit work is divided into two main types of services:

• assurance services involve objective assessment of evidence to provide an independent opinion or conclusions regarding an operation, function, process, system or other subject matter. IAB determines the nature and scope of the assurance engagements.
• management consulting services are advisory and are generally performed at the specific request of management. The nature and scope of the consulting engagement are subject to agreement with management. It is important to note that while performing a consulting engagement, the internal auditor must maintain objectivity and independence and, therefore, cannot assume any management responsibility.

Each business unit is responsible for its operations, including internal controls.  Audits performed by IAB do not, in any way, relieve other GNWT employees of the responsibilities assigned to them. Management and administrators are responsible for determining appropriate actions, decision-making, implementation and monitoring of proper controls, complying with policy, procedures, laws and regulations, and correcting deficiencies identified in audits.

ACCOUNTABILITY

Under FAA, the IAB Director is appointed by the Secretary to FMB.  In the discharge of their duties, the Director is accountable to the Internal Audit Committee.  The IAB Director will provide the Internal Audit Committee with the following:

• assessments of the adequacy and effectiveness of the GNWT's processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
• reports dealing with significant issues related to the processes for controlling the activities of the GNWT, including potential improvements to those processes and information concerning such matters.
• information on the status and results of the audit Workplan and the sufficiency of department resources.
• oversight of other control and monitoring functions (risk management, compliance, security, legal, external audit).
• an annual report of the activities of the Internal Audit Bureau after each fiscal year.
• reports regarding any significant unresolved matters with management.
• instances of management exceptions or overrides to GNWT policy. 

INDEPENDENCE AND OBJECTIVITY

To ensure independence, the IAB Director reports functionally to the Internal Audit Committee and administratively to the Comptroller General in the Department of Finance.

The Internal Audit Committee will ensure that IAB remains free from all conditions that threaten internal auditors' ability to carry out their responsibilities in an unbiased manner, including audit selection, scope, procedures, frequency, timing, and report content.

Internal auditors will be unbiased to allow them to perform engagements objectively.  Internal auditors will conduct their work in a manner they believe to be of high quality without outside influences compromising their work.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:

• assessing specific operations for which they had responsibility within the previous year.
• performing any operational duties for the GNWT or public agencies.
• initiating or approving transactions external to IAB.
• directing any GNWT employee's activities not employed by IAB, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist internal auditors.

Internal auditors will  abide by the IIA's Code of Ethics and will:

• disclose any impairment of independence or objectivity, in fact, or appearance, to appropriate parties.
• exhibit professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
• make balanced assessments of all available and relevant facts and circumstances.
• take necessary precautions to avoid being unduly influenced by their interests or by others in forming judgments.

Where the IAB has or is expected to have roles or responsibilities that fall outside of internal auditing, the Internal Audit Committee's approval and the development of safeguards would be required to limit impairments to independence or objectivity.

Should the IAB Director determine that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.  The IAB Director must regularly report any issues that could affect the IAB's independence and annually confirm this to the Internal Audit Committee.

STANDARDS FOR INTERNAL AUDITING

The IAB will govern itself by adherence to The Institute of Internal Auditors' (IIA) mandatory guidance, including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing ("Standards"). These standards are based upon ten core principles for professional practice of internal auditing (www.theiia.org refers).

The Institute of Internal Auditors' Practice Advisories and Practice Guides will also be adhered to, as applicable, to guide operations. Internal auditors will also adhere to the GNWT's relevant policies and procedures and IAB's operating procedures.

In addition to the guidance provided by the Institute of Internal Auditor's International Professional Practice Framework for operational audits in assessing governance processes, risk management, and internal controls, the IAB will use the generally accepted professional standards used to address specific audit areas such as:,

• Association of Certified Fraud Examiners for forensic audits
• Information Systems Audit and Control Association for information technology audits
• Project Management Institute for project management audits.

RESPONSIBILITY

IAB is responsible for:

• submitting to the Internal Audit Committee, to review and approve a risk-based audit workplan, that summarizes the upcoming fiscal year's audit work schedule and budget.  Any significant deviation from the formally approved audit workplan shall be communicated to the Internal Audit Committee through the IAB periodic status updates.
• delivering on the approved audit Workplan, including any particular tasks or projects requested by management and the Internal Audit Committee, including, and as appropriate, any specific projects or tasks requested by management.
• providing management summaries of audits completed to the Internal Audit Committee. These reports may include management responses, and corrective action taken or to be taken regarding the specific findings and recommendations. Management's response should include a timetable for anticipated completion of action to be taken and an explanation for any recommendations not addressed.
• performing appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until management actions have been effectively implemented or risk owner has accepted the risk of not taking action. Should the latter result, the measures will need to be acknowledged and cleared by the Internal Audit Committee.
• monitoring and evaluating the effectiveness of the GNWT's risk management and control activities.
• validating that department management provides effective monitoring and oversight of processes and activities while balancing risk, cost and benefit.
• reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information.
• reviewing the systems and processes established to ensure compliance with applicable policies, plans, procedures, laws, and regulations that could significantly impact GNWT operations.
• assessing whether resources and assets are adequately protected against loss or misappropriation.
• reporting on observations raised during the audits and reviews and any identified internal or management fraud incidents.
• facilitating the proper coordination level and consider relying upon other internal and external assurance and consulting providers as needed.
• issuing periodic reports to the Internal Audit Committee and management summarizing IAB's activities, including reporting on emerging trends and emerging issues as appropriate.
• identifying the fraud indicators, investigating suspected fraudulent activities within the GNWT and notifying management and the Internal Audit Committee of the results.
• reviewing this charter annually, in consultation with the Internal Audit Committee, making amendments as deemed necessary.

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

IAB will maintain a quality assurance and improvement program covering all internal audit activity aspects to assess its efficiency and effectiveness. The program will include:

• evaluating the IAB’s conformance with The Institute of Internal Auditors' ("IIA") International Standards for the Professional Practice of Internal Auditing (Standards), the IIA's definition of internal auditing and code of ethics
• the IAB Director must periodically assess whether the purpose, authority and responsibility, as defined in this charter, continue to be adequate to enable IAB to accomplish its objectives.
• the result of this periodic assessment must be communicated annually to the Internal Audit Committee.
• as per the IIA Standards, external quality assessments should be conducted on IAB at least every five years and formally reported to the Internal Audit Committee.

PRIVACY AND CONFIDENTIAL INFORMATION PROTECTION

With strict accountability for privacy, confidentiality, and safeguarding records and information, the IAB is authorized to have the necessary access to  to all functions, records (both paper and electronic), property, and personnel of the GNWT relevant to the performance of audit activities.

The Access to Information and Protection of Privacy Act (ATIPP) Regulations, Section 7, allow free and unrestricted access to personal information information to assist IAB in fulfilling its roles and responsibilities. The FAA provides the Director of the IAB the authority to examine records and explanations from public servants for audit purposes.  The IAB Director has free and unrestricted access to all Internal Audit Committee Members, Deputy Heads, Senior Managers, and public servants for audit purposes. Documents and information given to Internal Audit during a periodic review will be handled in the same prudent and confidential manner as appropriate.  To protect the privacy and personal information provided to IAB for audit purposes, the IAB will use careful discretion when sharing any information with stakeholders.

REFERENCES

• Access to Information and Protection of Privacy Act and Regulations
• Financial Administration Act and Regulations
• Financial Administration Manual
• GNWT's Code of Conduct
• Institute of Internal Auditing  (www.theiia.org)
• Association of Certified Fraud Examiners (www.ACFE.com)
• ISACA (www.ISACA.org)