Risk-Based Audit Plan 2020-2022

Office of the Chief Audit Executive
October 2020

Table of contents

1.0 Introduction

The Office of the Chief Audit Executive (OCAE) provides independent assurance and objective advice to senior management on governance, risk management practices and internal controls.

The OCAE strategy is to create value for Global Affairs Canada by leveraging our expertise to drive improvements that support the Department in achieving its mandate and contribute to management excellence. 

To better plan and organize the internal audit function, the OCAE has developed a multi-year Risk-Based Audit Plan (RBAP).

2.0 Purpose

The RBAP identifies the engagements to be undertaken in 2020-2021 and 2021-2022. It establishes the foundation on which the OCAE will add value to the Department.   In addition, the RBAP is designed to align engagements to reflect the Department’s core responsibilities while addressing areas of high risk and significance.  

The practice of internal audit, including the development of the RBAP, conforms to the International Professional Practices Framework of the Institute of Internal Auditors, the Treasury Board of Canada Policy on Internal Audit and directive as well as additional guidance from the Office of the Comptroller General.

3.0 Risk-Based Audit Planning

3.1 Methodology

The audit planning process began with a review and update of the audit universe, based on the Departmental Results Framework, which is comprised of 58 programs under six core responsibilities (See Appendix A).

Senior management consultations were completed and documents reviewed to identify areas of significance and risk.  As a result of the COVID-19 pandemic that affected Canada in March 2020, risks were reassessed in light of impacts to departmental operations. Areas of focus were prioritized and engagement topics were identified resulting in the following four risk areas:

  1. COVID-19 Activities - Due to a high degree of ambiguity, limited information and time pressures, the extent to which critical functions and regular operations could continue was unknown.
  2. Program Delivery – Ineffective management and controls over program delivery could impede the achievement of business objectives, affect program integrity, and result in loss of public confidence in programs and services.
  3. Transfer Payments - The control framework over transfer payments may not support efficient and effective delivery and demonstration of benefit realization.
  4. Internal Service Delivery - Data and technology may be insufficient to support programs, service delivery and the implementation of the departmental data strategy. Internal services may not be aligned and integrated with policy development or operations. The reliance on internal partners and external third parties could impede the achievement of business objectives.

Below is a process map, which provides more detail on the methodological approach used in the preparation of the RBAP.

Text version
  1. Document Review
    • Corporate plans (departmental, investment, security, human resources), Corporate Risk Profile, Human Resource workforce dashboards, Ministers' Mandate Letters, departmental priorities, Departmental Results Framework
    • Departmental Results Reports, Management Accountability Framework Assessment results
    • Reports prepared by other internal and external assurance providers
  2. Consultations
    • Senior management
    • Mission operations and functional management
    • Internal audit staff of other government departments
    • Coordinate with internal oversight providers (Inspection, Evaluation)
    • Coordinate with external assurance providers
  3. Risk Identification/ prioritization (due to covid)
    • Synthesize document review and prepare branch profiles
    • Extract relevant data relating to missions and conduct analysis
    • Identify and assess risks based on results of analysis
    • Prioritize auditable entitities based on risk
  4. Mapping Auditable Entities (due to covid)
    • Map auditable entities to Core Responsibilities, Corporate Risk Profile, Ministers' Mandate Letters, and departmental priorities to ensure adequate coverage
    • Consider work conducted by other assurance providers
  5. Developing RBAP (due to covid)
    • Prioritize auditable entitites for each fiscal year
    • Ensure engagements are focused on areas that best provide insight into opportunities for improvement
    • Assess whether audit/advisory is the right tool
    • Document the plan and submit for approval

3.2 Risk Approach

Based on an analysis of information gathered through the documentation review and consultations, risk areas of focus were identified.  The risk areas were analyzed in relation to the core responsibilities and corporate risks. This work resulted in a list of engagements assessed to be high-risk.  Between April and June 2020, the OCAE reassessed risks in several areas such as governance, decision-making processes, health and wellness, people management, protection of information, program delivery, security, and emergency preparedness. The 2020-2022 audit plan was revised to include two engagements directly related to COVID-19 to provide real-time and relevant advice. In addition, planned engagements were reprioritized as well as the number of mission audits were reduced from six to one pilot remote mission audit due to travel restrictions.  Each of the engagements are linked to the core responsibilities, the corporate risks and the audit risk areas (COVID-19 activities, program delivery, transfer payments, and internal services) as shown below.

Text version

Core Responsibilities

  • International Advocacy and Diplomacy
  • Trade and Investment
  • Development, Peace and Security Programming
  • Help for Canadians Abroad
  • Support for Canada's Presence Abroad
  • Internal Services

Corporate Risks

  • International Security Landscape
  • Cyber Threats
  • Simultaneous Emergencies
  • Resource Management
  • Fund Management & Fiduciary Oversight
  • Occupational Health & Safety and Well-being Management

Risk Areas / 2020-2021Engagements

COVID-19 Activities

  • COVID-19 Emergency Repatriations to Canada
  • COVID-19 Remote Work Risk Assessment

Program Delivery

  • Remote Mission  Audit

Transfer Payments

  • Grants & Contributions  Part II - Feminist International Assistance Policy 
  • Innovative Programming – Design Framework

Internal Service Delivery

  • Privacy Practices
  • Duty of Care – Governance & Spending
  • Real Property –  Investment &  Portfolio Management
  • Costing Methodology
  • Ongoing Data Analytics
  • IT Risk Assessment Part I

3.3 Consideration of Other Assurance Provider Activities

The OCAE coordinates the risk-based audit planning activities with external assurance providers to ensure audit coverage of high-risk areas, and to minimize overlap and duplication, thus reducing the engagement burden on clients. 

The Office of the Auditor General repriortized its audit work at the request of Parliament. It is focusing on COVID-19 emergency responses taken by the government pursuant to the Public Health Events of National Concern Payments Act, Financial Administration Act, and Borrowing Authority Act. Currently, the Department is not implicated in any such audits. However, it is involved in the planning phase of the Audit of Public Accounts 2019-2020, which is focussed on personnel expenses.

GAC is involved in the reporting phase of the Audit of Employment Equity in Recruitment conducted by the Public Service Commission. The objectives are to examine the success rates of employment equity groups at key stages of the recruitment process; and to explore factors that may influence representation across the four designated groups during recruitment.

4.0 Two Year Risk-Based Audit Plan

4.1 Overview

This section presents an overview of the 2020-2021 to 2021-2022 Risk-Based Audit Plan. Descriptions of the planned engagements for the years are in Appendix B and C, respectively.  

Table 1: Risk-Based Audit Plan

Year 1: 2020-2021Year 2: 2021-2022

 Carry Over Engagements (2019-2020)

  1. Audit of Peace and Stabilization Operations Program
  2. Mission Audit – Bamako, Mali (joint site visit with Mission Inspection)
  3. Audit of Grants & Contributions Part I – Oversight & Monitoring
  4. Audit of Foreign Service Directives – Relocation
New Engagements
  1. Advisory: Covid - 19 Emergency Repatriations to Canada
  2. Advisory: Grants & Contributions Part ll – Feminist International Assistance Policy
  3. Advisory: Duty of Care – Governance & Spending
  4. Advisory: Covid - 19 Remote Work Risk Assessment
  5. Audit of Real Property – Strategic Investment & Portfolio Management
  6. Advisory: Innovative Programming – Design Framework
  7. Audit of Privacy Practices
  8. Advisory: IT Risk Assessment Part I
  9. Audit of Costing Methodology
  10. Ongoing Data Analytics
  11. Remote Mission Audit  
  1. Follow-up on Implementation of COVID-19 After Action Review & Lessons Learned
  2. Audit of Cost Optimization
  3. Advisory: Export Import Control System
  4. Audit of Internal Controls Over Financial Reporting
  5. Audit of IT Part II  (post risk assessment)
  6. Advisory: GAC Data Strategy
  7. Audit of Management of Honoray Consuls
  8. Audit of Trade Commissioner Services – Regional Operations
  9. New Direction in Staffing – 5 Year Cyclical Assessment
  10. Mission Audits (to be determined) - Mission 1  
  11. – Mission 2 
  12. – Mission 3
  13. – Mission 4
  14. – Mission 5
  15. – Mission 6  

4.2 Audit Coverage

The engagements deemed to be high risk and high priority have been included in the two-year plan.  The variety of engagements covered in the RBAP addresses broad coverage of core responsibilities, departmental priorities, ministers’ mandate letters, and corporate risks as shown in Appendix D.  

4.3 Changes to the Audit Plan

The RBAP is updated annually with adjustments made during the year based on an environmental scan of departmental context and risks.

Four audits were started in 2019-2020 and carried over to 2020-2021: Audit of Peace and Stabilization Operations Program, Audit of Grants and Contributions Part I, Audit of Foreign Service Directives – Relocation, and Port-au-Prince misssion audit was deferred in 2019-2020 and replaced by a mission audit in Bamako.

The following engagements were deferred from 2019-2020:

4.4 Challenges to Implementing the Two-Year Plan

The OCAE has identified the following risk factors that could impede the successful implementation of the RBAP.

Given this context, the RBAP remains flexible to respond to emerging risks and policy or program changes. If these risks or changes emerge and suggest higher priority audit activity, the RBAP will be adjusted so that the OCAE can take appropriate responses.

To be nimble, the OCAE has adopted an approach whereby internal resources are supplemented with qualified contractors when specialized services are required and given the cross-government shortage of qualified auditors. The establishment of the Professional Audit Support Services Supply Arrangement (PASS) by the OCAE in 2018-2019 has contributed to more efficient contracting and has helped to overcome this challenge.

4.5 Internal Audit Activities

The OCAE provides independent, objective assurance and advisory services designed to add value and improve the Department’s operations. The figure below depicts the OCAE’s suite of services.

Text version

Office of the Chief Audit Executive

Assurance and Advisory Engagements


Internal Audits - independent and objective assessments of governance, risk management and control processes against defined criteria

Ongoing Data Analytics - automated collection and analysis of data and indicators from IT systems on a continuous basis to determine effectiveness of controls


Consulting - objective assessments initiated at the request of management or OCAE, of limited and specific scope, less  rigour than an audit, and without assuming management responsibility

Risk Assessments - assessments of inherent and residual risks to inform GAC management of risk exposure and OCAE of areas requiring further examination

Professional Practices

Risk Based Audit Plan

A multi-year plan that considers areas of highest risk and significance

Quality Assurance and Improvement Program

Systematic process to ensure IIA Standards are met relating to quality of engagements and internal audit activity

Management Action Plan Follow-Up

Status updates to Departmental Audit Committee of management action plans to address recommendations

External Assurance Liaison

Single point of contact to coordinate activities with external assurance providers

Departmental Audit Committee Secretariat

Coordination of essential part of internal audit governance that provides objective advice and recommendations to Deputy Minister

Other Support

Contribution to corporate reports, and review and advice regarding Treasury Board submissions and audit reports of multilateral organizations

4.6 Audit Resources

The OCAE’s budget for 2020-2021 is shown in Table 2 below.

Table 2: Budgeted Resources for 2020-2021

 Salaries ($)Operating ($)Total ($)
Assurance & Advisory Services2,480,37067,0002,547,370
Professional Practices Unit865,813 865,813
Departmental Audit Committee Activities75,819$27,100102,919
Professional Services 540,000540,000
Training 78,00078,000
Travel 375,000375,000

Appendix A - 2019-2020 Departmental Results Framework & Program Inventory

International Advocacy and DiplomacyTrade and InvestmentDevelopment, Peace and Security ProgrammingHelp for Canadians AbroadSupport for Canada’s Presence AbroadInternal Services

1. International Policy Coordination
Prg Official: PFM/E. Golberg

2. Multilateral Policy
Prg Official: MFM/C. MacLennan

3. International Law
Prg Official: JLD/B. Maille (JLD)

4. The Office of Protocol
Prg Official: XDD/S. Wheeler (XDD)

5. Europe, Arctic, Middle East and Maghreb Policy & Diplomacy
Prg Official: EGM/(Vacant)

6. Americas Policy & Diplomacy
Prg Official: NGM/M. Grant (NGM, NDD, NGD, NLD, NND)

7. Asia Pacific Policy & Diplomacy
Prg Official: OGM/D. Bobiash (OGM, OAD, OPD, OSD, OBMO)

8. Sub-Saharan Africa Policy & Diplomacy
Prg Official: WGM/L. Norton (WGM, WED, WFD, WWD)

9. Geographic Coordination and Mission Support
Prg Official: NMD/S. Savage (NMD, SID)

10. Gender Equality and the Empowerment of Women and Girls
Prg Official: MGD/N. Smyth (MGD)

11. Humanitarian Action
Prg Official: MHD/S. Salewicz (MHD)

12. Human Development: Health & Education
Prg Official: MND/A. Baker (MGD, MND)

13. Growth that Works for Everyone
Prg Official: MED/W. Drukier (MED, MSD)

14. Environment and Climate Action
Prg Official: MSD/S. Szabo (MSD)

15. Inclusive Governance
Prg Official: MED/W. Drukier (MED)

16. Peace and Security Policy
Prg Official: IRD/L. Galadza (IDD, IGD, ECD)

17. International Security Policy and Diplomacy
Prg Official: IFM/M. Gwozdecky (IOD)

18. Trade Policy, Agreements, Negotiations, and Disputes
Prg Official: TFM/S. Verheul

19. Trade Controls
Prg Official: TID/R. Khatchadourian (TID, SED, SID, SWD)

20. International Business Development
Prg Official: BPD/C. Moran

21. International Innovation and Investment
Prg Official: BID/E. Kamarianakis (BID, SID, BHB)

22. Europe, Arctic, Middle East and Maghreb Trade
Prg Official: EGM/(Vacant) (ECD, ELD, ESD, EUD, DWD)

23. Americas Trade
Prg Official: NGM/D. Morrison (NDD, NGD, NLD, NND)

24. Asia Pacific Trade
Prg Official: OGM/D. Bobiash (OAD, OPD, OSD, (including APEC)

25. Sub-Saharan Africa Trade
Prg Official: WGM/L. Norton (WED, WFD, WWD)

26. International Assistance Operations
Prg Official: DPD/C. Campbell (DPD)

27. Humanitarian Assistance
Prg Official: MHD/S. Salewicz (MHD)

28. Partnerships and Development Innovation
Prg Official: KFM/C. Leclerc (KFM, KED, KGD, KSD, PFM, SGD)

29. Multilateral International Assistance
Prg Official: MFM/C. MacLennan

30. Peace and Stabilization Operations
Prg Official: IRC/A. Hamson

31. Anti-Crime and Counter-Terrorism Capacity Building
Prg Official: IDC/M. Cameron (IDC, IDD, IGD)

32. Weapons Threat Reduction
Prg Official: IGA/A. Liao-Moroz (IGD, IGA)

33. Canada Fund for Local Initiatives
Prg Official: NMS/S. Chowdhury (NMD)

34. Europe, Arctic, Middle East and Maghreb International Assistance
Prg Official: EGM/(Vacant)

35. Americas International Assistance
Prg Official: NGM/D. Morrison (NDD, NLD)

36. Asia Pacific International Assistance
Prg Official: OGM/D. Bobiash (OAD, OGMA- TRIGR, OPD, OSD)

37. Sub-Saharan Africa International Assistance
Prg Official: WGM/L. Norton (WED, WFD, WWD)

38. Grants and Contributions Policy and Operations
Prg Official: SGD/M. Collins (SGD)

39. Consular Assistance and Administrative Services for Canadians Abroad
Prg Official: CND/L. Helfand

40. Emergency Preparedness and Response
Prg Official: CSD/R. Sirrs (CSD, SID)

41. Platform Corporate Services
Prg Official: AAD/D. Bélanger (A) (ACM, AAD)

42. Foreign Service Directives
Prg Official: HED/M. Moreau (HED, SID, MISSION)

43. Client Relations and Mission Operations
Prg Official: AFD/P. Lundy (AFD, CS Mission)

44. Locally Engaged Staff Services
Prg Official: HLD/M. Fletcher (HLD)

45. Real Property Planning and Stewardship
Prg Official: ARD/D. Schwartz (ARD)

46. Real Property Project Delivery, Professional and Technical Services
Prg Official: AWD/E. Chown

47. Mission Readiness and Security
Prg Official: CSD/R. Sirrs (CSD, IDD, CS Mission, SID)

48. Mission Network Information Management / Information Technology
Prg Official: SID/K. Casey (SID, IDD, CS Mission)

49. Management & Oversight
Prg Official: DCD/J. MacIntyre

50. Communications
Prg Official: LDD/Y. Michaud (A) (LCD, LCM, LDD, LBMO, LCC, LCA)

51. Legal Services
Prg Official: JUS/T. Smith (JLT, JUS, JFM)

52. Human Resources
Prg Official: HSD/S. Tenasco-Banerjee
(HCM, CFSI, HFD, HSD, HWD, Pools, SID, HBMO, Mission)

53. Financial Management
Prg Official: SCM/A. Thangaraj (SCM, SID, SMD, SWD, SBMO)

54. Information Management
Prg Official: SID/K. Casey (DCD, SID, SET)

55. Information Technology
Prg Official: SID/K. Casey (CSD, SID, SCM, SET)

56. Real Property (Domestic)
Prg Official: SPD/B. Lawson (CSD, SPD, SCM)

57. Materiel Management
Prg Official: SPD/B. Lawson (SPD)

58. Acquisition Management
Prg Official: SPD/B. Lawson (SPD, SCM)


Appendix B – Description of 2020-2021 Engagements

#Year 1 - 2020-2021Link to Audit Universe DescriptionTabling Date

Carry Over

Audit of Peace and Stabilization Operations Program

International Advocacy and Diplomacy

Development Peace and Security Programming

$150M annually

Objective: To determine whether the Program has implemented an effective management control framework to ensure that the Program is meeting strategic and operational objectives.

Scope: The audit will examine key elements of the Program’s management framework including program planning and funding, project delivery and monitoring, and performance measurement and reporting activities. This scope will also include the eligibility, level of funding, compliance with terms and conditions of agreements, and results of projects.


  • The Program has a funding envelope of $150 million annually, which includes $118 million disbursed through grants and contributions.
  • There are risks associated with programming in fragile and conflict-affected states in which violence, corruption, and high crime rates are prevalent.
  • Two significant Government of Canada initiatives associated with this Program are the Middle East Strategy and the Elsie Initiative for Women.
  • Peace and Security is one of six action areas under the Department’s Feminist International Assistance Policy, which underpins Canada’s international effort to achieve the Sustainable Development Goals. 
October 2020

Carry Over

Joint Mission Audit/Inspection – Bamako, Mali

Support for Canada’s Presence Abroad

Objective: To determine whether sound management practices and effective controls are in place to ensure good stewardship of resources at the mission in support of the achievement of Global Affairs Canada objectives.

Scope: The audit will examine the mission’s common services, property, consular and readiness programs. The scope will include the management of real property, vehicles, machinery and equipment, material inventory, consular revenue and cash, and LES overtime.


  • The OCAE received management support to continue with a series of mission audits to support the department in managing risks abroad. The missions are selected based on a risk analysis and in consideration of the work completed or planned by Inspection.
  • In this instance, Audit and Inspection are piloting an approach where they are conducting work simultaneously. The results of this pilot will be used to inform the methodology for other mission audits. 
  • This mission has not been audited before and is a replacement for the Mission Audit – Port-au-Prince that was planned for 2019-2020. 
October 2020

Carry Over

Audit of Grants & Contributions Part I – Oversight & Monitoring

International Advocacy and Diplomacy

Trade and Investment

Development Peace and Security Programming

$4.6B in grant & contribution payments in 2018-2019

Objective: To assess whether appropriate grants and contributions oversight and program monitoring are in place and operating effectively to support the achievement of departmental objectives

Scope: The audit will examine the management and operational practices and controls at headquarters and at the program and project levels, including both centralized and decentralized programs.


  • Grant and contribution payments represent over 65% of the Department’s annual spending and are key instruments in furthering the Government of Canada’s international policy objectives and priorities in the three programming business lines of foreign affairs, trade, and development.
  • This audit follows a 2017 Audit of the Harmonization of Grant and Contribution Program Administration conducted by the OCAE, which concluded that GAC required improvements to attain a more streamlined, standardized, and harmonized delivery and administration of grants and contributions.
December 2020

Carry Over

Audit of Foreign Service Directive - Relocation

Support for Canada’s Presence Abroad

$37M of FSD Relocation payments made in 2019

Objective: To examine whether appropriate controls are in place for the administration and management of Foreign Service Directive (FSD) Relocation.

Scope: This audit will include a sample of significant FSD Relocation expenditures to assess the effectiveness of the administrative processes, systems and procedures.


  • Report “Ongoing Monitoring – Internal Control Over Financial reporting:  Foreign Service Directives” concluded that the system for FSD is not operating effectively as several tested controls failed.
  • The FSD Relocation accounts for over a quarter of the FSD expenditures. During the 2019 relocation season, the Department oversaw over 1,100 international and domestic relocations for a total disbursement of approximately $37M.
December 2020
New Engagements


COVID – 19  Emergency Repatriations to Canada

Help for Canadians Abroad

Objective: To provide timely advice to departmental officials on the management controls framework to support the delivery of the Department’s COVID-19 repatriation activities.

Scope: This review will focus on activities related to flight reconciliation and emergency loan recovery activities.


  • As a result of the pandemic, this engagement was identified as an opportunity to support ongoing repatriation efforts, and to identify considerations for managing future crises.
  • OCAE’s agility can be demonstrated by providing real time feedback and advice to program management regarding activities still underway.
  • Since March 2020, due to cross-border travel restrictions around the world, over 55,000 Canadian residents were stranded and lacked access to essential medical and social services.
October 2020


Grants & Contributions Part II – Feminist International Assistance Policy (FIAP)

International Advocacy and Diplomacy

Trade and Investment

Development Peace and Security Programming

$2B in new funding over 5 years

Objective: To identify and assess steps taken by the Department to improve the effectiveness of international assistance through the implementation of the Feminist International Assistance Program (FIAP).

Scope: The review will assess key aspects of a management control framework including governance, planning, monitoring and reporting activities.  


  • Launched in 2017, FIAP puts Canada at the forefront of global efforts to eradicate poverty and to foster a more peaceful inclusive and prosperous world. It includes six action areas and is set to invest $2 billion over five years from 2018.  
  • Findings from the Audit of Grants & Contributions-Monitoring and Oversight supports further examination.
  • This review will support Global Affairs Canada to be positioned to invest in innovation, deliver better reporting on results and be able to develop more effective partnerships and able to focus on those regions of the world where the needs are greatest.
December 2020


Duty of Care – Governance & Spending

Support for Canada’s Presence Abroad

$1B over 10 years

Preliminary Objective: To examine the governance structure as well as expenditures within the Duty of Care envelope.  

Preliminary Scope: This review will include a sample of significant expenditures in each of the four pillars: infrastructure, securing information, mission readiness, and Kabul. The scope will also include a review of the accountability framework, decision-making framework and performance reporting structure for the Duty of Care initiative.


  • Duty of Care funds (approximately $1B in funding was approved in 2017 to be spent over 10 years) were secured to protect staff at Canadian missions abroad through infrastructure, mission readiness and information security. 
  • Global Affairs Canada represents the Government of Canada in 178 diplomatic and consular missions in 110 countries. 
  • These missions house representatives from 23 other federal organizations.  There is more than 7,000 Government of Canada staff (and approximately 2,350 dependents) who support Canada’s engagement in the world.
Spring 2021


COVID – 19 Remote Work Risk Assessment

Internal Services

Preliminary Objective: To identify and assess the risks related to the Department’s remote work practices and framework and to prioritize areas that may require further examination.

Preliminary Scope: This review will assess risk areas related to remote work such as organizational resilience, health and safety, work productivity and performance, and values and ethics.   Background:

  • As a result of the pandemic, this engagement was identified as an opportunity to support the transition to a remote work environment.
  • Due to the uncertainty of the duration of the pandemic, advice to senior management on the positive and negative aspects of remote work will inform decision-making related to its continuation.    
Spring 2021
5Audit of Real Property – Strategic Investment & Portfolio ManagementSupport for Canada’s Presence Abroad

Preliminary Objective: To determine whether there are effective processes and structures in place to manage the Department’s real property portfolio. 

Preliminary Scope: The audit will examine processes to identify and value real properties. The scope will also include strategic investment decision-making, accountability and risk management. 


  • The Department has property stewardship and project delivery responsibilities for more than 2,400 owned and leased facilities abroad, which includes 234 chanceries and 85 official residences.
  • Canada’s official residences have become increasingly important to the way in which Canada conducts diplomacy through the advancement of foreign policy and trade interests. The heritage character of some residences symbolizes the historic richness of bilateral relationships with host countries.
Summer 2021


Innovative Programming – Design Framework

International Advocacy and Diplomacy Development Peace and Security Programming

Preliminary Objective: To provide advice on the funding mechanism for the Innovation Fund.

Preliminary Scope: The review will focus on key aspects of the design framework of innovative programming initiatives including governance, risk management and stakeholder engagement.


  • Global Affairs Canada is proposing a new business model to mobilize additional private and public resources to foster measurable development impacts that are aligned with the Feminist International Assistance Policy and contribute meaningfully to the advancement of the UN 2030 Sustainable Development Goals.
  • The Innovation Fund initiative has just begun. The internal audit function will engage early in this initiative to support the Program as they bridge between ongoing operations and innovative changes (uncertain operations). 
  • The current risks associated with innovative initiatives are the size of the project, the number of dedicated resources, decision-making and internal coordination.
  • Canada is a new, yet late, global player among like-minded donors with respect to innovative financing.
Spring 2021
7Audit of Privacy PracticesInternal Services

Preliminary Objective: To determine whether there is an appropriate privacy management framework to support compliance with the Privacy Act.

Preliminary Scope: The audit will include the collection, use, disclosure and retention of information.


  • Due to the pandemic and the switch to a remote work environment, the risk of not complying with privacy regulations is heightened.
  • Global Affairs Canada collects, uses, and manages the personal information of Canadians to fulfill its mandate. Strong privacy practices (the proper use, disclosure, and protection of that information) is critical. Privacy breaches or the mismanagement of personal information may harm Canadians and threaten the reputation of GAC.
Summer 2021


IT Risk Assessment Part I

Internal Services

Preliminary Objective: To identify and assess risks within the IT universe.  

Preliminary Scope: The assessment will identify risks and complexities to inform prioritizations of areas requiring further examination by the OCAE.


  • The role of IT is being transformed from a back office function that provides services to a strategic business partnership that brings IT innovations to the table to address an organization's business needs.
  • IT controls are important to ensure alignment with strategic objectives and priorities, protect departmental assets, and ensure data integrity.
  • The IT function is a critical enabler in all transformation and large projects taking place in the Department.
Spring 2021
9Audit of Costing MethodologyInternal Services

Preliminary Objective:  To determine whether departmental processes and frameworks are in place to provide costing information to support decision-making.

Preliminary Scope: The audit will examine financial and human resource components of costing projects/programs that are used to support attestation by the Chief Financial Officer.


  • Given the size and complexity of the Department, reliable costing information is important to ensure investments are aligned with the departmental mandate.
  • Sufficient internal costing capacity and competencies are the foundation to the development of strong costing methodology.
Summer 2021
10Ongoing Data AnalyticsInternal Services

Preliminary Objective: To identify areas of risks in key data sets to support the assessment of the effectiveness of controls.

Preliminary Scope: The scope will include the ongoing analysis of data in departmental systems related to finance, human resources, property etc.


  • Ongoing analytics is a cost-efficient approach to complement traditional audits.
  • It helps to inform risk-based planning as well as the requirement for further examination through traditional audits or advisory services.
  • This methodology complements the monitoring function of departmental managers.  
Summer 2021
11Remote Mission AuditSupport for Canada’s Presence Abroad

Preliminary Objective: To determine whether sound management practices and effective controls are in place to ensure good stewardship of resources at the mission in support of the achievement of Global Affairs Canada objectives.

Preliminary Scope: The audit will examine select elements of a mission’s common services, property, consular and readiness programs that can be done remotely from headquarters.


  • The OCAE received management support to continue with a series of mission audits to support the department in managing risks abroad. However, due to travel restrictions caused by the pandemic, the OCAE will pilot a remote mission audit.
  • The missions are selected based on a risk analysis and in consideration of the work planned or completed by the Mission Inspection division.
Summer 2021

Appendix C – Focus of 2021-2022 Engagements

#Year 2 - 2021-2022Link to Audit Universe Area of Focus
1Follow-up on Implementation of COVID-19 After Action Review & Lessons LearnedInternal ServicesAssess whether actions documented as a result of the After Action Review and Lessons Learned exercises have been implemented within committed timelines.
2Audit of Cost OptimizationInternal ServicesAssess whether initiatives drive spending and cost reduction, while maximizing business value.
3Advisory - Export Import Control SystemInternal ServicesProvide independent advice after minimum viable product delivery related to implementation and change management.
4Audit of Internal Controls Over Financial ReportingInternal ServicesExamine the framework to manage, monitor, and report on key controls of selected business processes for operating effectiveness.
5Audit of IT Part IIInternal ServicesExamine IT related subject post IT risk assessment identification of priority area.
6Advisory - Global Affairs Canada Data StrategyInternal ServicesExamine the implementation of the data strategy to support organizational goals and objectives.
7Audit of Management of Honorary ConsulsSupport for Canada’s Presence AbroadExamine the appointment, oversight and expenditures of operations related to Honorary Consuls.
8Audit of Trade Commissioner Service – Regional OperationsTrade and InvestmentOptimization and integration of regional activities within the overall Trade Commissioner Service transformation initiative.
95 Year Cyclical Assessment -  New Direction in StaffingInternal ServiceAssess compliance to relevant staffing regulations as well as departmental awareness and understanding of staffing requirements.
10  to 15Six Mission Audits – locations to be determinedSupport for Canada’s Presence AbroadManagement practices and controls related to financial management, procurement, asset management, and LES human resource processes.

Appendix D – 2020-2021 Engagements Mapped to Priorities

Core ResponsibilitiesEngagementsPrioritiesMandate LettersCorporate Risk Profile
International Advocacy and DiplomacyPeace and Stabilization Operations Programxxx
Grants & Contributions Part I – Oversight & Monitoringxxx
Grants & Contributions Part II – Feminist International Assistance Policyxxx
Innovative Programming - Design Frameworkxxx
Trade and InvestmentGrants & Contributions Part I – Oversight & Monitoringxxx
Grants & Contributions Part II – Feminist International Assistance Policyxxx
Development, Peace and Security Programing Peace and Stabilization Operations Programxxx
Grants & Contributions Part I – Oversight & Monitoringxxx
Grants & Contributions Part II – Feminist International Assistance Policyxxx
Innovative Programming - Design Frameworkxxx
Help for Canadians AbroadCOVID-19  Emergency Repatriations to Canadaxxx
Support for Canada’s Presence AbroadForeign Service Directive - Relocationx x
Duty of Care – Governance & Spendingxxx
Mission Audit – Bamako, Malix x
Real Property – Strategic Investment & Portfolio Managementx x
Remote Mission Auditx x
Internal ServicesCOVID-19 Remote Work Risk Assessmentx x
Privacy Practicesx x
IT Risk Assessment Part Ix x
Costing Methodologyx x
Ongoing Data Analyticsx x
Date Modified: