What to Expect—An Auditee’s Guide to the Performance Audit Process

1—Roles and responsibilities

This information sheet outlines what the Office of the Auditor General (OAG) expects of its audit teams and of the audited entities in the course of a performance audit.

The following roles and responsibilities may be supplemented by formal or informal administrative liaison arrangements or, in some agencies, legal memoranda of understanding between the audit team and the audited entity.

What the audited entity can expect from the Office of the Auditor General

  • Where the OAG has an ongoing and substantial audit presence in an entity, the responsible Assistant Auditor General or the Commissioner of the Environment and Sustainable Development, along with the responsible entity principal, will offer to provide an annual briefing to senior entity management and, if requested, the departmental audit committee. The briefing may cover both short- and long-term audit plans. The long-term plan covers three years and all OAG audit activities within the entity and is referred to as the Strategic Audit Plan.
  • At the start of an audit, the OAG will formally notify the deputy head of the entity (by letter) of its intention to conduct an audit. At the same time, the OAG will request confirmation from the deputy head of the confidentiality and return of OAG numbered/controlled documents, such as the audit plan summary and draft chapters.
  • The audit team will offer to hold an opening meeting with entity officials, including the deputy head where appropriate, to launch the audit in the entity and to discuss the planned audit to gain a better understanding of the areas subject to audit.
  • Within one month of the offer to hold an opening meeting, the OAG will send a letter to the appropriate individual at the Assistant Deputy Minister (ADM) (or equivalent) level or to the head of the entity’s internal audit function. The letter will include a request for access, under the powers provided by the Auditor General Act, to, among other things, documents that may be subject to solicitor/client and other privileges. Consequently, disclosure of such “privileged” documents to the OAG does not amount to a waiver of any privilege attached to the documents. As such, all documents disclosed to the OAG for these purposes will be treated in strict confidence, and all present administrative arrangements for the use of such documents will continue.
  • At its discretion, the audit team may request advice from the audited entity with respect to individuals who would be useful external advisers on the audit. If the audit team has any concern about whether a potential adviser has a conflict of interest, it may seek the advice of the entity. Once the advisers have been selected, the audit team may provide the names to the entity for information purposes.
  • Early in the examination phase of the audit, the OAG will meet with the entity to discuss the objectives, scope, and criteria of the audit. Following this meeting, the audit team will issue, to the entity’s OAG contact/liaison person, numbered/controlled copies of an audit plan summary. The summary includes the audit objectives, scope, approach, and criteria against which the entity will be assessed, as well as the timetable. The OAG will provide the entity’s management and, if requested, the departmental audit committee with an opportunity to discuss the proposed audit plan with OAG staff. The OAG will request that, within two weeks of receiving the audit plan summary, the deputy head will acknowledge, in writing, management’s responsibility for the program or area under audit and the suitability of the audit criteria.
  • The audit team will facilitate ongoing and regular communication during the audit on changes to the audit plan summary (objectives, scope, approach, and timetable), and on audit progress, including emerging findings and potential recommendations.
  • Before issuing numbered/controlled copies of the principal’s (PX) draft chapter, the audit team will offer briefings to entity managers to seek their views on the validity and completeness of audit evidence, audit observations, conclusions, and recommendations, including corrective action to be taken. Discussions between the audit team and the entity will also be offered at various points during the reporting phase.
  • After issuing the PX draft chapter, the audit team will again seek the views of the entity’s management on the validity and completeness of audit findings (specified in the point above), as well as the audited entity’s draft responses to recommendations.
  • After receiving the comments from the audited entity and others (for example, third parties), the audit team will consider their substance and revise the PX draft chapter, as appropriate. The team will then submit a transmission draft chapter to the deputy head, which will include the audited entity’s draft responses to recommendations, to obtain final comments and confirmation that the draft responses are final.
  • The OAG will make every effort to resolve disagreements quickly, professionally, and respectfully.

What the OAG expects of audited entities

  • After receiving formal notification of the audit, the entity is expected to identify one of its officials as the entity’s OAG contact/liaison person for the audit. In addition, the deputy head is expected to acknowledge that the entity is required to respect the confidentiality of audit plans and draft chapters provided to it for review and to return them within one week of tabling of the report. The Guidance for Deputy Ministers, on the Privy Council Office website, notes that one responsibility of deputy heads is to ensure that their departments establish respectful, constructive working relations with the OAG and supply the information that the OAG requires to fulfill its mandate.
  • The audited entity is expected to provide the audit team with free (open) access at all convenient times to audit information, reports, and explanations, as the OAG deems necessary to complete the audit.
  • When an opening meeting is held, the audited entity is expected to make every effort to ensure that the appropriate entity officials attend this meeting to discuss the planned audit, so that the audit team can gain a better understanding of the areas subject to audit.
  • Within two weeks of receiving the solicitor/client privilege letter from the OAG, a senior management official with signing authority at the assistant deputy minister level or the head of the entity’s internal audit function is expected to sign and return the attached letter. This confirms that the audited entity will comply with any requests that the OAG makes for access to relevant documents under the control of the entity, including those documents to which solicitor/client or other privileges are attached.
  • Within two weeks of receiving the audit plan summary, the deputy head of the audited entity is expected to acknowledge, in writing, entity management’s responsibility for the areas and activities to be audited and the suitability of the criteria against which the entity will be assessed.
  • The audited entity is expected to ensure that all its officials affected by the audit (as well as its departmental audit committee) are sufficiently briefed concerning the purpose, nature, and timetable of the audit in the entity as early as possible in the audit process.
  • The relevant entity employees are expected to review and sign off on documented meeting and interview minutes prepared by the OAG, if the OAG indicates its intention to rely on such records as audit evidence during the audit.
  • Entity management is expected to provide timely, consolidated, and coordinated comments and feedback concerning key aspects of the audit at appropriate decision points in the audit. Although audited entities may comment on Main Points, conclusions, and recommendations in a chapter, the issues included in these sections are determined by the OAG.
  • The audited entity is expected to make every effort to resolve disagreements quickly, professionally, and respectfully.
  • The deputy head or other senior management of the audited entity is expected to provide draft responses to proposed recommendations, as modified following the confirmation and validation of facts in the PX draft chapter.
  • After receiving the deputy minister (DM) transmission draft chapter, the deputy head is expected to confirm that it presents the findings factually and fairly. Any areas of disagreement should be resolved. The deputy head is also expected to confirm that the responses to the recommendations are final.
  • Within one week of a report of the Auditor General or the Commissioner of the Environment and Sustainable Development being tabled in the House of Commons, the audited entity is expected to return all numbered/controlled copies of the audit plan summary and draft chapters and, if applicable, other controlled documents. These include such documents as draft management letters for matters that are of lesser importance than those reported in the chapter but that, in the opinion of the OAG, still require some follow-up or corrective action.
  • The audited entity is also expected to immediately inform the OAG if any numbered/controlled audit document is lost or made public.

Additional resources

  • Auditor General Act
  • Guidance to deputy heads, departmental and entity legal counsel, and OAG audit liaisons on providing the Auditor General access to information in certain confidences of the Queen’s Privy Council (Cabinet Confidences)
  • 2010 Protocol Agreement on Access by the Office of the Auditor General to Cabinet Documents
  • Communiqué (TBS-OAG): Office of the Auditor General’s Access to Records and Personnel for Audit Purposes, emailed to deputy heads on 7 August 2007

Related information sheets

Roles and responsibilities

OAG Audited Entity
Ongoing

Where the OAG has an ongoing and substantial audit presence in an entity, the responsible Assistant Auditor General or the Commissioner of the Environment and Sustainable Development, along with the responsible entity principal, will offer to meet annually with senior management of the entity and, if requested, the departmental audit committee, to build an understanding of key and emerging issues and to discuss short- and long-term audit plans. They will also discuss the general working relationship between the OAG and the entity, which includes clarifying the nature of the OAG’s access to documents, as necessary.

The entity is expected to provide the OAG with the information needed and discuss matters of mutual interest.

Audit notification

At the start of a performance audit, the audit team

  • notifies the deputy head (by letter) of the OAG’s intention to conduct an audit, and requests confirmation of the confidentiality of OAG numbered/controlled documents (such as the audit plan summary and draft chapters), and requests that they be returned within one week of tabling of the report; and
  • holds an opening meeting with entity officials (including the deputy head, if appropriate) to launch the audit in the entity and to discuss the planned audit in order to gain a better understanding of the areas subject to audit.

Before the meeting, the audit team notifies the audited entity of the main topics to be discussed, including the preferred language(s) of communication, especially regarding audit documents provided to the audited entity.

The deputy head is expected to

  • confirm, in writing, that controlled documents, such as the audit plan summary and draft chapters, will be treated in a confidential manner and returned within one week of tabling of the report; and
  • inform those in the entity who need to know about the audit, as well as the departmental audit committee.

The audited entity is expected to provide the audit team with free (open) access, at all convenient times, to audit information, reports, and explanations that the OAG deems necessary to complete the audit.

When an opening meeting is held, the entity is expected to ensure that the appropriate entity officials attend this meeting to discuss the planned audit and topics for discussion so that the audit team can gain a better understanding of the areas subject to audit. The OAG contact/liaison person is expected to inform the audit team of the preferred language(s) of communication, especially regarding audit documents provided to the audited entity.

Within one month of the offer to hold an opening meeting

The audit team sends a solicitor/client privilege letter to assure senior management that when the OAG requests access to documents that may be subject to solicitor/client or other privileges, it does so pursuant to its powers under the Auditor General Act. Consequently, the audited entity’s disclosure of such documents to the OAG does not amount to a waiver of any privilege attached to the documents.

Within two weeks of receiving the solicitor/client privilege letter, a senior management official with signing authority at the assistant deputy minister (ADM) level, or the head of the entity’s internal audit function, is expected to

  • sign the attached letter,
  • send a copy to those in the entity who need to know about the letter, and
  • return the letter to the OAG.

The audit team may request advice from the audited entity to identify individuals who may be useful external advisers on the audit. If the audit team has any concern about whether a potential adviser has a conflict of interest, it may seek the advice of the entity. Once the advisers have been selected, the audit team may provide the names to the entity for information purposes.

When requested, the entity is expected to provide advice to the audit team to help them identify potential external advisors for the audit. The entity may wish to consult with its departmental audit committee on this matter.

Early in the examination phase

The audit team meets with entity officials to discuss audit objectives, scope, and criteria. Following this meeting, the audit team prepares an audit plan summary that outlines the objectives, scope, approach, and criteria of the audit. The team then sends numbered/controlled copies of the summary to the entity’s deputy head for comment on the suitability of the criteria and on management’s responsibility for the subject area.

The deputy head of the entity is expected to acknowledge in writing, within two weeks of receiving the audit plan summary, management’s responsibility for the areas and activities to be audited and the suitability of the criteria against which the entity will be assessed.

The entity is expected to

  • track the internal distribution of the audit plan summary copies received, retrieve them when requested, and return them to the OAG within one week of the report being tabled in the House of Commons; and
  • ensure that all its officials affected by the audit (as well as the departmental audit committee) are sufficiently briefed on the purpose, nature, and timetable of the planned audit as early as possible in the audit process.
During the examination phase

The audit team asks the appropriate entity staff to sign off on documented meeting and interview minutes, if there is an intention to rely on such records as audit evidence. Such minutes would normally be sent to the appropriate entity staff within five working days of the meeting.

Entity staff are expected to comment and sign off, when requested, on meeting and interview minutes expeditiously (normally within five working days).

The audit team informs the audited entity, in writing, of any significant changes to the audit plan summary (objectives, scope, approach, criteria, and timetable). The audit team provides a rationale for the changes and where appropriate, issues a revised audit plan summary to the entity.

If changes to the audit plan summary alter the entity’s position/concurrence regarding acknowledgement of management’s responsibility for the area under audit and/or the suitability of the criteria, entity officials are expected to inform the Office by a date to be specified.

The audit team shares facts with entity management and asks for confirmation.

Entity officials are expected to examine all statements of fact and confirm their correctness. If the facts are incorrect or incomplete, the officials are expected to provide the correct, complete information along with appropriate supporting evidence.

The audit team periodically offers to brief entity officials, senior management (and if requested, the departmental audit committee) on emerging findings throughout the examination phase. The team also encourages a discussion of proposed recommendations as they are developed.

The Auditor General will send a letter to the deputy head with advance notice of the deadline for providing final responses and confirmation of facts.

Entity officials are expected to participate in the briefings to understand the nature and the implications of the findings and the proposed recommendations and to ask the OAG questions related to the audit. (Such briefings may include the participation of the deputy head or other senior management, as well as the departmental audit committee, when appropriate.)

During the reporting phase

The audit team sends numbered/controlled copies of the principal’s (PX) draft chapter to the entity’s OAG contact/liaison person to coordinate comments by parties responsible for audited areas. The expected date for issuing the PX draft chapter is indicated in the audit plan summary.

The entity is expected to review the draft chapter and provide the OAG with the entity’s position on

  • any facts that are in dispute (accompanied by all supporting evidence in the audited entity’s possession); and
  • the accuracy of the text.

The entity is expected to deliver its consolidated and coordinated comments within agreed timelines, together with evidence to support any changes requested to the report.

The audit team reserves the right to request a record of entity staff who receive draft chapters and other numbered/controlled documents, requests that the documents be returned once the report has been tabled in Parliament, and keeps a record of which copies are returned.

The entity is expected to track the internal distribution of draft chapters and other numbered/controlled documents that it receives, retrieve them when requested, and return them to the OAG within one week of the report being tabled in Parliament.

The audit team discusses factual errors, omissions in the draft chapter, context changes, or new information with the entity and attempts to resolve issues that are raised in the entity’s comments quickly, professionally, and respectfully.

The entity is expected to discuss and attempt to resolve issues with the audit team quickly, professionally, and respectfully.

If required, the Assistant Auditor General (AAG) or the Commissioner of the Environment and Sustainable Development offers to meet with the deputy head or other senior management (usually at the ADM level, as appropriate) to discuss the draft chapter, including the suitability of the proposed audit recommendations and the probable responses to them.

Entity senior management is expected to discuss the suitability and practicality of the proposed recommendations and its probable responses to them.

The OAG requests that the entity provide written comments on the PX draft report as well as draft responses to the recommendations (modified, as appropriate, to reflect discussions).

The deputy head or other senior management of the entity is expected to provide written comments on the PX draft and written responses to the draft recommendations.

The audit principal prepares the deputy minister (DM) transmission draft chapter to reflect the discussions with the entity, as appropriate. The AAG or Commissioner sends numbered/controlled copies of the DM transmission draft chapter, in both official languages (simultaneously if this has been requested during the planning phase of the audit—Section 6), to the deputy head for comment. The expected date of issuance of the DM draft chapter is indicated in the audit plan summary.

The deputy head is expected to confirm that the report presents the findings of the audit factually and fairly and that the responses to the recommendations are final. Any areas of disagreement should be resolved or documented in the response.

The audit team communicates, in a timely manner (usually within one month of the tabling date of the audit chapter), with either the deputy head or the head of the internal audit function, as appropriate, any management issues not included in the audit chapter. It is expected that the audit team would have discussed most, if not all, of these management issues with entity officials during the confirmation and validation of facts process for the chapter. If the OAG communicates these management issues through a formal letter, then a similar process of confirmation and validation of facts for these issues would take place.

The entity is expected to acknowledge communication of the management issues, discuss them with the audit team, and issue a written response when requested.