What to Expect—An Auditee's Guide to the Performance Audit Process

1—Roles and responsibilities

This information sheet outlines what the Office of the Auditor General (the Office or OAG) expects of its audit teams and of the audited entities in the course of a performance audit.

The following roles and responsibilities may be supplemented by formal or informal administrative liaison arrangements or, in the case in some agencies, legal Memoranda of Understanding between the audit team and the audited entity.

What the audited entity can expect from the Office of the Auditor General

  • Where the OAG has an ongoing and substantial audit presence in an entity, the responsible Assistant Auditor General or the Commissioner of the Environment and Sustainable Development, along with the responsible entity principal, will offer to provide an annual briefing to senior entity management and, if requested, the departmental audit committee. The briefing may cover both short- and long-term audit plans. The long-term plan covers five years and all OAG audit activities within the entity and is referred to as the One-Pass Plan.
  • At the start of an audit, the OAG will formally notify the deputy head of the entity (by letter) of its intention to conduct an audit. At the same time, the OAG will request confirmation from the deputy head of the confidentiality and return of OAG numbered/controlled documents, such as the entity plan summary and draft chapters.
  • Early in an audit, the audit team will provide the entity's OAG contact/liaison person with a list of names and security clearance levels of OAG and contract staff who will require access to the entity. If any changes to this list are required during the audit, the audit team will notify the entity's OAG contact/liaison person in a timely manner.
  • The audit team will offer to hold an entrance meeting with entity officials, including the deputy head where appropriate, to launch the audit in the entity and to discuss the planned audit to gain a better understanding of the areas subject to audit.
  • Within one month of the offer to hold an entrance meeting, the OAG will issue a letter to the deputy head or another senior management official requesting access under the powers provided by the Auditor General Act to, among other things, documents that may be subject to solicitor/client and other privileges. Consequently, disclosure of such "privileged" documents to the OAG does not amount to waiver of any privilege attached to the documents. As such, all documents disclosed to the OAG for these purposes will be treated in strict confidence, and all present administrative arrangements for the use of such documents will continue.
  • At its discretion, the audit team may request advice from the audited entity with respect to individuals who would be useful advisors on the audit. If the audit team has any concern about whether a potential advisor has a conflict of interest, it may seek the advice of the entity. Once the advisors have been selected, the audit team may provide the names to the entity for information purposes.
  • Early in the examination phase of the audit, the OAG will issue, to the entity's OAG contact/liaison person, numbered/controlled copies of an entity plan summary, which includes the audit objectives, scope, methodology or approach, criteria against which the entity will be assessed, and the timetable. The OAG will provide the entity's management and, if requested, the departmental audit committee, an opportunity to discuss with OAG staff the proposed audit plan. At this time, the OAG will request management's formal acknowledgement of its responsibility for the program or area under audit and its comments on the suitability of the audit criteria.
  • The audit team will facilitate ongoing and regular communication during the audit on changes to the entity plan summary (objectives, scope, approach, and timetable); audit progress, including emerging findings and potential recommendations; or any obstacles within the audited entity, to ensure that the audit work is done on time.
  • Before issuing numbered/controlled copies of the principal's (PX) draft chapter, the audit team will offer briefings to entity management to seek their views on the validity/completeness of audit evidence, audit observations, conclusions, and recommendations, including corrective action to be taken. Discussions between the audit team and the entity will also be offered at various points during the reporting phase.
  • After issuing the PX draft chapter, the audit team will again seek the views of the entity's management on the validity and completeness of audit findings (specified in the point above), as well as the audited entity's draft responses to recommendations.
  • After receiving the comments from the audited entity and others (for example, third parties), the audit team will consider their substance and revise the PX draft chapter, as appropriate. The team will then submit a transmission draft chapter to the deputy head, which will include the audited entity's draft responses to recommendations, to obtain final comments and confirmation that the draft responses are final.
  • The OAG will make every effort to resolve disagreements quickly, professionally, and respectfully.

What the OAG expects of audited entities

  • After receiving formal notification of the audit, the entity is expected to identify one of its officials as the entity's OAG contact/liaison person for the audit. In addition, the deputy head is expected to acknowledge that the entity is required to respect the confidentiality of audit plans and draft chapters provided to it for review and to return them within one week of tabling of the report. Also, the Privy Council Office's Guidance for Deputy Ministers notes that one responsibility of deputy heads is to ensure that their departments establish respectful, constructive working relations with the OAG and supply the information required for it to fulfill its mandate.
  • The audited entity is expected to provide the audit team with free (open) access at all convenient times to audit information, reports, and explanations, as the OAG deems necessary to complete the audit.
  • If an entrance meeting is held, the audited entity is expected to make every effort to ensure that the appropriate entity officials attend this meeting to discuss the planned audit, so that the audit team can gain a better understanding of the areas subject to audit.
  • Within two weeks of receiving the solicitor/client privilege letter from the OAG, the deputy head or a senior management official with signing authority at the assistant deputy minister level is expected to sign and return the attached letter. This confirms that the audited entity will comply with any requests that the OAG makes for access to relevant documents under the control of the entity, including those documents to which solicitor/client or other privileges are attached.
  • Within two weeks of receiving the entity plan summary, senior management of the audited entity is expected to acknowledge, in writing, the entity's responsibility for the areas and activities to be audited and will provide comments on the suitability of the criteria against which the entity will be assessed.
  • The audited entity is expected to ensure that all its officials affected by the audit (as well as its departmental audit committee) are sufficiently briefed concerning the purpose, nature, and timetable of the audit in the entity as early as possible in the audit process.
  • The relevant entity employees are expected to review and sign off on documented meeting and interview minutes prepared by the OAG, if the OAG indicates its intention to rely on such records as audit evidence during the audit.
  • Entity management is expected to provide timely, consolidated, and coordinated comments and feedback concerning key aspects of the audit at appropriate decision points in the audit. This relates to audit plans; confirmation and validation of facts; and the observations, conclusions, and recommendations in draft audit chapters. It also includes discussion on corrective action to be taken. Although audited entities may comment on Main Points, conclusions, and recommendations in a chapter, the issues included in these sections are determined by the OAG.
  • The audited entity is expected to make every effort to resolve disagreements quickly, professionally, and respectfully.
  • The deputy head or other senior management of the audited entity is expected to provide draft responses to proposed recommendations, as modified following the confirmation and validation of facts in the principal draft chapter. Within 10 working days of receipt of the deputy minister transmission draft chapter, the deputy head will confirm whether the facts are accurate and presented fairly and whether the draft responses to the recommendations are final, or comment on areas of disagreement, if any.
  • Within one week of tabling of a report of the Auditor General or the Commissioner of the Environment and Sustainable Development in the House of Commons, the audited entity is expected to return all numbered/controlled copies of the entity plan summary and draft chapters and, where applicable, other audit documents. These include, where applicable, such documents as draft management letters for matters of lesser importance than those reported in the chapter but on which the OAG believes entity officials need to follow up and take corrective action.
  • The audited entity is also expected to immediately inform the OAG if any numbered/controlled audit document is lost or made public.

Additional resources

Related information sheets

Roles and responsibilities

OAG

Audited Entity

Ongoing

Where the OAG has an ongoing and substantial audit presence in an entity, the responsible Assistant Auditor General or the Commissioner of the Environment and Sustainable Development, along with the responsible entity principal, will offer to meet annually with senior management of the entity and, if requested, the departmental audit committee, to build an understanding of key and emerging issues and to discuss short- and long-term audit plans. They will also discuss the general working relationship between the OAG and the entity, which includes clarifying the nature of the OAG's access to documents, as necessary.

The entity is expected to provide the OAG with the information needed and discuss matters of mutual interest.

Audit notification

At the start of a performance audit, the audit team will

  • notify the deputy head (by letter) of the OAG's intention to conduct an audit, and will request confirmation of the confidentiality of OAG numbered/controlled documents, such as the entity plan summary and draft chapters, and their return within one week of tabling of the report;
  • provide the entity's OAG contact/liaison person with the names and security clearance levels of OAG and contract staff initially assigned to the audit who will require access to the entity; if any changes to this list are required during the audit, the audit team will notify the entity's OAG contact/liaison person in a timely manner; and
  • offer to hold an entrance meeting with entity officials, including the deputy head where appropriate, to launch the audit in the entity and to discuss the planned audit in order to gain a better understanding of the areas subject to audit. In advance of the meeting, the audit team notifies the audited entity of the main topics to be discussed, including the preferred language(s) of communication, especially regarding audit documents provided to the audited entity.

The deputy head is expected to

  • confirm, in writing, that controlled documents, such as the entity plan summary and draft chapters, will be treated in a confidential manner and returned within one week of tabling of the report; and
  • inform those in the entity who need to know about the audit, as well as the departmental audit committee.

The OAG contact/liaison person is expected to inform those in the entity who need to know the names and security clearance levels of OAG and contract staff. The audited entity is expected to provide the audit team with free (open) access at all convenient times to audit information, reports, and explanations, as the OAG deems necessary to complete the audit.

If an entrance meeting is held, the entity is expected to ensure that the appropriate entity officials attend this meeting to discuss the planned audit and topics for discussion so that the audit team can gain a better understanding of the areas subject to audit. The OAG contact/liaison person is expected to inform the audit team of the preferred language(s) of communication, especially regarding audit documents provided to the audited entity.

Within one month of the offer to hold an entrance meeting

The audit team sends a solicitor/client privilege letter to assure the deputy head or other senior management that when the OAG requests access to documents that may be subject to solicitor/client or other privileges, it does so pursuant to its powers under the Auditor General Act. Consequently, the audited entity's disclosure of such documents to the OAG does not amount to a waiver of any privilege attached to the documents.

Within two weeks of receiving the solicitor/client privilege letter, the deputy head or a senior management official with signing authority at the assistant deputy minister (ADM) level is expected to sign the attached letter, send a copy to those in the entity who need to know, and return the letter to the OAG.

The audit team may, at its discretion, request advice from the audited entity with respect to individuals who may be useful advisors on the audit. If the audit team has any concern about whether a potential advisor has a conflict of interest, it may seek the advice of the entity. Once the advisors have been selected, the audit team may provide the names to the entity for information purposes.

When requested, the entity is expected to provide advice to the audit team on potential advisors for the audit. The entity may wish to consult with its departmental audit committee on this matter.

Early in the examination phase

The audit team prepares an entity plan summary that outlines the objectives, scope, approach, and criteria of the audit, and sends numbered/controlled copies of it to the entity's OAG contact/liaison person to coordinate comments on the suitability of the criteria and on management's responsibility for the subject area.

The entity is expected to

  • track the internal distribution of the entity plan summary copies received, subsequently retrieve them when requested, and return them to the OAG within one week of the report being tabled in the House of Commons;
  • acknowledge in writing, within two weeks of receipt of the entity plan summary, the entity's responsibility for the areas and activities to be audited and provide comments on the suitability of the criteria against which they will be assessed; and
  • ensure that all its officials affected by the audit (as well as its departmental audit committee) are sufficiently briefed on the purpose, nature, and timetable of the planned audit in the entity as early as possible in the audit process.

During the examination phase

The audit team asks the appropriate entity staff to sign off on documented meeting and interview minutes, if there is an intention to rely on such records as audit evidence. Such minutes would normally be sent to the appropriate entity staff within five working days of the meeting.

Entity staff are expected to comment and sign off, when requested, on meeting and interview minutes expeditiously (normally within five working days).

The audit team informs the audited entity, in writing, of any significant changes to the entity plan summary (objectives, scope, approach, criteria, and timetable) and provides a rationale for the changes. Where appropriate, a revised entity plan summary would be issued.

Entity officials are expected to provide comments, in writing, on the changes to the entity plan summary.

The audit team shares facts with entity management and asks for confirmation.

Entity officials are expected to examine all statements of fact and confirm their correctness or, if the facts are incorrect or incomplete, provide the correct or complete information along with appropriate supporting evidence.

The audit team periodically offers to brief entity officials, senior management, and if requested, the departmental audit committee on emerging findings throughout the examination phase. The team also encourages a discussion of proposed recommendations as they are developed.

Entity officials are expected to participate in the briefings to understand the nature and the implications of the findings and the proposed recommendations and to obtain answers from the OAG to any questions. (Such briefings may include the participation of the deputy head or other senior management as well as the departmental audit committee, when appropriate.)

During the reporting phase

The audit team sends numbered/controlled copies of the principal's (PX) draft chapter to the entity's OAG contact/liaison person to coordinate comments by parties responsible for audited areas. For a single entity audit, this normally occurs about 20 weeks before the scheduled tabling day of the related Auditor General's Report. The expected date of issuance would be indicated in the entity plan summary.

The entity is expected to review the draft and provide the OAG with the entity's position on

  • facts in dispute, if any (accompanied by all supporting evidence in the audited entity's possession); and
  • accuracy of text.

The entity is expected to deliver its consolidated and coordinated comments within agreed timelines, usually three weeks.

The audit team keeps a record of entity staff to whom draft chapters and other numbered/controlled documents are given, requests the return of the documents once the report has been tabled in Parliament, and keeps a record of which copies are returned.

The entity is expected to track the internal distribution of draft chapters and other numbered/controlled documents received, retrieve them when requested, and return them to the OAG within one week of the report being tabled in Parliament.

The audit team discusses and attempts to resolve issues raised in the entity's comments quickly, professionally, and respectfully.

Within agreed timelines, the entity is expected to discuss and attempt to resolve issues with the audit team quickly, professionally, and respectfully.

About four weeks after issuing the PX draft chapter, the Assistant Auditor General (AAG) or Commissioner of the Environment and Sustainable Development (CESD) offers to meet with the deputy head or other senior management (usually at the ADM level), as appropriate, to discuss the draft recommendations.

The entity is expected to discuss the suitability and practicality of the draft recommendations and its probable responses to them.

Within one week of the above-noted meeting, the OAG sends a letter to the deputy head or other senior management (usually at the ADM level) that includes all the draft recommendations (modified, as appropriate, to reflect the earlier discussions) and requests the audited entity's draft response within three to four weeks. This letter is issued as a numbered/controlled document.

The deputy head or other senior management of the entity is expected to provide written responses to the draft recommendations within three or four weeks in accordance with the OAG's expectations for entity responses.

The audit principal prepares the deputy minister (DM) transmission draft chapter to reflect the discussions with the entity, as appropriate. The AAG or CESD sends numbered/controlled copies of the DM transmission draft chapter, in both official languages, to the deputy head for comment. For a single-entity audit, this normally occurs about nine weeks before the scheduled tabling of the report. The expected date of issuance would be shown in the entity plan summary.

The deputy head is expected to confirm, within 10 working days, that the facts are accurate and presented fairly and that the draft responses to the recommendations are final, or to provide comments on areas of disagreement, if any.

The audit team communicates in a timely manner (usually within one month of the tabling date of the audit chapter) with either the deputy head or the head of the internal audit function, as appropriate, about management issues not included in the audit chapter. It is expected that the audit team would have discussed most, if not all, of these management issues with entity officials during the confirmation and validation of facts process for the chapter. If the OAG communicates these management issues through a formal letter, then a similar process of confirmation and validation of facts for these issues would take place.

The entity is expected to acknowledge communication of the management issues, discuss them with the audit team, and issue a written response when requested.