What to Expect—An Auditee's Guide to the Performance Audit Process

3—Access to entity information by the Office of the Auditor General

In accordance with federal legislation, this information sheet outlines Office of the Auditor General (the Office or OAG) audit teams' right of access to information, documents, and staff in audited entities, as needed to fulfill the OAG's audit responsibilities.

What access includes

  • OAG auditors are entitled to receive all information that they determine is relevant and necessary to enable them to carry out their audits and examinations. Auditors require documents, reports, and explanations from members of the public service and from officers, employees, or agents. Such information may be provided in electronic and/or hard copy format, as appropriate and applicable in the circumstances.
  • The fact that a document is not accessible to the public, through an access to information request, is not a valid reason for denying access to the Auditor General's staff. The provisions of the Access to Information Act do not apply to the Auditor General's access to information for audit purposes.
  • OAG auditors are entitled to access documents that may be subject to solicitor/client and other privileges. To ensure that this access does not affect the privilege attaching to the documents, the OAG makes a formal written request for access to such documents, pursuant to the Auditor General Act (the "solicitor/client privilege letter") and undertakes to respect the confidentiality of the information. An appropriate senior management official of the entity responds in writing that the entity will comply with its duty under the Act and that provision of the documents to the OAG will not constitute a waiver of any privilege attached to the documents.
  • Memoranda to Cabinet or records of Cabinet decisions and Treasury Board submissions or decisions are made available to the Auditor General through a separate process involving the Privy Council Office or the Treasury Board of Canada Secretariat, as appropriate.

    An audited entity is responsible for identifying to OAG auditors, upon request, the memoranda to Cabinet, Cabinet decisions, and Treasury Board submissions and decisions that relate to the audit, so that the auditors may request them directly from the Privy Council Office or the Secretariat. The Auditor General's access to these types of Cabinet confidences is set out in two orders-in-council: PC#1985-3783 and PC#2006-1289. All documents not of this type are readily accessible by OAG auditors.
  • As the OAG auditors identify the information they need and who they need to interview, the audited entity is to give them access. The information that the audited entity should supply, upon request, includes all forms of communication—written, visual, auditory, and electronic—whether they be in final or draft form, with the exception of draft Treasury Board submission material. This includes but is not limited to any relevant correspondence, memorandum, book, report, plan, map, drawing, diagram, analysis, survey, pictorial or graphic work, photograph, film, microfilm, sound recording, video tape, or machine readable record. Auditors may take extracts and make photocopies of the information, unless its security classification dictates otherwise.

    The Privy Council Office's Guidance for Deputy Ministers emphasizes that the deputies' role includes ensuring that their departments establish a respectful and constructive working relationship with bodies such as the OAG and that the audited entities supply the information those bodies need to fulfill their legislative mandates.
  • It is important that, when the audit team identifies entity staff for an interview, the staff be made available. It is not an acceptable practice for the entity to inappropriately coach staff prior to an interview or filter information requested by the OAG. As a general rule, only the entity staff members who are being interviewed should be present during the interview in order to encourage candour and completeness in their responses. Under certain circumstances, the audit team and the audited entity may agree that it is appropriate to have observers present at an interview.

When access should be given

  • Access to information begins once the entity has been notified of the start of a performance audit or of the One-Pass Planning exercise. Access to privileged information begins once an appropriate senior official of the audited entity has responded to the OAG's solicitor/client privilege letter.
  • Timely access to information is essential for the Auditor General to meet her reporting obligations to Parliament. It can be affected by such factors as the format and location of the requested information or the availability of an individual. Nevertheless, entity officials should instruct their employees to make themselves and information available, as they would for any other important business of the entity. OAG requests for information should be responded to expeditiously. As a guide, information that is easily accessible should normally be provided within five working days of the request. For less readily available information, the audited entity should provide the information within a time frame agreed on as reasonable between the audit team and entity officials. An agreed on time frame, for example, may be necessary for receipt of requested documents, if retrieving them requires additional work (for example, creation or manipulation of data) or if there is a need to recover information from archives. The audit team maintains a register of documents requested and received during an audit.
  • Auditors who encounter problems obtaining information during an audit will report the problems to the audit team management. If the problems continue, the audit team management will attempt to resolve the issue with the entity's OAG contact/liaison person, or, if necessary, with the entity's senior management.
  • In some circumstances, a delay in providing requested documents or information can amount to a denial of access, creating a government-imposed limitation on the scope of an audit. The Auditor General is required by professional standards and by the Auditor General Act to report such cases to Parliament.

How security is managed

  • Audit team members have access to an audited entity's information, for which they have the required level of security clearance, and to individuals, who can provide the information. Auditors must comply with the same security arrangements that apply to the audited entity's employees.
  • At the start of an audit, the audit team will provide the entity's OAG contact/liaison person with the names and security clearance levels of Office and contract staff initially assigned to the audit. If there are any changes required to be made to this list during the audit, the audit team will notify the OAG contact/liaison person in a timely manner.
  • The numbered/controlled audit documents, such as the entity plan summary and draft chapters, which the audit team provides to the audited entity during the audit, are protected documents. They must be returned to the OAG within one week after the Auditor General or the Commissioner of the Environment and Sustainable Development has tabled the related report in the House of Commons. Entity staff must ensure that these documents are not photocopied and that their contents are treated with appropriate discretion. Disclosing the Auditor General's findings, prior to tabling, is viewed as an infringement of the rights and privileges of Parliament.

Additional resources

Related information sheet