The Office of the Auditor General of Canada (OAG) prepares long-term plans for individual audited entities or for sectoral topics that typically cover all OAG audit activities within the entity, for a multi-year period. The long-term plans are referred to as strategic audit plans (SAPs).
The SAP is a planning tool based on a risk assessment that the OAG uses to
- focus OAG resources on the areas of significance and of a nature that should be brought to the attention of Parliament;
- promote consistency in planning across OAG audit teams and product lines; and
- focus the audit selection process on key risks in entities or in sectoral topic areas (that is, cross-entity), as well as on OAG priorities and focus areas.
At the start of a Strategic Audit Plan exercise, the OAG sends a letter to the deputy head of each entity involved. This letter describes the OAG’s intention to carry out a systematic and risk-based exercise to determine the audit work that needs to be done over the next few years to fulfill the OAG’s responsibilities under the Auditor General Act.
The audit team reviews key entity documents, such as
- corporate plans,
- integrated risk management frameworks,
- performance reports to Parliament,
- internal audit and program evaluation reports,
- the entity’s annual and long-term audit and evaluation plans, and
- other entity reports.
The team reviews other key documents, such as
- parliamentary committee reports,
- budget documents,
- past OAG audits, and
- information about the entities involved in the audit.
The team interviews
- entity senior management (at headquarters and in regional offices),
- entity officials (at headquarters and in regional offices), and
- key external stakeholders and external experts, when appropriate.
When the Strategic Audit Plan exercise begins, the deputy head or other senior management of each entity involved in the audit is expected to inform the departmental audit committee and others in the entity who need to know about the exercise.
When the OAG prepares a SAP, the deputy head or other senior management of each entity involved is expected to provide documents and participate in interviews as requested.
When the OAG has an ongoing and substantial audit presence in an entity, the OAG offers to meet annually with the entity’s senior management and, if requested, the departmental audit committee.
Discussions can include but are not limited to
- building an understanding of key and emerging issues;
- short-and long-term audit plans;
- the general working relationship between the OAG and the entity;
- clarifying the nature of the OAG’s access to documents, as necessary;
- extenuating circumstances, such as pending legislative or regulatory approvals or changes that may require changes to future audit plans;
- audit risks; and
- the OAG’s assessment of risks compared with those identified by the entity.