Library and Archives Canada
Symbol of the Government of Canada

Institutional links


Archived Content

This archived Web page remains online for reference, research or recordkeeping purposes. This page will not be altered or updated. Web pages that are archived on the Internet are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats of this page on the Contact Us page.

Audits and Evaluations

Audit of Readiness for the Implementation of the Policy on Internal Control

Previous | Table of Contents

Appendix B – Audit Criteria

Taken collectively, the control framework below defines an adequate and effective system of control to support the deployment the risk-based assessment of ICFR. The control framework has been developed using inputs from the draft Core Management Control Model of the Office of the Comptroller General of Canada, COSO, Internal Control over Financial Reporting—Guidance for Smaller Public Companies, Executive Summary, Volume 1, audit criteria from the Audit of Readiness Assessment of Controls for External Audit of Public Service Commission Financial Statements (November 2006), and the Office of the Auditor General Financial Management Capability Model.

Control Element Audit Criteria Sub-Criteria
Governance and Accountability 1. Effective oversight bodies are established with a clearly communicated mandate that includes roles with respect to governance, risk management and control.
  • A documented mandate (in the form of a charter or other documentation) exists and clearly communicates the oversight bodies' roles and responsibilities related to governance, risk and control.
  • (Scope: Management Board and Departmental Audit Committee )
2. The oversight bodies request and receive relevant, reliable and timely risk-based information on risk and controls.
  • There is ongoing and transparent communication among the oversight bodies, the management and the Deputy Head on the subject of relevant, reliable and timely risk-based information about risk and controls, including ICFR.
  • (Scope: Management Board, Departmental Audit Committee, Finance and Accommodation Branch Committees (Contracting, Collection Storage, Nitrate Film Facility Finance Committee, Contract Review Committee)
3. Authority, responsibilities and accountabilities for internal control, including ICFR are clearly articulated and understood by stakeholders.
  • The organizational structure permits clear and effective lines of communication and reporting in support of ICFR. For example, established reporting relationships (formal and informal, direct and indirect), provide managers information appropriate to their responsibilities and authority.
  • Employees' duties and control responsibilities are clearly defined.
Risk Management 4. LAC has identified a risk-assessment process to support the identification of key processes and controls that need to be tested in support of the ICFR assessment.  
Entity-Level Controls
5. The organization has selected a core control framework against which it can assess the effectiveness of its control environment.
  • The organization has in place systems, processes and activities at the entity level (i.e., those controls that are pervasive across the entire organization) to support the achievement of its objectives.
IT General Controls
6. LAC has designed a process to test and report on IT general controls that support financial reporting requirements.  
Process or Transaction Level Controls
7. LAC has designed a process to test and report on application controls that ensure financial data recorded, processed and reported is authorized, complete, accurate and valid.  
8. LAC has designed procedures, practices, and processes to ensure that financial data, books of account and financial reports are complete, accurate and prepared in a timely manner.  
People 9. LAC provides key governance bodies, senior management and employees with the necessary training, tools, and resources to support the discharge of their ICFR responsibilities.  

Previous | Table of Contents