D.11 Policy on Providing Consulting Services

  1. PRIA is in a unique position of having the authority and responsibility to review all aspects of Office’s operations and administration. This creates a wide breadth of exposure and knowledge, which crosses all lines of organizational structure, functions, and operations. It is PRIA’s policy, supported by the Audit Committee, to take advantage of this breadth of experience and knowledge to proactively improve operations and otherwise assist the Office with issues and initiatives where the internal auditor perspective can add value.

  2. Generally, such consulting services will be carried out separately from assurance work, although PRIA’s staff should always be aware of potential opportunities and improvements in all areas being audited.

  3. Consulting services will be provided in three formats:

    • Separate engagements set out in the audit plan or by special request from management or the Audit Committee where risk or urgency justify.

    • Participation as observers in committee meetings, executive meetings, systems development projects, and other areas where their advice on governance, risk management, and internal controls, can contribute to their success.

    • A constant watch for potential improvements on any audit, be it assurance or consulting, in or out of scope, where effectiveness, efficiency or economy can be improved.

  4. In carrying out consulting assignments, risk management, governance, and internal control issues may come to light that should be communicated to the Office’s management and possibly the Audit Committee in the normal manner. During consulting engagements, PRIA must be alert to significant risks and control deficiencies and incorporate those risks in the continuous risk assessment evaluation. Additionally, PRIA staff must refrain from assuming any management responsibility for managing risks.

  5. The annual audit plan will set aside a percentage of time to carry out consulting assignments both of a planned nature and for special short-term requests.

  6. In considering the acceptance of consulting assignments, the Chief Audit Executive will assess, among other things, the following factors:

    • The overall needs of stakeholders and the realistic potential for benefits from the project.

    • Potential to meet or exceed client expectations and be consistent with the overall values, strategies, and objectives of the Office of the Auditor General.

    • Availability of appropriate skill within staff or through outside supplement, a lack of which would require the CAE to decline the consulting request.

    • Potential to improve risk management, add value, and improve operations.

    • Potential to benefit the client by transfer of knowledge, skills, and ideas observed in other audits.

    • Potential to gain new knowledge to assist internal auditors in assurance or consulting audits elsewhere in the organization.

    • Needs and expectations of clients, including the nature, timing, and communication of engagement results.

    • Relative complexity and extent of work needed to achieve the engagement's objectives.

    • Potential impairments to independence or objectivity relating to proposed consulting services.

    • Cost of the engagement in relation to the potential benefits.

    • Availability of time resources relative to the annual audit plan.

    • Potential to create impairments to objectivity in future audits of the area.

    • Internal audit staff’s potential impairments to independence or objectivity on a proposed consulting project, which would require disclosure to be made to client before accepting the engagement.

  7. In the acceptance and performance of consulting engagements, internal auditors will be mindful of conformance with the “C” Standards of the International Standards for the Professional Practice of Internal Auditing. These specifically refer to consulting and provide mandatory guidance that will enhance the quality of the product and guard against any resulting loss of objectivity.

  8. The nature of consulting engagements can vary dramatically, and, as a result, the format of reporting and collected evidence can be very different from that used in an assurance engagement. For all consulting engagements, the project objectives, final deliverables to the client, and other relevant information should be agreed upon by the client and the CAE and set out in an engagement memorandum.

Last modified:
2018-03-02