G.5 Practice Review and Internal Audit Ratings Process
-
An overall rating will be included in the practice review or internal audit report for each function audited. The purpose of the rating is to categorize as accurately as possible the adequacy and effectiveness of internal controls. The rating system is useful as a means of summarizing the internal auditor’s general level of concern relative to an individual unit, but it is no substitute for specific audit findings that are identified and communicated to management.
-
Reports will reflect one of the ratings identified below. Practice Review and Internal Audit (PRIA) and management must realize that assigning ratings is a judgmental exercise informed by findings. As a practical matter, the definitions for any rating scheme cannot do more than create broad categories that reflect differing levels of concern. Although the overall rating is useful as a shorthand way of expressing the auditor’s level of concern, the focus of attention for PRIA and management should be on the specific audit findings and the actions that will address them.
-
The internal audit rating categories are as follows:
|
Adequate |
This rating indicates that, overall, conditions do not rise to a level of significant concern. The problems identified, while warranting correction, were not serious. Previously reported problems have been resolved or are being resolved in a timely manner. |
|
Requires Improvement |
This rating indicates an elevated level of concern relative to the conditions disclosed by the audit. Overall, controls are not what they should be and prompt management attention is necessary. A significant number of audit findings or inappropriate delays in resolving previously cited deficiencies suggest a “Requires Improvement” rating. |
|
Requires Immediate Management Attention |
This rating indicates control deficiencies that warrant significant and immediate corrective action. Major operational, accounting, or compliance problems were identified by the audit. Control weaknesses were noted that expose the organization to meaningful financial or reputational risk. A repeat significant audit finding or a failure to sustain previously implemented corrective measures is also a basis for the assignment of this rating. |
-
The practice review ratings are as follows:
|
Compliant |
This rating indicates that performance is satisfactory—with minor improvements possible—the audit file is in compliance, in all significant respects, with Office of the Auditor General of Canada (Office) policy requirements and applicable auditing standards. |
|
Compliant with improvements needed |
This rating indicates that improvements are necessary in some areas to fully comply with Office policies and applicable auditing standards. |
|
Non-compliant |
This rating indicates that major deficiencies exist; there is non-compliance with Office policies or applicable auditing standards. |
- Last modified:
- 2018-03-07