The National Research Council of Canada (NRC) carries out independent audits of its research centres, branches, programs and initiatives, in accordance with the Treasury Board Policy on Internal Audit.
Here is a list of the most current reports on the results of these audits.
2022-2023
- Audit of acquisition card management - February 2023
- Audit of Cyber incident response
- Audit of Digital authorization
2021-2022
2020-2021
2019-2020
- Audit of Intellectual Property (IP)-related royalties and awards
- Audit of Research and licensing agreement management
- Audit of conflict of interest management
- Audit of Acquisition card management
- Audit of procurement and contracting
- Audit of IT Security
2018-2019
2017-2018
- Audit of Industrial Research Assistance Program (IRAP) - SONAR
- Audit of Talent Management – Workforce Planning and Succession Management
2016-2017
- Audit of Occupational Safety and Health
- Audit of NRC Operational Security: Controlled Goods and International Traffic in Arms Regulations (ITAR)
2015-2016
- Audit of Revenue Management - February 2016
- Audit of Acquisition Cards in the Interim Operating Environment - June 2015
- Audit of Expenditure Management in the Interim Operating Environment - June 2015
- Audit of the Industrial Research Assistance Program in the Interim Operating Environment - June 2015
- Audit of Procurement and Contracting in the Interim Operating Environment - June 2015
2014-2015
2013-2014
- ARCHIVED - Continuous Audit of the Industrial Research Assistance Program (IRAP) – FY 2012-13
- ARCHIVED - 2012-13 Continuous Audit of Expenditure Management
- ARCHIVED - Audit of Investment Planning
- ARCHIVED - 2012-13 Continuous Audit of Procurement and Contracting
If you want a complete copy of audit reports listed as summaries, please contact the NRC Internal Audit Reports.
Audit performance results
Key compliance attributes are published as required under sections A.2.2.3 and A.2.2.3.1 of the Directive on Internal Audit.
These results, or key attributes demonstrate that the main fundamental elements necessary for oversight are in place, are performing as required under the Policy on Internal Audit and the Directive on Internal Audit and are achieving results.
Why publish key compliance attributes of internal audit?
Key compliance attributes
| Performance indicators | Key compliance attributes | July 31, 2023 | Definitions |
|---|---|---|---|
| Do internal auditors in departments have the training required to do the job effectively? Are multidisciplinary teams in place to address diverse risks? | Number of IA employees (including CAEE) | 11 | The number of current full-time equivalent positions |
| % of staff with an internal audit or accounting designation (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 55% | ||
| % of staff with an internal audit or accounting designation in progress (Certified Internal Auditor (CIA), Chartered Professional Accountant (CPA)) | 18% | In progress: The staff member (an indeterminate employee) has formally registered with and has been accepted by the certifying body to complete the requirements of the professional designation in a prescribed time frame and has registered for at least one component of the certification process. | |
| % of staff holding other designations (CGAP, CISA, etc.) | 27% | ||
| Is internal audit work performed in conformance with the international standards for the profession of internal audit as required by Treasury Board policy? | Date of last comprehensive briefing to the Departmental Audit Committee on the internal processes, tools, and information considered necessary to evaluate conformance with the IIA Code of Ethics and the Standards and the results of the quality assurance and improvement program (QAIP) | June 28, 2023 | Last comprehensive briefing: A comprehensive briefing includes updates on all pertinent elements of the QAIP. In accordance with IIA Standard 1320, this comprehensive briefing would include:
External assessments (practice inspections) must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. |
| Date of last external assessment | March 2023 | ||
| Is internal audit credible and adding value in support of the mandate and strategic objectives of the organization? | Average overall usefulness rating from senior management (ADM-level or equivalent) of areas audited. | 100% of respondents agreed or strongly agreed with the overall usefulness of the audit | Average "overall usefulness" rating: Post-audit surveys to senior management of the area audited should include a question on the overall usefulness of the audit. |
Internal audit status for fiscal year 2018-2019
| Internal audit title | Audit status | Report approved date | Report published date | Original planned Management Action Plan completion date | Management Action Plan Implementation status (%) |
|---|---|---|---|---|---|
| Audit of Research and Licensing Agreement Management | Published – Management Action Plan fully implemented | 2019/12/23 | 2020/08/12 | 2020/03/31 | 100% |
| Audit of Conflict of Interest Management | Published – Management Action Plan fully implemented | 2019/10/27 | 2020/02/27 | 2020/09/30 | 100% |
Internal audit status for fiscal year 2019-2020
| Internal audit title | Audit status | Report approved date | Report published date | Original planned Management Action Plan completion date | Management Action Plan Implementation status (%) |
|---|---|---|---|---|---|
| Audit of Real Property Management | Published – Management Action Plan not fully implemented | 2021/03/26 | 2021/06/30 | 2024/03/31 | 33% |
Internal audit status for fiscal year 2021-2022
| Internal audit title | Audit status | Report approved date | Report published date | Original planned Management Action Plan completion date | Management Action Plan Implementation status (%) |
|---|---|---|---|---|---|
| Cyber Incident Response Plan | Complete – Not Published | 2022/12/22 | |||
| Accounts Payable | Re-scoped to Audit of Account Verification Framework | ||||
| Key Control Processes | Published – Management Action Plan fully implemented | ||||
| Audit of Digital Authorization – Part of Suite of Audits of Key Control Processes | Published – Management Action Plan fully implemented | 2022/04/04 | 2022/06/20 | 2023/06/23 | 100% |
Internal audit status for fiscal year 2022-2023
| Internal audit title | Audit status | Report approved date | Report published date | Original planned Management Action Plan completion date | Management Action Plan Implementation status (%) |
|---|---|---|---|---|---|
| Audit of Cloud Services | In Progress | ||||
| Audit of Acquisition Cards - Part of Suite of Audits of Key Control Processes | Published – Management Action Plan fully implemented | 2022/10/24 | 2023/02/24 | 2022/12/31 | 100% |
Internal audit status for fiscal year 2023-2024
| Internal audit title | Audit status | Report approved date | Report published date | Original planned Management Action Plan completion date | Management Action Plan Implementation status (%) |
|---|---|---|---|---|---|
| Audit of Professional Services | In Progress | ||||
| Audit of Account Verification Framework | Planned | ||||
| Audit of IT Project Management | Planned |