Office of the Information Commissioner of Canada: Audit Committee Terms of Reference
The Audit Committee provides the Commissioner with independent, objective advice, guidance, and assurance on the adequacy of the risk management, control, and accountability processes. To be able to do this, the Audit Committee must exercise active oversight of core areas of the Office’s control and accountability in an integrated and systematic way1.
The Audit Committee contributes to advancing the organization’s management practices by bringing new perspectives and challenge to existing practices. The Committee’s success is founded on being internally focused, developing respectful relationships with management, and operating in a manner that promotes learning.
Audit Committee membership
The Audit Committee for the Office of the Information Commission will comprise a Chairperson (external member), a second external member, and the Information Commissioner.
Regular attendance of the Chief Audit Executive (CAE), the Chief Financial Officer (CFO), the Assistant Commissioner CRC, the Director of Internal Audit and Planning is expected. In addition, a senior representative of the Office of the Auditor General (OAG) will attend Committee meetings as an invitee, on an “as needed” basis, to discuss plans, findings and other matters of mutual concern. Functional specialists must also be invited to attend meetings as observers. Secretariat support will be provided by the Director, Internal Audit and Planning, who will also act as Secretary to the Committee.
Tenure and terms of office
An external member shall serve no more than two terms. A full term of office is four years. To ensure continuity within the Audit Committee, engagement of members by the Commissioner can be staggered. This means that the initial term of office of some members may be less than four years.
Audit Committee meetings
The Audit Committee shall meet in person three times a year with authority to convene additional meetings as circumstance require, including teleconference. The Committee’s meeting schedule will normally be set out one year in advance so that the Office’s management and auditors can prepare the information and reports required to support the Committee’s work. Rescheduling of Committee meetings will be by exception only.
The Chair is required to call a meeting if requested to do so by another Audit Committee member.
The quorum for a meeting shall be all three decision-making members (the Chair, the other external member and the Commissioner). No alternates shall be permitted.
Preparation and attendance by members
To enhance the effectiveness of the Audit Committee’s meetings, each member shall:
- devote the time needed to prepare for and participate in each meeting by reading the reports and background materials provided for the meeting; and
Minutes of meetings
Minutes of each meeting shall be kept and shall contain a record of the persons present. The minutes provide a record of decisions taken and a high-level summary of the discussion, providing insight on the topics and subtopics discussed.
It is expected that each meeting of the Audit Committee include a series of in camera meetings with i) CAE, ii) the OAG Principal when in attendance, and iii) management as required. In-camera meetings are included on every Audit Committee meeting agenda to ensure that sufficient time is set aside for them2.
Access by/to the Audit Committee
The Audit Committee has unfettered access to the CAE, Director of Internal Audit and CFO and to other Office employees and documentation (subject to applicable legislation) as may be required to fulfil its responsibilities.
The CAE, Director of Internal Audit and CFO have unfettered access to the Audit Committee and to the Audit Committee Chair and Vice-Chair.
Plan for Audit Committee activity
The Chair of the Audit Committee shall help preparing a plan to ensure that the annual and ongoing responsibilities of the Audit Committee are scheduled and fully addressed. The plan shall be presented to the Audit Committee for its approval3.
Audit Committee orientation, training, and continuing education
The role of the Audit Committee can be fulfilled only if its members are well informed. Members shall receive formal orientation and training on the Audit Committee’s purpose, responsibilities, and objectives as well as the business of the Office including its programs and services. A process of continuing education—e.g., briefings and information on emerging issues and risks—shall also be put in place.
Support to the Audit Committee
The Internal Audit Secretariat will provide the Audit Committee with the resources necessary to carry out its role, responsibilities, and duties. In doing so, the Secretariat will be cognizant of the independent nature of the Committee.
Secretariat support will include, but not be limited to:
- timely preparation of all notices and agendas of meetings
- coordination of presentations and distribution of reports and/or related documents that are prepared for the Audit Committee’s information or consideration
- timely preparation and distribution of minutes of meetings
- management of the orientation and training process, including on-going briefings and information sessions
In addition, to the extent it deems necessary to meet its responsibilities, the Audit Committee has the authority to retain independent advice and assistance with the Commissioner’s prior approval. In that regard, the Internal Audit Secretariat will make the appropriate arrangements to ensure that the required expertise is obtained.
Responsibilities and duties
The role, responsibilities, and operations below are based on the expected end-state, but will be transitioned over the next two years.
The key areas of responsibility that shall be addressed by the Audit Committee are:
Values and Ethics
- Review, at least annually, and report on the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies and standards of ethical conduct.
- Review, at least annually, and report on the corporate risk profile and the Office risk management arrangements.
Management Control Framework
- Review, at least annually, and report on the Office internal control arrangements, including the adequacy of management-led audit.
Internal Audit Function
- Recommend and regularly review, the Office Internal Audit Charter or Internal Audit Policy for approval by the Commissioner
- Regularly review the adequacy of resources of the internal audit function
- Review and recommend for approval the risk assessment and the internal audit plan prepared by the CAE
- Regularly review the performance of the internal audit function
- Receive and recommend for approval internal auditing reports and management action plans to address recommendations
- Be aware of audit engagements or tasks that do not result in a report to the Committee, and be informed of all matters of significance arising from such work
OAG, the Panel, and the appropriate Standing Committees of the House of Commons
- Ensure that management has adequate arrangements to support the OAG in doing audit work in the Office
- Be fully briefed on all audit work relating to the Office to be undertaken by the OAG, and other organizations
- Review the audit reports of the OAG and other organizations, as applicable, that have Office or government-wide implications, and recommend for approval appropriate responses and action plans
- Meet, as required, with the OAG and seek its comments and advice on matters of risk, control, and governance for the Office
- Be briefed on, and advise the Commissioner on, the impact of government-wide initiatives to improve management practices
Follow-up on Management Action Plans
- Ensure that there are effective arrangements in place to monitor and follow-up on management action plans responding to recommendations from internal audits, the OAG, or other organizations, as applicable
- Periodically receive reports from management on actions taken
Financial Statements and Public Accounts Reporting
- Review the Office financial statements with management and all significant accounting estimates and judgments therein and recommend to the Commissioner whether they should be accepted.
- When the Office financial statements are audited, the Audit Committee, shall review:
- the audited financial statements with the external auditor and senior management, and discuss any significant adjustments to the statements required as a result of the audit, and any difficulties or disputes with management encountered in the course of the audit
- management letters arising from the external audit of the Office’s financial statements or the Public Accounts
- the auditor's findings and recommendations relating to the internal controls in place for financial statement reporting
- the performance of the external auditor
Risk and Accountability Reporting
- Review the following to ensure that, to the best of its knowledge, there are no material misstatements or omissions in:
- the Office Corporate Risk Profile
- the Report on Plans and Priorities
- the Departmental Performance Report
- other significant accountability reports
Assessment of the Audit Committee’s performance
Audit Committee self-assessment
The Audit Committee will periodically self-assess its performance. In doing so, the Committee address fundamental questions such as: 1) Is the Committee satisfied that it has effectively discharged its responsibilities as set out in the Charter?; 2) Has the Committee contributed to the advancement of management practices? and, 3) How can the Committee improve its operating efficiency and effectiveness?
External practice inspection
At least every four years, the performance of the Audit Committee will be subject to an external assessment.
Reporting by the Audit Committee
The Audit Committee shall prepare an annual report to the COMMISSIONER. This report shall:
- summarize the Audit Committee’s activities undertaken and the results of its reviews
- provide the Audit Committee’s assessment of the Office’s system of internal controls
- document any significant concerns the Audit Committee may have in relation to the Office’s risk management, controls, and accountability processes
- provide the Audit Committee’s assessment of the capacity and performance of the internal audit function
- provide, as needed, recommendations for the improvement of risk management, controls, and accountability processes, including recommendations for the improvement of the Office’s internal audit function
- provide such other information or documentation that the Audit Committee deems important to best convey a fair and complete picture of its activity and results - and the context within which this ought to be viewed (e.g. it is good practice for the Audit Committee to disclose or include its Charter in its annual report).
Review of the Audit Committee terms of reference
The Audit Committee shall review periodically the appropriateness of its Charter, for reaffirmation by the Commissioner.
1 See Section 4.1 - Directive on Departmental Audit Committees
2 Regular scheduling of in camera meetings with the auditors makes them less threatening to management, while providing an excellent opportunity for the auditor to communicate privately and candidly with the committee. Similarly, they provide the committee with the opportunity for candid questioning of and private discussions with the auditor. This process is an excellent relationship-building device. (Source: Integrity in the Spotlight, 2nd Ed, 2005, M.J. Sabia and J.L. Goodfellow.
3 The work plan should include regular matters that come before the committee in accordance with its Terms of Reference, and any other matters of significant concern or interest that the Chairman, management and/or the auditor believe the committee should be aware of and should discuss during the period for which the plan is being created. (Source: Integrity in the Spotlight, 2nd Ed, 2005, M.J. Sabia and J.L. Goodfellow)