Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Terms of Reference for the Audit Committee

Table of Contents

1. Introduction

2. Mandate

3. Committee Reporting and Composition

4. Committee Meetings

5. Responsibilities

6. Operations

7. Evaluation of the Committee's Performance

8. Annual Report

9. Approval of Committee Terms of Reference

Revised: June 2019

1. Introduction

This document outlines the purpose, responsibilities, membership and operating procedures of the Audit Committee (the Committee) in the Office of the Privacy Commissioner of Canada (OPC).

The Committee is an essential component of the internal audit regime established within OPC and reflective of both the Treasury Board Policy on Internal Audit which came into effect on April 1, 2006Footnote 1 and the Joint Agreement of the Working Group of Officers of Parliament.Footnote 2 The latter reinforces OPC’s status as an Officer of Parliament.

The Working Group of Officers of Parliament have agreed that the intent of the government’s Internal Audit Policy shall be reflected in the Internal Audit systems, processes and infrastructure within each Office of Parliament, but taking account of their status of independence and their relatively small size.

2. Mandate

The Committee provides objective advice and recommendations to the Commissioner regarding the sufficiency, quality and results of internal audit engagements related to the adequacy and functioning of the OPC's frameworks and processes for risk management, control and governance. To give the Commissioner this support, the Committee reviews, with a risk guided focus, all areas of responsibility for departmental audit committees related to OPC management, control and accountability processes as determined by the Comptroller General of Canada. The work of the Committee reinforces the quality and reliability of the financial and other performance information used by OPC managers for decision-making and reporting and, in so doing, contributes to enhanced managerial accountability. The Committee also serves to reinforce the independence, effectiveness and accountability of the Chief Audit Executive.

The Committee also provides advice and recommendations on matters for which the Commissioner, as accounting officer, is responsible and on other related matters as needed or as may be requested by the Commissioner.

3. Committee Reporting and Composition

3.1 Membership

The Commissioner is responsible for establishing an independent audit committee for the Office consisting of a miminum of three members, of which a majority are to be external members, not currently members of the Federal Public Service and the Commissioner is an ex-officio member. To the extent possible, committee membership is to reflect Canada’s diversity in terms of gender, official languages, Indigenous Canadians, minority groups and regional representation. The chair of the Committee is to be from outside the federal public administration. The Chief Audit Executive (CAE)/Chief Financial Officer (CFO) attends all meetings.

The Commissioner is responsible for selecting the Committee’s Chair, the members and the Secretary. All members of the Committee shall be, or become within the first year of appointment, financially literate and familiar with financial reporting. At least one member is a financial expert who possesses a professional accounting designation in good standing.

Members shall be independent as demonstrated by their absence of real and perceived, direct and indirect, personal and financial interest or that of their family and business associates and competitors AND by their personal capacity and behaviour to engage the management, CAE and external auditors in demanding explorations of practices and areas of concern. It extends to seeing this principle through to standing by one’s challenge to reports and practices held to be incompatible with the facts or to acceptable practices – even when colleagues on the Committee may be inclined to defer. The consequence of this is the duty to inform the Commissioner directly in such a case. Protection of independence may result in a mutual agreement to terminate the appointment.

The external members of the Committee shall declare their independence and absence of conflict of interest annually. Each external member is required to complete, annually, a declaration form, to be reviewed by the CAE.

3.2 Reporting

The Chair represents the Committee in periodic meetings with the Commissioner.

3.3 Length of Term

Members shall normally be appointed for a term of four years. A member shall serve no more than two terms and a total of six years. To ensure continuity, mandates can be staggered or, in exceptional circumstances, can extend beyond 6 years.

4.Committee Meetings

4.1 Frequency

The Committee shall meet two or three times a year either in person or by teleconference, with more meetings as deemed necessary by the Chair. The Committee’s meeting schedule will normally be set out six months in advance so that OPC management and internal auditors can prepare the information and reports required to support the Committee’s work. Rescheduling of Committee meetings will be by exception only.

4.2 Quorum

Quorum shall be a majority of the members, including if necessary, the Commissioner in his or her capacity as ex-officio member. No alternates shall be permitted.

4.3 Preparation and Attendance of Members

To enhance the effectiveness of the Committee meetings, each member shall:

  • Devote the time necessary to prepare for, and participate in, each meeting: this involves reading the reports and reference documents provided for the meeting;
  • Maintain an excellent record of attendance at meetings.

4.4 Attendance of Non-Members

The Chief Audit Executive shall attend all meetings of the Committee. The Chair may request the attendance of other senior officials. When required, the Chair shall ask a senior representative of the external assurance providers to attend the Committee meetings to discuss the plans, findings and other matters of mutual concern.

4.5 Minutes of meetings

Minutes of each meeting are kept and contain the list of attendees, a summary of the decisions made and an overview of the points discussed. The minutes are approved by the Committee and signed by the Chair on behalf of the Committee.

4.6 In camera meetings

As part of each Committee meeting, the Committee shall meet in camera with the contracted internal auditors, representatives of external assurance providers when in attendance and any other officials the Committee decides to call. In addition there shall be an in-camera session between the external Committee members and the CAE/CFO at every meeting.

4.7 Committee's Annual Plan

The Chair, in consultation with the other members of the Committee, shall prepare a plan for recommendation to the Commissioner, to ensure that the responsibilities of the Committee are scheduled and fully addressed.

4.8 Examination of the Committee's Terms of Reference

The Committee shall periodically review its terms of reference and if revised, submit them to the Commissioner for approval.

5. Responsibilities

The particular emphasis and priorities from among the Committee’s key areas of responsibility are to be set by the Commissioner in consultation with the Committee. In doing so, consideration is given to the OPC’s mandate, objectives and priorities, as well as the corresponding risks affecting the organization.

Below are the key areas of responsibility that fall within the scope of concern of the Committee, and that will be reviewed with an appropriate risk-guided focus and cycle.

5.1 Values and Ethics

The Committee shall review and provide advice on the OPC’s systems and practices established by the Commissioner to monitor compliance with laws, regulations, policies and standards of ethical conduct and identify and deal with any legal or ethical violations. This may also include the arrangements established by management to exemplify and promote public service values and to ensure compliance with laws, regulations, policies, and standards of ethical conduct.

5.2 Risk Management

The Committee shall review and provide advice on the risk management arrangements established and maintained by the OPC.

5.3 Management Control Framework

The Committee shall review and provide advice on the OPC's internal control arrangements, and be informed on all matters of significance arising from the work performed by others who provide assurances to senior management and the Commissioner.

5.4 Internal Audit Function

The Committee shall:

  • Recommend, and periodically review, the OPC Internal Audit Charter for approval by the Commissioner;
  • Provide advice to the Commissioner on the sufficiency of resources of the internal audit function;
  • Review and recommend for approval by the Commissioner the Risk-Based Audit Plan;
  • Monitor and assess the performance of the Internal Audit function;
  • Advise the Commissioner on the recruitment and appointment, as well as the performance of the Chief Audit Executive;
  • Review and recommend for the Commissioner's approval internal audit reports and corresponding management action plans to address recommendations;
  • Be advised of audit engagements or tasks that do not result in a report to the Committee and be informed, by the appropriate level of management, of all matters of significance arising from such work;
  • Review regular reports on progress against the risk-based audit plan.

5.5 External Assurance Providers

The Committee shall be informed of and shall advise the Commissioner on:

  • All audit work relating to the OPC to be undertaken by external assurance providers, including management's response; and,
  • Audit-related issues and priorities raised by external assurance providers.

5.6 Financial Statements and Public Accounts Reporting

The Committee shall review and provide advice to the Commissioner on the key financial management reports and disclosures of the OPC, including quarterly financial reports, annual financial statements and Public Accounts.

The Committee shall also review the annual Statement of Management Responsibility Including Internal Control over Financial Reporting and provide advice to the Commissioner on the risk-based assessment plans and associated results related to the effectiveness of the OPC’s system of Internal Control over Financial Reporting.

Since the OPC financial statements are audited by the OAG, the Committee shall review:

  • The financial statements with the external auditor and senior management, discuss any significant accounting estimates and adjustments therein, any adjustments required to the statements as a result of the audit, as well as any difficulties or disputes encountered with management during the course of the audit;
  • Management letters arising from the external audit;
  • The auditor's findings and recommendations relating to the internal controls in place for financial reporting and consider their impact on controls, risk management and governance processes.

5.7 Follow up on Management Action Plans

The Committee shall review regular reports on the progress of the implementation of approved management action plans resulting from prior internal audit recommendations as well as management action plans resulting from the work of external assurance providers.

5.8 Accountability Reporting

The Committee shall receive copies of the Departmental Plan, the Departmental Results Report and other significant accountability reports. These reports provide context for the deliberations of the Committee and advice to the Commissioner. Over time, and in the course of successively reviewing these documents, the Committee will be attentive to, and provide advice on, any material misstatements or omissions.

5.9 Evaluation Plans and Reports

The Committee shall, at a minimum, receive copies of evaluation plans and evaluation reports for information. The Committee may also provide advice and recommendations on evaluation activities as may be requested by the Commissioner.

5.10 Other Duties

The Committee shall serve as an external independent oversight mechanism to which the OPC management can report on classification-related trends or high-risk elements stemming from its classification activities for non-EXs, as needed.

6. Operations

6.1 Access

The Committee has full access to the Chief Audit Executive and the other OPC employees and documents required to fulfill its responsibilities, subject to applicable legislation. The CAE has full access to the Committee and to the Committee Chair.

6.2 Orientation, Training, and Continuing Education of Committee Members

Members shall receive formal orientation and training on the Committee's responsibilities and objectives and on the business of the OPC.

6.3 Support

The Internal Audit function provides the Committee with the necessary support to carry out its responsibilities and fulfill its duties. The Committee also has the power to obtain independent help and advice. The support to the Committee includes among other things:

  • Administrative duties (i.e., preparation and distribution of meeting agendas, minutes and materials);
  • Supporting the Committee in executing its work;
  • Supporting the Committee in assessing its performance;
  • Supporting the Committee in its accountability reporting;
  • Supporting the orientation for new members.

6.4 Duty to Inform and Duty to Resign - Disagreement

In the event that a member of the Committee has a difference of opinion with another member that cannot be resolved by the Chair or if the member has an unresolved difference of opinion with the Chair and provided that the difference of opinion, from the perspective of the member, has, or could have, a material, negative impact on the fairness of reported information or on the integrity of operations of the OPC or involves the questionable behaviour of an individual then the member shall bring the issue forward for resolution, as follows:

  • Bring the issue to the attention of the Commissioner within a reasonable timeframe.
  • If the Commissioner is unable to resolve the issue and if the member is of the opinion that the issue still remains, the member has a duty to resign.

7. Evaluation of the Committee's Performance

The Committee shall periodically evaluate its own performance to continually improve how it carries out its responsibilities. The Committee’s performance shall also be part of an external evaluation of the internal audit function that is to be carried out at least every five years, by an independent auditor.

8. Annual Report

The independent members of the Committee shall submit an annual report to the Commissioner that shall:

  • Summarize the results of the Committee's reviews of areas of responsibility;
  • Provide the independent members' assessment, and make recommendations as needed on the capacity, independence and performance of the internal audit function; and,
  • Express views in the annual report that shall be entirely and exclusively those of the independent members, notwithstanding any assistance given by OPC officials in the preparation of the annual report.

9. Approval of Committee Terms of Reference

 



Reviewed by the Audit Committee


Date

 



Approved by the Commissioner


Date

Table of Contents

1. Introduction

2. Mandate

3. Committee Reporting and Composition

4. Committee Meetings

5. Responsibilities

6. Operations

7. Evaluation of the Committee's Performance

8. Annual Report

9. Approval of Committee Terms of Reference

Date modified: