Appendix A

PSC Audit Code of Professional Conduct

Introduction

The Public Service Commission (PSC) of Canada is an independent agency reporting to Parliament. Under the current Public Service Employment Act (PSEA) and the new PSEA, which received Royal Assent in 2003 and which is scheduled to come into force by the end of 2005, the PSC is vested with the authority to make appointments to and within the federal Public Service. The new PSEA states in its preamble that the delegation of this authority should be to a level as low as possible within departments and agencies, to give Public Service managers the necessary flexibility to staff, manage and lead their personnel to achieve results for Canadians.

While both the current and new PSEA give the PSC the authority to conduct audits on any matter within its jurisdiction, the new PSEA provides the PSC further authority to audit and make recommendations on the exercise of authority by deputy heads in setting qualifications, requirements and needs. Furthermore, under the new PSEA, appointments continue to be subject to the policies of the PSC.

It is within this context of the increased delegation of authorities to departments that the PSC is strengthening its audit function, which is carried out by the Audit and Data Services Branch.

The PSC Audit Code of Professional Conduct adds to the professional discipline required in the conduct of PSC audits. Along with the PSC audit and other policies, it guides Audit and Data Services Branch employees on a daily basis. This Code links closely with the Values and Ethics Code for the Public Service, to which all public servants must adhere.

Application

The PSC Audit Code of Professional Conduct applies to all auditors within the Audit and Data Services Branch and to those PSC employees and contractors who may be involved in the conduct of an audit. Within the Audit and Data Services Branch, auditors include all audit employees of the Audit Operations Directorate and the Audit Policies and Quality Assurance Directorate, the Director Generals and the Vice-President, as well as individuals who are seconded to or on interchange with the PSC. Employees who feel that all or part of this Code should not apply to them should raise the matter with their supervisor. The general reporting line for employee concerns with the Code is to his or her supervisor. The President of the PSC has the sole authority to make exemptions from the application of this Code.

The Audit and Data Services Branch encourages all of its auditors to view themselves as professionals, in the sense that they aspire to high standards in the fulfillment of their employment duties and take pride in their accomplishments.

Effective Date

This Code is effective as of March 31, 2005 .

Responsibilities, Authorities and Accountabilities

In addition to the requirements outlined in this Code, Audit and Data Services Branch auditors are required to observe any specific conduct and other requirements contained in the Values and Ethics Code for the Public Service, in the Public Service Employment Act, the Financial Administration Act, and other acts, regulations and statutes which pertain to their employment, including the:

  • Access to Information Act;
  • Canada Labour Code, Part II;
  • Criminal Code of Canada ;
  • Official Languages Act and Regulations;
  • Privacy Act;
  • Public Service Labour Relations Act (formerly the Public Service Staff Relations Act); and
  • other applicable statutes.

The PSEA is the enabling legislation for the Audit and Data Services Branch and its activities. All Audit and Data Services Branch activities must be justifiable by reference to the terms and conditions of the PSEA and any other legislation that confers responsibilities on the PSC.

Audit and Data Services Branch manuals setting out audit policies, standards and practices should be referred to in the performance of audits.

Audit Requirements

1. Audit Objectivity

Auditors should not prejudge an entity being audited. They should conduct audits with objectivity. Auditors should not only be objective, they should be perceived to be so.

The validity of the work of the Audit and Data Services Branch and the confidence placed in it by the PSC, entities being audited and Parliament depend, in large measure, on their perception of the objectivity of the Audit and Data Services Branch. Therefore, objectivity is a crucial characteristic of the relationship between the auditor and the audited organization. It ensures that the auditor's findings and reports will be influenced only by evidence obtained and assembled in accordance with the audit policies, standards and practices of the Audit and Data Services Branch, as set out in professional pronouncements, Audit and Data Services Branch manuals and related methodology.

Measures to prevent conflict of interest

The Audit and Data Services Branch is particularly vulnerable to allegations of conflict of interest, whether actual, potential or perceived, because they can call into question the objectivity and competence of the Audit and Data Services Branch to pass impartial judgement. These attributes are essential to the success of the work of the Audit and Data Services Branch. Since the reputation of the Audit and Data Services Branch is based upon a number of factors, which include the public's perception of its work, an appearance of a conflict of interest on the part of an auditor can be just as damaging as an actual conflict of interest. Although conflict of interest measures are covered in the Values and Ethics Code for the Public Service, additional clarification on this subject is required.

It is clear that conflicts of interest involving an auditor and an audited organization must be avoided. However, this does not necessarily eliminate an auditor from participating in an audit of a department where he or she was previously employed. Audit and Data Services Branch policy is that at least two years should elapse before an auditor takes part in an audit of a previous employer. In any situation where the nature of the previous position, or its proximity in time, raises questions on the part of the employee or the entity, the auditor has a duty to discuss the matter with the manager in charge of the audit or with the Vice-President, Audit and Data Services Branch.

  • a. Past Employment

    Auditors obviously cannot audit their own earlier work. They also should not participate in audits that would entail examining the work of friends or close acquaintances. In addition, auditors should not actively seek employment with an entity that they are examining. This could easily be seen as impairing the auditor's judgment and objectivity. Also, should a staff member be approached by that entity about employment prospects, he or she should immediately inform the manager in charge of the audit, or a higher level authority, if appropriate.

    Recognizing that employees who are seconded to other departments or agencies remain PSC employees, secondments will not be approved by the PSC where the secondment position will, in the view of the PSC, place the Audit and Data Services Branch or the employee in a conflict of interest position.

  • b. Contractual Arrangements

    The Audit and Data Services Branch would not knowingly assign a consultant to an audit entity where the consultant (individual or company) is, has recently been, or may be contractually engaged. In such a situation, a consultant could end up auditing his or her own work or the work of his or her company. Therefore, the Audit and Data Services Branch requires a history of the consultant's business dealings with the entity being audited, covering the previous two years. The Audit and Data Services Branch will then decide whether the likelihood exists for a potential conflict of interest. In the same fashion, the Audit and Data Services Branch needs to be informed of any bid by the consultant or the company in relation to the entity being audited.

    Consultants and consulting companies contractually engaged by the Audit and Data Services Branch are required to provide a complete list, to the best of their knowledge, of current and recent contracts undertaken with an entity that they are examining, on their own behalf or on behalf of a client who has significant involvement with the entity. They are also responsible for informing the responsible audit manager for the contract of any bid, within their knowledge, that they or their company intend to make in relation to any entity they are auditing or in which they are working on behalf of the Audit and Data Services Branch.

    Auditors involved in contract negotiations have a duty to ensure that contracts entered into by the Audit and Data Services Branch are the result of well-established procedures and are above suspicion with regard to the validity of the criteria used in awarding them.

    The Audit and Data Services Branch wishes to preserve and maintain the co-operative and mutually beneficial relationships it has with consultants and companies. At the same time, the Audit and Data Services Branch must be able to demonstrate conclusively that contracts have not been subject to influence either by a former Audit and Data Services Branch employee currently with the company in question or by a former employee of the company currently employed by the Audit and Data Services Branch. Contract procedures should ensure that the Audit and Data Services Branch is protected from even the suspicion of conflict of interest.

2. Audit Effectiveness

The primary role of the Audit and Data Services Branch is to provide information to the PSC, which will allow the PSC to give assurance to Parliament as to the integrity of the appointment process. The Audit and Data Services Branch strives to achieve improvements in government activities related to the appointment process. In this regard, auditors should perform a constructive role in the formulation of their audit reports.

Although it is implicit in the auditor's role to offer the management of audited entities recommendations for improvement, care must be taken to ensure that the auditor does not assume the role of management in the provision of such advice. For example, direct participation in formulating policies or in designing systems and related controls should be avoided. In case of doubt on such matters, employees should discuss and clarify the situation with their supervisors.

3. Confidentiality of Audit Information

Auditors are required by this Code to respect the confidentiality of information acquired from audit entities. Auditors shall not disclose any official information or use it for personal reasons without authorization. Information collected in the course of an audit may only be used for the purpose for which it was collected and may not be disclosed other than for PSC audit purposes.

The Audit and Data Services Branch has developed certain practices and procedures for disclosing audit findings. These are outlined in Audit and Data Services Branch manuals. Disclosure of official information by auditors shall be only by way of such practices or with the authorization of managers. In addition, auditors must ensure the security and confidentiality of all files, whether in the offices of Audit and Data Services Branch or on the premises of the audit entity.

Entities have an interest and a right to know audit findings and conclusions. Out of fairness to those entities and to ensure proper verification of conclusions, it is necessary that all audit findings and conclusions be kept confidential until they have been completely substantiated, processed through an authorized clearance procedure with the audit entity, and approved for release by the President of the PSC. Improper or premature external disclosure of audit findings can harm the audited entity and cause embarrassment to the PSC.

The principle of confidentiality also dictates that all those working for the Audit and Data Services Branch must be cautious in discussing, with friends, relatives, and colleagues outside the Audit and Data Services Branch, work in which they are engaged, as well as projects being undertaken elsewhere in the Audit and Data Services Branch. It is necessary to take care not to make casual comments on the work of the Audit and Data Services Branch in departments or other entities.

4. Audit Substantiation

Auditors have a duty to be prepared to defend fully against a potential challenge of any and all audit findings, conclusions, and observations they make.

Just as the Audit and Data Services Branch applies criteria by which to assess the activities of audit entities, it applies a rigorous standard of proof when assessing the evidence used as the basis for audit findings and conclusions. The performance standards expected of Audit and Data Services Branch auditors are no less stringent than those that the Audit and Data Services Branch expects of the employees of the entities it audits. This is fair to audited organizations and also maintains and enhances the credibility of the Audit and Data Services Branch.

Auditors should ensure that the evidence supporting an audit report is appropriate in quality and quantity to make a convincing case for the conclusions reached.

The Audit and Data Services Branch has a duty to present only findings that are soundly based on facts and that can stand up to rigorous scrutiny. While it may be necessary, on occasion, to present conclusions that involve interpretation, such interpretation must be factual, logically consistent and reasonable. Auditors should maintain an objective, factual perspective.

5. Communications and Reporting

In compliance with the PSC communications policy, all public communications (e.g., speeches, news releases, presentation at conferences) from the Audit and Data Services Branch may only be undertaken after auditors have received the appropriate authorization from the Vice-President, Audit and Data Services Branch.

All Audit and Data Services Branch reports must meet the highest attainable standards for content and presentation. They should be written in accordance with PSC audit policies, in clear, precise and plain language and have gone through an editing process.