ARCHIVED - Audit of Expenditure Management Monitoring

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Date: September 2009

PDF Version (91 Kb, 25 Pages)

 

 

Table of Contents

 

 

Initialisms and Abbreviations

ADM Assistant Deputy Minister
AES Audit and Evaluation Sector
ARDG Associate Regional Director General
CAMM Corporate Accounting and Materiel Management
CARD Corporate Accounting and Reporting Directorate
CFO Chief Financial Officer
CSPS Canada School for Public Service
DG Director General
DM Deputy Minister
FAA Financial Administration Act
FMA Financial Management Advisor
FMC Financial Management Committee
FMM Financial Management Manual
FSR Financial Status Report
GoC Government of Canada
HQ Headquarters
HRWS Human Resources and Workplace Safety Branch
INAC Department of Indian and Northern Affairs Canada
MVR Management Variance Report
NWT Northwest Territories
OGD Other Government Department
O&M Operating & Maintenance
PAYE Payable at Year-End
PRMB Planning and Resource Management Branch
QA Quality Assurance
QC Quality Control
QMP Quality Management Program
RCA Responsibility Centre Administrator
RCM Responsibility Centre Manager
RDG Regional Director General
TB Treasury Board of Canada
 

 

Executive Summary

Introduction

Indian and Northern Affairs Canada's (INAC) operating expenses for 2007/08, excluding transfer payments and salaries/benefits, totaled $1.5 billion or 18% of departmental expenses (2006/07 - $1.1 billion or 16% of departmental expenses). This balance represents various types of expenditures including claims and litigation, environmental liabilities, court awards and settlements, travel, relocation and accommodation and other operating expenses.

Included within the 2008-2011 Risk Based Audit Plan, the Audit and Evaluation Sector (AES) identified Expenditure Management Monitoring as an audit project for 2008-2009. This project was identified as a priority by AES' risk-based planning process given the significant risks associated with the materiality of departmental expenditures, as well as the requirement for risk-based monitoring of expenditures to enable post-payment verification, as stated in the Treasury Board of Canada (TB) Policy on Account Verification.

Objectives and Scope

The objective of the audit was to provide assurance to senior management regarding the adequacy, effectiveness and efficiency of departmental controls for monitoring over expenditure management on a risk-informed basis.

This audit of expenditure management monitoring examined the adequacy of design and the effectiveness of management's key monitoring controls intended to provide assurance that expenditures are managed in compliance with applicable INAC and TB policies and that key issues are identified and communicated in a timely manner for informed decision-making purposes.

For the purpose of this audit, expenditure management monitoring is represented by two broad groups of activities:

Audit tests were conducted on expenditures incurred for the period from April 1, 2008 to March 31, 2009. Walk-through tests, tests of transactions and control design assessments were performed based on information made available to AES during the conduct phase of the audit during the period of April through June 2009.

The scope of the audit included all operational expenditures with the exception of transfer payments and compensation related expenditures; both of which will be addressed through other ongoing and planned audit projects and related initiatives.

Conclusions

In our opinion, the management control framework over the monitoring of expenditures against budget is generally effective in identifying funding pressures in a timely manner for appropriate resource allocation decisions. Areas for improvement, including improved guidance and tools, have been identified to support management in assuming their responsibilities.

Based on our assessment of the Quality Management Program over expenditure management, it is our opinion that the monitoring controls are not effective in ensuring the adequacy of the account verification system. The significant findings related to the Quality Management Program are detailed below:

Quality Control - Pre-Payment Verification
The types of expenditures that are deemed high risk and subject to pre-payment verification may be inappropriate as each region is supplementing this process to varying degrees.

Quality Assurance - Post-Payment Verification
The risk-based sampling approach to post-payment verification is limited as it does not consider specific transaction types that may be higher risk and does not allow for flexibility in sampling based on historical error rates and trends. Further, minimal procedural guidance and documentation standards have been developed for the post-payment audit process, which has resulted in inconsistencies and gaps in the approach to the process and levels of documentation across the country.

There are weaknesses in the oversight of the post-payment verification as limited error details are reported and tracked from the results of the post-payment review, impacting the ability to effectively target root causes of non-compliance through action plans. Further, no formal management reporting, action plan development and follow-up procedures have been integrated into the post-payment audit process.

Recommendations

The audit report provides a number of recommendations intended to address the audit findings. The following is a summary of the recommendations presented in the audit report.

Guidance and Tools to Support Monitoring against Budgets

Delegation of Authority Training

Pre-Payment Verification

Post-Payment Verification

Statement of Assurance

In my professional judgment, as Chief Audit and Evaluation Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on a comparison of situations, as they existed at the time of the audit against the audit criteria. It should be noted that the conclusions are only applicable for the areas examined.

 

 

1.0 Introduction

Indian and Northern Affairs Canada's (INAC) operating expenses for 2007/08, excluding transfer payments and salaries/benefits, totaled $1.5 billion or 18% of departmental expenses (2006/07 - $1.1 billion or 16% of departmental expenses). This balance represents various types of expenditures including claims and litigation, environmental liabilities, court awards and settlements, travel, relocation and accommodation and other operating expenses.

Included within the 2008-2011 Risk Based Audit Plan, the Audit and Evaluation Sector (AES) identified Expenditure Management Monitoring as an audit project for 2008-2009. This project was identified as a priority by AES' risk-based planning process given the risks associated with the materiality of departmental expenditures, as well as the requirement for risk-based monitoring of expenditures to enable post-payment verification, as stated in the TB Policy on Account Verification.

For the purpose of this audit, expenditure management monitoring is represented by two broad groups of activities:

A Quality Management Program (QMP) is a system of management controls and activities that together act to support compliance to relevant policies and directives. The QMP within the context of this audit consists of both Quality Control (QC) and Quality Assurance (QA) activities. Consistent with other areas across the Department, QC activities are those that are intended to support compliance to policies and directives and are maintained throughout a particular process. QA includes those activities used by management to independently validate compliance with requirements (i.e. QA activities are performed by an independent party that does not have operational responsibility).

 

 

2.0 Objectives

The objective of the audit of expenditure management monitoring was to provide assurance to senior management regarding the adequacy of design and the effectiveness of management's key controls intended to provide assurance that expenditures are managed in compliance with applicable INAC and TB policies and that key issues are identified and communicated for timely and appropriate decision-making.

 

 

3.0 Scope

The audit of expenditure management monitoring encompassed both the management controls in place within the CFO Sector and the accountabilities assigned for monitoring the management of expenditures assigned to the rest of the Department. The scope of the audit included all operating expenditures with the exception of transfer payments and compensation related expenditures. Both areas have been addressed through other ongoing and planned audit projects and related initiatives.

Audit tests were conducted on expenditures incurred during the period from April 1, 2008 to March 31, 2009. Walk-through tests, tests of transactions and control design assessments were performed based on information made available to AES during the conduct phase of the audit during the period of April through June 2009.

 

 

4.0 Approach and Methodology

The approach to the audit followed the requirements of the Institute of Internal Auditors' Standards for the Professional Practice of Internal Auditing and the TB Policy on Internal Audit. This means that sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions are based on a comparison of situations, as they existed at the time of the audit and against the audit criteria. It should be noted that the conclusions are only applicable for the areas examined.

The planning phase of the audit involved various procedures including: documentation review and interviews/teleconferences with representatives from the following regions/sectors: British Columbia, Alberta, Saskatchewan, Ontario, Corporate Accounting and Reporting Directorate (CARD) and Planning and Resource Management Branch (PRMB), both within the CFO sector.

Audit criteria were determined based on information gathered during the planning and risk assessment phase during the period of March and April 2009. The audit criteria served as the basis for developing the audit approach and detailed audit program for the conduct phase. The audit criteria are provided in Annex A.

During the examination phase of the audit, the activities in Manitoba, Northwest Territories (NWT), and Ontario regional offices as well as Headquarters (HQ) were examined in detail during the period of April to June 2009.

The principal audit techniques used included:

 

 

5.0 Conclusions

In our opinion, the management control framework over the monitoring of expenditures against budget is generally effective in identifying funding pressures in a timely manner for appropriate resource allocation decisions. Areas for improvement, including improved guidance and tools, have been identified to support management in assuming their responsibilities.

Based on our assessment of the Quality Management Program over expenditure management, it is our opinion that the monitoring controls are not effective in ensuring the adequacy of the account verification system.

 

 

6.0 Observations and Recommendations

6.1 Monitoring of Expenditures against Budget

Ongoing monitoring of expenditures relative to budget is critical for timely and appropriate resource allocation decisions given the increasing priorities of the Department, coupled with continuous resource constraints. Historically, the Department has struggled with timely re-allocation decisions. Over the last three fiscal years, INAC has lapsed between $15M and $17M in funding annually over and above its allowable 5% carry forward limit.

To prevent future lapses in funding, the Department has implemented a new initiative during fiscal 2008/09 whereby managers' financial management accountabilities are directly linked to their performance agreements. Each Responsibility Manager (RCM) is given a performance target which requires them to manage their expenditures to within 2.5% of their budget by the end of the fiscal year. This ensures that managers are held accountable for the management of financial resources and as a result, for fiscal 2008/09, it was expected that the Department would not lapse funds above the 5% threshold.

The Department monitors expenditures through the Financial Status Report (FSR) exercise which is performed six times per year. An extract of OASIS (the departmental financial system) is prepared monthly for each RCM; however, the manager is only required to formally update the FSR six times per year according to the schedule prepared by the CFO Sector. To perform this analysis, each RCM is required to update his/her forecast, provide justification for any significant variances and identify any funding pressures. Completed FSRs are rolled up to the regional and sector level and submitted to the ADM for approval. The signed Sector FSR is then forwarded to the CFO Sector.

As part of the overall financial monitoring exercise, a review of expenditures is performed on a monthly basis through the monthly certification process. This exercise provides assurance as to the integrity of the data in the financial system. An expenditure report is extracted from OASIS and submitted to each RCM for review at HQ and in the regions. RCMs must review their report and provide feedback for any unusual items, such as unmatched invoices, and then sign and return the report to the CARD within the CFO Sector. CARD reviews the monthly certification reports and makes the necessary corrections or works with the RCM to make the required changes or corrections.

6.1.1 Guidance Documentation Available to RCMs

While the ongoing monitoring of expenditures against budget is formalized within the Department, with roles and responsibilities understood by those involved, there are opportunities to enhance the guidance available to RCMs to support these activities.

According to the TB Guide on Financial Management Accountability in Departments and Agencies, managers must have a clear understanding of their financial management responsibilities and be able to demonstrate accountability for their performance in this regard. Financial management responsibilities include: giving consideration to obtaining the best possible value from public resources; making decisions in light of reliable and timely financial information; analysis and advice, ensuring cost effective controls are in place to ensure probity; and reporting appropriately on their financial accountability.

Within INAC, roles and responsibilities regarding financial management are defined in the job descriptions of each management position. Roles and responsibilities are also defined in the Departmental Manager's Guide to Financial Management which covers a number of Finance related topics such as planning and budgeting and managing budgets and transactions such as travel and hospitality.

Based on documentation review and interviews with key management within the CFO Sector and the regions visited, roles and responsibilities are clearly understood. It was noted; however, that RCMs in the field were not familiar with the formal guidance documentation available on the intranet, including the Manager's Guide to Financial Management. RCMs confirmed that they rely on regional based documentation or central support services for guidance and support. Further, our review of the Manager's Guide to Financial Management revealed that the guide has not been updated recently as it refers to systems and processes that are no longer in use by the Department.

OASIS provides ongoing information on the state of each RCM's budget, including funds available and forecast information based on the information input by RCMs. Each RCM must ensure that actual expenditures, commitments and obligations are accurately recorded in OASIS. The policy requiring the tracking and monitoring of soft commitments using the soft commitments module within OASIS ("Commitment Control" – Chapter 4.2 of the Financial Management Manual (FMM)) became effective April 1, 2009. However, it was identified during our interviews with RCMs across the Department, that this tool is not consistently being used as it is viewed as not meeting the needs of the RCMs in monitoring their budgets. Our audit revealed that RCMs and Responsibility Centre Administrators (RCAs) consistently developed their own monitoring tools, using spreadsheets to help manage their soft commitments. Tracking of budgets using tools outside the financial system of record impacts the reliability of decisions made, if based on information for which the accuracy and integrity cannot be confirmed.

Recommendations:

1. The DG of Corporate Accounting and Materiel Management (CAMM), in conjunction with PRMB, should ensure that the Manager's Guide to Financial Management is reviewed and updated to reflect the current environment and expectations across the Department. Once updated, in addition to the availability on the Department's intranet site, consideration should be given to distributing the manual to new and existing RCMs as a reference for their expenditure management and monitoring responsibilities.

2. The DG of CAMM, in conjunction with the regions, should ensure that RCMs and RCAs are aware of the capabilities within and the requirements to use the monitoring tools within OASIS, specifically related to soft commitments. Ongoing monitoring and enforcement programs should be established to ensure appropriate take up and acceptance of the departmental policy.

6.2 Monitoring of Expenditure Management – Quality Management Program

Financial management practices within the public sector must comply with Departmental and TB policies, as well as the various Acts of Parliament, including the FAA. The FAA outlines the authority required by individuals in order to fulfill their responsibilities for expenditure initiation and commitment authority (section 32), contract performance (section 34) and payment authority (section 33) across the Government of Canada (GoC).

The TB Policy on Account Verification requires that all payments and settlements be verified and certified pursuant to section 34 of the FAA by RCMs who are delegated the authority to certify under section 34 of the FAA. Under this policy, those individuals are responsible for the accuracy of the payment requested and the completion of account verification procedures. Responsibility for ensuring the adequacy of the system of account verification and related financial controls rests with those persons who have been delegated payment authority pursuant to FAA section 33.

Due to the high volume of transactions processed across the Department, it is not possible for the section 33 delegated authority to provide assurance of the adequacy of the section 34 account verification for each payment. As a result, the Department has implemented a Quality Management Program including both pre and post payment audit procedures, depending on the nature of the transaction. The QMP involves both quality control and quality assurance activities performed at specific points within and subsequent to the expenditure process.

The key QC activities designed into the expenditure management process include:

QA over expenditure management, as outlined in the TB Policy on Account Verification, is based on the post-payment verification process which is performed subsequent to payment and provides assurance that the section 34 approvals meet account verification standards within the maximum tolerable error rate and support the section 33 approvals. A sampling approach, considering the risks of specific types of transactions, is used. Results of the post-audit are reported to the CARD to provide trend information on areas of weakness for the Department to take corrective action.

During the course of the audit, we learned that an initiative was completed to review and formally document the post-payment verification process. The initiative resulted in the development of quality assurance checklists for each type of expenditure such as travel, relocation and hospitality and a formal document describing the post-payment audit process including roles and responsibilities and corrective actions. To date, changes to the process have not been implemented.

6.2.1 Quality Control – Delegation of Authority Training

Monitoring and enforcement of the mandatory delegation of authority training is necessary to ensure compliance with INAC and TB policies.

The understanding of their roles and the level of oversight that RCMs have in their daily management of expenditures has a direct impact on the compliance with TB and INAC policies. The results of the post-payment audit program have confirmed the poor compliance rates in 2007/08. Testing a sample of transactions for a series of critical errors for the period from April 1, 2008 to December 31, 2008, the overall result was an 8.13% error rate, with the highest region yielding an error rate of 40%. The results of our detailed file review on a sample of regions and sectors demonstrated a higher error rate of 40% (66 out of 165 transactions tested for compliance to FAA section 34).

According to the INAC FMM, Chapter 4.1.1 - Section 6.8, all managers are required to complete the Expenditure Management – Overview of Sections 32/33/34 course prior to being granted financial delegation of authority. The course, which is offered online via the Department's Intranet site, provides a brief overview of the FAA, expenditure initiation and commitment authority (section 32), contract performance, pursuant to section 34 and account verification and payment authority as per section 33. In all four modules of the course, roles and responsibilities are described for each stage of the expenditure activity. It is also possible to print the contents of the course, essentially providing the manager with a summary of expenditure management for future reference.

Our review of the course content noted that while it covers all the main topics related to expenditure management, it is very brief. We noted other sources of information available within the Department to supplement this course, including the FMM and the Manager's Guide to Financial Management. As the primary means to communicate expectations and responsibilities of RCMs; however, the course is limited in the level of detail and supporting examples to provide context to the recipient. Further, our review noted that it is possible to bypass the content of the course. The only step participants are required to complete in order to confirm that they have taken the course is to click on the "Comments" box in the final window of the course. A test is not administered nor is the participant's progress through the course monitored. Finally, once an individual has been delegated authority, no refresher training or awareness information is provided to RCMs on their ongoing responsibilities under the FAA.

RCMs are further required to complete the Canada School of Public Service (CSPS) one-day course F901 "Fundamentals of Financial Management for Managers at INAC" as soon as possible; once they have been delegated financial signing authority. While the Human Resources and Workplace Services (HRWS) Branch is responsible for tracking the completion of this course, there is currently no monitoring of compliance to ensure all RCMs have completed the necessary training in a timely manner. Based on the interviews conducted within the regions visited, limited feedback was obtained on the completion of recent training related to financial delegation of authority.

Recommendation:

3. The Director of Continuous Business Process Improvement (CBPI) in the CFO sector, in conjunction with the HRWS Branch, should ensure that the mandatory financial delegation training is completed by all delegated authorities on a timely basis. For those RCMs who do not complete the training within a reasonable time period, an appropriate escalation process should be implemented, including revoking an individual's delegated authority.

6.2.2 Quality Control – Pre-Payment Audit of High Risk Transactions

There is currently no consistency in the definition of high risk transactions, impacting the transaction types that are subject to pre-payment verification.

While the pre-payment audit process has been designed to include transactions that have been designated as higher risk, this sampling approach has not been reviewed recently and, as a result, may not reflect the current risk tolerance of the Department.

We noted that while each region visited completed the minimum pre-payment verification as built into OASIS, each region was also performing its own additional level of pre-payment verification. This may indicate that the current listing of high risk transactions might not reflect the complete risk profile of the Department relative to the management of operating expenditures. For example, the following additions to the pre-payment verification process were identified within certain regions:

As demonstrated by the examples above, there were transactions that are considered to be higher risk beyond what is built into OASIS. Without a consistent risk-based approach to the pre-payment verification process, higher risk transactions may not be subject to the appropriate level of review and scrutiny required prior to release for payment.

Recommendation:

4. The DG of CAMM should ensure, in conjunction with regional representatives, that an appropriate and consistent listing of high-risk transactions is developed for pre-payment verification, given the operational needs of the Department.

Once determined, to the extent possible these transactions should be integrated into the pre-payment verification requirements within OASIS. Process and documentation standards should be developed to ensure consistency in the approach to pre-payment verification. Periodically, a validation of the high risk transaction listing should be completed to confirm the appropriateness of those transactions subject to pre-payment verification.

6.2.3 Quality Assurance – Post-Payment Audit Program

The existing quality assurance program and related monitoring controls over expenditure management are ineffective in ensuring the adequacy of the account verification system.

6.2.3.1 Appropriateness of Sampling Methodology for Post-Payment Audit

Our review revealed limitations within the existing risk-based sampling approach for the post-payment verification process. The existing sampling strategy does not consider specific types of payments which may have an inherent higher risk relative to others. As a result, all these transactions have an equal chance of being selected as any other expenditure. For example, contract payments are inherently higher risk due to the complex nature of the procurement process and compliance to relevant policies and as such the sampling approach should take into account the higher risk nature of this type of payments.

Our audit further noted that the current sampling strategy and associated tools lack the flexibility to allow the CARD to tailor the sampling strategy, as needed. For example, if a region has an error rate that consistently exceeds the Department's maximum tolerable error of 5%, the existing approach does not allow the flexibility to adjust the sample size for this region or overall. This lack of flexibility limits the ability of the CARD to adapt the level of monitoring to changes in relative risk.

Recommendation:

5. As part of an overall redesign of the post-payment audit process, the Director of the CARD should ensure that a review of the Department's post-payment sampling strategy is conducted to ensure that it reflects the current risk profile of the Department. In addition, the functionality of the sampling tool should be updated to incorporate the flexibility to adapt the approach to changing risk conditions.

6.2.3.2 Consistency of Post-Payment Verification Procedures across the Department

As noted previously, once the post-payment audit sample is selected by the CARD, it is distributed to the regions for the conduct of the verification activities and reporting of the results. The results of our audit testing noted inconsistencies in the approach to complete the verification process across the country and the associated documentation standards to evidence the completion of the exercise.

For the region that conducts a 100% pre-payment audit verification as outlined above, no post-payment verification procedures are performed and no statistics for the level of compliance and severity of errors identified are available for tracking.

In one region visited, we noted that the post-payment checklist provided by the CFO Sector is only completed when there is an exception noted; otherwise, there is no evidence to support the completion of the verification. Further, some confusion was noted regarding the level of detail of verification expected for the post-payment audit process. Based on subsequent discussions with CARD representatives, limited guidance and direction has been provided to the regions as to the expectations of the post-payment verification process.

Recommendation:

6. In conjunction with the redesign of the post-payment verification process, the Director of the CARD should ensure that a consistent and standard post payment audit process is developed, documented and implemented, including detailed responsibilities, verification and documentation standards and associated tools to support the efficient and effective completion of the verification process.

Once developed, this process should be formally introduced and training provided to those individuals with responsibility for these activities.

6.2.3.3 Tracking and Follow-Up on Errors Reported

According to the TB Policy on Account Verification, a department's sampling plan should include the approaches to corrective action. Without a formal follow-up process, the post audit process is ineffective in addressing the cause of high error rates reported.

As the results of the post-payment verification process are submitted to the CARD, they are tracked by region and by level of severity (critical and non-critical). No further information is submitted by the regions or tracked by the CARD, including the source of the error. The inability to track and trend this level of detail of the errors limits the ability of the Department to target the remediation action plans.

Our audit also noted that there is limited reporting and follow-up by the CARD on errors reported by regions to ensure proper corrective action has been taken. The summary results of the post-payment verification process are only submitted back to the individual in the region responsible for the post-payment audit process; no results are provided back to the Director of Corporate Services or the RDG. The summary results of the post-payment audit process are provided to the Associate Deputy Minister of INAC; however, no formal reporting schedule for this information has been developed.

As noted above, there is no formal follow-up mechanism built into the post-payment verification process; therefore, regions that consistently report error rates that exceed the Department's maximum tolerable error rate of 5% are currently not required to submit an action plan to address the high error rate. As a result, the Department continues to experience high error rates and incidents of non-compliance. The most common errors identified during our file review included:

Recommendations:

7. As part of the redesign of the post-payment verification process, the Director of the CARD should ensure that the approach to reporting and tracking the post-payment verification results is more detailed to allow for more targeted action plans.

8. In conjunction with a redesign of the post-payment verification process, the Director of the CARD should ensure a formal management reporting, action plan development and follow-up process is implemented, including assigning responsibility for follow-up and periodic independent compliance reviews to CARD representatives.

By tracking and trending errors by individual RCM and by error type, more appropriate and targeted remediation can be taken. As an example, should an individual RCM be responsible for error rates above the maximum tolerable threshold over time, a specific and targeted remediation plan can be developed and implemented. Based on subsequent verification results, should no improvement result, further escalation should be considered, including revoking financial delegation. Longer term, department-wide trend results may be used to confirm the appropriateness of the processing model currently in place or whether an alternate approach should be considered.

 

 

7.0 Management Action Plan

Recommendations Actions Responsible Manager (Title) Planned Implementation Date
1. The DG of CAMM, in conjunction with PRMB, should ensure that the Manager's Guide to Financial Management is reviewed and updated to reflect the current environment and expectations across the Department. Once updated, in addition to the availability on the Department's intranet site, consideration should be given to distributing the manual to new and existing RCMs as a reference for their expenditure management and monitoring responsibilities. The Director of Transfer Payments and Financial Policy, working with the Director of Resource Management, will coordinate a review and an update of the Manager's Guide to Financial Management to address the opportunities identified in the audit. The review will include an assessment of the Manager's Guide against the current environment as well as the current Policy Framework. Based on this assessment, the Manager's Guide will be updated as required. Director of Transfer Payments and Financial Policy and Director of Resource Management March 31, 2010
2. The DG of CAMM, in conjunction with the regions, should ensure that RCMs and RCAs are aware of the capabilities within and the requirements to use the monitoring tools within OASIS, specifically related to soft commitments. Ongoing monitoring and enforcement programs should be established to ensure appropriate take up and acceptance of the departmental policy. DG of CAMM will develop a communication strategy to underline the implementation of the policy on commitment control and the tool within OASIS. Alain Gelinas

Roger Ermuth

Francine Martel
October 2009
DG of CAMM will also develop a specific directive on commitment control March 31, 2010
3. The Director of Continuous Business Process Improvement (CBPI) in the CFO sector, in conjunction with the HRWS Branch, should ensure that the mandatory financial delegation training is completed by all delegated authorities on a timely basis. For those RCMs who do not complete the training within a reasonable time period, an appropriate escalation process should be implemented, including revoking an individual's delegated authority. An appropriate escalation process for managers who have not completed the mandatory F901 training within a reasonable period of time will be established and communicated to all Departmental RCMs. The F901 course materials are currently being revised, and an instructor's manual is being created to ease the implementation of the F901 course training in the regions. INAC is dependant on outside trainers hired through CSPS for the delivery of this training. Eva Jacobs April 2010
4. The DG of CAMM should ensure, in conjunction with regional representatives, that an appropriate and consistent listing of high-risk transactions is developed for pre-payment verification, given the operational needs of the Department.

Once determined, to the extent possible these transactions should be integrated into the pre-payment verification requirements within OASIS. Process and documentation standards should be developed to ensure consistency in the approach to pre-payment verification. Periodically, a validation of the high risk transaction listing should be completed to confirm the appropriateness of those transactions subject to pre-payment verification.
DG of CAMM is in the process of developing an Account Verification Framework that encompasses policies, roles and responsibilities and processes. A key component of the Framework is a risk assessment of both non-salary and salary payment transactions. Risk matrices have been developed that assess risk according to a pre-determined set of risk factors. High-risk payment transactions will be subject to 100% pre-payment verification. Following approval and implementation of the Framework, the risk assessments will be re-evaluated periodically and Risk Matrices updated as required. Alain Gelinas

Roger Ermuth

Francine Martel
Risk Matrices End December 2009

Account Verification Framework

April 2010
5. As part of an overall redesign of the post-payment audit process, the Director of the CARD should ensure that a review of the Department's post-payment sampling strategy is conducted to ensure that it reflects the current risk profile of the Department. In addition, the functionality of the sampling tool should be updated to incorporate the flexibility to adapt the approach to changing risk conditions. The current post-payment sampling strategy is in the process of being re-visited. Once the risk assessments referred to in #4 above have been finalized, we will be incorporating these in the departmental Sampling Plan that will be developed commencing December 2009. The Sampling Plan will rationalize the extent of verification based on the assessed risk and will include the sampling software/tool used, sampling parameters (ex confidence level, historical error rate, maximum tolerable error rate), sampling methodology, sampling review period and sampling correction requirements. In addition to other factors (such as cost, ease of implementation etc.), the selection of the sampling software will be based on the tool's ability to accommodate the desirable sampling methodology as well as its ability to be used to extract samples from high, medium and low risk populations. Roger Ermuth

Francine Martel
January 2010
6. In conjunction with the redesign of the post-payment verification process, the Director of the CARD should ensure that a consistent and standard post payment audit process is developed, documented and implemented, including detailed responsibilities, verification and documentation standards and associated tools to support the efficient and effective completion of the verification process.

Once developed, this process should be formally introduced and training provided to those individuals with responsibility for these activities.
The Account Verification Framework currently under development will include procedures for the post-payment audit process including roles and responsibilities and clear detailed definitions of critical errors, classification errors and less critical errors to ensure that there is a common understanding department-wide. These procedures will be supported by a generic Checklist that will be used by Finance Officers department-wide to track errors.

Training materials on these procedures will be developed and used to communicate the process to the individuals involved in these activities.
Roger Ermuth

Francine Martel
April 2010
7. As part of the redesign of the post-payment verification process, the Director of the CARD should ensure that the approach to reporting and tracking the post-payment verification results is more detailed to allow for more targeted action plans. In the re-designed post-payment verification process, errors will be documented according to the updated detailed definitions and tracked using a generic Checklist. This will enable the identification of specific areas of concern that can be segregated and addressed in a targeted action plan. Roger Ermuth

Francine Martel
End December 2009
8. In conjunction with a redesign of the post-payment verification process, the Director of the CARD should ensure a formal management reporting, action plan development and follow-up process is implemented, including assigning responsibility for follow-up and periodic independent compliance reviews to CARD representatives. The Account Verification framework will include a process for management reporting of errors including remediation plan. CAR will also develop compliance review framework to ensure policy is being adhere to by all RCMs. Roger Ermuth

Francine Martel
April 2010
 

 

Annex A - Audit Criteria

Audit Objective Criteria Sub-criteria
To assess the adequacy, effectiveness and efficiency of controls for monitoring and managing expenditures on a risk-informed basis. 1.0 Oversight of expenditures exists at the necessary levels across the Department to facilitate timely identification, communication and decision-making relative to expenditures. 1.1 Roles and responsibilities regarding the monitoring of expenditures are clearly defined and understood.

1.2 Budgets and forecasts are monitored, at a minimum quarterly, against actual expenditures and approved by senior management to ensure identification of issues for timely decision-making.

1.3 Analytical review of financial statements is completed to confirm appropriate classification, cutoff and completeness of expenditures.

1.4 Tools, training, support mechanisms and guidelines have been developed to assist in the monitoring of expenditures.
  2.0 Controls have been established and consistently applied to ensure the management of expenditures. 2.1 Roles and responsibilities regarding the management of expenditures are clearly defined and understood.

2.2 Appropriate management controls have been designed and are operating effectively to ensure that expenditures are recorded accurately, completely and in compliance with relevant TB and INAC policies.

2.3 Tools, training, support mechanisms and guidelines have been developed to assist in the management of expenditures.
 
 
Date modified: