ARCHIVED - Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences

Archived information

This Web page has been archived on the Web. Archived information is provided for reference, research or record keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Date : June 2012
Project # 10-33

PDF Version (161 Kb, 27 Pages)

 

 

Table of Contents

 

 

Acronyms

AANDC
Aboriginal Affairs and Northern Development Canada

AES
Audit and Evaluation Sector

AMEX
American Express

ARI
Automotive Research International

BMO
Bank of Montreal

CFO
Chief Financial Officer

DOA
Delegation of Authority

DTC
Designated Travel Card

DRCTC
Designated Responsibility Centre Travel Card

FAA
Financial Administration Act

NCR
National Capital Region

TAA
Travel Authority and Advance

TB
Treasury Board

 

 

Executive Summary

Background

The Audit and Evaluation Sector (AES) of Aboriginal Affairs and Northern Development Canada (hereon referred to as "AANDC" or "the Department") identified an Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences in the 2011-12 to 2013-14 Risk-Based Audit Plan approval by the Audit Committee on February 22, 2011. The audit was included in the plan on the basis that departmental expenditures on acquisition cards, travel, hospitality, taxis and conferences are subject to strict policy requirements, and are by their nature, subject to government and public scrutiny.

On January 1, 2011, the Treasury Board (TB) announced the implementation of a new Directive on Management of Expenditures on Travel, Hospitality and Conferences. The directive replaces the 1993 TB Hospitality Policy and is intended to ensure that expenditures associated with travel, hospitality and conferences are prudently managed, maximizing their effectiveness in contributing to organizational mandates, while minimizing costs and demonstrating value for money.

Audit Objective and Scope

The objective of this audit was to provide assurance over the adequacy and effectiveness of the management controls supporting the use and management of acquisition cards [Note 1] and the procurement of travel, hospitality, taxis and conferences, including compliance with applicable legislation, policies, procedures and guidelines.

The scope of the audit examined the efficiency and effectiveness of the management control framework in place to support the Department's acquisition card and travel card programs. Testing covered the period April 1, 2009 to June 30, 2011 and focused on the extent to which there was compliance with central agency and AANDC policies and directives.

Statement of Assurance

In my professional judgment as Chief Audit and Evaluation Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on observations and analyses of the situations as they existed at the time against the audit criteria. The conclusions are only applicable to the Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences. The evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canada and International Standards for the Professional Practice of Internal Auditing.

Recommendations

The audit team identified areas where the management control framework for acquisition, travel and ARI cards could be improved, resulting in three recommendations. Specifically, the Audit and Evaluation Sector recommends the Chief Financial Officer:

  1. Communicate the delegation of authority requirements to reinforce responsibilities to exercise DOA and ensure evidence is maintained to demonstrate compliance with authorities.

  2. Complete and communicate the policy related to the use of individual designated travel cards (American Express cards). This policy should outline the roles and responsibilities governing card issuance, monitoring and reporting, consequences for card misuse, and the requirement for training to help ensure cardholders understand the policy.

  3. Implement more formalized monitoring framework to effectively track, follow-up and take appropriate action against all cardholders (acquisition cards, travel cards and ARI cards) who are not in compliance with the respective policy. Such a monitoring framework should be documented, risk based, [Note 2] and should include clear roles and responsibilities. This process should also take advantage of technology tools (e.g. IDEA, ACL, etc.) that can help identify potential problem or unauthorized charges from the entire population. The use of technology would enable a more efficient and effective monitoring program that can identify and resolve issues before they become larger, more complex problems.

Conclusion

The audit concluded that internal controls were in place and operating effectively over the audit period examined. The audit identified that improvements in the exercise of the section 32 approval for acquisition cardholders are needed. The audit found that, in general, acquisitions and purchase transactions are conducted in compliance with the Travel Directive with the exception of the acquisition cardholder acknowledgement of responsibility. The audit found that the management control framework in place for acquisition and travel cards, hospitality, conferences, taxi chits and ARI fleet cards was generally effective and that supporting processes were efficient; however, the travel card policy needs to be implemented as well as a more formalized monitoring framework.

Opportunities for Efficiencies

In addition to these recommendations, the audit noted other opportunities in the areas of taxi chit monitoring and acquisition card payments for increased efficiencies. These opportunities were communicated to management orally during the audit debrief and are summarized in Section 5.3.

 

 

1. Background

The Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences was included in AANDC's 2011-12 to 2013-14 Risk-Based Audit Plan, recommended for approval by the Audit Committee on February 22, 2011. The audit was included in the plan on the basis that departmental expenditures on acquisition cards, travel, hospitality, taxis and conferences are subject to strict policy requirements, and are by their nature, subject to government and public scrutiny.

On January 1, 2011, the Treasury Board (TB) announced the implementation of a new Directive on Management of Expenditures on Travel, Hospitality and Conferences. The directive replaces the 1993 TB Hospitality Policy and is intended to ensure that expenditures associated with travel, hospitality and conferences are prudently managed, maximizing their effectiveness in contributing to organizational mandates, while minimizing costs and demonstrating value for money.

At AANDC there are two main types of charge cards used as a method of payment for goods and services: acquisition cards and travel cards. Acquisition cards are used as a method to pay for day-to-day expense items and to pay for conferences and hospitality, while travel cards are used as a method to pay for pre-authorized government travel expenses. In addition to these cards, the Department also has charge cards to cover expenses associated with fleet vehicles.

1.1 Acquisition Cards

Acquisition cards are charge cards used by departments and agencies as a method of procuring and paying for day-to-day expense items for standard maintenance, repair and operational goods and services under $5,000. [Note 3] They are intended to simplify the process of procuring and paying for goods and services, thereby generating savings in procurement and expenditure processing. Although the use of an acquisition card is not mandatory, it is strongly encouraged when the purchase is within delegated transaction authority and it is efficient, economical and operationally feasible. At AANDC, procurement using an acquisition card is subject to the requirements of the Department's Acquisition Card Policy, in addition to those set forth by the Government of Canada.

1.2 Travel Cards

Travel cards provide a convenient and practical method to pay for authorized government travel expenses. Travel cards reduce or eliminate the need to issue travellers cheques or Receiver General cheques for standing or accountable advances to cover travel expenses. Travel cards are to be used to the maximum extent when it is practical, efficient, economical and feasible to do so. Government departments and agencies have access to two types of travel cards: the individual designated travel card (DTC); and the designated responsibility centre travel card (DRCTC). The DTC is the recommended method of payment to be used by employees and designated personnel to incur authorized government travel expenses, including accommodations, car rental, and other travel expenses while on travel status. In limited, pre-approved instances, hospitality expenditures may be incurred while on travel status. The DRCTC is the preferred method of payment to purchase common carrier transportation, including travel by air, rail, sea or ground, when arranged through the government-approved supplier.

1.3 Other Uses of Acquisition and Travel Cards

In addition to the items noted above, acquisition cards can be used to cover conference and hospitality expenditures. Individual travel cards can be used to procure taxi services but only while the employee is on travel status, as defined by the National Joint Council Travel Directive.

1.3.1 Conferences

Conferences are conventions, seminars or other organized gatherings where participants debate or are informed of the status of a particular discipline. Retreats, work-planning meetings and seminars or courses that provide training are not considered conferences. [Note 4] Payments for conference expenses can be made using an acquisition card or a departmental cheque.

1.3.2 Hospitality

Hospitality expenditures include the provision of meals, beverages or other refreshments to non-federal government persons in events, including conferences, which are necessary for the effective conduct of government business and for courtesy, diplomacy or protocol purposes. [Note 5] While mostly prohibited, in some circumstances, and within restrictions defined by the Directive on the Management of Expenditures on Travel, Hospitality and Conferences, hospitality can be provided to federal government persons. Similar to conference expenses, hospitality expenditure payments can be made by acquisition card, departmental cheque or individual DTC, as outlined above.

1.3.3 Taxis

Expenditures on taxi services can be incurred in the following two ways: (1) while on travel status or (2) while conducting Government of Canada business in the employee's local area. Taxi expenditures incurred while on travel status can be paid for using individual DTCs, cash or other electronic forms of payment. Taxi expenditures incurred while not on travel status but while conducting government business can be paid for using taxi chits – issued in booklets by the Chief Financial Officer (CFO) Sector as a means of payment for taxis – cash, or other electronic forms of payments. Employees opting not to use taxi chits are reimbursed through petty cash claims (under $35) or departmental cheque.

1.4 ARI Fleet Cards

Automotive Resources International (ARI) Fleet cards are issued to help facilitate the maintenance and ongoing operation of fleet vehicles owned by the department.  The use of ARI Fleet Cards (or ARI MasterCards) is only valid for authorized purchases of supplies and services essential to the operation of land vehicles, air and marine craft, and motorized equipment owned or leased by departments and agencies of the Government of Canada. The purpose of the ARI Fleet Card is to provide a mechanism for departments and agencies to benefit from the government tax exemption status, volume discounts and to capture information from fleet-related transactions.

1.5 Liability and Card Misuse

Departments and agencies are liable for all authorized charges on individual DTC statements that are delinquent but are not liable for unauthorized charges. [Note 6] Actions by acquisition cardholders that demonstrate non-compliance with the Treasury Board Directive on Acquisition Cards, including fraud, breach of trust, theft, and other offences, may be subject to the offences and punishments outlined in the Financial Administration Act (FAA sections 76-81) and the Criminal Code (sections 121-122, 322 and 380).

1.6 Summary of Expenditures

The following tables summarize departmental expenditures, based on the data provided by CFO Branch, by line item for the fiscal years 2009-10, 2010-11, and the first quarter of 2011-12.

  Period
Expenditures by Line Item 2009-10 2010-11 Q1 2011-12
Travel 36,598,680 35,758,931 4,806,004
Hospitality 905,730 958,201 90,333
Conferences & Seminars 576,070 479,895 80,961
Taxi Chits 434,639 437,651 74,277
  Period
Expenditures by Card 2009-10 2010-11 Q1 2011-12
Departmental Travel Cards 10,558,848 10,937,217 1,062,890
Acquisition Cards 10,431,530 12,776,953 960,566
 
 

The annual ARI Fleet card expenditures for the Department in 2010-11 totaled $450,165. Approximately 150 ARI Fleet cards were in circulation at the end of audit fieldwork (January 2012).

The first quarter results appear lower compared to the previous two fiscal periods as expenditures are typically lower in the first quarter when full year budgets may not yet be finalized. As a result, expenditures are historically more weighted to the later quarters.

 

 

2. Audit Objectives and Scope

2.1 Audit Objective

The objective of this audit is to provide assurance over the adequacy and effectiveness of the management controls supporting the use and management of acquisition cards and the procurement of travel, hospitality, taxis and conferences, including compliance with applicable legislation, policies, procedures and guidelines.

2.2 Audit Scope

The scope of the audit examined the efficiency and effectiveness of the management control framework in place to support the Department's acquisition card and travel card programs. Testing covered the period from April 1, 2009 to June 30, 2011 and focused on the extent to which there was compliance with Treasury Board and AANDC policies and directives in the following areas as applicable to each transaction type: (i) card issuance and control; (ii) pre-approval of expenditures; (iii) eligibility of expenditures; (iv) approval and payment of invoices/claims; and, (v) monitoring and compliance. In order to determine the level of compliance, a judgemental sample of transactions was examined for appropriateness [Note 7], completeness, accuracy and timeliness. Substantive control and compliance testing was completed on acquisition cards, travel, hospitality and conferences. The management control framework was assessed for all of the in-scope processes.

Fieldwork was conducted at headquarters and a selection of sector and regional offices were included through sample transaction testing as well as follow up discussions with management to understand the control framework in place. The Electronic Management Tool (EMT) was implemented subsequent to the period of scope for the audit and as a result was excluded from the audit.

2.3 Statement of Assurance

In my professional judgment as Chief Audit and Evaluation Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on observations and analyses of the situations as they existed at the time against the audit criteria. The conclusions are only applicable to the Audit of Acquisition Cards, Travel, Hospitality, Taxis and Conferences. The evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canada and International Standards for the Professional Practice of Internal Auditing.

 

 

3. Approach and Methodology

The audit was planned and conducted in accordance with the Internal Auditing Standards for the Government of Canada as set out in the Treasury Board Policy on Internal Audit. Sufficient and appropriate audit procedures have been conducted and evidence gathered to support the audit conclusion provided and contained in this report.

The principal audit techniques used included:

The approach used to address the audit objective included the development of audit criteria against which observations, assessments and conclusions were drawn. The audit criteria developed for this audit are included in Appendix A.

Detailed transaction testing was completed based on a judgmental sample of 100 transactions over the scope period. The CFO Sector provided detailed transaction records/expenditures for acquisition cards, travel, hospitality and conferences from departmental financial reporting system (Oasis). This information formed the basis for the selection of the audit sample. The following table summarizes the number of sample items selected by transaction type and location. The sample sizes were based on the relative amount of dollar expenditures noted in section 1.6 and the need to have reasonable sample sizes (i.e. minimum of 5 samples for each of hospitality and conference) with representation from Headquarters and Regions. IDEA was used to randomly generate sample transactions to be audited.

Transaction Type Headquarters Regions
Acquisition Card 15 15
Travel 25 25
Hospitality 5 5
Conference 5 5
Total 50 50
 

 

4. Observations and Recommendations

Based on a combination of the evidence gathered through the examination of documentation, analysis and interviews, each audit criterion was assessed by the audit team and a conclusion for each audit criterion was determined. Where a significant difference between the audit criterion and the observed practice was found, the risk of the gap was evaluated and used to develop a conclusion for each audit criterion and to document recommendations for future improvement initiatives.

The audit team identified weaknesses in the design and operation of internal controls, resulting in three recommendations. The findings and recommendations are organized according to the following two broad areas: Delegation of Authorities; and, Monitoring and Oversight.

4.1 Internal Controls and Compliance

The audit selected a total of 100 transactions (as outlined above), split evenly between headquarters and regions, to test in detail acquisition card, travel, hospitality and conference expenditures. These transactions were tested for operating effectiveness of FAA section 32, 34, and 33 controls as well as compliance with applicable policies (National Joint Council Travel Directive and AANDC Policy on Acquisition Cards). The results of our testing, by type of transaction, are provided in sections 5.1.1 to 5.1.4.

Internal controls governing taxi expenditures and ARI fleet cards were not substantively tested as part of the audit due to the low level of materiality these expenditures represent on an annual basis. In absence of substantive testing, the audit team analyzed the respective control frameworks to identify potential control gaps. The results of our analysis are provided in sections 5.1.5 and 5.1.6.

4.1.1 Section 32

Section 32 is the authority to approve a commitment on behalf of the government to enter into a contractual or other arrangement. Section 32 is typically completed by a physical signature from an employee with delegated authority; however, in the case of acquisition cards, the cardholder themselves (typically an administrative assistant), and not the responsibility centre manager, has Section 32 authority over purchases made on the card.

All employees requiring Section 32 delegated authority must undergo training before the authority is delegated. In the case of acquisition cards, the cardholder is required to undergo training on delegated authority before delegated authority and the acquisition card is granted.

Preapproval for travel, hospitality and conferences are evidenced by a signature approving the travel, hospitality or conference on the requisite form (e.g. a Travel Authorization and Advance form).

Acquisition card expenditures: Delegation of authority for Section 32 on all acquisition cards is evidenced by the cardholder signing a specimen card upon card issuance. Signing cards are retained in Finance (Headquarters or Regional) and used to pre- and post-audit acquisition card transactions. Out of the 30 sample transactions selected, only four (4) transactions were found to have appropriate Section 32 authority in evidence.

It was noted by management that prior to November 25, 2010, no delegation of authority form was prepared (i.e. signature card) for cardholders. Of the remaining transactions selected after November 25, 2010, two (2) of seven (7) samples did not have documented evidence of Section 32.

Travel card expenditures: Before an employee is eligible for travel status, they must obtain pre-approval (Section 32) for their planned expenditures from the appropriate delegated authority. In the majority of cases, this occurs via the Travel Authority and Advance (TAA) form that lists the estimated costs by line item (e.g. accommodations, transportation, meals, etc.). In instances where employees are required to travel frequently and on short notice, they may receive "blanket" approval for their travel at the beginning of the year.

Audit testing noted 11 of 50 transactions did not have documented Section 32 delegated authority in evidence (seven (7) in Regions, four (4) in Headquarters). Exceptions included: no physical Section 32 signatures on the TAA form, dates of approval outside the effective date of authority as per the signature card; unavailable signature cards; and, unavailable TAA forms.

Hospitality expenditures: Hospitality request forms are completed by employees to obtain prior approval for hospitality. Section 32 was found to be operating in eight (8) of the 10 sample transactions tested. The two exceptions were found to have a signature; however, the supporting delegation of authority specimen signature card was not provided during the audit and was therefore noted as an exception.

Conference expenditures: Request forms are completed by employees to obtain Section 32 approval in advance of registering and attending the conference. Section 32 was found to be in existence in all 10 sample items tested during the audit.

4.1.2 Section 34

Section 34 is the request for payment out of the Consolidated Revenue Fund. It is typically evidenced by a physical signature from an individual with delegated authority who is responsible to review the documentation provided by the employee to support the expenditure. Documentation typically includes original receipts or invoices that demonstrate the type of expenditure to be paid.

Acquisition card expenditures: Of the 30 transactions reviewed, Section 34 was generally found to exist as evidenced by a sign-off from the individual with delegated authority over the funds in question. All of the Headquarters transactions assessed were appropriately approved under Section 34 authority, whereas three (3) out of 15 Regional sample items did not have the appropriate Section 34 approval in evidence.

Travel card expenditures: The audit noted seven (7) of 50 transactions where Section 34 was not in evidence. Reasons for the exceptions included: unclear approval as no signature provided on the Section 34 stamp or signature not legible; date of approval outside the effective date of authority as per the signature card; and no signature card provided to substantiate the Section 34 authority of the approver.

Hospitality expenditures: Section 34 was found to be in existence in all 10 sample items tested during the audit.

Conference expenditures: Section 34 was found to be in existence in all 10 sample items tested during the audit.

4.1.3 Section 33

Section 33 is approval for payment. Payment is certified by the approver based on the goods or services receipt, terms of the contract or eligibility of the payee. Section 33 within the Department is exercised by Finance first in the Region (Section 33a) and then in Headquarters in the CFO Branch (Section 33b).

Acquisition card expenditures: In all but two (2) instances, the 30 transactions reviewed provided evidence of appropriate approval. Of the two exceptions, one occurred at Headquarters and the other occurred in a regional office. In the Region, the supporting documentation was not able to be found and in Headquarters the batch was not able to be found.

Travel card expenditures: Section 33 was found in evidence for 47 of the 50 test transactions. Lack of documentation was the reason noted in the three (3) cases where Section 33 was not in evidence.

Hospitality expenditures: Section 33 was found in evidence for all 10 sample items tested during the audit.

Conference expenditures: Section 33 was found in evidence for all 10 sample items tested during the audit.

4.1.4 Compliance

Cardholder acknowledgement of responsibility: The Acquisition Card Policy (effective April 1, 2010) requires a written acknowledgement stating the cardholder's understanding of, and agreement to, the responsibilities and restrictions placed on acquisition card usage (section 6.1). These signed acknowledgement documents must be retained on file by the Regional (or Headquarters) Acquisition Card Coordinator. In reviewing the transaction sample, we noted that up-to-date acknowledgement statements were only available for 22 of the 30 cardholders assessed (four (4) not available in Headquarters and four (4) not available in Regions).

Compliance with the Travel Directive: In addition to the testing of internal controls, the audit assessed the compliance of all 50 travel claims with the National Joint Council Travel Directive. Specifically, the audit reviewed the following details for compliance, as applicable to the sample item selected: class of car rental; nightly accommodations rate; kilometric rates; per diem rates; foreign exchange rates; and, accounting for travel advance payments. No exceptions were noted in the 50 sample items reviewed.

4.1.5 Taxi Expenditures and ARI Fleet Cards

Taxi expenditures: Taxi chit use is primarily found in the National Capital Region (NCR) where the Department has multiple office locations. In reviewing taxi chit transactions, it was noted that almost 95% of taxi chit expenditures occurred in the NCR (approximately $430,000 in 2010-11). In regions where there is often only one regional office, taxi chit expenditures were much lower. For the period under review, regional office expenditures on taxi chits ranged from $3,000 to $10,000 annually per region.

The process followed across NCR and regions differs somewhat, however, each reportedly completes a detail review pursuant to Section 34 to pay invoices received from taxi companies. The audit noted that in the NCR, taxi chits are managed centrally by the Corporate Accounting and Reporting Directorate of the CFO Sector. As invoices are received, there is a detail review of each taxi chit to ensure it was used by a departmental employee (marked with an AANDC stamp on the back) and the total of the invoice is verified.

ARI fleet cards: The Assets and Environmental Management Section of the CFO Sector serves as the Department's functional authority on fleet management and the use of ARI cards. Annual expenditures for the Department in 2010-11 were reported to total $450,165. The audit obtained ARI Fleet billing reports electronically for the period April 1, 2009 through June 30, 2011 and noted total expenditures of approximately $1.1M and a total capital cost of $79.9M.

The majority of fleet vehicles are located in AANDC's Saskatchewan and Northwest Territories (NT) regions where fleet vehicle use is driven by environmental factors (NT Region) and the proximity of the office to client sites (Saskatchewan Region). There are only two fleet vehicles located at Headquarters.

The audit noted that based on detailed transaction information provided, almost 70% of expenditures over the period October 2010 through October 2011 were incurred in Saskatchewan and NT.The audit reviewed the process for administering and monitoring the use of ARI fleet cards in both Saskatchewan and NT. There are a number of controls reportedly in place to administer the use of the ARI fleet cards, which include: reconciling monthly ARI invoices against employee receipts; requiring garages to notify ARI and the AANDC regional fleet manager in advance of a repair; and maintaining a log book for each fleet vehicle to document who used the vehicle, for what purpose, and to which location(s).

Recommendation

1. The Chief Financial Officer should communicate the delegation of authority requirements to reinforce responsibilities to exercise DOA and ensure evidence is maintained to demonstrate compliance with authorities.

4.2 Monitoring and Oversight

Acquisition and travel card expenditures: The audit team observed discrepancies between the level of training and awareness provided to cardholders to advise them of their responsibilities. It was noted that all acquisition cardholders receive training on card use and exercising their delegated authority (Section 32) prior to card issuance, as required by the Acquisition Card Policy. The audit did not observe any training requirements for AMEX cardholders, who do not have Section 32 authority over their expenditures.

Monitoring is conducted on a monthly basis by the National Acquisition Card Coordinator and the National American Express (AMEX) Coordinator at the corporate level and by Regional Card Coordinators at the regional level through on-line reports made available by the Department's card service providers (e.g. Bank of Montreal and American Express).

The National Acquisition Card Coordinator reviews the monthly transactions of all active cards for unusual merchant numbers, dollar amounts and transaction types (e.g. hotel and spa charges). The National AMEX Card Coordinator noted that reports for travel cards are also prepared on a monthly basis. These reports are then distributed to each of the regional coordinators for review and follow-up.

The level of monitoring and follow-up procedures was noted to vary considerably across regions. While there is a Acquisition Card Policy in effect at the Department (April 1, 2010) that outlines the monitoring expectations for acquisition card coordinators, no such policy or documented procedures exist to communicate the roles and responsibilities of National and Regional AMEX Coordinators for monitoring transactions. During interviews, it was noted that while a policy has been drafted for travel cards, it is not up-to-date and has yet to be formally published.

Conferences: The monitoring of conference expenditures at the corporate level is performed by the Resource Management and Financial Advisory Services group of the CFO Sector. On a monthly basis a report is produced and used by Financial Management Advisors assigned to each Headquarters functional area to monitor the expenditures for travel, hospitality and conference. The Director Resource Management and Financial Services indicated that this monitoring is conducted to help promote the achievement of the Department's targeted reduction in spending in these areas, from $29.29M in 2011-12 to $28.3M for the 2012-13 fiscal year.

Data Analytics: The audit team obtained detailed transaction files for both BMO acquisition cards and AMEX travel cards for a portion of the period under review [Note 8] The audit used IDEA software to run a limited number of routines [Note 9] against the transaction files to identify unauthorized vendors that should not be included (e.g. liquor stores or big box retailers); cash withdrawals (that may be made for purposes other than travel); weekend transactions; and, transportation charges on acquisition cards (which should be made on AMEX travel cards). The audit team noted a number of transactions that may (or likely) have related to personal use transactions instead of travel and has informed the CFO Sector that it should conduct a thorough review of historical transaction data to ascertain the extent to which individual travel cards are being used for personal use transactions. Going forward, these transactions would be more readily identified with the implementation of a more formalized and rigorous monitoring framework that utilizes technology to highlight transaction requiring follow-up.

Recommendations

2. The Chief Financial Officer should complete and communicate the policy related to the use of individual designated travel cards (American Express cards). This policy should outline the roles and responsibilities governing card issuance, monitoring and reporting, consequences for card misuse, and the requirement for training to help ensure cardholders understand the policy.

3. The Chief Financial Officer should implement more formalized monitoring framework to effectively track, follow-up and take appropriate action against all cardholders (acquisition cards, travel cards and ARI cards) who are not in compliance with the respective policy. Such a monitoring framework should be documented, risk based, [Note 10] and should include clear roles and responsibilities. This process should also take advantage of technology tools (e.g. IDEA, ACL, etc.) that can help identify potential problem or unauthorized charges from the entire population. The use of technology would enable a more efficient and effective monitoring program that can identify and resolve issues before they become larger, more complex problems.

4.3 Opportunities for Efficiencies

During the course of the audit, the audit team observed opportunities in the areas of taxi chit monitoring and acquisition card monitoring for increased efficiencies.

Taxi chit monitoring: The audit noted the existence of a Microsoft Access database developed in-house to help track taxi chit booklets. Through interviews with staff, it was found that this database as not functioning properly and was not supported by the departmental IT group. It was also noted that the database has not been updated since the June 2011 due to excess workload and the lack of perceived benefits of the database given its current functionality. The CFO Sector indicated they would assess the merits of fixing the database, replacing it or removing it from the process entirely after considering the value it brings to the overall monitoring framework for taxi chits.

Acquisition card payments: The audit noted that the National Acquisition Card Coordinator tracks the amount of rebate earned by the Department for the use of the BMO and VISA credits cards. The Department can receive rebates of between 1.08% and 1.44%, depending on the volume of transactions and the timeliness of the payments. The Coordinator noted that the Department has not been able to take advantage of higher rebates (currently at 1.08% on all transactions) as payments are decentralized and the time taken to pay acquisition card statements is longer than the days required to obtain a higher rebate. The Coordinator noted that many other departments have centralized the payment of acquisition cards and AANDC is considering moving to a centralized payment process to receive a higher rebate. In addition to higher rebates, centralized payments would also help to reduce interest charges associated with late payments.

 

 

5. Conclusion

The audit concluded that internal controls were in place and operating effectively over the audit period examined. Improvements in the exercise of FAA section 32 approvals for acquisition cardholders are needed.

Details supporting this conclusion are included in Appendix B Summary of Transaction Testing. The audit considered testing results as a "pass" if 80% or more of controls were operating effectively, "partial pass" if 60 to 80% were operating effectively and a "fail" if less than 60% were operating effectively. Section 32 resulted in a fail based on only 56% of the control tests operating effectively. Section 34 and 33 resulted in passes with 85% and 95% respectively of the control operating effectively. Based on the combined result of 79%, the finding that 2 out of the 3 control elements were found to be operating effectively, and the relative significance and isolated nature of the section 32 control failure, the audit concluded overall that the internal controls were operating effectively over the audit period examined.

The audit found compliance with the Travel Directive with the exception of the acquisition cardholder acknowledgement of responsibility which was available in less than 75% of the files reviewed.

The audit found that the management control framework in place for acquisition and travel card, hospitality, conferences, taxi chits and ARI fleet cards was generally effective and supporting processes are generally efficient; however, the travel card policy needs to be implemented as well as a more formalized monitoring framework.

 

 

6. Management Action Plan

Recommendations Management
Response / Actions
Responsible
Manager (Title)
Planned
Implementation
Date
1. The Chief Financial Officer should communicate the delegation of authority requirements to reinforce responsibilities to exercise DOA and ensure evidence is maintained to demonstrate compliance with authorities. To send out reminder to delegated managers regarding the requirements of the delegation of authority via e-mail and the Express. Chief Financial Officer

Director, CARD
June 15, 2012
2. The Chief Financial Officer should complete and communicate the policy related to the use of individual designated travel cards (American Express cards). This policy should outline the roles and responsibilities governing card issuance, monitoring and reporting, consequences for card misuse, and the requirement for training to help ensure cardholders understand the policy. The Draft Policy on Individual Designated Travel Card ( AMEX) is currently being reviewed and moving towards completion. The Policy will highlight the roles and responsibilities of both cardholders, card coordinators, RCMs and the role of the CFO.

Additionally, a mandatory training module will be created for all cardholders to complete before receiving their individual travel cards. A signed cardholder acknowledgement confirming completion of the training session will be required before cards can be issued.
Chief Financial Officer

A/Director MAM
July 1, 2012
3. The Chief Financial Officer should implement more formalized monitoring framework to effectively track, follow-up and take appropriate action against all cardholders (acquisition cards, travel cards and ARI cards) who are not in compliance with the respective policy. Such a monitoring framework should be documented, risk based, and should include clear roles and responsibilities. This process should also take advantage of technology tools (e.g. IDEA, ACL, etc.) that can help identify potential problem or unauthorized charges from the entire population. The use of technology would enable a more efficient and effective monitoring program that can identify and resolve issues before they become larger, more complex problems. Acquisition Cards:
Effective April 1, 2012, the National Coordinator will establish a database as a Protected B file in Excel to track any/all cardholders who are flagged due to non-compliant purchases. The database will ensure that the Department is able to closely monitor cardholder activities. Details such as cardholder name, name of the RCM to whom the cardholder reports to, nature of purchase, dollar value, date of purchase, actions taken, (warning, cancellation) etc will be tracked.

Additionally, the National Coordinator will create a database as a Protected B file in Excel (for personal use) to track all inquiries made to the regional coordinators and establish BF dates to follow up if requested clarifications are not provided (effective April 1, 2012).

Every 6 months, Regional Coordinators will be reminded of their responsibilities to report any instances of card misuse, card cancellations and issuance of new cards to the National Coordinator, as well as reviewing card transactions monthly.

Travel Cards:
Effective March 1, 2012, a database as a Protected B file in Excel has been established by the National Card Coordinator to track misuse of Travel Cards. If a purchase is perceived as being a misuse of the card, an e-mail to the cardholder with a copy to their RCM will be sent for clarification before a card is cancelled. Regional Coordinators are asked to provide information to the National Coordinator regarding card cancellation, the reason for the cancellation, warnings given, action taken and arrangements made to re-pay the debt via payroll deductions.

Effective April 1, 2012, the National Coordinator will run a monthly report of each cardholder to review for any transactions that require further investigation. These reports are to be sent to the Regional Coordinators highlighting the need for further investigation and follow up.

Every 6 months, the Regional Coordinators will be reminded of their responsibility to report all instances of card cancellation to the National Coordinator.

The National Coordinator will create a database as a Protected B file in Excel for personal use to track all inquiries made to the Regional Coordinators and establish BF dates for follow up in cases were clarifications were not received as requested (effective April 1, 2012).

Use of IDEA (software) will be implemented to facilitate easier monitoring of transactions for both AMEX and Departmental Acquisition Cards.

Additional internal controls such as the blocking of specific vendors for AMEX and Acquisition cards is currently being explored.
Chief Financial Officer

A/Director MAM
July 1, 2012
 

 

Appendix A: Audit Criteria

Audit Criteria
Internal Controls and Compliance – Section 32
1.1.1 Section 32 approval of commitment on behalf of the government to enter into a contractual or other arrangement. Card issuance only to individuals with Section 32 delegated authority.

Core Management Control Reference ST-7
1.1.2 Pre-approval for hospitality.
1.1.3 Pre-approval for conference.
Internal Controls and Compliance - Section 34
1.2.1 Section 34 approval for payment - payment is certified by the approver based on the goods or services received, terms of the contract or eligibility of the payee.

Core Management Control Reference ST-7, ST10
Internal Controls and Compliance - Section 33
1.3.1 Section 33 requisition for payment out of the consolidated revenue fund.

Core Management Control Reference ST-7, ST10
Internal Controls and Compliance - Compliance
1.4.1 Ensure individual(s) responsible for initiation of (FAA Section 32 - commitment) and/or approval for payment for (FAA Section 34) transactions are not the same individual responsible for payment (FAA Section 33 – requisition).

Core Management Control Reference ST13
1.4.2 Procurement less than $5,000 should be completed using an acquisition card (BMO) – There should not be any transactions in excess of $5,000 (IT may procure items up to $10,000).
1.4.3 Acquisition cards (BMO and VISA) to be used only for "day-to-day" expense items, not for large dollar purchases, complex transactions, fleet-related operating expenses, travel and capital assets.
1.4.4 Be used exclusively by the individual whose name appears on the card.
1.4.5 Limit is $25,000 plus GST/HST.
1.4.6 Provincial and Territorial sales tax is exempt from all acquisition card purchases (PEI and MB. HST is payable on goods/services received in NS, NB, NFLD, ON and BC.
1.4.7 All cardholders must sign an acknowledgement of responsibility.

Core Management Control Reference AC-2
1.4.8 There are a number of restricted purchase transactions
  • Monthly service or maintenance fees

  • Personal purchases

  • Cash advances

  • Gas, tires, or other associated with ARI (Automotive Resources International) cards

  • Meals, accommodations, relocation or other travel related expenses including airfare or other transportation

  • Printing services in excess of $1000

  • Hospitality expenses other than as per limits under the delegation of financial signing authority, column 10.
Internal Controls and Compliance – Taxi Expenditures and ARI Fleet Cards
1.5.1 Headquarters manages the taxi chit booklets for the national capital region. Booklets have 25 individual taxi chits. The serial number from each booklet is maintained in a database. Annual spend is approximately $350,000. Each Admin RCM monitors the use of the taxi chits. There are three copies for each chit. The white copy stays in the book, the cardboard copy is submitted by the taxi company to the department for payment, and the yellow copy is sent to the taxi chit coordinator for the NCR. All chits are stamped by AANDC. If the taxi company submits a chit with no stamp, it is not paid for by the department.

Core Management Control Reference ST-14
1.5.2 The unused booklets are maintained by the Coordinator and are secured in a locked cabinet.
1.5.3 Consideration will be made to conduct data analytics (where possible) of the following as noted by AES during the planning phase:
  • Taxi travel outside Region.
1.5.4 ARI is the service provider who helps administer the fleet cards issued. Saskatchewan and Northwest Territories are the two Regions with the most significant fleet being used.
Monitoring and Oversight
2.1 Using data analytics, look for instances of splitting to procure items greater than $5,000 using acquisition card, duplicate payments, and other typical routines. Consideration will be made to conduct data analytics (where possible) of the following as noted by AES during the planning phase:
  • Name on card same as user

  • Card limit not greater than $25,000

  • Restricted purchases

  • Days to make payment to take advantage of rebate, or late payment interest

  • Section 32 approval prior to date of travel, hospitality or conference

  • Timeliness of travel claim submission.
2.2 National Coordinator is responsible for monitoring and reporting for AC, i.e. to review that statements are paid on time and rebates are obtained from the issuing company. Payments should be made on time to avoid interest payments.
2.3 National American Express Coordinator is responsible for monitoring and reporting for Travel Cards ( AMEX).
2.4 Departmental AC Coordinator role and responsibility includes:
  • Conduct timely audit control procedures and report findings to the CFO (obtain the procedures and recent examples of findings reported).
2.5 Consideration will be made to conduct data analytics (where possible) of the following as noted by AES during the planning phase:
  • Section 32 approval prior to date of travel, hospitality or conference

  • Timeliness of travel claim submission.
2.6 Effective oversight mechanisms and controls are to be put in place to ensure that travel, hospitality and conferences are managed in an effective, efficient and economical manner. Likely to include:
  • Annual budget for each element (travel, hospitality and conferences)

  • Oversight, monitoring and reporting to the CFO and/or ADM

  • Planning for events and activities is done

  • Proposed travel, hospitality, conference supports departmental objectives priorities

  • Alternative means to reduce costs are considered (video conference, early booking, government facilities as first choice)

  • Expenditures are reviewed during the year vis a vis budgets and managers with financial authorities have access to timely reporting to monitor and make fiscally prudent decisions

Core Management Control Reference ST-1
 
 

 

Appendix B: Summary of Transaction Testing

The following table summarizes the results of the transaction testing for FAA Sections 32, 34 and 33.

AANDC Criteria for overall
Acquisition Cards, Travel, Hospitality and Conference Transactions   80 PASS
Summary of Transaction Testing to Support Audit Conclusion   60 80 PARTIAL
  under 60 FAIL
 
  HQ Regions  
Transaction
Type
FAA # Tested Pass Fail % Pass Pass Fail % Total
Pass (#)
Total
Pass
(%)
 
Travel 32 50 16 9 64% 18 7 72% 34 34%
AcqCard   30 2 13 13% 2 13 13% 4 4%
Hosp   10 4 1 80% 4 1 80% 8 8%
Conf   10 5 0 100% 5 0 100% 10 10%
OVERALL FAA 32 100             56 56%
                 
Travel 34 50 19 6 76% 19 6 76% 38 38%
AcqCard   30 15 0 100% 12 3 80% 27 27%
Hosp   10 5 0 100% 5 0 100% 10 10%
Conf   10 5 0 100% 5 0 100% 10 10%
OVERALL FAA 34 100             85 85%
                 
Travel 33 50 23 2 92% 24 1 96% 47 47%
AcqCard   30 14 1 93% 14 1 93% 28 28%
Hosp   10 5 0 100% 5 0 100% 10 10%
Conf   10 5 0 100% 5 0 100% 10 10%
OVERALL FAA 33 100             95 95%
 
OVERALL (S 32, 34 & 33) 79%
Overall result is 79% however considering Section 34 and 33 resulted in a PASS, conclusion is PASS overall  
 

 

Footnotes:

  1. The scope of acquisition cards testing included BMO MasterCard and VISA, which are used for procurement of items less than $5,000, primarily by Administrative Officers. The audit also looked at AMEX credit card used for travel as well as ARI fleet cards which are used for fleet vehicles for the purchase of gas and maintenance of fleet vehicles. (return to source paragraph)
  2. A risk-based approach to monitoring would consider past experiences to identify areas to monitor in addition to the policy requirements in place. This could include, for example, focusing on certain cardholders, regions, or transaction types that have been noted to be problematic in the past. The audit noted for example, that one region accounts for more than half of the delinquent payments that give rise to the payment of interest for VISA cards. (return to source paragraph)
  3. Excludes procurement of large dollar purchases (above $5,000), complex transactions, fleet-related operating expenses, travel and capital assets. (return to source paragraph)
  4. This definition is based on the object of expenditure 0823 - Conference Fees of the Receiver General Chart of Accounts. (return to source paragraph)
  5. As defined by the Treasury Board Directive on the Management of Expenditures on Travel, Hospitality and Conferences. (return to source paragraph)
  6. Unauthorized charges are charges or cash withdrawals against a travel card or account not related to government travel, or made by someone other than the cardholder or authorized person, or are not in accordance with the requirements and policies issued by the Treasury Board and the appropriate department. (return to source paragraph)
  7. For the purposes of this engagement, appropriateness is defined as an authorized charge. That is, a charge made on an acquisition, travel, hospitality, conference or taxi account that is related to government travel, made by the cardholder or authorized person, and in accordance with the requirements and policies issued by the Treasury Board and AANDC. (return to source paragraph)
  8. AMEX data file was received for the period September 25, 2009 to June 30, 2011. BMO data file was received for the period April 1, 2010 through January 27, 2012. (return to source paragraph)
  9. Routines are automated processes used by data analysis software to group and sort large volumes of data based on certain characteristics. (return to source paragraph)

  10. A risk-based approach to monitoring would consider past experiences to identify areas to monitor in addition to the policy requirements in place. This could include, for example, focusing on certain cardholders, regions, or transaction types that have been noted to be problematic in the past. The audit noted for example, that one region accounts for more than half of the delinquent payments that give rise to the payment of interest for VISA cards. (return to source paragraph)

 
 
Date modified: