Management Practices Audit of the Chief Financial Officer (CFO) Sector

Notice

This website will change as a result of the dissolution of Indigenous and Northern Affairs Canada, the creation of Indigenous Services Canada and the eventual creation of Crown-Indigenous Relations and Northern Affairs Canada. During this transformation, you may also wish to consult the updated Indigenous and Northern Affairs home page.

Date : April 2013
Project No.12-15

PDF Version (191 Kb, 33 Pages)

Table of contents

Acronyms

AANDC
Aboriginal Affairs and Northern Development Canada
AES
Audit and Evaluation Sector
AVF
Account Verification Framework
BMU
Business Management Unit
CAMM
Corporate Accounting and Materiel Management
CFO
Chief Financial Officer
CIDM
Comprehensive Integrated Document Management
CIO
Chief Information Officer
CSA
Control Self-Assessment
DG
Director General
DRAP
Deficit Reduction Action Plan
ETD
Electronic Telephone Directory
FAA
Financial Administration Act
FMA
Financial Management Advisor
FMC
Financial Management Committee
FNITP
First Nations and Inuit Transfer Payments
FTE
Full Time Equivalent
GCIMS
Grants and Contributions Information Management System
HR
Human Resources
HRMS
Human Resources Management System
IM
Information Management
IMB
Information Management Branch
IT
Information Technology
MAF
Management Accountability Framework
MOU
Memorandum of Understanding
MPA
Management Practices Audit
MPR
Management Practices Review
NCR
National Capital Region
PRM
Planning and Resource Management
SSC
Shared Services Canada

Executive Summary

Background

The Chief Financial Officer Sector ('CFO Sector' or 'the Sector') is one of Aboriginal Affairs and Northern Development Canada's (AANDC) nine sectors and is responsible for managing:

  • Departmental finances and resources;
  • Information Management (IM) and Information Technology (IT); and,
  • Departmental assets, materiel and procurement.

The Chief Financial Officer, as the head of the CFO Sector, is accountable to the Deputy Minister for ensuring that the required frameworks are in place and are promoting compliance with AANDC's delegated authorities and internal controls.

The CFO Sector had a budget of $82.9 M and expenditures of $75.9 M in 2011-12. Following the transition of some IT resources to Shared Services Canada (SSC), the Sector's budget for 2012-13 was $64.8 M. The Sector's expenditure forecast for 2012-13 was $63.2 M as of October 2012. The CFO Sector consists of 445 Full Time Equivalents (FTE) across four distinct branches:

  • Planning and Resource Management (PRM);
  • Corporate Accounting and Materiel Management (CAMM);
  • Business Management Unit (BMU); and,
  • Information Management Branch (IMB).

On February 22, 2012, the Deputy Minister approved AANDC's 2012-13 to 2014-15 Risk-Based Audit Plan, which included a Management Practices Audit (MPA) of the CFO Sector. This MPA was initiated by the Audit and Evaluation Sector (AES) in November 2012.

Audit Objective and Scope

The objective of the audit was to provide senior management with assurance over the adequacy and effectiveness of a selection of high-risk / high-priority management controls and activities in place to support the achievement of CFO Sector objectives.

The audit objective was supported by detailed audit criteria developed and aligned with Treasury Board of Canada Secretariat's Audit Criteria related to the Management Accountability Framework: A Tool for Internal Auditors (March 2011).

The scope of the audit covered the following six high-risk / high-priority management controls, as identified through a Control Self-Assessment (CSA) workshop and interviews with senior management from the CFO Sector:

  • Management and Oversight Bodies;
  • Operational Objective-Setting and Planning;
  • Client-Centered Service;
  • Budgeting and Forecasting;
  • Transaction Processing, Monitoring and Reporting; and,
  • Accountability.

Previous audit and review findings, a review of departmental priorities, and planned future audit work were also taken into consideration when determining the audit scope.

The audit scope did not include the role and involvement of the CFO Sector in departmental strategic initiatives. The audit was performed at Headquarters from November 2012 to March 2013 and consisted of interviews, document reviews, process walk-throughs, testing and data analytics. Testing covered the period from April 1, 2011 to September 30, 2012.

The CFO Sector and more broadly, the Department, is undergoing significant change, making the internal control framework even more critical. Specifically, AANDC and Health Canada are moving to a shared financial management system (SAP) and a shared transfer payments system (Grants and Contributions Information Management System or "GCIMS"). In addition, the CFO Sector has recently led the consolidation of accounting and procurement functions to centers of excellence ("hubs") in support of the Deficit Reduction Action Plan (DRAP). The hubs went live in September 2012, earlier than originally planned (January 2013), with hub transitions still underway while this audit was being performed. While the audit scope did not include assessing these change initiatives, the audit results are intended to inform and improve the transformation efforts. The design and operation of key processes and controls in transition as part of the hub consolidation effort were not examined as part of this audit.

Statement of Conformance

The Management Practices Audit of the CFO Sector conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

Observed Strengths

The following strengths, organized by the six management controls in scope, were observed in the CFO Sector:
  • Management and Oversight Bodies: Oversight structures are in place to govern large initiatives, ongoing operations and resource management. The Sector also conducted a risk assessment exercise that was integrated into its 2012-13 business planning process.
  • Operational Objective-setting and Planning: Representatives interviewed described having a clear understanding of the operational objectives for the delivery of core Sector business. A formalized process to report on progress against objectives was observed.
  • Client-centered Service: Multiple new initiatives are consistent with leading practices, including IT funding agreements, paperless processes, and a clear understanding within the Sector of the objectives for the newly implemented hubs.
  • Budgeting and Forecasting:The budgeting and forecasting process is well defined and enabled through Financial Management Advisors (FMA).
  • Transaction Processing, Monitoring and Reporting: The new hubs are enforcing more consistent processing of accounting and procurement transactions.
  • Accountability: Despite a significant Sector reorganization, interviewees reported having a clear understanding of their own operational accountabilities.

Conclusion

Generally, management practices were found to be effective and adequate. Some areas for improvement were noted to strengthen management practices in the following areas: management and oversight bodies; operational objective-setting and planning; client-centered service; budgeting and forecasting; transaction processing, monitoring and reporting; and, accountability.

Recommendations

The audit team identified areas where management practices and processes could be improved, resulting in six recommendations, as follows:

  1. The Chief Financial Officer should ensure that a consolidated, integrated view of the governance structures in place within the Sector, including the information flows between these structures, is established. As part of this exercise, the Chief Financial Officer should ensure that: an approach to including the newly created hubs is considered in the Sector's governance structure; terms of reference are defined and available for oversight bodies and assess whether there is any redundancy between committees and meetings; and, key decisions / meeting minutes are consistently recorded to enforce accountability and enable knowledge sharing.
  2. The Chief Financial Officer should ensure that business planning processes continue to be documented and that greater alignment of the business planning documentation produced by the Sector is maintained. To enforce consistency, the Chief Financial Officer should ensure that the number of tools and documents produced is rationalized and that outdated documents are decommissioned to avoid creating confusion. In addition, the Chief Financial Officer should ensure that information management (IM) strategic and operational plans are strengthened, finalized and implemented.
  3. The Chief Financial Officer should ensure that a client-centered view of defining, measuring and reporting on performance across procurement, accounting and IT services, is established and sufficient tracking tools exist to support effective reporting. The Chief Financial Officer should also ensure that IM process solutions are strengthened to better support and enable workflows, including transaction processing in the hubs.
  4. The Chief Financial Officer should ensure that a defined solution for the SAP implementation that enables a more secure and efficient budget allocation process than the existing Excel solution is established. In the interim, the Chief Financial Officer should ensure that mitigating measures to protect the integrity of initial budget allocations performed in Excel are established.
  5. The Chief Financial Officer should ensure that the following issues related to transaction processing, monitoring and reporting are addressed:
    • Section 33 cash validation: Ensure the plans for SAP address the existing s.33 cash validation control gap and implement manual monitoring to mitigate interim risk in advance of the SAP implementation.
    • Post-verification: Closely monitor transactions with significant error rates, particularly salary transactions, and ensure that a decrease in the post-verification error rates is observed to within the Department's tolerable error rate. In addition, implement a quality control to periodically validate the integrity of the post-verification process.
    • Information management solutions: Establish a system of record for procurement documents that can be accessed by all parties that require access (including procurement hubs, accounting hubs and internal clients initiating the transaction).
  6. The Chief Financial Officer should ensure that the CFO intranet site is strengthened and maintained or that outdated, inconsistent information is removed to avoid confusion. The Chief Financial Officer should also ensure that a documented and widely accessible organizational structure is established to ensure accountability structures are communicated, accessible and understood. Finally, the Chief Financial Officer should ensure that the management spans of control within IMB are reviewed and should confirm that they are sufficient to allow the Branch to meet AANDC's strategic needs and demands. Any decisions should take into consideration the evolving role of Shared Services Canada.

The stronger the existing control framework, the better positioned the Sector will be for the transformation to SAP. While many issues identified in the audit are expected by the Sector to be addressed with SAP, it is important the issues be properly managed in advance, with a clear understanding of how SAP is designed to address them. Similarly, IM should be prioritized as part of the transformation efforts to avoid the potential for IM process inefficiencies following implementation.

The Sector has developed several leading practices and led a transition that is enforcing greater consistency and process integrity. Further strengthening the Sector's control framework will better prepare the Department for the transformation initiatives already underway and demonstrate its successes to the Sector's client base.

1. Background

1.1 Management Practices Initiative

The Audit and Evaluation Sector (AES) conducted twenty (20) Management Practices Reviews (MPRs) between 2007 and 2010 as part of a Department-wide initiative to assess the relative strength of regional and sector management practices. Following the completion of that first round of MPRs, the Deputy Minister and the Department's Audit Committee recommended that a summary report be prepared to highlight the strengths and weaknesses of the MPR process and to make a recommendation on whether the Management Practices Initiative should be continued. As a result of the analysis, a second round of management practices engagements, using a revised approach, was approved.

Under the revised approach, which was designed to provide departmental management with an audit level of assurance, management practices engagements were to be conducted in two phases: a Control Self-Assessment (CSA) workshop and a limited-scope audit. Based on the feedback received from the CSA as well as the results of previous audits and reviews, and a review of departmental priorities, a limited number of management practices were to be selected for inclusion in an audit.

To date, AES has completed Management Practices Audits (MPA) of all ten regions and one sector. An additional three MPAs, including the Management Practices Audit of the Chief Financial Officer Sector ('CFO Sector' or 'the Sector'), were identified in AANDC's 2012-13 to 2014-15 Risk-Based Audit Plan, approved by the Deputy Minister on February 22, 2012.

In November 2012, AES initiated the MPA of the CFO Sector. The decision to complete an MPA of the CFO Sector was based on the results of an Audit and Assurance Services Branch prioritization exercise that considered the impact and significance of previous engagement findings, the length of time since the completion of the last MPR, and the degree of organizational and senior management change over the past three years.

AES previously conducted an MPR of the CFO Sector in 2009, which included interviews, a documentation review and a review of random samples of human resources and contracting files from the 2008-2009 fiscal year. This 2012-13 MPA was designed to examine a selection of core management controls.

1.2 Control Self-Assessment

The CSA workshop is a venue through which AES gathers participants' opinions on the importance, efficiency, and effectiveness of key management practices. Specifically, their views on how well each of their key management practices is functioning to support achievement of the Sector's objectives are discussed. The CSA workshop was facilitated by an independent third-party, and was designed to allow for maximum discussion, with anonymous voting technology used to encourage open and honest feedback.

As a result of the CSA workshop discussions, preliminary interviews, and the review of previous engagement findings, AES identified six key areas of potential high-risk / high-priority that required further analysis.

1.3 CFO Sector

The CFO Sector is one of Aboriginal Affairs and Northern Development Canada's (AANDC) nine sectors. The CFO Sector is responsible for managing:

  • Departmental finances and resources;
  • Information Management (IM) and Information Technology (IT); and,
  • Departmental assets, materiel and procurement.

The Chief Financial Officer, as the head of the CFO Sector, is accountable to the Deputy Minister for ensuring that the required frameworks are in place and are promoting compliance with AANDC's delegated authorities and internal controls.

The CFO Sector had a budget of $82.9 M and expenditures of $75.9 M in 2011-12. Following the transition of some IT resources to Shared Services Canada (SSC), the Sector's budget for 2012-13 was $64.8 M. The Sector's expenditure forecast for 2012-13 was $63.2 M as of October 2012. The CFO Sector consists of 445 Full Time Equivalents and is organized according to the structure illustrated in Figure 1 below.

Figure 1 - CFO Sector organizational structure based on information as of March 20, 2013Footnote 1
CFO Sector organizational structure
Text description of figure 1 - CFO Sector organizational structure based on information as of March 20, 2013

Figure 1 illustrates the top three levels of the organizational chart of the Chief Financial Officer (CFO) Sector as at March 20, 2013.  For each position (or box) in the chart, the following three pieces of information are provided: the position title, the total number of positions that report to the given position and the total number of full-time equivalents (FTEs) filling positions that report to the given position. The CFO Sector is led by the CFO, under whom there are a total of 471 positions and 445 FTEs.

The second level of the chart depicts the four direct reports of the CFO: the Chief Information Officer (CIO), Information Management Branch (IMB), under whom there are a total of 245 positions and 228 FTEs; the Director General (DG), Corporate Accounting and Materiel Management (CAMM), under whom there are a total of 161 positions and 151 FTEs; the DG, Planning and Resource Management (PRM), under whom there are a total of 57 positions and 56 FTEs; and, the Manager, Business Management Unit (BMU), under whom there are a total of 6 positions and 6 FTEs.

The third level of the chart depicts director-level reports of the CFO Sector. The CIO, IMB has the following six director-level reports: the Director, Corporate Information Management, under whom there are a total of 92 positions and 84 FTEs; the Director, Application Development (1 of 2), under whom there are a total of 58 positions and 55 FTEs; the Director, Infrastructure/Operations, under whom there are a total of 47 positions and 43 FTEs; the Director, Application Development (2 of 2), under whom there are a total of 20 positions and 20 FTEs; the Senior Director, IM/IT Strategic Services, under whom there are a total of 15 positions and 14 FTEs; and, the Director, IT Security, under whom there are a total of 10 positions and 9 FTEs.

Also at the third level of the chart, reporting to the DG, CAMM are the following three director-level positions: the Director, Corporate Accounting and Reporting, under whom there are a total of 73 positions and 66 FTEs; the Senior Director, Transfer Payments Centre of Expertise, under whom there are a total of 38 positions and 37 FTEs; and, the Director, Materiel and Assets Management, under whom there are a total of 36 positions and 34 FTEs.

Additionally at the third level of the chart, reporting to the DG, PRM are the following two director-level positions: the Director, Resource Management, under whom there are a total of 39 positions and 39 FTEs; and, Director, Financial Planning, Analysis and Estimates, under whom there are a total of 16 positions and 16 FTEs.

Finally, there are no director-level positions identified in the chart that report to the Manager, BMU.

The CFO Sector and more broadly, the Department, is undergoing significant change, making the internal control framework even more critical to the Sector's and the Department's success in achieving strategic and operational objectives. Specifically, the Interdepartmental Shared Financial Services Initiative unit was established to manage AANDC's move to a common grants and contributions system with Health Canada. Under the plan, AANDC will adopt Health Canada's financial management system (SAP) and Health Canada will adopt AANDC's transfer payments system (Grants and Contributions Information Management System (GCIMS), formerly First Nations and Inuit Transfer Payment (FNITP) system).

In addition to the shared initiative with Health Canada, AANDC recently consolidated accounting and procurement functions to centers of excellence ("hubs") in the Department. Previously, these functions were decentralized to all regions. The CFO Sector led and managed this transformation initiative and the hubs went live in September 2012, several months in advance of the original launch date of January 2013. This centralization aims to reduce costs and increase efficiencies in support of the Deficit Reduction Action Plan (DRAP). The transition was still underway at the time of this report.

While the recent DRAP change initiatives such as the implementation of hubs occurred outside the scope of the audit, certain processes were reviewed and the audit results are intended to inform and improve the transformation efforts.

2. Audit Objectives and Scope

2.1 Audit Objective

The objective of the audit was to provide senior management with assurance over the adequacy and effectiveness of a selection of high-risk / high-priority management practices and activities in place to support the achievement of CFO Sector objectives.

The audit objective was supported by detailed audit criteria developed and aligned with Treasury Board of Canada Secretariat’s Audit Criteria related to the Management Accountability Framework: A Tool for Internal Auditors (March 2011).

2.2 Audit Scope

The audit examined management practices and activities considered to be areas of high risk and/or high priority to the Sector. The scope of the audit covered the following six high-risk / high-priority management practices, as identified through the CSA workshop and interviews with senior management from the CFO Sector:

  • Management and Oversight Bodies;
  • Operational Objective-setting and Planning;
  • Client-centered Service;
  • Budgeting and Forecasting;
  • Transaction Processing, Monitoring and Reporting; and,
  • Accountability.

Audit scoping considered where audit work was recently conducted and where future audit work is planned to avoid duplication of effort. Audit fieldwork was conducted in AANDC Headquarters. Testing covered the period from April 1, 2011 to September 30, 2012.

The audit scope excluded the implementation of transformation initiatives; however, the audit results are intended to improve change efforts. The design and operation of key processes and controls in transition as part of the hub consolidation effort were not examined as part of this audit; such processes and controls include pre-verification for high-risk transactions. The audit scope also did not include the role and involvement of the CFO Sector in departmental strategic initiatives.

As previously described, accounting and procurement hubs were implemented in September 2012 and the hub processes remained under development during the course of the audit. This management practices audit was neither designed nor intended to provide assurance over processes under development; nonetheless, we walked through key processes in the hubs to assess efficiency and effectiveness. We also performed data analytics on payment transactions from 2010-11 onward to reconcile payment amounts to invoice amounts in the financial system.

3. Approach and Methodology

The Management Practices Audit of the Chief Financial Officer Sector was conducted in accordance with the requirements of the Treasury Board of Canada Secretariat’s Policy on Internal Audit and followed the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing. The audit team examined sufficient, relevant evidence and obtained sufficient information to provide a reasonable level of assurance in support of the audit conclusion.

The principal audit techniques used included:

The approach used to address the audit objective included the development of audit criteria against which observations and conclusions were drawn. The audit criteria developed for this audit are included in Appendix A.

4. Conclusion

Generally, management practices were found to be effective and adequate. Some areas for improvement were noted to strengthen management practices in the following areas: management and oversight bodies; operational objective-setting and planning; client-centered service; budgeting and forecasting; transaction processing, monitoring and reporting; and, accountability.

5. Findings and Recommendations

Based on a combination of the evidence gathered through the examination of documentation, analysis and interviews, each audit criterion was assessed by the audit team and a conclusion for each audit criterion was determined. Where a significant difference between the audit criterion and the observed practice was found, the risk of the gap was evaluated and used to develop a conclusion and to provide recommendations for improvement.

Observations include both management practices considered to be strong as well as those requiring improvement. Accompanying the observations of management areas identified for improvement are recommendations for corrective actions.

5.1 Governance and Strategic Direction

5.1.1 Management and Oversight Bodies

Effective governance includes the decision-making process and the process by which decisions are implemented (or not implemented). To support good governance, it is important that management oversight structures and mechanisms are established and functioning, with clearly communicated mandates, and that these governance structures have a clear role and purpose.

To determine if effective management and oversight bodies for CFO Sector operations were established and functioning, the audit team assessed whether:

  • Governance committees were in place
  • Governance committees had terms of reference defined
  • Records of decision / meeting minutes were retained for committees in place
  • Recommendations from management action plans were tracked and addressed

We found several formal oversight bodies in place within the Sector to govern large initiatives, ongoing operations and strategic planning for the Sector. As examples, oversight bodies and committees were found to be in place for the following:

  • Departmental financial management;
  • Sector management;
  • Regional operations;
  • CFO Sector Human Resources (HR);
  • Debt write-off;
  • Business management knowledge sharing;
  • Projects and strategic initiatives;
  • IT architecture;
  • Grants and contributions;
  • Information governance; and,
  • Information technology stewardship.

Not all governance structures described by interviewees to be in place had terms of reference available for review. While we did not obtain a complete view of all the management meetings and oversight committees in the Sector, we were provided with terms of reference for 15 different governance structures. Similarly, we requested meeting minutes / records of decision for a sample of two governance structures. However, we were informed that one of the governance structures did not prepare such records. Records for the other structure were provided subsequent to the completion of the conduct phase of the audit.

While we found several management and oversight bodies exist, both horizontally and vertically within the Sector, we did not find evidence of a tool providing a consolidated, integrated view of how the governance structures integrate and support one another, with the exception of IMB governance bodies. The IMB has a documented view of how the various IMB oversight bodies relate to one another, the purpose of the bodies, and the calendar of meetings. This view allows for greater clarity, communication and rationalization of the meetings and committees, consistent with leading practices. Such a view was not found to be in place for the overall Sector.

A tool providing a complete view of the various committees and regular meetings in place would enable the Sector to identify areas of overlap (i.e. opportunities for greater efficiency), as well as to confirm appropriate risk coverage and alignment between governance bodies. For example, the information supporting one meeting may rely on the output from another meeting. Seeing the information flows between governance bodies and a calendar of all meetings could strengthen the framework and create new efficiencies by allowing management to identify gaps and / or areas of overlap across current governance structures.

We also found that a formalized risk assessment process had been undertaken by the Sector in 2012. This risk management exercise (termed "Integrated Performance and Risk Management Framework") aimed to "provide practical measures to support performance reporting and decision-making and also provide indicators for tracking the achievement of outcomes and managing risks". The exercise included a detailed logic model and aimed to support the Sector in addressing the significant transformations underway. The consideration for formal risk analyses during a time of significant change, as well as integrating these risk analyses within the objective reporting framework, is consistent with leading practices.

We confirmed that recommendations from management action plans prepared in response to previous AANDC internal audits were tracked by the Sector and reported on through CFO Sector quarterly reports.

For oversight bodies to be effective and enforce accountability for items discussed, records of decision can be an important control. In establishing a consolidated, integrated view of the oversight bodies, the documentation to support these structures should be defined and applied consistently.

Recommendation

1. The Chief Financial Officer should ensure that a consolidated, integrated view of the governance structures in place within the Sector, including the information flows between these structures, is established. As part of this exercise, the Chief Financial Officer should ensure that: an approach to including the newly created hubs is considered in the Sector's governance structure; terms of reference are defined and available for oversight bodies and assess whether there is any redundancy between committees and meetings; and, key decisions / meeting minutes are consistently recorded to enforce accountability and enable knowledge sharing.

5.1.2 Operational Objective-Setting and Planning

In support of an effective governance regime, an organization should have in place operational plans and objectives aimed at achieving its strategic objectives. In this regard, an organization first needs to clearly define and communicate its strategic direction and objectives, ensuring that they are aligned with its mandate. It should then establish operational plans and objectives aimed at achieving these strategic objectives.

To determine if the Sector had operational plans and objectives aimed at achieving its strategic objectives, the audit team assessed whether a clear process was in place to establish strategic priorities as well as operational objectives and plans. The audit team also assessed the alignment between operational objectives and plans and the strategic priorities.

Interviewees suggested that the CFO Sector is effective and focused in establishing operational objectives for the delivery of core business. For instance, interviews and other enquiries suggested that for the Sector's core business functions, such as IT and financial services, the operational objectives were clear, transparent and well understood.

We also found a process in place to report quarterly on progress against objectives articulated in the CFO business plan. Interviewees described a top-down process in place to establish the business plan, with feedback loops for bottom-up refinements. At the time of the audit, the business planning process in place for fiscal year 2012-13 was only in the process of being formally documented; nonetheless, it was relatively well understood by representatives interviewed.

Strategic priorities and how these priorities link to and inform operational objectives were less clearly understood. Without an in-depth understanding of priorities, management may not be sufficiently well-equipped to make resource allocation decisions; such decisions are even more critical in a time of fiscal constraint in which there are several demands on the Sector. While the Report on Plans and Priorities outlines the departmental priorities, we found limited understanding of the Sector's strategic priorities from interviewees, how these priorities should resolve competing pressures, and how the priorities set tactical, operational objectives.

During the course of the audit, the audit team was provided with two separate CFO business plans. In reviewing the first CFO business plan received, we found inconsistent methods of outlining priorities, and unclear links between the operational objectives detailed and the priorities defined up front. The link between strategic and operational objectives was difficult to understand from the document. Our observations were consistent with the challenge articulated in the control self assessment (CSA) and confirmed in interviews. A second, higher level business plan was provided by management in response to our questions and observations related to the lack of clarity in the first. We found this second plan to be much clearer. We also found that the Sector used the second business plan in communication of objectives to employees via an email. However, the less clear version of the plan was still in use, creating potential confusion. We were also informed that the Sector intended to post its 2012-13 business plan on its intranet site to be widely accessible to employees; however, the plan had not been posted as of March 2013.

We were informed that the business planning process has been evolving and that 2012-13 was especially challenging due to DRAP. We understand from interviewees that they expect the Sector to have greater clarity and alignment in future years between various planning tools and documents.

We also found opportunities to strengthen the IM objectives for the Department. During the time of the audit, an enterprise IM operational plan (or IM tactical plan) had not been developed by the IMB. AANDC's IM/IT strategy identified gaps in enterprise IM to be a top issue and we understand efforts have been initiated to address the gaps. We were also informed that MOUs for IM services between IMB and AANDC sectors do not exist.

As information is a critical asset for the Department and plays a central role in enabling the achievement of departmental objectives, we would have expected greater clarity on the desired future state for IM and the roadmap to get there. As described further in Sections 5.3 and 5.5, there are inefficiencies in how information is managed within the Sector and across the Department. Additionally, we noted significant opportunities to improve the Sector's intranet site, which can act as a centralized communication vehicle for events, Sector objectives and plan, organizational structures and other key information.

Recommendation

2. The Chief Financial Officer should ensure that business planning processes continue to be documented and that greater alignment of the business planning documentation produced by the Sector is maintained. To enforce consistency, the Chief Financial Officer should ensure that the number of tools and documents produced is rationalized and that outdated documents are decommissioned to avoid creating confusion. In addition, the Chief Financial Officer should ensure that information management (IM) strategic and operational plans are strengthened, finalized and implemented.

5.2 Client-Centered Service

5.2.1 Internal Client Service Standards

Effective client service is enabled by implementing, monitoring and managing client service standards. Service standards should accurately reflect service that clients are receiving, and client feedback should be solicited to accurately reflect value in services provided. The CFO Sector plays an important role in providing internal services to other AANDC sectors and business units within the Sector, including IM and IT , procurement and transaction processing.

While we found some service standards in place within the Sector, client-centered service was found to be the control area with the greatest opportunity for improvement. In particular, we found limited client-centered performance measurement across IM and IT , accounting, procurement and other Sector processes that serve clients. Specifically, we found few service standards and service level agreements across business units within the Sector. We also found limited evidence that feedback was solicited from clients to inform process design decisions.

5.2.1.1 IT Services

IMB has formalized its IT funding arrangements with internal clients, improving the Branch's financial control framework. We were informed that a memorandum of understanding (MOU) is now established with each sector, outlining what high-level IT services will be delivered by IMB for the Sector as well as the associated funding arrangement. Through a review of MOUs provided, we noted that, consistent with leading practices, a formalized funding specification with departmental sectors was in place.

We understand that IMB also maintains a service catalogue of the IT services available to the Department. We were informed by interviewees that the catalogue is outdated and currently under review by IMB. The Chief Information Officer confirmed to the audit team that the service catalogue is outdated and is not being used. It was also noted that the revised catalogue would place greater emphasis on client-centered service.

While the client relationships for IT have become more formalized, performance is not measured from a client standpoint. We found limited evidence of client-centered service standards for IT services. We also found that IMB was not aware of whether Shared Services Canada (SSC) was tracking service standards on AANDC's behalf.

We were informed of some informal channels for clients to express their concerns and satisfaction levels, including through discussions with IMB Customer Relationship Managers (CRM) assigned to each client group. While informal feedback loops may exist, no evidence was provided to assess if any client feedback is reported or documented to capture their input and how it is trending over time. Accordingly, we could not ascertain the level of service quality perceived by IMB clients through the existing service standards.

To continue the maturation process underway within IMB, client-centered service standards should be established with performance measures that consider both quantitative and qualitative measures of client service success.

5.2.1.2 Proposed Approach to Service Standards in Hubs

Timely processing of financial transactions is an important aspect of effective financial management and governance. Processing timeliness enables AANDC's sectors and regions to serve the Department's client base more effectively. The CFO Sector plays an even more critical role now in enabling such timeliness by providing direction to the newly formed accounting and procurement hubs. These hubs were implemented on an accelerated timeline, several months in advance of what we understand to be the originally intended go-live date. The Sector responded quickly and has been working to formalize business processes through documented workflows with revised service-level standards. Representatives interviewed had a consistent view of consolidation objectives, which included greater service efficiency and more consistent client service.

Similar to the lack of feedback solicited from clients on IT service performance, we found no evidence of feedback sought for accounting and procurement services (prior to implementation of the hubs as well as at the time of the audit). We understand procurement services managers are exploring the option of seeking client feedback through a survey once hubs have stabilized. However, we found no plans to seek feedback for accounting services. We also found no evidence to demonstrate that client-centered service standards for accounting processes have been, or will be, measured. While a post-verification service standard exists, it does not measure payment processing timeliness or performance from a client's perspective.

We found opportunities for improvement in how service standards are defined and measured in both the accounting and procurement hubs. We understand that service standards in the procurement hubs will be adjusted to measure a narrower scope of activities, which include only activities that are performed by the hubs themselves, rather than end-to-end processing times that reflect the full service that clients are receiving. Monitoring the intermediate steps that are only performed by the hubs, instead of monitoring the complete process, will not provide a full view of client services. While this approach provides a more accurate link between activities, performance and individuals accountable for performing the activities, it limits the view of how the end client is impacted. As a result, it becomes difficult to diagnose bottlenecks, identify synergies and opportunities for efficiency across activities, and incentive for organizational units to work together for the best interest of the client.

While a complete performance measurement framework may require a granular view of performance by activity, it is also essential to establish service standards that consider the end-to-end chain of activities that impact the client.

Client-centered service standards in hubs may be an important opportunity for improvement as the hubs are centralizing client services that were previously performed closer to the clients. These service standards should be designed to measure service delivery to the client. Intermediary steps (such as work steps or activities performed by other organizational units or departments) may require measurement to better understand performance and identify issues; however, there also needs to be an end-to-end measurement that is meaningful for clients served.

5.2.1.3 Reporting Against Existing Procurement Service Standards

Procurement service standards were implemented in 2012 and continue to be tracked within the procurement hub.

While having service standards defined is a leading practice, we found significant opportunities for improvement in how these performance metrics are measured and reported on. In particular, a key procurement service standard is the time between final contract signatures (i.e. Section 41 under the Financial Administration Act) and the transaction processing start date. The service standard is defined in business days for five types of contract requests. This standard is tracked using an Excel spreadsheet, which has given rise to data integrity challenges. In particular, we found that over 12% of the fields were inaccurate, displaying either a negative time differential between s.41 and fund allocation or a blank date field for a transaction processed. We were informed that these data integrity gaps result from operational challenges created by using Excel; specifically, only one person can access the spreadsheet at a time, increasing the likelihood that staff will not enter the necessary data fields as they process transactions.

Based on the data that remained (i.e. transactions with missing date fields or negative date differentials removed from the data set), we found high exceptionFootnote 2 rates by contract type based on the raw data. We found that less than two thirds of the requests met the service standards from a population of 2,000 procurement requests in 2012-13. For some contract types, we found that less than half of the requests met the standard. While a high exception rate may be expected in a time of significant change, the more significant observation noted by the audit team was how service standards were reported on.

Specifically, we found that the procurement performance reported by the NCR hub was unclear and inaccurate. The reports provided to us could not be reconciled against the analysis we performed on the raw data. In particular, the metric reported on is "average calendar days" per contract type; however, in calculating this metric from the raw data, we could not arrive at the same numbers reported. Further analysis suggested that the data integrity problems were impacting the rolled-up results. Through inquiry, we understood this variance was likely due to data changes made during the reporting process to address known data errors in the raw data spreadsheet. Interviewees described significant challenges in tracking service standards due to a lack of functionality in OASIS (the Department's financial system), specifically, a lack of data fields within the OASIS procurement module to capture the necessary information. However, interviewees noted that better measurements will be possible once the Department moves to SAP. The current solution relies on spreadsheets, lacking integrity and creating additional manual work.

We concluded that the data being tracked lacks integrity and is therefore being manually updated to arrive at reports on performance. The observations suggest that, even with service standards defined, the tools to track metrics are necessitating manual work, creating inefficiencies and resulting in unreliable reports.

5.2.1.4 Information Management Across Hubs

The accounting hub established a paperless process for payment processing. Unlike previous processes that relied on both paper and electronic records, with inconsistencies across regions, the centralized process is paperless and enforces central storage of electronic transaction records. In addition to supporting the federal Sustainable Development Strategy targets for greening government operations, a paperless approach also enforces a consistent system of record in support of process integrity and effectiveness.

The hubs are leveraging the Department's document management solution, the "Comprehensive Integrated Document Management (CIDM)" system, using defined naming conventions and standards. While leveraging the Department's supported tool for document management versus establishing other work-around systems is consistent with leading practice, the IM practices observed to work with the system are not effective. Specifically, we found ineffective document management procedures in place that are creating significant inefficiencies. As an example, both the accounting and procurement hubs had defined file naming conventions, but the conventions were not the same across the two hubs.

As described further in Section 4.5, document sharing across hubs is an essential activity for payment processing, but it is manually intensive for the Sector's clients due to a lack of a well designed document management process. The impact is a potential delay in payment processing due to manual work, in addition to increased workload on an already taxed workforce. Greater focus on integrating and embedding effective IM solutions within existing workflows should be applied to improve service delivery.

Recommendation

3. The Chief Financial Officer should ensure that a client-centered view of defining, measuring and reporting on performance across procurement, accounting and IT services, is established and sufficient tracking tools exist to support effective reporting. The Chief Financial Officer should also ensure that IM process solutions are strengthened to better support and enable workflows, including transaction processing in the hubs.

5.3 Stewardship

5.3.1 Budgeting and Forecasting

To assess the effectiveness of the departmental budgeting and forecasting process, we examined the process, roles and responsibilities for establishing the budgets and forecasts. We also examined the control framework to manage budget re-allocations and report against initial budget estimates.

We found the Sector has a defined budgeting and forecasting process, including documented timelines, milestones and procedures for:

  • Allocating funds;
  • Establishing budgets;
  • Forecasting and tracking actuals;
  • Reallocating funds as required;
  • Measuring performance; and,
  • Reporting on results.

Financial Management Advisors (FMA) work with internal clients to support the budgeting and forecasting process throughout the year. The FMAs take a risk-based approach in allocating time to their respective clients. This risk-based approach considers the complexity of budget expenditures and the budgeting experience of senior managers in the respective sectors and regions. In addition, we understand that the FMA / client assignment process was recently improved to consider file complexity, versus solely budget size. Interviewees also described how FMA morale has improved recently, increasing retention rates and knowledge of clients. These observations are consistent with leading practices for a sound budgeting and forecasting framework.

We also found specific opportunities for improvement in the allocations process. Currently, the funding allocation process relies on an Excel spreadsheet, internally referred to as the "Resource Allocation Management Database". We were informed that the spreadsheet was designed because of an Oracle OASIS system limitation that prevents sufficient agility to capture budget detail. The information stored in this Excel spreadsheet is critical to the Department; however, it is not maintained with the same controls as enterprise systems and databases. While the CIDM system is used to maintain a backup of the Excel tool, CIDM was not designed or intended to house financial systems or databases.

With the volume of manipulations applied to this spreadsheet on an ongoing basis, data integrity is at risk. Specifically, financial systems are normally designed with "key application controls" to enforce data integrity at the point of entry; however, we found a lack of evidence to demonstrate this Excel spreadsheet was designed in such a manner. To mitigate the risk associated with budget data errors, significant manual effort is devoted to maintaining the Excel tool and reconciling outputs. This manual work compensates for data integrity risks, including formula errors (the existence of which was identified during audit fieldwork). The Excel tool is over 60 megabytes in size with several pivot tables, which limits performance and increases the manual effort required for ongoing maintenance.

While we understand the existing need for a more agile funding allocation tool due to the Oracle OASIS system limitations, the current Excel spreadsheet solution represents a potential single point of failure that the Department should address in the transition to SAP with appropriate risk management measures in the interim. Establishing a better tool can also promote process efficiencies and reduce manual effort.

Recommendation

4. The Chief Financial Officer should ensure that a defined solution for the SAP implementation that enables a more secure and efficient budget allocation process than the existing Excel solution is established. In the interim, the Chief Financial Officer should ensure that mitigating measures to protect the integrity of initial budget allocations performed in Excel are established.

5.3.2 Transaction Processing, Monitoring and Reporting

Strong financial management and internal controls reinforce good stewardship of public funds and contribute to better decision making. It is important that transactions are recorded accurately, on a timely basis and in accordance with policy.

The audit team assessed whether appropriate financial coding, recording and monitoring of financial transactions was supporting complete, accurate, relevant and timely reporting that aligns with requirements. In particular, we assessed the monitoring and oversight of transaction processing in the accounting and procurement hubs for stabilized processes (e.g. those medium and low risk transactions that were transferred first to the accounting and procurement hubs). We also performed data analytics to assess duplicate payment risks and examined the existence of key controls under the Financial Administration Act (FAA).

The Sector has a defined account verification framework (AVF), including pre-verification and post-verification processes performed according to transaction risk level. We also observed a monitoring framework in place that examines the execution of key controls under the FAA, financial coding and completeness of supporting documentation. The implementation of hubs is establishing a consistent approach to processing, monitoring and reporting transactions Department-wide.

In addition to the strengths noted above, the audit noted the following control gaps that should be addressed:

  • Ineffective control to confirm cash level before payment in accordance with Section 33 (s.33) of the FAA: Accounting Operations relies on the financial system to prevent s.33 execution if cash levels are insufficient; however, as articulated in the Department's 2012-13 Corporate Management Regime document, this control is not automatically performed by the OASIS financial system. Interviewees from Resource Management noted that they are reliant on manual monitoring performed by Accounting Operations; however, we found no evidence that manual monitoring is being performed with the exception of monthly reconciliations to validate that grant authorities have not been exceeded.

    We were informed that the cash monitoring control problem is specific to OASIS and will be resolved when the Department moves to SAP. However, this control gap is significant and could result in a payment that exceeds the cash levels in the Department. Moreover, business units were reliant on others to mitigate the risk, yet we found that these views did not reconcile; this observation suggests that communication across business units should be strengthened.

    During the reporting phase of the audit, we were informed that management had established a plan to mitigate this risk. Specifically, the Sector implemented regular monitoring as of March 19, 2013 and that the Sector will be revising the Corporate Management Regime to reflect the monitoring changes and to establish the roles and responsibilities surrounding cash monitoring activities. We did not validate the mitigating measures implemented, nor did we examine potential risks associated with cash management in the Department.
  • Quality control not being performed on the post-verification process: Medium and low-risk transactions are post-verified on a sample basis in accordance with the AVF. While a checklist exists to enforce consistency in the post-verification process, a quality control over the process and completion of this checklist was not evidenced in all of the samples reviewed. In one of three checklist samples examined, an entire section had not been completed during the post-verification verification. As volumes increase, time pressures increase the risk of incomplete checklists and other errors being made in the post-verification process. While a review of each checklist may not be practical or warranted, a periodic quality control check should be conducted to confirm the integrity of the post-verification process, identify recurring issues and strengthen the control framework.
  • Error rates found through post-verification process exceed Departmental tolerance: The post-verification results are reported at Financial Management Committee (FMC) meetings and inform decisions made with respect to delegated authorities. The post-verification process validates the execution of key controls and the existence of supporting documentation for the transaction, in addition to payment and financial coding accuracy.

    The most recent post-payment error summary report (second quarter of 2012-13) found a year-to-date exception rate of 45% for salary payments and an exception rate of 11% for non-salary payments, both exceeding the Department's tolerable error rate of 5%. The Headquarters Region had the highest error rate at 85% for salary and 17% for non-salary payments. The stated error rates include those errors considered to be "critical" as well as those considered to be "classification" and "less critical" errors.

    The exception rates are significant and are likely a consequence of the transition to hubs and of increased volumes at National Headquarters. At the time of this audit, the post-verification process was months back-logged and results relevant to the hubs (i.e. after October 2012) were not available for review. While interviewees described an expectation that the hubs would reduce the error rate, evidence of a decrease in these significant error rates was not available at the time of the audit due to the monitoring back-log. During a time of significant change, and heightened inherent risk, more timely quality monitoring may be warranted. Given the significance of the error rates prior to hub implementation, a review of the post-verification process may be warranted in the interim to detect any significant issues during a time of transition and to avoid costly mitigating action downstream.
  • Bypassing of FNITP system to clear a suspense account: In performing data analytics, we noted one instance in which two transactions associated with the same invoice were entered into the OASIS financial system under two different "Invoice ID" numbers. Upon further analysis, we were informed that this anomaly was due to a payment reversal in the suspense account for a grant or contribution transaction being cleared manually through the OASIS financial system instead of FNITP. We do not consider this anomaly significant, and the payment was not material. Nonetheless, management should validate that the ability to bypass the grants and contribution system (previously FNITP, now GCIMS) has not led to other problems.
  • Challenges adapting to clients with more complex procurement portfolios: The hubs have adapted and responded to an accelerated timeline and are working to process significant volumes of procurement and accounting requests. We found that for some procurement portfolios, the payment processes require further refinement. For instance, we understand that the workflow design did not account for SECRET classified procurement documentation, which is applicable for some departmental business units. We also noted financial coding errors in OASIS during a walk-through. We were informed that financial coding errors have been occurring for some of the more complex portfolios, particularly when multiple financial codes are required for a single invoice. We understand that the financial coding risk is heightened by OASIS functionality that allows the user to roll prior financial coding information forward for efficiency in processing the payment. The financial coding errors for the majority of transactions can only be detected during the manual post-verification process.

    It will be important for the CFO Sector to work with its clients as the hub transition continues to understand the nature of their procurement portfolios and the associated financial coding structures for accounting transactions. These relationships will both strengthen the Sector's control framework and improve client relationships.

We also found significant IM deficiencies impairing the efficiency of transaction processing. In walking through the end-to-end transaction processing workflow, we found that the same documents are saved multiple times in CIDM through a time-consuming process. In some cases, these same documents are also saved in the financial system.

In addition to multiple copies saved in corporate systems, to save these documents in the financial system, users have designed work-arounds that create additional local copies on hard drives. The IM challenges lead to security gaps with local copies of Protected A and B information stored as well as emails that may contain Protected B information.

Due to the existence of many copies of the same procurement documents, we were unable to establish a well-defined system of record. Multiple hard copies and soft copies can exist. While we understood from interviewees that the imaged copies are considered to be the official records, we were informed that hard copies are maintained and sometimes needed for re-scanning when the images lack sufficient clarity for the post-verifiers to read. This lack of information governance creates both inefficiencies and a control weakness for the Sector.

Recommendation

5. The Chief Financial Officer should ensure that the following issues related to transaction processing, monitoring and reporting are addressed:

  • Section 33 cash validation: Ensure the plans for SAP address the existing s.33 cash validation control gap and implement manual monitoring to mitigate interim risk in advance of the SAP implementation.
  • Post-verification: Closely monitor transactions with significant error rates, particularly salary transactions, and ensure that a decrease in the post-verification error rates is observed to within the Department's tolerable error rate. In addition, implement a quality control to periodically validate the integrity of the post-verification process.
  • Information management solutions: Establish a system of record for procurement documents that can be accessed by all parties that require access (including procurement hubs, accounting hubs and internal clients initiating the transaction).

5.4 Accountability

5.4.1 Accountability

An organization should ensure that timely budgets and forecasts are developed at an appropriate level of detail through a rigorous process, with budgets allocated to responsibility centres in a timely manner. During the planning phase of the audit, the aspect of budget and forecasting identified as being the high risk was the timely distribution of grant and contribution program budgets to regional offices. As a result, the scope of the audit was designed to focus on the Sector's practices as they relate to the timely allocation of the targeted program funds to regional offices.

To assess the Sector's accountability structures and management spans of control, we examined whether organizational structures were documented, widely accessible to employees and up-to-date. We also examined and compared the management spans of control across organizational units within the Sector.

We found that the Sector has a well-defined organizational structure. While accountabilities for strategic initiatives and major projects were not within the scope of this audit, we found that quarterly reports define accountabilities for major objectives and priorities. We also found that the reporting relationships for individuals are housed in a central Human Resources Management System (HRMS), and linked to HR and staffing processes.

The CFO Sector intranet site includes a high-level organizational illustration of the Sector's main business units; however, the high-level organizational structure communicated on the site had not been updated to reflect organizational changes within the Sector. Specifically, the Sector intranet site available to employees was out of date following a significant reorganization in 2012. We found the Government Electronic Directory Services provided a more up-to-date view of the organizational structure within the CFO Sector, yet it is not intended to be used to communicate the Sector's organizational structure.

The audit team had difficulty obtaining detailed organizational charts for the Sector and its branches that demonstrated reporting relationships. Interviewees indicated that the AANDC Electronic Telephone Directory (ETD) is used to understand reporting relationships; however, we found the ETD to be out of date. We understand that an up-to-date organizational chart is difficult to obtain because the charts in HRMS contain sensitive personal information and are not intended to be widely accessed. We were informed that it takes a significant amount of time to print / view an up-to-date organizational chart for the Sector due to limitations in AANDC's HRMS functionality. An updated organization chart was provided to the audit team following the completion of the conduct phase.

The reporting relationships were found to be understood through meetings and less formal methods of communication. While interviews indicated that people believed they understood their own operational accountabilities, a view of the Sector's organizational structure was not easily obtained. Because the official organizational chart in HRMS is not widely accessible, and the intranet site is out of date, employees' understanding of reporting relationships are dependent on people's concerted efforts to articulate the organizational structure through meetings and other communication mechanisms.

The audit observations suggest that the communication needs of the Sector are not supported with effective tools, creating challenges for employees and leading to inefficiencies. An improved intranet site and user-friendly organizational chart would enable greater efficiencies and reduce inconsistent information, supporting management's efforts to communicate change through meetings, emails and documentation.

IMB has a significantly greater number of employees to manage than the Sector's other organizational units, even after infrastructural resources were moved to Shared Services Canada (SSC). Specifically, IMB has 50% more positions than Corporate Accounting and Material Management (CAMM), the next largest organizational unit reporting to the CFO. There are six directors in IMB, which is double the amount in any other organizational unit, with a broad mandate. See Figure 1 in Section 1.3 for a diagram of the Sector's organizational structure.

While the spans of control may be expected to be wider in IMB due to the different operating model for IT service delivery, we could not confirm whether the spans of control within IMB are appropriate, especially with the number of strategic initiatives and priorities demanding IMB resources. Given upcoming transformation initiatives and increasing complexity of IM as data volumes increase, IMB's role has become more strategic for the Department and is critical to enabling success in the ongoing consolidations and conversions.

Recommendation

6. The Chief Financial Officer should ensure that the CFO intranet site is strengthened and maintained or that outdated, inconsistent information is removed to avoid confusion. The Chief Financial Officer should also ensure that a documented and widely accessible organizational structure is established to ensure accountability structures are communicated, accessible and understood. Finally, the Chief Financial Officer should ensure that the management spans of control within IMB are reviewed and should confirm that they are sufficient to allow the Branch to meet AANDC's strategic needs and demands. Any decisions should take into consideration the evolving role of Shared Services Canada.

6. Management Action Plan

Recommendations Management Response/Actions Responsible Manager (Title) Planned Implementation Date
1. The Chief Financial Officer should ensure that a consolidated, integrated view of the governance structures in place within the Sector, including the information flows between these structures, is established. As part of this exercise, the Chief Financial Officer should ensure that: an approach to including the newly created hubs is considered in the Sector’s governance structure; terms of reference are defined and available for oversight bodies and assess whether there is any redundancy between committees and meetings; and, key decisions / meeting minutes are consistently recorded to enforce accountability and enable knowledge sharing. The CFO Management Committee will review the list of CFO governance structures in place within the sector by October 2013. The CFO Management Committee will also prepare guidance as to what is expected to be in place for each governance body (e.g. Terms of Reference, action items and where these documents will be located, etc) by end of 2013.

The NCR Hubs are now part of the organization charts and management regime in the Sector’s governance structure. Therefore, the CFO will ensure that both the Accounting and Procurement Hub are included in its governance structure (terms of reference will have been drafted and a meeting of oversight body will be organized in 2013-14.)
CFO Executive Team December 2013
2. The Chief Financial Officer should ensure that business planning processes continue to be documented and that greater alignment of the business planning documentation produced by the Sector is maintained. To enforce consistency, the Chief Financial Officer should ensure that the number of tools and documents produced is rationalized and that outdated documents are decommissioned to avoid creating confusion. In addition, the Chief Financial Officer should ensure that information management (IM) strategic and operational plans are strengthened, finalized and implemented. The CFO Sector will ensure that CIDM is used as the central repository for all documentation produced to ensure a greater alignment and consistency. Outdated version of the Sector’s Business plan, tools and documents will be decommissioned and will be archived in CIDM. Chief Financial Officer June 2013
In collaboration and alignment with functional leadership and guidance from IMB, the CFO will ensure that information management (IM) strategic and operational plans are strengthened, finalised and implemented to align with the departmental planning cycle. Chief Information Officer December 2013
3. The Chief Financial Officer should ensure that a client-centered view of defining, measuring and reporting on performance across procurement, accounting and IT services, is established and sufficient tracking tools exist to support effective reporting. The Chief Financial Officer should also ensure that IM process solutions are strengthened to better support and enable workflows, including transaction processing in the hubs. Service standards for accounting hubs have been communicated and available in the Department’s document repository system. Also, once TBS introduces standard performance measurement for Internal Services, the CFO will implement accordingly. CFO Executive Team October 2013 (depending on TBS implementation date)
In collaboration and alignment with functional leadership and guidance from IMB, CAMM will identify business requirements and investigate options for systems / tools / processes that meet business needs and IM/IT standards. Director General, Corporate

Accounting and Materiel Management (CAMM)
Chief Information Officer
April 2014
As we move to SAP and Procure-to-Pay, we will look to using those systems as a more reliable basis for tracking service delivery. Director General, CAMM April 2014
4. The Chief Financial Officer should ensure that a defined solution for the SAP implementation that enables a more secure and efficient budget allocation process than the existing Excel solution is established. In the interim, the Chief Financial Officer should ensure that mitigating measures to protect the integrity of initial budget allocations performed in Excel are established. The CFO will consult with other departments (mainly Health Canada), to explore the possibility and feasibility of implementing a solution within the SAP system by September 2013. Director General, Planning and Resource Management (PRM) September 2013
In the interim, to ensure the integrity of departmental initial budget allocations, we will review its current mitigating measures (such as reconciliation processes, manual review, formula checks, etc.) and adjust where appropriate. Director General, PRM July 2013
5. The Chief Financial Officer should ensure that the following issues related to transaction processing, monitoring and reporting are addressed:
  • Section 33 cash validation: Ensure the plans for SAP address the existing s.33 cash validation control gap and implement manual monitoring to mitigate interim risk in advance of the SAP implementation.
Section 33 cash validation:
As part of the SAP implementation, AANDC will be adopting the use of SAP's Payment Budget to record the cash budget allocated to the department which addresses the potential Section 33 validation controls.

In the interim, a manual report has been developed.
Director General, PRM April 2014







(completed)
Cash balance report – March 19, 2013
  • Post-verification:
    Closely monitor transactions with significant error rates, particularly salary transactions, and ensure that a decrease in the post-verification error rates is observed to within the Department’s tolerable error rate. In addition, implement a quality control to periodically validate the integrity of the post-verification process.
  • Post-audit verification:
    CFO will review its existing Account Verification and reporting regime and adopt a targeted approach to improve systemic or clustered error rates. Account verification processes will be reviewed to ensure integrity as risks or business processes change.
Director General, CAMM September 2013
  • Information management solutions:
    Establish a system of record for procurement documents that can be accessed by all parties that require access (including procurement hubs, accounting hubs and internal clients initiating the transaction).
Information Management Solutions: In collaboration and alignment with functional leadership and guidance from IMB, CAMM will identify business requirements and investigate options for systems / tools / processes that meet business needs and IM/IT standards. Chief Information Officer October 2013
6. The Chief Financial Officer should ensure that the CFO intranet site is strengthened and maintained or that outdated, inconsistent information is removed to avoid confusion. The Chief Financial Officer should also ensure that a documented and widely accessible organizational structure is established to ensure accountability structures are communicated, accessible and understood. Finally, the Chief Financial Officer should ensure that the management spans of control within IMB are reviewed and should confirm that they are sufficient to allow the Branch to meet AANDC’s strategic needs and demands. Any decisions should take into consideration the evolving role of Shared Services Canada. The CFO intranet site will be updated using TB Guideline and outdated or inconsistent information will be removed.

The CFO intranet site will include documents that will help to communicate accountability structures.
Chief Financial Officer November 2013
The CFO will assess the span of control within IMB to confirm its capacity to meet AANDC's Strategic needs and demands taking into consideration the evolving role of Shared Services Canada. As appropriate, the CFO will re-align IMB to ensure resources are aligned to provide maximum contributions to AANDC's Strategic needs and demands. Chief Information Officer October 2013

Appendix A: Audit Criteria

The audit objective is linked to audit criteria developed in alignment with Treasury Board of Canada Secretariat’s Audit Criteria related to the Management Accountability Framework: A Tool for Internal Auditors (March 2011). Additional audit criteria were developed to address specific risks identified in the planning phase.

Audit Criteria
1. Governance and Strategic Direction
1.1 Management and Oversight Bodies: Effective management and oversight bodies for CFO Sector operations are established and functioning.
1.1.1 Management roles and responsibilities are clearly defined for the Sector.
1.1.2 There are regular management meetings to discuss Sector progress and future initiatives.
1.1.3 Records of decision / meeting minutes are captured from management meetings.
1.1.4 Recommendations made in Management Action Plans are addressed, tracked and monitored.
1.1.5 Governance committees are in place.
1.2 Operational Objective-setting and Planning: The CFO Sector has in place operational plans and objectives aimed at achieving its strategic objectives.
1.2.1 There is a defined process for establishing Sector priorities / strategic objectives.
1.2.2 Sector priorities / strategic objectives are clearly defined and communicated.
1.2.3 Sector priorities / strategic objectives align to the AANDC RPP.
1.2.4 There is a clearly defined process for establishing Sector operational objectives.
1.2.5 Sector operational objectives are clearly defined and communicated.
1.2.6 Sector operational objectives align to the Sector priorities / strategic objectives.
1.2.7 There is a clearly defined process for establishing Sector operational plans.
1.2.8 Sector operational plans are clearly defined and communicated.
1.2.9 Sector operational plans align to operational objectives.
2. Client-centered Service
2.1 I nternal Client Service Standards: CFO Sector-provided services are client centered. Service standards are established and communicated. Service levels are managed, monitored and feedback is solicited from clients.
2.1.1 There are service standards in place for key services provided to clients that are external to the Sector (but internal to the Department).
2.1.2 These service standards are client-centered.
2.1.3 Performance against these service standards is communicated to management.
2.1.4 Service levels are monitored by management and actions are taken to remedy low service quality when needed.
2.1.5 Customer feedback is actively solicited from clients.
3. Stewardship
3.1 Budgeting and Forecasting: Timely budgets and forecasts are developed at an appropriate level of detail through a rigorous process, which includes challenge of resource allocation and reallocation decisions.
3.1.1 The budgeting and forecasting process is clearly defined.
3.1.2 Roles and responsibilities for the process are clearly defined.
3.1.3 Budgets and forecasts are completed in a timely manner.
3.1.4 Budgets and forecasts include an appropriate level of detail.
3.1.5 There are sufficient resources allocated to the budgeting and forecasting process.
3.2 Transaction Processing, Monitoring and Reporting: Coding, recording and monitoring of financial and human resources transactions support reporting that is complete, accurate, relevant, timely, appropriate, and aligned with requirements.
3.2.1 There is adequate monitoring and oversight of transaction processing.
3.2.2 Tolerances for acceptable error rates have been established.
3.2.3 The error rate of transactions processed are within the acceptable tolerances.
3.2.4 Key reports generated are relevant for management.
3.2.5 There are controls in place to enforce transaction accuracy and completeness.
3.2.6 Compliance to policies and regulations is monitored and enforced with key controls.
4. Accountability
4.1 Accountability: A clear and effective organizational structure is established, documented, up-to-date and widely communicated in the CFO Sector. Managerial spans of control are appropriate and interaction between senior management and operating management is frequent.
4.1.1 There is a clear organizational structure established and documented for the Sector.
4.1.2 The organizational structure is communicated to Sector employees.
4.1.3 There is a process to update the organizational structure on a timely basis as and when required.
4.1.4 There is regular communication between senior management and operating management.
4.1.5 Managerial oversight spans of control are clearly defined.
Date modified: