Guideline on Financial Management of Pay Administration

1. Date of issue

This guideline takes effect October 18, 2017 and was updated on September 1, 2020.

This guideline replaces the following Treasury Board policy instruments:

  • Pay Administration Control Framework Tool (October 1, 2009)
  • Guideline on Financial Management of Pay Administration (October 1, 2009)
  • Guideline on Common Financial Management Business Process 5.1 - Pay Administration (January 28, 2013)

2. Introduction

This guideline is to assist departments in implementing the financial management requirements described in the Policy on Financial Management.

The objectives of this guideline are to:

  • provide an overview of the end-to-end pay process and recommend procedures, controls and monitoring activities to be carried out by departments
  • define departments’ roles and responsibilities in relation to pay administration
  • provide linkages, where appropriate, to pay administration processes for which other organizations such as Public Services and Procurement Canada (PSPC) or the Office of the Chief Human Resources Officer (OCHRO) are responsible

This guideline is intended to help departments implement and exercise spending and financial authorities as described in the Directive on Delegation of Spending and Financial Authorities in the context of pay transactions.

PSPC is the pay administrator for the Government of Canada.Footnote 1 PSPC maintains the system used for processing pay (Phoenix) and manages the centralized pay processing centre (Pay Centre). All departments use Phoenix, but not all departments use the services of the Pay Centre. In addition, a department’s Human Resources Management SystemFootnote 2 (HRMS) may or may not be integrated with Phoenix. As a result, the departmental end-to-end processes will vary. A system overview of pay administration is provided in Appendix D of this guideline.

There are cases where a system other than Phoenix is used to administer pay. Most of the practices and controls included in this document apply in these situations as well.

Departments follow one of four pay administration models:

  1. Fully serviced by the Pay Centre: The department relies on the Pay Centre to process pay, and the departmental HRMS is integrated with Phoenix.
  2. Integration: The department does not use the Pay Centre, and the departmental HRMS is integrated with Phoenix.
  3. Direct entry: The department does not use the Pay Centre. The departmental HRMS is not integrated with Phoenix. Information is directly entered into each of the two systems.
  4. Web services: The department does not use the Pay Centre; the departmental HRMS, and potentially other departmental systems, interface with Phoenix.

In all four pay administration models, departments must follow the Financial Administration Act (FAA), specifically, section 32 (commitment authority), section 33 (payment authority) and section 34 (certification authority), and the associated Treasury Board policy instruments, including those listed in section 5.0 of this guideline.

The departmental controls and management practices to support compliance with the FAA will vary depending on the pay administration model used.

There are significant interdependencies between departments and PSPC. Departments rely on the effectiveness of the Phoenix system primarily for pay processing and time and labour reporting. Departments, specifically those that are fully serviced by PSPC, also rely on the effectiveness of Pay Centre activities and practices (including controls). Similarly, PSPC relies on the effectiveness of departmental activities and practices to ensure that information provided to Phoenix and the Pay Centre, where applicable, is valid, timely, complete and accurate. When a department relies on the Pay Centre or Phoenix to perform certain controls, the department is not expected to repeat these controls.

The following roles within departments are responsible for performing key activities in the pay process:

  • Compensation: supports the establishment of pay entitlements and deductions and the calculation of pay amounts
  • Finance: ensures the day-to-day application of financial controls for pay-related expenditures
  • Human resources: performs activities relating to, for example, classification, staffing, labour relations, official languages, training and development, and performance management (including awards and recognition) and validation of section 34 approvals of the transactions submitted for HR processing
  • Responsibility centre manager: initiate expenditures, manage commitments and exercise certification under section 34 of the FAA

These roles are defined in more detail in Appendix E of this guideline.

The guideline provides practical guidance common to all departments and provides examples of generic internal controls (Appendix A), as well as a recommended approach for post-payment verification of pay transactions (Appendix B). The intent is to integrate with, but not duplicate, documentation provided by PSPC and the Treasury Board of Canada Secretariat.

2.1 Disclaimer

This guideline outlines the requirements of legislation, regulations and Treasury Board policies relating to the financial administration of pay. If there are conflicts between this guideline and legislation, regulations or policy, the most authoritative reference will apply. In addition, any examples, considerations and recommendations are provided for illustrative purposes only and may not apply to all departments or situations.

2.2 Definitions

Definitions are included in Appendix E.

3. End-to-end process

The pay administration process is divided into three sub-processes (see Figure 1).

Figure 1: Pay administration sub-processes
Text version below:
Text version

Figure 1 illustrates the order of three sub processes: pre-payroll, payroll and post-payroll.

  1. Pre-payroll relates to activities to initiate, approve and verify a pay or HR action (“pay-related action”) before payment.
  2. Payroll relates to activities to calculate net pay, perform payment authority and issue payments.
  3. Post-payroll relates to activities to monitor payments, ensure that certification and verification of pay transactions has been completed, record pay in the Departmental Financial and Materiel Management System (DFMS) and complete period end reconciliations.

4. Process flows and descriptions

4.1 Pre-payroll sub-process

The purpose of the pre-payroll sub-process is to ensure that pay-related actions are initiated with correct, valid and complete information and that spending and financial authorities are applied by an individual with the appropriate delegated authority. The sub-process starts with a pay-related action initiated by a responsibility centre manager or an employee (for example, self-service). Pre-payroll activities may also be initiated by HR and/or compensation (either in the department or at the Pay Centre) such as mandatory cash-out of leave. The sub-process ends with complete, accurate and valid transactions in Phoenix. Figure 2 shows the process flow of the pre-payroll sub-process. Activities 4.1.2, 4.1.3, 4.1.4 and 4.1.5 are completed simultaneously, as indicated by the dotted line around those activities. Appendix F of this guideline provides a legend for the flowchart.

Figure 2: Pre-payroll sub process
Text version below:
Text version

Figure 2 provides an overview of the pre-payroll sub‑process. It starts with the initiation of pay-related action requests, followed by a decision regarding whether the expenditure initiation authority is required.

When the expenditure initiation authority is required, all of the following four activities must be completed:

  • verify the unencumbered balance;
  • obtain expenditure initiation;
  • record commitments and the commitment authority; and
  • update the salary forecast.

These four activities can be completed simultaneously. Once they are completed, approval from the delegated human resources authority must be obtained and pay-related actions must be certified (this first portion of certification is required under section 34 of the Financial Administration Act).

                                                                                                 

When expenditure initiation authority is not required, the process continues to validate and verify the pay‑related actions before the data is entered into the Human Resources Management System and/or Phoenix.

                                                                                           

If a manual intervention is required in Phoenix, the issues should be identified and resolved before the pay-related actions are ready for the payroll sub-process.

                                                                                                

If no manual intervention is required in Phoenix, then the pay-related actions are ready to be moved to the payroll sub-process.

4.1.1 Initiate pay-related action requests

A pay-related action request includes HR actions, pay actions and employee-initiated actions that impact pay. Pay-related actions include the addition of new hires, whether they be indeterminate or determinate (casual, student, term, and so on), promotions, terminations, leaves with or without pay, and acting appointments. A responsibility centre manager or employee initiates a transaction in accordance with his or her approved budget and annual plan, as described in the HR policy suite documentation. The HR policy suite documentation contains detailed information for many elements of this sub-process and may be referred to at various steps in the sub-process.

For pay-related actions that result in a payment (for example, new hires, vacation payouts and overtime), expenditure initiation, commitment control and updating salary forecast are the next steps.

When pay-related actions do not require expenditure initiation authority (for example, retirements, transfers out, leave, retroactive pay under the terms and conditions of a new collective agreement), the process continues to validate and verify the pay-related actions before the data is entered into the HRMS or Phoenix. In these instances, certification under section 34 of the FAA is not needed. Certain employee-driven pay-related actions do not require expenditure initiation; these include, employee self-service entries such as changes in banking information, changes of address and certain leave requests (for example, leave without pay less than or equal to 5 days).

For certain types of transactions, consultation with other organizational units or with other government departments may be required to complete the pay-related action. For example, garnishmentsFootnote 3 or salary recovery requires coordination with Finance staff to ensure that the amount is accurate and compliant with regulations or policies; and employee transfers into or out of the department require communication and coordination between departments.

4.1.2 Verify unencumbered balance (section 32 of the FAA)

Before the appropriate expenditure initiation authority is exercised and HR authorities are obtained, individuals with delegated spending and financial authorities must confirm that there are sufficient unencumbered funds to cover all applicable costs and that related policy restrictions are considered.Footnote 4 If there are insufficient unencumbered funds, budgets must be reallocated or adjusted, the resource requirement must be revised, or the pay-related action must be terminated.

4.1.3 Obtain expenditure initiation

For transactions such as new hires (including promotions) and overtime, authorization of the planned expenditure must be obtained before entering into a contract, undertaking an HR action or other arrangement, and making a commitment against the budget.Footnote 5 Authorization may be documented through an email, a departmental form, a system (electronic approval), an approval of a work schedule or an overtime request.

4.1.4 Record commitments (section 32 of the FAA) and commitment authority

All anticipated expenditures charged to a department’s appropriation, including expenditures that will eventually be cost-recovered, should be committed in the department’s financial system.Footnote 6 The responsibility centre manager is accountable for ensuring that the commitment is recorded in accordance with departmental policy and procedure, including continuing commitments that impact future fiscal years.Footnote 7 The ultimate objective is that all commitments are managed and that responsibility centre managers do not exceed their allocated budgets and, by extension, that the department does not exceed its appropriations. Commitment authority is exercised when the expenditure is authorized (see 4.1.3), the unencumbered balance is verified (see 4.1.2) and the commitment is recorded (see 4.1.4).Footnote 8

When necessary, the department may use its salary forecasting process as a compensating control for commitment control.Footnote 9

4.1.5 Update salary forecast

Departments should make every effort to maintain the ongoing accuracy of their salary forecast in order to capture the most current information on salaries.Footnote 10 The responsibility centre manager is accountable for ensuring that the salary forecast, and therefore commitments, is maintained and is up to date. Changes in employee pay information (for example, wage increases) or a staffing event (for example, a resignation) that has pay implications require an update to the salary forecast. The timing for updating the salary forecast may vary and can occur at different points in the end-to-end process, depending on departmental practices. Responsibility centre managers should work with their financial management advisor to complete this task.

4.1.6 Obtain approval for delegated HR authority

Before a pay-related action is processed, it must be approved by the appropriate HR authority or authorities, as described in the department’s HR delegation of authority instruments. In the context of an approved operational plan and organizational model, a responsibility centre manager or HR initiates the process based on provisions within the appropriate HR policy suite. For more information on obtaining delegated HR authorities, refer to the departmental HR delegation of authority instruments documentation.

4.1.7 Certify pay-related actions (first portion of certification required under section 34 of FAA)

After approval by the HR delegated authority has been obtained, the appropriate delegated authority performs the first portion of the certification required under section 34 of the FAA by confirming that the payment is reasonable. This is done by reviewing or signing a letter of offer, a timesheet or a vacation pay cash-out, for example. It is important to note that certification of section 34 is performed manually for many types of pay actions and therefore there is an increased risk that this certification does not take place in a timely manner. However, given that timely certification of section 34 (that is, prior to entering these pay actions in the HR systems) is essential to support the accuracy and validity of departmental pay-related expenses, departments should take steps to implement robust processes for certification of section 34 pay actions.

Because not all of the details of pay such as the account coding can be verified at this point, certification under section 34 of the FAA cannot be completed until the pay has been issued. Refer to section 4.3.3 and Appendix C.

For extra duty pay, timesheets and other time-related events, this certification can be provided electronically in the system (HRMS or Phoenix). Employees input their time in the system, and the individual with delegated authority approves the transaction and exercises the first portion of certification under section 34 of the FAA directly in the system. The individual with delegated authority is informed of the transactions, either by the employee, through an automated notification, or by verifying pending transactions in Phoenix.

For departments that are using the common HRMS, MyGCHR, certain transactions such as leave without pay (5 days or less), recoveries and cash-outs are approved directly in MyGCHR by a delegated authority; the pay-related action is then entered again into Phoenix.

Sufficient controls must be in place to maintain appropriate segregation of duties between incompatible functions.Footnote 11 Refer to Appendix E for definition of segregation of duties and examples of incompatible duties as per the Directive on Delegation of Spending and Financial Authorities. Specific controls pertaining to segregation of duties are described in Appendix A.

4.1.8 Validate and verify pay-related actions

Pay-related actions are then validated and verified. Before HR enters the pay-related action into the departmental HRMS, HR ensures that pay-related actions are:

  • valid (authorized by delegated authorities)
  • complete and accurate in accordance with departmental policies, directives and orders-in-council
  • supported by appropriate documentation (for example, time sheets, letters of offer, other departmental forms)

Departments may use checklists or other tools to promote a consistent approach to validation activities.

For departments served by the Pay Centre, a Pay Action Request (PAR) form and the required supporting documentation is sent to the Pay Centre by the departmental Trusted Source when a financial or HR authority is required.

Before submitting PAR forms to the Pay Centre on behalf of a department, the Trusted Source is responsible for:

  • authenticating the delegated HR or financial authority, including signatures
  • ensuring that the PAR form is fully complete, accurate and accompanied by all required supporting documentation

Each client department of the Pay Centre is responsible for informing the Pay Centre of the departmental email address or addresses that are authorized to send PAR forms that require a Trusted Source. Requests for changes to the official Trusted Source email listing must be cc’d to the department’s Head of HR or Chief Financial Officer. The Pay Centre will accept only PAR forms that require a Trusted Source from an authorized email address. For audit and control purposes, departments must maintain a list of:

  • the names of their Trusted Sources and which email addresses they are authorized to use
  • the periods during which these individuals are authorized to perform Trusted Source validations

Departments are expected to maintain their list of Trusted Sources and periods of validity for the current period plus six fiscal years, and make the list available to the Pay Centre within 24 hours of any request to view it.

For transactions that do not require a financial or HR authority, employees can use a PAR form to send information directly to the Pay Centre (for example, to enroll in voluntary insurance plans or repayment plans).

When employees use employee self-service in PeopleSoft, they are responsible for validating and verifying their own data, such as their banking information, for completeness and accuracy. Employees can also enter time and labour transactions, such as overtime or part-time hours, using employee self-service.

4.1.9 Input pay-related actions in HRMS

Once the transaction has been verified, the pay-related action is entered into the departmental HRMS. When the department’s HRMS is integrated with Phoenix (fully serviced by the Pay Centre, integration, or web services), information input into the HRMS is directly transferred to Phoenix. Departments require effective internal controlsFootnote 12 to ensure that data is valid, complete and accurate as a preventative measure because this data directly impacts the quality of information used for payroll processing. Enforcing strong data quality minimizes the level of effort required to address issues and perform adjustments post-payroll.

For some departments, data may be entered directly by the employee in the HRMS or other departmental systems, such as employee data and overtime. For some entries, a delegated authority may exercise the first portion of certification under section 34 of the FAA directly in the HRMS.

4.1.10 Enter pay-related actions in Phoenix

Depending on the department’s pay administration model (fully serviced by the Pay Centre, integration, direct entry or web services) and the type of pay-related action, data may flow through directly to Phoenix or data may need to be manually entered into Phoenix. For more information on roles and responsibilities for different types of pay-related transactions, refer to the pay process roles and responsibilitiesFootnote 13 prepared by PSPC which explains which information is entered by the department through HRMS and which information is entered directly by compensation at the Pay Centre.

When data does not come from the HRMS, the compensation advisor keys the transaction into Phoenix. Compensation advisors are responsible for verifying the accuracy of the data they input.

Certain actions can be done directly by the employee in Phoenix using employee self-service. This service allows employees to directly enter their own data that impacts pay including overtime, timesheets, leave without pay less than or equal to 5 days, changes to the employee’s bank account information, or voluntary deductions.

There are instances when the employee is not able to input their own time-related data in Phoenix (for example, employees who are in remote locations or on travel status). The department may choose to establish a timekeeper role in Phoenix where a designated individual enters time and labour in Phoenix. In these instances, the employee submits the pay-related action to the delegated authority, who certifies the pay action before forwarding it to the timekeeper. The timekeeper then ensures that the first portion of certification under section 34 of the FAA was provided and enters the information into Phoenix and approves the transaction directly into Phoenix, on behalf of the delegated authority. Departments should independently review entries performed by timekeepers using a risk-based approach to ensure that transactions are valid.

Phoenix is configured to calculate the pay accurately and ensure that the payment is in accordance with the various collective agreements. This verification supports section 34 of the FAA.

4.1.11 Identify and resolve issues

When issues are identified in the pre-payroll processes, HR, compensation, responsibility centre managers, finance and employees may be involved to resolve them. Issues, such as denying a leave without pay, may require commitments to be updated. Some issues will require resolution through the initiation of a new pay-related action, such as when the current pay-related action is rejected or when a significant error is identified.

4.1.12 Roles and responsibilities

Table 1 provides an overview of roles and responsibilities, using the responsible, accountable, consulted and informed (RACI) approach. The terms used in this approach are defined in Appendix E.

Pay-related actions are initiated by either a responsibility centre manager or an employee. The responsibility centre manager provides expenditure initiation, verifies whether there are sufficient unencumbered funds, records a commitment and updates the salary forecast. The responsibility centre manager is also responsible for obtaining appropriate HR delegation as required. The pay-related action is certified, for the first portion, by the appropriate delegated authority under section 34 of the FAA, typically, the responsibility centre manager.

As there can only be one accountable role per RACI, the RACIs for activities 4.1.1 and 4.1.8 to 4.1.10 of this sub-process were broken down into two scenarios, depending on who processes data into Phoenix or HRMS. In Scenario 1 (S1), designated HR representatives review and validate the information on the pay-related action. HR or compensation processes data in the HRMS, and compensation processes data in Phoenix. For self-service transactions, as demonstrated in Scenario 2 (S2), employees initiate the pay-related action and validate their own entry before the certification under section 34 of the FAA is performed by the delegated authority, where applicable. Certain self-service transactions initiated by employees may not require expenditure initiation authority or certification under section 32 of the FAA; therefore, there are no RACI tables for activities 4.1.2 to 4.1.7 for this scenario.

Legend

COMP: Compensation (departmental or Pay Centre)

EE: Employee

FIN: Finance

HR: Human resources

RCM: Responsibility centre manager

Table 1: RACI for pre-payroll sub-process
ActivityResponsibleAccountableConsultedInformed
4.1.1 Initiate pay-related action requests

S1: RCM

S1: RCM

S1: COMP, EE, HR

S1: EE

S2: EE

S2: EE

S2: COMP, HR, RCM

S2: RCM

4.1.2 Verify unencumbered balance

RCM

RCM

FIN

FIN

4.1.3 Obtain expenditure initiation

RCM

RCM

FIN

FIN

4.1.4 Record commitments (section 32 of the FAA) and commitment authority

RCM

RCM

FIN

FIN

4.1.5 Update salary forecast

RCM

RCM

FIN, HR

FIN, HR

4.1.6 Obtain approval for delegated HR authority

RCM

RCM

HR

HR

4.1.7 Certify pay-related actions (first portion of certification required under section 34 of FAA)

RCM

RCM

EE, FIN, HR

EE, FIN

4.1.8 Validate and verify pay-related actions

S1: COMP, FIN, HR

S1: HR

S1: EE, HR, RCM

S1: HR

S2: EE, RCM

S2: EE

S2: HR, RCM

S2: HR, RCM

4.1.9 Input pay-related actions in HRMS

S1: HR

S1: HR

S1: HR

S1: HR

S2: EE

S2: EE

S2: HR

S2: HR

4.1.10 Enter pay-related actions in Phoenix

S1: COMP

S1: COMP

S1: HR

S1: EE, HR

S2: EE, RCM

S2: EE

S2: HR

S2: HR

4.1.11 Identify and resolve issues

COMP, EE, HR, RCM

COMP

COMP, EE, HR, RCM

EE, RCM

4.2 Payroll sub-process

The objective of this sub-process is to provide payment authority under section 33 of the FAA before pay is issued to an employee. The Payroll sub-process starts with receiving the request for payment authority from PSPC and continues with the review and approval of the transaction and providing payment authority (section 33 of the FAA) before the payment is issued. The activities in the sub-process are applicable for all pay administration models. Figure 3 shows the process flow of the payroll sub-process. Appendix F of this guideline provides a legend for the flowchart.

Figure 3: Payroll sub-process
Text version below:
Text version

Figure 3 illustrates the payroll sub‑process. The payroll sub-process starts when a request for a payment is received and is followed by a quality assurance review (review 1).

If there are no issues identified during review 1, the delegated authority can perform payment authority under section 33 of the Financial Administration Act.

If issues are identified during review 1, an investigation, consultation and assessment are required. Once the follow‑up is conducted, there are four options available:

  1. perform payment authority under section 33 of the Financial Administration Act;
  2. reject the changes to a regular payment;
  3. perform a stop payment; or
  4. take no action.

If the department provides authorization under section 33 of the Financial Administration Act, Phoenix sends the requisition to the Receiver General Standard Payment System for payment processing. After the payment has been requisitioned, there may be exceptional circumstances when it may be necessary to reverse or intercept a payment. Otherwise, payments and pay stubs are released to employees on a pay‑period basis.

When a reversal or intercept of a payment is required, or if the delegated authority took no action, performed a stop payment or rejected the transaction, it is recommended that the responsibility centre manager, and, as needed, the human resources or compensation unit, be advised so that they can follow up with the employee. This follow‑up may result in a pay-related action, returning to the beginning of the pay administration process (the pre-payroll sub‑process).

4.2.1 Receive request for payment

For all pay administration models, the request for payment, which includes the pay transaction data, payment details, and employee data, is provided to Finance for authorization in Phoenix. Phoenix will not process pay until payment authority (section 33 of the FAA) is provided.

4.2.2 Perform quality assurance: Review 1

To balance the appropriate execution of delegation of authority with timely delivery of pay, departments may use a risk-based approach,Footnote 14 which is applicable for all pay administration models. The risk-based approach includes quality assurance processes carried out by those with payment authority, both before exercising payment authority (pre-payment verification) and after exercising payment authority (post-payment verification).Footnote 15 Authorities can be authenticated before or after processing of the transactions for expenditure decisions.Footnote 16

The level of review performed pre-payment will directly impact the level of review performed immediately post-payment (Review 2) (see section 4.3.2), as well as the post-payment review performed in support of the quality assurance program (see Appendix B, section 2.2.1, for more details on a risk-based approach). The more in-depth the review conducted during pre-payment, the lower the level of review required post-payment. Departments have the flexibility to determine which approach works best for them. The approach should be documented and should be approved by the Chief Financial Officer. Departments are not expected to repeat work that is done by Phoenix or the Pay Centre. The level and timing of review will depend on the department’s assessment of, and tolerance for, risk.

Pay transactions can be viewed as lower risk because they are with an established payee, who has a consistent record of performance and because there is an established and continued relationship.Footnote 17 Nevertheless, the department would want to ensure that the pay is reasonable and that there are no significant errors. The department therefore performs a risk-based review before the payment is issued. Refer to section 2.2 of Appendix B for more details on establishing a risk-based approach for pay transactions.

The review could include follow-up of transactions that exceed a certain threshold, using the reports provided by PSPC or developed by the department, a focused review of certain types of pay transactions (pay for new hires, termination severance, and so on) and a reasonability review of overall pay amounts. The review must be sufficient to ensure that there are no significant errors, but it must also consider the time constraints related to the payroll run.

There are opportunities to view and correct errors during the period leading up to the pay; departments are encouraged to continuously review the pay information before the cut-off for the pay run. Errors found during this review can be used to inform the departmental post-payment verification program. Refer to Appendix B for more details on post-payment verification.

For payments where issues are identified, the process continues with activity 4.2.3 to investigate, consult and assess action.

4.2.3 Investigate, consult and assess action

When issues are identified during review 1 (see section 4.2.2), it may be necessary to investigate and consult with the responsibility centre manager, with HR, with compensation or with the employee to confirm whether there is an error and to identify the cause of it.

The department then assesses what action is required given the follow-up conducted. Four options are available:

  • perform payment authority under section 33 of the FAA
  • reject changes to regular payment
  • perform stop payment
  • take no action

4.2.4 Perform payment authority (section 33 of the FAA)

Once the individual with payment authority is satisfied that the required steps, as described in the department’s quality assurance program (refer to section 4.2.2 and Appendix B), have been met, they can perform payment authority. Performing payment authority includes ensuring that there is sufficient, auditable evidence to demonstrate that the first portion of certification under section 34 of the FAA has taken place and that the payment will not result in the appropriation being exceeded when existing commitments are also factored in. It is important to note that it is only the first portion of certification under section 34 of the FAA that is performed before the payment is made. Completion of certification is performed after the payment (refer to section 4.3.3).

Exercising authorization under section 33 of the FAA requires reliance on the appropriate salary forecasting process, as well as on the departmental budgeting and forecasting process, to ensure that sufficient unencumbered funds are available. Furthermore, departments rely on the Pay Centre or Phoenix to perform certain controls, and departments are not expected to repeat these controls.

For payment authority to be exercised, the request for pay transaction is certified under section 33 of the FAA, directly in Phoenix. In addition, when Phoenix calculates a pay and is required to adjust the pay to comply with collective agreements (for example, in the case of acting appointments and 4% vacation pay), authorization under section 33 of the FAA is also required to authorize the change in amount.

Only individuals with appropriate delegated authority can provide payment authority in Phoenix. In addition, delegated authorities should be exercised in a manner that segregates certain duties.Footnote 18 Refer to Appendix A and E for clarification.

If the payment is not authorized, the delegated authority for section 33 of the FAA may reject the change, perform a stop payment or take no action, as described in the following sections.

4.2.5 Reject changes to regular payment

The delegated authority for section 33 of the FAA can reject the changes to a regular payment. The employee will be issued payment equal to the lower amount on the matched earnings codes as compared to the previous pay period. The rejected amount will appear in the rollback viewer in Phoenix,Footnote 19 which includes all amounts not paid on any rolled-back payment. Any rejected payment should be reviewed and addressed as soon as possible.

4.2.6 Perform stop payment

The delegated authority for section 33 of the FAA can perform a stop payment, which completely halts the employee’s pay until the issue is resolved and the payment is allowed to be completed. Stop payments are used when an employee is not entitled to be paid anything (for example, leave without pay where paperwork has not yet been processed) or a significant error has been identified. The delegated authority may want to consult with HR before proceeding with the stop payment. It is advisable to stop the payment if needed at this stage rather than perform an intercept through the Receiver General Standard Payment System (SPS).

4.2.7 Take no action

The delegated authority for section 33 of the FAA can take no action. If no action is taken, the amounts associated with payments are left pending at the end of the pay cycle. Non-actioned items are treated in the same way rejected payments are treated (see section 4.2.5) with the exception that the differences in pay are entered into the Phoenix rollback viewer. These transactions are labelled as “pending status” in the rollback viewer to be addressed later (for example, in a later off-cycle pay run).

4.2.8 Process approved payments in Phoenix

Once the department provides authorization under section 33 of the FAA, Phoenix sends requisitions to the Receiver General SPS for payment processing.

After payments have been requisitioned, there are exceptional circumstances when it may be necessary to intercept a payment. Refer to the Phoenix User Productivity Kit (UPK) for specific instructions. The purpose of intercepting a payment is to prevent an account from being credited in the event of a termination, a projected overpayment or any other reason for non-entitlement. Intercepts stop payments after they are processed, but before they are credited to the employee’s bank account.

4.2.9 Advise RCM or HR for follow-up

If the transaction is not approved and the individual with delegated authority under section 33 of the FAA took no action, performed a stop payment or rejected the transaction, it is recommended that the responsibility centre manager, and, as needed, HR or compensation, be advised so that they can follow up with the employee. This would also be the case when an intercept, which can only be done by compensation, has taken place. This follow-up may result in a pay-related action, returning to the beginning of the pay administration process at 4.1.1.

4.2.10 Issue payment

On a pay-period basis, payments (direct deposits and, as an exception, cheques) and pay stubs are released to employees. Pay stubs are available via self-service, with the exception of terminated employees, who receive pay stubs by mail from the compensation advisor.

4.2.11 Roles and responsibilities

Table 2 provides an overview of roles and responsibilities, using the RACI approach. These terms are further described in Appendix E.

Finance is accountable for the activities related to authorizing payments (section 33 of the FAA).Footnote 20 When issues arise, it may be necessary to consult and inform HR, compensation, the responsibility centre manager or, at times, the employee.

Legend

COMP: Compensation (departmental or Pay Centre)

EE: Employee

FIN: Finance

HR: Human resources

n/a: Not applicable

PSPC-PAB: Public Services and Procurement Canada, Pay Administration Branch

RCM: Responsibility centre manager

Table 2: RACI for payroll sub-process
ActivityResponsibleAccountableConsultedInformed
4.2.1 Receive request for payment

FIN

FIN

HR, RCM

COMP, HR, PSPC-PAB, RCM

4.2.2 Perform quality assurance: Review 1

FIN, HR

FIN

HR, RCM

COMP, HR, RCM

4.2.3 Investigate, consult and assess action

COMP, FIN, HR

FIN

COMP, HR, RCM

COMP, HR, RCM

4.2.4 Perform Payment Authority

FIN, HR

FIN

HR, RCM

COMP, HR, PSPC-PAB, RCM

4.2.5 Reject changes to regular payment

FIN, HR

FIN

COMP, EE, HR, RCM

COMP, HR, RCM

4.2.6 Perform stop payment

FIN, HR

FIN

COMP, EE, HR RCM

COMP, HR, RCM

4.2.7 Take no action

FIN, HR

FIN

COMP, EE, HR, RCM

COMP, HR, RCM

4.2.8 Process approved payments in Phoenix

FIN, HR, COMP

FIN

n/a

n/a

4.2.9 Advise RCM or HR for follow-up

COMP, FIN

FIN

COMP, HR, RCM

COMP, HR, RCM

4.2.10 Issue payment

PSPC-PAB

FIN

FIN

COMP, EE, HR, RCM

4.3 Post-payroll sub-process

Overview

The purpose of this sub-process is to complete the pay administration process and record the transactions in the DFMS. Post-payroll begins with the return payment file from Phoenix, continues with recording pay transactions in the DFMS and ends once all reconciliations and verifications, including post-payment verification, have been completed and the salary forecast is updated. The activities in the sub-process are applicable for all pay administration models. Figure 4 shows the process flow of the post-payroll sub-process. Appendix F of this guideline provides a legend for the flowchart.

Figure 4: Post-payroll sub process
Text version below:
Text version

Figure 4 depicts the process flow of the post-payroll sub‑process, which completes the pay administration process.

The post‑payroll sub‑process begins with the return payment file from Phoenix and continues with the recording of the pay transaction in the departmental financial and materiel management system.

Once the transaction is recorded in the departmental financial and materiel management system, the following four activities must be completed:

  1. a quality assurance (review 2);
  2. validation of pay (completion of certification required under section 34 of Financial Administration Act) and adjustment salary forecast as required;
  3. reconciliation of Receiver General control accounts (monthly and year-end accounting); and
  4. performing post-payment verification (quality assurance).

The post-payroll sub‑process ends with accurate, valid and complete information.

If the information is not accurate, valid and complete, the discrepancies must be resolved before the process ends. This process may result in returning to the beginning of the pre-payroll sub‑process or payroll sub-process.

4.3.1 Record pay transaction

The SPS creates a return file with the payment detail and the payment reference number, and returns the file to Phoenix. Phoenix updates the pay cheque record with the payment reference number. A file, the IO33, is created and sent to the Payroll System-General Ledger (PS-GL), and a detailed expenditure extract file known as the IO50 is created that includes the payroll data for all departments. Using additional software, the payroll data from the IO50 is then separated by department, and each department receives their individual IO50 report.

The IO50 is used to record gross pay transactions and adjustments including cancelled payments. The department monitors the receipt and processing of the return payment file and ensures that it is posted completely and accurately in the DFMS. Departments can choose to have financial coding assigned in Phoenix; otherwise, the financial coding is assigned directly in the DFMS.

Some salary-related transactions, such as secondments and interchanges, are not included in the detailed expenditure extract file because these transactions are outside the scope of Phoenix. These activities depend on coordination between HR and Finance to correctly account for and offset pay-related expenditures.

4.3.2 Perform quality assurance: Review 2

As part of the quality assurance program (refer to section 4.2.2 and Appendix B), the department may choose to conduct an additional risk-based review of pay to address issues that could not be fully resolved before pay. The level of review will depend on what was conducted pre-payroll and on what may be conducted as part of post-payroll verification. Departments have the flexibility to determine the level of review that works best for them.

The review, which supports section 33 of the FAA payment authority, helps the department identify issues on a more timely basis before post-payment verification. The review could be based on the IO50, pay audit reports, and time and labour audit reports from Phoenix. Other data could also be used, such as information from the department’s HRMS or other systems.

This review, performed by Finance, with assistance from HR, could include verifying certain transactions, performing data analysis to identify potential issues, reviewing areas of specific concern or comparing actual pay against the salary forecast to detect exceptions. Departments are not expected to repeat work that is done by Phoenix or the Pay Centre.

4.3.3 Validate pay (completion of certification required under section 34 of FAA) and adjust salary forecast as required

Because pay is a lower-risk transaction (see 4.2.2) and because pay must be issued on a timely basis, departments complete certification under section 34 of the FAA after pay has been issued. Once pay is posted, the responsibility centre manager reviews the pay transactions and completes the required certification of transactions that relate to their own budget. The responsibility centre manager certifies that the work has been performed, that the appropriate employee has been paid and that the amount is reasonable. In addition, the responsibility centre manager reviews the transactions to ensure that the correct financial coding has been applied.

The review can be documented through either physical sign-off or using approvals in the system. The department will need to determine the frequency of the review (for example, every two weeks, once a month, quarterly or as defined by the departmental periodic forecast process). However, it is suggested to do the review more frequently than less. There must be auditable evidence that the certification required under section 34 has been completed for all transactions in the selected period.Footnote 21 Certification should be obtained in a manner that maintains appropriate segregation of duties between incompatible functions.Footnote 22 Refer to Appendix E for required segregation of duties under the Directive on Delegation of Spending and Financial Authorities. Specific controls pertaining to segregation of duties are described in Appendix A.

At the same time, pay is reconciled to the salary forecasts. Forecasts are updated and provide an opportunity for the responsibility centre manager to identify potential pay issues such as errors in start and end date and potential duplicate payments. It is good practice for departments to provide guidance to responsibility centre managers on this review, including guidance on the level of review, areas of focus, criteria for follow-up and how this review should be documented. Responsibility centre managers are encouraged to contact their financial management advisor for assistance where required.

4.3.4 Reconcile Receiver General control accounts (monthly and year-end accounting)

Departments reconcile pay expenditures and the control account balances on a pay-period basis. On a monthly basis, the department receives a final payroll control account balance report through the Central System Mailbox, which is reconciled to the payroll control account in the individual DFMS for trial balance reporting purposes to the Central Financial Management and Reporting System (CFMRS). Departments include a payroll control account in their trial balance, which is verified in CFMRS against the respective departmental payroll control account submitted by the PS-GL as part of the monthly close process.Footnote 23

These linked sections provide information to departments and agencies to help them meet year-end accounting and reporting requirements. Departments are responsible for all accrual entries related to salary, wages and overtime and payroll processing required at the end of an accounting period and at the fiscal year-end. The timetable and procedures are outlined in Receiver General Manual, year-end timetable and procedures.

4.3.5 Perform post-payment verification (quality assurance)

Post-payment verification (or post-payment examinationFootnote 24) is the third component of the quality assurance program (refer to Appendix B). It ensures compliance with section 33 of the FAA by verifying that there is sufficient evidence to confirm that payments have been made for work that has been performed, that services have been rendered, that the relevant agreement terms and conditions have been met, that the transaction is accurate, and that compliance with associated authorities has been met in support of section 34 of the FAA.Footnote 25

The approach used for post-payment verification may vary depending on the level of verification pre-payment and on the level of examination in reviews 1 and 2 (see 4.2.2 and 4.3.2). Departments are not expected to repeat work that is done by Phoenix or the Pay Centre. Appendix B provides additional information and guidance on the quality assurance program.

Departments should document their post-payment verification procedures to provide a description of the approach being used and the reasoning behind the treatment of pay transactions being reviewed post-payment.Footnote 26 It is good practice to report the results of the post-payment verification review to management, as well as to identify systemic errors and track error rates. See Appendix B for further guidance on post-payment verification activities.

4.3.6 Resolve discrepancies

Discrepancies may be identified from the various activities conducted to review, validate and reconcile payroll. When information is not accurate, valid or complete, the issue should be resolved in a timely manner. A pay-related action (return to pre-payroll sub-process, 4.1.1), a change in financial posting, a change in salary forecast, or some other action may be required. It is good practice to identify the nature of the error and to determine whether there is a systemic issue. If the error keeps occurring, then additional steps for remediation may be necessary.

4.3.7 Roles and responsibilities

Table 3 provides an overview of roles and responsibilities, using the RACI approach. These terms are further described in Appendix E.

Finance is generally accountable for post-payment activities, with the exception of validating pay and updating the salary forecast, for which the responsibility centre manager is accountable. When performing post-payment activities, Finance works collaboratively with HR, which has the expertise to review pay transactions and which may provide supporting documentation. The Receiver General and PSPC’s Pay Administration Branch may be consulted and informed in terms of the files received and the reconciliations.

Legend

COMP: Compensation (departmental or Pay Centre)

EE: Employee

FIN: Finance

HR: Human resources

PSPC-PAB: Public Services and Procurement Canada, Pay Administration Branch

RCM: Responsibility centre manager

Table 3: RACI for post-payroll sub-process
ActivityResponsibleAccountableConsultedInformed
4.3.1 Record pay transaction

FIN

FIN

COMP, HR, PSPC-PAB, RCM, RG

RCM

4.3.2 Perform quality assurance: Review 2

FIN, HR

FIN

HR

HR, RCM

4.3.3 Validate pay (completion of certification required under section 34 of FAA) and adjust salary forecast as required

FIN, RCM

RCM

FIN, HR

FIN, HR

4.3.4 Reconcile Receiver General control accounts

FIN

FIN

PSPC-PAB, RG

FIN, RCM

4.3.5 Perform post-payment verification (quality assurance)

FIN, HR

FIN

COMP, FIN, HR, RCM

FIN, HR

4.3.6 Resolve discrepancies

FIN, HR, RCM

FIN

COMP, FIN, HR, PSPC-PAB, RCM

FIN, HR, RCM

5. Summary of financial authorities

As indicated in the introduction, one of the objectives of the guideline is to help departments implement key financial authorities, specifically, those set out in sections 32, 34 and 33 of the FAA. The following table summarizes how each of these sections of the FAA is addressed in the guideline.

Section of the FAAFinancial authoritiestable 1 note 1Description

Table 1 Notes

Table 1 Note 1

See definitions in Directive on Delegation of Spending and Financial Authorities, section 4.1

Return to table 1 note 1 referrer

32

Commitment authority

Departments are required to charge to their appropriation pay-related expenditures. They may use their salary forecast process as a compensating control. Refer to section 4.1.4.

34

Certification authority

Responsibility centre managers, compensation advisors or human resources perform verification of pay transactions throughout the process. In addition, departments rely on configured controls in Phoenix to calculate pay accurately in accordance with collective agreements. For more details on section 34 of the FAA, see Appendix C.

Because of time constraints and reliance on Phoenix, not all details of pay can be certified before payment is made. The following two elements must be completed by the responsibility centre manager in order to exercise certification authority:

  • Authorization of transaction before pay (refer to section 4.1.7), for example, signing the letter of offer
  • Validation of pay after payment is made (refer to section 4.3.3), for example, reviewing with departmental periodic forecast process

33

Payment authority

Payment authority is supported by the department’s documented quality assurance program (refer to Appendix B). Departments are expected to use the risk-based approach that is most appropriate for their organization given the risk associated with the transactions and taking into account the time-sensitive nature of pay-related transactions. This guideline proposes three potential reviews at different points in the process:

  • Before payment is issued: Quality assurance: Review 1 (refer to section 4.2.2)
  • Immediately after payment is issued: Quality assurance: Review 2 (refer to section 4.3.2)
  • On a periodic basis: Post-payment verification (refer to section 4.3.5)

The level of review performed pre-payment will directly impact the level of review performed immediately post-payment, as well as the post-payment verification. The more in-depth the review conducted pre-payment, the lower the level of review that may be required post-payment. Departments have the flexibility to determine the level of review that works best for them.

6. References

The following references apply to this guideline.

6.1 Acts and regulations

6.2 Policy instruments

6.3 Other references

7. Enquiries

7.1 Members of the public may contact Treasury Board of Canada Secretariat Public Enquiries regarding any questions about this guideline.

7.2 Individuals from departments should contact their departmental financial policy group regarding any questions about this guideline.

7.3 Individuals from a departmental financial policy group may contact Financial Management Enquiries for interpretation of this guideline.


Appendix A: Illustrative departmental control framework

The implementation of Phoenix has increased the interdependencies of processes performed by Public Services and Procurement Canada (PSPC) and by other departments. Departments rely on the effectiveness of the Phoenix system primarily for pay processing and time and labour reporting, where applicable. Departments that are fully serviced by the Pay Centre also rely on the effectiveness of Pay Centre activities and practices (including controls). Similarly, PSPC relies on the effectiveness of departmental processes to ensure that information provided to Phoenix and/or the Pay Centre is valid, timely, complete and accurate.

The following control framework is a tool that departments can use when developing their own internal control framework for pay administration in order to demonstrate that they have effective internal controls.Footnote 27 Departments are encouraged to develop customized control frameworks to support the end-to-end pay administration process with linkages to the PSPC control frameworks or other related processes. The controls included in the framework are illustrative controls only. Each department will need to customize the controls to its own environment and risk tolerance. Other controls may be required.

Using the illustrative controls as guidance, it is recommended that departments update the control to specify “who, what, where, when, and how” for each activity. If the illustrative control is not appropriate for the department, the department will need to consider alternate controls that address the risk and control objective. In addition, departments should ensure that appropriate communication, training and governance mechanisms are in place so that individuals are aware of the controls and have the appropriate knowledge and authority to support the controls being implemented by the department. It is good practice to maintain appropriate documentation and an audit trail for all transactions. Furthermore, departments are responsible for ensuring that a risk-based departmental system of internal control over financial management is established, monitored and maintained.Footnote 28 This includes assessing the design and operating effectiveness of controls related to pay administration.

As noted in this guideline, all departments use the Phoenix system for pay processing. The controls related to the Phoenix system are outlined in the Pay Control Framework (referred to as “Phoenix Application and IT General Controls”). Some departments are using the Pay Centre and rely on their processes. The controls are outlined in the Pay Centre Control Framework. Except to show continuity in the controls, this framework does not repeat the controls from the Pay Control Framework (Phoenix Application and IT General Controls) or the Pay Centre Control Framework; it is intended to complement, not to duplicate. This illustrative control framework focuses on the role of the department in supporting the integrity of the end-to-end pay administration process.

The control framework identifies generic control activities that support the control objectives and mitigate their associated risks. The key elements included in the control framework are as follows:

  • control number: each generic key control activity has been assigned a control number for ease of reference
  • control objective: relate to management’s financial reporting objectives which focus on accuracy, completeness and validity of information
  • risk statement: is a statement describing the possibility of an event occurring that will have an impact on the achievement of objectives; in this case; that an error in pay will occur
  • reporting objective: indicates the reporting objective that is related to the control objective and risk statement. The following reporting objectives were used:
    • Accuracy: Pay-related actions, payments and information are recorded correctly.
    • Completeness: All pay-related actions, payments and required information are included.
    • Validity: Pay-related actions, payments and other information are authorized, genuine, and not fraudulent.
  • generic key control activity: Control activities are the policies and procedures that help ensure that the control objective has been met and that actions are taken to address the risks that may result in errors in pay. The control framework provides examples of generic key control activities for illustrative purposes only.
  • pay administration model: Indicates the pay administration model to which the generic key control activity may apply. Departments follow one of four pay administration models:
    1. Fully serviced by the Pay Centre: The department relies on the Pay Centre to process pay and the departmental HRMS is integrated with Phoenix.
    2. Integration: The department does not use the Pay Centre and the departmental HRMS is integrated with Phoenix.
    3. Direct entry: The department does not use the Pay Centre. The departmental HRMS is not integrated with Phoenix. Information is directly entered into each of the two systems.
    4. Web services: The department does not use the Pay Centre and the departmental HRMS, and potentially other departmental systems, interface with Phoenix.
  • illustrative control owner: The role that is responsible for the control, that does the work to complete the control activity or that is responsible for ensuring the control activity is completed.
Table 4: Illustrative control framework
Control numberControl objectiveRisk statementReporting objectiveGeneric key control activityPay administration modelIllustrative control ownerGuideline reference
AccuracyCompletenessValidityFully servicedIntegratedDirect entryWeb

Table 2 Notes

Table 2 Note 1

Directive on Delegation of Spending and Financial Authorities, section 4.1.11

Return to table 2 note 1 referrer

Table 2 Note 2

Directive on Delegation of Spending and Financial Authorities, section 4.1.11

Return to table 2 note 2 referrer

Pre-payment 
PRE 1

There are sufficient funds for payroll expenditures.

Payment results in exceeding departmental appropriations, and there are insufficient funds to make the payment.

 

 

A process exists where the responsibility centre manager ensures that there are sufficient funds available to incur the expenditure and that funds are committed under section 32 of the FAA.

RCM, FIN

4.1.2

PRE 2

Only valid actions are processed in the HR system.

There are insufficient funds to pay for the transactions.

Inappropriate pay-related actions are processed.

A process exists where responsibility centre managers review salary forecasts on a periodic basis to ensure that commitments, salary forecasts and actual payroll costs recorded in the Departmental Financial and Materiel Management System are accurate, complete and valid for employees in their area of responsibility. Variances are reviewed and follow-up is performed. The review and analysis is documented.

RCM

4.1.5

PRE 3

Only valid actions are processed in the HR system.

Inappropriate pay-related actions are processed.

 

 

Where applicable, pay-related actions are approved by the appropriate delegated authority for the first portion of the certification required under section 34 of the FAA. The approval takes place prior to the entry of the pay action in the HR management system and is documented (for example, indicated by approval email for an acting position) and documentation is retained.

RCM, HR

4.1.7

PRE 4

Only valid actions are processed in the HR system.

Inappropriate pay-related actions are processed.

There is a process to ensure that the HR transactions are valid, complete and accurate and supported by appropriate documentation before input in the HR management system.

HR

4.1.8

PRE 5

Only valid actions are processed in the HR system.

Inappropriate pay-related actions are processed.

 

 

Access to create, modify or delete employee data in the HR management system is restricted to authorized personnel and access is monitored for appropriateness on a periodic basis.

HR

4.1.9

4.1.10

PRE 6

Only valid actions are processed in the HR system.

Inappropriate pay-related actions are processed.

 

 

Where employees are permitted to update their own data in the HR management system (self-serve), the system restricts access so that each employee can only edit their own information. Access is monitored for appropriateness on a periodic basis.

HR

4.1.9

4.1.10

PRE 7

Only valid actions are processed in the HR system.

Inappropriate pay-related actions are processed.

 

 

Access to other systems supporting pay (for example, time and attendance) is restricted to individuals who require it to perform their duties and access is monitored for appropriateness on a periodic basis.

HR, FIN

4.1.9

4.1.10

PRE 8

Pay-related actions are processed on a timely basis.

Employee is not paid on a timely basis potentially leading to hardship for employee.

  

There is a mechanism in place to follow up on overdue pay-related actions to ensure that they are processed on a timely basis. Past-due requests are followed-up on and appropriate action is taken. Evidence of review of follow-up is retained.

RCM, HR

4.1.8

PRE 9

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

There is a process to ensure that pay-related actions are valid (are authorized by delegated HR and financial authority), complete and accurate in accordance with departmental policies and directives, orders-in-council and supported by appropriate documentation before sending it to the Pay Centre in a timely manner.

 

 

 

HR, FIN

4.1.9

PRE 10

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

A designated individual is responsible for:

  • maintaining a list of their Trusted Sources who are permitted to access the official Trusted Source email address
  • submitting PAR (Pay Action Request) forms from the Trusted Source email account
  • ensuring that the Public Service Pay Centre has a current Trusted Source email listing for their organization

 

 

 

HR

4.1.8

PRE 11

All pay-related actions are accurately processed in Phoenix on a timely basis.

Inappropriate pay-related actions are processed.

The department relies on the Pay Centre to accurately process all valid transactions submitted by the department.

 

 

 

n/a

4.1.10

PRE 12

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

The compensation advisor ensures that pay-related actions are valid (are authorized by delegated authority, as appropriate), complete and accurate and supported by appropriate documentation before input into Phoenix (or other system).

 

COMP

4.1.10

PRE 13

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

Information sent from the HRMS (or other systems) to Phoenix is monitored to ensure that information is transferred completely and accurately. Follow-up is performed as required and evidence of review of follow-up is retained.

 

HR, FIN

4.1.9

PRE 14

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

A designated individual performs a reconciliation between HR system and Phoenix to ensure that all pay-related actions are complete and accurate recorded in both systems. Follow-up is performed as required and evidence of review of follow-up is retained.

 

 

HR

4.1.9

PRE 15

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

If using Phoenix time and labour: The department relies on configured controls in Phoenix to require authorization from an individual with section 34 delegated authority to approve time entries.

 

Automated control

4.1.10

PRE 16

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

 

If using Phoenix time and labour: A process exists to send a file to the Pay Administration Branch that identifies individuals who have authority to approve time entries and require access to review and certify time entries under section 34 of the FAA.

 

FIN

4.1.7

PRE 17

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

Note that the department relies on configured controls in Phoenix for mandatory fields and edit checks for appropriateness of employee entitlement, correct application of collective agreements, legislation and regulations, and accuracy of the transactions and calculation.

Automated control

4.1.10

PRE 18

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

If using Phoenix time and labour: The timekeeper role is only provided to individuals within the department that require it for performing their job duties. Access is monitored for appropriateness on a periodic basis.

 

SACO

4.1.10

PRE 19

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

If using Phoenix time and labour: Information inputted by the timekeeper is independently reviewed for validity, completeness and accuracy and appropriate section 34 of the FAA approval, using a risk-based approach.

 

FIN

4.1.10

PRE 20

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

Data entered into Phoenix as a one-time payment file is reviewed for completeness, accuracy and validity by a second individual.

 

COMP

4.1.10

PRE 21

All pay-related actions are accurately processed in Phoenix.

Inappropriate pay-related actions are processed.

 

On a periodic basis, a designated individual performs a review of reports (for example, Pay Centre quality assurance reports, HR and pay audit reports) related to Pay Centre (if applicable) and Phoenix activities. Noted issues are tracked and changes to reviews, controls and/or post-payment verification strategy are implemented, if required.

FIN, HR

4.3.5 and Appendix B

Payroll
PAY 1

All payments are authorized under section 33 of the FAA before payment.

Payments made are inaccurate or inappropriate.

 

All payments are authorized under section 33 of the FAA by an individual with appropriate delegated authority before payment.

FIN

4.2.4

PAY 2

All payments are authorized under section 33 of the FAA before payment.

Payments made are inaccurate or inappropriate.

 

Before authorizing the payment, the person who has delegated authority under section 33 of the FAA reviews pay transactions using a risk-based approach to identify anomalies, unusual items or errors (quality assurance Review 1). Refer to section 4.2.2. Follow-up is performed as required and evidence of review of follow-up is retained.

FIN, HR

4.2.2

PAY 3

All payments are authorized under section 33 of FAA before payment.

Payments made are inaccurate or inappropriate.

Note that the department relies on controls within Phoenix for the calculation of pay as it is configured to calculate transactions based on predefined criteria which are compliant with Government of Canada guidelines, policies and legislation governing pay administration.

Automated control

4.1.10

PAY 4

All payments are authorized under section 33 of FAA before payment.

Payments made are inaccurate or inappropriate.

 

Upon receiving the high-dollar value transaction report from PSPC, and before approval, the person who has delegated authority under section 33 of the FAA verifies, using a risk-based approach, payments above the established threshold amount. The delegated authority under section 33 reviews the information and conducts other research to ensure the payment is accurate.

FIN

4.2.2

PAY 5

All payments are authorized under section 33 of FAA before payment.

Payments made are inaccurate or inappropriate.

 

 

Access to authorize payments in Phoenix is restricted to individuals who have delegated authority under section 33 of the FAA, and access is monitored for appropriateness on a periodic basis.

FIN

4.2.4

Post-payroll
POST 1

All payments are valid, accurate, completely recorded in the correct period.

Payments made are inaccurate, inappropriate or missing.

The department monitors the data transfer between PSPC systems and their Departmental Financial and Materiel Management System for completeness and accuracy of the data transfer. All noted issues are tracked, investigated and are resolved in a timely manner. Evidence of review of follow-up is retained.

Finance, HR

4.3.1

POST 2

All payments are valid, accurate, completely recorded in the correct period.

Payments made are inaccurate, inappropriate or missing.

The pay data from Departmental Financial and Materiel Management System is reconciled to the payroll control data from the Payroll System General Ledger.

Finance, HR

4.3.4

POST 3

All payments are valid, accurate, completely recorded in the correct period.

Payments made are inaccurate, inappropriate or missing.

A designated individual performs a review of the payroll results, exception reports and other relevant output and takes corrective action as appropriate (quality assurance Review 2). Follow-up is performed as required and evidence of review of follow-up is retained.

Finance, HR

4.3.2

POST 4

All payments are valid, accurate, completely recorded in the correct period.

Payments made are inaccurate, inappropriate or missing.

On a periodic basis (for example, quarterly), designated individuals perform post-payment verification and/or quality assurance activities which follow a defined approach and sampling strategy. The approach is documented and approved by the chief financial officer with input from HR. The results are reported to management on a periodic basis and follow-up action is taken, where required.

Finance, HR

4.3.5

POST 5

All payments are valid, accurate, completely recorded in the correct period.

Payments made are inaccurate, inappropriate or missing.

A process exists where responsibility centre managers certify that work was performed, that the appropriate individual was paid and that pay amount was reasonable (completion of certification under section 34 of the FAA). Refer to section 4.3.3. The pay is also compared to salary forecasts and variances are reviewed and follow-up is performed. The review and analysis is documented.

RCM, Finance, HR

4.3.3

Segregation of duties
SOD 1

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

Departmental employees who have delegated authority under section 34 of the FAA do not have administrative access rights or access to enter pay-related actions in the HRMS. Access is monitored for appropriateness on a periodic basis.

FIN, HR

 

SOD 2

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

Departmental employees who have delegated authority under section 33 of the FAA do not have administrative access rights or access to enter pay-related actions in the HR system. Access is monitored for appropriateness on a periodic basis.

FIN, HR

 

SOD 3

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

The department relies on configured controls in Phoenix that restrict users from inputting or exercising delegated expenditure authorities on their own pay and on any transaction through which they may personally benefit.table 2 note 1

The exception is one-time payment and pay line entries. Where duties cannot be segregated, the entries or transactions should be monitored by an independent person. Evidence of the review should be maintained.

Automated control

 

SOD 4

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

The HR system restricts users from performing changes to their own data.

HR

 

SOD 5

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

Note that the department relies on configured controls within Phoenix so that users who have access to provide authorization under section 33 of the FAA cannot approve their own pay.

Automated control

 

SOD 6

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

There is a mechanism to ensure that the same individual cannot exercise both certification authority (section 34 of the FAA) and payment authority (section 33 of the FAA) on the same pay transaction.table 2 note 2

FIN, HR

 

SOD 7

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

Phoenix restricts individuals who can provide certification under section 34 of the FAA to exercise authorization under section 33.

Automated control

 

SOD 8

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

 

 

Note that the department relies on configured controls within Phoenix that do not allow individuals who have authority to provide certification under section 34 of the FAA to approve pay transactions for themselves.

Automated control

 

SOD 9

Segregation of duties is enforced through system and manual controls.

Segregation of duties is not adequately enforced, resulting in increased risk of error or fraud.

The security access control officer does not have access to Phoenix to modify data (with the exception of access to their own data as part of the regular employee self-service roles).

FIN, SACO

 

Appendix B: Guidance on post-payment verification

1.0 Introduction

The main objective of this appendix is to provide guidance to departments on establishing and maintaining an effective, risk-based post-payment verification process for pay transactions in support of their quality assurance program. This appendix provides detail on section 4.3.5 Perform post-payment verification in the post-payroll sub-process.

To meet the requirements of section 33 of the FAA, departments should ensure that all high-risk transactions are subjected to a full review.Footnote 29 Pay transactions can be viewed as medium or lower risk based on the following criteria:Footnote 30

  • the invoice is from an established supplier or payee with a consistent record of performance and where an established and continuing relationship exists
  • it is simple to obtain a refund from, or to adjust a future payment to, the supplier or payee
  • the supplier or payee’s invoice or claim does not appear to contain major inaccuracies.

Because pay transactions are with an established payee who has a consistent record of performance and because there is an established and continuing relationship, for the purposes of verification and certification, pay transactions can be viewed as lower to medium risk. It should be noted, however, that departments may consider certain types of transactions to be higher risk, which will require additional scrutiny.

Post-payment verification is part of the department’s overall approach to quality assurance when exercising payment authority for pay transactions. These management practices and controls should be documented and communicated to the individuals who are responsible for exercising authority under section 33 of the FAAFootnote 31 in order to demonstrate the overall adequacy and reliability of account verification under section 34 of the FAA.

The frequency and scope of the post-pay verification should take into consideration controls performed before payment (Review 1) (see section 4.2.2) and immediately after payment (Review 2) (see section 4.3.2).

2.0 Post-payment verification overview

2.1 Post-payment verification

Figure 5 shows the three key activities in the post-payment verification process.

Figure 5: Post-payment verification
Text version below:
Text version

Figure 5 illustrates the order of three key activities in the post-payment verification process: establish an approach to post-payment verification, conduct post-payment verification, and report on the results.

2.2 Establish an approach to post-payment verification

When establishing an approach for post-payment verification, it is recommended that departments consider the following elements:

  1. Risk-based approach
  2. Sampling methodology
  3. Verification procedures
  4. Error-handling process
  5. Roles and responsibilities
  6. Reporting procedures
  7. Approval

Additional guidance related to post-payment verification may be found in the Directive on Delegation of Spending and Financial Authorities.

2.2.1 Risk-based approach

The risk-based approach should consider the controls performed in support of payment authority including reviews of pay transactions before payment (see 4.2.2.) and after payment (see 4.3.2), the risk level of different types of pay transactions, and the cost effectiveness of implementing the respective approach. It is highly recommended that a department formally document its overall approach to reviewing controls over payment authority including the performance of pre-payroll reviews, post-payroll reviews, and post-payment verification processes. A department’s rationale for the approach selected should also be formally outlined.

In addition to outlining its overall approach, a department should perform a risk assessment for specific types of pay transactions. The results should be documented.

Risk levels will vary from department to department depending on their risk tolerance. Although pay transactions are considered lower to medium risk, within that category, some transactions may require more scrutiny than others due to the risk associated with them. When assessing the risk level of transactions, consideration should be given to the characteristics of the items being assessed. Examples of factors that may increase the risk of pay transactions include:

  • higher dollar value
  • greater complexity
  • manually calculated transactions (versus automated)
  • greater level of judgment involved
  • history of errors
  • reduced likelihood of recovery

A department may choose to classify and assess transactions based on their entitlement code, type of employee, types of pay action, and so on.

In addition to the factors listed above, a department may consider the following:

  • results from previous post-payment verifications including the history of errors for specific types of transactions
  • results of the Pay Centre Quality Assurance Reports (for fully serviced departments)
  • findings from other audits (for example, internal audit reports, Office of the Comptroller General reports, Office of the Auditor General reports)

A department may choose to stratify the population of pay transactions according to their assessed level of risk (for example, medium and low risk), by their entitlement code, or by type of employee.

It is recommended that on a periodic basis, a department review and update the risk assessment to confirm the risk level of each transaction type because the characteristics of transactions and the assessment of risk may change over time. This update is an opportunity to inform the department’s assessment of its internal controls over financial management and reporting.

2.2.2 Sampling methodology

The scope of the sampling methodology should be based on the risk level of transactions and the cost effectiveness of implementing the respective approaches. A department should define its approach and methodology for sampling including whether the sample selection is performed manually or with the assistance of a computer, the population(s) from which the sample will be selected, the approach used to determine the size of the sample, and whether analytical procedures will be used. The sampling practices and related techniques that are chosen should be sufficiently accurate and should help demonstrate the overall adequacy and reliability of the post-payment verification process.Footnote 32

Approach and methodology

The size of the sample selected for post-payment verification may be determined in various ways. Two common approaches are:

  • statistical sampling
  • control frequency sampling

Sample selection can be automated using tools such as off-the-shelf software or custom programs in a financial reporting system.

Statistical sampling

Statistical sampling takes place when less than 100% of items are being assessed and a department would like to ensure that all items have an equal chance of being selected so as to provide a reasonable basis on which to draw a conclusion about the entire population.

The use of statistical sampling requires a department to determine the likelihood that errors in transactions have occurred in order to determine the number of transactions that should be selected for verification. The level of sampling risk a department is willing to accept impacts the sample size required as the lower the sampling risk the greater the required sample size will be.

If it is using statistical sampling, a department will need to define certain elements so that it can calculate the size of the sample it will use. These elements include:

  • Confidence level: the reliability that the error rate of the sample represents the error rate of the population. If pay transactions have been assessed as having varying levels of risk, a department may consider using different confidence levels to select a sample from the stratified population.
  • Confidence interval: the range within which the true error rate of the population is estimated to be and is often expressed in percentage points. For example, if a department uses a confidence interval of three and the verification of the sample returns a 5% error rate, the department can be sure that the true error rate of the population is between 2% and 8%.
  • Expected error rate: the estimation of the error rate in a population, in other words, the expected percentage of transactions within the population with one or more critical errors.Footnote 33 If the expected error rate is not known before the selection of a sample, it can be estimated by conducting a pre-test on a small random selection of transactions before making a full sample selection.
  • Tolerable error rate: the maximum rate of non-compliance that a department will accept and still rely on controls.

In addition to determining the confidence level, confidence interval, and expected error rate, a department will need to determine the assessment period, in other words, the period of time during which transactions will be assessed.

If the error rate of the sample exceeds a department’s tolerable error rate, the department will determine which controls (for example, account verification under section 34 of the FAA) are not being performed as expected, what corrective actions are required, whether a larger sample must be reviewed, or whether a specific type of transaction may need to be subject to a full pre-payment review.

Three methods of statistical sampling may be considered:

  • systemic record sampling
  • random sampling
  • monetary unit sampling

Additional guidance related to the development of a sampling approach and methodology may be found in the Guide to Delegating and Applying Spending and Financial Authorities, Appendix E.

Control frequency sampling

As an alternative to statistical sampling, the size of the sample can be determined based on the frequency of the transactions being assessed. Using this approach, the greater the frequency of transactions, the larger the sample size selected. The following tableFootnote 34 illustrates the size of the sample to be selected based on the frequency and risk rating that transactions occur.

Table 5: Sample size
Frequency of transactionAssumed population of transactionsNumber of transactions to test
Annually

1

1

Quarterly

4

2

Monthly

12

2 to 5

Weekly

52

5, 10, 15

Daily

250

20, 30, 40

Multiple times per day

Over 250

25, 45, 60

In some cases, a range of sample sizes (for example, 20, 30, 40) is suggested. Sample sizes at the low end of the range may provide sufficient evidence to conclude that section 34 account verification is being performed effectively, assuming that there are no changes to the account verification and certification approach and assuming that no errors are found. If there have been changes in the person performing the authority or in the nature of the transactions, the number of items at the higher end of the range should be tested.Footnote 35

Analytical procedures

A department may also consider the use of analytical procedures to perform evaluations on the entire population of pay transactions. If the analytical procedures employed do not allow a department to verify the most important aspects of transactions, a sample may also need to be selected for verification. When using analytical procedures, the procedures performed on the population of pay transactions may reduce a department’s expected error rate and the size of the statistical sample.

Where data related to the most important aspects of transactions (appropriateness of commitment and payment authority) are retained in departmental systems, the ability to perform analytical procedures, and the value gained from performing them, increases.

The design of a department’s sampling approach should consider the cost effectiveness of implementing it. The performance of analytical procedures may permit a department to demonstrate the overall adequacy and reliability of the account verification process in a more cost-effective manner.

Population of pay transactions

The primary source of data for selecting a sample of transactions for verification is the payroll register (IO50 report) from Phoenix. Additional sources of information include Pay Audit and Time and Labour Audit reports available in Phoenix.

2.2.3 Verification procedures

It is recommended a department outline specific test procedures to be performed and the required supporting documentation needed to perform those tests. To support the performance of test procedures and facilitate the documentation of results, a department may develop a standardized checklist to provide guidance for individuals performing verification.

When a department relies on the Pay Centre or Phoenix to perform certain controls, the department is not expected to re-perform these controls.

2.2.4 Error-handling process

A department should document its definition of critical and non-critical errors for pay transactions when establishing a post-payment verification approach.

Generally, a critical error is an error that a department deems to be significant enough to require that the payment be stopped until a correction is made if the error had been identified before payment. For example, a payment that was not appropriately certified under section 34 of the FAA may be considered a critical error. Given that most payments reviewed as part of post-payment verification have already been issued, departments may need to initiate a payment recovery process.

It is recommended that a department document how errors are logged and reported; this could include a description of how to:

  • escalate issues noted
  • validate findings with the appropriate stakeholders
  • correct transactions
  • develop action plans to address the noted issues

It is good practice to retain and analyze the errors to identify the root cause of the issues and to determine if systemic issues exist. The department may also choose to document potential consequences related to an individual’s non-compliance with account verification processes. For example, further mandatory financial delegation training may be given or the removal of an individual’s delegation of authority may occur, if multiple instances of non-compliance are identified.

2.2.5 Roles and responsibilities

The approach would also include a description of roles and responsibilities for the performance of post-payment verification procedures. It is recommended that roles and responsibilities of key stakeholders involved in the process be documented. In the case of pay transactions, it is expected that both HR and finance will be involved with post-payment verification for pay transactions.

2.2.6 Reporting procedures

It is good practice to document the procedure for reporting the results of the post-payment verification process. The procedure for reporting would include the following topics:

  • the frequency of reporting of overall results
  • the stakeholders to whom results are to be communicated (for example, finance, HR)
  • the process for reporting on functional and systemic issues
  • the process for communicating results to PSPC, central agencies, and other pay administration governance bodies, where appropriate
2.2.7 Approval

It is recommended that a department document the process used to review its approach to post-payment verification and include details on proposed updates or changes when reporting overall results. The approach should identify the stakeholders required to be involved in updating and approving the new approach.

On a periodic basis (at a minimum annually), it is recommended that a department review its approach to post-payment verification to ensure that it remains appropriate. If required, a department should update its approach including modifying the assessed risk level of transactions, sampling approach and methodology, verification procedures, and reporting processes and/or requirements.

2.3 Conduct post-payment verification

2.3.1 Overview

The key activities involved in conducting post-payment verification are:

  • obtain population(s) and extract samples
  • perform post-payment verification
  • document results
2.3.2 Obtain population(s) and extract samples

A department may use the payroll register (IO50 report) from Phoenix to extract a sample of pay transactions for post-payment verification as the payroll register provides a complete listing of all payments made during a specified period of time. Other reports, including the following, may also be used to select a sample:

  • pay audit and time and labour audit reports from Phoenix
  • human resources data from HRMS
  • reports listing transactions that were manually entered in Phoenix by a departmental compensation advisor and uploaded (using a Phoenix file called the “PSHUP” file)

The key steps in gathering data for post-payment verification may include:

  • obtain population(s) to be analyzed or sampled
  • perform analytical procedures, if applicable
  • extract samples for verification
  • identify the required supporting documentation for verification
  • communicate the request for supporting documentation to the appropriate stakeholders

Departments perform verification on controls that are their responsibility and not the responsibility of another party (for example, PSPC). It is expected that PSPC will use a Service Organization Controls report to provide departments comfort on the design and implementation of Pay Centre controls.Footnote 36

2.3.3 Perform post-payment verification

Once a sample of transactions has been selected for verification and requests have been made to the appropriate stakeholders to provide the required supporting documentation, the post-payment verification may be performed.

Through the performance of post-payment verification procedures, a department should focus on verifying the most important aspects of a transaction. These aspects include whether there is auditable evidence demonstrating that account verification has taken place by an individual who has appropriate delegated authority under section 34 of the FAA and that the payment did not result in the appropriation being exceeded when existing commitments are also factored in.Footnote 37

Post-payment verification procedures may be completed by Finance or HR, depending on a department’s practice. Post-payment verification is most effective when activities are coordinated between finance and HR. In some cases, HR may have other review activities in place that can be aligned with the performance of account verification.

2.3.4 Document and validate results

As verification is performed for the selected pay transactions, the results of the review should be documented and compiled in order to facilitate reporting. When critical errors in transactions are identified, a validation with stakeholders (for example, responsibility centre managers) should be performed to ensure the error has been correctly identified and described.

2.4 Report on results

2.4.1 Summarize results

Upon completion of post-payment verification procedures, it is a best practice for a department to periodically (for example, monthly, quarterly) report on the results of post-payment verification to management and the chief financial officer. Reporting should be completed in a timely manner in order for it to be useful. Depending on the nature of the results of post-payment verification, additional reporting to PSPC, central agencies, and pay administration governance bodies may be appropriate.

When reporting results, a department may report on individual critical errors identified and overall functional and systemic results. In addition, corrective actions to be performed may also be included in the report.

2.4.2 Communicate and address individual critical errors

While conducting post-payment verification, a department may identify individual critical errors. Where errors are identified and the department determines that corrective action is required, a communication indicating the noted errors and the required corrective actions may be sent to the appropriate stakeholders (for example, responsibility centre managers, PSPC). Where deemed necessary, follow-up communications may be sent to stakeholders to ensure that required corrective actions have been performed.

2.4.3 Analyze and report on overall functional and systemic results

In its periodic report on the results of post-payment verification, a department should include the following information:

  • scope (including the type of transactions and the testing period)
  • a summary of the analysis of the results, including a list of critical errors identified, a summary of non-critical errors identified, systemic issues noted (for example, overpayments on specific transaction types) and trends noted taking into account previous post-payment verification results
  • recommendations related to the errors identified
  • action plans to address issues including the communication or clarification of departmental policies, the need for additional training, the implementation of additional automated controls, or the removal of an individual’s right to exercise delegation of authority
  • a requirement for modifications to be made to internal control frameworks and departmental policies

If critical errors occur, or if error rates exceed the department’s accepted tolerances, the risk assessment and sampling strategy should be revised to reflect the increased risk of error.

2.5 Roles and responsibilities

Table 6 provides an overview of roles and responsibilities, using the Responsible, Accountable, Consulted, and Informed (RACI) approach. These roles and responsibilities are further described in Appendix E.

Legend

COMP: Compensation

EE: Employee

FIN: Finance

HR: Human resources

RCM: Responsibility centre manager

PSPC-PAB: Public Services and Procurement Canada, Pay Administration Branch

Table 6: RACI for payroll sub-process
ActivityResponsibleAccountableConsultedInformed
Establish approach to post-payment verification

COMP, FIN, HR

FIN

COMP, FIN, HR, RCM

COMP, FIN, HR, RCM

Conduct post-payment verification

COMP, FIN, HR

FIN

COMP, FIN, HR, RCM

COMP, FIN, HR, RCM

Report on results

COMP, FIN, HR

FIN

COMP, FIN, HR, RCM

COMP, FIN, HR, RCM, PSPC-PAB

Appendix C: Guidance for verification and certification under section 34 of the FAA

The following table shows which illustrative control activities from Appendix A fulfill the verification and certification requirements of section 34 of the FAA. Controls vary depending on the type of pay-related action.

Departments rely on the configured controls in Phoenix to accurately calculate pay in accordance with the collective agreements. For departments that are fully serviced by the Pay Centre, they rely on Pay Centre controls for a portion of controls related to verification.

Type of pay-related actionVerification
Verifying that the work has been performed, that the goods were supplied or the services rendered, as per the contract or agreement terms.
Certification
Certifying in a timely manner before making a payment that the payment is reasonable.
For pay transactions, this is a two-step process.
Adding a new employee

There is a process to ensure that the HR transactions are valid, complete and accurate and supported by appropriate documentation before input in the HR management system. [PRE 4 in Appendix A; section 4.1.8 and section 4.1.9]

The compensation advisor ensures that pay-related actions are valid (are authorized by delegated authority, as appropriate), complete and accurate and supported by appropriate documentation before input into Phoenix (or other system). [PRE 12 in Appendix A; section 4.1.8 and section 4.1.10]

The department relies on configured controls in Phoenix for mandatory fields and edit checks for appropriateness of employee entitlement, correct application of collective agreements, legislation and regulations, and accuracy of the transactions and calculation. [PRE 17 in Appendix A]

Where applicable, pay-related actions are approved by the appropriate delegated authority for the first portion of the certification required under section 34 of the FAA prior to the entry of the pay action in the HR system and/or Phoenix. The approval is documented (for example, indicated by approval email for an acting position) and documentation is retained. [PRE 3 in Appendix A, section 4.1.7]

A process exists where responsibility centre managers certify that the pay was reasonable to complete certification under section 34 of the FAA. The pay is also compared with salary forecasts; variances are reviewed; and follow-up is performed. The review and analysis are documented. [POST 5 in Appendix A, section 4.3.3]

Recurring pay

The department relies on configured controls in Phoenix for mandatory fields and edit checks for appropriateness of employee entitlement, correct application of collective agreements, legislation and regulations, and accuracy of the transactions and calculation. [PRE 17 in Appendix A]

A process exists where responsibility centre managers certify that the pay was reasonable to complete certification under section 34 of the FAA. The pay is also compared with salary forecasts; variances are reviewed; and follow-up is performed. The review and analysis are documented. [POST 5 in Appendix A, section 4.3.3]

Changes to pay (for example, vacation payouts, acting pay)

There is a process to ensure that the HR transactions are valid, complete and accurate and supported by appropriate documentation before input in the HR management system. [PRE 4 in Appendix A; section 4.1.8 and 4.1.9]

The compensation advisor ensures that pay-related actions are valid (are authorized by delegated authority, as appropriate), complete and accurate and supported by appropriate documentation before input into Phoenix (or other system). [PRE 12 in Appendix A; section 4.1.8 and section 4.1.10]

The department relies on configured controls in Phoenix for mandatory fields and edit checks for appropriateness of employee entitlement, correct application of collective agreements, legislation and regulations, and accuracy of the transactions and calculation. [PRE 17 in Appendix A]

Where applicable, pay-related actions are approved by the appropriate delegated authority for the first portion of the certification required under section 34 of the FAA. The approval is documented (for example, indicated by approval email for an acting position) and documentation is retained. [PRE 3 in Appendix A, section 4.1.7]

A process exists where responsibility centre managers certify that pay was reasonable to complete certification under section 34 of the FAA prior to the change being entered into the HR and/or Phoenix system. The pay is also compared with salary forecasts; variances are reviewed; and follow-up is performed. The review and analysis are documented. [POST 5 in Appendix A, section 4.3.3]

Time and labour (with Phoenix)

The department relies on configured controls in Phoenix for mandatory fields and edit checks for appropriateness of employee entitlement, correct application of collective agreements, legislation and regulations, and accuracy of the transactions and calculation. [PRE 17 in Appendix A]

The department relies on configured controls in Phoenix to require authorization from an individual who has delegated authority under section 34 to process time entries. [PRE 15 in Appendix A; section 4.1.10]

A process exists where responsibility centre managers certify that the pay was reasonable to complete certification under section 34 of the FAA. The pay is also compared with salary forecasts; variances are reviewed; and follow-up is performed. The review and analysis are documented. [POST 5 in Appendix A, section 4.3.3]

Appendix D: System overview of pay administration

The following diagram provides an overview of the major systems, data flows and system interactions for pay administration.

Text version below:
Text version

There are 3 systems environment to support the issuance of pay: Human Resources Management System (HRSM), Departmental Financial Management System (DFMS) (SAP, Freebalance, Oracle, CDFS and G/X), Public Services and Procurement Canada that include the Phoenix system, the Standard Payment System (SPS), Receiver General General Ledger system (RG-GL) and the Payroll System General Ledger (PS-GL). The pay transaction can be initialized by the HRSM, the transaction is sent to Phoenix for integrated departments, Phoenix calculates the pay and sends the IO50 file (Pay actual) to the DFMS. Phoenix system sends pay information to SPS for the Banks to issue the pay to employees. After the bank payment, confirmation files are received from the Banks to SPS that sends the same information to the RG-GL. The RG-GL sends year-to-date control account balance to PS-GL in order to conduct reconciliation with Phoenix and the DFMS.

Appendix E: Definitions

The following definitions apply to this guideline and reflect common definitions used in Treasury Board policies, standards, directives, guides and tools.

account verification and certification
Primary responsibility for verifying individual accounts rests with officers who have the authority to confirm and certify entitlement under section 34 of the FAA. Persons with this authority are responsible for the correctness of the payment requested and the account verification procedures performed.
As part of the account verification process, transactions should be reviewed for accuracy to ensure that the payment is not a duplicate, that any charges not payable have been removed, and that the amount has been calculated correctly.
These actions together complete the requirement called “section 34 verification and certification.” For further description of these requirements, refer to the Treasury Board’s Directive on Delegation of Spending and Financial Authorities.
accountable
In the context of the RACI tables, the Accountable role attests to the truth of the information or a decision and that is accountable for the completion of the activity. There must be exactly one role accountable for each activity.
certification authority
Certification authority is the authority according to section 34 of the FAA to certify contract performance and price, entitlement or eligibility of the payment.Footnote 38
commitment authority
The authority, according to section 32 of the FAA, to ensure that there is a sufficient unencumbered balance available before entering into a contract or other arrangement.Footnote 39
compensation
For this guideline, compensation functions include supporting the application of established pay entitlements and deductions and the calculation of pay amounts. The compensation advisor typically receives the pay-related document from the responsibility centre manager, or, when the compensation advisor is at the Pay Centre, through the Trusted Source. In some cases, the employee can initiate a pay action directly with the compensation advisor. In other cases, a transaction originates from the Treasury Board (or the employer). The compensation advisor may also receive courtFootnote 40 orders to garnish employees’ salaries or to institute payments. When data is not transferred from the HRMS, the compensation advisor confirms that the payee is indeed eligible for the payment, performs any required calculations, and keys the transaction into Phoenix.
consulted
In the context of the RACI tables, the Consulted role provides accurate information so that a decision or an activity to be completed. There may or may not be a consulted role, and consultation may or may not be mandatory. When consultation does occur, there is typically a two-way communication between those consulted and the responsible party.
expenditure initiation authority
The authority to incur an expenditure (to spend funds) or to make an obligation to obtain goods or services that will result in the eventual expenditure of funds.Footnote 41
Finance
For this guideline, Finance is the departmental organization that ensures the day-to-day application of financial controls for pay-related expenditures, implements and manages payroll accounting and financial policies, and establishes management practices and controls to ensure compliance with sections 32, 33, and 34 of the FAA, as well as with all Treasury Board policies. Payroll accounting and financial control over the pay administration processes are part of financial management. On the other hand, employee compensation policies and procedures are part of HR management. Consequently, a department’s chief financial officer and chief human resources officer share responsibility for pay administration in their department.
human resources (HR)
For this guideline, HR functions include classification, staffing, labour relations, official languages, training and development, and performance management (including awards and recognition). The HR function is responsible for key decisions that have an impact on pay (for example, classification decision) and for providing support to managers making decisions that impact pay (for example, staffing decisions, disciplinary actions, grievance decisions, etc.). HR is also responsible for providing key information (such as information related to hiring decisions) to Compensation (either at the Pay Centre or in the department) in order to trigger pay transactions. For departments that are fully serviced by the Pay Centre, integrated or web-services models, certain HR actions in the HRMS directly transfers data into Phoenix, and therefore directly result in pay transactions.
informed
In the context of the RACI tables, the informed role is notified of the information or a decision after the decision is made or the activity is completed. There may or may not be an informed role, and informing the role may or may not be mandatory. There is typically a one-way communication from the responsible (or accountable) party to those informed.
intercept
The interruption of a direct deposit transaction before the funds have left PSPC.Footnote 42
pay-related action
Requests that include HR actions, pay actions and employee-initiated actions that impact pay. Pay-related actions include the addition of new hires, whether they be indeterminate or determinate (casual, student, term, and so on), promotions, terminations, leaves with or without pay, acting appointments, bank account changes, overtime, and so on.
pay transaction
Pay-related actions that have been processed in Phoenix.
Public Services and Procurement Canada (PSPC), Pay Administration Branch
PSPC’s Pay Administration Branch provides pay services to public service employees. Services include compensation web applications, Phoenix pay system, pay information and communication, and the Public Service Pay Centre.
RACI analysis
A RACI analysis describes the roles and responsibilities of various teams or individuals in delivering or contributing to an activity. The RACI approach divides tasks into four participatory roles (responsible, accountable, consulted and informed), which are then assigned to different roles in the process.
responsible
In the context of the RACI tables, the responsible role records the information or a decision, or that does the work to complete the activity, relying on the information from those consulted or accountable. There can be multiple individuals responsible within a role or multiple roles responsible.
role
An individual or a group of individuals whose involvement in an activity is described using the RACI approach. Because of differences among departments, a role may not correspond to a specific position, title or organizational unit.
Receiver General for Canada
The Receiver General manages the operations of the federal treasury and ensures the integrity of the Consolidated Revenue Fund and the preparation of the Public Accounts of Canada. As it relates to pay, the Receiver General manages and operates the Common Departmental Financial System, which is the system used to support Payroll System-General Ledger financial and control operations, and manages the Standard Payment System (SPS), which is the system used for issuing payments for the Government of Canada.
responsibility centre manager
For this guideline, the role of the responsibility centre manager refers to individuals who are delegated the authorities to initiate expenditures related to pay and who are responsible for commitment control, recording of commitments, and exercising certification under section 34 of the FAA. In a pay administration context, this can include individuals who are in positions that are typically responsible for an organization (for example, a responsibility centre) or for a department, as in the case of the deputy head.
section 32 of the Financial Administration Act (section 32 of the FAA)
Section 32 of the FAA includes the requirements for ensuring there is a sufficient unencumbered balance available out of the appropriation or item to discharge any debt that, under the contract or other arrangement, will be incurred during the fiscal year in which the contract or other arrangement is entered into as well as maintaining records respecting the control of financial commitments chargeable to each appropriation or item.
section 33 of the Financial Administration Act (section 33 of the FAA)
Financial officers with delegated Section 33 of the FAA payment authority must confirm, before releasing payment, that the expense is a lawful charge against the appropriation (including assurance that value has been received) and that the payment would not result in an expenditure in excess of the appropriation or reduce the balance available in the appropriation to an insufficient level to meet the commitments charged against it. Section 33 of the FAA authority can be delegated to a position other than the chief financial officer of the department. In such cases, the chief financial officer, being responsible for the overall quality of financial management, remains entirely responsible for the effectiveness and efficiency of the person exercising that authority.
section 34 of the Financial Administration Act (section 34 of the FAA)
Section 34 of the FAA includes the requirements for account verification and certification (see applicable definition). Before a payment is made for goods or services received, the responsible departmental official must certify that the performance of the work, the supply of the goods, or the rendering of services were in accordance with the terms and conditions of the contract and that the price charged is in accordance with the contract or, in the absence of a contract, is reasonable.
Security Access Control Officer (SACO)
As the main point of contact between the client organization and the Phoenix Security Management Team, the SACO is responsible for ensuring that all security access forms are completed properly and forwarded to the Phoenix Security Management Team for processing in a timely manner. All signed access forms must be kept on file. The SACO is also responsible for establishing processes and procedures that allow verification that business users have the appropriate access in accordance with their job, and that the business user has completed the required training associated with roles requested.
segregation of duties
A critical internal control to effectively safeguard the department’s assets, reduces the risk of error, and minimizes the potential for fraud. Segregation of duties provides increased oversight over a transaction by allowing a second set of eyes to review a transaction, to identify potential errors and to correct them before a payment is made.Footnote 43 The chief financial officer is responsible for ensuring that segregation of duties is implemented so that:Footnote 44
  • the same individual does not exercise both transaction authority and certification authority (section 34 of the FAA) on the same transaction, except if the transaction has been designated by a department as a low-risk and low-value transaction
  • the same individual does not exercise both certification authority (section 34 of the FAA) and payment authority (section 33 of the FAA) on the same transaction
  • no individual exercises his or her delegated spending and financial authorities on a transaction through which he or she may personally benefit
  • when the process or another circumstance does not allow the segregation of duties as identified, alternate control measures are implemented and documented
timekeeper
A role in Phoenix where a designated individual enters time and labour in Phoenix. The department is required to sign a letter of attestation that the timekeeper will only enter requests that have been approved for payment by the section 34 manager. The department must identify the individual(s) who will fill the role of timekeeper.Footnote 45
transaction authority
The authority to enter into contracts, including acquisition card purchases, or sign off on legal entitlements (for example, employment insurance payments).Footnote 46
Trusted Source
For fully serviced departments, the role of the Trusted Source is a manager or an employee working in HR or Finance. The Trusted Source is responsible for authenticating the delegated HR or financial authority, including signature, on a Pay Action Request (PAR) and ensuring that the PAR form is fully complete, accurate and accompanied by all required supporting documentation, prior to transmitting the PAR to the Pay Centre.

Appendix F: Process flow legend

Process flows provide a graphical overview of financial management business processes and sub-processes. The following symbols are used in the process flows.

Start and end

Start of business process

Start of business process

End of business process

End of business process

Processes and activities

Activity

Activity

Gateways

Parallel

Parallel: All of the following activities must be completed.

Inclusive

Inclusive “or”: One or more of the following activities must be selected and completed.

Exclusive

Exclusive “or”: Only one of the following activities must be selected and completed.

Connectors

Connection to a sub-process

Connection to a sub-process

Decisions

Decision

Decision

Inputs and outputs

Inputs and outputs

Key input into, or key output from, a sub-process or an activity.

© His Majesty the King in right of Canada, represented by the President of the Treasury Board, 2017,
ISBN: 978-0-660-09757-2