This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
Accuracy and compliance of pay transactions
Adequacy and effectiveness of the control framework
Appendix 1 - Core Management Controls and Audit Criteria
Appendix 2 - Key Authorities Governing Pay and Related Benefits in the Federal Public Service
Appendix 3 - Management Action Plan
The Internal Audit and Evaluation Bureau (IAEB) of the Treasury Board of Canada Secretariat (the Secretariat) has completed the Audit of Pay and Related Benefits* within the Secretariat. The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay and related benefits transactions with relevant legislation, regulations, terms and conditions of employment, collective agreements, Treasury Board policies and directives. The audit approach and methodology followed the International Standards for the Professional Practice of Internal Auditing as defined by the Institute of Internal Auditors and the Internal Auditing Standards for the Government of Canada as required under the Treasury Board's Policy on Internal Audit.
The examination was conducted during the period of June through November 2008, and covered the transactions processed and controls in place during the fiscal year ending March 31, 2008.
The audit consisted of the following: a review of applicable authorities; an assessment of the existing control framework for pay and related benefits against criteria, process walkthroughs; an examination of certain key controls to validate their existence and effectiveness; and an examination of pay transactions selected using a statistical random sampling methodology to verify accuracy and compliance with relevant authorities. The audit evidence gathered is sufficient to provide senior management with reasonable (high) assurance concerning the results derived from this audit.
IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat during the fiscal year ending March 31, 2008 was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities. Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the Regional Pay System. Please see the body of this report for further details regarding the audit findings.
In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence has been gathered to support the accuracy of the opinion provided in this report. This opinion is based on a comparison of the conditions, as they existed at the time of the audit, against pre-established audit criteria. The opinion is only applicable to the entity examined and for the scope and time period covered by the audit.
The audit of Pay and Related Benefits is an assurance engagement that was part of the approved Treasury Board of Canada Secretariat Three-Year Risk Based Audit Plan (for fiscal years 2007-08 to 2009-10). The Internal Audit and Evaluation Bureau (IAEB) of the Treasury Board of Canada Secretariat (the Secretariat) conducted the audit engagement.
Pay is an amount of money given to an entitled employee, for services rendered during a specific period in accordance with the relevant terms and conditions of employment, applicable rate of pay determined in a collective agreement or approved by Treasury Board (TB) for the group and level of the employee's classification. Benefits relate to the various health, dental, disability, long-term disability and life insurance plans available to and sometimes compulsory for an employee during his or her employment in the public service, for which the employer (and sometimes the employee) pays a premium. A public servant is also entitled to receive pension benefits after retirement which the individual and the employer will have contributed to throughout the period of employment in the public service. Such benefit and pension plans are not covered in the scope of this audit.
Pay related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay. This audit report deals only with pay and pay related benefits.
The administration of pay and related benefits within the federal public service is complex and is governed by several authorities, the main ones being the Public Service Employment Act, the Financial Administration Act (FAA) and related regulations and, terms and conditions of employment, collective agreements; and Treasury Board policies and directives that must be complied with in order to pay an employee the compensation he or she is entitled to receive. The Policy Framework for the Management of Compensation sets out broad administrative principles for the government overall. The Comptrollership Policy on Pay Administration and Circulars 1977-37 & 1979-35 set the overall responsibilities of a department with regards to the administration of pay and related benefits for its employees.
As of March 31, 2008, the Secretariat had approximately 1,332 full-time equivalent employees in 13 occupational groups represented by seven different collective agreements. The Secretariat's unaudited financial statements for fiscal year ending March 31, 2008 reported a total annual pay and benefits expenses of $138,056,000.
The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used within the Secretariat for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay transactions with relevant legislation, regulations, terms and conditions of employment, collective agreements and Treasury Board policies and directives.
The scope of the audit consisted of an assessment of the existing control framework for the administration of most types of pay transactions such as regular pay, acting pay, and performance pay, and related benefits, which result in a payment issued to an employee such as for maternity or parental allowance, bilingual bonus, and severance pay.
The audit did not examine the controls nor test the pay transactions relating to leave (with pay) and overtime, as these had been the subject of a separate audit conducted by IAEB. The report for this audit was finalized in December 2008.
The audit covered the fiscal year ending March 31, 2008 and the examination phase was conducted between June and November 2008.
As previously mentioned, only employee benefits which manifest themselves in a pay transaction and result in a payment issued to an employee such as maternity or parental allowance, bilingual bonus, and severance pay were under the scope of the audit. The audit did not cover the administration of employee benefits and related transactions, expenses related to the employer's contribution to employee pension plans, or the premiums paid for employee health care and other insurance. These transactions were not included in the scope as they are managed centrally for the overall federal public service by the Pension and Benefits Sector of the Secretariat.
The audit did not include a validation of internal controls within the related business applications in the human resources system People Soft and in the Salary Forecasting System (replaced as of April 1, 2008 by the Salary Forecasting Tool). Only the internal controls of the Regional Pay System (RPS) under the direct responsibility of the Human Resources Division and the Financial Management Directorate were subject to the audit as the overall management of the RPS is the responsibility of Public Works and Government Services Canada.
IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat for the period examined was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities. Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the RPS. Specific recommendations addressing these findings are contained in the body of the report.
The Audit of Pay and Related Benefits was part of the approved Treasury Board of Canada Secretariat Three-Year Risk Based Audit Plan (for fiscal years 2007-2008 to 2009-2010). It was selected based on risks associated with the significant materiality of the annual and recurring pay and benefits expenses for the Treasury Board of Canada Secretariat (the Secretariat) and the extent of compliance requirementsembedded in legislation, collective agreements, and Treasury Board policies and directives, governing the administration of the pay and related benefits within the federal public service. The Internal Audit and Evaluation Bureau (IAEB) of the Secretariat conducted the audit engagement.
Pay is an amount of money given to an entitled employee, for services rendered during a specific period in accordance with the relevant terms and conditions of employment, at the applicable rate as determined in a collective agreement or approved by Treasury Board for the group and level of the employee's classification. Benefits relates to the various health, dental, disability, long-term disability and life insurance plans available to and sometimes compulsory for an employee during his or her employment in the public service, for which the employer (and sometimes the employee) pays a premium. A public servant is also entitled to receive pension benefits after retirement which the individual and the employer have contributed to throughout the period of employment in the public service. Such benefit and pension plans are not covered in the scope of this audit.
Pay related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay. This audit report deals only with pay and pay related benefits.
The administration of pay and related benefits within the federal public service is complex and is governed by several authorities, the main ones being: the Public Service Employment Act, the Financial Administration Act (FAA)and related regulations, terms and conditions of employment, collective agreements, and Treasury Board policies and directives. These must be complied with in order to pay an employee the compensation he/she is entitled to receive (Refer to Appendix 2 for details on Treasury Board Policies and Directives.). The Policy Framework for the Management of Compensation sets out the broad administrative principles for the federal public service overall. The Comptrollership Policy on Pay Administration and Circulars 1977-37 & 1979-35 set the overall responsibilities of a department with regards to the administration of pay and related benefits of its employees.
During the fiscal year ending March 31, 2008, the Corporate Services Branch (CSB) of the Department of Finance Canada was providing services and support to the Secretariat for information management and information technology, human resources, financial and administrative management, information management and information technology, including the administration of pay and related benefits. The Compensation and Benefits (CAB) group of the Human Resources Division (HRD) and the Financial Management Directorate (FMD) are the organizations within CSB which are most involved with the administration of pay and related benefits.
At the time of this audit a transfer to the Secretariat of specific corporate services, including those relating to pay and related benefits, was planned. As a result,all recommendations are directed to the Corporate Services Sector (CSS) of the Secretariat.
Description of Systems and Processes
The following systems and processes are used in the administration of pay and related benefits to issue payments to employees, record and account for related pay expenses, and manage the pay cycle.
Compensation advisors of CAB's group provide pay and related benefits services to Secretariat's employees and enter pay transactions into RPS. They are responsible for the accuracy, integrity, verification and timeliness of pay transactions.
The employee salary payments, calculated by RPS are issued by the Receiver General's Standard Payment System (SPS).
PWGSC maintains the Payroll System General Ledger that provides Payroll Control Account Balance, Control Data, and Internal Journal Voucher reports that departments utilize in the reconciliation of their Payroll Control Account prior to submission of their respective Trial Balance to the Central Financial Management Reporting System.
The CAB group has a direct role in all of the following processes relating to compensation with the exception of item 7 (payroll run) and item 9 (management review of payroll expenses):
As of April 1, 2008, the SFS was replaced by the new Salary Forecasting Tool (SFT). SFT is a module of SAP that serves the same purpose as the SFS, but is more flexible and has better reporting capabilities. According to CSB, this new system will provide more timely and accurate forecasts for the managers of fund centers, as all the employee salary information is now entered into SFT independently of People Soft and is no longer affected by the lengthy time lag between the new employee starting date and the date his or her salary data was entered into People Soft, as was the case with SFS.
As of March 31, 2008, the Secretariat had approximately 1,332 full-time equivalent employees in 13 occupational groups represented by seven different collective agreements. The Secretariat's unaudited financial statements for fiscal year ending March 31, 2008 reported a total annual pay and benefits expenses of $138,056,000 as part of its operating expenses as follows:
Expenses | Amount |
---|---|
Pay (Referred to as Salaries and Wages) | $120,424,000 |
Benefits (Contributions to Employees' Benefits and Pension Plans) | $17,632,000 |
Total Pay and Benefits Expenses | $138,056,000 |
The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used within the Secretariat for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay transactions with relevant authorities.
The scope of the audit consisted of an assessment of the existing control framework for the administration of most types of pay such as regular pay, acting pay, and performance pay and related benefits, which result in a payment issued to an employee such as for maternity or parental allowance, bilingual bonus, and severance pay. In addition, detailed audit tests on the most material types (where annual expenses exceed $100,000) of pay transactions and expenses as described in Table I were conducted to verify the accuracy of the amount paid in compliance with legislation, regulations, terms and conditions of employment, collective agreements, and Treasury Board policies and directives.
G/L Account No. | Description of Type of Pay Transaction/Expenses | Account Balance for Fiscal Year ending March 31, 2008($) |
---|---|---|
1010 | Indeterminate-Basic pay | 89,393,694 |
1646 | Executive interchange | 3,280,660 |
1210 | Term-Casual-Part time basic pay | 3,225,162 |
1011 | Indeterminate-Performance award | 2,031,005 |
1048 | Severance pay | 1,771,144 |
1642 | Maternity-Parental allowance | 1,508,810 |
1024 | Indeterminate-Bilingual bonus | 565,635 |
1810 | Student-Basic pay | 368,648 |
1660 | Other allowances | 149,155 |
1034 | Indeterminate-Retroactive basic current year | 142,569 |
1016 | Terminable allowance | 113,994 |
Total | 102,550,476 |
The audit covered the administration of pay activities and transactions, including related data and expenses for the fiscal year ending March 31, 2008. The examination phase was conducted between June and November 2008.
The audit did not examine the controls nor test the pay transactions relating to leave (with pay) and overtime, as these had been the subject of a separate audit conducted by IAEB. The report for this audit was finalized in December 2008.
As previously mentioned, only employee benefits which manifest themselves in a pay transaction and result in a payment issued to an employee such as maternity or parental allowance, bilingual bonus, and severance pay were under the scope of the audit. The audit did not cover the administration of employee benefits and related transactions, expenses related to the employer's contribution to employee pension plans, or the premiums paid for employee health care and other insurance. These transactions were not included in the scope as they are managed centrally for the overall federal public service by the Pension and Benefits Sector of the Secretariat.
In addition, the audit did not include a validation of internal controls within the related business applications in People Soft or in the SFS (replaced as of April 1, 2008 by the SFT). Only the internal controls of RPS under the direct responsibilities of HRD and FMD were subject to the audit as PWGSC is responsible for the overall administration of RPS.
The audit criteria used to assess the adequacy and effectiveness of the Secretariat's control framework were developed based on the authorities governing pay and related benefits in the federal public service. In addition, these were complemented by criteria developed based on the Core Management Controls document issued by the Office of the Comptroller General, which focus on the federal government's Management Accountability Framework (MAF) in the Stewardship and People categories (Refer to Appendix 1 for details.). Appendix 2 contains the list of the relevant authorities.
The audit approach and methodology is risk-based and is consistent with the International Standards for the Professional Practice of Internal Auditing and the Internal Auditing Standards for the Government of Canada as required under Treasury Board's Policy on Internal Audit. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that the audit objective is achieved. The audit was conducted in accordance with an audit program that defined audit tasks to assess each criterion after a preliminary survey was conducted to identify key risk elements.
The approach used in carrying out the audit included the following:
Of the 67 files, 57 were employees (non-executives), 8 were EX (executives) and two were students. Any of the files could exhibit one or more of the characteristics, as outlined in the following Table.
Characteristics | Number of files |
---|---|
Regular pay | 58 |
Bilingual bonus | 33 |
Hired and deployment appointments | 21 |
Promotions (three to executive level) | 8 |
Acting pay | 9 |
Performance pay | 7 |
Maternity and parental benefit, Illness disability, Leave with income averaging, and leave without pay | 7 |
Pay recoveries from another department or reimbursements of pay to another department performed with an Interdepartmental Settlement (IS) | 28 |
IAEB performed detailed audit test procedures on the pay transactions processed for the fiscal year 2007-08 for a random sample of 67 employees, which consisted of a total of 4,634 individual pay transactions. The objective of these tests was to provide assurance that the amounts paid to those employees during 2007-08 were calculated accurately according to the terms and conditions of employment for the employee's classification, and in compliance with Treasury Board policies and directives applicable under the particular circumstances of employment. Refer to Table II above for details on the characteristics of the sample selected. It was found that there was an accuracy rate of greater than 99.5% of the transactions tested.
The online pay sub-system of RPS has embedded access security controls. These include: individual log-on using unique user/identifier by employee name and password corresponding to only one of the four levels of access rights to the system: initiation, verification, authorization of a pay transaction, or inquiry. These access security controls ensure that access to RPS is restricted to authorized users only. The audit found that, although the access security controls are in place and in use, there is neither active monitoring nor verification performed by an independent officer of all of the user/identifier employees' names and their corresponding level of access rights to RPS.
The Personnel-Pay Input Manual (PPIM) published by the Compensation Sector of PWGSC provides departments with the required instructions and procedures for preparing, verifying, and authorizing batching input to RPS. Chapter 17 describes all of the responsibilities of the departmental Security Access Control Officer (SACO) including, among others, actioning requests for new passwords; maintaining adequate records of processed request forms; investigating and correcting password irregularities; cancelling passwords and/or related alternate; and verifying twice a year that each user/identifier belongs to the correct individual and reviewing the assigned system access.
At the time of the audit, the activities performed by the departmental SACO were limited to transmitting to PWGSC the online pay access requests received by the CAB group's managers and to filing them. At the request of IAEB, the departmental SACO provided a report, which was obtained from PWGSC, listing all of the user/identifier employees' names with access to the online pay sub-system of RPS. IAEB performed a limited analysis of this report which revealed that, at the time this report was prepared, out of a total of 43 user/employee names listed, eight belonged to individuals who were not current employees and two of those had departed for a period greater than 180 days. Consequently, at the time of this audit, eight former employees continued to have access rights to RPS when they should have been revoked.
Recommendation:
1. It is recommended that the Assistant Secretary, CSS ensure that verification be performed of RPS user/employee access rights listings to ensure their validity and appropriateness. The verification should be carried out at least twice a year by a designated departmental officer independent from the CAB group and its results be reported to and monitored by senior management of HRD. (High Priority).
Pay recoveries from and reimbursements to, OGDs result in the following circumstances:
The Secretariat (the creditor department) recovers the amount it disbursed to pay salary from an OGD (the debtor department) using an IS(settlement between any two-government departments that operate within the Consolidated Revenue Fund) in the following two situations:
The Secretariat (the debtor department) pays and reimburses an OGD (the creditor department) using an IS in the following two situations:
IAEB found that the controls over pay recoveries from OGD and pay reimbursements to other OGD have weaknesses. At the time of the audit, there were no written departmental detailed procedures describing the processes to follow with regards to pay recoveries and pay reimbursement to ensure their accurate, documented, authorized and timely processing.
IAEB also found errors in the sample of transactions audited. Within the overall sample of the 67 pay files subject to detailed audit test procedures (see Table II above for a description of the sample), there were 28 cases where pay recoveries from another department or pay reimbursements to another department had been or should have been processed by the Secretariat.
Out of 28 cases, 11 had one or more errors of the following types:
The total accumulated net impact of the errors found was minimal - an overstatement of $675.89 of the Secretariat's pay expenses for fiscal year ended March, 31 2008. It should be noted that no employees received additional or less money because of the errors identified. The errors related only to departmental transactions.
Recommendation:
2. It is recommended that the Assistant Secretary, CSS ensure that detailed written procedures for the processing of pay recoveries and pay reimbursement be developed and communicated. The procedures should cover all of the elements of the overall process, describing and defining the responsibilities of the various players involved with these particular types of pay related transactions. (High Priority)
The Policy on Delegation of Authorities states that departments must delegate payment authority under section 33 of the FAA to positions classified as "financial officers" who can independently verify how managers exercise their spending authority under section 34 of the FAA. In addition, departments must establish adequate controls to ensure that a specimen signature document is prepared as soon as a new employee is appointed to a position with delegated authorities. Specimen signature documents and delegation documents must be available in all locations where the signatures will have to be recognized and honoured.
For the period under audit, in CAB, compensation advisors processing the various pay transactions were not validating the signatures under section 34 of the FAA against the signature cards of managers authorizing these transactions because they did not have access to signature cards. The pay transactions included human resources activities such as inputting the following into RPS: newly appointed employees for inclusion on the Secretariat's pay list; the new salary rate and period when an employee is appointed in an acting position; and the data necessary to issue the performance pay to an employee.
These control issues were raised by IAEB in a separate audit of Leave and Overtime and recommendations were developed and approved. Management has since informed IAEB that the issues pertaining to sections 33 and 34 have been rectified.
IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat for the period examined was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities. Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the RPS and IAEB makes specific recommendations to address these.
MAF Element | Core Management Controls | Audit Criteria |
---|---|---|
People | PPL-4. At the pay and related benefits activity, the organization provides employees with the necessary training, tools, resources and information to support the discharge of their responsibilities. |
|
Stewardship-
Financial Management Policies |
ST-5. Financial management policies and authorities regarding the pay and related benefits activity are established and communicated |
|
Stewardship- Transaction Processing |
ST-10. The pay and related benefits transactions are coded and recorded accurately and in a timely manner to support accurate and timely information processing. |
|
ST-11. Appropriate system application controls exist. |
|
|
ST-12. Records and information are maintained in accordance with laws and regulations. |
|
|
ST-13. There is appropriate segregation of duties. |
|
|
Stewardship-
Monitoring |
ST-15. Reviews are conducted to analyze, compare and explain financial variances between actual and plan. |
|
ST-16. Management compares results achieved against expectations, on a periodic basis. |
|
|
ST-17. Management reallocates resources to facilitate the achievement of objectives/results. |
|
|
Stewardship-
Reporting |
ST-18. Financial and non-financial reporting is reviewed and approved |
|
ST-20. Appropriate and timely financial and non-financial reporting is communicated internally and externally. |
|
*Source: Core Management Controls: A Guide for Internal Auditors (Draft - November 2007) published by the Internal Audit Sector of the Office of the Comptroller General is the source from which the Core Management Controls and the corresponding audit criteria were selected from. Only the relevant Core Management Controls grouped under the "Stewardship" and "People" elements of the MAF were considered and the corresponding audit criteria have been, in some cases, tailored.
Priority Ranking: High
It is recommended that the Assistant Secretary, CSS ensure that verification be performed of the Regional Pay System (RPS) user/employee access rights listings to ensure their validity and appropriateness. The verification should be carried out at least twice a year by a designated departmental officer independent from the Compensation and Benefits (CAB) group and its results be reported to and monitored by senior management of Human Resources Division (HRD).
The Assistant Secretary, CSS agrees with this recommendation.
Management Action | Completion Date | Office of Primary Interest (OPI) |
---|---|---|
The validity of user/employee access rights to the RPS will be verified twice a year by an official within the HRD, but not within the CAB group. This official will be someone sufficiently knowledgeable of human resources processes to be able to complete a credible verification. This will be monitored by the Executive Director of HRD. | Verification will be completed once in each of the first and third quarters starting in fiscal year 2009-10. | HRD |
Priority Ranking: High
It is recommended that the Assistant Secretary, CSS ensure that detailed written procedures on the processing of pay recoveries and pay reimbursement be developed and communicated. The procedures should cover all of the elements of the overall process, describing and defining the responsibilities of the various players involved with these particular types of pay related transactions.
The Assistant Secretary, CSS agrees with this recommendation.
Management Action | Completion Date | Office of Primary Interest (OPI) |
---|---|---|
The Pay and Related Benefits examination period was based on the fiscal year ending March 2008. In April of 2008 a new Salary Forecasting Tool (SFT) and expenditure monitoring regime were implemented including revised business processes, documented roles and responsibilities, and an enhanced capacity in the Salary Management Unit (SMU) of General Accounting Services. Training material and documentation were developed and promulgated via training sessions and a web presence to ensure awareness of;
|
All items completed | FMD |
A further element that will be developed that will assist in addressing this recommendation is:
|
September 2009 | FMD |
Acronym | Description |
---|---|
CAB | Compensation and Benefits |
CSB | Corporate Services Branch |
CSS | Corporate Services Sector |
FAA | Financial Administration Act |
FMA | Financial Management Advisor |
FMD | Financial Management Directorate |
HRD | Human Resources Division |
IAEB | Internal Audit and Evaluation Bureau |
IFMS-SAP | Integrated Financial and Material Systems - SAP |
IS | Interdepartmental Settlement |
MAF | Management Accountability Framework |
OGD | Other Government Department |
PPIM | Personnel-Pay Input Manual |
PWGSC | Public Works and Government Services Canada |
RPS | Regional Pay System |
SACO | Security Access Control Officer |
SFS | Salary Forecasting System |
SFT | Salary Forecasting Tool |
SMU | Salary Management Unit |
Secretariat | Treasury Board of Canada Secretariat |
SPS | Standard Payment System |
* For the purposes of this report, related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay.