Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Report on Audit of Pay and Related Benefits

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.





Report on Audit of Pay and Related Benefits





Table of Contents

Assurance statement

Executive summary

Introduction

Background

Audit objective and scope

Audit criteria

Approach and Methodology

Audit Results

Accuracy and compliance of pay transactions
Adequacy and effectiveness of the control framework

Overall Conclusion

Appendix 1 - Core Management Controls and Audit Criteria

Appendix 2 - Key Authorities Governing Pay and Related Benefits in the Federal Public Service

Appendix 3 - Management Action Plan

Appendix 4 - List of Acronyms



Assurance Statement

The Internal Audit and Evaluation Bureau (IAEB) of the Treasury Board of Canada Secretariat (the Secretariat) has completed the Audit of Pay and Related Benefits* within the Secretariat.  The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay and related benefits transactions with relevant legislation, regulations, terms and conditions of employment, collective agreements, Treasury Board policies and directives.  The audit approach and methodology followed the International Standards for the Professional Practice of Internal Auditing as defined by the Institute of Internal Auditors and the Internal Auditing Standards for the Government of Canada as required under the Treasury Board's Policy on Internal Audit.

The examination was conducted during the period of June through November 2008, and covered the transactions processed and controls in place during the fiscal year ending March 31, 2008. 

The audit consisted of the following: a review of applicable authorities; an assessment of the existing control framework for pay and related benefits against criteria, process walkthroughs; an examination of certain key controls to validate their existence and effectiveness; and an examination of pay transactions selected using a statistical random sampling methodology to verify accuracy and compliance with relevant authorities.  The audit evidence gathered is sufficient to provide senior management with reasonable (high) assurance concerning the results derived from this audit.

IAEB concludes with a high level of assurance that: with the exceptions identified below,  the overall control framework for the administration of pay and related benefits in place and used within the Secretariat during the fiscal year ending March 31, 2008 was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities.  Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the Regional Pay System.  Please see the body of this report for further details regarding the audit findings.

In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence has been gathered to support the accuracy of the opinion provided in this report.  This opinion is based on a comparison of the conditions, as they existed at the time of the audit, against pre-established audit criteria.  The opinion is only applicable to the entity examined and for the scope and time period covered by the audit.

Executive Summary

Background

The audit of Pay and Related Benefits is an assurance engagement that was part of the approved Treasury Board of Canada Secretariat Three-Year Risk Based Audit Plan (for fiscal years 2007-08 to 2009-10).  The Internal Audit and Evaluation Bureau (IAEB) of the Treasury Board of Canada Secretariat (the Secretariat) conducted the audit engagement.

Pay is an amount of money given to an entitled employee, for services rendered during a specific period in accordance with the relevant terms and conditions of employment, applicable rate of pay determined in a collective agreement or approved by Treasury Board (TB) for the group and level of the employee's classification.  Benefits relate to the various health, dental, disability, long-term disability and life insurance plans available to and sometimes compulsory for an employee during his or her employment in the public service, for which the employer (and sometimes the employee) pays a premium. A public servant is also entitled to receive pension benefits after retirement which the individual and the employer will have contributed to throughout the period of employment in the public service.  Such benefit and pension plans are not covered in the scope of this audit.

Pay related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay. This audit report deals only with pay and pay related benefits.

The administration of pay and related benefits within the federal public service is complex and is governed by several authorities, the main ones being the Public Service Employment Act, the Financial Administration Act (FAA) and related regulations and, terms and conditions of employment, collective agreements; and Treasury Board policies and directives that must be complied with in order to pay an employee the compensation he or she is entitled to receive.  The Policy Framework for the Management of Compensation sets out broad administrative principles for the government overall.  The Comptrollership Policy on Pay Administration and Circulars 1977-37 & 1979-35 set the overall responsibilities of a department with regards to the administration of pay and related benefits for its employees.

As of March 31, 2008, the Secretariat had approximately 1,332 full-time equivalent employees in 13 occupational groups represented by seven different collective agreements.  The Secretariat's unaudited financial statements for fiscal year ending March 31, 2008 reported a total annual pay and benefits expenses of $138,056,000.

Objective and Scope

The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used within the Secretariat for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay transactions with relevant legislation, regulations, terms and conditions of employment, collective agreements and Treasury Board policies and directives.

The scope of the audit consisted of an assessment of the existing control framework for the administration of most types of pay transactions such as regular pay, acting pay, and performance pay, and related benefits, which result in a payment issued to an employee such as for maternity or parental allowance, bilingual bonus, and severance pay. 

The audit did not examine the controls nor test the pay transactions relating to leave (with pay) and overtime, as these had been the subject of a separate audit conducted by IAEB.  The report for this audit was finalized in December 2008.  

The audit covered the fiscal year ending March 31, 2008 and the examination phase was conducted between June and November 2008.

As previously mentioned, only employee benefits which manifest themselves in a pay transaction and result in a payment issued to an employee such as maternity or parental allowance, bilingual bonus, and severance pay were under the scope of the audit.  The audit did not cover the administration of employee benefits and related transactions, expenses related to the employer's contribution to employee pension plans, or the premiums paid for employee health care and other insurance.  These transactions were not included in the scope as they are managed centrally for the overall federal public service by the Pension and Benefits Sector of the Secretariat.

The audit did not include a validation of internal controls within the related business applications in the human resources system People Soft and in the Salary Forecasting System (replaced as of April 1, 2008 by the Salary Forecasting Tool).  Only the internal controls of the Regional Pay System (RPS) under the direct responsibility of the Human Resources Division and the Financial Management Directorate were subject to the audit as the overall management of the RPS is the responsibility of Public Works and Government Services Canada.

Overall Results and Key Findings

IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat for the period examined was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities. Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the RPS.  Specific recommendations addressing these findings are contained in the body of the report.



Introduction

The Audit of Pay and Related Benefits was part of the approved Treasury Board of Canada Secretariat Three-Year Risk Based Audit Plan (for fiscal years 2007-2008 to 2009-2010).  It was selected based on risks associated with the significant materiality of the annual and recurring pay and benefits expenses for the Treasury Board of Canada Secretariat (the Secretariat) and the extent of compliance requirementsembedded in legislation, collective agreements, and Treasury Board policies and directives, governing the administration of the pay and related benefits within the federal public service. The Internal Audit and Evaluation Bureau (IAEB) of the Secretariat conducted the audit engagement.

Background

Pay is an amount of money given to an entitled employee, for services rendered during a specific period in accordance with the relevant terms and conditions of employment, at the applicable rate as determined in a collective agreement or approved by Treasury Board for the group and level of the employee's classification.  Benefits relates to the various health, dental, disability, long-term disability and life insurance plans available to and sometimes compulsory for an employee during his or her employment in the public service, for which the employer (and sometimes the employee) pays a premium.  A public servant is also entitled to receive pension benefits after retirement which the individual and the employer have contributed to throughout the period of employment in the public service. Such benefit and pension plans are not covered in the scope of this audit.

Pay related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay. This audit report deals only with pay and pay related benefits.

The administration of pay and related benefits within the federal public service is complex and is governed by several authorities, the main ones being: the Public Service Employment Act, the Financial Administration Act (FAA)and related regulations, terms and conditions of employment, collective agreements, and Treasury Board policies and directives.  These must be complied with in order to pay an employee the compensation he/she is entitled to receive (Refer to Appendix 2 for details on Treasury Board Policies and Directives.).  The Policy Framework for the Management of Compensation sets out the broad administrative principles for the federal public service overall.  The Comptrollership Policy on Pay Administration and Circulars 1977-37 & 1979-35 set the overall responsibilities of a department with regards to the administration of pay and related benefits of its employees.

During the fiscal year ending March 31, 2008, the Corporate Services Branch (CSB) of the Department of Finance Canada was providing services and support to the Secretariat for information management and information technology, human resources, financial and administrative management, information management and information technology, including the administration of pay and related benefits.  The Compensation and Benefits (CAB) group of the Human Resources Division (HRD) and the Financial Management Directorate (FMD) are the organizations within CSB which are most involved with the administration of pay and related benefits.

At the time of this audit a transfer to the Secretariat of specific corporate services, including those relating to pay and related benefits, was planned. As a result,all recommendations are directed to the Corporate Services Sector (CSS) of the Secretariat. 

Description of Systems and Processes

The following systems and processes are used in the administration of pay and related benefits to issue payments to employees, record and account for related pay expenses, and manage the pay cycle.

  • Regional Pay System (RPS) is the central pay system for the Government of Canada.  Public Works and Government Services Canada (PWGSC) is responsible for the development, maintenance and operation of the RPS and conducts the following pay administration activities:

    • calculates employee remuneration (e.g., regular salary, including statutory and other deductions, over-time, non-salary benefits such as insurances, etc.);
    • calculates gross to net pay;
    • calculates retroactive payment revisions upon signing of back-dated collective agreements;
    • conducts year-end processing and issues tax slips;
    • remits deductions to third parties such as the Canada/Quebec Pension Plan, Canada Revenue Agency, etc.;
    • implements the rules of the Treasury Board and separate employer collective agreements and policies and legislation; and
    • provides training and advisory services to departmental compensation advisors.

    Compensation advisors of CAB's group provide pay and related benefits services to Secretariat's employees and enter pay transactions into RPS.  They are responsible for the accuracy, integrity, verification and timeliness of pay transactions.

    The employee salary payments, calculated by RPS are issued by the Receiver General's Standard Payment System (SPS).

    PWGSC maintains the Payroll System General Ledger that provides Payroll Control Account Balance, Control Data, and Internal Journal Voucher reports that departments utilize in the reconciliation of their Payroll Control Account prior to submission of their respective Trial Balance to the Central Financial Management Reporting System.

    The CAB group has a direct role in all of the following processes relating to compensation with the exception of item 7 (payroll run) and item 9 (management review of payroll expenses):

    1. Appointments and new hires (taken-on-strength)
    2. Transfer-in from other government department (OGD)
    3. RPS data input for appointments and new hires
    4. Changes to individual pay file required to apply updated information on pay related transactions or new terms of collective agreements
    5. Transfer-out to OGDs
    6. Departing personnel (struck-off-strength)
    7. Payroll run
    8. Pay distribution
    9. Management review of payroll expenses

  • Integrated Financial and Material Systems - SAP (IFMS-SAP)is the financial system (based on the SAP software) used by the Secretariat to record and account all financial transactions in the General Ledger.  This system is fed with transactions processed by the Receiver General's treasury systems (such as SPS) and RPS, which are controlled through a series of accounts maintained by the Receiver General and reconciled by departments.

  • Salary Forecasting System (SFS) was the management tool in use until March 31, 2008, for forecasting and monitoring actual personnel costs on an employee-by-employee basis.  In SFS, employee information was collected from the human resource system People Soft (see below) and combined with salary information, such as budget and actual expenditures, from IFMS- SAP.  This information was then combined with the planned data from the SFS input application to create salary forecast reports.

    As of April 1, 2008, the SFS was replaced by the new Salary Forecasting Tool (SFT).  SFT is a module of SAP that serves the same purpose as the SFS, but is more flexible and has better reporting capabilities. According to CSB, this new system will provide more timely and accurate forecasts for the managers of fund centers, as all the employee salary information is now entered into SFT independently of People Soft and is no longer affected by the lengthy time lag between the new employee starting date and the date his or her salary data was entered into People Soft, as was the case with SFS.

  • People Soft is the departmental human resource system managed by the HRD to store employee information.  It is also used by employees to request leave and by managers to approve leave requests.  It is not a financial system. 

As of March 31, 2008, the Secretariat had approximately 1,332 full-time equivalent employees in 13 occupational groups represented by seven different collective agreements.  The Secretariat's unaudited financial statements for fiscal year ending March 31, 2008 reported a total annual pay and benefits expenses of $138,056,000 as part of its operating expenses as follows:

Expenses Amount
Pay (Referred to as Salaries and Wages) $120,424,000
Benefits (Contributions to Employees' Benefits and Pension Plans) $17,632,000
Total Pay and Benefits Expenses $138,056,000


Audit Objective and Scope

The objective of the audit was to give assurance on the adequacy and effectiveness of the control framework in place and used within the Secretariat for the administration of pay and related benefits to ensure the accuracy and compliance of the processed pay transactions with relevant authorities.

The scope of the audit consisted of an assessment of the existing control framework for the administration of most types of pay such as regular pay, acting pay, and performance pay and related benefits, which result in a payment issued to an employee such as for maternity or parental allowance, bilingual bonus, and severance pay.  In addition, detailed audit tests on the most material types (where annual expenses exceed $100,000) of pay transactions and expenses as described in Table I were conducted to verify the accuracy of the amount paid in compliance with legislation, regulations, terms and conditions of employment, collective agreements, and Treasury Board policies and directives. 

Table I:  General Ledger (GL) Accounts and Pay Expenses Subject to Detailed Audit Tests on Accuracy and Compliance
G/L Account No. Description of Type of Pay Transaction/Expenses Account Balance for Fiscal Year ending March 31, 2008($)
1010 Indeterminate-Basic pay 89,393,694
1646 Executive interchange 3,280,660
1210 Term-Casual-Part time basic pay 3,225,162
1011 Indeterminate-Performance award 2,031,005
1048 Severance pay 1,771,144
1642 Maternity-Parental allowance 1,508,810
1024 Indeterminate-Bilingual bonus 565,635
1810 Student-Basic pay 368,648
1660 Other allowances 149,155
1034 Indeterminate-Retroactive basic current year 142,569
1016 Terminable allowance 113,994
  Total 102,550,476

The audit covered the administration of pay activities and transactions, including related data and expenses for the fiscal year ending March 31, 2008. The examination phase was conducted between June and November 2008.

The audit did not examine the controls nor test the pay transactions relating to leave (with pay) and overtime, as these had been the subject of a separate audit conducted by IAEB.  The report for this audit was finalized in December 2008.

As previously mentioned, only employee benefits which manifest themselves in a pay transaction and result in a payment issued to an employee such as maternity or parental allowance, bilingual bonus, and severance pay were under the scope of the audit.  The audit did not cover the administration of employee benefits and related transactions, expenses related to the employer's contribution to employee pension plans, or the premiums paid for employee health care and other insurance.  These transactions were not included in the scope as they are managed centrally for the overall federal public service by the Pension and Benefits Sector of the Secretariat.

In addition, the audit did not include a validation of internal controls within the related business applications in People Soft or in the SFS (replaced as of April 1, 2008 by the SFT).  Only the internal controls of RPS under the direct responsibilities of HRD and FMD were subject to the audit as PWGSC is responsible for the overall administration of RPS.

Audit Criteria

The audit criteria used to assess the adequacy and effectiveness of the Secretariat's control framework were developed based on the authorities governing pay and related benefits in the federal public service.  In addition, these were complemented by criteria developed based on the Core Management Controls document issued by the Office of the Comptroller General, which focus on the federal government's Management Accountability Framework (MAF) in the Stewardship and People categories (Refer to Appendix 1 for details.).  Appendix 2 contains the list of the relevant authorities.

Approach and Methodology

The audit approach and methodology is risk-based and is consistent with the International Standards for the Professional Practice of Internal Auditing and the Internal Auditing Standards for the Government of Canada as required under Treasury Board's Policy on Internal Audit.  These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that the audit objective is achieved.  The audit was conducted in accordance with an audit program that defined audit tasks to assess each criterion after a preliminary survey was conducted to identify key risk elements.

The approach used in carrying out the audit included the following:

  • a review of applicable legislation, policies, directives, procedures, and other information related to the processing of pay and related benefits and to related management practices;
  • interviews with management and staff of CSB, and fund center managers;
  • document through a flowchart of the overall control framework for the administration of pay and related benefits and comparing against current processes;
  • performing walkthroughs to observe specific detailed processes and controls for:
    • processing, review and authorization of pay transactions and paying employees using the RPS;
    • recording pay expenses; processing; monitoring; and reconciliation processes between RPS and the Receiver General's central systems with the Secretariat's IFMS-SAP;
    • reimbursing the pay of a newly appointed employee to his/her former department using an interdepartmental settlement (IS), up until the time the employee's file is transferred and processed within the Secretariat;
    • recovering the pay of an employee who departed the Secretariat from its new department using an IS, up until the time the employee's file is completely transferred and processed to the former employee's new department; and
    • management reviews and monitoring of pay expenses at the fund center level;
  • assessing the control framework against the criteria/control objectives and identifying the key internal controls;
  • performing detailed audit tests on the following key internal controls to validate their existence and assess their effectiveness:
    • access security controls to RPS;
    • reconciliation processes between RPS and IFMS-SAP; and
    • reviews and monitoring of the pay expenses performed by fund center managers;
  • obtaining an electronic extraction of the pay transactions recorded in IFMS-SAP for fiscal year ending March, 31 2008 from the auditee and using computer-assisted audit techniques for data analysis and sampling;
  • preparing a sampling plan and statistically selecting, using a confidence level of 95 %, a random sample of 67 employee pay files as recorded and accounted for in the General Ledger accounts under the scope of the audit (Refer to Table I above for details.); and
  • performing detailed audit test procedures on a random sample of 67 employees' total pay for the fiscal year ending March, 31 2008 consisting of a total of 4,634 individual pay transactions for each employee's yearly pay, all of the pay transactions were subject to detailed audit procedures such as the following:
    • tracing to relevant original documents contained in the employee file or elsewhere for compliance with the control framework; and
    • verifying the accuracy of the calculations of the amounts paid and compliance with applicable terms and conditions of employment, collective agreements, and other applicable Treasury Board policies and directives.

Of the 67 files, 57 were employees (non-executives), 8 were EX (executives) and two were students.  Any of the files could exhibit one or more of the characteristics, as outlined in the following Table.

Table II: Characteristics of the employees files selected
Characteristics Number of files
Regular pay 58
Bilingual bonus 33
Hired and deployment appointments 21
Promotions (three to executive level) 8
Acting pay 9
Performance pay 7
Maternity and parental benefit, Illness disability, Leave with income averaging, and leave without pay 7
Pay recoveries from another department or reimbursements of pay to another department performed with an Interdepartmental Settlement (IS) 28


Audit Results

1. Accuracy and Compliance of Pay Transactions

Overall, pay transactions processed in RPS during the period audited were accurate and in compliance with the relevant legislation, regulations, terms and conditions of employments, collective agreements, and Treasury Board policies and directives.

IAEB performed detailed audit test procedures on the pay transactions processed for the fiscal year 2007-08 for a random sample of 67 employees, which consisted of a total of 4,634 individual pay transactions. The objective of these tests was to provide assurance that the amounts paid to those employees during 2007-08 were calculated accurately according to the terms and conditions of employment for the employee's classification, and in compliance with Treasury Board policies and directives applicable under the particular circumstances of employment.  Refer to Table II above for details on the characteristics of the sample selected.  It was found that there was an accuracy rate of greater than 99.5% of the transactions tested.

2. Adequacy and Effectiveness of the Control Framework

2.1 Access Security Controls

Access security controls to RPS are in place and in use. However, neither active monitoring nor verification is performed of all of the user/identifier employees' names and their corresponding level of access rights to RPS.

The online pay sub-system of RPS has embedded access security controls.  These include:  individual log-on using unique user/identifier by employee name and password corresponding to only one of the four levels of access rights to the system: initiation, verification, authorization of a pay transaction, or inquiry.  These access security controls ensure that access to RPS is restricted to authorized users only.  The audit found that, although the access security controls are in place and in use, there is neither active monitoring nor verification performed by an independent officer of all of the user/identifier employees' names and their corresponding level of access rights to RPS.

The Personnel-Pay Input Manual (PPIM) published by the Compensation Sector of PWGSC provides departments with the required instructions and procedures for preparing, verifying, and authorizing batching input to RPS.  Chapter 17 describes all of the responsibilities of the departmental Security Access Control Officer (SACO) including, among others, actioning requests for new passwords; maintaining adequate records of processed request forms; investigating and correcting password irregularities; cancelling passwords and/or related alternate; and verifying twice a year that each user/identifier belongs to the correct individual and reviewing the assigned system access.

At the time of the audit, the activities performed by the departmental SACO were limited to transmitting to PWGSC the online pay access requests received by the CAB group's managers and to filing them.  At the request of IAEB, the departmental SACO provided a report, which was obtained from PWGSC, listing all of the user/identifier employees' names with access to the online pay sub-system of RPS.  IAEB performed a limited analysis of this report which revealed that, at the time this report was prepared, out of a total of 43 user/employee names listed, eight belonged to individuals who were not current employees and two of those had departed for a period greater than 180 days.  Consequently, at the time of this audit, eight former employees continued to have access rights to RPS when they should have been revoked.

Recommendation:

1. It is recommended that the Assistant Secretary, CSS ensure that verification be performed of RPS user/employee access rights listings to ensure their validity and appropriateness.  The verification should be carried out at least twice a year by a designated departmental officer independent from the CAB group and its results be reported to and monitored by senior management of HRD.  (High Priority).

2.2 Controls over Pay Recoveries from and Pay Reimbursements to Other Government Departments

The Controls over the pay recoveries from and the pay reimbursements to Other Government Departments (OGD) have weaknesses.

Pay recoveries from and reimbursements to, OGDs result in the following circumstances:

  • time lag between employee transfers among departments and the actual transfer of pay files to the hiring department; and
  • when an employee is seconded to and from another department.

The Secretariat (the creditor department) recovers the amount it disbursed to pay salary from an OGD (the debtor department) using an IS(settlement between any two-government departments that operate within the Consolidated Revenue Fund) in the following two situations:

  • Employee departs the Secretariat and is appointed by another department. The Secretariat recovers from another department the pay disbursements/expenses it continues to pay to its former employee up until the time when the employee's file is transferred out to, and processed in to the other department' s RPS pay list; and
  • Employee is seconded out to work in another department. The Secretariat recovers from another department the pay disbursements/expenses it continues to pay to its employee for the duration of the period set in the secondment agreement.

The Secretariat (the debtor department) pays and reimburses an OGD (the creditor department) using an IS in the following two situations:

  • Employee is appointed to a position in the Secretariat from another department.  The Secretariat reimburses the new employee's former employer for the pay expenses that this department continues to pay up until the time when the new employee's file is transferred to, processed by, and added to the Secretariat's RPS pay list; and
  • Employee seconded in the Secretariat from another department. The Secretariat reimburses the salary to the other department for the duration of the period set in the secondment agreement.

IAEB found that the controls over pay recoveries from OGD and pay reimbursements to other OGD have weaknesses.  At the time of the audit, there were no written departmental detailed procedures describing the processes to follow with regards to pay recoveries and pay reimbursement to ensure their accurate, documented, authorized and timely processing.

IAEB also found errors in the sample of transactions audited.  Within the overall sample of the 67 pay files subject to detailed audit test procedures (see Table II above for a description of the sample), there were 28 cases where pay recoveries from another department or pay reimbursements to another department had been or should have been processed by the Secretariat.

Out of 28 cases, 11 had one or more errors of the following types:

  • incomplete information corroborating and documenting the amount to recover or reimburse;
  • immaterial calculation errors caused by a design error in the model used to calculate the number of days to pay the other department or to recover from the other department; and
  • non-recovery from another department or reimbursement to another department, where FMD had not been notified by the fund center manager to do so.

The total accumulated net impact of the errors found was minimal - an overstatement of $675.89 of the Secretariat's pay expenses for fiscal year ended March, 31 2008.  It should be noted that no employees received additional or less money because of the errors identified.  The errors related only to departmental transactions.

Recommendation:

2. It is recommended that the Assistant Secretary, CSS ensure that detailed written procedures for the processing of pay recoveries and pay reimbursement be developed and communicated.  The procedures should cover all of the elements of the overall process, describing and defining the responsibilities of the various players involved with these particular types of pay related transactions. (High Priority)

2.3 Pay Expenditure Authorization

Controls for fulfilling responsibility under section 33 of the FAA were found to be inadequate.  Specifically, signatures were not verified as per section 34 of the FAA.  However, IAEB has been informed that this issue has since been addressed.

The Policy on Delegation of Authorities states that departments must delegate payment authority under section 33 of the FAA to positions classified as "financial officers" who can independently verify how managers exercise their spending authority under section 34 of the FAA.  In addition, departments must establish adequate controls to ensure that a specimen signature document is prepared as soon as a new employee is appointed to a position with delegated authorities.  Specimen signature documents and delegation documents must be available in all locations where the signatures will have to be recognized and honoured.

For the period under audit, in CAB, compensation advisors processing the various pay transactions were not validating the signatures under section 34 of the FAA against the signature cards of managers authorizing these transactions because they did not have access to signature cards.  The pay transactions included human resources activities such as inputting the following into RPS: newly appointed employees for inclusion on the Secretariat's pay list; the new salary rate and period when an employee is appointed in an acting position; and the data necessary to issue the performance pay to an employee.

These control issues were raised by IAEB in a separate audit of Leave and Overtime and recommendations were developed and approved.  Management has since informed IAEB that the issues pertaining to sections 33 and 34 have been rectified.

Overall Conclusion

IAEB concludes with a high level of assurance that: with the exceptions identified below, the overall control framework for the administration of pay and related benefits in place and used within the Secretariat for the period examined was adequate and effective to ensure the accuracy and compliance of the pay transactions processed with relevant authorities.  Control weaknesses were found relating to interdepartmental recoveries and reimbursements of pay and to the verification of user/employee access rights to the RPS and IAEB makes specific recommendations to address these.



Appendix 1 - Core Management Controls and Audit Criteria

MAF Element Core Management Controls Audit Criteria
People PPL-4.  At the pay and related benefits activity, the organization provides employees with the necessary training, tools, resources and information to support the discharge of their responsibilities.
  1. Employees have access to sufficient tools, (such as, software, equipment, work methodologies and standard operating procedures) and training and development plans are resourced and actioned.
Stewardship-

Financial Management Policies

ST-5. Financial management policies and authorities regarding the pay and related benefits activity are established and communicated
  1. Financial management policies are maintained by the organization or reliance on Treasury Board policies are referenced.
  2. Effective communication of financial management policies is carried out (e.g. policies available on organizations intranet, published policies or reference to Treasury Board policies via email or other correspondence).
  3. Financial policies and authorities are known and understood by the personnel.
Stewardship-

Transaction Processing

ST-10. The pay and related benefits transactions are coded and recorded accurately and in a timely manner to support accurate and timely information processing.
  1. Financial transactions are coded and processed in an efficient and timely manner, including for example:
    • Clearing accounts are not more than one month in arrears;
    • Pay is processed within the set timeframe; and
    • Sub ledgers are reconciled monthly.
  2. Controls are in place to ensure accuracy of transaction coding and processing (e.g. batch totals, reconciliations, supervisory review, management approval etc.).
ST-11. Appropriate system application controls exist.
  1. Logical access controls exist to ensure access to systems, data and programs, is restricted to authorized users, e.g. systems require users to logon using unique user name and password.
  2. Procedures exist and are applied in order to keep authentication and access mechanisms effective.
ST-12. Records and information are maintained in accordance with laws and regulations.
  1. Accounting records and information are maintained in accordance with generally accepted accounting principles as well as government laws and regulations.
  2. Responsibility for monitoring information management is clearly assigned.
ST-13. There is appropriate segregation of duties.
  1. Individuals responsible for initiation of (FAA section 32 - commitment) and/or approval for payment for (FAA section 34) transactions must not be the same individual responsible for payment (FAA section 33 – requisition).
  2. Incompatible functions must not be combined.
Stewardship-

Monitoring

ST-15. Reviews are conducted to analyze, compare and explain financial variances between actual and plan.
  1. The requirement to compare and explain variances is documented.
  2. Responsibility to compare and explain variances is known and understood and applied accordingly.
  3. Financial variance are reviewed and explained in a report.
ST-16. Management compares results achieved against expectations, on a periodic basis.
  1. Evidence of Management review exists (e.g. sign off).
  2. Management review is on going and is timely.
ST-17. Management reallocates resources to facilitate the achievement of objectives/results.
  1. Management review results in decision-making which impacts on the delivery of the activity.
  2. Reallocation of resources is supported.
Stewardship-

Reporting

ST-18. Financial and non-financial reporting is reviewed and approved
  1. Reporting is reviewed for completeness, accuracy, relevance, and timeliness.
  2. Approval is evidenced (signoff, email, minutes etc).
  3. Significant control breakdowns are reported to management.
ST-20. Appropriate and timely financial and non-financial reporting is communicated internally and externally.
  1. A schedule of regular reporting is prepared and communicated in advance.
  2. Responsibility for reporting is clear, communicated and implemented accordingly.
  3. Complete, accurate, relevant, and timely financial and non-financial reports are submitted as required.

*Source: Core Management Controls: A Guide for Internal Auditors (Draft - November 2007) published by the Internal Audit Sector of the Office of the Comptroller General is the source from which the Core Management Controls and the corresponding audit criteria were selected from.  Only the relevant Core Management Controls grouped under the "Stewardship" and "People" elements of the MAF were considered and the corresponding audit criteria have been, in some cases, tailored.

Appendix 2 - Key Authorities Governing Pay and Related Benefits in the Federal Public Service



Appendix 3 - Management Action Plan

Recommendation 1:

Priority Ranking: High

It is recommended that the Assistant Secretary, CSS ensure that verification be performed of the Regional Pay System (RPS) user/employee access rights listings to ensure their validity and appropriateness. The verification should be carried out at least twice a year by a designated departmental officer independent from the Compensation and Benefits (CAB) group and its results be reported to and monitored by senior management of Human Resources Division (HRD).

The Assistant Secretary, CSS agrees with this recommendation.

Management Action Completion Date Office of Primary Interest (OPI)
The validity of user/employee access rights to the RPS will be verified twice a year by an official within the HRD, but not within the CAB group.  This official will be someone sufficiently knowledgeable of human resources processes to be able to complete a credible verification.  This will be monitored by the Executive Director of HRD. Verification will be completed once in each of the first and third quarters starting in fiscal year 2009-10. HRD



Recommendation 2:

Priority Ranking: High

It is recommended that the Assistant Secretary, CSS ensure that detailed written procedures on the processing of pay recoveries and pay reimbursement be developed and communicated.  The procedures should cover all of the elements of the overall process, describing and defining the responsibilities of the various players involved with these particular types of pay related transactions.

The Assistant Secretary, CSS agrees with this recommendation.

Management Action Completion Date Office of Primary Interest (OPI)

The Pay and Related Benefits examination period was based on the fiscal year ending March 2008.  In April of 2008 a new Salary Forecasting Tool (SFT) and expenditure monitoring regime were implemented including revised business processes, documented roles and responsibilities, and an enhanced capacity in the Salary Management Unit (SMU) of General Accounting Services.

Training material and documentation were developed and promulgated via training sessions and a web presence to ensure awareness of;

  • The role of each stakeholder including SMU, Fund Center Managers (and their administrative support), and Financial Management Advisors (FMA).
  • An Account Verification Checklist for SMU staff to ensure that all steps are followed including identification of mandatory supporting documentation to be kept in employee file and the use of an account verification stamp.
  • New Salary Management Forms which easily identify pertinent information requirements.
  • A new report developed by SMU to track recoveries and status.  Report to be provided to FMA to enable comparison of actual expenditures, forecast and recoveries in progress.
  • Executive level sign offs required on salary forecast submissions.
  • An automated and integrated worksheet solution has been developed to enhance accuracy of calculation and minimize manual intervention.
All items completed FMD

A further element that will be developed that will assist in addressing this recommendation is:

  • A detailed process for the payment and recovery of Interdepartmental Settlements related to salary will be developed.
September 2009 FMD


Appendix 4 - List of Acronyms


Acronym Description
CAB Compensation and Benefits
CSB Corporate Services Branch
CSS Corporate Services Sector
FAA Financial Administration Act
FMA Financial Management Advisor
FMD Financial Management Directorate
HRD Human Resources Division
IAEB Internal Audit and Evaluation Bureau
IFMS-SAP Integrated Financial and Material Systems - SAP
IS Interdepartmental Settlement
MAF Management Accountability Framework
OGD Other Government Department
PPIM Personnel-Pay Input Manual
PWGSC Public Works and Government Services Canada
RPS Regional Pay System
SACO Security Access Control Officer
SFS Salary Forecasting System
SFT Salary Forecasting Tool
SMU Salary Management Unit
Secretariat Treasury Board of Canada Secretariat
SPS Standard Payment System

* For the purposes of this report, related benefits are those that are manifested in pay transactions and result in a payment issued to an entitled employee such as maternity or parental allowance, bilingual bonus, and severance pay.