This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The Internal Audit and Evaluation Bureau has completed its Audit of Account Verification of Treasury Board of Canada Secretariat (the Secretariat). This audit is also relevant to the Department of Finance (Finance Canada), given that the Secretariat has been providing account verification and payment processing services to that department since February 1, 2009.
The objective of the audit was to assess the adequacy and effectiveness of the account verification control framework. The audit approach and methodology followed the Internal Auditing Standards for the Government of Canada and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing.
The examination was conducted from November 2009 to February 2010 and covered Secretariat and Finance Canada's payments for goods and services for the fiscal year ending March 31, 2009. Consideration was also given to improvements made to account verification practices subsequent to the audit period.
The audit consisted of a review of applicable account verification authorities, process walk-throughs, interviews with management and staff, and an examination of departmental records supporting payments of goods and services, using a statistical sampling methodology.
We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. A number of opportunities to further enhance the account verification control framework have been identified and are outlined in this report.
In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence has been gathered to support the accuracy of the opinion provided in this report. The opinion is based on a comparison of the conditions, as they existed at the time of the audit, against pre-established audit criteria. The opinion is applicable only to payment categories examined and for the time period specified.
This audit is part of the Secretariat's 2008–11 Risk-Based Audit Plan that was approved by the Secretary at a Government of Canada Audit Committee meeting on April 14, 2008.
Account verification is the final step before funds for a payment request are released for payment. It is the process for ensuring that requests for payments and settlements are verified in a risk-informed manner that maintains an appropriate level of financial control, including compliance with applicable policies and legislation.
At the time of the audit, the Treasury Board Policy on Account Verification required that payment verification processes be designed and operated in a way that would maintain probity while taking into consideration the varying degrees of risk associated with each payment.
The Financial Administration Act (FAA) provides legislative requirements for the financial administration of the Government of Canada. Section 34 of the FAA provides the authority to certify that goods were received or services rendered as contracted. Section 33 provides the authority to release funds for payment after verifying that Section 34 has been properly exercised.
The objective of the audit was to assess the adequacy and effectiveness of internal controls regarding account verification.
The audit's scope focused on the operating framework, payment processes, and monitoring and reporting of account verification for Vote 1 Program and Operating expenditures for the Secretariat and Finance Canada. Interdepartmental settlements, grants and contributions, salary, and interest amounts were excluded from the audit's scope.
We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. Specifically:
A management action plan has been developed by the Secretariat and is presented in Appendix B.
The Treasury Board Directive on Account Verification, formerly the Treasury Board Policy on Account Verification, requires that payment verification processes be designed and operated in a way that maintains probity while taking into consideration the varying degrees of risk associated with each payment. Further, it is government policy to pay on time—neither early nor late—amounts that represent a legitimate obligation and that are correct.
For the period under review (April 1, 2008, to March 31, 2009), the former Treasury Board Policy on Account Verification was in effect, which had the objective of ensuring that accounts for payments and settlements are verified in a cost-effective and efficient manner while maintaining the required level of control. Although a new directive has since been issued, its objectives and requirements are similar.
The FAA provides legislative requirements for the financial administration of the Government of Canada. Section 32 of the FAA provides the authority to commit funds against an appropriation before the expense is incurred. Section 34 provides the authority to certify that goods were received or services rendered as contracted. Section 33 provides the authority to release funds for payment after ensuring that the payment is a lawful and correct charge against an appropriation and that Section 34 authority has been properly exercised.
Corporate Services Sector (CSS) is ultimately responsible for ensuring compliance with authorities for account verification. This sector is responsible for policies, procedures and controls related to the account verification of payments. CSS also develops and maintains financial delegation instruments.
Finance Canada had traditionally provided shared corporate services (i.e., financial and human resources) to the Secretariat. Effective February 1, 2009, shared services for the Secretariat and Finance Canada, including the control and supervision of account verification and payment processing, were transferred to the Secretariat's CSS. In this context, CSS exercises its responsibilities in processing expenditures for both departments.
Vote 1 Program and Operating expenditures for the Secretariat and Finance Canada for the fiscal year ending March 2009 are provided in Table 1.
Measure |
Secretariat |
Finance Canada |
---|---|---|
Salary |
$134,672,104 |
$75,188,485 |
Goods and Services |
$52,489,655 |
$35,948,400 |
Grants and Contributions |
$228,366 |
nil |
Total |
$187,390,125 |
$111,136,885 |
Source: Departmental Trial Balance (P12-2), Treasury Board Secretariat and Finance Canada
The audit's objective was to assess the adequacy and effectiveness of internal controls regarding account verification.
The Audit of Account Verification was included in the Risk-Based Audit Plan as a result of a preliminary survey conducted in 2007 in the area of accounts payable and control weaknesses identified as part of the financial statement readiness project led by CSS.
The audit focused on the operating framework, payment processes, and monitoring and reporting of account verification for Vote 1 Program and Operating expenditures, more specifically, the goods and services portion for the Secretariat and Finance Canada. It assessed compliance with financial management authorities (e.g., Treasury Board Directive on Account Verification / Treasury Board Policy on Account Verification), with a focus on areas that presented a higher residual risk. The scope included a detailed review for the following:
Given that the Secretariat is responsible for the account verification control framework and provides shared services to Finance Canada, the audit focused on Vote 1 Goods and Services expenditures, which amounted to $52.5 million and $35.9 million in 2008–09 for the Secretariat and Finance Canada, respectively.
Table 2 provides a summary of payment amounts addressed by the audit.
Type of Payments |
Secretariat |
Finance |
---|---|---|
Acquisition card (MasterCard) |
$1,886,094 |
$1,781,494 |
Awards, conferences, hospitality, memberships, training and travel (employee payables) |
$ 4,332,624 |
$5,712,476 |
Other invoices and claims (goods and services) |
$33,222,807 |
$40,562,839 |
Excluded from scope |
$13,048,130 |
($12,108,409) |
Total goods and services |
$52,489,655 |
$35,948,400 |
Interdepartmental settlements (receivables and payables), deposits, reversals, and interest amounts were excluded from the scope. A major component of excluded transactions was the allocation of shared services costs from Finance Canada to the Secretariat and from other government departments.
The audit scope did not include:
Audit criteria and audit tests were developed based on the results of consultations held with CSS's Financial Management Directorate, audit research and analysis, a review of applicable authorities, the audit risk assessment exercise, and the Core Management Controls document issued by the Office of the Comptroller General that focuses on the federal government's Management Accountability Framework (MAF). This audit focuses on the elements of people, stewardship, results and performance, and accountability. As a result, the following lines of enquiry were selected for this audit:
Detailed criteria used to assess the adequacy and effectiveness of internal controls are presented in Appendix A.
The audit approach and methodology is risk-based and followed the Internal Auditing Standards for the Government of Canada and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that audit objectives are achieved. The audit included various tests as considered necessary to provide such assurance. The approach used in carrying out the audit included the following:
Finance Canada's internal audit function was kept informed of the audit's progress. Final versions of key documents were also provided to Finance Canada as they became available.
Each area of focus was assessed against audit objectives and related audit criteria. The audit results are presented below by area of focus.
Employee training and related guidance support the account verification practice.
We expected to find that employees received sufficient training from their supervisors on account verification requirements and that instruction material and/or guidelines were available and used by employees to support account verification activity.
The audit found that new employees receive informal but structured one-on-one training on the requirements of fulfilling the job of an account verifier. An informal assessment of their performance is also provided by their supervisors. Training consists of walk-throughs of account verification processes and practices under supervisor guidance and review of the account verification procedures manual. On-the-job learning is also a key aspect, including support from a financial officer, for high-priority or more complex verifications.
Policies, procedures, processes, directives and instructions related to account verification practices are accessible to employees through the Secretariat's document management system (RDIMS). When there are changes to authorities, the account verification procedures manual is updated, employees are notified in writing (by email), and meetings with staff are held if warranted.
Conclusion
Employee training supports the account verification practice. While the training process for new employees to acquire account verification competencies is thorough, it could be strengthened by documenting current training and evaluation techniques. Documenting what is currently done will maintain training consistency, especially when turnover rates are high.
Recommendation: None.
Departmental payments were verified in an accurate and timely manner. A number of business process improvements would enhance the effectiveness of the account verification practice.
We expected to find that business processes and internal controls validate key aspects of account verification for goods and services and for acquisition card and employee-related payment requests.
The audit categorized goods and services payments into three types based on the distinct account verification procedures applied for each. A statistical sample of 67 payments for goods and services, acquisition card purchases and employee payables amounting to $174,974, $23,581 and $69,856, respectively, totalling 201 payments and $268,411, was selected for detailed examination.
Based on our detailed examination, payments for goods and services were verified in compliance with the Treasury Board Directive on Account Verification, the FAA and good management practices. We found that FAA Section 34 certification signatures were:
Further, payment amounts were accurately entered into the financial system, financial coding was appropriate, processing was prompt, and corrections were made as warranted. Also, the audit did not find duplicate payments.
The following provides specific observations for each type of payment or payment request subject to our detailed examination.
Payment Requests for Goods and Services
The audit found that an adequate document trail of account verification activity was maintained on file, such as invoices—traced to purchase orders in the financial system, where applicable—and receipts for services rendered. Requests for payment that required further verification by a subject matter expert were forwarded and verified as required. A record of account verification activity was recorded on the account verification checklist for payment of goods and services.
The audit found that of the 67 payment files examined, 10 were missing evidence of goods receipt (e.g., a packing slip, bill of lading, a stamp and signature certifying goods receipt, or a note to file verifying goods receipt). While the audit examination was limited to a file review, the Directive on Account Verification requires supporting documentation be complete, allowing maintenance of an audit trail for each payment amount claimed such as receipt of goods or services and authorization according to the delegation of financial signing authorities. Without complete documentation that supports payment requests, the account verification process is incomplete.
Payment Requests for Acquisition Cards
Regarding the examination of payments made using acquisition cards, we found that, overall, sufficient information and appropriate documents were included in the file to support the purchases. However, in 10 cases, the audit found minor errors or document deficiencies affecting full compliance with established procedures. For example, in 2 cases, conference registration was incorrectly coded as miscellaneous products, and in 4 other cases, photocopies of invoices/receipts were provided instead of the originals. The audit did not identify any evidence in the payment files sampled that Financial Management Directorate followed-up with Funds Centre managers to obtain the missing information or documents.
The account verification process requires that each payment undergo a thorough verification. The audit noted, however, that 14 of 67 (21 per cent) of acquisition card statements had one or more payments with incorrectly applied taxes (i.e., GST and/or PST). Of note were instances where the error was generated on the monthly bank statement. The errors from the audit sample resulted in a total overstatement and understatement of approximately $95 and $150, respectively, with a net understatement of approximately $55. If extrapolated to acquisition card payments for the Secretariat and Finance Canada for the audit period, the resulting error rate would remain at less than 1 per cent, with a net understatement of approximately $13,000.
The audit observed that formalized desk procedures or verification checklists were not applied for acquisition card payments. Consequently, an audit trail of verification activity was not available on the file. The absence of an audit trail made it difficult for the audit team to assess the extent and consistency of post-payment verification for goods and services purchases (e.g., issues followed up with Fund Centres, rationale for accepting incomplete documentation, etc.).
Payment Requests for Employee-Related Expenses
Employee-related payments include payment requests such as awards, conferences, hospitality, memberships, training and travel.
The audit found that the account validation process for employee payable payments generally complied with established procedures and Treasury Board policy. A formal account verification checklist was introduced in the latter part of the 2008–09 fiscal year. It was found that the checklist was consistently used for payments dated January to March 2009.
It was found that 40 of 55 (73 per cent) of employee-payable files examined included evidence that payment requests were properly pre-authorized prior to the event occurring and were properly certified for payment authorization. In 5 cases, travel pre-authorizations were not completed in advance of travel; in 6 cases, travel pre-authorizations were not dated by the signee, which is required to validate the pre-approval, and in 4 cases, there was neither a travel authorization signee nor a date. It should be noted that audit examination was limited to a file review. If further information was obtained by an account verifier over the phone or via email and this information was not placed on the payment file, then this evidence was not available for the audit. Such omissions put the validity of the authorization or certification into question and decrease process efficiency, as account verifiers must then use additional time and effort to determine whether the signatures were valid in the possible range of time that they could have been recorded.
Conclusion
Departmental payments were found to be made in an accurate and timely manner; however, a number of business process improvements would enhance the effectiveness of the account verification practice. Specifically:
Recommendation 1
It is recommended that the Assistant Secretary, CSS, implement account verification business process improvements, including:
Monitoring compliance with financial management legislation, policies and authorities is done through 100-per-cent verification of payment requests. This approach does not take advantage of risk-based sampling techniques, and the results of monitoring are not shared with senior management.
Because monitoring is a core fundamental control, we expected to find that compliance monitoring was performed effectively and on a periodic basis and that the results of monitoring were reported to the appropriate level of management.
The Directive on Account Verification requires that departments apply a risk-based approach to account verification, conducting a full review of high-risk payment requests and sampling low- to moderate-risk payment requests based on a sampling plan. Accounting Services and Management Practices, Financial Management Directorate has developed a sound Account Verification of Sampling Plan for the Secretariat and Finance Canada; however, the plan has not yet been implemented.
For the audit period under review, every request for payment sent to Financial Management Directorate for processing was subject to verification based on established internal guidelines. Subsequent to the audit period, the departments have assessed travel reimbursement requests on a risk basis and are planning to apply a sampling approach to the verification of low-risk payment requests.
With respect to the results of verification, Internal Audit and Evaluation Bureau was informed that significant errors detected as part of account verification were taken up with responsible parties and corrected. These errors, however, were not tabulated or reported. Such an exercise would provide a record of the type of errors arising from Fund Centres and assist in identifying appropriate corrective measures. Furthermore, senior management could use these results to support decision making with respect to financial management, such as determining how to change existing controls and ensure that risks are managed appropriately.
The results of follow-up activity should also be monitored to ensure that identified controls are operating as intended.
While monitoring of error rates in payment requests was not undertaken, Accounting Services and Management Practices does maintain a monitoring log of payment requests involving significant policy or practice interpretation issues and matters of management concern. The log serves as a control document and a reference source for consistent treatment of issues should similar situations arise. Current reporting to management is limited to ad hoc reports, usually focused on interest charges as a result of late payments.
Conclusion
There is limited monitoring and ad hoc reporting of the results of account verification, and a risk-based sampling approach to verification is not yet in place. As a result, there are opportunities to enhance management decision making, efficiency, and compliance with the Directive on Account Verification as it pertains to using a risk-informed approach.
Recommendation 2
It is recommended that the Assistant Secretary, CSS, implement, as practicable:
We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. Specifically:
Line of Enquiry |
Audit Criteria* |
---|---|
*Source: The Office of the Comptroller General's Core ManagementControls, which are organized around the federal government's MAF. | |
Management of Human Resources—Management Accountability Framework (MAF): Accountability |
Employees receive sufficient training on current account verification requirements. |
Current and formal instruction materials, guidelines and/or checklists are available and used by employees to support account verification activity. |
|
Verification of FAA-Certified Payment Requests—MAF: Stewardship |
Business processes and controls to validate key aspects of account verification for goods and services payment requests operate in accordance with authorities. |
Business processes and controls to validate key aspects of account verification for acquisition card post-payment requests operate in accordance with authorities. |
|
Business processes and controls to validate key aspects of account verification for employee payable requests (awards, conferences, hospitality, memberships, training and travel) operate in accordance with authorities. |
|
Monitoring and Reporting of Results—MAF: Results and Performance |
Compliance monitoring is performed effectively and on a periodic basis. |
The results of monitoring, including the causes of errors and remedial action, are reported to various levels of management on a periodic basis. |
Recommendation 1:
It is recommended that the Assistant Secretary, CSS, implement account verification business process improvements, including:
Priority Ranking |
Management Accountability Framework/ Core Management Control |
Management Action |
Completion Date |
Office of the Primary Interest |
---|---|---|---|---|
Medium |
Stewardship/ (AC-1, RM-3 ST-5, ST-7, ST-10) |
Management agrees with the recommendation |
Accounting Services and Management Practices for all |
|
A checklist for account verification of acquisition card payments will be prepared and disseminated to clients |
June 2010 |
|||
Checklists will be amended to include a requirement for evidence of goods receipt/services rendered in cases where this is practical, material and cost effective |
August 2010 |
|||
Checklists will be modified as recommended. |
May 2010 |
Recommendation 2:
It is recommended that the Assistant Secretary, CSS, implement, as practicable:
Priority Ranking |
Management Accountability Framework/ Core Management Control |
Management Action |
Completion Date |
Office of the Primary Interest |
---|---|---|---|---|
Medium |
Results and Performance (RP-3) |
Management agrees with the recommendation |
Accounting Services and Management Practices for all |
|
Risk Criteria will be developed and applied to key transaction types. An Account Verification Sampling Plan will be prepared. |
Completed |
|||
Risk based post audit of domestic travel expenditures will be implemented |
Completed |
|||
Error rates for other payment types (Goods and Services – External Vendors) will be analyzed to determine eligibility for risk based approach to account verification. |
November 2010 |
|||
Development of long term plan for monitoring account verification error rates including determination of frequency of monitoring and reporting. |
December 2010 |
|||
Implementation of Monitoring and Reporting Plan. |
February 2011 |