Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Audit of Account Verification

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.





Audit of Account Verification





Table of Contents



Assurance Statement

The Internal Audit and Evaluation Bureau has completed its Audit of Account Verification of Treasury Board of Canada Secretariat (the Secretariat). This audit is also relevant to the Department of Finance (Finance Canada), given that the Secretariat has been providing account verification and payment processing services to that department since February 1, 2009.

The objective of the audit was to assess the adequacy and effectiveness of the account verification control framework. The audit approach and methodology followed the Internal Auditing Standards for the Government of Canada and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing.

The examination was conducted from November 2009 to February 2010 and covered Secretariat and Finance Canada's payments for goods and services for the fiscal year ending March 31, 2009. Consideration was also given to improvements made to account verification practices subsequent to the audit period.

The audit consisted of a review of applicable account verification authorities, process walk-throughs, interviews with management and staff, and an examination of departmental records supporting payments of goods and services, using a statistical sampling methodology.

We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. A number of opportunities to further enhance the account verification control framework have been identified and are outlined in this report.

In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence has been gathered to support the accuracy of the opinion provided in this report. The opinion is based on a comparison of the conditions, as they existed at the time of the audit, against pre-established audit criteria. The opinion is applicable only to payment categories examined and for the time period specified.

Executive Summary

Background

This audit is part of the Secretariat's 2008–11 Risk-Based Audit Plan that was approved by the Secretary at a Government of Canada Audit Committee meeting on April 14, 2008.

Account verification is the final step before funds for a payment request are released for payment. It is the process for ensuring that requests for payments and settlements are verified in a risk-informed manner that maintains an appropriate level of financial control, including compliance with applicable policies and legislation.

At the time of the audit, the Treasury Board Policy on Account Verification required that payment verification processes be designed and operated in a way that would maintain probity while taking into consideration the varying degrees of risk associated with each payment.

The Financial Administration Act (FAA) provides legislative requirements for the financial administration of the Government of Canada. Section 34 of the FAA provides the authority to certify that goods were received or services rendered as contracted. Section 33 provides the authority to release funds for payment after verifying that Section 34 has been properly exercised.

Objective and Scope

The objective of the audit was to assess the adequacy and effectiveness of internal controls regarding account verification.

The audit's scope focused on the operating framework, payment processes, and monitoring and reporting of account verification for Vote 1 Program and Operating expenditures for the Secretariat and Finance Canada. Interdepartmental settlements, grants and contributions, salary, and interest amounts were excluded from the audit's scope.

Key Findings and Conclusion

We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. Specifically:

  • No significant practice or process gaps were observed within the account verification function that would put the departments at risk.
  • Vote 1 Goods and Services payment requests were managed in accordance with applicable legislation, policy and established procedures.
  • Opportunities to enhance the function were identified and include formalizing training procedures, implementing a checklist for post-payment verification of acquisition card purchases, enhancing existing verification checklists, introducing a risk-based approach to account verification practices, and monitoring and reporting verification results.

A management action plan has been developed by the Secretariat and is presented in Appendix B.

Introduction

The Treasury Board Directive on Account Verification, formerly the Treasury Board Policy on Account Verification, requires that payment verification processes be designed and operated in a way that maintains probity while taking into consideration the varying degrees of risk associated with each payment. Further, it is government policy to pay on time—neither early nor late—amounts that represent a legitimate obligation and that are correct.

For the period under review (April 1, 2008, to March 31, 2009), the former Treasury Board Policy on Account Verification was in effect, which had the objective of ensuring that accounts for payments and settlements are verified in a cost-effective and efficient manner while maintaining the required level of control. Although a new directive has since been issued, its objectives and requirements are similar.

The FAA provides legislative requirements for the financial administration of the Government of Canada. Section 32 of the FAA provides the authority to commit funds against an appropriation before the expense is incurred. Section 34 provides the authority to certify that goods were received or services rendered as contracted. Section 33 provides the authority to release funds for payment after ensuring that the payment is a lawful and correct charge against an appropriation and that Section 34 authority has been properly exercised.

Corporate Services Sector (CSS) is ultimately responsible for ensuring compliance with authorities for account verification. This sector is responsible for policies, procedures and controls related to the account verification of payments. CSS also develops and maintains financial delegation instruments.

Finance Canada had traditionally provided shared corporate services (i.e., financial and human resources) to the Secretariat. Effective February 1, 2009, shared services for the Secretariat and Finance Canada, including the control and supervision of account verification and payment processing, were transferred to the Secretariat's CSS. In this context, CSS exercises its responsibilities in processing expenditures for both departments.

Vote 1 Program and Operating expenditures for the Secretariat and Finance Canada for the fiscal year ending March 2009 are provided in Table 1.

Table 1. Vote 1 Program and Operating Expenditures (2008–09) for Treasury Board Secretariat and Finance Canada

Measure

Secretariat

Finance Canada

Salary

$134,672,104

$75,188,485

Goods and Services

$52,489,655

$35,948,400

Grants and Contributions

 $228,366

 nil

Total

$187,390,125

$111,136,885

Source: Departmental Trial Balance (P12-2), Treasury Board Secretariat and Finance Canada

Audit Objective

The audit's objective was to assess the adequacy and effectiveness of internal controls regarding account verification.

The Audit of Account Verification was included in the Risk-Based Audit Plan as a result of a preliminary survey conducted in 2007 in the area of accounts payable and control weaknesses identified as part of the financial statement readiness project led by CSS.

Audit Focus and Scope

The audit focused on the operating framework, payment processes, and monitoring and reporting of account verification for Vote 1 Program and Operating expenditures, more specifically, the goods and services portion for the Secretariat and Finance Canada. It assessed compliance with financial management authorities (e.g., Treasury Board Directive on Account Verification / Treasury Board Policy on Account Verification), with a focus on areas that presented a higher residual risk. The scope included a detailed review for the following:

  • Management and staff responsibilities are clearly established, communicated and understood by personnel;
  • Financial management policies and directives are respected and enforced;
  • Compliance with financial management policies and directives is monitored and reported; and
  • Departmental procedures are followed.

Given that the Secretariat is responsible for the account verification control framework and provides shared services to Finance Canada, the audit focused on Vote 1 Goods and Services expenditures, which amounted to $52.5 million and $35.9 million in 2008–09 for the Secretariat and Finance Canada, respectively.

Table 2 provides a summary of payment amounts addressed by the audit.

Table 2. Goods and Services Expenditures for 2008-09 Subject to Audit

Type of Payments

Secretariat

Finance

Acquisition card (MasterCard)

 $1,886,094

$1,781,494

Awards, conferences, hospitality, memberships, training and travel (employee payables)

 $ 4,332,624

 $5,712,476

Other invoices and claims (goods and services)

 $33,222,807

 $40,562,839

Excluded from scope

 $13,048,130

($12,108,409)

Total goods and services

$52,489,655

$35,948,400

Interdepartmental settlements (receivables and payables), deposits, reversals, and interest amounts were excluded from the scope. A major component of excluded transactions was the allocation of shared services costs from Finance Canada to the Secretariat and from other government departments.

The audit scope did not include:

  • Business-related internal controls within systems applications—e.g., IFMS-SAP, Standard Payment System and Specimen Signature Record;
  • Full compliance with policies, directives, regulations and guidelines related to FAA Section 34 certification for each category of payments—certain types of payments such as travel and hospitality are governed by distinct and complex policies and rules, and detailed examination of travel and hospitality expenses could be the subject of separate audits;
  • Pay and related benefit payments—these were subject to two internal audits completed in 2008 and 2009;
  • Grants and contributions—these payments for the Secretariat are less material ($228,366) and do not form part of Vote 1 Operating Expenditures for Finance Canada; and
  • Interdepartmental settlements—these were excluded because a new internal control process was launched in October 2009 to expand verification coverage to all interdepartmental settlement transactions.

Audit Criteria

Audit criteria and audit tests were developed based on the results of consultations held with CSS's Financial Management Directorate, audit research and analysis, a review of applicable authorities, the audit risk assessment exercise, and the Core Management Controls document issued by the Office of the Comptroller General that focuses on the federal government's Management Accountability Framework (MAF). This audit focuses on the elements of people, stewardship, results and performance, and accountability. As a result, the following lines of enquiry were selected for this audit:

  • Management of human resources;
  • Verification of certified payment requests; and
  • Monitoring and reporting of results.

Detailed criteria used to assess the adequacy and effectiveness of internal controls are presented in Appendix A.

Approach and Methodology

The audit approach and methodology is risk-based and followed the Internal Auditing Standards for the Government of Canada and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that audit objectives are achieved. The audit included various tests as considered necessary to provide such assurance. The approach used in carrying out the audit included the following:

  • Review of applicable legislation, policies, procedures and other information related to account verification processes;
  • Interviews with management and staff of Financial Management Directorate, CSS;
  • Walk-throughs to observe the process and controls for verifying transactions prior to and after payments;
  • Determination and selection of the processes and practices of highest residual risk for audit examination;
  • Selection of three types of goods and services payments (Vote 1 expenditures) for detailed examination; and
  • A statistical random sample of 67 transactions drawn for each type of goods and services payment using 90-per-cent confidence level.

Finance Canada's internal audit function was kept informed of the audit's progress. Final versions of key documents were also provided to Finance Canada as they became available.



Audit Results

Each area of focus was assessed against audit objectives and related audit criteria. The audit results are presented below by area of focus.

Human Resources Management

Employee training and related guidance support the account verification practice.

We expected to find that employees received sufficient training from their supervisors on account verification requirements and that instruction material and/or guidelines were available and used by employees to support account verification activity.

The audit found that new employees receive informal but structured one-on-one training on the requirements of fulfilling the job of an account verifier. An informal assessment of their performance is also provided by their supervisors. Training consists of walk-throughs of account verification processes and practices under supervisor guidance and review of the account verification procedures manual. On-the-job learning is also a key aspect, including support from a financial officer, for high-priority or more complex verifications.

Policies, procedures, processes, directives and instructions related to account verification practices are accessible to employees through the Secretariat's document management system (RDIMS). When there are changes to authorities, the account verification procedures manual is updated, employees are notified in writing (by email), and meetings with staff are held if warranted.

Conclusion

Employee training supports the account verification practice. While the training process for new employees to acquire account verification competencies is thorough, it could be strengthened by documenting current training and evaluation techniques. Documenting what is currently done will maintain training consistency, especially when turnover rates are high.

Recommendation: None.

Verification of Financial Administration Act–certified payment requests

Departmental payments were verified in an accurate and timely manner. A number of business process improvements would enhance the effectiveness of the account verification practice.

We expected to find that business processes and internal controls validate key aspects of account verification for goods and services and for acquisition card and employee-related payment requests.

The audit categorized goods and services payments into three types based on the distinct account verification procedures applied for each. A statistical sample of 67 payments for goods and services, acquisition card purchases and employee payables amounting to $174,974, $23,581 and $69,856, respectively, totalling 201 payments and $268,411, was selected for detailed examination.

Based on our detailed examination, payments for goods and services were verified in compliance with the Treasury Board Directive on Account Verification, the FAA and good management practices. We found that FAA Section 34 certification signatures were:

  • Clearly recorded;
  • Matched to the Specimen Signature Record of the department;
  • Valid in the period applied; and,
  • Valid for the Fund Centre indicated.

Further, payment amounts were accurately entered into the financial system, financial coding was appropriate, processing was prompt, and corrections were made as warranted. Also, the audit did not find duplicate payments.

The following provides specific observations for each type of payment or payment request subject to our detailed examination.

Payment Requests for Goods and Services

The audit found that an adequate document trail of account verification activity was maintained on file, such as invoices—traced to purchase orders in the financial system, where applicable—and receipts for services rendered. Requests for payment that required further verification by a subject matter expert were forwarded and verified as required. A record of account verification activity was recorded on the account verification checklist for payment of goods and services.

The audit found that of the 67 payment files examined, 10 were missing evidence of goods receipt (e.g., a packing slip, bill of lading, a stamp and signature certifying goods receipt, or a note to file verifying goods receipt). While the audit examination was limited to a file review, the Directive on Account Verification requires supporting documentation be complete, allowing maintenance of an audit trail for each payment amount claimed such as receipt of goods or services and authorization according to the delegation of financial signing authorities. Without complete documentation that supports payment requests, the account verification process is incomplete.

Payment Requests for Acquisition Cards

Regarding the examination of payments made using acquisition cards, we found that, overall, sufficient information and appropriate documents were included in the file to support the purchases. However, in 10 cases, the audit found minor errors or document deficiencies affecting full compliance with established procedures. For example, in 2 cases, conference registration was incorrectly coded as miscellaneous products, and in 4 other cases, photocopies of invoices/receipts were provided instead of the originals. The audit did not identify any evidence in the payment files sampled that Financial Management Directorate followed-up with Funds Centre managers to obtain the missing information or documents.

The account verification process requires that each payment undergo a thorough verification. The audit noted, however, that 14 of 67 (21 per cent) of acquisition card statements had one or more payments with incorrectly applied taxes (i.e., GST and/or PST). Of note were instances where the error was generated on the monthly bank statement. The errors from the audit sample resulted in a total overstatement and understatement of approximately $95 and $150, respectively, with a net understatement of approximately $55. If extrapolated to acquisition card payments for the Secretariat and Finance Canada for the audit period, the resulting error rate would remain at less than 1 per cent, with a net understatement of approximately $13,000.

The audit observed that formalized desk procedures or verification checklists were not applied for acquisition card payments. Consequently, an audit trail of verification activity was not available on the file. The absence of an audit trail made it difficult for the audit team to assess the extent and consistency of post-payment verification for goods and services purchases (e.g., issues followed up with Fund Centres, rationale for accepting incomplete documentation, etc.).

Payment Requests for Employee-Related Expenses

Employee-related payments include payment requests such as awards, conferences, hospitality, memberships, training and travel.

The audit found that the account validation process for employee payable payments generally complied with established procedures and Treasury Board policy. A formal account verification checklist was introduced in the latter part of the 2008–09 fiscal year. It was found that the checklist was consistently used for payments dated January to March 2009.

It was found that 40 of 55 (73 per cent) of employee-payable files examined included evidence that payment requests were properly pre-authorized prior to the event occurring and were properly certified for payment authorization. In 5 cases, travel pre-authorizations were not completed in advance of travel; in 6 cases, travel pre-authorizations were not dated by the signee, which is required to validate the pre-approval, and in 4 cases, there was neither a travel authorization signee nor a date.  It should be noted that audit examination was limited to a file review.  If further information was obtained by an account verifier over the phone or via email and this information was not placed on the payment file, then this evidence was not available for the audit.  Such omissions put the validity of the authorization or certification into question and decrease process efficiency, as account verifiers must then use additional time and effort to determine whether the signatures were valid in the possible range of time that they could have been recorded.

Conclusion

Departmental payments were found to be made in an accurate and timely manner; however, a number of business process improvements would enhance the effectiveness of the account verification practice. Specifically:

  • Use of checklists in support of verification for all payment types would provide an audit trail of account verification activity and facilitate a consistent approach.
  • Enhancements to checklists would also be beneficial. These include:
    • Incorporating a comments box, which would provide a brief audit trail of Financial Management Directorate contact with, and direction to, Fund Centres;  and
    • Clearly indicating on the checklist for goods and services evidence of receipt of goods and/or services rendered;
  • Ensure that the date of each signature be provided for all instances of pre-authorization and FAA certification; and
  • The proper application of taxes should be identified and addressed at the account verification practice level, as should the need to include the date of signature for all pre‑authorizations and FAA certifications.

Recommendation 1

It is recommended that the Assistant Secretary, CSS, implement account verification business process improvements, including:

  • An account verification checklist for processing acquisition card payment requests;
  • Modification to the existing checklist for goods and services to indicate that supporting documentation is required for receipt of goods and/or services rendered; and
  • Modification of existing account verification checklists to specify the requirements for the date of pre‑authorization, FAA Section 34 certification, and a record of account verification follow-up.

Monitoring and Reporting of Results

Monitoring compliance with financial management legislation, policies and authorities is done through 100-per-cent verification of payment requests. This approach does not take advantage of risk-based sampling techniques, and the results of monitoring are not shared with senior management.

Because monitoring is a core fundamental control, we expected to find that compliance monitoring was performed effectively and on a periodic basis and that the results of monitoring were reported to the appropriate level of management.

The Directive on Account Verification requires that departments apply a risk-based approach to account verification, conducting a full review of high-risk payment requests and sampling low- to moderate-risk payment requests based on a sampling plan. Accounting Services and Management Practices, Financial Management Directorate has developed a sound Account Verification of Sampling Plan for the Secretariat and Finance Canada; however, the plan has not yet been implemented.

For the audit period under review, every request for payment sent to Financial Management Directorate for processing was subject to verification based on established internal guidelines. Subsequent to the audit period, the departments have assessed travel reimbursement requests on a risk basis and are planning to apply a sampling approach to the verification of low-risk payment requests.

With respect to the results of verification, Internal Audit and Evaluation Bureau was informed that significant errors detected as part of account verification were taken up with responsible parties and corrected. These errors, however, were not tabulated or reported. Such an exercise would provide a record of the type of errors arising from Fund Centres and assist in identifying appropriate corrective measures. Furthermore, senior management could use these results to support decision making with respect to financial management, such as determining how to change existing controls and ensure that risks are managed appropriately.

The results of follow-up activity should also be monitored to ensure that identified controls are operating as intended.

While monitoring of error rates in payment requests was not undertaken, Accounting Services and Management Practices does maintain a monitoring log of payment requests involving significant policy or practice interpretation issues and matters of management concern. The log serves as a control document and a reference source for consistent treatment of issues should similar situations arise. Current reporting to management is limited to ad hoc reports, usually focused on interest charges as a result of late payments.

Conclusion

There is limited monitoring and ad hoc reporting of the results of account verification, and a risk-based sampling approach to verification is not yet in place. As a result, there are opportunities to enhance management decision making, efficiency, and compliance with the Directive on Account Verification as it pertains to using a risk-informed approach.

Recommendation 2

It is recommended that the Assistant Secretary, CSS, implement, as practicable:

  • A risk-based approach to payment verification; and
  • Periodic monitoring and reporting of results to support management of account verification.

Overall Conclusion

We conclude with a reasonable level of assurance that, overall, internal controls regarding account verification are adequately designed and functioning effectively to meet operational requirements. Specifically:

  • No significant practice or process gaps were observed within the account verification function that would put the departments at risk.
  • Vote 1 Goods and Services payment requests were managed in accordance with applicable legislation, policy and established procedures.
  • Opportunities to enhance the function were identified. These include formalizing training procedures, implementing a checklist for post-payment verification of acquisition card purchases, enhancing existing verification checklists, introducing a risk-based approach to account verification practices, and monitoring and reporting verification results.


Appendix A—Audit Criteria

Line of Enquiry

Audit Criteria*

*Source: The Office of the Comptroller General's Core ManagementControls, which are organized around the federal government's MAF.

Management of Human Resources—Management Accountability Framework (MAF): Accountability

Employees receive sufficient training on current account verification requirements.

Current and formal instruction materials, guidelines and/or checklists are available and used by employees to support account verification activity.

Verification of FAA-Certified Payment Requests—MAF: Stewardship

Business processes and controls to validate key aspects of account verification for goods and services payment requests operate in accordance with authorities.

Business processes and controls to validate key aspects of account verification for acquisition card post-payment requests operate in accordance with authorities.

Business processes and controls to validate key aspects of account verification for employee payable requests (awards, conferences, hospitality, memberships, training and travel) operate in accordance with authorities.

Monitoring and Reporting of Results—MAF: Results and Performance

Compliance monitoring is performed effectively and on a periodic basis.

The results of monitoring, including the causes of errors and remedial action, are reported to various levels of management on a periodic basis.

Appendix B—Management Action Plan

Recommendation 1: 

It is recommended that the Assistant Secretary, CSS, implement account verification business process improvements, including:

  • An account verification checklist for processing acquisition card payment requests;
  • Modification to the existing checklist for goods and services to indicate that supporting documentation is required for receipt of goods and/or services rendered; and
  • Modification of existing account verification checklists to specify requirements for the date of pre-authorization, FAA Section 34 certification, and a record of account verification follow-up.

Priority Ranking

Management Accountability Framework/ Core Management Control

Management Action

Completion Date

Office of the Primary Interest

Medium

Stewardship/ (AC-1, RM-3 ST-5, ST-7, ST-10)

Management agrees with the  recommendation

 

Accounting Services and Management Practices for all

A checklist for account verification of acquisition card payments will be prepared and disseminated to clients

June 2010

Checklists will be amended to include a requirement for evidence of goods receipt/services rendered in cases where this is practical, material and cost effective

August 2010

Checklists will be modified as recommended.

May 2010

Recommendation 2:

It is recommended that the Assistant Secretary, CSS, implement, as practicable:

  • A risk-based approach to payment verification; and
  • Periodic monitoring and reporting of results to support management of account verification.

Priority Ranking

Management Accountability Framework/ Core Management Control

Management Action

Completion Date

Office of the Primary Interest

Medium

Results and Performance

(RP-3)

Management agrees with the recommendation

 

Accounting Services and Management Practices for all

Risk Criteria will be developed and applied to key transaction types. An Account Verification Sampling Plan will be prepared.

Completed

Risk based post audit of domestic travel expenditures will be implemented

Completed

Error rates for other payment types (Goods and Services – External Vendors) will be analyzed to determine eligibility for risk based approach to account verification.

November 2010

Development of long term plan for monitoring account verification error rates including determination of frequency of monitoring and reporting.

December 2010

Implementation of Monitoring and Reporting Plan.

February 2011