This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The objective of the audit was to assess the adequacy and effectiveness of processes in place to identify higher-risk transactions, which consequently enable more efficient account verification practices.
Objectives | Criteria |
---|---|
Risk assessment processes are designed to identify high-risk payments for focused attention and verification. |
|
Verification processes are designed to ensure that payments are verified in a cost-effective and efficient manner while maintaining the level of control required under the Account Verification policy. |
|
Monitoring processes exist to inform the organization, on an ongoing basis, of the effectiveness of the account verification processes. |
|
The following table presents the recommendations and a description of the actions being taken to address them. Each recommendation is assigned a risk ranking of high, medium or low, based on the relative priorities of the recommendations and the extent to which the recommendations indicate non-compliance with Treasury Board policies.
Recommendations | Overall Risk Ranking | Management Action Plan |
---|---|---|
1. SDAs should formalize their process for identifying high-risk transactions, which could be presented in a brief guidance document. Those responsible for the governance function over expenditure management and those with functional insight should be involved. | Medium | SDAs have agreed to formalize their risk identification and resulting account verification policies and guidance. Implementation is expected to be completed by March 31, 2010. |
2. SDAs should ensure that risks are clearly identified and documented for the account verification process. | High | SDAs will ensure that risks are clearly identified and that those responsible for account verification receive the necessary guidance or training to carry out a risk-based account verification process. Implementation is expected to be completed by April 2010. |
3. SDAs should ensure that those with delegated authority for section 34 certification receive the necessary training and pass the appropriate Government of Canada tests to prove they understand their responsibilities prior to this delegation. | High | SDAs will ensure that individuals with section 34 delegated authority receive appropriate training or have the authority removed. |
4. SDAs should formalize their identification of high-risk transactions so that control processes are commensurate with risk tolerances, thereby ensuring both the effectiveness and efficiency of the account verification process. This could be established in a succinct briefing document, once all relevant management personnel agree on the risk identification process. | High | SDAs are or will be developing guidance or checklists to ensure that account verification processes are consistent with risk. Implementation is expected to be completed by March 31, 2010. |
5. SDAs that have streamlined controls over low-risk transactions should establish a sampling plan designed to periodically provide assurance that those transactions subject to low-risk account verification continue to warrant this classification. | Low | SDAs that are implementing low-risk transaction account verification processes will develop sampling strategies. These strategies will be in place by March 31, 2010. |
6. SDAs should provide guidance, such as checklists, for quality assurance over low- versus high-risk transactions. | Medium | SDAs will develop checklists to identify the procedures required for low- and high-risk transactions. This guidance is expected to be implemented by June 2010. |
Acts, Regulations, Policies and Guidance
(Links current as of September 3, 2009)
* Since this audit report was prepared, the Treasury Board Account Verification policy and the Policy on Delegation of Authorities were rescinded effective October 1, 2009, and replaced respectively by the Directive on Account Verification and the Directive on Delegation of Financial Authorities for Disbursements. The conclusions in the report are not affected by these changes.
[1]. This audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing. However, the Office of the Comptroller General has not undergone an external assessment at least once in the past five years or been subject to ongoing monitoring or to periodic internal assessments of its horizontal internal audit activity that would confirm its compliance with the standards.
[2]. Since this audit report was prepared, the Treasury Board Account Verification policy was rescinded effective October1, 2009, and replaced by the Directive on Account Verification. The conclusions contained in the report are not affected by this change.