Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - The Financial Administration Act: Responding to Non-compliance - Meeting the Expectations of Canadians

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

7. Fostering Better Compliance with Management Rules

Why do people fail to follow rules? What makes people decide to comply with rules? In assessing the quality of current investigative tools and methods and in evaluating the appropriateness of available sanctions, it also made sense to examine how these situations arise in the first place and then adopt a strategy to prevent instances of mismanagement. People choose to obey rules for a multitude of reasons and many variables contribute to non‑compliance. No single response to possible breaches will be effective. The review assessed strategies and action plans aimed at improving adherence to the FAA, regulations, and related policies.

7.1 A compliance framework for the Government of Canada

The government has made one of its priorities the prevention of non‑compliance with management rules. In assessing a compliance framework, the review looked at causes and factors underlying non‑compliance and mechanisms that have proved effective in improving compliance. The review then examined a framework that is well adapted to the risks faced by government and studied an approach to develop strategies to address those risks. Key elements include the following:

  • First, compliance needs to be restored where it is lacking. In situations where an individual responsible for wrongdoing is identified, systems must define personal responsibilities, seek acknowledgement of responsibility, and ensure that appropriate corrective action is taken. A focus on restoration of compliance, rather than an immediate move to a purely punishment‑oriented approach, is generally more successful. The aim is to offer organizations and individuals the information and tools needed to make them able and willing to comply after problems have occurred.
  • The use of soft controls (leadership, ethics, culture, teamwork, etc.) along with hard controls (segregation of authorities, sign-offs, etc.) will enhance prevention. Graduated sanctions will be implemented where restorative approaches fail.
  • A range of strategies that would enhance compliance could be explored, including approaches such as the following:
    • process-based strategies (for example, ISO 9000);
    • performance-based strategies;
    • internal compliance plans; and
    • mandatory third-party verification.
  • Compliance could be nurtured by building up expertise, information, and technological capacity. Research has established that the most successful compliance strategies employ a range of instruments, along with a graduated response to non-compliance.

An approach based on this framework could include mechanisms to ensure compliance through learning, facilitating compliance, and responses to non-compliance by individuals, departments, and agencies.

It must be noted that many of the other management reforms being put in place by the government (e.g. internal audit, financial management, reporting) will enhance compliance with the FAA.

7.2 Why? A study of factors underlying non‑compliance

There are, of course, a multitude of factors that may result in situations of breaches of management rules. The sidebar illustrates key factors cited notably by the Auditor General of Canada as having resulted in individual non-compliance with the FAA and related policies in a number of recent cases. To be able to enhance compliance, factors that are likely to arise need to be identified, understood, and influenced.

Why do employees and institutions fail to comply?

  • lack of knowledge of the rules;
  • public service employees do not know which rules are more important;
  • ignorance of why the rules are in place;
  • knowledge of the rules but the context facilitates breaking them;
  • no sense of accountability or little concern for accountability;
  • unclear role of central agencies (the Privy Council Office / the Secretariat / the Public Service Commission of Canada)—no clarity on when they should intervene, which agency should act, and the type of intervention that is required;
  • lack of expected consequences for not complying;
  • officials show no qualms about breaking rules that apply internally to government, with many believing there is no obligation to follow a policy;
  • a sense of entitlement (officials seek benefits or restitution);
  • a belief that government rules are inherently unnecessary and stifle innovation; and
  • a sense of being (or of a situation being) above rules and their application.
  • Based on reports of the Office of the Auditor General of Canada and discussions with officers from central agencies.

 In some instances, institutional or organizational behaviour becomes one of those factors. For example, the 2000 review of Human Resources Development Canada's grants and contributions by the Auditor General of Canada found that the department did not respect its own requirements for financial and activity monitoring and did not heed the advice of its own auditors who noted, "There is no doubt that a persistent situation of weak controls will increase the probability of mismanagement resulting from negligence, abuse and even fraud." While individuals within the department were responsible for addressing some of the shortcomings, only the department as a whole could have appropriately remedied all of them, as it eventually did.

As part of their ongoing work, officials from the Secretariat have had occasion to discuss several types of weaknesses that could influence a department's or agency's ability to comply with the requirements of the FAA, regulations, and related policies. Areas where weaknesses create risks of organizational non-compliance include the following: 

  • capacity to perform project management;
  • audit and evaluation capacity;
  • succession planning;
  • capacity to undertake large-scale procurement;
  • IT/IM planning and management capacity;
  • controls to manage grants and contributions as well as transfer payment programs;
  • ability to meet performance expectations of risk management in contracts, financial management, and human resources;
  • management control frameworks;
  • sufficient attention paid to recruitment, competency building, and retention in financial management and contracting; and
  • understanding of Treasury Board contracting policies and rules.

The government has much to lose from incidents of non-compliance in the Public Service. As was also noted earlier, there is no definitive picture of the scope of non‑compliance occurring in government. The collective information from a number of different mechanisms is therefore critical—this includes dialogues between departments, agencies, and central agencies such as the Treasury Board of Canada Secretariat. Ongoing reviews, such as the important work done by the Auditor General of Canada and the results of internal audits, provide mechanisms to monitor the evolution of risky behaviour and weaknesses in the compliance regime of the FAA. These also serve to identify factors that influence compliance. Each factor on its own may not be cause for alarm, but the potential for the cumulative effects of these factors lays the groundwork for more serious situations of non-compliance and mismanagement.

Factors leading to non‑compliance normally fall under one or more of three categories. Compliance strategies could be aimed at these areas:

  • Knowing and understanding the rules: Officials need to be aware of the rules, understand them and why they are necessary—clarity and transparency are essential.
  • Willingness to comply with the rules: Officials must be willing to comply—competing interests may be at work (i.e. respecting rules may undermine timeliness and efficiency).
  • Ability to comply with the rules: Officials must be able to comply with the rules—systems should make applying the rules easy instead of the opposite.

Not understanding the rules

Requirements may simply be too complex to know and understand. There may be too many rules with varying levels of complexity for departments to administer. Our consultations revealed that officials may not understand or appreciate the reason for one or another of these rules. A lack of understanding or appreciation encourages non‑compliance. Faced with non‑compliance, the government may have had a tendency to make yet more rules or expand existing ones to close loopholes and address compliance problems. The cumulative effect of reacting this way is increased complexity, further reducing the ability to understand what compliance with the rules involves, and addition to the number of rules that must be followed.

Unwillingness to comply with the rules

Compliance may be perceived as too costly at the organizational level: Can departments always sustain appropriate levels of staff and investments in systems to comply with the requirements of the FAA and related policies? The cost of administering the sum of regulations inside the government is not known. A study of compliance costs of regulation inside the British government found that they are significant and described them as big business and a growth sector.[16] Internal audit units were heavily hit during program review downsizing, as was funding for training and many elements of corporate services. With limited resources, some departments may have been focussing on areas of program delivery and doing without appropriate levels of staffing, financial, and management processes to adequately comply with all of the requirements of the FAA and policies.

Zero tolerance: Does it work?

Research on the effectiveness of zero‑tolerance policies shows that they are a bad prescription. An overly tough enforcement regime risks producing rule-following automatons rather than officials thinking as team players about problem prevention. This appears to be particularly true in the case of a complex entity such as the Public Service. Experts have also expressed the view that a zero-tolerance policy raises the risk of scapegoats being penalized instead of actual wrongdoers.

Reacting to command and control approaches: Command and control approaches make extensive use of laws and directives and are generally described as forms of direct intervention in the affairs of entities. These approaches are often associated with a legalistic application of rules and high levels of inspection and enforcement. The negative effects of an overly legalistic application of rules on compliance rates have been well established.[17] For example, when "regulatees" feel that regulators are being overly strict, they respond by scaling down their efforts to comply with the intent of the law. A series of studies of the effects of different inspection styles used in coal mine safety and nursing home and environmental regulation have shown that reliance on strict, coercive strategies to achieve compliance often breaks down the goodwill and motivation of the regulatees who were earlier willing to be socially responsible. An organized culture of resistance can result from policies that are perceived to be unreasonable, and over‑deterrence can chill innovation that might have otherwise led to superior outcomes. When punishment rather than dialogue is in the foreground of regulatory encounters, people find this humiliating and resent and resist it in ways that include non-compliance.

Insufficient monitoring is the flip side of an overly legalistic application of rules. A rule that is on the books but not monitored is unlikely to elicit compliance. Monitoring and responding to non-compliance in a consistent manner is an effective means of ensuring compliance.

Monitoring that is not rigorous enough or not targeted at high-risk areas is also less likely to be effective. Monitoring or inspection approaches that are stigmatizing (i.e. that involve disrespect and humiliation, label persons as "bad" or "evil") cause significant reductions in compliance rates. Similarly, monitoring or inspection approaches that involve saying nice things at all times are almost equally ineffective because of the failure to express strong disapproval when standards are not met.[18]

Random inspections have the effect of making people and enterprises that are normally law‑abiding constantly aware of the existence of enforcement activities and tend to reduce the likelihood of future non-compliance.

Rules at odds with practice: As discussed above, compliance with a law or policy is not necessarily an automatic occurrence. Often, practices and rules do not match up. A sense of injustice or entitlement may also lead persons who feel they are being treated unfairly to respond by refusing to comply with rules. Research demonstrates that when authorities implement policies, conceptions of fairness (particularly of fair treatment) are especially important, as these will have a bearing on how people respond to them.

Documented evidence indicates that, in some cases, officials will take advantage of benefits when they feel they are underpaid, overworked, and underappreciated. In other cases, officials with private sector experience come to the Public Service believing they are entitled to private sector type entitlements, thus leading to a mismatch between expectations and acceptable behaviour. One expert commented that creating a moral climate of support for a law would alter compliance more effectively than changing estimates of the certainty or severity of punishment. Moral appeals are four times as effective as threats of sanction in inducing people to pay taxes.[19]

Within government, individuals who feel they are not being dealt with fairly may not be as inclined to apply or follow rules rigorously. If moral appeals are more effective than threats of sanction, strengthening a government-wide culture of values and ethics is an appropriate response.

Inability to comply with the rules

Failures of administrative capacity: Achieving compliance also calls for resources to adequately implement internal government rules. The provision of information, professional development, and other support mechanisms is required to make it feasible for public service employees to comply with the rules.


Research shows that deterrence functions only if the following conditions are satisfied:

  • target groups are fully informed and make decisions in their best interest;
  • rules unambiguously define misbehaviour;
  • the target group sees legal punishment as the primary incentive for compliance; and
  • enforcement bodies optimally detect and punish misbehaviour.

Perfect compliance?

Is 100 per cent compliance a valid objective? An effective compliance strategy for government must be reasonable and realistic. For example, achieving continuous and full compliance with all rules is not always possible, at least not at a cost that would be reasonable for the taxpayer. One need only point to the 840 pay rates and more than 70,000 rules governing pay and allowances administered by federal departments to demonstrate this. Few public service employees—even those with specific responsibilities in those areas—could hope to be fully knowledgeable about all of them at any given time. An understanding of human and organizational behaviour is required to match rules to desired behaviours.

All of these conditions are rarely satisfied. It is well established that the deterrent effect of sanctions (including criminal sanctions) will depend on their certainty, severity, speed, and uniformity. Of these factors, certainty of detection has the most deterrent effect. That is, in order for the deterrence model to be effective, people have to believe there is a strong probability of being caught. This model is based on instilling in people a fear of being caught. While deterrence remains an integral component of a compliance strategy, a government relying solely on deterrence might not be able to sustain a strong relationship with its employees based on values and ethics. In addition, experience reveals that a much more complex and dynamic reality is typically in play. Rarely will a single measure attain policy objectives and influence the entire range of behaviour exhibited by groups targeted for compliance.

Research undertaken by the Department of Justice Canada, the Conference Board of Canada, and the World Bank generally supports the view that a mix of instruments or compliance mechanisms is essential to achieve policy goals and enhance compliance. An effective compliance framework for government, therefore, must contain a mix of activities that function together.

7.3 Basing compliance strategies on risks

Compliance issues are often complex. The issues surrounding non-compliant behaviour leading to mismanagement are varied. No single action or instrument is likely to be sufficiently effective in improving compliance to any significant degree.

The adoption of a compliance framework would correspond to the vision expressed by the House of Commons Standing Committee on Public Accounts in its ninth report on the November 2003 report of the Auditor General of Canada, released in April 2005.

In establishing a framework, the government would necessarily face trade-offs because it is not feasible to eliminate all risks. In reviewing its policy suite, the government is seeking to develop an accurate risk profile related to compliance, establishing a link between the behaviour it wants to influence and the means of intervention aimed at ensuring compliance with the FAA and related policies. The strategy is illustrated in Figure 5.

Figure 5. Elements of a Dynamic Risk Analysis

Display full size graphic

Figure 5. Elements of a Dynamic Risk Analysis

Using sanctions

Graduated responses would be used in situations of non-compliance: instead of using the most drastic strategies first, attempts could be made to trade on the goodwill of the individual. These are also the principles that have presided over the development of the disciplinary regime. Institutions and employees need to know that, unless matters improve, authorities will not hesitate to escalate up the pyramid. While assuming a commitment to action, the approach leaves sufficient flexibility to take specific circumstances into account.

Sanctions must be examined at both the individual and institutional level, since institutional compliance is also an essential element of the Framework.

Because the terms of reference of the review principally targeted individual conduct, much of the focus here is on the government's response to the conduct of individuals and not to organizational failings. These form part of the government's integrated strategy for dealing with non‑compliance. The use of graduated responses to non-compliance by institutions is also a necessary element in an integrated compliance framework. Figure 6 provides a sample application of a graduated method to institutional non-compliance.

Figure 6. Graduated Method to Institutional Non‑compliance








  • Reorganize department
  • Review and recovery of performance awards
  • Termination of employees
  • Recover funds
  • Request RCMP investigation
  • Appoint an external party to exercise departmental management responsibilities ("receivership")
  • Reassign deputy minister
  • Refuse to support rescheduling Crown corporation in FAA, which yields benefits to corporation
  • Remove delegated authorities
  • Send back to Cabinet or direct department to bring a matter forward for Cabinet discussion
  • Recommendations on reappointment, compensation, suspension or termination of Governor‑in‑Council appointments
  • Force deposit by Crown corporation of surplus funds in special purpose accounts in Consolidated Revenue Fund
  • Freeze allotments
  • Impose / manage follow-up by departments
  • Create special purpose allotments
  • Direct one entity to work with another and submit a report
  • Reduce delegations
  • Tie approval of funding for subject "x" to completion of specific action "y" (or conditional approval contingent on future events)
  • Impose conditions on sub-delegations
  • Direct department to undertake a specific action by a specified date
  • Impose conditions on approved corporate plan and budgets
  • Impose Major Crown project designation
  • Increase reporting requirements / impose progress reports
  • Impose actions and redress measures
  • Require (further) internal audit
  • Require external audit or review
  • Impose deadline for transmittal to the Secretariat of final audit/evaluations reports
  • Require / recommend audit by the Public Service Commission of Canada
  • Conduct Secretariat-led forensic audit
  • Require / Recommend Access to Information and Privacy commissioner review
  • Refer to the Auditor General of Canada
  • Impose training/counselling
  • Make observations in MAF assessment and monitor through annual work plan
  • Secretariat review of hospitality expenditures
  • Letters to senior financial officers reminding of responsibilities
  • Interim financing provided
  • Ensure department has an action plan, including potentially, internal audit and referral to the Office of the Auditor General of Canada
  • Internal reorganization
  • Dispute resolution, mediation, group facilitation, workplace assessment
  • Removal / reduction of internal delegation






  • Ensure department is using its internal compliance policy
  • More formal follow-up by Secretariat senior management with counterparts (Secretary or Secretariat follow-up)
  • Report in the President's annual report to Parliament on Crown corporations
  • Revise Treasury Board policy
  • Work collaboratively with department to modify behaviour
  • More formal follow-up by President of the Treasury Board with appropriate minister
  • Guide department in understanding Treasury Board policies and subsequent strengthening of controls and oversight
  • Seek revisions / amendments to Corporate Plans
  • Secretariat aid in developing departmental/agency expertise in areas such as human resources and finance
  • Force reporting on issue in departmental performance report
  • Review departmental expenditure and management performance (vertical, horizontal and program infrastructure)
  • Informal working level follow-up by the Secretariat with department to ensure follow‑up is being undertaken

 Factors that could be considered in moving through these measures are primarily based on judgment, taking into consideration the particular situation, the degree of management risk, and the nature of the intelligence on which intervention is being considered. There are areas where responsibility and authority would lie within departments or would be shared with central agencies. Central agencies and departments themselves have used most if not all of these responses. This approach, the use of graduated responses to situations of non‑compliance, provides for a more systematic application of many existing practices.