Audit Report
FOLLOW-UP TO MANAGEMENT ACTION PLANS
Annual Report
March 31, 2004
Prepared by
Audit, Evaluation and Review Directorate
Implementation Summary
This follow-up report on the implementing of management action plans concludes the internal audit process,
outlining the measures taken by those responsible in answer
to our findings and recommendations. The follow-up process in
effect specifies that management action plans are to be reviewed annually until they are fully implemented;
the extent of implementation is to be assessed and reported to the Audit Committee.
This first annual report contains the follow-up findings as at March 31, 2004 for nine audit projects, for which reports and management action plans were submitted to, and approved by, the Audit Committee.
We believe this report clearly shows that management is diligently implementing the recommendations that were drawn up. Overall, we are satisfied that
those responsible are implementing the components of their action plans.
The following are additional details of the progress achieved with the action plan for each audit project.
Audit Project: 00/01 01-03
Information Technology
Audit Project objective
The Audit Project sought to provide management with assurances that the Information Technology (IT) Division had an appropriate management framework to meet the requirements of the central agencies, and that financial and operational management controls had been applied with sufficient rigour.
Recommendations
In September 2001, we reported that the IT Division had competent, professional managers who could tackle the many challenges in the constantly changing IT field. We also said we believed the IT management framework fulfilled expectations very well, but nonetheless required some improvements. During our review, we found that management was already taking action to solve some of the problems raised in the Audit Report.
Implementation status
To date, all of the recommendations have been fully or partially implemented.
Measures set out in the action plan with respect to the management framework have virtually all been implemented. Once a project management system scheduled for June 2004 is set up, this part of the
action plan will have been completely implemented. In terms of inventory management, management of the computer population and software has greatly improved because of new software used for that purpose.
Two action plan components currently under way will soon be completed,
i.e., drafting of a systems development policy and updating of backup procedures following the submission of a threat and risk study in April 2004 and recommended business resumption measures. Once a new, recently approved organizational model is gradually deployed by April 2005, all of the
action plan components will be implemented.
Audit Project: 00/01 01-04
Information Management
Audit Project objective
The Audit Project sought to provide management with assurances that the Information Management (IM) Division had an appropriate management framework to meet the requirements of the central agencies and that financial and operational management controls had been applied with sufficient rigour.
Sound document management is essential for ensuring that the information in documents can be accessed and that documents, including documents with archival or historical value, can be protected.
Recommendations
In November 2001, we reported that the IM Division had a manager and employees who were competent and professional and had the necessary expertise to tackle numerous challenges in the IM field. We believe that the IM management framework fulfilled expectations very well, but nonetheless required some improvements. During our review, we found that management was already taking action to solve some of the problems raised in the Audit Report.
Implementation status
Several action plan measures result from the decision to set up an Electronic Document Management System (EDMS) at the Agency (called the Virtual Collaboration Tool and Information Retrieval Engine
-
VICTOIRE
project). Two measures, for which the implementation to date is less than 50%, are directly related to completely setting up the EDMS, scheduled for March 2006. The Executive Committee's approval of the VICTOIRE
project in July 2003 will also make it easier to draft the management framework, slated for completion in June 2004. Several Treasury Board initiatives and projects and the Agency's VICTOIRE
project slightly delayed the drafting of this document.
The IM Division has also set up a task force to study the mandates, roles and responsibilities of configuration libraries and the IM Division's involvement in managing these libraries. Existing grey areas have been clarified and the task force's recommendations will be implemented by March 2004.
In addition, a key component of the action plan still to be implemented is the development of a directory of key documents, scheduled for completion in December 2004.
Audit Project: 00/01 01-05
Security and Facilities
Audit Project objective
The Audit Project sought to assess the degree to which the Security and Facilities Division, which was assigned the responsibilities of managing the operation and maintenance of John H. Chapman Space Centre facilities and providing its physical security, had an appropriate management framework and complied with the policies, directives and instructions of the central agencies and the Space Agency.
Recommendations
In December 2001, we reported that the Security and Facilities Division was generally carrying out its responsibilities well and going ahead with effective and economical management controls. Nonetheless, we gave management our comments, findings and recommendations on how it could carry out its new responsibilities with optimum effectiveness.
Implementation status
Most of the action plan focuses on improving the Agency's
departmental security plan. We found that management was fully committed to developing an effective, efficient program in accordance with the
Government Security Policy. Several activities, such as the following, have been carried out or are under way using a methodical approach: setting up of working committees, a threat and risk assessment, consultations with other departments, review of systems and practices, and physical restructuring.
Several action plan components in progress involve the drafting of policies and procedures, which should be completed by the end of the 2004-2005 fiscal year. When completed, they will make it easier to implement other
action plan components, such as the development of an awareness program, a review of the
business resumption plan, and a review of security clearances for positions. This methodical approach and the scope of the work to be done are the main reasons why some
action plan components have not yet received management attention or have barely gotten off the ground.
We are also satisfied with the implementation of action
plan components related to facilities management (management of leases, office space and property). Management is in the process of completing lease renewals and setting up the main components (maintenance procedures and service contracts) of the new delivery method for real property services.
Audit Project: 01/02 01-01
Audit of the Exercise of
Financial Authority
Audit Project objective
This Audit Project sought to determine the extent to which the CSA is meeting its financial management responsibilities, notably with respect to the control requirements prescribed by sections 32, 33 and 34 of the
Financial Administration Act (FAA) and other Treasury Board requirements for delegating financial authority, committing expenditures, certifying contract performance and verifying accounts for payment purposes.
Recommendations
In November 2002, we reported that financial authority was properly exercised overall. Expenditures were committed and certified in compliance with sections 32 and 34 of the
FAA and independent financial officers verified accounts for payment purposes in accordance with section 33.
However, several recommendations were made to consolidate the control framework and improve the effectiveness and efficiency of operations.
Implementation status
We are generally satisfied with the implementation of the management's
action plan. Most of the components for improving the effectiveness and efficiency of operations and stepping up internal controls have been speedily implemented. The delegation of financial authority and delegation instruments have been reviewed and corrected. New, more effective operating procedures have been developed, particularly for certifying and verifying accounts. Other lower-priority components are being completed to varying degrees. The policy and procedures review and the computerization of some practices are slated for completion in 2004-2005.
Moreover, the Delegation of Financial Signing Authorities Chart can only be effective when it will be submitted to the new Minister at the appropriate time, whereas the development and use of a new purchase order depends on the work involved in migrating to Version 4.7 of SAP.
Audit Project: 01/02 01-02
Grants and Contributions
Audit Project objective
The Audit Project objective was to look into the action plan drawn up by various directorates in response to recommendations in the audit reports for grants and contributions programs dated November 1998 and April 2000 and to confirm the scope and effective implementation of the corrective measures.
Recommendations
In March 2002, we reported that the directorates managing the Agency's grants and contributions programs generally carried out their responsibilities properly. However, we drew management's attention to comments, observations and recommendations for optimizing existing management controls to comply with Treasury Board (TB) requirements for transfer payments.
The follow-up audit carried out in 2001-2002 revealed that, despite the actions taken and corrective measures implemented, management should consider making some improvements to the management framework.
Implementation status
Implementation of the action plan is well advanced. The measures taken have helped significantly to improve the administrative and financial management of various grants and contributions programs. Administrative files now contain more information and provide an adequate audit trail. Project assessment documents and application files are systematically kept in administrative files set up for that purpose. In addition, before any agreements are signed, the availability of funds is checked and the funds are committed in accordance with the
FAA.
The format of several grants and contributions agreements has been reviewed in order to include all relevant clauses required under the Treasury Board Secretariat's (TBS) Policy on Transfer Payments. Two agreements have also been signed as part of the Payload Flight Demonstration Program for Multimedia Payloads in order to correct shortcomings that were found.
We are also dissatisfied with measures taken to date in response to our recommendations for managing the contribution given to Geomatics for Informed Decisions (GEOIDE) under the CSA's Joint Research Program with the Networks of Centres of Excellence. In fact, aside from a new agreement complying with our recommendations, management of the Program has not changed and therefore still does not meet Program terms and conditions.
Audit Project: 01/02 01-03
Access to Information
Audit Project objective
The Audit Project sought to provide management with assurances that the Coordination Office
of the Access to Information and Privacy (ATIP) had a proper management framework that met the requirements of the central agencies and that operational controls were implemented with sufficient rigour. This Audit also determined the volume and types of requests for access to information that were processed during the year and studied the critical path of a request, including approval levels and the number of days required to process requests.
Recommendations
In November 2001, we reported that the Access to Information Act
and the Privacy Act were passed in 1983 and despite the Agency's short period of existence, the Agency should nonetheless process access to information requests with the same expertise as other more long-standing federal institutions. We also mentioned that the Agency should consider reviewing its business model and the duties involved in coordinating ATIP so that adjustments could be made to the roles and responsibilities of various players.
Implementation status
The ATIP Policy, which was completed, approved and implemented in February 2003, has opened the way to implementing several recommendations, including the need for a quality review and the need to explain the role of programs involved in the processing of information access requests. The revised policy is posted on the intranet and, when requested by the sectors, the ATIP Coordinator provides training sessions to explain the enforcement of the
Access to Information Act and the Privacy Act and employees' obligations with respect to these Acts.
It should be noted that delegated powers, duties and functions under the
Access to Information Act and the Privacy Act were reviewed and signed by the Minister in March 2002.
The only recommendation not fully implemented is the need for more in-depth training for the person replacing the ATIP
Coordinator during extended absences. However, a person has been trained and is available to replace the ATIP
Coordinator during short-term absences.
Audit Project: 01/02 01-04
Opening Balances
Audit Project objective
As part of implementing the Financial Information System (FIS), the establishment of opening balances on April 1, 2001 was the starting point for recording and reporting accounts in accordance with the new accounting standards. The objective of this Audit Project was to ensure that opening balances had been correctly established and recorded in compliance with the new accounting standards.
Recommendations
It was pointed out in the audit report submitted in November 2002 that the opening balances as at April 1, 2001, as reviewed and corrected with the participation of the Receiver General and the Treasury Board Secretariat, complied with requirements. However, we submitted recommendations to Corporate Management to the effect that the accuracy of audit balances could be guaranteed throughout the year by validating the balances of certain accounts, setting up periodic account analysis procedures and making effective policies available to staff.
Implementation status
Corporate Management has implemented all of the recommendations. However, most of the
action plan components have not been completed. The policy review is subject to work carried out by the Coding Committee and work involved in migrating to Version 4.7 of SAP, which should be completed by April 2005. Validating the balance of the Contractors' Holdbacks account seems more complex than anticipated, while work carried out to determine the relevance of recording inventory in financial statements has not reached a satisfactory conclusion and must therefore continue.
We also believe that management practices for corroborating the accuracy of the balances of some accounts at any time do not fully comply with the recommendations. The new practices are based on procedures for obtaining confirmation from sector finance officers, but do not provide for systematic account analyses. We believe the new practices should be reviewed to ensure that account balances are properly documented.
Audit Project: 01/02 01-05
Management of Travel Expenses
Audit Project objective
This Audit Project sought to assess the extent to which the management framework for travel expenses helped to carry out the CSA's program and objectives effectively, efficiently and economically while complying with Treasury Board policies and guidelines.
Recommendations
Travel is generally carried out economically and reasonably to reduce the financial impact on the Agency. We also reported that there were enough breaches of the rules to conclude that the travel directives were misunderstood by both employees travelling on official business and managers approving travel and authorizing requests for travel allowances. Several recommendations were made to raise staff awareness of the need to comply with policies and procedures and adopt effective, efficient practices.
Implementation status
Corporate Management is responsible for the action plan, although most of the recommendations were intended for all Agency's employees. Several initiatives have been carried out to inform and raise the awareness of staff, including presentations, a thorough revision of the intranet section on travel expenses, a newsletter, and a departmental
coordinator appointed to answer employee's questions. In addition to making it easier to access information, the following other measures focussing more on monitoring and control procedures are helping to improve practices: account verification procedures, non-compliance reports and a committee of finance clerks set up to standardize practices.
Among the action plan components in progress, we found significant activity involving an in-depth review of all Agency's travel-related policies and procedures. The need for such a review resulted from the new Travel Directive issued in October 2002 and the government's introduction of a new travel service.
Audit Project: 02/03 01-03
Acquisition Card Program
Audit Project objective
This Audit Project sought to ensure that the Agency carried out its acquisition card management responsibilities properly and effectively. The Audit also assessed the relevance of the management framework and compliance with related TBS requirements.
Recommendations
In January 2003, we reported that acquisition cards were an appropriate tool
suited to modern management practices and can considerably lighten the workload in the Contracts Division given the nearly 5,500 transactions by acquisition cardholders every year, worth an average of
$415 each . We also mentioned that practices had changed since acquisition cards were introduced in 1999 and that some practices should be reviewed to tighten up the management framework. We also felt that special attention should be devoted to the administrative aspect of transactions and that a reminder should be sent to key staff members (managers and cardholders) to make them aware of their responsibilities.
Implementation status
Implementation of the action plan is well advanced and slated for completion in the fall of 2004. The Acquisition Card Policy has been completely reviewed and reworded in a more user-friendly format. This recommendation will be completed upon approval of the new policy, scheduled for September 2004. After the revised policy is approved, mandatory awareness sessions will be given for cardholders and managers.
Most of the financial management measures have been completed, including funds commitment, expenditure initiation and specimen signature procedures.
Regarding administrative practices, there is still work to be done for the implementation of inventory control procedures to ensure that non-consumables over $1,000 and attractive items purchased with acquisition cards are entered in inventory. Furthermore, the feasibility study to determine the profitability of acquisition cards as a payment tool is being completed.
|