Reports

FINANCIAL AUDIT
FINAL REPORT

The report was approved by the Commission's Internal Audit and Evaluation Committee. The audit covered the period January 2002 - January 2003.

Table of Content

EXECUTIVE SUMMARY
INTRODUCTION
FOCUS OF THE AUDIT
OBSERVATIONS AND RECOMMENDATIONS

1.0 Organization and Processes
1.1 Financial management system, policies and procedures
1.2 Security of the financial system
2.0 Controls
3.0 Information and Advice
3.1 Financial management advice and reporting
4.0 Accountability
4.1 Program Manager’s Accountability
4.2 Large volume of expenditures paid in the last month of the year
4.3 Confirming Orders
4.4 Planning Session Related Expenses
5.0 Management

CONCLUSION
ABOUT THE AUDIT

Executive Summary

While financial management is a shared responsibility among the Commission staff, the Financial Services Division (FSD) has the overall responsibility for setting up financial policies, procedures and guidelines and providing guidance and advice on financial matters. This includes the budgetary process, recording financial transactions on a timely basis and reporting financial information that will assist managers of the Commission in the discharge of their responsibilities. FSD is supported by the GX financial system to carry out its financial management responsibilities. FSD participates in the GX cluster group in order to maintain the most up-to-date functionality of the GX system.

At the time of the audit, the FSD’s team consisted of one (1) manager, three (3) analysts, three (3) financial assistants and one (1) student. The Manager has the overall responsibility for the management of the division. The Manager of FSD, reports directly to the Director, Corporate Services Branch (CSB).

The FSD had a budget of $ 431,600 for the fiscal year of 2003-2004 plus an additional $50,000 in cost recovery from the Law Commission of Canada.

The field work of the audit was conducted between December 2003 and March 2004. The audit covered the period January 2002 until December 2003, and therefore all comments and findings in this report relate to this period.

Focus of the Audit

The Planning, Internal Audit and Evaluation Division, Corporate Services Branch, undertook this audit in order to independently assess the accuracy, completeness, timeliness and reliability of financial information used for decision making and to identify opportunities for improvement. In order to assess financial information the audit team examined how financial management is exercised within CHRC.

The scope of the audit was to work in partnership with the Director of CSB and the Manager and staff of FSD to examine the financial related information and documentation for the period examined. The audit was conducted primarily within FSD. It also involved other Commission’s branches as they play a key role in the quality of financial information by inputting raw data in the form of forecast, the management of commitments and the use of the financial information for decision making purposes. The audit excluded the provision of financial services provided by the FSD to the Law Commission of Canada.

Observations and Recommendations

1.0 Organization and Processes

1.1 Financial mangement system, policies and procedures

The audit team found that an adequate, effective and dependable financial management system is in place. It is adequate for the Commission’s needs, effective and dependable. That system is user friendly, with training offered to users and technical support available at all time.

The Commission’s financial policies are those of Treasury Board Secretariat (TBS) with a few exception such as the acquisition card and contracting policies. Interviews with selected Program Managers and Administrative Assistants revealed that while for the most part, financial management responsibilities are understood, these responsibilities and duties need to be better documented and disseminated to all staff through formal procedures or guidelines. One example of lack of clarity with respect to financial management responsibilities concerns the review of travel claims before their submissions to FSD. While some Administrative Assistants review, in detail, each travel claim before its submission to FSD, others collect them from the travellers and transfer them to Finance without conducting a cursory review. The latter believe that acting otherwise would be a duplication of the responsibilities of FSD. As a result of lack of procedures and guidelines, Administrative Assistants have expressed frustrations. They claim that the lack of procedures leads to different interpretations by different employees on how the task is to be completed.

Interviews revealed that managers and staff are relying on FSD for questions and queries on specific financial matters or for interpretations on TBS policies. FSD has over time organized training sessions for Program Managers and Administrative Assistants. These sessions have helped the Commission’s staff understand the financial matters. However, the Commission would benefit from having its key financial responsibilities and tasks documented through the form of procedures or guidelines. The observations raised through this audit report identifies other examples of financial responsibilities that should be better documented.

It is recommended that key financial management responsibilities and tasks be better documented through formal procedures and guidelines and disseminated to all staff (i.e., post on the Commission’s Intranet).

Agree.
Financial management responsibilities are described in either: a) CHRC financial policies (i.e. Acquisition Card Policy and Procurement and Contracting Policy) or b) TBS financial policies, that are adopted by the Commission. CHRC developed procedures relating to the policies and these procedures were introduced to the Commission through employee training and/or related manuals.

The CHRC financial policies and procedures will be posted on the Commission’s Intranet and a link to the TBS Website re: TBS financial management policies, will be provided.

FSD will post the financial policies and procedures on the Commission’s Intranet by March 31, 2005.

1.2 Security of the financial system

FSD is responsible for the management of the financial system including security issues such as user profiles and back-up of financial information. The audit team found that the allocation of the financial system user profiles is adequate with one exception. The audit team also found that the system users understand the rights and obligations surrounding the use of their user profile. Finally, while a mechanism is in place with respect to the monitoring of the user profiles, monitoring is not conducted on a regular basis.

Security of the GX financial system is organized around user profiles limiting access to users’ needs. Our review indicated that the allocation of eleven of the twelve user profiles is adequate. One user profile entitled "Everything" is given to the Manager of FSD. This user profile allows the manager to perform all of the functions of the system which are performed by the eleven other user profiles. In addition, the Manager of FSD also has an ability to request Public Works Government Services Canada to issue cheques through an electronic key that allows him to exercise payment authority [Section 33 of the Financial Administration Act (FAA)]. Therefore, this combination of the Everything’s user profile and the electronic key provide the Manager of FSD with the ability to perform a transaction from the beginning until the end. This represents a breach to a proper segregation of duties and it weakens internal controls.

One analyst within FSD is responsible for monitoring user profiles. Procedures for this responsibility are in place. However, we found through a review of a User Profile Report that monitoring is not performed on a regular basis. For example, the user profile of some employees who either had left the Commission or were on extended leave of absence were still active. When this situation was brought to their attention, FSD immediately dis-activated the profiles of these employees.

It is recommended that:

• the access to the GX system by the Manager of FSD be reviewed to limit access to the requirements of his position and that the ability to perform a transaction from the beginning until the end be removed; and

• the monitoring of user profiles be performed on a regular basis.

Management Response and Action Plan

a) Agree

The access to the GX system by the Manager of FSD has been reviewed and is now limited to the requirements of his position. The Manager of FSD currently does not have access to the "Everything" user profile. This user profile allows the officer with the ability to perform a payment from the beginning until the end.

b) Agree

The Manager of FSD will ensure that user profiles are monitored on a monthly basis. In addition, FSD will remove access to the GX system upon becoming aware of the departure of an employee or when made aware of an employee’s change in responsibilities.

2.0 Controls

Internal controls represent those elements of the Commission including its resources, systems, processes, culture, structure and tasks, that taken together, support staff in the achievement of the Commission’s objectives. In relation to financial activities, internal controls are identified through the financial management authorities, spending limits, maintenance of accounting records and monitoring activities.

The audit team found that internal controls take into account materiality, public sensitivity and risk. In the case of the acquisition card, which was the subject of major changes in 2003, internal controls still need improvement.

Financial management authorities are defined in the Commission’s Delegation of Authority Chart that was developed in the early 1990’s and is still being used. We understand that a new Delegation of Authority Chart is being produced. It has not yet been completed and approved.

The review of fifty (50) financial transactions indicated that financial management authorities and spending limits are complied with, that records are complete, accurate, reliable and properly maintained. However, we have found some instances indicating internal controls must be strengthened with respect to the acquisition card program.

The acquisition cards program was put in place at the beginning of 2003-04. This program involves a number of strong internal control points such as the segregation between the cardholder and the manager authorized to initiate expenditure and approve receipt of goods or services (section 34 of the FAA), the requirement for recording the purchase in a manual acquisition card purchase register, the approval from a manager with delegated authority prior to the acquisition card being used, the reconciliation of statements to manual registers. The acquisition cards program was launched with an appropriate implementation approach which required all cardholders and their respective manager to attend a training session prior to being authorized to use the acquisition card. These internal control features are all important to maintain accountability while benefiting from the efficiencies of the program.

Despite these important characteristics, the audit team identified a number of weaknesses that need to be addressed.

Approval process

When the policy requires the approval by a particular position (i.e. Assets or IT Managers), this authority is typically demonstrated on file through the use of the carbon copy functionality of the e-mail. The approval is assumed received even when the authorized person does not respond to the e-mail. We believe that this indirect form of approval does not meet the intent of the approval requirement written out in the Delegation of Authority Chart or financial policies. A direct form of approval requiring a signature or the sending of a correspondence (e-mail or other form) would be appropriate.

Monitoring

The Acquisition Cards Policy calls for a coordinator to be appointed. That coordinator is responsible to issue cards, receive statements from the credit card company and exercise monitoring activities. The coordinator for the Commission is the Manager of Assets Management who is also responsible for initiating expenditures and approving receipt of goods (exercising section 34 of the FAA) with respect to procurement activities for the Commission. This practice weakens internal controls since the same person initiates expenditures, approves the receipt of goods while at the same time has the responsibility to monitor such activities.

Interviews with the Coordinator of the Acquisition Card indicated that procedures have not been defined to document how monitoring will be exercised. So far the monitoring activities have been exercised using the acquisition card statements only. The coordinator has not systematically documented the results of the monitoring activities conducted nor produced any monitoring report for the benefit of management. The auditors believe that the monitoring activities currently being exercised over the acquisition card program are incomplete and not in line with the intent of the Acquisition Cards policy.

Security

The Acquisition Cards policy calls for the card to be kept in a secure location. However, the policy does not describe what is considered to be secured. Some cardholders keep the card in a locked cabinet while others carry it with them.

Recommendations

It is recommended:

• that a direct form of approval be put in place in order to satisfy the requirements of the Acquisition Card Policy and the Delegation of Authority Chart;

• to define formal procedures for the conduct of the acquisition card monitoring and reporting activities;

• that the Officer assigned to monitor the acquisition card transactions not be involved in any approval process and if this situation occurs, that a different person be assigned the responsibility of monitoring these transactions; and

• to identify acceptable means by which acquisition cardholders can secure the acquisition card in their office or elsewhere and increase awareness among acquisition cardholders.

Management Response and Action Plan

a) Agree
FSD will remind or advise CHRC managers who have delegated financial authority (from the Delegation of Authority Chart or other policies), by December 31 2004, that only a direct form of approval is acceptable. A direct form of approval requires either the signature of the authorized manager or the sending of a correspondence (e-mail or other form) by that authorized manager.

b) Agree
FSD will document the acquisition card monitoring program and start its monitoring activities by December 31, 2004. FSD will present the first report outlining the monitoring activities to the Executive Committee by March 31, 2005.

c) Agree
As part of documenting the acquisition card monitoring program, FSD will ensure that the Officer tasked with monitoring responsibilities of acquisition card related transactions is not involved in the approval process. This change will be put in place by December 31, 2004.

d) Agree
Assets Management Division (AMD) intends to reiterate to acquisition cardholders that the acceptable means of securing their card is by either keeping their cards in a locked cabinet or carrying it with them. AMD will ensure that cardholders are provided with locked cabinet to secure their cards. This process will be implemented by October 31, 2004.

3.0 Information and Advice

3.1 Financial management advice and reporting

The Commission has a financial management group that possesses good knowledge, skills and expertise to provide advice and analysis to the Commission staff as required and financial information is readily available to Program Managers and other Commission staff through financial management reports that are produced on a monthly basis.

Interviews with selected Program Managers and Administrative Assistants revealed that FSD has an ability and capacity to provide adequate advice and analysis to support Program Managers in carrying out their financial management responsibilities. For example, FSD has developed financial management reports and forms to assist Program Managers in carrying out their financial management responsibilities. FSD has provided training to the Program Managers and Administrative Assistants on all aspects of financial tasks including system and reports. The Manager of FSD holds monthly working group meetings with all Administrative Assistants where the assistants are provided with an opportunity to ask questions, discuss and share their knowledge, experience and methodologies used to handle specific financial matters.

The Commission staff interviewed indicated that some Program Managers have difficulty understanding the financial reports. They find the reports not user-friendly and, as a result, the terminology is not always understood by them. The auditors believe that the financial reports produced are standard reports and therefore efforts should be put on training managers in understanding them.

The Administrative Assistants, while claiming that the financial management training has been helpful to them in understanding the philosophy surrounding certain financial policies, have expressed that this training should be offered more regularly.

Recommendations

It is recommended that:

• FSD organizes training more often to ensure that (i) present employees receive "refresher training"; and (ii) new employees coming to the Commission are offered financial management training; and

• particular attention be given to the training needs of the Administrative Assistants.

Management Response and Action Plan

a) Agree
FSD will provide a refresher training course to current employees once a year. Two sessions will be offered, one during the Fall of 2004 and the other in Spring of 2005.

FSD will provide a full training course to new and to current employees once a year.

b) Agree
The monthly working group meetings with Administrative Assistants will be continued as a means to provide useful financial information and to introduce new policies or procedures. On a yearly basis, FSD will survey Administrative Assistants to determine the financial topics that are of interest to them and FSD will ensure that these topics are covered during the following year’s meetings.

Table of Contents

Next Page