Audit Report - Audit of Core Controls

Table of contents

Executive Summary

Background

The Audit of Core Controls at Library and Archives Canada (LAC) was part of the 2013–2016 Risk-Based Audit Plan, which was approved by the Deputy Head in August 2013.

In recent years, the federal government has placed great importance on the prudent stewardship of resources. The effective and efficient use of public resources is expected and required of all departments and agencies, who must be transparent in their reporting on the use of public funds to achieve departmental objectives. By implementing effective controls and procedures, deputy heads can deliver on departmental objectives.

The objective of this audit was to ensure that core controls over financial management at LAC resulted in compliance with the key requirements of Treasury Board Secretariat (TBS) policies, and of the specific TBS directives identified below:
  • Directive on Delegation of Financial Authorities for Disbursements;
  • Directive on Expenditure Initiation and Commitment Control;
  • Directive on Account Verification;
  • Directive on Acquisition Cards;
  • Directive on the Management of Expenditures on Travel, Hospitality and Conferences;
  • Directive on Accountable Advances;
  • Directive on Financial Management of Pay Administration;
  • Directive on Leave and Special Working Arrangements; and
  • Performance Pay Administration Policy for Certain Non-Management Category Senior Excluded Levels.

The audit criteria from the Office of the Comptroller General were used to assess core controls, quantify the results of the testing, and report on the findings. The table below explains the legend used to assess compliance with the different TBS policies and directives reviewed during the course of this audit.     

Legend

Met

Complies with policy, only minimal exceptions noted.

Greater than or equal to 98%

Partially Met

Partially complies with policy, major or numerous exceptions noted.

80% – 97%

Not Met

Does not comply with policy.

Less than 80%

Audit Conclusion

Overall, controls are in place and documented at LAC to account for the spending of public funds. All of the transactions verified during the conduct of this audit related to the delivery of LAC's mandate and no evidence of misuse of public funds was observed. However, it was noted that the controls over financial management were not applied consistently.  The audit identified areas requiring attention to ensure the consistent application of financial controls.  The details of the observations are identified below.

Findings and Recommendations


1) Financial Directives

LAC is in compliance with the requirements of one (1) financial directive, in partial compliance with two (2) financial directives, and not compliant with one (1) financial directive. The audit results are identified below.
Directives Reviewed and Tested

Compliance

Directive on Delegation of Financial Authorities for Disbursements

Not Met

Directive on Acquisition Cards

Met

Directive on Accountable Advances

Partially Met

Directive on the Management of Expenditures on Travel, Hospitality and Conferences

Partially Met

LAC had internal processes to ensure that delegated authorities were documented, signed and kept up to date.  However, LAC's external Delegation of Authorities instrument required updating following the arrival of the new Minister. The appointment of a new minister does not automatically nullify existing authorities. However, a new instrument for delegated authorities should be prepared for the minister's signature within 90 days following the appointment.  

With regard to acquisition cards, applications and restrictions were specified and communicated to cardholders. However, not all cardholders had acknowledged their responsibilities and obligations prior to receiving their acquisition card.  During the conduct phase of the audit, the Finance Division ensured that the five missing forms had been signed by the cardholders and was put in file.

In relation to accountable advances, out of the eleven (11) petty cash funds reviewed, three (3) were not properly safeguarded, and two (2) petty cash reconciliation reports were missing.  Although this activity is low risk due to the limited funds available within the petty cash, attention is required to ensure that controls are consistently applied. 

LAC proactively disclosed the expenditures for travel and hospitality through its website, and post-authorized travel requests were justified and on file. In addition, all meal and incidental allowances were reimbursed in accordance with the specified rates. There was only one (1) transaction for which the travel expenses exceeded the amount approved; however, a note was on file to support the reason for the variance. In the travel transactions tested, the purpose of the travel was not always provided.  It is to be noted that in October 2013, as part of modifications brought to the travel system, this issue was addressed by forcing travelers to enter the purpose of the trip. Since this new functionality was implemented after the period covered by the audit, it could not be tested.

It is recommended that LAC prepare a new Delegation of Authorities instrument for the minister's signature. The Finance Division should ensure that  petty cash funds are properly safeguarded, and always reconciled and reported. 

2) Sections 32, 34 and 33 of the Financial Administration Act (FAA)

A total of 103 transactions were reviewed to assess the core controls related to FAA Section 32, 34 and 33.  Core controls testing related to sections 32 and 34 of the FAA resulted in non-compliance due to the inconsistent application of the controls. LAC was in partial compliance with section 33 of the FAA. The audit results are identified below.
Directive on Expenditure Initiation and Commitment Control and
Directive on Account Verification – Reviewed and Tested

Compliance

Expenditure initiation and commitment control (section 32)

Not Met

Account verification (section 34)

Not Met

Payment and settlement (section 33)

Partially Met

Operational procedures were in place for expenditure initiation, commitment control and account verification; however, the controls were not applied consistently. The following issues were noted:

  • No dates were available to confirm when the process was completed (s. 32 and s. 34 of the FAA);
  • Files were missing documentation needed to confirm the appropriate delegation or to determine whether the payment was processed according to the applicable policy and directive.

Instances were also observed where the signatures were illegible – making it difficult to confirm the delegated authority without the printed names.  The signatures were later confirmed by the Finance Division.  A best practice would be to ensure that a printed name is available to confirm the signature.

It is recommended that the Finance Division ensure that expenditure initiation and account verification controls are applied consistently. The Division should also ensure that sufficient documentation is kept on file to support the application of the controls. 

3) Human Resources Policies and Directives

During the planning phase of the audit, the Policy on the Performance Pay Administration for Certain Non-Management Category Senior Excluded Levels was assessed.  This specific policy was not included for additional review during the conduct phase since it was demonstrated that LAC had strong controls in place for the management of this policy. 

The total population, which consisted of  seven (7) transactions, was used to assess the core controls related to two (2) HR directives identified below.  Core controls testing related to these two (2) human resources directives within LAC resulted in non-compliance. The audit results are identified below.

Directives Reviewed and Tested

Compliance

Directive on Financial Management of Pay Administration

Not Met

Directive on Leave and Special Working Arrangements

Not Met

The security assessments and reliability check levels for casual employment were not identified as a condition of employment on two (2) of the seven (7) forms reviewed.

In relation to leave with income averaging, we found two (2) instances in which the leave was not authorized by a person with the appropriate delegated authority; in another instance, the leave was not accurately recorded in the leave tracking system (HRIS).

It is recommended that the Human Resources Division ensure that leave with income averaging requests are authorized by an individual with the delegated authority, and that security assessments and reliability checks  for casual employees are clearly identified. The Division should also monitor the accuracy of the data entered in the leave tracking system (HRIS).

4) Monitoring and Reporting

The Finance Division has a monitoring and reporting oversight mechanism that includes a formal review process, with results reported to management. There was no evidence that the Human Resources Division has mechanisms to monitor and report on financial controls related to leave and special working arrangements or to the financial management of pay administration.

It is recommended that the Human Resources Division implement a formal process to review, monitor and report on financial controls related to leave and special working arrangements and to the financial management of pay administration.

Statement of Assurance

The audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

Julie St- Laurent , CIA, CGAP
Director, Audit and Evaluation
Library and Archives Canada

Acknowledgements

We wish to express our appreciation for the cooperation and assistance afforded to the internal audit team by management and staff during the course of this assurance engagement.

Introduction

Background

More than ever, scrutiny over the effective and efficient use of public resources is being placed on departments and agencies. The implementation of effective controls and procedures allows deputy heads to deliver on departmental objectives and be accountable and transparent in their use of public funds.

An audit of core controls at Library and Archives Canada (LAC) was approved by the Deputy Head in August 2013 as part of the 2013–2016 Risk-Based Audit Plan. This audit assessed whether LAC's financial controls are effective, and whether they adequately mitigate the risk of non-compliance with federal legislation, policies and directives, in particular, the nine (9) financial instruments from the Treasury Board Secretariat (TBS) listed below:

  • Directive on Delegation of Financial Authorities for Disbursements;
  • Directive on Expenditure Initiation and Commitment Control;
  • Directive on Account Verification;
  • Directive on Acquisition Cards;
  • Directive on the Management of Expenditures on Travel, Hospitality and Conferences;
  • Directive on Accountable Advances;
  • Directive on Financial Management of Pay Administration;
  • Directive on Leave and Special Working Arrangements; and
  • Performance Pay Administration Policy for Certain Non-Management Category Senior Excluded Levels.

Note that the 2011 Directive on the Management of Expenditures on Travel, Hospitality and Conferences was replaced in August 2013 by the Directive on Travel, Hospitality, Conference and Event Expenditures. This audit covered the period from April 1, 2012 to August 31, 2013, which is prior to the amended directive and, as a result, the 2011 directive was applied.

Risk Assessment

To assist in audit planning and determining potential priorities and areas of audit, a preliminary risk assessment was conducted and the following potential high-risk areas were identified:

  • There is a risk that the appropriate delegation of authorities is not performed within the expenditure process;
  • There is a risk that expenses are not properly supported with sufficient justification and documentation;
  • There is a risk that purchasing tools such as acquisition cards and accountable advances are not administered properly; and
  • There is a risk that monitoring and reporting processes are not fully documented, updated and communicated to ensure compliance.

Objective and Criteria

The objective of this audit was to ensure that core controls over financial management within LAC result in compliance with the key requirements of the applicable legislation, policies and directives. For specific audit criteria, please refer to Appendix D of this report.  

Scope

This audit focused on the key transactions and processes that pose the greatest risk for LAC. The audit covered the period from April 1, 2012 to August 31, 2013. 

Contracting and procurement processes were excluded from the scope of the audit, as these activities were covered by a separate audit. Taking into account the preliminary risk assessment results, the audit did not examine the transactions and processes related to performance pay administration.

Methodology

The audit was conducted in a manner consistent with the TBS Policy on Internal Audit, and in accordance with the Internal Auditing Standards for the Government of Canada and the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing. The following audit activities were performed: 

  1. Review of existing documentation, including process flow charts and narratives, and relevant previous audit coverage;
  2. Conducting of interviews with identified staff to understand key controls and processes;
  3. Conducting of walkthroughs of related financial and human resources systems; and
  4. Examination of a sample of transactions for each of the nine (9) policies and related directives.

For specific details on the methodology, please refer to Appendix C of this report.
The audit criteria from the Office of the Comptroller General were used to assess core controls, quantify the results of the testing, and report on the findings. The table below explains the legend used to assess compliance with the different TBS policies and directives reviewed during the course of this audit.

Legend

Met

Complies with policy, only minimal exceptions noted.

Greater than or equal to 98%

Partially Met

Partially complies with policy, major or numerous exceptions noted.

80% – 97%

Not Met

Does not comply with policy.

Less than 80%

Findings and recommendations

Financial Policies

LAC is in compliance with the requirements of one (1) financial directive, in partial compliance with two (2) financial directives and not compliant with one (1) financial directive.

1) Directive on Delegation of Financial Authorities for Disbursements

For the assessment of this directive, the following controls were expected to be in place:

  • A process is in place to ensure delegated authorities are updated when required;
  • Delegated financial authorities are documented and communicated in writing, in accordance with sections 32, 34 and 33 of the Financial Administration Act (FAA); and
  • All managers have received and completed mandatory training before they exercise their delegated authority.

LAC had a process in place to ensure that specimen signature cards were reviewed and updated annually. Delegated financial authorities were documented and communicated in writing, in accordance with sections 32, 34 and 33 of the FAA. All managers had successfully completed the required training, and confirmation was kept on file.

LAC has two (2) delegated financial authority instruments: an internal instrument signed by the current Acting Librarian and Archivist of Canada that is updated regularly, and a second instrument signed by the previous minister. This second document has not been updated since the arrival in office of the new minister. The appointment of a new minister does not automatically nullify existing authorities. However, a new document for delegated authorities should be prepared for the minister's signature within 90 days following the appointment of a new minister.  LAC demonstrated that they were actively working on preparing the required delegation instrument for approval.  

Based on the audit results identified above, LAC is not in compliance with the Directive on Delegation of Financial Authorities for Disbursements.

Recommendation 1
The Finance Division should prepare a new Delegation of Authorities for the minister's signature.

2) Directive on Acquisition Cards

For the assessment of this directive, the following controls were expected to be in place:
  • Acquisition card applications and restrictions are specified and communicated to cardholders; and
  • Cardholders acknowledge their responsibilities and obligations prior to receiving an acquisition card from the coordinator.

LAC had acquisition card acknowledgement forms that communicated the card limit and the card safeguarding requirements and practices. However, of the twenty-five (25) cards tested, five (5) were missing the form. This increases the risk that cardholders are not aware of their obligations and responsibilities. During the conduct phase of the audit, the Finance division ensured that the five missing forms had been signed by the cardholders and was put in file.  This quick action from the Finance Division ensured that LAC was compliant with the Directive on Acquisition Cards.

3) Directive on the Management of Expenditures on Travel, Hospitality and Conferences

For the assessment of this directive, the following controls were expected to be in place:
  • Transactions meet the minimum proactive disclosure requirements;
  • Reason for government business travel is documented on the authorization to travel form;
  • Post-authorized travel requests are justified and on file; and
  • Meal and incidental allowances are reimbursed in accordance with specified rates.

LAC disclosed the expenditures for travel and hospitality through its website; therefore, LAC is in compliance with the requirement of proactively disclosing its expenditures. Post-authorized travel requests were justified and on file, and all meal and incidental allowances were reimbursed in accordance with the specified rates. Of the twenty-five (25) transactions tested, there was one (1) transaction for which the travel expenses exceeded the amount approved; however, a note was on file to support the reason for the variance. In the travel transactions tested, the purpose of the travel was not always provided. For this reason, LAC is in partial compliance with this directive. 

It is to be noted that in October 2013 as part of modifications brought to the travel system, this issue was addressed by forcing travelers to enter the purpose of the trip. Since this new functionality was implemented after the period covered by the audit, it could not be tested.

4) Directive on Accountable Advances

 For the assessment of this directive, the following controls were expected to be in place:
  • Petty cash funds are properly safeguarded, accounted for, and justified; and
  • Custodians reconcile and report on the funds on a regular basis.

Controls over eleven (11) petty cash funds were examined at LAC. Of the eleven (11) petty cash boxes, three (3) cash boxes were not properly safeguarded, meaning that individuals other than the custodian had access to the funds and/or the funds were not properly stored or secured. From the eleven (11) petty cash funds, twenty-five (25) transactions for accountable advances were reviewed. Two (2) reconciliation reports could not be found. Although this process is low risk in nature due to the limited funds available within the petty cash,  attention is required to ensure that controls are consistently applied to safeguard the funds available in the petty cash. 

Based on the audit results identified above, LAC is in partial compliance with the Directive on Accountable Advances.

Recommendation 2
The Finance Division should ensure that petty cash is properly safeguarded and that funds are always reconciled and reported.


Sections 32, 34 and 33 of the Financial Administration Act (FAA)

Controls over FAA Section 32 and 34 are not applied consistently, resulting in non compliance with the requirements of sections 32 and 34 of the FAA. LAC is in partial compliance with section 33 of the FAA.

Controls related to sections 32, 34 and 33 of the FAA were tested using the transaction types identified below. A total of 103 transactions were reviewed. The results for each section are identified below.

Accountable Advances

Travel and Hospitality

Acquisition Cards

Casual Employment

1) FAA Section 32 – Expenditure Initiation and Commitment Control

For the application of FAA section 32 controls, it was expected that the following would be in place:

  • Commitments are recorded at the value expected to be incurred;
  • Commitments are approved by the appropriate delegated authority; and
  • Commitment approvals are dated to ensure that they are performed before account verification and payment.

The two tables below present the overall audit compliance by type of transaction, and the specific observations associated with FAA section 32 controls.

Type of Transaction

Compliance

Accountable Advances

Not Met

Acquisition Cards

Partially Met

Travel and Hospitality

Partially Met

Casual Employment

Partially Met

 

FAA Section 32

Observations

# Records

%

No dates on file to confirm pre-approval

29

28%

No signatures on file to approve expenditure initiation

9

8%

Instances were also observed where the signatures were illegible, making it difficult to confirm the delegated authority without the printed names.  The signatures were later confirmed by the Finance Division.  A best practice would be to ensure that a printed name is available to confirm the signature. 

Based on the audit results identified above, controls relating to FAA Section 32 were not applied consistently, resulting in non compliance with section 32 of the FAA.

2) FAA Section 34 – Account Verification

For the application of FAA section 34 controls, it was expected that the following would be in place:
  • Account verification is performed by the appropriate delegated authority;
  • Expenses are verified prior to payment; and
  • Invoices are issued for the correct amount, within the contract limit, and to the correct vendor.

The two tables below present the overall audit compliance by type of transaction, and the specific observations associated with FAA section 34 controls.

Type of Transaction

Compliance

Accountable Advances

Not Met

Acquisition Cards

Partially Met

Travel and Hospitality

Partially Met

Casual Employment

Partially Met

 

FAA Section 34

Observations

# Records

%

No dates on file to confirm account verification is performed before the payment

21

20%

No stamp to confirm FAA section 34

3

3%

No documents available supporting account verification

3

3%

Account verification performed after the payment

2

2%

Based on the audit results identified above, controls relating to FAA Section 34 were not applied consistently, resulting in non compliance with section 34 of the FAA.

3) FAA Section 33 – Payment and Settlement

For the application of FAA section 33 controls, it was expected that the following would be in place:
  • Payments are processed on a timely basis, within payment terms;
  • Payments are processed to the right vendor in the right amount; and
  • Payments are signed by the appropriate delegated authority.

The two tables below present the overall audit compliance by type of transaction, and the specific observations associated with FAA section 33 controls.

Type of Transaction

Compliance

Accountable Advances

Not Met

Acquisition Cards

Met

Travel and Hospitality

Partially Met

Casual Employment

Partially Met

FAA Section 33

Observations

# Records

%

No invoice date and FAA section 34 not dated – preventing an assessment of the timeliness of payment

10

10%

During the course of the audit, we noted that three (3) payments had been made more then 30 days after the receipt of the invoice.  The TBS directive requires that when payment is made more then 30 days after receipt of an invoice, interest must be paid. For these three (3) payments made after 30 days, LAC paid interest according to the directive.

Based on the audit results identified above, LAC is in partial compliance with section 33 of the FAA. 

Overall, controls related to FAA section 32, 34 and 33 are documented and in place but they are not applied consistently, thus increasing the risk that public funds may not be appropriately controlled. Compliance with Treasury Board policies is critical to ensuring control over the spending of public funds.

Recommendation 3
The Finance Division should reinforce the application of the controls associated with FAA sections 32, 34 and 33.

Human Resources Policies

Overall, inconsistent application of controls over two (2) HR directives resulted in LAC not being in compliance with the requirements of the applicable directives identified below.
1) Directive on Financial Management of Pay Administration

The audit focused on controls over casual employment, as it was identified during the planning phase as posing a higher risk for the organization. The results are provided below.

Casual Employment

For the assessment of the Directive on Financial Management of Pay Administration, the following controls were expected to be in place:
  • Casual employment for any one person is approved for a period of no more than 90 days in any given calendar year;
  • Casual employment terms are approved to exclude vacation leave in remuneration, but includes 4% in lieu;
  • Employee remuneration and benefits are set within defined provisions; 
  • Security assessments and reliability check levels are defined and determined as conditions of employment;
  • Individuals who have access to government information and assets are security screened at the defined level before the commencement of their duties; and
  • Security clearance and reliability checks are reviewed and approved by an authorized delegated authority.

As required, casual employment terms were approved to exclude vacation leave in remuneration, and included 4% in lieu, and employee remuneration and benefits were set within defined provisions. In addition, individuals who had access to government information and assets were security screened at the defined level before the commencement of their duties. However, among the seven (7) transactions tested:

  • two (2) transactions did not identify the required security assessment and reliability check levels.

Based on the audit results identified above, LAC is not in compliance with the Directive on Financial Management of Pay Administration.

2) Directive on Leave and Special Working Arrangements

The audit focused on controls over leave with income averaging, as it was identified as posing a higher risk for the organization during the planning phase. The results are provided below.

Leave with Income Averaging


For the assessment of the Directive on Leave and Special Working Arrangements, the following controls were expected to be in place:
  • Leave with pay is authorized by a person with the delegated authority;
  • Leave with pay is authorized in a timely manner; and
  • Leave with pay is accurately recorded in the leave tracking system.

Leave with income averaging was authorized in a timely manner. However, of the seven (7) transactions tested:

  • two (2) leave requests were not authorized by a person with delegated authority; and
  • one (1) leave calculation was not accurately recorded in the leave tracking system (HRIS).

Based on the audit results identified above and the inconsistent application of the controls, LAC is not in compliance with the Directive on Leave and Special Working Arrangements.

During the planning phase of the audit, the Performance Pay Administration Policy for Certain Non-Management Category Senior Excluded Levels was assessed.  This specific policy was not included for additional review during the conduct phase since it was demonstrated that LAC had strong controls in place for the management of this policy.

Recommendation 4
The Human Resources Division should ensure that requests for leave with income averaging are authorized by an individual with delegated authority, and monitor the accuracy of the data entered in the leave tracking system.

Recommendation 5
The Human Resources Division should ensure that casual employment complies with all conditions of employment.

Monitoring and Reporting

Elements of control oversight are in place over financial processes, including completed and updated monitoring and reporting activities. Elements of control oversight are partially in place for human resources activities.

1) Finance Division 

The Finance Division has monitoring and reporting processes in place that are communicated to employees through LAC's intranet. Based on a formal methodology of regular reviews, core controls related to financial policies are periodically tested, results are reported to management, and corrective action is taken accordingly.

2) Human Resources Division

The Human Resources Division also has monitoring and reporting processes in place that are communicated to employees through LAC's intranet. However, the Division does not have a formal process to review and update its human resources procedures. In addition, financial controls related to the Directive on Leave and Special Working Arrangements and the Directive on Financial Management of Pay Administration are not periodically tested, results are not reported to management, and, therefore, corrective action is not taken accordingly.

Recommendation 6
The Human Resources Division should implement a formal process to review, monitor and report on controls related to leave and special working arrangements and to the financial management of pay administration.


Appendix A – Management Action Plan

Internal Audit
Recommendations

Management Response to the Recommendation

Action(s) to be Taken

Estimated Completion Date

Responsibility

1 -  The Finance Division should prepare a new Delegation of Authorities instrument for the minister's signature.

Agree

LAC will prepare a new Delegation of Authorities instrument for approval.

1st quarter 2014-2015

Chief Financial Officer

2 -  The Finance Division should ensure that petty cash is properly safeguarded and that funds are always reconciled and reported.

Agree

LAC will complete an analysis of its Petty cash processes to ensure they are appropriately safeguarded and managed. 

1st quarter 2014-2015

 

Chief Financial Officer

 

3 -  The Finance Division should reinforce the application of the controls associated with FAA sections 32, 34 and 33.

Agree

LAC will implement new control procedures relating to FAA Section 32 and 34 of the FAA.

These procedures will be communicated to all individuals with delegated authorities.

1st quarter 2014-2015

 

 

Chief Financial Officer

4 -  The Human Resources Division should ensure that leave with income averaging requests are authorized by an individual with delegated authority, and monitor the accuracy of the data entered in the leave tracking system.

Agree

LAC will put in place a monitoring process to ensure that LWIA is approved by the person with the delegation and the information entered into the HR systems is captured accurately. 

3rd quarter 2014-2015

Director General Corporate Services

5 -  The Human Resources Division should ensure that casual employment complies with all conditions of employment. 

Agree

LAC will implement a monitoring process to ensure that Casual Employment forms are appropriately completed, and remind the HR specialists on the importance of consistent application of controls related to casual employment.

1st quarter 2014-2015

Director General Corporate Services

6 -  The Human Resources Division should implement a formal process to review, monitor and report on controls related to leave and special working arrangements and to the financial management of pay administration.

Agree

LAC will develop a monitoring report in PeopleSoft to verify that the data entered into the HR system is consistent with those of the payroll system.

3rd quarter 2014-2015

Director General Corporate Services

Appendix B – Risk Ranking of Recommendations

The following table presents the recommendations and assigns risk rankings of high, moderate or low. Risk rankings were determined based on the relative priorities of the recommendations and the extent to which the recommendations indicate non-compliance with Treasury Board policies and other relevant policies and standards.

Recommendations

Risk Level

1.  The Finance Division should prepare a new Delegation of Authorities for the minister's signature.

High

2.  The Finance Division should ensure that petty cash is properly safeguarded and that funds are always reconciled and reported.

Low

3.  The Finance Division should reinforce the application of the controls associated with FAA sections 32, 34 and 33.

High

4.  The Human Resources Division should ensure that leave with income averaging requests are authorized by an individual with delegated authority, and monitor the accuracy of the data entered in the leave tracking system.

Moderate

5.  The Human Resources Division should ensure that casual employment complies with all conditions of employment. 

High

6.  The Human Resources Division should implement a formal process to review, monitor and report on controls related to leave and special working arrangements and to the financial management of pay administration.

Low

Appendix C – Sampling Methodology

Rationale

The objective of this audit is to ensure that core controls over financial management at LAC result in compliance with the key requirements of the applicable policies. In order to ensure that the sample selected for each type of financial and human resources transaction is representative of the total population, a random selection approach was used. With a random selection approach, each transaction will have an equal and independent chance of being selected, and the selection of one element will not affect the probability of selecting any other specific transaction.

Methodology

Financial Transactions
The total population of financial transactions was obtained from the Finance Division. Using these lists, the following types of transactions were identified and grouped:

  • Acquisition card;
  • Petty cash; and
  • Travel and hospitality.

Each group was then stratified into subgroups and divided based on dollar amounts. Next, a random sample for testing was generated for each group, by stratum, using the IDEA software. This stratification approach was used at the request of LAC in an effort to weigh the sample of high-value transactions more heavily. As per Raymond Chabot Grant Thornton (RCGT) Audit and Assurance methodology, sample size is 10% of the total population, up to a maximum of twenty-five (25) transactions of each type. A sample of this size allows the auditors to have confidence that controls are working as intended.

Human Resources Transactions 

The total population of human resources (HR) transactions was provided by the Labour Relations and Compensation Section. Though four (4) areas relating to human resources were included in the scope of this audit, transactional testing was done on two (2), as noted below:

  • Leave without pay (excluded from transactional testing following risk assessment);
  • Special working arrangements, including pre-retirement transition leave and leave with income averaging;
  • Casual employment; and
  • Performance pay (excluded from transactional testing following risk assessment).

Data for special working arrangements was provided in PDF format. As PDF information cannot be uploaded into the IDEA software, the sampling methodology used involved identifying the total number of transactions available for sampling, calculating the sample size, and then randomly choosing the sample based on the sample size (every 10th transaction). In total, there were seventy-nine (79) transactions available for "leave with incoming averaging" testing. Of these transactions, 10% were selected at random, for a total sample of eight (8) transactions. There was one (1) transaction available for pre-retirement transition leave, which was selected to be tested. Samples for casual employment were selected using the IDEA software, as in the case of the financial transactions above. Stratification was not applicable for HR-related samples. 

Testing Methodology

The purpose of the testing methodology section is to describe and clarify any changes that took place during the execution phase with respect to the original sampling and/or sampling methodology.

A.  Changes to original sample selections

The original samples selected included transactions that were actually groups of transactions. For example, instead of being one transaction expense, the sample was an invoice for taxi chits. After discussions with LAC, it was decided that the first transaction in the group would be selected for testing.

In a few situations, changes had to be made to the original sample selections. For example, in five (5) selected transactions, an entire credit card statement for the department was represented. They were replaced with another random selection of five (5) transactions. In another example, the transaction selected was a reallocation of expenses. Another sample was randomly selected in its place.

B.  Accountable Advances

RCGT was provided with a listing of all of LAC's accountable advance (petty cash) locations in the country. In total, there were fifteen (15) locations, representing $6,000 in funds. Of the fifteen (15) locations, eleven (11), or 73%, were tested, representing $4,300, or 72% of all accountable advance funds. As part of the testing procedures, the "safeguarding" of the accountable advances was reviewed.

Appendix D – Lines of Enquiry and Audit Criteria

1.  Transactional Level Controls

1.1 Delegation of Financial Authority

1.1.1

Delegated financial authorities, in accordance with sections 32, 34 and 33 of the Financial Administration Act, are documented and communicated in writing.

1.1.2

Controls pertaining to all delegated financial authorities are reviewed and updated annually, and updated within 90 days of the arrival of a new minister or deputy minister.

1.1.3

The signature of the minister or deputy minister is present for delegated financial authorities between departments using a Memorandum of Understanding.

1.1.4

All managers have received and completed mandatory training before they exercise their delegated authority.

1.2 Expenditure Initiation, Commitment Control and Account Verification

1.2.1

Expenses are approved by the appropriate authority.

1.2.2

Expenses are approved prior to the event.

1.2.3

Commitments are recorded at the value expected to be incurred.

1.2.4

Account verification is performed by the appropriate delegated authority.

1.2.5

Account verification is conducted on a timely basis.

1.2.6

Payment is signed by an employee with the proper delegated authority.

1.2.7

Payment is processed on a timely basis, within the payment terms.

1.3 Acquisition Cards

1.3.1

Acquisition card applications and restrictions are specified and communicated to cardholders, and cardholders acknowledge their responsibilities and obligations prior to receiving an acquisition card from the coordinator.

1.4 Management of Expenditures on Travel, Hospitality and Conferences

1.4.1

Transactions meet the minimum proactive disclosure requirements.

1.4.2

Reason for government business travel is documented on the authorization to travel.

1.4.3

Post-authorized travel requests are justified and on file.

1.4.4

Meal, incidental, accommodation, rental vehicle, parking and kilometer rates are reimbursed in accordance with specific rates or limits.

1.5 Accountable Advances

1.5.1

Accountable advances are properly safeguarded, and are accounted for and justified.

1.5.2

Custodian reconciles and reports on the fund on a regular basis.

1.6 Casual Employment

1.6.1

Casual employment for any one person is approved for a period of no more than 90 days in any given calendar year.

1.6.2

Casual employment terms are approved to exclude vacation leave in remuneration, but includes 4% in lieu.

1.6.3

Employee remuneration and benefits are set within defined provisions. 

1.6.4

Security assessments and reliability check levels are defined and determined as conditions of employment.

1.6.5

Individuals who have access to government information and assets are security screened at the defined level before the commencement of their duties.

1.6.6

Security clearance and reliability checks are reviewed and approved by an authorized delegated authority.

1.7 Leave and Special Working Arrangements (Pre-Retirement Transition Leave, Leave with Income Averaging)

1.7.1

Leave with pay is authorized in a timely manner.

1.7.2

Leave with pay is authorized by a person with the delegated authority.

1.7.3

Leave with pay is accurately recorded in the leave tracking system.

2.  Monitoring and Reporting

2.1 Oversight of Controls

2.1.1

Financial and HR processes and procedures are complete, applied consistently, updated on a timely basis and communicated to employees.

2.1.2

Financial controls over leave and special working arrangements, the financial management of pay administration, and performance pay administration are periodically tested, results are reported to management, and corrective action is taken accordingly.

Date modified: