Audit of Regions (Atlantic, Quebec, and Prairie and Northern)

3.0 Findings and Recommendations

3.1 Introduction

This section presents detailed findings from the audit of the Atlantic, Quebec, and Prairie and Northern regions. The findings are based on evidence and analysis from both the initial risk assessment and the detailed audit.

In addition to the findings below, AEB has communicated observations of conditions that were non-systemic and of low materiality and risk to management, orally and in a management letter, for consideration.

3.2 Governance

Clarity of roles and responsibilities

Region, Finance and Administration:

Policies and procedures that define authorities and responsibilities for Finance and Administration in the regions include:

• Industry Canada's Financial Control Framework
• Financial Administration Act
• Delegation of Authorities Policy, and
• various financial policies (i.e. travel directive, acquisition cards, hospitality, and membership).

AEB's file review/testing and interviews, and the results of the AEB planning questionnaires completed by ROS employees, provided evidence that employees know and understand these policies/procedures.

The file review/testing indicated that signing under Sections 32, 33 and 34 of the Financial Administration Act was carried out by authorized positions, and that expenditures were in compliance with policies and adhered to Industry Canada's Financial Control Framework.

Region, Finance and Administration as a service provider for program clients:

ROS has been responsible for the regional delivery of common corporate services (Finance, Administration, Human Resources and Communications) since the creation of the Department in 1993. This role was confirmed during the Regional Review exercise concluded in 2007. The RExD is accountable for the delivery of services and provides line direction to the regional staff.  

The level of corporate services a regional office provides to regional programs varies slightly from client to client and region to region. Services in each region were based on historical offerings and have evolved accordingly. AEB interviews with ROS management in each region indicated that corporate service offerings are well defined and communicated (e.g. through such means as regional intranet sites, wikis, meetings, and visits to district offices).

Common Services initiative:

The Common Services initiative has two objectives: to standardize service delivery across the five regions and to ensure appropriate roles and responsibilities for both the programs and the regional staff providing the services. It is a product of consultation and discussion among the five RExDs, the regional Directors/Managers of Finance and Administration, staff from CAS and program clients.

A draft of the Common Services Memorandum of Understanding has clearly defined the proposed roles and responsibilities and has been communicated to program clients and CAS.

During this audit, management (RExDs and Directors/Managers of Finance and Administration) from all three regions indicated that the status of this initiative was still unclear. Agreements have been reached with some sectors and discussions continue with others. Items under discussion include the resources required to redistribute work and the separation of roles and responsibilities between ROS and the program clients.

top of page

3.3 Risk Management

Results of the risk management process

Risk management at the operational level of the Finance and Administration directorate:

Operational risk assessments and mitigation strategies are discussed regularly during ROS management weekly/monthly meetings.

According to interviews from all three regions, the Director of Finance and Administration meets with his managers weekly, when possible, to identify, discuss and take action on risks. As well, risk is managed indirectly; for example, purchases and projects are prioritized based on operational needs.

The key risk of budget overspending (or lapsing) is reduced because of the budget monitoring controls in place at both the Finance and Administration directorate level and the regional (i.e. RExD) level. In all three regions, financial managers communicate regularly with each directorate (under the RExD) to review the financial situation and estimates.

Examples of other internal controls developed and implemented to mitigate risks regarding finance and administrative activities include:

• weekly meetings between RExDs and Directors/Managers
• the Financial Control Framework including regular monitoring by the regional finance group and CAS
• the designation in each region of at least two individuals authorized to sign Section 33 – this allows for proper segregation of duties and for back-up during holidays, illness, etc.
• training (both formal and informal)
• Business Continuity Plan.

As a best practice, in one of the regions, each directorate formally develops an annual business plan that identifies risks and mitigation strategies.

Risk management at the regional level:

In each region, the Director/Manager of Finance and Administration is involved, along with the RExD and the other Directors, in the annual regional planning exercise, which identifies, documents and communicates risks and develops mitigation strategies.

Each of the three regions developed a regional business plan for 2010–2011. Each plan had a section entitled Risk Assessment and Mitigation at the regional level.

Examples of risks identified at the regional level included: the operational environment, financial budgets and human resources outreach efforts, and record management systems.

Given the size of Corporate Services, Finance and Administration, the audit team considers the level of effort on risk management to be appropriate.

top of page

3.4 Internal Control

Compliance with Sections 32, 33 and 34 of the Financial Administration Act

The auditors carried out two distinct tests to assess the objective.

The first test involved verifying Section 33 services provided by Finance and Administration to program clients (i.e. SITT, CB, OSB, MC) for operation and maintenance expenditures, excluding salaries and related costs. This included verifying financial signing authority and compliance with Industry Canada's Financial Control Framework. The testing revealed no errors in the sample.

The second test involved verifying Section 32, 33 and 34 services provided by Finance and Administration to the regional directorates regarding operation and maintenance expenditures, excluding salaries and related costs. Compliance with relevant policies, procedures and directives was also tested.

The results for compliance are reported below with regard to due diligence. With regard to the testing of Section 32, 33 and 34 authorizations, the audit team found instances of missing appropriate signatures of approval. The team's assessment of these errors indicated that they were isolated and non-systemic.

In both tests, all signatures were by authorized individuals in authorized positions.

Financial transactions are carried out with due diligence

The regions interpret and monitor adherence to (financial) policies as evidenced in the result of the audit file review:

• finance officers verify the arithmetic and per diem on travel claims
• original documents are attached to claims when required
• acquisition cards are reconciled to original receipts
• proper departmental forms are filled out for conference, travel and hospitality approval, and
• monitoring checklists are filled out for high risk transactions, as defined in Industry Canada's Financial Control Framework.

In all regions, there is evidence that the Manager of Finance and Administration and/or the Manager of Finance provides a challenge function and takes corrective action regarding errors in financial transactions or misinterpretation of policies and directives.

A best practice of management internal control over Section 34 was identified in one region. When the Manager of Finance detects an error in the completion of Section 34 requirements, he fills in a standard form he developed. This form is then sent to the Section 34 officer along with all the original documents for correction. Any errors are logged into a spreadsheet and a report is generated monthly, as required, for the manager's meetings. The report tracks errors by type, regional office directorate and program client. AEB review of the monthly reports indicated that corrective measures have been taken.

Timely budgets are developed at an appropriate level of detail, and managers with assigned budget authority and responsibility monitor their budgets and forecasts on a regular basis. A review of the regional budgets and variance analysis reports revealed that information is broken down to the standard object level and by directorate.

Funds are allocated and the budget distributed at the beginning of the fiscal year in conjunction with the regional planning exercise. In May the ADM of ROS sends a memo communicating initial budget allocations for the fiscal year. The memo distribution list includes the RExDs of all five regions.

Finance and Administration is responsible for managing and reporting on the development, monitoring and forecasting of the RExD budget. Finance and Administration generates monthly variance analysis reports. Each directorate is responsible for explaining its variances and adjusting its forecasts. Budgets and variance analysis reports are presented at the RExD meeting, which includes directors.

Financial reporting is reviewed and approved by regional management. Approved reports are sent to ROS headquarters for review, consolidation and approval by the ADM. The information is then submitted to CAS.

CAS receives updated year-end budget forecasts from each sector monthly through the Financial Status Reporting process. For each reporting period, CAS prescribes an acceptable variance range between budgeted forecasts and year-end expenditures. This target was met by all three regions for 2009–2010. At the time of the audit, the Regional Operations financial report for 2010–2011 was not available.

top of page

Compliance with Treasury Board Policies and with Industry Canada's Financial Control Framework, Directives and Procedures

AEB's file testing confirmed compliance with the FCF. No material or systemic errors were detected.

In general, files tested for hospitality, acquisition card, membership, and travel policy compliance complied with the relevant policies:

• All hospitality expenditures had required pre-approvals, used appropriate forms, etc. and were in line with policy.
• Acquisition card purchases were in line with the Treasury Board Acquisition Card directive for issues such as allowable expenditures and expenditure limit. As well, there was no apparent circumvention of expenditure limits and payments were made in time to avoid interest costs.
• Payments to Chambers of Commerce of all membership dues exceeding $700 were pre-approved by the ROS ADM.
• The majority of travel claims had required pre-approvals, used appropriate forms, had original supporting documentation, and were in line with policy – with some exceptions involving internal processes and procedures. AEB assessment of the missing pre-approvals indicated that they were isolated and non-systemic.

Finding 1.0: Management oversight on use of blanket travel

Regional staff who are required to travel frequently to conduct their work have been granted blanket travel authority (BTA). A BTA is an authorization for travel that is continuous or repetitive in nature, with no variation in the terms and conditions of trips, and where it is not practical or administratively efficient to obtain prior approval from the employer for each individual trip.

BTAs do not always clearly identify restrictions on the mode of transportation and the related costs. The use of a BTA allows the booking of transportation without management's approval for individual trips. Subsequent travel claim forms do not always clearly identify the mode of transportation or the prepaid transportation costs, therefore limiting the amount of management oversight. However, some travel claims presented after the travel occurred do include, with other travel receipts, information on transportation that identifies the costs.

Recommendation 1.0:

It is recommended that the Assistant Deputy Minister of Regional Operations review the travel claim process and use of the blanket travel authority, to allow greater management oversight of transportation and the related costs.