Audit of the Federal Economic Development Initiative in Northern Ontario (FedNor)—Northern Ontario Development Program (NODP)

Final Audit Report

Audit and Evaluation Branch

November 5, 2007

Recommended for Approval to the Deputy Minister
By the DAC on December 5, 2007
Approved by the Deputy Minister on December 12, 2007

Table of Contents

• 1.0 Executive Summary
  • 1.1 Background
  • 1.2 Audit Objective
  • 1.3 Audit Scope
  • 1.4 Key Findings
  • 1.5 Recommendations
  • 1.6 Audit Conclusion
• 2.0 Statement of Assurance
• 3.0 Background
  • 3.1 Federal Economic Development Initiative for Northern Ontario
  • 3.2 Audit Objectives
  • 3.3 Audit Scope
  • 3.4 Audit Methodology
• 4.0 Detailed Observations and Recommendations
  • 4.1 Documentation of Monitoring of Project Status
  • 4.2 Documentation to Support the Risk Assessment Process
  • 4.3 Formal Monitoring and Update of Project Risk Assessment
• Appendix A—Audit Criteria
• Appendix B—Management Response and Action Plan

This publication is available upon request in accessible formats.

Contact:
Multimedia Services Section
Communications and Marketing Branch

Telephone: 613-948-1554
Fax: 613-947-7155
Email: ic.cmb-creative.ic@canada.ca

Permission to Reproduce

Except as otherwise specifically noted, the information in this publication may be reproduced, in part or in whole and by any means, without charge or further permission from Industry Canada, provided that due diligence is exercised in ensuring the accuracy of the information reproduced; that Industry Canada is identified as the source institution; and that the reproduction is not represented as an official version of the information reproduced, nor as having been made in affiliation with, or with the endorsement of, Industry Canada.

For permission to reproduce the information in this publication for commercial redistribution, please email: copyright.droitdauteur@pwgsc.gc.ca

Aussi offert en français sous le titre Vérification de l'Initiative fédérale de développement économique pour le Nord de l'Ontario (FedNor)—Programme de développement du Nord de l'Ontario (PDNO)

1.0 Executive Summary

1.1 Background

The Federal Economic Development Initiative for Northern Ontario (FedNor) was established in 1987 and is responsible for promoting economic growth, diversification and job creation and sustainable, self-reliant communities in Northern Ontario by working with community partners and other organizations to improve small business access to capital, information and markets.

Within FedNor, the Northern Ontario Development Program (NODP or the "Program") is a program with ongoing funding that promotes economic growth, diversification, job creation and sustainable communities in Northern Ontario, through a community-based approach. The service area runs from the District of Muskoka to Hudson Bay and from the Manitoba border to Quebec—a large and diverse geographic area.

The Audit and Evaluation Branch's (AEB) 2005–2008 Multi Year Risk-Based Audit Plan, approved by the Departmental Audit and Evaluation Committee (DAEC), includes an audit of the FedNor NODP.

1.2 Audit Objective

The objective of the audit was to provide an independent and objective assessment of the design and operating effectiveness of the Program's management control framework (MCF) and the extent to which the transfer payments under the Program are managed in accordance with the Treasury Board's Policy on Transfer Payments.

1.3 Audit Scope

The scope of the audit covered the Program's operations from April 2002 to March 2007 in all three regional offices—Sudbury, Thunder Bay and Sault Ste Marie where the Program is delivered. The audit focused on the areas of highest risk facing the achievement of Program objectives.

1.4 Key Findings

The audit noted three areas which require improved documentation and formalization as follows:

Documentation of monitoring of project status—Prior to the finalization and approval of a contribution agreement, a risk assessment and associated monitoring plan is developed. Limited documentation was found in the project files sampled to confirm the completion of these activities as required by the monitoring plan.

To ensure compliance with the Terms and Conditions of the Program, ongoing project monitoring must be carried out with adequate documentation and audit trail. As environmental changes arise that impact the risk associated with a project, documentation of ongoing monitoring activities supports the ongoing re-evaluation of the risks and level of monitoring and scrutiny required by the Program.

Documentation supporting the risk assessment process—Processes have been designed to assess risks associated with potential projects during the project acceptance phase; however, outcomes are not consistently documented to substantiate the pre-acceptance and project approval risk assessment decisions.

When there is no formal evidence of decisions related to the risk assessment process, it is difficult to substantiate the reason for acceptance or rejection of a project proposal and provide senior management with sufficient information for appropriate decision making.

Formal monitoring and update of project risk assessment—NODP projects may span over more than twelve months during which significant changes may occur within an industry or client environment. However, risk assessments are not currently subject to formal, periodic re-evaluation impacting the appropriateness of the existing level of project monitoring activities.

Without a periodic reassessment of risk ratings, there is an increased chance that changes to the client or project's status may not result in a corresponding change to the risk assessment. This could lead to an inappropriate risk rating and level of project monitoring.

1.5 Recommendations

As a result of the key findings identified, the following three recommendations have been proposed:

1. The Director General of FedNor should establish a formal process to ensure appropriate documentation of project status/monitoring activities are linked back with expectations defined in the original risk assessment.
2. The Director General of FedNor should implement a formal process to ensure improved documentation, including the maintenance of meeting minutes, supporting documents and enhanced commentary related to: a) the initial assessment of project proposals and b) final risk ratings and associated monitoring plans to substantiate the decisions made during the project acceptance finalization processes.
3. The Director General of FedNor should develop a formal mechanism to review the risk rating of each project on a periodic basis (i.e. every 12 months) within the project life cycle and upon changes within the client environment which could potentially impact risk as changes in risk rating should impact the level of project monitoring (financial and/or project status) and projects considered for upcoming audit.

1.6 Audit Conclusion

We found that the FedNor NODP's management control framework, related practices and internal controls are in place, operating as intended and are in compliance with Treasury Board's Policy on Transfer Payments. However, the formal documentation of key decisions during the project life cycle should be improved, specifically related to monitoring of project status, documentation of the risk assessment process within the project approval phase and formal monitoring and periodic updating of the risk assessment for long-term projects.

2.0 Statement of Assurance

We have completed the internal audit of the Federal Economic Development Initiative in Northern Ontario (FedNor)—Northern Ontario Development Program (NODP). The objectives of this internal audit were to provide an independent and objective assessment of: the design and operating effectiveness of the management control framework (MCF) in place within the NODP; and, the extent to which the transfer payments under the NODP Program are managed in accordance with the Policy on Transfer Payments. The design and operating effectiveness of management controls within the NODP Program are the responsibility of NODP Program management.

The audit examined the management controls in place within the NODP Program, including management and operational practices, integrated risk management practices, and information management and reporting for decision making in support of the achievement of overall objectives of the Program. Further, the audit examined the Program's compliance with the Policy on Transfer Payments including the processes in place to track and monitor recipient compliance with the terms and conditions of their contribution agreements and the practices in place to ensure funds are used for intended purposes.

The scope of the audit covered a review of the NODP Program operation for the fiscal years from April 1, 2002 to March 31, 2007.

Our internal audit conclusions were based on the assessment of findings against pre-established audit criteria and agreed to by management and reflect the audit work conducted between March and August of 2007.

In my professional judgement as Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions are based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria that were agreed upon with management. The conclusions are applicable only to the entity examined.

3.0 Background

3.1 Federal Economic Development Initiative for Northern Ontario

The Federal Economic Development Initiative for Northern Ontario (FedNor) was established in 1987 to promote economic growth, diversification, job creation, and sustainable, self-reliant communities in Northern Ontario by working with community partners and other organizations to improve small business access to capital, information, and markets.

FedNor has played a strong leadership role in partnership with community and business leaders to create stronger sustainable communities where businesses can grow and thrive. In 1997, FedNor moved from non-repayable direct contributions to businesses, to more community-based strategic investments that would provide a solid foundation for communities and businesses that are facing the challenges of today's new economy.

FedNor covers the delivery of the following programs:

• The Northern Ontario Development Program (NODP) which promotes economic growth, diversification, job creation and sustainable self-reliant communities in Northern Ontario through a range of initiatives aimed at improving small business access to capital, information and markets;
• the Eastern Ontario Development Program (EODP) Program which supports economic renewal in rural Eastern Ontario;
• the Community Futures (CF) Program which supports the development and growth of rural Ontario communities; and a new funding initiative to support the Social Economy throughout Ontario

3.1.1 Northern Ontario Development Program (NODP)

Created in 1987, the NODP is an ongoing program that promotes economic growth, diversification, job creation and sustainable communities in Northern Ontario through a community-based approach. The service area runs from the District of Muskoka to Hudson Bay and from the Manitoba border to Quebec—a large and diverse geographic area.

The NODP, the focus of this audit, helps communities gain access to services and assists in eliminating barriers to the global marketplace. By supporting trade, tourism, and business financing initiatives, it helps ensure that Northern Ontario excels in a knowledge-based economy.

FedNor's efforts to meet NODP's mandate focus on six strategic priority areas, which also act as a framework to guide investments:

• Community Economic Development;
• Information and Communications Technology (ICT);
• Innovation;
• Trade and Tourism;
• Human Capital; and
• Business Financing Support.

The expected results of the NODP include:

• Improved retention and development of youth to increase competitiveness in business;
• Increased capacity and ability to respond to local economic development opportunities and challenges;
• Enhanced technology infrastructure and innovation; and
• Improved business and trade skills through counselling and training activities.

According to NODP criteria, eligible recipients include: not-for-profit organizations, businesses, Aboriginal organizations, municipalities, and economic development organizations. A broad range of not-for-profit organizations located across Northern Ontario can apply. For-profit businesses and social enterprises can apply for human capital and innovation support.

There are two distinct types of contributions available under the Program, each with its own set of criteria and terms:

• Loan/Investment Fund Loss Reimbursement
• Other contributions

A) Establishment of a Loan/Investment Fund Loss Reimbursement:

• Higher risk commercial term loans to businesses or social economy enterprises, including loans for special projects of very high risk, such as start-ups, initial research and development, pre-commercial product development and pre-operational marketing studies, including mentoring assistance as identified by the capital provider on a case by case basis; or
• Loans to investment funds of secondary capital providers such as Community Futures Organizations (CFOs) (Community Futures Development Corporations and any special purpose, provincial or regional association of Community Futures Development Corporations) and Aboriginal Capital Corporations (ACCs) to enable them to make loans to businesses or social economy enterprises to acquire fixed assets, top up working capital, to establish or expand micro business enterprises, to develop or expand markets, to conduct research and development, to develop products, to undertake quality improvement initiatives or to support strategic and human resource development.

B) Other contributions:

• Special projects, such as start-ups, initial research and development, pre-commercial product development and pre-operational marketing studies, which would be unlikely to attract commercial debt due to the risk involved.
• Access to capital for the Aboriginal business community, contributions for other projects, to increase the number and coverage of Aboriginal financial institutions.
• Activities related to technological innovation, enhancement of telecommunications and information technology, expansion of markets, development of economic infrastructure, training, business management skills development, establishment and maintenance of economic development networks, feasibility studies, strategic planning or any other activities in support of business, social economy enterprises, entrepreneurship development or economic development; and
• Establishment or expansion of the capital base of CFOs or other non-profit community-based organizations providing investment in local businesses.

Normally, only applicants located in and providing benefits to this area may be assisted under these Terms and Conditions. Applicants who can demonstrate significant benefit to the Northern Ontario economy, but who are located outside of Northern Ontario, may be considered for assistance on an exceptional basis.

The following table represents total NODP spending for each fiscal year within the scope of this audit:

The following table represents the number of projects entered into by the NODP between April 1, 2002 and March 31, 2007 by dollar threshold category:

Based on current priorities, the following is a breakdown of fiscal 2005/06 and 2006/07 grants and contribution spending by strategic priority:

The Audit and Evaluation Branch's (AEB) 2005–2008 Multi Year Risk-Based Audit Plan, approved by the Departmental Audit and Evaluation Committee (DAEC), includes an audit of the FedNor NODP.

This report sets out the results of the audit conducted from March to August 2007, including the audit observations, conclusions reached and recommendations for management consideration.

3.2 Audit Objectives

The objectives of this audit were as follows:

1. To provide assurance to senior management on the design and operation of the management control framework—including management and operational practices, risk management practices, and information management and reporting for decision making in the achievement of overall objectives of the NODP; and
2. To determine whether transfer payments are managed in accordance with the Treasury Board Secretariat (TBS) Policy on Transfer Payments and to assess the adequacy of the departmental processes to track whether recipients have complied with the requirements of applicable contribution agreements.

3.3 Audit Scope

The scope of the audit covered the Program's operations from April 2002 to March 2007 in all three regional offices—Sudbury, Thunder Bay and Sault Ste Marie where the Program is delivered. The audit focused on the areas of highest risk facing the achievement of Program objectives.

3.4 Audit Methodology

The audit of the NODP was conducted in three phases:

• Planning phase;
• Fieldwork and analysis phase; and
• Reporting phase.

The following steps were completed during the planning and fieldwork phases of the engagement:

• Review of relevant background documentation and applicable policies
• Preliminary interviews with key program management and representatives
• Detailed interviews and process walkthroughs with a sample of Project Officers, Monitoring & Payment Officers and Program Management
• Audit criteria were developed based on the established audit objectives. For the details of the audit objectives, see Appendix A. Testing was performed in accordance with the agreed-upon criteria
• Compliance testing on a statistical sample of 100 projects between fiscal years 2002/03 and 2005/06:
  • Testing of compliance of selected key controls for entire 100 projects
  • Detailed testing of key controls for judgmental sample of 25 projects from 2004/05 and 2005/06
• Compliance testing on a judgmental sample of 25 projects within fiscal year 2006/07 in order to test the effectiveness of the controls designed into the management control framework.

For testing of the Program files to support the design of the management control framework, a statistically valid, stratified sample of 100 contribution agreements entered into between April 1, 2002 and March 31, 2006 was selected—with the stratification defined by fiscal year.

To further test the effectiveness of key processes within the sample, a judgmental sample of 25 projects from the original 100 randomly selected projects (restricted to the fiscal years 2004/05 and 2005/06) were selected for a more in-depth review and compliance testing. In order to evaluate the existing management control framework, a second judgemental sample restricted to the 2006/2007 fiscal year was selected for testing.

The audit of NODP was conducted in accordance with the Standards for the Professional Practices of Internal Auditing as per the Institute of Internal Auditors (IIA) and in accordance with the Federal Government Policy on Internal Audit. Audit criteria developed for this audit are listed in Appendix A to this report.

4.0 Detailed Observations and Recommendations

4.1 Documentation of Monitoring of Project Status

Prior to the finalization and approval of a contribution agreement, a risk assessment and associated monitoring plan is developed. Limited documentation was found in the project files sampled to confirm the completion of these activities as required by the monitoring plan.

4.1.1 Related Audit Criteria

• Policies and procedures have been developed that allow for adequate and ongoing monitoring (financial and operational) of results achieved and ongoing financial stability (controls, risk management, governance).
• Key performance indicators are identified, monitored and reported on (controls, risk management, governance).
• The integrity of financial and operational information is maintained with regards to the accuracy, adequacy and timeliness of information provided to management for decision-making purposes (controls, governance).

4.1.2 Documentation of Project Status

FedNor has developed templates and tools designed to facilitate the assessment and monitoring process for NODP projects, which are used to provide evidence of most decisions associated with a project. The use of standardized tools builds consistency of monitoring among project files.

Monitoring plans are designed according to the results of a risk assessment performed on the proposed project prior to finalization of the contribution agreement. Risk ratings of either 'high, medium, or low risk' carry respective monitoring requirements. The Monitoring & Payment Officer and Program Delivery Manager each review and sign-off all risk assessments and associated monitoring plans developed by Project Officers.

From a financial perspective, evidence was on file of supporting documentation and review (as applicable) for financial claims with ongoing monitoring and appropriate governance of project status. For all files reviewed, there was a consistency in Section 33 and 34 approvals by appropriate delegated authorities prior to the release of funds.

Based on testing performed, we did not observe consistent evidence to demonstrate monitoring and project status activities undertaken in accordance with the monitoring plan approved in the original risk assessment. In the files reviewed, there was insufficient documentation of site-visits, phone conversations, status update e-mails and other monitoring activities that should be conducted by Project Officers and Monitoring and Payment Officers throughout the project.

Based on the files reviewed, the following was noted:

• 38 percent of the files reviewed demonstrated inadequate documentation of activities consistent with the risk assessment and subsequent monitoring plan.
• 19 percent of the files reviewed demonstrated insufficient documentation of client progress reporting.

Interviews with FedNor personnel noted that monitoring activities are generally being conducted; however, they are not formally documented to an appropriate level and they may not align directly with the risk assessment conducted at the outset of the project.

To ensure compliance with the Terms and Conditions of the Program, ongoing project monitoring must be carried out with adequate documentation and audit trail. As environmental changes arise that impact the risk associated with a project, documentation of ongoing monitoring activities supports the ongoing re-evaluation of the risks and level of monitoring and scrutiny required by the Program.

Further, without formal site-visits, there may not be satisfactory assurance of funds being spent according to the terms of the contribution agreement. Formal site visits will ensure that the evidence of proper expenditures provided by the submitted financial claims can be corroborated and is an important element of the audit trail.

It should be noted that improvements to the level of documentation were observed in the 2006/07 project files tested, including an increase in the level of documentation of site-visits and telephone conversations; however, consistency of documentation of project monitoring is still required.

4.1.3 Future Initiatives—E-Claims

FedNor is currently piloting an "e-claims" program for the NODP. The e-claims program includes automated controls to prompt the user to indicate when the last site-visit occurred or when the last contact with the client occurred. Although not currently a mandatory field for data entry, as the program continues to develop, this feature could potentially prompt NODP personnel to track their contact with the client, thereby providing evidence of their site-visits and client contact. As a result, implementing the e-claims process should support efforts to improve documentation of project status monitoring activities.

4.1.4 Recommendation

The Director General of FedNor should establish a formal process to ensure appropriate documentation of project status/monitoring activities are linked back with expectations defined in the original risk assessment.

4.2 Documentation to Support the Risk Assessment Process

Processes have been designed to assess risks associated with potential projects during the project acceptance phase; however, outcomes are not consistently documented to substantiate the pre-acceptance and project approval risk assessment decisions.

4.2.1 Related Audit Criteria

• Program policies and procedures are in place and documented to govern the selection and approval of recipients to ensure compliance with the TBS Policy on Transfer Payments and program objectives/priorities (controls, governance).

4.2.2 Pre-Acceptance of Potential Projects

Once a potential project is identified within the NODP, a pre-screening process takes place whereby Project Officers and Regional Managers conduct bi-weekly meetings to discuss potential project proposals. This process is in place to ensure potential projects are in line with FedNor's strategic priorities and Industry Canada's overall objectives before they proceed to the proposal development and project acceptance phase. During these meetings, Project Officers are encouraged to speak to their experience with a potential proponent which contributes to the overall decision to proceed with or reject a potential proposal.

FedNor has noted that one of their key risks is the extent to which IC/FedNor's selection and approval process is consistent, fair and transparent. While FedNor staff members meet on a regular basis, there is no formal record of minutes, nor is there consistent documentation of the discussions that help conclude on the assessment of risk for purposes of proceeding with a project proposal.

When there is no formal evidence of decisions related to the risk assessment process, it is difficult to substantiate the reason for acceptance or rejection of a project proposal and provide senior management with sufficient information for appropriate decision making.

4.2.3 Risk Assessment for Project Approval

Once the pre-clearance process is complete and the decision is made to proceed with a project proposal, the project acceptance phase continues with various due diligence activities, including the development of the risk assessment. This process includes the consideration of a number of key factors such as previous history with the recipient, complexity of proposed project and experience/competency of involved personnel.

While standard risk criteria have been established for evaluation purposes, for the project files reviewed, there was generally a lack of qualitative risk rationale or commentary documentation supporting the final risk rating even though space is provided for both the Project Officer and Monitoring and Payments Officer to note their comments.

Without context to support the final risk rating, there is a risk of the resulting level of proposed monitoring being inappropriate. In addition, the impact of any changes in risk during the course of the project may not be appropriately reflected.

4.2.4 Project Acceptance and Approval

The project approval process in place for the NODP includes formal controls to ensure compliance with the Terms and Conditions of the Program and Treasury Board requirements. The Director General approves each Project Summary Form (Financial Administration Act—Section 32) to her delegated authority. This results in the Director General's oversight of all proposed NODP projects and provides an additional level of analysis and scrutiny. Where project are over $500,000, the Program Services Board (PSB) approval is required, and the Minister approves projects that are $1 million and over. In addition, each approved project is reviewed by the Sectors Strategy and Infrastructure Programs (SSIP) Branch of Industry Canada.

For each file tested, we observed complete project summary forms, including the appropriate supporting documentation and evidence of appropriate approvals.

4.2.5 Recommendation

The Director General of FedNor should implement a formal process to ensure improved documentation, including the maintenance of meeting minutes, supporting documents and enhanced commentary related to: a) the initial assessment of project proposals and b) final risk ratings and associated monitoring plans to substantiate the decisions made during the project acceptance finalization processes.

4.3 Formal Monitoring and Update of Project Risk Assessment

NODP projects may span over more than twelve months, during which significant changes may occur within an industry or client environment. However, risk assessments are not currently subject to formal, periodic re-evaluation impacting the appropriateness of the existing level of project monitoring activities.

4.3.1 Related Audit Criteria

• Policies and procedures have been developed that allow for adequate and ongoing monitoring (financial and operational) of results achieved and ongoing financial stability (controls, risk management, governance).

4.3.2 Formal Monitoring of Project Risk Assessment

It is possible for NODP projects to have contribution agreements which span more than one year. While the project objectives may remain the same, there are a number of other factors that can change which have a direct impact on the outcome of a project, including management team personnel or changes in the marketplace. Regardless of the changes that may occur in the proponent's environment, the formal risk rating and monitoring plan determined at the outset of the project remains the same.

As a result of their ongoing project monitoring activities and knowledge of the client environments, Project Officers can initiate a formal reassessment of the risk rating for a project or more often, the reassessment is performed informally through changes in the Project Officer's monitoring activities. However, there is currently no formal mechanism requiring a risk rating reassessment on a periodic basis. Based on the projects reviewed, none demonstrated evidence of a risk rating reassessment, even though the projects may have spanned multiple years.

Without a periodic reassessment of risk ratings, there is an increased chance that changes to the client or project's status may not result in a corresponding change to the risk assessment. This could lead to an inappropriate risk rating and level of project monitoring.

4.3.3 Recommendation

The Director General of FedNor should develop a formal mechanism to review the risk rating of each project on a periodic basis (i.e. every 12 months) within the project life cycle and upon changes within the client environment which could potentially impact risk as changes in risk rating should impact the level of project monitoring (financial and/or project status) and projects considered for upcoming audit.

Appendix A

Objective 1: To provide assurance to senior management on the design and operation of the management control framework, including management and operational practices, risk management practices and, information management and reporting for decision making in the achievement of overall objectives of the NODP.

Audit Criteria:

1. The Program complies with the appropriate acts, regulations, policies and agreements (controls, governance).
2. The management control framework involves documented policies, processes and structures which support management in the achievement of Program objectives, mitigates existing risks and reflect sound risk management practices (controls, risk management, governance).
3. Program expenditures are made in accordance with approved budgets, which are monitored and reported on a regular basis (controls, governance).
4. Roles and responsibilities are clearly defined for managing and delivering the Program (controls, governance).
5. Key performance indicators are identified, monitored and reported on (controls, risk management, governance).
6. Program staff and management are appropriately trained, and a performance management program is in place (controls, risk management, governance).
7. The integrity of financial and operational information is maintained with regards to the accuracy, adequacy and timeliness of information provided to management for decision-making purposes (controls, governance).

Objective 2: To determine whether transfer payments are managed in accordance with the TBS Policy on Transfer Payments and to assess the adequacy of the departmental processes to track whether recipients have complied with the requirements of applicable contribution agreements.

1. Projects are subject to an approved and consistent approval process, which complies with the guidance outlined in the TBS Policy on Transfer Payments.
   • Program policies and procedures are in place and documented to govern the selection and approval of recipients to ensure compliance with the TBS Policy on Transfer Payments and program objectives/priorities (controls, governance).
   • Accountability of the recipient and the granting authority has been clearly outlined and agreed-to by all parties (controls, risk management, governance).
   • Applications adhere to the terms and conditions outlined by TBS for the approval of terms and conditions for grants and/or contributions (controls, governance).
2. Controls are in place to ensure the ongoing monitoring of the recipients for financial stability, ability to complete expected projects and compliance with terms and conditions of contribution agreements.
   • Policies and procedures have been developed that allow for adequate and ongoing monitoring (financial and operational) of results achieved and ongoing financial stability (controls, risk management, governance).
   • An audit process has been established to determine if recipients have complied with the terms and conditions applicable to their contributions and audits are carried out as per the Programs risk-based audit framework for the audit of contributions (controls, risk management, governance).
3. Claims are processed, reviewed and paid in accordance with program policies, TBS requirements, and individual contribution agreements.
   • Expenses reimbursed through the claims process are appropriately approved (in compliance with the Financial Administration Act), have required supporting documentation and are in compliance with the terms and conditions of the contribution agreements and applicable TBS policies (controls, governance).

Appendix B