Core Control Audit

January 2014
Office of the Comptroller General

Why This Is Important

Canadians expect the federal government to be well managed and to be accountable for the prudent stewardship of public funds, the safeguarding of public assets, and the effective, efficient and economical use of public resources. They also expect reliable and transparent reporting on how the government spends public funds to achieve results for Canadians.

The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policy and procedures; ensuring that there are effective systems of internal control; signing departmental accounts; and performing other specific duties assigned by law or regulation to the administration of their department or agency.

Core control audits are important as they provide deputy heads with assurance regarding the effectiveness of core controls over financial management in their respective organizations. By doing so, core control audits inform deputy heads of their organizations' level of compliance with key requirements contained in selected financial legislation, policies and directives.

About the Financial Transactions and Reports Analysis Centre of Canada

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada's Financial Intelligence Unit, exists to detect and deter money laundering and terrorist financing. The Centre's "value-added" financial intelligence products and compliance functions are a unique contribution to the public safety of Canadians and to the protection of the integrity of Canada's financial system. FINTRAC is an independent agency that was created in 2000. FINTRAC was established and operates within the ambit of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its Regulations.

According to its Departmental Performance Report, FINTRAC had spending of approximately $54.0 million and human resources of 359 full-time equivalents during fiscal year 2012–13.

Core Control Audit Objective and Scope

The objective of this audit was to ensure that core controls over financial managementFootnote 1 within FINTRAC result in compliance with key requirements contained in the selected financial legislation, policies and directives.

The scope of this audit included financial transactions, records and processes conducted by FINTRAC. Transactions were selected from fiscal year 2012–13. The audit examined a sample of transactions for each of the selected policies and directives. The Appendix provides a complete list of policies and directives included in the scope of the audit and the overall compliance in the areas tested. 

Conformance with Professional Standards

This audit engagement was conducted in accordance with the Internal Auditing Standards for the Government of Canada based on the Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing, as supported by the results of the quality assurance and improvement program.

Anthea English, CA
Assistant Comptroller General
Internal Audit Sector, Office of the Comptroller General

Audit Findings and Conclusion

Core controls over financial management regarding the transactions tested within FINTRAC resulted in compliance with the key requirements contained in one of the ten policies, directivesFootnote 2 and corresponding legislation tested and in partial compliance with eight of the policies and directives tested. FINTRAC was not in compliance with key requirements contained in the remaining one policy and directive tested.

Weaknesses were identified in the Delegation of Financial Signing Authorities Instrument. The instrument was not reviewed annually, and the signature specimen cards were not updated. For the acquisition card program, credit limits were not set by the responsibility centre manager and the proper documentation was not retained on file. For the accountable advances, funds were not reconciled and reported on a monthly basis.

The documentation on file was insufficient to support contracting decisions. Mandatory standing offers provided by Public Works and Government Services Canada were not always considered or used appropriately. For government travel and hospitality, supporting justification for expenditures was not always documented, and applicable limits for reimbursement were not always respected or justified. For pay administration transactions, the departmental departure procedures were not always properly completed.

Weaknesses were also identified in expenditure initiation. Approval was not always provided before the expense was incurred. For account verification, proof of execution was not always performed on a timely basis and properly supported. Payment and settlement were not consistently carried out for the accurate amount, supported by complete documentation and done on a timely basis.

Recommendations

The Director of the Financial Transactions and Reports Analysis Centre of Canada should ensure that:

  1. The Delegation of Financial Signing Authorities Instrument is reviewed annually, including updating signature specimen cards to reflect the authorities granted in the Delegation of Financial Signing Authorities Instrument.
  2. The acquisition card limits are set by the responsibility centre manager, are used solely for authorized business-related purchases of goods or services; and proper documentation is retained on file.
  3. The custodians of accountable advances reconcile and report on the funds on a monthly basis.
  4. The business processes are improved to ensure that procurement activities are consistently performed in compliance with the Treasury Board Contracting Policy and that documentation is retained on file.
  5. The business processes regarding travel expenses are improved to ensure that they are consistently performed in accordance with related directives.
  6. The documentation supporting the hospitality event is retained on file.
  7. The departure forms are properly completed and signed by employees.
  8. The funds commitment availability is certified by someone with appropriate delegated authority, dated; and expenses are recorded at the value expected to be incurred.
  9. The account verification is done by someone with appropriate delegated authority, properly dated, supported by complete documentation and done on a timely basis.
  10. The payments and settlements are carried out for the accurate amount, supported by complete documentation and done on a timely basis.

Management Response

Management has accepted the audit findings and has developed an action plan to address the recommendations. It is expected that the Management Action Plan will be fully implemented by September 2014.

The results of the audit and the Management Action Plan have been discussed with the Director of FINTRAC and with the Small Departments Audit Committee. The Office of the Comptroller General will follow up on the Management Action Plan until all findings are resolved.

Appendix A: Policies and Directives Tested

Policies and Directives Tested
Policies and Directives Tested Compliance Rating for Transactions Tested
Directive on Delegation of Financial Authorities for Disbursements Not Met
Policy on Financial Management Governance Met
Directive on Acquisition Cards Partially Met
Directive on Accountable Advances Partially Met
Contracting Policy Partially Met
National Joint Council Travel Directive and the Directive on Travel Cards and Travellers Cheques Partially Met
Directive on the Management of Expenditures of Travel, Hospitality and Conferences  Partially Met
Directive on Financial Management of Pay Administration Partially Met
Directive on Expenditure Initiation and Commitment Control Partially Met
Directive on Account Verification Partially Met

Legend of Compliance RatingsFootnote 3
Rating Definition
Met Greater than or equal to 98% compliance
Partially Met Greater than or equal to 80% and less than 98% compliance
Not Met Less than 80% compliance

Endnotes

Return to footnote 1 See appendix for a complete list of policies and directives included in the scope of this audit.

Return to footnote 2 See appendix for FINTRAC’s compliance in the areas tested.

Return to footnote 3 Compliance thresholds for the transactions tested.

Date Modified: