Audit of Expenditures Related to Grants and Contributions Programs

PDF (220 KB)
Table of contents

Acknowledgements

The audit team would like to thank those individuals who contributed to this project and, particularly, employees who provided insights and comments as part of this audit.

1.0 Executive Summary

1.1 Background

Transfer payments are one of the government's key instruments in furthering its broad policy objectives and priorities. Transfer payments include grants, contributions and other transfer payments including those made to other orders of government, international organizations and Aboriginal peoples. The government is committed to ensuring that transfer payments are managed in a manner that respects sound stewardship and the highest level of integrity, transparency, and accountability.

The 2008 Treasury Board (TB) Policy on Transfer Payments (PTP) requires that transfer payments be managed in a manner that is sensitive to risks, that strikes an appropriate balance between control and flexibility, and that establishes the right combination of good management practices, streamlined administration and clear requirements for performance. Through regular monitoring against policies, directives (processes) and standards, these activities should be adjusted in a timely manner when needed. Public Safety Canada (PS) delivers grants and contributions (G&C) programs related to emergency management and community safety.

Roles and Responsibilities

As per the TB Policy Framework for Financial Management and the Policy on Financial Management Governance, the Chief Financial Officer (CFO) is the lead departmental executive for all aspects of financial management, program financing, financial reporting and disclosure, and provides key objective strategic advice on the overall stewardship of the financial management culture and its performance.

Other senior departmental managers establish and maintain a system of internal control for their areas of responsibility and within the departmental system of internal control.

Program Managers are responsible for complying with the requirements of the TB PTP and the TB Directive on Transfer Payments. Additionally Program Managers are responsible for ensuring compliance with applicable policies and legislation, before exercising Section (34) of the Financial Administration Act (FAA). Section (34) provides the authority to certify that the work was performed and that the goods were supplied or the services were rendered as defined in the agreement.

The G&C Support Services Unit (SSU) within the Corporate Management Branch (CMB) supports effective management of G&C programs within PS.    

The Financial Services Division within CMB is responsible for ensuring compliance with applicable policies and legislation before exercising Section (33) of the FAA. Section (33) provides the authority to pay the expenditures after ensuring that the payment is a lawful charge against an appropriation and that Section 34 has been properly exercised.

1.2 Why it's Important

Given the government's management expectation of G&C programs, the inherent risk, the public scrutiny over transfer payments in general, and the materiality of the department's programs (actual spending by PS was $237.5M in 2008-09) an audit of G&C expenditures was included in the Risk-based Audit Plan approved by the Deputy Minister. Approximately 65 percent of the Department's budget is devoted to G&C funding for recipient organizations.

1.3 Audit Objective and Scope

The objectives of the audit were to provide reasonable assurance, for all G&C program expenditures for fiscal year 2008-09, that:

The audit criteria established the expectations for the audit and formed the framework for the specific audit tests. The audit criteria were based on The Canadian Institute of Chartered Accountants “Criteria for Control” (COCO) model, the core management controls developed by the Office of the Comptroller General and applicable policies, legislation and regulations.

1.4 Audit Opinion

The financial management control framework in place to ensure G&C expenditures comply with applicable policies, regulations, terms and conditions of agreements requires management attention. The limited implementation of risk-based monitoring within both the program areas and Finance, combined with insufficient policies, directives (processes) and standards, exposes the department to the risk that G&C transactions are not processed appropriately.

1.5 Statement of Assurance

In the professional judgment of the Chief Audit Executive, sufficient and appropriate audit procedures have been conducted and evidence gathered to provide senior management with reasonable assurance of the accuracy of the opinion provided and contained in this report. The opinion is based on a comparison of the conditions, as they existed at the time, against pre-established audit criteria. The opinion is applicable only to the entity examined.

1.6 Summary of Audit Findings

There was insufficient overall monitoring by the program areas of the recipient's expenditure payments and accruals. While there was a good effort across all programs to get financial information from the recipient, the program areas dealing with the larger more complex agreements did not always require or have current expenditure forecasts or a sufficient reconciliation of the actual expenditures. Further, there was limited non-financial information in support of; advance payments made during the latter part of the fiscal year, of final expenditure payments based on “actuals”, and of accruals made at year-end. Consequently the audit was unable to conclude in a significant number of agreements whether the specific agreement clauses and obligations were met. The audit recognizes that many of these agreements are complex, which makes the monitoring, interpretation, and reconciliation of financial and non-financial information difficult for the employees charged with these responsibilities. Fulfilling these responsibilities is further impeded by the lack of clarity within the agreements. In a moderate number of agreements the audit was unable to conclude whether certain expenditures or accruals were eligible or accurate. It was expressed to auditors and evidenced through the insufficient financial reconciliations that the department's financial analytics need strengthening, especially given that finance controls are exercised at all levels and all areas of the department.

The audit also found limited departmental G&C financial policies, directives (processes) and standards; documented roles and responsibilities; and monitoring and reporting requirements, all of which would be included in a risk-based internal control framework over G&C expenditures. Consequently, the interpretation of financial policies and the processing of payments were inconsistent and in some cases resulted in material dollar value errors. Further, there were inconsistent expectations within the program areas and Finance, as to what role Finance played and the level of review that they performed on the requested G&C payments. While there was evidence of some review done on the majority of expenditure payments by the Finance unit, overall monitoring and reporting controls were limited.

It should be noted that the department has formed a G&C Director General Working Group to support the implementation of the new TB Transfer Payment Policy which came into effect on October 2008 and to support overall G&C reform. Additionally an Internal Control over Financial Reporting Project has been initiated to support the implementation of the TB Policy on Internal Control. Both these current initiatives are intended to support improvements in the overall management of G&C programs.

1.7 Summary of Audit Recommendations

1.8 Management Response

Management agrees with all the recommendations in the report and has prepared an action plan.

Approved By:

Rosemary Stephenson
Chief Audit Executive

2.0 Background

Transfer payments are one of the government's key instruments in furthering its broad policy objectives and priorities. Transfer payments include grants, contributions and other transfer payments including those made to other orders of government, international organizations and Aboriginal peoples. The government is committed to ensuring that transfer payments are managed in a manner that respects sound stewardship and the highest level of integrity, transparency, and accountability.

The 2008 Treasury Board (TB) Policy on Transfer Payments (PTP) requires that transfer payments be managed in a manner that is sensitive to risks, that strikes an appropriate balance between control and flexibility, and that establishes the right combination of good management practices, streamlined administration and clear requirements for performance. Through regular monitoring against policies, directives (processes) and standards, these activities should be adjusted in a timely manner when needed.

Public Safety Canada (PS) delivers grants and contributions (G&C) programs related to emergency management and community safety (see Appendix A). Approximately 65 percent of the Department's budget is devoted to G&C funding for recipient organizations.

The largest programs include the Disaster Financial Assistance Arrangements (DFAA), which is the responsibility of the Emergency Management and National Security Branch (EMNS), as well as the First Nations Policing Program (FNPP) and the National Crime Prevention Strategy (NCPS) which are both the responsibility of the Community Safety and Partnerships Branch (CSPB). There are also smaller programs such as the Joint Emergency Preparedness Program which is the responsibility of EMNS, and the Policy Development Contributions Program (PDCP) which is used by all Branches.

Roles and Responsibilities

As per the TB Policy Framework for Financial Management and the Policy on Financial Management Governance, the Chief Financial Officer (CFO) is the lead departmental executive for all aspects of financial management, program financing, financial reporting and disclosure, and provides key objective strategic advice on the overall stewardship of the financial management culture and its performance. While the TB Policy on Internal Controls section 3.4 recognizes that “In the Canadian federal government, Deputy heads have always had the responsibility to ensure that internal controls are regularly reviewed in the context of risk, ensuring that those internal controls1 are balanced against and proportional to the risks which they mitigate”, there is now greater clarity on what an appropriate internal control environment encompasses with the release of this policy. In this context, the CFO supports the deputy head by establishing and maintaining a system of internal control related to financial management including financial reporting and department accounts.

Senior departmental managers also establish and maintain a system of internal control for their areas of responsibility and within the departmental system of internal control.

Program Managers are responsible for complying with the requirements of the TB PTP and the TB Directive on Transfer Payments. Additionally Program Managers are responsible for ensuring compliance with applicable policies and legislation, before exercising Section (34) of the Financial Administration Act (FAA). Section (34) provides the authority to certify that the work was performed and that the goods were supplied or the services were rendered as defined in the agreement.

The G&C Support Services Unit (SSU) within the Corporate Management Branch (CMB) supports effective management of G&C programs within PS. The SSU is responsible for leading G&C reform initiatives within the department. Additionally the SSU is responsible for reviewing contribution agreements requiring approval from the Deputy Minister or Minister, as per the Delegation of Financial Signing Authority. They also have limited responsibility for the PDCP including the funding allocation process and program support.

The Financial Services Division within CMB is responsible for ensuring compliance with applicable policies and legislation before exercising Section (33) of the FAA. Section (33) provides the authority to pay the expenditures after ensuring that the payment is a lawful charge against an appropriation and that Section 34 has been properly exercised.

2.1 Audit Objective

The objectives of the audit were to provide reasonable assurance that:

2.2 Audit Criteria and Scope

The audit criteria established the expectations for the audit and formed the framework for the specific audit tests. The audit criteria were based on The Canadian Institute of Chartered Accountants “Criteria for Control” (COCO) model, the core management controls developed by the Office of the Comptroller General and applicable policies, legislation and regulations (see Appendix B).

The general criteria used included:

All G&C program expenditures for fiscal year 2008-09 were included in the scope of the audit.

2.3 Approach

The audit was conducted in accordance with the Standards for the Professional Practice of Internal Auditing. These standards required that the audit be planned and performed in such a way as to obtain reasonable assurance that audit objectives were achieved.

The audit included the following activities:

The sampling approach grouped programs using common characteristics such as risk levels, dollar value, and other defined criteria resulting in four groups as follows:

Within these groups, the number of transactions for testing was determined using either an industry accepted statistical model or professional judgment so as to ensure there was sufficient evidence gathered to provide reasonable assurance of the accuracy of the opinion, and provide for a cost-effective audit. 

2.4 Findings, Recommendations and Management Response

Given the horizontal nature of the audit and the consistency of the findings across the sample populations, the following results have been presented in a comprehensive manner. While each program area's G&C expenditure risks are different and consequently their requirements and approach vary, the overall concepts captured in these findings apply respectively to all.

2.4.1 Limited program area monitoring of recipient expenditures

The audit expected to find through the monitoring activities by the program areas, appropriate evidence to support the G&C expenditure payments and accruals. This expectation is aligned with thecurrent TB Policy on Transfer Payments section6.5.4 requiring that departments are “ensuring that cost-effective oversight, internal control, performance measurement and reporting systems are in place to support the management of transfer payments” 2. Specifically the audit sought evidence to confirm that:

The audit found that there was insufficient overall monitoring by the program areas of the recipient's expenditure payments and accruals 3. While there was a good effort across all programs to get financial information from the recipient, the program areas dealing with the larger more complex agreements did not always require or have current expenditure forecasts or a sufficient reconciliation of the actual expenditures, which may have contributed to amaterial 4 dollar amount of incorrect payments within several populations including ineligible expenditures or surpluses from advance payments left unrecovered. Subsequent to the audit, the program areas are making all reasonable efforts to resolve any discrepancies.

Further, while financial information provides assurance of the eligibility (i.e. the right category of expenditure) and of the accuracy (i.e. the correct amount) of the payments, non-financial information is equally imperative as it provides the qualitative information to assure program managers that deliverables of the agreement were met. Non-financial indicators include headcount, project status, alignment to the intended purpose, and the physical delivery of assets. The audit found limited non-financial information in support of advance payments made during the latter part of the fiscal year, of final expenditure payments based on “actuals”, and of accruals made at year-end. Consequently the audit was unable to conclude in a significant number of agreements whether the specific agreement clauses and obligations were met. This also resulted in a moderate number of over and under accruals which had a material dollar impact within several of the G&C program populations, and while the correct amounts were eventually paid, there is potential for inaccurate reporting of the department's annual G&C expenditures which in turn could result in inaccurate future budget requests.

The audit recognizes that many of these agreements are complex, which makes the monitoring, interpretation, and reconciliation of financial and non-financial information difficult for the employees charged with these responsibilities. Fulfilling these responsibilities is further impeded by the lack of clarity within the agreements, for example, on how surpluses should be calculated, what constitutes operational costs, determining whether to apply amortization costs or capital funding, and, by the lack of corporate wide operational level financial monitoring policies, directives (processes), and standards. In a moderate number of agreements the audit was unable to conclude whether certain expenditures or accruals were eligible or accurate. As well, the interpretation of financial information can be challenging, for example, understanding what a qualified auditor's report implies or determining whether cash or accrual financial reporting is required. It was expressed to auditors and evidenced through the insufficient financial reconciliations that the department's financial analytics need strengthening, especially given that finance controls are exercised at all levels and all areas of the department.  

2.4.2 Limited G&C Expenditure Policies, Directives (Processes) and Standards

The audit expected to find that, pursuant to the TB Policy on Internal Controls section 5.2.1 “an effective risk-based system of internal control is in place in departments and is properly maintained, monitored and reviewed, with timely corrective measures taken when issues are identified”. Further, in accordance with the OCG Core Management Controls, it is expected that “monitoring activities such as analyzing, comparing and explaining financial variances between actual and plan” are done. The audit also specifically expected to find the required internal control environment, as it applied to G&C expenditures, within the Financial Services and System unit.

G&C expenditure Policies:
In alignment with the PS Policy Framework, policies are department wide and allow individuals to understand “what” activity is to be performed or expected to be performed. As it relates to G&C expenditures, polices can be developed to provide direction for calculation methodologies and for the required amount of evidence to support analysis. Policies are part of a strong internal control environment as they ensure the consistent and accurate interpretation of information.

The audit found there were limited departmental financial policies, with reliance placed on the TB policy suite. While the TB documents are critical, they are often at a very high-level. Although it may appear to be duplication, it is necessary, in some cases, to have internal policies with sufficient depth to reflect the complexity and uniqueness of PS expenditures. Consistent with finding 2.4.1 there is a need for financial policies in such areas as accruals; eligible expenditures such as non-monetary transactions and amortization; surplus recovery; financial reconciliations; and proactive disclosure on amendments. Errors found within these financial areas resulted in inconsistent interpretation, which contributed to inaccurate processing of expenditures.

G&C expenditure Directives (Processes) and Standards:
Processes are an integral part of the implementation of policies. They articulate the “how”, “when”, and “by whom” policy objectives are to be met. Processes incorporate key control procedures which are expected to be focused on high-risk activities and provide regular feedback on compliance to the policies.

The audit found limited aspects of a risk-based internal control environment over the G&C expenditures and limited documented financial payment processes. While the expenditures were processed by an experienced team, appropriate and documented processes, at a minimum, would help ensure a consistent application of the payment process and a structured environment to support employees in carrying out their responsibilities. Such processes could include, standardizing the steps for the “request for payment” templates which would help to ensure consistent and comprehensive information is provided to Finance, and processes would help to determine how to appropriately use the departmental classification codes. Given there were limited overall G&C reporting processes, an assessment of the reporting requirements would help to ensure the appropriate combination of financial and non-financial information is provided to the right people to inform decision making.

Further, there were no documented roles and responsibilities or specific G&C training provided within the Financial Services and Systems unit to assist employees in processing G&C expenditures. Consequently, there were inconsistent expectations within the program areas and Finance, as to what role Finance played and the level of review that they performed on the requested G&C payments. While generally all payments had evidence of a Finance signature representing their review, it was unclear what the signature represented and what “challenge” role was done on which agreements as a moderate number of accounts payable files did not have sufficient information to enable a comprehensive challenge function. Similar to finding 2.4.1, for the larger more complex agreements, financial reconciliations were not done, which would have included; the tracking of surplus carryovers, justification of accruals when qualified auditor's reports were issued, or trend analysis for determining the continued appropriateness for advance payments, all of which are required to ensure appropriate interpretation of financial clauses within these agreements. While the audit recognized that accountability for expenditure approval pursuant to Section (34) of the FAA and monitoring compliance of expenditures, rests with the program area Responsibility Centre Manager, Finance is a critical control in monitoring compliance of the expenditures and the accruals to all financial policies as part of their corporate financial accountability and in line with their financial expertise.

The audit also observed that while the majority of “request for payment” templates were reviewed at the Financial Officer and Financial Manager levels, overall monitoring controls were limited. For example a complete G&C accrual reconciliation was not done, nor any reconciliation of Proactive Disclosures. The audit found a moderate number of incidents where accruals were not properly reversed or historical accrual balances were drawn down for liabilities different than what they were originally established for. Further, there was no quality assurance process which requires not only the exercising of the controls, but also their documentation so as to enable monitoring to ensure they are operating consistently and continually. This is necessary for future alignment to the TB Policy on Internal Controls and supports the Department's “Internal Control over Financial Reporting” project.

Finally, the audit recognizes that in smaller finance units, a complete segregation of duties is not always possible; however because there were no documented roles and responsibilities, people had the ability to perform activities that were incompatible, and in a few circumstances they did. Although no inappropriate payments were found, there is a need to have a monitoring mechanism to ensure all payments are appropriate. Subsequent to the audit, the segregation of duties issue has been rectified.

Recommendations:

  1. The Comptroller, in accordance with the TB Policy Framework for Financial Management, should develop and implement a risk-based internal control framework for end-to-end processing and reporting of G&C expenditures. This should be done in partnership with the program areas to ensure all internal controls established and performed by the program areas are incorporated, so as to ensure that the department maintains the most efficient and cost-effective monitoring structure aligned to the FAA accountability structure.
    Management Action Plan

    Management Action Plan

    Completion Date

    An Action Plan for the adoption of internal controls over financial reporting has been developed and will be updated to reflect additional work to support the integration of all internal controls including those established and performed by the program areas. Work has already started on the development of a risk-based internal control framework, including the test of design of G&C payment process by KPMG.

    Summer 2011

  2. Each program Assistant Deputy Minister, in conjunction with the Grants & Contributions Support Services Unit, and with a view to achieving departmental standards and consistency in expenditure management of G&C programs, should improve the clarity of eligible criteria and develop and document an approach to ensure an adequate monitoring (financial and non-financial) and reporting regime based on operational needs and risk, is in place and operating effectively.
    Management Action Plan

    Management Action Plan

    Completion Date

    Program areas will work collaboratively with the Grants and Contributions Support Services Unit and Corporate Finance to develop standards and areas of improvement to ensure an adequate risk-based monitoring and reporting plan is in place and to improve the clarity of eligible expenditure criteria.

    March 31, 2012

    The G&C DG Advisory Group will act as a mechanism in coordination with program areas, Financial Operations, Internal Audit Directorate and Legal Services.

    March 31, 2012

    Program areas will present the progress of their work to the G&C DG Advisory Group which will provide direction and guidance.

    March 31, 2012

    Program areas will work with the support of the Grants and Contributions Support Services Unit and Corporate Finance to develop standard tools and templates for the delivery of grants and contributions.

    March 31, 2012

    To ensure clarity of eligible expenditure criteria, Program areas will identify challenges in previous Terms and Conditions (T&Cs), engage with affected stakeholders and program staff, strengthen documentation in application process and other tools where appropriate and confer with Corporate Services through renewal of Program T&Cs.

    March 31, 2012

  3. The Financial Services and Systems Unit should determine, develop, and monitor appropriate departmental financial polices, directives (processes) and standards to support the expenditure payment activities. These should include clarity on accruals, “request for payment” templates, financial coding descriptions, and financial reconciliations.
    Management Action Plan

    Management Action Plan

    Completion Date

    Develop financial policies, directives and guidelines to support the disbursement of G&Cs funding.

    Various dates over a multi-year timeframe in accordance with the amended Action Plan.

  4. The Grants & Contributions Support Services Unit and the Financial Services and Systems Unit, should clarify their mandates in regard to their roles and responsibilities respectively, in the “support function” and the “challenge function” within the overall expenditure management of the G&C programs to establish consistent expectations across the department.
    Management Action Plan

    Management Action Plan

    Completion Date

    Clarify roles and responsibilities related to Section 33 and 34 approvals, clearly identifying the roles of the Program, Finance and the GCSSU.

    Summer 2011

Appendix A – Grants and Contributions Programs

Defined groups
Image Description

The chart illustrates the defined groups. A graph in the form of a pie chart with four segments shows the G & C's programs listed in the four columns of the Table below the graph. Programs in each column of the Table are represented by a segment in the circular graph, and the size of each segment is proportional to the dollar value of the programs.

G & C's Program Expenditures and Transfers for Fiscal Year 2008-2009
Branch G &C's Programs Contribution Expenditures ($' 000) Grant Expenditures ($' 000)
EM&NS Disaster Financial Assistance Program (DFAA)  120,491 -
CS&P First Nations Policing Program (FNPP) 72,939 -
CS&P National Crime Prevention Strategy (NCPS)  19,051 843
EM&NS Joint Emergency Preparedness Program (JEPP)  7,989 -
LE&P Security Cost Framework Policy (SCFP) 7,700 -
Various3 Policy Development Contribution Program (PDCP) 3,161 -
CS&P Sustainable Funding Program (SFP)  - 1,758
LE&P Tobacco/Organized Crime 1,460 -
SPB Communities at Risk: Security Infrastructure Pilot (SIP) 1,018 -
CS&P National Flagging Systems (NFS)  - 500
EM&NS International Association of Fire Fighters (IAFF) 300 -
EM&NS Research Fellowship Program in Honour of Stuart Nesbitt White - 154
SPB Air India 11 -
EM&NS Workers Compensation Program (WCP) 80 -
G & C's Program Expenditures for Fiscal Year 2008-2009 234,200 3,255
237,454
CS&P First Nations Policing Program (FNPP)- RCMP Appropriation Transfer2 39,761
Total G & C's Program Expenditures and Transfers for Fiscal Year 2008-2009 277,215

Note:

  1. Data Source: PS Public Accounts 2008-2009 Report
  2. As per APD, this is an Appropriation budget transfer to RCMP for CTA and ACCP agreements.- Excluded from Audit Scope
  3. The PDCP program is used by CS&P, EM&NS, LE&P, SPB

Appendix B – List of Applicable Policies and Legislation

End Notes

Date modified: