Audit of the Separation Clearance Process

From: Employment and Social Development Canada

Official title: Audit of the Separation Clearance Process

Alternate formats

Request other formats online or call 1 800 O-Canada (1-800-622-6232). If you use a teletypewriter (TTY), call 1-800-926-9105. Large print, braille, audio cassette, audio CD, e-text diskette, e-text CD and DAISY are available on demand.

On this page

1. Background

1.1 Context

The Treasury Board (TB) Policies on Financial Management and Government Security require that departments withdraw all authorities and property from individualsFootnote 1 on termination and remind them of their continuing responsibilities relating to the confidentiality of the sensitive information they had access to in the course of their employment. This includes certifying that all money owed to the Crown or to the employee is accounted for before leaving the department. Delegated departmental officials, in consultation with departmental human resource (HR) advisors, must develop procedures and ensure that debriefings and reclamations are scheduled and conducted as a component of the overall separation process.

In October 2013, Employment and Social Development Canada (ESDC), under the Enabling Services Renewal Program (ESRP)Footnote 2, launched the Separation Clearance Process to improve and streamline internal service delivery through a “click/call/consult” model with increased focus on self-service. The automated Separation Clearance project was intended to be a phased approach using the results of each phase to make improvements until an enterprise-wide tool could be developed to support all interoperability and integration requirements. Although there have been some updates and changes over the past few years, the tool has not evolved past the initial process model which uses existing web-based HR technology.

The Human Resources Service Centre (HRSC) web applicationFootnote 3 was identified as an existing technology that could be delivered within the designated timeline to automate the former manual paper based Separation Clearance Process and realize cost-savings for the Department. 

It has come to our attention, during the audit, that the Human Resources Services Branch (HRSB) is currently leading a new initiative to improve both on-boarding (new hires) and off-boardingFootnote 4 (departures). This project is in the early planning stages and will be proposed as part of the departmental Investment Management Process in the Fall of 2018.

1.2 Audit Objective

The objective of the audit was to assess the adequacy of the separation clearance process, including the extent to which existing controls ensure the effective and efficient processing of employee separation.

1.3 Audit Scope

The audit work was conducted between February and June 2018.

The scope of this audit included applicable TB and ESDC policies, directives and guidance. It also included follow-up work to see if previous audit findings identified during the 2014 Audit of Compensation and Benefits were properly addressed.

The audit scope did not include testing of the due diligence relating to employees with privileged access, employees dismissed for just cause or employees who transferred to another position within ESDC. The audit did not examine the completeness and accuracy of inventory for information technology assets, this will be the subject of an upcoming audit. This audit assumes that managers and employees are dealing in good faith when they confirm that physical assets have been returned. Travel was not required for this audit.

1.4 Audit Methodology

The audit was conducted using a number of methodologies including:

  • Interviews with the branches supporting the Separation Clearance Process, as well as other ESDC stakeholders as applicable;
  • Documentation review and analysis;
  • Review of a sample of data on ESDC employees who have permanently or temporarily left the Department from January 1, 2016 to June 30, 2017;
  • Review of processes and procedures for permanent or temporary changes in employment status such as retirement, death, resignation or leave without pay for longer than 10 days;
  • Review of processes and procedures for individuals hired for a predetermined period of time such as contractors and students; 
  • Review of monitoring logs and audit trails in place for the protection of information assets; and
  • Data analytics to cross check information between HR databases PROTECTED.

2. Audit Findings

We expected to find evidence of a Separation Clearance Process that complied with TB Policies, to confirm and document that employees leaving the Department receive their final pay, understand their legal responsibilities, return all assets assigned to them, and that building and departmental system access are removed to safeguard assets and protect corporate information.

The audit found the process was fragmented as some of the enablers'Footnote 5 processes were not captured in the web application. There was no evidence of governance, PROTECTED. We also noted that managersFootnote 6 and enablers were experiencing challenges in successfully completing the process in a timely manner as described in the remainder of this report.

2.1 The separation clearance process does not adequately support the proper off-boarding of employees leaving the Department

Governance

Internal Audit reviewed the Separation Clearance Process to determine its adequacy. We expected to find a well-defined structure which included:

  • Governance and authority;
  • Accountability;
  • Performance measures;
  • PROTECTED;
  • PROTECTED.

The audit found there was no explicit authority to oversee the process and no governing body accountable for the overall achievement of the process objectives. Enablers stated that the departing employee’s manager was accountable for off-boarding and each enabler was accountable for their own sub-process (e.g. final pay). For each separation activity we found no evidence of performance measures to track performance, PROTECTED. There was no evidence of communication between enablers or managers PROTECTED.

Separation Clearance Process

We expected to find a clearly defined integrated process consistently applied as employees leave the Department either permanently or temporarily.

The audit team observed that the process was documented on the Intranet in the form of a Departure Roadmap. The Separation Clearance Application was located on the HRSC web application. However, certain activities require the manager to use a separate process and applications, such as stopping pay (HRSB) PROTECTED

The distribution of tasks among enablers and the departing employee’s manager made it difficult to piece together the information needed to verify that the separation clearance had been successfully completed. There was a great deal of information or activities to understand, documented in several locations, to successfully separate an individual. The automated Separation Clearance Application is a series of online forms and checklists for the individual, manager, CFOB and ISB to complete when there is a change to an individual’s existing employment situation.

Through our audit testing we noted that the process was not integrated, fully automated or user friendly. There were issues moving through the process steps on the HRSC web application. In some instances, managers were not submitting the Separation Clearance Applications to enablers. If successfully submitted the application was sometimes returned by one of the enablers. Managers were not always clear on how to send the request back to the enabler once corrections were made PROTECTED (see Diagram 1 on the next page).

We found that separation clearance activities outside of the Separation Clearance Application were PROTECTED. For example, managers had to be aware of the necessity to navigate outside of the process to:

  • Finalize compensation and benefits and stop payFootnote 7 (HRSB process);
  • PROTECTED;
  • Obtain guidance on requirements to complete the separation based on type (i.e. retirement or leave without pay); and
  • Access required forms to complete, sign and then scan into the application.

HRSB and IITB processes are not captured by the Separation Clearance Application. There is no sign-off or evidence that these processes are completed by the enablers. For example, some managers indicated on the Separation Clearance Application that PROTECTED.

In terms of stopping pay, testing results revealed that, for some departures, the manager did not initiate a pay action request, while others only initiated a pay action request a few days before or after the employee left the Department.This may be explained by the following:

  • A lack of manager awareness that a pay action may be required as part of the Separation Clearance Process. A pay action request needs to be completed in another application outside of the Separation Clearance Application to stop pay following the implementation of Phoenix in 2016.
  • HRSB requires up to 20 working days to request a stop in pay and relies on the Public Service Pay Centre to perform these controls.

Internal Audit analysed PROTECTED separation clearance applications from January 2016 to June 2017. We observed that 45% of these requests were completed (not including HRSB PROTECTED), 39% were incomplete and 16% were duplicate requests.

PROTECTED

The illustration below outlines the results of our analysis.

PROTECTED

A user survey conducted in 2016 by HRSB identified that users found the Separation Clearance Process time consuming, complex and confusing, users didn’t know where to go to get help. We were informed by HRSB that there was no formal training provided to stakeholders at the time the process was first launched although ad-hoc training was provided to some enablers via a "train the trainer scenario".

Separation Clearance Activities

The audit found that when a separation clearance was completed it was not always completed prior to the individual’s departure date as prescribed by policies and outlined in process guidance. Interviews with enablers and testing results identified the following reasons why separations are not processed on the employee's last day:

  • The manager initiated the process after departure;
  • Delays due to missing separation clearance documents;
  • Difficulties using the separation clearance web application; and
  • Lack of awareness of the Separation Clearance Process.

PROTECTED

The departure of an employee impacts many different areas of the Department. It is important that enablers manage separation clearance activities in a consistent manner to enable managers to successfully carry out their roles.

Recommendation
  1. The Department should designate an accountable owner responsible for managing and overseeing the Separation Clearance Process so that issues identified in this report are addressed. 
Management Response

Management agrees with the recommendation. Effective immediately, HRSB will be responsible for managing and overseeing the Separation Clearance Process so that issues identified in this report are addressed. Actions are expected to be completed before the end of the fourth quarter of 2018–19.

2.2 PROTECTED

A completed Separation Clearance Process is meant to provide a certain level of assurance that the Department has withdrawn all authorities and recovered all departmental property from departing employees upon termination and to remind them of their continuing responsibilities relating to the confidentiality of the sensitive information they had access to in the course of their employment.

The signed Separation Clearance Application including the Security Screening Certificate and Briefing Form indicate that the manager has requested PROTECTED, met with the employee to collect physical assets and had a discussion with regards to information of business value and post-employment responsibilities. 

In reviewing the completed requests the audit team found that separation clearance applications are frequently not signed, as prescribed. Managers rely on the good faith of the employee in completing the asset checklist as they do not have access to any lists of government assets (there is no integrated system providing this information). This sign-off is an attestation between employee and manager that assets and information have been recovered and that the employee understands their post-employment responsibilities. 

The audit team found no evidence that enabling services branches followed-up on unsigned forms with the exception of the Security Screening Certificate and Briefing Form PROTECTED.

The audit testing revealed that out of 45% of completed requests for separation, managers initiated 22% after the employee left the Department. As outlined in Diagram 1, 39% of all requests were not completed. Audit testing discovered that incomplete requests are PROTECTED. We spoke to enabling services branches regarding these requests and were informed that:

  • PROTECTED
  • PROTECTED

Building Access

The Regional Security Office (RSO) is responsible for terminating building access upon separation. This is achieved by changing the individual’s security clearance status from active to inactive. In order to make this change the RSO must receive the signed Security Screening Certificate and Briefing Form. The site specific building access is managed by either the RSO or a local site manager depending on the location.

PROTECTED.

PROTECTED. There is often more than one system or process involved. If the building is not a Government of Canada building, an external management company may also be involved in controlling access, for example, access security codes or additional building cards. Testing of 86 departures revealed that building access was terminated as follows:

  • PROTECTED
  • PROTECTED
  • PROTECTED

Network Access

In order to prevent unauthorized network access after an employee leaves the Department, PROTECTED.

PROTECTED. The date that access is disabled is only available as part of the request and tracked by the name of the requestor and not the name of the departing employee which made testing challenging. PROTECTED. Testing of 86 requests to disable access indicated the following:

  • PROTECTED
  • PROTECTED
  • PROTECTED

At the time of the audit, there were PROTECTED. We reviewed a sample of these accounts to determine if the Separation Clearance Process was completed. We found that PROTECTED. We were informed that the process to PROTECTED.

When an employee leaves the Department and their network access is disabled the PROTECTED. PROTECTED if the employee does not return to the Department or if the employee is not a custodian of information related to an ongoing litigation.

The manager of an employee who is identified as a litigation custodian must advise IITB of their departure so that their devices and network accounts can be held and protected until the litigation has ended. PROTECTED.

PROTECTED

Recommendation
  1. HRSB, CFOB, IITB and ISB should review the Separation Clearance Process to PROTECTED.
Management Response

Management agrees with the recommendation. HRSB will request the Major Projects and Investments Board Gate 1 approval of the Offboarding Project, a project that seeks to automate the Offboarding process, PROTECTED. HRSB, CFOB, IITB and ISB will review existing iService Offboarding process information for improvement. Through the newly formed governance committees, the process will be reviewed for further standardization, PROTECTED will be reviewed to identify improvements and separation clearance completion rates (key performance indicators) will be reviewed to aid in targeting training and communications, escalations and process improvements. HRSB will regularly monitor the new solution to escalate delayed processing of specific tasks, review data on separation clearance completion rates and make recommendations to governance on process improvements, training, communications and required escalations. PROTECTED.

3. Conclusion

The audit concluded that the Separation Clearance Process is not adequately managed. The results of our audit tests showed that the processing of separation activities is PROTECTED. The audit identified the need to establish proper governance, accountability PROTECTED of the Separation Clearance Process. There is also a need to PROTECTED.

4. Statement of Assurance

In our professional judgement, sufficient and appropriate audit procedures were performed and evidence gathered to support the accuracy of the conclusions reached and contained in this report. The conclusions were based on observations and analyses at the time of our audit. The conclusions are applicable only for the Audit of the Separation Clearance Process. The evidence was gathered in accordance with the Treasury Board Policy on Internal Audit and the International Standards for the Professional Practice of Internal Auditing.

Appendix A: Audit Criteria Assessment

Audit Criteria Criteria description Rating
It is expected that the Separation Clearance Process is established and working as intended   A clearly defined process for individuals who are leaving ESDC is applied PROTECTED. PROTECTED
All government assets assigned to the departing employee have been returned to the issuing unit and that receipts acknowledging this are on file. PROTECTED
Accountability has been assigned and roles and responsibilities are clearly defined, documented, and communicated to employees, managers and enabling functions. PROTECTED
Information of business value that has been stored in accordance with departmental information management policies is in a location that is accessible by coworkers with a need to know. PROTECTED
Employees who have permanently left the Department have been appropriately discharged and have been made aware of any benefit entitlements or amounts owed to or owing from the Crown. PROTECTED
It is expected that PROTECTED Processes are in place to enable PROTECTED. PROTECTED
Employees and managers are provided with the necessary training, tools, resources and information to support the discharge of their responsibilities with regard to PROTECTED. PROTECTED
PROTECTED are withdrawn from individuals who leave the organization. PROTECTED

Appendix B: Separation Clearance Process

The Separation Clearance Process is broken down into eight major components described below:

Step 1: Separation clearance activities are triggered by an employee, the employee's manager or an alternate contactFootnote 8 by completing a notice of separation in the form of a Separation Clearance Application found on the HRSC web application. While this process can be started before the employee’s last day it must be completed by the last official day of work, i.e. departure or leave without pay for more than 10 days.

Steps 2 and 3: The manager meets with the employee and reviews the PROTECTED of all assets assigned to the individual leaving the Department. This meeting includes a discussion with the individual on the conflict of interest and post-employment policy requirements.

Signed forms (wet signature) and other related information must be scanned and uploaded to the Separation Clearance Application to serve as a repository and back-up to the hard-copy originals. The manager then sends hard-copies of the Separation Clearance Application and the Security Screening and Briefing Form, to the applicable RSO of ISB. 

Once completed, the manager submits the Separation Clearance for further processing to the Enabling Services Branches: CFOB, ISB, IITB, and HRSB. 

Step 4: CFOB performs a financial review to ensure that departmental employees do not owe the Department any money related to travel advances, relocation advances, petty cash, emergency salary advances, etc. They also remove financial signing authority (Section 34) along with any acquisition or travel cards.

Step 5: ISB receives the Security Screening Certificate and Briefing Form and sends it to the Personnel Security Unit, National Headquarters, to have it placed within the departing employee’s personnel security file where it will remain PROTECTED.

Step 6: HRSB finalizes the compensation and benefits and contacts the Pay Centre to stop pay.

Step 7: PROTECTED.

Step 8: Once the Enabling Services Branches have completed their work, the manager receives an e-mail confirming that the employee has been successfully separated.

Appendix C: Glossary

CFOB
Chief Financial Officer Branch
ESDC
Employment and Social Development Canada
ESRP
Enabling Services Renewal Program
HR
Human Resources
HRSB
Human Resources Services Branch
HRSC
Human Resources Service Centre
IITB
Innovation, Information and Technology Branch
ISB
Integrity Services Branch
RSO
Regional Security Office
TB
Treasury Board
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: