Core Control Audit of the Financial Consumer Agency of Canada
May 2018
Office of the Comptroller General
Why This Is Important
The Financial Administration Act designates deputy heads as accounting officers for their department or agency. As accounting officers, deputy heads are accountable for ensuring that resources are organized to deliver departmental objectives in compliance with government policy and procedures.
Core control audits provide deputy heads with assurance regarding the effectiveness of core controls over financial management in their respective organization. By doing so, core control audits inform deputy heads of their organization’s level of compliance with requirements contained in selected financial legislation, policies and directives.
About the Financial Consumer Agency of Canada
The Financial Consumer Agency of Canada (FCAC) was established to protect consumers by supervising federally regulated financial entities and by strengthening the financial literacy of Canadians.
FCAC derives its mandate from the Financial Consumer Agency of Canada Act. The Act outlines FCAC’s functions, administration and enforcement powers, and lists the sections of federal laws and regulations under its supervision. As a regulatory agency, FCAC can exercise its enforcement powers to ensure that federally regulated financial entities comply with the consumer provisions of the various federal acts relating to financial services.
FCAC reports to the Minister of Finance on the Agency’s activities and the legislative framework for consumer protection. In addition, each year FCAC prepares an annual report for Parliament.
According to FCAC 2016–17 Business Plan, the FCAC had spending of approximately $18.26 million and human resources of 89 full-time equivalents in fiscal year 2016–17.
Core Control Audit Objective and Scope
The objective of this audit was to ensure that core controls over financial managementFootnote 1 within the FCAC result in compliance with key requirements contained in the selected financial legislation, policies and directives.
The scope of this audit included financial transactions, records and processes conducted by the FCAC. Transactions were selected from the period of April 1 to December 31, 2016. The audit examined a sample of transactions for each of the selected policies and directives. The Appendix provides a complete list of policies and directives included in the scope of the audit and the overall compliance in the areas tested.
Conformance with Professional Standards
This audit engagement was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Mike Milito, MBA, CIA, CRMA
Assistant Comptroller General
Internal Audit Sector, Office of the Comptroller General of Canada
Audit Findings and Conclusion
Core controls over financial management regarding the transactions tested within the FCAC resulted in full compliance with key requirements contained in two of the ten policies, directives and corresponding legislation tested,Footnote 2 and partial compliance in five. The FCAC was not in compliance with the key requirements contained in the remaining three policies and directives tested.
The FCAC has established a sound financial management governance structure to ensure strong financial management of public resources. Sound controls were also observed in receivables management.
Weaknesses were identified in the areas of contracting, documentation, approval, and timeliness.
Contracting
The audit noted that documentation to support the contracting method (competitive and non-competitive) was not always on file. In particular, pre-defined statements of work, sole-source justification, best-value analysis, evaluation criteria and reports signed by all evaluators, and proof of execution were not consistently prepared or retained on file. Moreover, non-competitive contracts were frequently awarded without documented consideration of existing mandatory methods of supply (e.g., government-wide supply arrangements). Further, not all contract amendments were properly justified and substantiated, and the proactive disclosure of contracts or amendments above $10,000 was not always made in the appropriate amount.
Documentation
For acquisition cards, documentation to support their issuance, approval, modification, and acknowledgement of responsibilities by the cardholder was not retained on file. For government travel, supporting justification for reimbursement was not always available when applicable limits were exceeded or when itineraries were modified.
Similarly for hospitality, planning documentation did not always reasonably justify the operational need for hospitality expenditures, and the supporting documentation of whether the most economical means to avoid or minimize hospitality costs was not always on file. In addition, applicable hospitality transactions were not always proactively disclosed.
For pay administration, documentation pertaining to overtime and departure forms was not always on file. Further, account verification was not always properly supported with proof of execution and cost in the area of contracting.
Approval
With respect to delegation of financial authorities for disbursements, no evidence was provided to demonstrate when the employees with delegated financial authorities had completed mandatory training. In addition, approvals of signature specimen cards were not dated and there was no evidence provided to demonstrate that a formal, annual review of the delegated financial authorities had been conducted.
With respect to hospitality, the participant sometimes performed expenditure initiation or account verification. Weaknesses were also observed in the areas of acquisition cards, contracting and pay administration, as authorization with respect to expenditure initiation was not always on file.
Lastly, the audit found for contracting, two instances where incompatible duties were performed whereby the delegated contracting authority also completed account verification, which resulted in a lack of segregation of duties. FCAC stated due to the organization’s size this practice was performed on an exception and only used to ensure continuous operations as an emergency measure.
Timeliness
Pre-approvals were not always obtained prior to the expenditure initiation, especially in the areas of acquisition cards, contracting, hospitality and pay administration. Similarly, account verification was not always performed on a timely basis, or timeliness could not be determined because transactions were not dated by the appropriate authority.
Recommendations
The Commissioner of the Financial Consumer Agency of Canada should ensure that:
- Delegation business processes are improved and are consistently performed in compliance with the Treasury Board Directive on Delegation of Financial Authorities for Disbursements, and that sufficient documentation is retained on file.
- Sufficient documentation is retained on file for acquisition cards to substantiate their issuance, approval, modification, and acknowledgment of responsibilities by the acquisition cardholder, and to support that acquisition card purchases are government business-related expenses.
- Contracting business processes are improved and are consistently performed in compliance with the Treasury Board Contracting Policy, and that sufficient documentation is retained on file.
- Travel business processes are improved and are consistently performed in compliance with the National Joint Council Travel Directive, and that sufficient documentation is retained on file.
- Hospitality business processes are improved and are consistently performed in compliance with the Directive on Travel, Hospitality, Conference and Event Expenditures, and that sufficient documentation is retained on file.
- Departure forms are completed by all applicable authorities and kept on file.
- Expenditure initiation (pre-approval and commitment) is properly documented and performed by an individual who has the appropriate delegated authority before expenses are incurred, specifically in relation to acquisition card purchases, hospitality expenditures, contracting and pay administration actions.
- Account verification is performed by the appropriate delegated authority on a timely basis, and is supported by complete documentation (proof of execution and cost), specifically in relation to acquisition card purchases, hospitality expenditures, contracting and pay administration actions.
Management Response
Management has accepted the audit findings and has developed an action plan to address the recommendations. It is expected that the management action plan will be fully implemented by March 31, 2019.
The results of the audit and the management action plan have been discussed with the Commissioner of the Financial Consumer Agency of Canada and with the Small Departments Audit Committee. The Office of the Comptroller General of Canada will follow up on the implementation of the management action plan.
Appendix: Policies and Directives Tested
| Policies and Directives Tested | Compliance |
|---|---|
| Directive on Delegation of Financial Authorities for Disbursements | Not Met |
| Policy on Financial Management Governance | Met |
| Directive on Acquisition Cards | Partially Met |
| Contracting Policy | Not Met |
| National Joint Council Travel Directive | Partially Met |
| Directive on Travel, Hospitality, Conference and Event Expenditures | Not Met |
| Directive on Financial Management of Pay Administration | Partially Met |
| Directive on Receivables Management | Met |
| Directive on Expenditure Initiation and Commitment Control | Partially Met |
| Directive on Account Verification | Partially Met |
Legend of Compliance ThresholdsFootnote 3
Met – Greater than or equal to 98% compliance
Partially Met – Greater than or equal to 80% and less than 98% compliance
Not Met – Less than 80% compliance
Page details
- Date modified: