Audit of Key Financial Controls at the Public Health Agency of Canada, 2015-16

Final Report

November 2016

Download the alternative format
(PDF format, 261 K, 34 pages)

Organization: Public Health Agency of Canada

Published: 2017-XX-XX

Table of Contents

Executive summary

In support of the Treasury Board Policy on Internal Control, the President and the Chief Financial Officer of Public Health Agency of Canada (PHAC) are required to sign an annual representation letter acknowledging their responsibilities for maintaining an effective system of internal control over financial reporting.

The objective of this audit was to provide reasonable assurance that select key financial controls in support of PHAC's financial statements are operating effectively. The audit focused on testing the controls that help PHAC meet its control objectives and address management's responsibility over the completeness, validity and accuracy of its financial reporting. The audit covered transaction processing activities for fiscal year 2015-16.

The audit was conducted in accordance with the Internal Auditing Standards for the Government of Canada and the International Standards for the Professional Practice of Internal Auditing. Sufficient and appropriate procedures were performed and evidence gathered to support the accuracy of the audit conclusion.

Why are key financial controls important?

An effective internal control system is critical for managing and meeting organizational goals, mitigating risks of error and fraud and building public confidence. Key controls serve to detect errors or control failures in a timely manner or prevent other control failures before they have an opportunity to become material. As such, they are fundamental for ensuring that risks related to the stewardship of public resources are adequately managed. The controls should remain effective in a challenging environment.

What was found?

The audit concluded that select key financial controls in support of PHAC's financial statements are generally operating effectively. Areas requiring improvements include the management of PAYEs; segregation of duties; journal vouchers; and pay transactions including quality assurance review and documents retention.

Management agrees with the five recommendations set out in the report and has provided an action plan that will improve the effectiveness of PHAC's internal controls over financial reporting.

A - Introduction

1. Background

An effective internal control system is critical for managing and meeting organizational goals, mitigating the risk of error and fraud and building public confidence.

The Deputy Head, as the Accounting Officer, is accountable for the measures taken to maintain effective systems of internal control in Public Health Agency of Canada (PHAC)Footnote 1. To this effect, Treasury Board (TB) requires departments and agencies to have an effective system of internal controls to mitigate risks for:

  • the prudent stewardship of public funds;
  • the safeguarding of assets; and
  • reliable reporting.

The TB Policy on Internal Control requires that the Deputy Head sign an annual departmental Statement of Management Responsibility Including Internal Control over Financial Reporting. The TB Policy on Financial Resource Management, Information and Reporting requires that the Deputy Head take measures to ensure that the department can sustain a control-based audit of its annual financial statements.

At PHAC, the Office of the Chief Financial Officer (OCFO) has developed an Internal Control over Financial Reporting Framework (ICFR), which specifies responsibilities for internal control, including internal controls over financial reporting (see Appendix C). The OCFO has developed a plan, in collaboration with the Internal Control Division of the Financial Operations Directorate, under the Shared Services Partnership, to establish a risk-based strategy for monitoring controls on a cyclical basis and to support a conclusion about the internal control system's ability to manage or mitigate risks pertaining to reliable financial reporting.

In recent years, the Office of Audit and Evaluation (OAE) has conducted a number of audits as part of a strategy to provide continuous assurance and support for PHAC's efforts to ensure it can sustain a control-based audit of its annual financial statements. These audits include the Audit of Procurement and Contracting (March 2015) and previous years' Audits of Key Financial Controls (most recent: October 2015). These audits have contributed to the strengthening of controls in a number of key areas.

Rationale for the audit

The audit provides an independent assessment of the effectiveness of the regime for identifying and addressing control deficiencies related to reliable financial reporting. It supports the PHAC Departmental Audit Committee's responsibility for due diligence and constructive challenge of the evidence and action plans underpinning the certification in the annual Annex to the Statement of Management Responsibility.

Key financial controls are fundamental for ensuring that risks pertaining to the stewardship of public resources are adequately managed; the controls should remain effective in a challenging environment. Current challenges include modernization and shared responsibility, such as the Pay Transformation Initiative, the Health Canada-Public Health Agency of Canada Shared Services Partnership, and cluster support for Enterprise Resource Planning systems, such as PeopleSoft and SAP.

2. Audit objective

The objectives of the audit were to:

  • Determine whether select key controls supporting PHAC's financial statements are operating effectively, in order to mitigate the risk of material misstatements in terms of ensuring the validity, completeness and accuracy of the financial transactions; and
  • Follow up on the progress made on the implementation of the management action plan developed in response to the previous year's key financial controls internal audit recommendations.

3. Audit scope

The audit included a review of key financial controls that are either common or specific to the following significant classes of transactions:

  • Grants and contribution agreements;
  • Salary and wage expenses;
  • Purchase of goods and services;
  • Acquisition card purchases; and
  • Capital assets.

The lines of enquiry and audit criteria are presented in Appendix A. An overview of the audit coverage of the key financial controls identified in ICFR is provided in Appendix D.

The audit covered transaction processing activities for fiscal year 2015-16. The controls tested are predominantly within the OCFO and the Shared Services Partnership-Financial Operations Directorate, but the audit also reviewed the control activities that fall under the responsibility of cost centre managers.

4. Audit approach

The audit project was conducted in conformity with the Treasury Board of Canada's Policy on Internal Audit.

In assessing the effectiveness of key financial controls, the audit comprised interviews with employees, review of documentation (for example, PHAC's policies and procedures, relevant documentation), observation of key processes and controls and analysis of financial and non-financial data using computer-assisted audit techniques and tools. The audit leveraged the work performed by other parties, such as the Office of the Auditor General, the Shared Services Partnership-Internal Control Division, the Office of the Procurement Ombudsman and other audits conducted by the Office of Audit and Evaluation, as appropriate.

5. Statement of conformance

In the professional judgment of the Chief Audit Executive, sufficient and appropriate procedures were performed and evidence gathered to support the accuracy of the audit conclusion. The audit findings and conclusion are based on a comparison of the conditions that existed as of the date of the audit, against established criteria that were agreed upon with management. Further, the evidence was gathered in accordance with the Internal Auditing Standards for the Government of Canadaand the International Standards for the Professional Practice of Internal Auditing. The audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program.

B - Findings, recommendations and management responses

1. Follow-up on previous year's recommendations

Audit criterion: Progress is made on the previous year's recommendations.

The audit examined the implementation of the previous year's recommendations and found that management has fully implemented most of the committed actions for the recommendations made in the previous year's report (see Appendix E).

Cancellation of unnecessary specimen signature cards (recommendation 1)

Management sent a message to all specimen signature cards (SSC) editors, reminding them of the importance of complying with the current procedures. A review of SSCs was conducted to ensure that duplicate or unnecessary cards were removed. This review will be conducted annually.

Reduction of accounting errors in acquisition card transactions (recommendation 2)

Acquisition card training material has been updated. An enforcement strategy was implemented, consisting of sending a quarterly message to card holders informing them of errors found during the QA exercise, along with advice and procedures to avoid the errors in the future.

Communication and monitoring of management variance review (MVR) sign-off requirements (recommendation 3)

The 2015-16 MVR call letter instructions were modified to include a requirement for the sign-off and retention of MVR reports at the division head and cost centre manager levels. A management information package was communicated, including TBS guidance on Financial Administration Act (FAA) Section 34 on pay expenditures. To ensure compliance with the sign‑off requirements, the OCFO has updated the MVR training material and conducted training sessions. The OCFO also requests signed MVR reports from the Branches on a random basis. Management is preparing for the implementation of ongoing risk-based monitoring of management variance review sign-off, which is expected to begin in fiscal year 2016-17.

Compliance to PHAC's Standard on Journal Vouchers (recommendation 4)

Training sessions were provided to SSP-FOD staff who process journal vouchers. In addition, instructions providing guidance related to journal voucher review and supporting documentation requirements was distributed.

Timely close-out of grants and contribution agreements in the Grants and Contributions Information Management System (GCIMS) (recommendation 5)

Management has updated the financial management Standard Operating Procedures, including the close-out of grants and contribution agreements in GCIMS.

2. Select key financial controls common to all classes of transactions

2.1 Delegation of financial signing authorities

Audit criterion: Controls over the maintenance of specimen signature cards ensure that delegations of financial signing authorities are valid.

Financial signing authority is delegated to various management levels throughout PHAC by the Minister and the President. These authorities are then granted to employees at various management levels by creating and activating specimen signature cards, which are maintained in SAP. There were approximately 900Footnote 2 active signature cards in the database as of March 2016.

Certification under FAA Section 33 (payment authority) ensures that payments are subject to authorized requisitions, are lawful charges against the appropriation and are within the appropriations level. This requires that appropriate processes and controls be in place to verify accounts under FAA Section 34, as stated in PHAC's delegation of financial signing authority document. Financial officers performing Section 33 of the FAA rely on the specimen signature cards to substantiate whether an employee has valid Section 34 delegation of financial signing authority.

With the changes related to the recent Pay Transformation Initiative, an external service provider (SP) also relies on the accuracy of the signature card database. Consequently, it is essential that the controls over the creation and activation of specimen signature cards operate effectively, to comply with the FAA and central agency policy instruments and prevent unauthorized expenditures.

Activation of specimen signature cards

Prior to activating a specimen signature card, specimen signature card editors must verify the validity of the request (for example, approved by a supervisor with delegated authority, mandatory training has been taken and issued to an eligible PHAC employee, only one substantive card per individual, in most cases).

The audit examined specimen signature cards activated in fiscal year 2015-16 to verify that the review of specimen signature card requests by Specimen Signature Card Editors was adequately performed and found no issues.

Termination of specimen signature cards

An employee's specimen signature card may be terminated for two reasons: the employee's responsibilities have changed or the employee has left PHAC. In the first instance, the signature card is edited to reflect the new responsibilities, provided that the employee retains financial signing authority. In the second instance, the signature card is simply cancelled.

Timely termination of specimen signature cards is essential to support the financial officers' responsibilities for FAA Section 33 certification. As well, the external SP for the new Payroll system relies on PHAC to provide up-to-date information on employees with FAA Section 34 authority for pay transactions. To this effect, a mandatory departure process and a departure application tool were implemented to facilitate the timely cancellation of cards. Furthermore, the Shared Services Partnership-Financial Operations Directorate performs an annual review of specimen signature cards as a compensating control, to cancel cards that are no longer required.

The audit assessed the accuracy of the database throughout the year by analyzing the timeliness of the cancellation of specimen signature cards for departed employees. The audit found some instances of cards being cancelled more than 30 days after the employee's departure.

2.2 Quality assurance process over Financial Administration Act Section 34 certification

Audit criterion: The quality assurance performed over Financial Administration Act Section 34 certification is effective.

A well-functioning quality assurance process is a key control, ensuring that a high standard of integrity and accountability is maintained in the spending of public money and supporting sound stewardship of financial resources.

Under Section 34 of the FAA, managers are required to certify that:

  • goods were supplied or the service rendered;
  • the price charged is in accordance with the contract;
  • supporting documentation is complete;
  • the financial coding is correct; and
  • the payee is eligible and entitled to the payment.

Source: TBS Directive on Account Verification

In accordance with the TBS Directive on Account Verification, PHAC employs a risk-based approach to performing the quality assurance review over Section 34 of the Financial Administration Act (FAA) account verification  when exercising payment authority for payments, pursuant to FAA Section 33.

The objective of the quality assurance process is to confirm that FAA Section 34 certification is properly and consistently performed. For high-risk transactions, it acts as a main control to ensure that the transactions are accurate and valid and that errors (if detected) are corrected prior to payment. For low-risk transactions, the quarterly sampling results provide insight into the effectiveness of FAA Section 34 certification and, if necessary, action plans are developed. For both types of transactions, errors are corrected as deemed necessary. This provides assurance that transactions are valid, accurate and properly authorized.

As illustrated in Figure 1, all transactions undergo a minimum quality assurance, which focuses on verifying the appropriateness of FAA Section 34 authorization, the financial coding and vendor information. Minimum quality assurance reviews are either performed manually or are done automatically through SAP-P2P. A risk profile (low or high) is then assigned, based on the nature and value of the transactions, through a “gating” process.

Figure 1: Quality Assurance Review Process

Text equivalent below

Source: Shared Services Partnership Statistical Sampling Training Guide

Text Equivalent: Figure 1

The Public Health Agency conducts a quality assurance process designed to ensure that transactions are valid, accurate and properly authorized, and that errors are caught and corrected.

For Transfer Payment Transactions (including FAA Section 34 approval by CCM), data entry is performed prior to the transaction undergoing a manual minimum quality assurance assessment. For commercial invoices and general Accounts Payable transactions, section 34 approval is obtained prior to an automated minimum quality assurance assessment through the SAP-P2P system.

All transactions are then put through a gating process that determines if the payment is high or low risk. If the transaction is deemed high risk, it undergoes a full quality assurance prior to being sent for payment processing. Transactions deemed low risk are sent directly for payment processing. However, statistical sampling is done on a quarterly basis, therefore a random sample of low-risk transactions will be selected to undergo the full quality assurance review.

Transactions identified as low-risk are paid immediately after minimum quality assurance is performed, but they may be subject to a full quality assurance review through quarterly statistical sampling. This process is referred to as the Post-Payment Quality Assurance Process.

All transactions deemed as high-risk undergo a full quality assurance review prior to payment. This includes verifying whether the backup documentation provided supports the payment request, whether the financial coding is appropriate, the claimed amounts are in accordance with the corresponding contract or funding agreement and procurement documents and payment requests comply with TB and PHAC policies. Examples of high-risk transactions include all transfer payment transactions, membership fees and non-public servant travel. Errors identified through quality assurance that call into question the validity of the payment request must be followed-up and corrected, such as inappropriate FAA Section 34 financial signing authority or an invoice price that is not in accordance with the contract or funding agreement.

Table 1 provides a breakdown by risk profile of the transactions recorded in fiscal year 2015-16. It demonstrates that even though the proportion of high-risk transactions was 9% of the total population in terms of numbers, these transactions represented 69% of the total dollar value.

Table 1: Transactions by risk profile, fiscal year 2015-16
Risk Profile No. of Transactions Value
(‘000) (%) ($ M) (%)
High  3.7 9% 240.1 69%
Low 36.1 91% 109.6 31%
Total 39.8 100% 349.7 100%
Source: PHAC’s financial system, fiscal year 2015-16.

Quality assurance over FAA Section 34 account verification encompasses most payment transactions, including grants and contributions, accounts payable, travel claims, honoraria, and acquisition cards. Salary and wage expenditures are not included, since they are subject to a different quality assurance process, which is discussed in section 3.2 of this report. In fiscal year 2015-16, interdepartmental settlement (IS) transactions were included in the post-payment testing and sampling approach. However, the Statistical Sampling Framework has not been updated to reflect this change. Management has indicated that the Statistical Sampling Framework is currently being revised to include this change.

The main aspects of the quality assurance process include:

  • the gating of transactions;
  • the identification of errors in account verification;
  • the logging of results of the quality assurance review; and
  • the quality assurance or statistical sampling of low-risk transactions.

Gating of transactions for the quality assurance process

The gating of transactions is an important aspect of the quality assurance process. It determines whether a transaction presents a low risk or a high risk as per the Statistical Sampling Framework, thereby determining the level of quality assurance (minimum or full) to be performed prior to payment. Gating is based on the financial coding used when creating a purchase order or when an invoice is entered.

The audit determined that some transactions for non-public servant travel were gated as low‑risk rather than high-risk due to inaccurate financial coding used to create the purchase orders. Consequently, the transactions may not have been subject to the appropriate level of quality assurance review prior to payment. This is further discussed in section 3.3 of this report.

Identification of errors in account verification

The quality assurance review entails verification that FAA Section 34 account verification has been performed properly (for example, price charged is in accordance with the contract; supporting documentation is complete; financial coding is correct; and the payee is eligible and entitled to the payment). This process provides evidence of the effectiveness of FAA Section 34 account verification.

The audit tested transactions recorded in fiscal year 2015-16 and found that the quality assurance review was adequately performed.

Logging of results of the quality assurance review

The Shared Services Partnership Statistical Sampling Training Guide requires that all errors identified during the quality assurance review for both low- and high-risk transactions be recorded in SAP. This is regarded as the most significant output of the quality assurance process, because it provides the necessary data to report on the overall adequacy and reliability of the account verification process and allows management to develop corrective actions where necessary, in accordance with the TBS Directive on Account Verification.

The audit found that for the sample of transactions reviewed, errors on high-risk transactions identified by the quality assurance reviewer were recorded in SAP.

Post-payment quality assurance of low-risk transactions

As noted earlier, all low-risk transactions undergo a minimum quality assurance review prior to payment. In addition, a sample of these transactions is selected on a quarterly basis, to undergo a full post-payment quality assurance review. SSP-FOD-Accounting Hubs analyze errors and develops the action plans. The Statistical Sampling Framework provides guidance on corrective actions and follow-up activities.

The audit examined the results of the review of statistically sampled transactions for fiscal year 2015-16. The results indicate that the error rate for IS transactions was consistently above the tolerable error rate (8%). Acquisition card transactions exceeded PHAC’s tolerable error rate in Q2, but Q4 results indicate that measures put in place to address the high error rates are having a positive effect.

Table 2: Statistical sampling error, by quarter
Low-Risk Transaction Group 2015-2016 Error Rate
Q1 Q2 Q3 Q4
Accounts Payable 3.9% 5.2%  0.0%  0.6%
Interdepartmental Settlements 10.4% 7.8% 14.8% 10.3%
Acquisition Card 7.3%  8.4%  5.2%  0.6%

Management is taking steps to address the errors identified on IS transactions, including the implementation of a new Standard on IS in 2016-17.

In conclusion, quality assurance over FAA Section 34 certification is performed.

2.3 FAA Section 33 certification

Audit criterion: Certification of non-salary expenditures under FAA Section 33 is performed and an appropriate segregation of duties exists with FAA Section 34 certification.

The authority to request payments in accordance with Section 33 of the FAA is referred to as payment authority. Pursuant to this section, a financial officer with delegated payment authority must ensure that:

  • FAA Section 34 has been properly exercised by validating that the Section 34 signatory had a valid delegated authority to authorize the expense and that there is auditable evidence that the quality assurance over the adequacy of the Section 34 account verification has taken place; and
  • Expenditures are a lawful charge against the appropriation.

The FAA Section 33 payment authorization performed by financial officers is a key control for ensuring the accuracy and legality of transactions.

The audit found that certification under FAA Section 33 for non-salary expenditures is performed and an appropriate segregation of duties exists with FAA Section 34 certification. FAA Section 33 certification of salary expenditures is discussed in section 3.2 of this report.

2.4 Management review of expenditures and commitments

Audit criterion: Cost centre managers review commitments and expenditures recorded in SAP for completeness, validity and accuracy.

The review of PHAC’s expenditures and commitments is performed through the MVR application, which allows forecasts, adjustments to plans and anticipated expenditures to be entered at various levels for various Funds. Within the MVR, the salary review supports salary forecasting but also serves as part of FAA Section 34 approval for salary expenditures.

The OCFO’s Resource Management and Analysis Division (RMAD) is responsible for coordinating the MVR process by providing instructions and advice to branches. In 2015-16, the MVR process was conducted on four pre-determined occasions throughout the year (June, August, October and December). RMAD’s financial management advisors (FMA) also support program managers by providing tactical advice and performing a challenge function for commitments recorded in SAP and for forecasted expenditures recorded in the MVR.

Responsibility for the review of actual expenditures and commitments and the development of forecasts rests with program management. Reviews are conducted by cost centre managers at all levels in consultation with business managers, with a view to ensuring that the year-end forecast is an accurate reflection of each division’s operational plan. The activity entails reviewing the validity, accuracy and completeness of expenses and commitments and recording the expected costs of upcoming activities in the MVR as anticipated expenditures. Business managers within branches and centres are also responsible for the sign-off and collection of MVRs at all levels of management, down to the lowest budget-holder level.

As a result of the transfer of payroll administration functions to a government-wide SP and the implementation of the new payroll system (Phoenix), departments and agencies, including PHAC, have experienced a significant number of payroll errors that could result in misstatement of salary expenditures recorded in PHAC’s financial system. To mitigate this risk, PHAC relies on the MVR review of salary expenditures to serve as a compensating control to validate the accuracy of salary expenditures posted to PHAC’s financial records (see section 3.2 for more explanations).

OCFO is responsible for ensuring that the MVR exercise is adequately conducted and documented through a challenge function. This process is considered a key control over financial reporting.

The audit examined the MVR process and found that the review and challenge of cost centre manager‘s variance review was adequately performed.

In conclusion, commitments and expenditures recorded in SAP are reviewed for completeness, validity and accuracy.

2.5 Accrued liabilities at year-end

Audit criterion: Review and challenge of payables at year-end are performed to ensure completeness, validity and accuracy.

As per the TBS Directive on Year-End Recording of Payables (PAYE), departments and agencies must identify and quantify liabilities to outside organizations and individuals resulting from operations up to and including March 31st of each fiscal year. In the absence of certainty, estimates must be used to determine the amounts of liabilities, as long as reasonably accurate values can be assigned.

As per PHAC's year-end procedures, cost centre managers and administrators must submit PAYE requests for goods and services of value greater than or equal to $1,000 (except for salary-related items, where the minimum threshold is $400, and for interdepartmental settlements and for grants and contributions, where there is no minimum threshold), for which an invoice has not been received or when accounts payable or payments cannot be recorded by the required cut-off date. In addition, financial management advisors are responsible for reviewing and challenging PAYE requests to ensure that the appropriate documentation is provided to support a valid liability. The total amount of PAYEs created in fiscal year 2015-16 was $19 million.

The audit tested the review and challenge function exercised over both PAYEs related to the previous fiscal year that had yet to be cleared, as well as over PAYEs recorded as part of the 2015-16 year-end procedures. The audit found that review and challenge of prior year PAYEs was performed.

For PAYEs created in fiscal year 2015-16, the audit examined a sample of 39 transactions and found that in three instances, the amount recorded was not supported or was greater than the amount supported by the documentation.

In conclusion, payable at year-end transactions are reviewed and challenged for completeness and validity. However, improvements are required to ensure accuracy of PAYE transactions.

Recommendation 1

It is recommended that the Chief Financial Officer ensure that the PAYE amounts recorded agree with supporting documentation.

Management response

Management agrees with recommendation.

The accounting hubs will review and revise their internal procedure to ensure that the PAYE amounts recorded in SAP agree with supporting documentation.

2.6 System access and segregation of duties

Audit criterion: Access to SAP is restricted and the segregation of duties is enforced.

Segregation of duties is a key concept in internal control that mitigates the risk of fraud and errors. Incompatible duties exist when the same person can perform tasks or functions in multiple phases of a single process. An example of incompatible duties is the creation or maintenance of vendor master files and the recording of purchase orders or vendor invoices by the same individual.

Prior to granting or modifying access, SSP-FOD performs tests to ensure that users do not receive access to incompatible functions. In some cases, SSP-FOD will grant access to incompatible duties due to operational constraints. In these cases, the responsible manager must describe the mitigating control measures in a prescribed form. In addition, SSP-FOD conducts tests to monitor the segregation of duties on a semi-annual basis. In September 2015, the frequency of the monitoring exercise was changed from semi-annually to monthly.

The audit tested the segregation of duties to determine whether individuals had access to incompatible duties. Audit tests found users with access to incompatible duties, as shown in Table 3.

Table 3: Access to incompatible duties at some point during fiscal year 2015-16
# of users Access to incompatible duties Description of risk
3 Create Purchase Order Exercise FAA Section 34 authorities as CCM Goods could be misappropriated, since the same individual is able to approve a purchase, as well as payment of the related invoice.

There is an absence of an approved documented policy to grant access to incompatible duties such as definition of operational constraints, mitigating control measures definition and guidelines; and level of senior management approval.

The audit also verified whether monitoring of segregation of duties was conducted and found that it was performed as scheduled. However, monitoring activities did not include follow-up to verify that mitigating control measures committed to by the responsible manager had been implemented.

In conclusion, improvements are required for system access and segregation of duties.

Recommendation 2

It is recommended that the Chief Financial Officer enhance the enforcement and monitoring of segregation of duties.

Management response

Management agrees with recommendation.

The Financial Systems Team is working with the Internal Control Division to perform a review of the current procedure and system controls. A revised procedure document will be developed to strengthen the controls on the segregation of duties.

2.7 Journal entry review

Audit criterion: Journal entries are reviewed by a second person and accompanied by appropriate supporting documentation.

Journal vouchers (JV) are used to make adjustments in SAP, to ensure that financial information is accurate and properly coded. The Standard on Journal Vouchers (Standard) was developed to formalize the process and the responsibilities for creating, approving, reviewing, and entering JVs into SAP. It identifies the supporting documentation and approval requirements for routine and non-routine JVs.

The audit examined a sample of 25 JVs to ensure compliance with the Standard. The audit found that in two instances, documentation and second-level review of journal vouchers did not meet the requirements of the Standard.

In conclusion, improvements are required to ensure that JVs are reviewed and approved by the appropriate delegated authority, and that forms and supporting documentation are completed in accordance with the Standard on Journal Vouchers.

Recommendation 3

It is recommended that the Chief Financial Officer ensure that journal voucher entries are managed in compliance with the Standard on Journal Vouchers.

Management response

Management agrees with recommendation.

The journal vouchers that did not meet the requirements of the Standard on Journal Vouchers were related to automated system entries generated by SAP. The Financial Policy Team will review and update the Standard on Journal Vouchers to clarify that it does not apply to these transactions. The East and West Accounting Hubs have provided training to the staff who process journal vouchers, to ensure compliance with the current standard for manual journal vouchers.

3. Select key financial controls specific to classes of transactions

3.1 Grants and contributions payments

Audit criterion: Reconciliation of payment requests from GCIMS to SAP is performed. Contribution agreements are reviewed and closed out, to ensure that receivables arising from overpayment are recorded.

Reconciliation of payment transactions between GCIMS and SAP

In fiscal year 2015-16, PHAC's grants and contribution payments ($202 million) were managed through GCIMS.

The reconciliation of GCIMS to SAP contributes to providing assurance that grants and contribution agreement expenditures recorded in PHAC's financial system and GCIMS are complete and accurate.

The audit found that reconciliations of GCIMS to SAP expenditures were conducted by the OCFO's Centre for Grants and Contributions, and items that did not reconcile were adequately explained to ensure that SAP balances used for financial reporting were correct.

Review and close-out of contribution agreements

The review and close-out of contribution agreements are necessary to ensure that all the terms and conditions have been met, that final payments are issued and that receivables arising from overpayments are recorded in PHAC's financial system and collected. The timely close-out and communication of results to Finance are necessary to ensure the completeness and accuracy of PHAC's financial information, specifically accounts receivable.

The audit found that the review and close-out of contribution agreements, including the release of final payments and the recovery of amounts arising from overpayments, were operating effectively.

In conclusion, reconciliation of payment requests from GCIMS to SAP and the review and close-out of contribution agreements are performed.

3.2 Salary and wage expenses

Audit criterion: A trusted source reviews pay transactions to ensure proper authorization.

According to the TB Directive on Financial Management of Pay Administration, the chief financial officer is responsible for the effectiveness of the financial controls related to pay administration, payroll accounting and payment requisitions. The head of human resources is responsible for the compensation policies and function. However, as a result of the Transformation of Pay Administration Initiative, roles and responsibilities and business processes related to pay administration have changed significantly. These changes include the transfer of pay administration responsibilities, previously under the responsibility of the Corporate Services Branch’s (CSB) Human Resource Services Directorate (HRSD), to a government-wide service provider (SP), as well as the replacement of the Regional Pay System (RPS) with the new Phoenix payroll system.

The SP developed a Pay Centre Control Framework (Framework) designed to ensure the accuracy, completeness, integrity and timeliness of pay services. Under the Framework, PHAC is responsible for ensuring adherence to FAA Section 32; the completeness and accuracy of the information included in staffing requests; adherence to FAA Section 34; and an adequate audit trail to demonstrate compliance. PHAC’s responsibilities are summarized in Appendix F Table 1.

To meet these responsibilities, the Framework requires that departments and agencies create trusted source (TS) roles, which are responsible for ensuring information sent to the SP is accurate, complete and properly authorized under FAA Sections 32 and 34.

PHAC has therefore created distinct staffing and compensation TS functions under the Shared Services Partnership, Corporate Services Branch (SSP-CSB). The staffing trusted source is part of HRSD’s Client Service Division, while the compensation trusted source is part of HRSD’s National Centralized HR Services Division (NCHRSD). The responsibilities of the trusted source are summarized in Appendix F, Table 2.

Staffing trusted source

The staffing trusted source reviews staffing documents such as staffing action requests, letters of offer and acting assignments, to ensure that FAA Section 34 is adhered to prior to sending the documents to the SP. Staffing records sent to the SP are generally kept for a period of five years, as per the Library and Archives Canada Guidelines on Managing Government of Canada Information Resources.

The audit found that process controls pertaining to staffing trusted source activities were effective.

Compensation trusted source

The compensation trusted source reviews documents authorizing pay events, such as various types of leave, end of term and performance pay, to ensure that FAA Section 34 is adhered to prior to sending the documents to the SP.

The audit found that documents reviewed by the compensation TS are retained for a period no longer than six months after they are submitted to the SP, which is not sufficient to ensure that an audit trail is maintained. As well, it does not meet Library and Archives Canada Guidelines on Managing Government of Canada Information Resources, which is two years for compensation documents not related to departures.

The audit also found that time and labour transactions can be entered in the Phoenix pay system in two ways: 1) by the employee, or 2) with the assistance of a timekeeper.

Where employees enter time and labour transactions themselves, employees with access to the Phoenix self-serve option can enter extra duty data and select a cost centre manager to electronically approve the extra duty transaction. However, there are no controls within Phoenix to restrict approval of extra duty pay to manager(s) with delegated authority for specific cost centres. This increases the risk that extra duty transactions are not approved by a person with the proper delegated financial signing authority. PHAC relies on the review of salary expenditures as part of the MVR process to mitigate this risk, an approach suggested by the Office of the Comptroller General.

A timekeeper performs data entry of time and labour transactions for employees whose hours vary from one pay period to the next or who work in remote areas without system access. The audit found that there is currently no process in place to validate the accuracy of the input—a key PHAC responsibility under the Pay Centre Control Framework (see Appendix F, Table 1). There is increased risk that data entry errors leading to incorrect pay amounts could go undetected. Management has indicated that a quality assurance plan is currently being developed by the SSP-FOD, in collaboration with the SSP-HRSD and the SP.

Recommendation 4

It is recommended that the Chief Financial Officer implement a quality assurance process to validate the accuracy of the data input by timekeepers.

Management response

Management agrees with recommendation.

SSP-FOD is currently developing a sampling methodology to validate the accuracy of the data input by timekeepers. The development of the methodology is in consultation with the Financial Systems Team, the Internal Control Division, the Human Resources Services Directorate and Public Services and Procurement Canada (PSPC) resources within the Phoenix project. Note that the Phoenix system is currently not stable and time and labour reports that identify transactions entered by timekeepers only recently became available to departments; to date, PHAC has encountered significant difficulty running these reports successfully.

Recommendation 5

It is recommended that the Assistant Deputy Minister, Corporate Services Branch, develop and implement guidelines for record keeping (conservation of documents) used to demonstrate adherence to FAA Section 34.

Management response

Management agrees with recommendation.

SSP-HRSD’s National Centralized HR Services Division will develop and implement guidelines for record keeping and will communicate them to all compensation trusted sources.

Continuous monitoring of key controls for pay transactions

Given the changes in the pay process, the Internal Control Division of the Financial Operations Directorate, as part of the Shared Services Partnership, has developed and performed testing procedures to monitor the effectiveness for staffing trusted source controls. Management has indicated that effectiveness testing procedures for the compensation trusted source will be developed and performed in 2016-17.

FAA Section 33 Quality Assurance process over adherence to FAA Section 34 for pay transactions

The TBS Directive on Account Verification states that: “Financial officers [that is, SSP-FOD] are responsible for ensuring that payments and interdepartmental settlements are verified when exercising payment authority for payments pursuant to Section 33 of the Financial Administration Act.” The Directive further states that: “although account verification is normally performed prior to payment, completing account verification after the payment has been made is permitted in certain situations”, which is the case for payroll transactions.

Under the Framework, the Post Payroll Quality Assurance (QA) process is conducted by the SP on behalf of departments and agencies. The SP is expected to perform quarterly QA reviews of pay transactions and report its findings through a QA report. The audit found that the SP conducted a QA review for the first quarter of fiscal year 2015-16. PHAC did not receive a QA report for the remainder of the year.

Since the transfer of pay files to the SP and the implementation of Phoenix, departments and agencies, including PHAC, have experienced a significant number of payroll errors impacting employees. Payroll errors can be reported by employees or program management to CSB-HRSD’s National Centralized HR Services Division (NCHRSD), which in turn escalates issues to the SP. The NCHRSD logs and monitors reported issues escalated to the SP, but the financial impact of these issues on PHAC’s financial records is not identified.

As noted in section 2.4, PHAC relies on the MVR review of salary expenditures as a compensating control to mitigate the risk that incomplete or inaccurate salary expenditures are posted to its financial records. This practice is in line with suggestions from the Office of the Comptroller General that departments and agencies apply temporary controls during the Phoenix implementation. Any variances at year-end between the amounts posted to the financial system and the forecasted salary expenditures could assist in identifying payroll errors and in preparing financial entries required to ensure that salary expenditures are reported accurately. In light of the current difficulties experienced with the Phoenix payroll system, PHAC would benefit from reminding managers and financial advisors of the importance of conducting a thorough salary review during the MVR process, in order to mitigate the risk that salary expenditures are misstated.

In conclusion, management has made efforts to mitigate risks to the accuracy, completeness, integrity and timeliness of pay transactions. Continued efforts are required to ensure that transactions entered by timekeepers are reviewed for adherence to FAA Section 34, and that an adequate audit trail is maintained to demonstrate adherence to FAA Section 34.

3.3 Purchase of goods and services

Audit criterion: Purchase orders are reviewed for accuracy, completeness and validity.

Review of contracts over $10,000

Proposals for the procurement of goods and services are reviewed or prepared by procurement specialists. This helps to ensure that contractual documents are in accordance with the Government Contracts Regulations, relevant policies and PHAC's delegation of financial signing authorities, and that an appropriate procurement vehicle is used. This review also provides assurance over the validity and accuracy of the purchase of goods and services over $10,000.

In fiscal year 2015-16, the Office of the Procurement Ombudsman (OPO) conducted a Procurement Practice Review within select government departments and agencies that included PHAC. The report noted that improvements were required to ensure that standing offer (SO) and supply arrangement (SA) contracting procedures are followed and documented, that SOs and SAs are being used as intended, that they are monitored and that the benefits of using these tools are being fully realized. In response, management has implemented measures to address the recommendations included in the OPO report. This included new checklists to assist in the review conducted by procurement officers.

An analysis performed to verify that transactions were gated appropriately under the quality assurance section of this report (section 2.2) revealed that some non-public servant travel transactions were gated incorrectly. To assess this further, a sample of 18 purchase orders was examined to determine whether the appropriate financial coding was used for travel commitments. The audit found that in 17 of the cases, travel commitments were coded to a non-travel related general ledger account on the purchase orders. This can impact the reliability of reporting.  In addition, as noted in section 2.2, it also causes the subsequent accounts payable transaction to be classified as low-risk rather than high-risk, thereby affecting the level of quality assurance review performed prior to payment. The new checklist developed in response to the recommendations by the OPO is expected to address this issue, since it includes a step to verify the reasonableness of the general ledger coding, since most contracts are routed to procurement officers for review or preparation.

In conclusion, purchase orders are reviewed for accuracy, completeness and validity.

3.4 Acquisition card purchases

Audit criterion: Monitoring of monthly acquisition card reconciliations and quality assurance reviews of acquisition card transactions are performed.

Acquisition card purchases are paid prior to the reconciliation of purchases by the cardholder and the FAA Section 34 certification, as permitted under the TBS Directive on Account Verification. To provide assurance over the accuracy and completeness of acquisition card purchases, cardholders are responsible for completing transaction reconciliations to their statement of accounts. The SSP-FOD monitors these reconciliations to ensure that they are adequately completed. The audit found that monitoring of reconciliations was performed.

Quality assurance over acquisition cards

In addition to the monitoring of monthly reconciliations, financial officers conduct quality assurance reviews of acquisition card transactions. All transactions are subject to minimum quality assurance procedures, to ensure that all items included on the monthly card statement are reconciled in SAP and that FAA Section 34 is appropriately documented. High-risk transactions undergo a full quality assurance review, while low-risk transactions are subject to a full quality assurance on a sample basis. As noted in section 2.2, a sample of low-risk transactions is included as part of the statistical sampling exercise through the use of SAP, as is the case for accounts payable transactions. Through this review, selected transactions are examined for appropriate supporting documentation and sign-off. Errors identified through this review are recorded and action plans are developed to address issues noted.

The audit tested a sample of monthly statements, which included transactions that underwent a full quality assurance and found that it was generally performed adequately and appropriately.

In conclusion, controls over acquisition cards were operating effectively.

3.5 Capital assets

Audit criterion: An annual capital assets review is conducted to ensure a proper accounting of capital assets.

The OCFO and the SSP-FOD share the responsibility for conducting an effective annual capital assets review.

PHAC's Capital Assets Accounting Standard defines capital assets as assets with a useful life greater than one year and a per-item cost of $10,000 or greater. PHAC holds a variety of capital assets, including buildings, machinery and equipment.

Physical count of capital assets

The SSP-Materiel and Assets Management Division conducts an annual review of the capital asset inventory aimed at ensuring that PHAC's capital assets are well-managed and properly accounted for. The audit found that the physical count had been performed.

In conclusion, an annual capital assets review is conducted to ensure proper accounting of capital assets.

C - Conclusion

The audit concluded that select key financial controls in support of the departmental financial statements are generally operating effectively. Areas requiring improvements include the management of PAYEs; segregation of duties; journal vouchers; and pay transactions, including quality assurance review and documents retention.

The improvements that have been noted will collectively strengthen the effectiveness of PHAC's internal controls over financial reporting.

Appendix A – Lines of enquiry and criteria

Audit of Key Financial Controls (Public Health Agency of Canada), 2015-16
Criteria title Audit criteria
Line of enquiry 1: Progress made on the previous year's recommendations
Line of enquiry 2: Select key financial controls common to all classes of transactions
2.1 Delegation of financial signing authorities Controls over the maintenance of specimen signature cards ensure that delegations of financial signing authorities are valid.
2.2 Quality assurance process over FAA Section 34 certification The quality assurance performed over Financial Administration Act Section 34 certification is effective.
2.3 FAA Section 33 certification Certification of non-salary expenditures under FAA Section 33 is performed and an appropriate segregation of duties exists with FAA Section 34 certification.
2.4 Management review of expenditures and commitments Cost centre managers review commitments and expenditures recorded in SAP for completeness, validity and accuracy.
2.5 Accrued liabilities at year‑end Review and challenge of payables at year-end are performed to ensure completeness, validity and accuracy.
2.6 System access and segregation of duties Access to SAP is restricted and the segregation of duties is enforced.
2.7 Journal entry review Journal entries are reviewed by a second person and accompanied by appropriate supporting documentation.
Line of enquiry 3: Select key financial controls specific to classes of transactions
3.1 Grants and contributions payments Reconciliation of payment requests from GCIMS to SAP is performed. Contribution agreements are reviewed and closed out to ensure that receivables arising from overpayment are recorded.
3.2 Salary and wage expenses A trusted source reviews pay transactions to ensure proper authorization.
3.3 Purchase of goods and services Purchase orders are reviewed for accuracy and validity. 
3.4 Acquisition card purchases Monitoring of monthly acquisition card reconciliations and quality assurance reviews of acquisition card transactions are performed.
3.5 Capital assets An annual capital assets review is conducted to ensure a proper accounting of capital assets.

Appendix B – Scorecard

Audit of Key Financial Controls at PHAC, 2015-16
Line of enquiry Responsibility 2014 Recs 2015 Recs 2016 Recs Rating
Line of enquiry 1: Previous year's recommendations
Progress made on previous year's recommendations         Satisfactory
Line of enquiry 2: Select  key common controls 
1. Delegation of financial signing authorities SSP-FOD   1   Satisfactory
2. Quality assurance over FAA Section 34 certification SSP-FOD/ OCFO   2    Needs Minor Improvement
3. FAA Section 33 Certification SSP-FOD        Satisfactory
4. Management review of expenditures and commitments RMAD 1 3    Satisfactory
5. Accrued liabilities at year-end RMAD / CGC     1  Needs Minor Improvement
6. System  accesses and segregation of duties SSP-FOD 2   2  Needs Moderate Improvement
7. Journal entry review SSP-FOD   4 3  Needs Moderate Improvement
Line of enquiry 3: Select key specific controls
  Statement of Operations Balance Sheet
Grant and Contribution Agreements Salaries and wages Purchase of goods and services Acquisition card purchases Capital Assets
1a. Reconciliation of payment transactions between GCIMS and SAP CGC        Satisfactory        
1b. Review and close-out of contribution agreements CGC   5    Satisfactory        
2. Review of adherence to FAA Section 34 and quality assurance on pay transactions SSP-HRSD/
SSP-FOD
3   4, 5    Needs Moderate Improvement      
3. Review of contracts SSP-FOD           Needs Minor Improvement    
4. Reconciliations of acquisition card statements of account SSP-FOD             Satisfactory  
5. Capital asset review SSP-FOD/ OCFO               Satisfactory

Appendix C – Public Health Agency of Canada's internal control over financial reporting framework

Table 1: Framework Elements and Processes to Assure the Reliability of Financial Statements
Flow Framework Elements

Processes relating to Organizational obligations, risk management and monitoring

Control Environment

  • Public Service Values
  • Learning, Innovation and Change Management
  • Policy and Programs
  • People
  • Citizen-Focussed Service
  • Risk Management
  • Stewardship
  • Accountability
  • Governance and Strategic Directions
  • Results and Performance

Financial Risk Assessment And Financial Risk Management

  • Financial Reporting Objectives
  • Financial Reporting Risks

Monitoring

  • Ongoing and Separate Monitoring and Assessment
  • Reporting and Deficiencies

Control Activities

For each business process below:

  • Cost effective control activities;
  • Integration with assessment of risks over financial reporting;
  • Supporting policies and procedures assessment;
  • Management of information (for example, IT Applications Controls and Database and Records Management Controls)

Management of Parliamentary Appropriations

  • Budgeting
  • Management Variance Reporting
  • Funding and Resource Allocation (TB Submissions)

Purchasing/ Payables/ Payments
(Shared Services PartnershipFootnote *)

  • Transfer Payment
  • Acquisition Card
  • Contracting/Procurement
  • Travel
  • Hospitality
  • Asset Management
  • Invoice Posting
  • Payments

Payroll
(Shared Services PartnershipFootnote *)

  • Employee Data Management
  • Payroll Processing
  • Reconciliation

Capital Assets
(Shared Services PartnershipFootnote *)

Asset Lifecycle Management

Financial Statement, Year-End and Reporting
(Shared Services PartnershipFootnote *)

  • General Ledger Maintenance
  • Non-recurring Transactions
  • Year-end Processes
  • Financial Statements Preparation
  • Accruals and Management Estimates

Information and Communication

  • Financial Reporting Information
  • Internal Control Information
  • Internal Communications
  • External Communications
Footnote 1

Some controls under these processes fall under the responsibility of the Financial Operations Directorate and Corporate Services Branch of the Shared Services Partnership.

Return to footnote * referrer

Appendix D – Audit coverage of the key financial controls identified in the Internal Control over Financial Reporting Framework

Controls tested as part of the Audit of Key Financial Controls 2015-2016
Significant Business Processes Amount ($ millions)
per 2014-15 Financial Statements
Key Financial Controls (KFC) Identified in the Internal Control over the Financial Reporting Framework (ICFR)
 Access Segregation of Duties Automated Control (system prompts and lookups) Reconciliation Supervisory Review S. 32 S.41 S. 34 Quality Assurance over S. 34 Account Verification S. 33 Monitoring Management Review Supporting Documentation Process Specific Procedures Total
Transfer Payments $247   1Footnote 1   1Footnote 1 2Footnote 1 2Footnote 2   2Footnote 2 1Footnote 1 1Footnote 1   1Footnote 1     11
Payroll $234 3Footnote 1 2Footnote 1   2Footnote 1 3Footnote 2 1Footnote 2   1Footnote 1 4Footnote 1 2Footnote 1         18
Other Expenditures $178                              
Procure to Pay (P2P)
4Footnote 1 2Footnote 1 3Footnote 1 1Footnote 2 1Footnote 1 2Footnote 2 4Footnote 1 1Footnote 1 18
Capital Assets
4Footnote 1 1Footnote 1 1 2       1Footnote 1 2Footnote 1 12
Travel
1Footnote 1 1Footnote 1 1   2Footnote 2   1Footnote 2 1Footnote 1 1Footnote 1 8
Acquisition Cards
        1Footnote 1Footnote *
Financial Close 7Footnote 1 1Footnote 1 10Footnote 1       1Footnote 1 3Footnote 1 1 25
Total KFC in the ICFR $659 19 8 5 3 17 6 1 6 10 5 2 4 2 1 90
Audit Coverage of the Key Financial Controls (KFC) Identified in the Internal Control over Financial Reporting Framework (ICFR)
Direct Assurance (Note 1)Footnote 1 19 8 3 3 12 - 1 1 10 5 3 4 2 - 71
Indirect Assurance (Note 2)Footnote 2 - - - - 3 6 - 5   - - - - - 14
Total Audit Coverage of the KFC 19 8 3 3 15 6 1 6 10 5 3 4 2 - 85
Footnote 1

Note 1 (Direct assurance): These key controls detect errors or control failures in a timely manner, and/or prevent other control failures before they have an opportunity to become material. Therefore, the effectiveness of these key controls is determined through audit tests conducted on these controls.

Return to footnote 1 referrer

Footnote 2

Note 2 (Indirect assurance): The effectiveness of these controls is obtained through audit tests conducted on the key controls noted (either on its own or in combination with other key controls tested). For example, the Quality Assurance over S.34 Account Verification is designed to identify and detect errors or control failures in FAA S.32 and FAA S.34 Certification. As such, an effective QA control provides assurance that a failure in S.32 or S.34 would not result in a material error.

Return to footnote 2 referrer

Footnote 3

denotes control tested as part of this audit, but not included in the ICD monitoring strategy

Return to footnote * referrer

Appendix E – Follow-up on previous year's recommendations

The audit has examined the implementation of the previous year's recommendations and found that management has fully implemented most of the committed actions for recommendations made in the previous year's report. Ongoing risk-based monitoring of management variance review sign-off is expected to begin in FY2016-17.

Recommendations from Previous Years
Recommendations Accountabilities
Recommendation 1 Accountability
Develop and implement controls so that unnecessary specimen signature cards are cancelled on a timely basis. Office of the Chief Financial Officer (OCFO)
Actions Initial Due Date StatusFootnote *
1.1 A message will be sent to all SSC editors to ensure compliance with the current procedures. September 30, 2015 5
1.2 A review of SSC will be conducted to remove any duplicate SSCs. This process will also be included in the SSC annual review exercise. November 30, 2015 5
Recommendation 2 Accountability
Develop and implement controls to reduce errors for acquisition card transactions to an acceptable level. Office of the Chief Financial Officer (OCFO)
Actions Initial Due Date StatusFootnote *
2.1 A quarterly message will be sent to all cardholders regarding errors identified during the quality assurance exercise along with the procedures and instructions to avoid these errors. September 30, 2015 5
2.2 Acquisition card training material will be updated. March 31, 2016 5
2.3 An enforcement strategy will be implemented to ensure compliance. March 31, 2016 5
Recommendation 3 Accountability
Obtain sign-off by cost centre managers with budgetary responsibilities, for the purpose of Financial Administration Act Section 34 post-payroll certification of salary expenses. Office of the Chief Financial Officer (OCFO)
Actions Initial Due Date StatusFootnote *
3.1 The MVR call letter will instruct branches to obtain management sign-offs at the cost centre level. March 31, 2016 5
3.2 An updated management information package will include reference to the TBS guidance requiring FAA Section 34 certification of pay expenditures. March 31, 2016 5
3.3 Ongoing risk-based monitoring March 31, 2017 3
Recommendation 4 Accountability
Develop and implement controls to manage Journal vouchers, in accordance with the departmental Standard on Journal vouchers Office of the Chief Financial Officer (OCFO)
Actions Initial Due Date StatusFootnote *
4.1 Training sessions will be provided to accounting hub staff that process journal vouchers. December 31, 2015 5
4.2   A journal voucher instruction will be distributed to provide detailed guidance on review and supporting documentation requirements. December 31, 2015 5
4.3 Results of tests on journal voucher samples will be shared with PHAC. March 31, 2016 5
Recommendation 5 Accountability
Implementation of procedures for the timely close-out of grants and contributions agreements within GCIMS. Office of the Chief Financial Officer (OCFO)
Actions Initial Due Date StatusFootnote *
5.1 Update Standard Operating Procedures, Financial Management to include close-out procedures in GCIMS March 31, 2016 5
5.2 Training provided to Operations Team within the Centre for Grants and Contributions March 31, 2016 5
Footnote 1

Audit assessment of the implementation status

  1. No progress or insignificant progress
  2. Planning stage
  3. Preparations for implementation
  4. Substantial implementation
  5. Full implementation

Return to footnote * referrer

Appendix F – PHAC responsibilities around key financial controls over payroll and trusted source responsibilities

The tables below presents the control responsibilities of government departments and agencies related to pay administration as defined in the Pay Centre Control Framework, as well as the transactions reviewed by the staffing trusted source and the compensation trusted source

Table 1: PHAC responsibilities for ensuring compliance and overall alignment to government wide standardized common business processes

Pre-payroll

  • Ensuring that the information on staffing requests documentation submitted to the Pay Centre is complete, accurate and that FAA Section 32 is adhered to.
  • Ensuring that FAA Section 34 is adhered to and that an adequate audit trail exists to demonstrate compliance.
  • Processes and controls around the accurate and timely input of employee data.
  • Sending a file to the service provider (SP) that identifies individuals who have Section 34 delegated authority and require access to review and certify time entries.
  • Trusted source is responsible for authenticating the signature of departmental individuals against delegation of authorities prior to sending pay information to the SP.

Payroll

  • Ensuring that FAA Section 33 is adhered to

Post payroll

  • Processes and controls to ensure that posted pay transactions for payment are approved by an individual with the appropriate delegation of authority.

Table 2: Trusted Source responsibilities for review of pay transactions.

Staffing Trusted Source

  • New Hire/Re-hire
  • Transfer-In
  • Extension of Term/Casual
  • Promotion
  • Secondment Agreement
  • Deployment
  • Change in Tenure
  • Dual Employment
  • Dual Remuneration
  • Acting Pay
  • Demotion
  • Conversion
  • Reclassification
  • Lay-Off

Compensation Trusted Source

  • Return from LWOP/Disability
  • Extra Duty Pay (compensatory leave)
  • Leave without Pay for more than 5 days
  • Emergency Salary Advance
  • Voluntary Cash-Out of Vacation and Compensatory Leave
  • Retirement and Acceptance
  • Resignation and Acceptance
  • Medical Retirement
  • End of Term (+ 30 day notice) contract
  • End of Casual/Student contract
  • Lay-Off
  • Dismissal
  • Reimbursement of Membership Fees
  • Leave With Income Averaging
  • Pre-Retirement Transition Leave
  • Performance Pay
  • Isolated Post and Government
  • Vacation Travel Allowance
  • Leave with Pay(for employees who do not have access to PeopleSoft)

Source: Guidelines and Procedures for Interacting with the Public Service Pay Centre and a Trusted Source

Appendix G – List of acronyms

CCM 
Cost Centre Manager
CFO
Chief Financial Officer
OCFO
Office of the Chief Financial Officer
CSB
Corporate Services Branch
FAA
Financial Administration Act
FOD
Financial Operations Directorate
G&C
Grants and contributions
GCIMS
Grants and Contributions Information Management System
HRSD
Human Resource Services Directorate
ICD
Internal Control Division
ICFR
Internal Control over Financial Reporting
IS
Interdepartmental Settlement
JV  Journal Vouchers
MOU
Memorandum of Understanding
MVR
Management Variance Report
NCHRSD
National Centralized HR Services Division
OAE
Office of Audit and Evaluation
OCG
Office of the Comptroller General
OPO
Office of the Procurement Ombudsman
PAYE
Payables at year-end
PHAC
Public Health Agency of Canada
PSPC
Public Services and Procurement Canada
QA
Quality Assurance
RMAD
Resource Management and Analysis Division
SA
Supply arrangement
SO
Standing offer
SoD
Segregation of duties
SP
Service provider
SSC
Specimen signature card
SSP
Shared Services Partnership
TB
Treasury Board
TBS
Treasury Board Secretariat
TS
Trusted source
Footnote 1

Financial Administration Act, section 16.4(1) (a)

Return to footnote 1 referrer

Footnote 2

Total number of specimen signature cards for PHAC, excluding specimen signature cards related to acting positions.

Return to footnote 2 referrer

Page details

Date modified: