Corporate Audit and Evaluation Branch
- Executive Summary
- Focus of the Audit
- Findings, Recommendations and Action Plans
Background: The Charities Directorate in the Policy and Planning Branch is responsible for developing regulatory policies, registering qualified organizations as charities, monitoring reporting requirements, providing advice on operating a charity and coordinating audit and compliance activities. There are 80,000 registered charities in Canada who report $11 billion in donations annually, $5.5 billion of which is claimed by individuals and the remainder is contributed by corporations including public service bodies and non-profit organizations. In fiscal year 2003-2004 the Charities Directorate had a budget of $13,256,000 and an allocation of 210 Full Time Equivalents.
The audit and compliance activities coordinated by the Charities Directorate focus on the charitable status of the organizations and their revenues, CRA programs that focus on donations and related tax credits fall outside the scope of this internal audit. In particular, these other programs include measures that validate charitable contribution credits reported by individuals and corporations as well as programs that focus on tax evasion and the underground economy.
A key element of the Charities Directorate compliance strategy is the on-site audit of selected charities; this work was previously contracted out to Consulting and Audit Canada (CAC). Further to an internal program evaluation, it was decided to repatriate this function within the Agency and the Charities Directorate established a pilot program to have the Compliance Programs Branch (CPB) conduct a proportion of these audits in fiscal year 2003-2004. The supporting activities upon which the charity field audits depend were also included within the scope of the internal audit including; reliability of data, presence of data analysis for trends and risks, effectiveness of workload selection, appropriateness of funding for audit teams, clarity of performance measures, adequacy of training and procedures, and timeliness in communicating audit results.
Objective: The objective of the internal audit was to determine whether the compliance review activity managed by the Charities Directorate is planned and conducted efficiently and effectively.
The examination phase of the audit was conducted between May 2003 and May 2004 covering fiscal year 2001-2002, 2002-2003 and the pilot project carried out in 2003-2004.
Conclusion: Improvements were required in the compliance activities managed by the Charities Directorate to ensure that they are planned and conducted efficiently, effectively and in support of the objectives established. Since May 2004, when the examination phase of the audit ended, the Charities Directorate indicate that they have developed and implemented a number of the measures detailed in action plans that follow.
The transition of field audit work from CAC was supported by a pilot project carried out during fiscal year 2003-2004. The pilots demonstrated a need for additional support, structure and documentation to guide the conduct of the compliance activities and to ensure an effective transition to delivery by Compliance Programs Branch. It was recommended that the organizational structure be formalised, performance measures be elaborated, training be developed and for audit manuals to be prepared.
The audit identified a need to tighten the controls ensuring accuracy and reliability of the information database on charities supporting analysis and workload assignment. It was found that only limited trend analysis was being performed on the financial information reported by charities and there was no structured approach to how periodic or case-by-case analysis should be performed.
File selection bias was identified as a potential issue, a representative of charity audits was reviewed and the charities audit workload selection was found to be free from bias.
The selection of cases for field audit placed a high reliance on ad hoc methods, leads, as well as individual expertise and experience. While the Charities Directorate had pursued a fully automated risk assessment model integrated to their workload selection system to help identify cases for audit that more systematically reflected the risks of non-compliance, no such system was in place.
During the time period of the audit, significant delays in finalizing charity audits and issuing compliance letters to charities were identified. As reflected in the action plans, repatriation of the compliance work within CRA has improved the timeliness of this process.
Action Plans: The Charities Directorate agrees with the findings related to the field audit transition and has taken action to address the recommendations identified through the pilot. On April 1, 2005, the national rollout was completed with additional support, structure and documentation in place.
Actions to develop better tools to identify trends and associated risk factors are either planned or underway. These measures include assessing the differing risks during the life cycle of a charity and creating a system to review all annual information returns (T3010A) data on a regular basis in order to identify and correct any large anomalies.
Improving the data integrity of the charities database and effective monitoring of returns as part of a more sophisticated risk management approach were determined to be priorities under the Regulatory Reform initiative. The Charities Directorate has set up monitoring procedures to ensure that the standards for data accuracy, productivity and time-driven costs in the Service Level Agreement (SLA) with the Ottawa Technology Centre are being attained.
The Charities Directorate has several workload selection initiatives recently implemented or underway and plans to integrate these into an automated risk assessment/workload selection system. The proposed organization structure for the Compliance and Intelligence Division includes a workload development officer position in the Compliance Section whose responsibility will be to develop and manage workload systems.
Standards for the issuance of compliance letters were included in the second Memorandum of Understating between the Charities Directorate and the Compliance Programs Branch finalized in April 2005.
The Charities Directorate is part of the Policy and Planning (P&P) Branch (formerly Policy and Legislation Branch). The mission of the Directorate is to promote compliance with the income tax legislation and regulations relating to charities through education, quality service, and responsible enforcement, thereby contributing to the integrity of the voluntary sector and the social well being of Canadians. In the P&P Branch Business Plan of 2002-2005, the Directorate was shown as having an allocation of 209.5 Full Time Equivalent for fiscal year 2003-2004 with associated salary dollars of $9,656,000 and O&M of $3,600,000.
The mandate of the Directorate is to register and monitor charities, Canadian amateur athletic associations, national arts service organizations and contributions to political parties. The Directorate is responsible for developing regulatory policies, registering qualified organizations as charities, monitoring reporting requirements, providing advice on operating a charity and handling audit and compliance activities. A part of the compliance strategy involves determining the workload selection for charities field audit. Approximately 600 charities are selected for field audit each year. Until recently, field audit activities for charities were contracted out to Consulting and Audit Canada (CAC). A CRA Program Evaluation (March 2000) resulted in an agreement to repatriate the Charity field audit programs from CAC to the Compliance Programs Branch (CPB). Pilot projects were conducted in 2003-2004 in the Southern Ontario and Prairie regions.
Focus of the Audit
The objective of the audit was to determine whether the compliance review activity managed by the Charities Directorate (with assistance by Consulting and Auditing Canada (CAC), and now by Compliance Programs Branch (CPB)) is planned and conducted efficiently and effectively. Specifically, the audit examined all facets of the pilot project and the plans for reintegration of the audit of charitable organizations in CPB.
The examination phase of the audit was conducted between May 2003 and May 2004 covering fiscal years 2001-2002, 2002-2003 and the pilot project carried out in 2003-2004.
The audit involved interviews, enquiries and audit file reviews at Headquarters. Also interviews and visits to pilot sites in Prairie and Southern Ontario Regions were conducted.
Findings, Recommendations and Action Plans
Transfer of the Audit Activity to Compliance Programs Branch
CPB performed charity audits until the end of the 1980's at which time this responsibility was contracted to CAC. A Program Evaluation (PE) Review of the Charities Directorate audit activity (March 2000) concluded that CAC did not have the necessary background to effectively carry out charities audit and that potential savings could be achieved by repatriating these activities in the Agency. The PE report was the basis for the February 2001 decision to move the charity field audit program from CAC to CPB. A pilot project, managed by Charities Directorate, commenced in early 2003 in the Southern Ontario and Prairie Regions as a step to transferring the responsibility of auditing registered charities to designated Tax Service Offices (TSOs) throughout the country.
The responsibility to monitor, and to ensure the audit function achieves its goals, continued to remain with Charities Directorate, Compliance and Intelligence Division (CID). Subsequent to this internal audit, and pursuant to the Regulatory Reform Initiative, the Compliance and Intelligence Division (CID) was separated into two new divisions: the Compliance Division and the Review & Analysis Division.
There were two main organizational structures tested in the pilot project: a centralized approach where all auditors were based in one TSO in the region and a decentralized approach where there were one or two auditors in various TSOs within the region. A review of the results from each method determined that the centralized approach was more efficient for delivering the program and developing a better concentration of knowledge.
Although the overall goal in Charities Directorate and CPB is to achieve compliance with legislation, the measurement of actual compliance rates is difficult. In relation to audit activities for other sectors, CPB evaluates the achievement of their audit programs using criteria or standards that are specific to each program. At the time of the audit, no performance standards were in place to monitor the effectiveness of the compliance activities for charities and to reflect the sector's unique characteristics.
Policies and procedures, communiqués and memoranda related to auditing charities were continually being developed or updated. However, they have not been consolidated into an electronic audit manual that would give charity auditors across the Agency access to all information required to perform a quality audit. In addition, knowledge of charities in the TSOs is not current. At the time of the audit, no organized documented approach to training had been developed to support auditors in this sector. Such an approach would ensure that there is a continuous supply of knowledgeable auditors and team leaders; audit policies and procedures are known and consistently applied throughout the Agency; new and emerging issues are communicated to, and understood, by the charity auditors.
The scope of audits performed by CAC was restricted to the information held by the charities themselves. CAC auditors did not have access to various Agency databases. It is expected that the scope of the audits performed by CPB will be broader because the auditors will have access to CRA databases on a need to know basis. The CAC auditors were given, on average, 42 hours to complete a restricted audit. Given the broader audit scope, the standard hours required to complete a fully satisfactory audit by CPB charity auditors would be greater.
Charities Directorate should:
- Effectively organize its field audit activities in the regions to ensure successful rollout and delivery of compliance activities for charities.
- Develop and implement performance standards to measure the effectiveness of the compliance activities for charities. Standards should also address the efficiency of the audit activities by determining an appropriate target for the number of hours to perform an audit.
- Develop and implement a national training plan that will meet the needs of auditors and team leaders and address the new and emerging issues affecting the charities sector and compliance risks.
- Formalize and implement an audit manual to provide appropriate guidance and methodology to charities auditors. The manual and key policies and procedures should be available electronically.
The Charities Directorate agrees with these findings and has taken action to address the recommendations. As of April 4th, 2005, the national rollout was completed, and the various elements cited above were put in place.
The recommendations have been addressed in recent negotiations with the Compliance Programs Branch (CPB) with the following results:
- In relation to regional structure, responsibilities were concentrated in a small number of TSOs based on the directorate's assessment and monitoring of the pilot.
- With regard to measurement criteria, and in an effort to assess overall compliance and coverage levels, the Directorate is currently developing a Results-based Management Accountability Framework. Completion of the framework is expected in early 2005-2006. A draft proposal for the monitoring and quality assurance program as well as detailed measurement criteria to evaluate the success of the charity audit function have been produced. They will be sent to CPB for comment before being sent to Charities Directorate management at HQ by May 2005.
- An audit manual, based largely on the training material will be completed and circulated electronically to all parties by June 30th, 2005.
- Following negotiations with CPB, the standard hours per audit has been set at 55 hours per case.
- Training sessions have been held in August, September, and October 2004. Workshops for NORO and Atlantic Region auditors as well as new auditors and those requiring refresher courses commenced in April 2005, in conjunction with the national rollout.
Current and future training needs will be addressed in a formal training plan to be available at the end of June 2005. The training will be provided on an "as required" basis in a modular format, specifically oriented to the training needs of the auditors, and based on a training manual that has been updated and includes the legislative changes arising from the Regulatory Reform Initiative.
- The development of a communication plan, by June 2005, to ensure that field auditors and their managers receive continuous and current information on policies, procedures, and emerging issues.
The amount of tax receipts issued has increased significantly over the last 10 years (charitable donations claimed have doubled). Some of the increase is due to legislative changes that sanctioned items such as gifts of public shares or cultural and ecological properties, while some the remainder can be attributed to the growth of schemes falling within the scope of CID and CPB's Tax Avoidance Division. Early identification of these schemes is essential to ensuring effective enforcement of compliance to legislation.
Line 100 on the Registered Charity Information Return T3010A represents the total amount of tax receipts issued in the Charity's fiscal year. Trend analysis of line 100 would contribute to the timely detection of these schemes and prevent or reduce the potential loss of revenue. Although there is some informal analysis performed, there is no structured and documented approach to perform annual or case-by-case analysis. There are areas within the Agency (Compliance Research Strategic Analysis Division and Statistical Services) that have the expertise to support in-depth analysis.
Charities Directorate should develop an analytical framework whereby it is able to identify the yearly fluctuations in Line 100. This would facilitate the identification of schemes at the earliest possible time to reduce the revenue at risk.
We agree that year-to-year increases to line 100 are a potential risk factor. The Charities Directorate does take an interest in major fluctuations in individual organizations to identify trends and the development of schemes, including increases to line 100. CID currently uses manual systems to detect and act on them. The actions below are underway or planned to develop better tools to identify trends and associated risk factors:
- The Risk Management Unit will utilize business intelligence and research concepts to develop key risk factors to assess risk during the life cycle of a charity. This permanent Unit will ensure ongoing monitoring and updating of risk-related factors.
- Corporate and Information Programs Division (CIPD) is evaluating a system to review all T3010A (annual information returns) data on a regular basis in order to identify and correct large anomalies. This will result in improved data integrity and increase the accuracy of information used to perform trend analysis, and in the automated audit file selection process.
- The Government of Canada accepted Recommendation 65 of the Joint Regulatory Table's final report (Strengthening Canada's Charitable Sector, Regulatory Reform, March 2003) that stated: "the regulator should conduct research into the feasibility of a system to control the issuing of official donation receipts and report its findings to the ministerial advisory group within two years." Research proposals are currently being sought in relation to this three-year initiative. The Directorate's recommendations will be based on this research and will be presented to the Charities Advisory Committee at the end of the second year for comment.
Monitoring Ottawa Technology Centre Contract Service Level Agreement
Since April 2003, the Ottawa Technology Centre (OTC) has been required to input the T3010A Charities Information Return into the charities database under a Service Level Agreement (SLA) with the Charities Directorate. A portion of the return information is posted from this database to a charities Internet site to provide access to external users. The information OTC captures from charity returns is required to support risk assessment and other analysis as part of audit file selection.
Monitoring data input is essential to ensuring that the information entered can be relied on. The Charities Directorate estimated the error rate of the Charities Assessment and Registration Environment database from previous years in the 15-17% range. Periodic data integrity tests were performed and the 2003-2004 SLA includes data input accuracy rates to be attained by the OTC. No effective documented procedures were in place at the OTC or in the Charities Directorate to ensure data integrity, to make certain accuracy rates are achieved and no evidence that corrective measures were implemented in a timely manner.
The Charities Directorate needs to reinforce the importance of accuracy levels for data input by the OTC to be monitored and reported as per the agreement between the two organizations.
In February 2004, a random sampling by the Operations Division of keyed returns identified a high-level of keying errors. As a result, the following steps were taken:
- A random sample of electronic annual information returns will be selected on a bi-annual basis and compared with hardcopy returns. The CRA's Statistics Division will assist in developing the methodology for random sampling. Ongoing data integrity tests will be performed on a biannual basis.
- The results of these analytical findings will facilitate negotiations between the Charities Directorate and the Ottawa Technology Centre, and improve the integrity of the data in CARE.
Integrity of Charities Assessment and Registration Environment (CARE) Data
The Charities Assessment and Registration Environment, CARE, is the database that contains the registration and charity return information. Before a return is accepted into CARE, electronic verification checks ensure that certain fields on the charity return are correctly completed by the registrant and the information is entered into the system without error. Reports are regularly received to identify any verification checks that have been flagged.
A risk management approach was incorporated to identify verification checks of particular importance to the Charities Directorate. There are procedures in place to ensure that errors found with the verification checks are promptly addressed.
The verification checks were occasionally turned off in the past due to overwhelming backlogs rather than adjusted to balance risk to available resources. These verification checks are a vital part of ensuring the integrity of the data system. Their maintenance and continued operation is critical in ensuring the risk assessment performed is utilizing accurate information.
The Charities Directorate needs to take appropriate steps to ensure that the control feature(s) being used to confirm that data is reliable when being inputted into the CARE system operates as intended.
More effective monitoring of returns as part of a more sophisticated risk management approach is a priority under the Regulatory Reform initiatives. Electronic verification is more commonly referred to as a "flagging system" in CARE. The flagging system was developed to assist officers in the identification of errors or omissions of information on the T3010 Information Return. Although the verification checks have been turned off in the past, these checks still remain in the CARE system from which reports can be produced on demand. Due to a lack of resources, the Charities Directorate staff was not able to address all of the errors/omissions.
- The review of the "flagging system" is one of the priorities of staff in the Risk Management Unit, in conjunction with the Compliance Section and the Returns Section. This activity will determine the usefulness of each of the flags and how they can best be utilized to identify charities that require scrutiny. The work began in March 2005.
- This work is directly tied to a number of initiatives being undertaken by the Risk Management Team and the Monitoring program. Workshops and consultations are underway and the results of this work will directly impact some of the flags presently on the system. Further to this work, a more in-depth study of the remaining flags will be conducted.
- Returns Section is developing a monitoring program to review and re-organize their workload activities. Staff will perform pro-active functions such as the review of objects and activities, the verification of documentation on file, the follow-up on outstanding issues, and the issuance of educational letters to clients regarding the completion of their annual information returns.
Workload File Selection
File selection for audit workload is mainly based on leads received and examined. Identification of irregular items flagged and random selection are also used to establish workloads. However, there are no documented procedures in place to identify the risk variables used in choosing files for audit or to support the allocation of resources.
During the course of the audit, testing was performed to determine if there was any bias in the selection of files for audit. While file selection was found to be largely intuitive, there was no evidence of bias in selecting prospective files for enforcement actions.
Developing and documenting a workload selection methodology would largely eliminate the potential for bias and formally introduces an organized risk assessment approach on which to base the selection of audit files.
The Charities Directorate should develop a fully automated risk assessment/workload selection system that integrates both generated workload and leads from all sources, and provides for tracking and reporting of results from all compliance activity.
Several initiatives are underway or have been recently implemented in the Charities Directorate that will be considered and integrated into a comprehensive automated risk assessment/workload selection system. In addition, the proposed new organization structure for CID includes a workload development officer position in the Compliance Section whose responsibility will be to develop and manage workload systems. The other initiatives that are underway include:
- Development of an informant lead tracking and reporting system in conjunction with CPB Investigations Directorate, and modifications to the existing Compliance Section audit tracking system to include recording, tracking and reporting of all leads by type and disposition. Completion of this work is scheduled for June 30, 2005.
- The newly created Risk Management Unit, another Regulatory Reform initiative, will utilize business intelligence and research concepts to develop key factors to assess risk during the life cycle of a charity. In addition, this permanent Unit will ensure ongoing monitoring and updating of risk factors. These risk factors will also be considered in the Audit File Selection profiles.
Issuance of Compliance Letters
When finalizing an audit, CID prepares letters to the auditees, such as the Administrative Fairness Letters (AFL's), when compliance concerns are discovered. It was Charities Compliance Audit Advisors' responsibility to review the audit and send out the necessary letters since CAC did not have the authority to issue these letters. Some letters were not completed within a reasonable period that would emphasize to the registrant the significance of the compliance concerns.
Given the transfer of audit responsibilities to CPB auditors, they will have the authority to prepare the compliance letters. This will alleviate some of the timing problems that have occurred.
Completing the audit file and addressing any concerns through the compliance letters, within a reasonable timeframe, enhances the importance of compliance to the charity.
Charities Directorate should ensure that compliance letters are issued in a timely manner and develop standards accordingly.
A compliance letter can be an AFL, an education letter, a letter of undertaking or a letter advising the charity that there were no non-compliance issues.
The remedial actions are described below as a two-part process -- standards to conduct the audits and standards for the issuance of compliance letters.
- As part of the Directorate's transfer of the field audit function to Compliance Programs Branch, a revised memorandum of understanding (MOU) is currently being finalized with CPB. This MOU will include standards for the completion of audits (55 hours per audit) that include sending the appropriate compliance letters to charities.
- The MOU will also state that the objective is to complete the entire audit process and respond to the charity within 180 days. TSOs will be required to provide quarterly reports to management on files that remain incomplete at the 180-day point; these will include a description of the issues involved, an action plan and an expected completion date.
- Consulting and Audit Canada auditors are being contracted, as funding permits, to supplement Directorate staff to work on the existing case backlog and to complete the audit files.
The Income Tax Act provides for limited enforcement tools that can be used to encourage compliance to those Registered Charities that are noncompliant. Essentially, revocation of the registration of a charity is the only action that can be taken by CRA for infractions that are minor or major.
The Federal Budget of March 23, 2004 proposed to introduce a new compliance regime for charities. The proposal suggested escalating sanctions instead of the use of revocations for minor infractions.
Improvements were required in the compliance activities managed by the Charities Directorate to ensure that they are planned and conducted efficiently, effectively and in support of the objectives established. Since May 2004, when the examination phase of the audit ended, the Charities Directorate further developed and implemented a number of these measures.
The audit identified issues that need to be addressed to ensure an effective transition of the field audit function of the Compliance Section from CAC to CPB in the Tax Services Offices. These included the need to formalize the organizational structure, the elaboration of performance measurement, the need for training, and audit manual preparation.
The audit also identified a need to improve the procedures taken to ensure accuracy and reliability of the of the information database on charities and to effectively support workload development. Furthermore, a fully automated risk assessment model integrated to a workload selection system is required to support a systematic approach to ensuring compliance in the charities.
There is limited trend analysis performed on tax receipts issued. There is no structured and documented approach to perform an annual or case-by-case analysis.
During the period under review, the finalization of audits and issuance of compliance letters were not done efficiently and effectively to ensure the Charity registrant understands the importance of complying to tax legislation.
Report a problem or mistake on this page
- Date modified: