Audit of the Interdepartmental Settlements Process

Internal Audit and Evaluation Bureau Final Report Approved

Table of Contents

Statement of Conformance

The Internal Audit and Evaluation Bureau has completed an audit of the interdepartmental settlements process. This audit conforms with the Internal Auditing Standards for the Government of Canada, as supported by the results of the Bureau’s quality assurance and improvement program.

Executive Summary

Background

An interdepartmental settlement (IS) is a financial transaction that occurs between two federal government departments and agencies. It is a non-cash transaction—no cash is exchanged. Using a processing mechanism unique to the Government of Canada, a financial entry is created so that departments can transfer incurred costs between one another or collect revenue from one another. The associated financial entries are then recorded in each department’s financial system and reflected in their financial statements and in the Public Accounts of Canada. IS transactions have a significant impact on the Treasury Board of Canada Secretariat’s (the Secretariat’s) financial statements, given the high dollar value associated with these transactions.

At the Secretariat, responsibility for processing IS transactions rests with the General Accounting Services group of the Corporate Services Sector’s Financial and Procurement Operations Directorate (FPOD). This group relies heavily on the automated functionality that FPOD’s Corporate Systems group has configured in the Secretariat’s departmental financial system. That functionality minimizes the manual intervention required to process an IS transaction.

Objectives and Scope

The objectives of the audit were as follows:

  • To assess the adequacy and effectiveness of the management of interdepartmental settlements at the Secretariat;
  • To determine whether the IS process and the Secretariat’s departmental financial system support the efficient and effective management of interdepartmental settlements; and
  • To ensure that adequate information technology (IT)-dependent manual controls and application controls are in place to maintain data integrity.

The audit focused on the automated and manual business processes and activities for processing IS transactions in the Secretariat. The review of the management control framework included the following components: accountability, roles and responsibilities; departmental policies, directives, procedures and guidelines, including compliance with applicable legislation, policies and directives; and monitoring and reporting.

The examination phase was conducted from to . A stratified random sample of IS transactions performed from , to , was selected for testing purposes. Operational and system documentation that was in effect at , for processing IS transactions was also included in the audit. Information received before this report was finalized was also considered and incorporated when appropriate.

Key Findings

The main audit findings are as follows:

  • Accountabilities, roles and responsibilities related to IS transaction processing have been clearly defined in approved work descriptions of General Accounting Services employees.
  • A variety of detailed procedural documents, which were found to be generally compliant with authorities, have been developed to provide relevant and useful guidance for employees. However, some procedures overlapped and some were still in draft form. In addition, although those documents set out some roles and responsibilities, they do not describe certain key control functions, such as the appropriate financial officer oversight described in work descriptions. Similarly, no procedural documents related to strategic monitoring and reporting existed.
  • An appropriate level of tracking and monitoring occurred at the transaction level, particularly in that financial authority from appropriate fund centre managers was obtained for the receipt of goods or services. However, limited monitoring and reporting was done at a strategic level, which would have allowed for the identification of trends and systemic issues.
  • With the exception of salary transactions for the period tested, the business processes for IS transactions were designed to leverage the efficiencies configured in the Secretariat’s departmental financial system, and minimal manual intervention was required. The audit team was informed that the automated process for IS transactions related to salary has since been adopted for 2012–13 to leverage system efficiencies.
  • The effectiveness of each business process varied among the categories of transactions that were examined. Specifically, transactions related to salaries and goods and services were generally effective. However, because of insufficient supporting documentation, the audit team was unable to fully test transactions related to employee benefits and pensions, and Canada Revenue Agency tax transactions. As a result, the audit was unable to conclude on the effectiveness of these transactions.
  • Key IT-dependent manual controls and application controls were adequately documented and were operating effectively to maintain data integrity.
  • Although, as noted above, adequate key IT controls existed, potential segregation of duties conflicts were identified that may pose a moderate risk of material error. There was no record of senior management approvals for the creation of roles where potential segregation of duties conflicts existed and no documentation explained the risk-mitigation measures for existing conflicts.

Conclusion

We conclude with a reasonable level of assurance that most elements of the management control framework were in place to support the effective administration of interdepartmental settlements. Overall, the business processes for IS transactions relating to salary and to goods and services were efficient and effective. In addition, the Secretariat’s departmental financial system effectively and efficiently supported IS processes.

However, commensurate with management’s assessment of risk, four recommendations were made:

  1. Review IS business procedural documents to ensure that they are streamlined, complete, formally approved and implemented;
  2. Formally define and implement strategic monitoring and reporting strategies relative to management’s risk-based approach in support of IS activities;
  3. Establish supporting documentation requirements for IS transactions relating to employee benefits and pensions and for Canada Revenue Agency tax-related IS transactions; and
  4. Review the roles in the Secretariat’s departmental financial system to ensure that there are no conflicts in the segregation of duties and that any existing conflicts and the resulting risk-mitigation processes are approved.

The audit team also identified opportunities for efficiency gains and shared these with management.

The Secretariat has developed a management response, which is presented in Appendix A.

1. Introduction

1.1 Description of an Interdepartmental Settlement

An interdepartmental settlement (IS)1 is a financial transaction that occurs between two federal government departments and agencies. It is a non-cash transaction—no cash is exchanged. Using a processing mechanism unique to the Government of Canada, a financial entry is created so that departments2 can transfer incurred costs between one another or collect revenue from one another, and the associated entries are recorded in each department’s financial system and reflected in their financial statements and in the Public Accounts of Canada.

1.2 Interdepartmental Settlement Transactions at the Treasury Board of Canada Secretariat

Overview of the Secretariat’s IS Transactions

IS transactions have a significant impact on the Secretariat’s financial statements.

Table 1: Profile of 2011–12 IS expenditure transactions
IS Transaction Category IS Expenditure Amount Percentage of IS Expenditure Amount Number of IS Expenditure Transactions Percentage of IS Expenditure Transactions
Operations
(salary and goods and services)
$38,783,913 0.8% 4,575 78.2%
Employee Benefits and Pensions $4,954,747,127 99.0% 1,064 18.2%
Other
(e.g., Canada Revenue Agency tax-related)
$1,198,318 0.2% 209 3.6%
Total $4,994,729,358 100% 5,848 100%
Table 2: Profile of 2011–12 IS revenue or recovery transactions
IS Transaction Category IS Revenue or Recovery Amount Percentage of IS Revenue or Recovery Amount Number of IS Revenue or Recovery Transactions Percentage of IS Revenue or Recovery Transactions
Operations
(salary and goods and services)
$15,514,796 0.4% 2,569 56.1%
Employee Benefits and Pensions $3,950,954,797 99.0% 1,893 41.5%
Other
(e.g., Canada Revenue Agency tax-related)
$23,301,956 0.6% 104 2.3%
Total $3,989,771,549 100% 4,566 100%

The figures for volume and dollar value in Table 1 and Table 2 are similar to those for 201011.

Overview of Secretariat’s IS Processes

The General Accounting Services group of the Corporate Services Sector’s (CSS’s) Financial and Procurement Operations Directorate (FPOD) is responsible for processing IS transactions in the Secretariat’s departmental financial system (i.e., IFMS-SAP).3 In order to process these transactions, fund centre managers must provide the General Accounting Services group with the appropriate authorization under section 34 of the Financial Administration Act4 and with the appropriate documentation.

In addition, FPOD’s Corporate Systems group is responsible for the development and operations of IFMS-SAP. This system’s automated matching (auto-matching) capability is heavily relied on for processing IS transactions because it minimizes manual intervention by General Accounting Services employees.

Appendix B contains detailed explanations of how IS transactions are processed at the Secretariat, including the auto-matching process.

Example of How Auto-Matching Works

The Canada School of Public Service, the other government department (OGD) in this example, needs to recover $700 from the Secretariat for a course taken by a Secretariat employee. The Secretariat creates a fund commitment document5 with the appropriate financial coding, including the fund centre, in IFMS-SAP for the $700 expected expense.

This fund commitment document number is given as part of the reference coding that the Secretariat provides to the OGD. The OGD initiates6 an IS transaction to recover the $700, which is then transmitted electronically to the Secretariat via the Public Works and Government Services Canada Standard Payment System. The Secretariat receives the electronic transmission, and IFMS-SAP runs an automated process using the reference coding to match the $700 IS transaction to the fund commitment document.

If the reference coding from the OGD and the fund commitment document number match, the $700 expense is recorded as per the fund commitment document coding in IFMS-SAP.

If the reference coding from the OGD and the fund commitment document number do not match, the IS transaction is posted to the Secretariat’s IS suspense account7 for further research and reallocation by the General Accounting Services group.

Processing Streams for Interdepartmental Settlements

At the Secretariat, IS transactions fall into three processing streams:

  1. Initiation of accounts receivable invoices to recover expenditures incurred by the Secretariat (e.g., recovery of salary costs charged to the Secretariat for an employee transferred to an OGD but whose pay files were not yet transferred);
  2. Automated allocation of expenditures or revenue transactions that were initiated by an OGD using the auto-matching capability in IFMS-SAP; or
  3. Manual reallocation of expenditures or revenue transactions from an IS suspense account.

2. Audit Details

2.1 Authority

The audit of the IS process is part of the Secretariat’s approved three-year risk-based audit plan 2011–14.

2.2 Objectives and Scope

The audit objectives were as follows:

  • To assess the adequacy and effectiveness of the management of interdepartmental settlements at the Secretariat;
  • To determine whether the IS process and the Secretariat’s departmental financial system (i.e., IFMS-SAP) support the efficient and effective management of interdepartmental settlements; and
  • To ensure that adequate information technology (IT)-dependent manual controls8 and application controls9 are in place to maintain data integrity.

The audit focused on the following elements of the Secretariat’s management control framework:

  • Accountability, roles and responsibilities;
  • Departmental policies, directives, procedures and guidelines, including compliance with applicable legislation, policies and directives;
  • Monitoring and reporting.

The audit examined the automated and manual business activities for processing IS transactions at the Secretariat, which included a review of the following:

  • Journal vouchers that were created to clear a transaction from the IS suspense accounts;
  • Clearing entries that were created through the automated process;
  • IT-dependent manual controls and application controls;
  • Segregation of duties controls in IFMS-SAP; and
  • Specific components of IFMS-SAP used to support the processing of IS transactions.

Details on the audit criteria can be found in Appendix C.

Scope Exclusions

The audit excluded the following:

  • Accountability, roles, responsibilities and activities of Secretariat employees outside of FPOD;
  • Journal vouchers that were created to correct internal financial transactions, other than those related to the clearance of the IS suspense accounts, as mentioned above;
  • The journal voucher component of the Secretariat’s departmental financial system, because many other types of journal voucher processes affected were outside the scope of this audit;
  • Transactions to set up fiscal year-end payable or receivable accruals, because the IS transactions to clear the accrual records were included in the sample data; and
  • IS transactions processed by the General Accounting Services group for the Department of Finance.10

2.3 Lines of Enquiry

The audit had three lines of enquiry:

  1. Elements of a management control framework11 are in place for administering interdepartmental settlements at the Secretariat;
  2. The business processes for IS transactions are efficient and effective;12 and
  3. The Secretariat’s departmental financial system (i.e., IFMS-SAP) efficiently and effectively13supports the IS business processes.

The audit criteria used to assess each line of enquiry are presented in Appendix C.

2.4 Approach and Methodology

The audit approach and methodology was risk-based and conformed with the Internal Auditing Standards for the Government of Canada. These standards require that the audit be planned and performed in such a way as to obtain reasonable assurance that the audit objectives were achieved.

The audit included various tests and procedures considered necessary to provide such assurance, including the following:

  • Review of applicable legislation, policies, procedures and other information related to IS processes;
  • Interviews with management and staff of the General Accounting Services and the Corporate Systems groups;
  • Validation and assessment of the management control framework elements, as described in the scope;
  • Walk-throughs to observe the processes and controls for initiating, processing and clearing IS transactions;
  • Detailed testing of a stratified random sample14 of 100 IS transactions to determine whether the processes for IS expenditures, revenues and recoveries, as well as for the clearing of IS suspense accounts, complied with the applicable authorities; and
  • Validation and assessment of the IT controls and functionality for the specific components of IFMS-SAP related to IS processes.

The examination phase was conducted from to . A stratified random sample of IS transactions performed from , to , was selected for testing purposes. Operational and system documentation that was in effect at March 31, 2012, for processing IS transactions was also included in the audit. Information received before this report was finalized was also considered and incorporated when appropriate.

3. Audit Results

3.1 Line of Enquiry: Management Control Framework for Administering Interdepartmental Settlements

The Secretariat has most elements of a management control framework in place for administering interdepartmental settlements.

The audit examined three specific elements of the management control framework:

  1. Whether accountabilities, roles and responsibilities related to interdepartmental settlements processes were clearly defined and communicated;
  2. Whether policies, directives and procedures related to interdepartmental settlements were formally developed, maintained, available, communicated and compliant with authorities as applicable; and
  3. Whether an effective monitoring and reporting mechanism for interdepartmental settlements was in place.

3.1.1 Accountabilities, Roles and Responsibilities

The accountabilities, roles and responsibilities related to IS transaction processing were clearly defined in approved work descriptions of General Accounting Services employees. In addition, some roles and responsibilities were articulated in procedural guidance documents used by General Accounting Services employees who have a role in processing IS transactions.

The audit found that General Accounting Services employees generally understood and performed the assigned roles and responsibilities. However, opportunities exist to align roles in procedural documents with those described in employees’ work descriptions, particularly in areas where oversight of more complex transactions is required. For example, financial officers’ review responsibilities are described in detail in work descriptions but not in procedural documents. Such alignment will help mitigate errors that could result from key control processes not being performed or being performed incorrectly.

3.1.2 Departmental Policies, Procedures and Guidelines

General Accounting Services had developed and disseminated a variety of procedural documents to guide employees in processing IS transactions. These documents generally complied with the authorities that guide the processing of these transactions, and many contain detailed information, including screenshots of particular steps, that provide relevant and useful guidance for employees.

However, the procedural documents did not outline the review role that is to be carried out by financial officers under section 33 of the Financial Administration Act15 as part of exercising due diligence. There is an opportunity to more precisely define these roles in relation to IS transactions to ensure that reviews are performed with a comparable amount of rigour to the risk identified by management.

The audit found some overlap among the many procedural documents, including several that were awaiting approval. It also found gaps in the documentation for monitoring and reporting activities, as well as for the review activities of financial officer, as mentioned above. The procedural documents must be reviewed for completeness and streamlined, where possible.

Recommendation

It is recommended that the Assistant Secretary, Corporate Services, review IS business procedural documents to ensure that they are streamlined, complete, formally approved and implemented.

Priority ranking: Medium

3.1.3 Monitoring and Reporting

The Directive on Account Verification, the Directive on Expenditure Initiation and Commitment Control, the Directive on Payment Requisitioning and Cheque Control and the Directive on Delegation of Financial Authorities for Disbursements include requirements for monitoring and reporting activities.

The audit team therefore expected to find procedural documents that identified the approach for ongoing monitoring and reporting of IS transactions (e.g., error rates and control issues). In addition to meeting policy requirements, such an approach helps identify the root causes of issues and resolve them at the source, and helps mitigate recurring problems.

The audit found that an appropriate level of tracking and monitoring occurred at the transaction level, particularly in obtaining financial signing authority from the appropriate fund centre manager to confirm receipt of goods or services (i.e., section 34 of the Financial Administration Act was complied with). The audit team found evidence that General Accounting Services employees followed up with the appropriate fund centre managers to resolve any errors and issues as they occurred.

However, the audit also found limited monitoring and reporting at a strategic level. The audit team was informed that two reports were shared with the Deputy Chief Financial Officer as part of the monthly review of the financial statements, but these reports did not allow for the identification of trends and systemic issues.

Enhanced strategic monitoring and reporting would help identify trends and systemic issues, and would thereby mitigate the risk of non-compliance with financial authorities and the risk of errors in the Secretariat’s financial statements (e.g., constant errors from a fund centre or an OGD). Because the processing of IS transactions relies heavily on technology and involves minimal manual intervention, there is an opportunity for a more robust approach to strategic monitoring and reporting that would ensure that issues, trends and major errors can be identified and resolved quickly.

Recommendation

It is recommended that the Assistant Secretary, Corporate Services, formally define and implement strategic monitoring and reporting strategies relative to management’s risk-based approach in support of interdepartmental settlement activities.

Priority ranking: High

3.2 Line of Enquiry: Efficiency and Effectiveness of Interdepartmental Settlements Business Processes

Some IS business processes16 were considered efficient because their design leveraged efficiencies configured in the Secretariat’s departmental financial system and thereby optimizes the use of resources.

The effectiveness of IS business processes varied depending on the category of the transaction.

The audit examined efficiency from the perspective of whether the business process design made optimal use of resources and took full advantage of IFMS-SAP functionality related to IS transactions to achieve results.

Effectiveness was reviewed from three perspectives:

  1. Whether General Accounting Services employees understood and complied with documented policies, processes and procedures;
  2. Whether there was evidence of business process approvals (e.g., financial signing authority approval); and
  3. Whether the process was monitored and whether deviations were reported to FPOD management in a timely manner.

A stratified random sample of transactions for each of the following three business processes was tested for efficiency and effectiveness:

  1. IS payables;
  2. IS receivables; and
  3. Clearing of the IS suspense accounts.

The sample of transactions was further divided into five main transaction categories: goods and services transactions, salary transactions, employee benefits and pension transactions, Canada Revenue Agency tax-related transactions, and parking fee revenue-related17 transactions.

Note: The efficiency and effectiveness of IFMS-SAP in supporting IS business processes are presented in Section 3.3.

3.2.1 Efficiency of Interdepartmental Settlements Business Processes

Overall, the business processes for IS transactions are designed to leverage efficiencies configured in the departmental financial system through the use of auto-matching. Auto-matching matches an OGD-initiated IS transaction to a fund commitment or to an IS Coding Key Table item, using minimal manual intervention. In most cases, efficiencies were achieved because auto-matching was standard practice and because transactions were processed with no time lags.

At the time of the audit, the business process for salary expenditure transactions did not use the automation in the system; however, the audit team was informed that this efficiency has been adopted for the 2012–13 fiscal year. Even with this recent change, business process efficiencies could be further improved by taking full advantage of departmental system reports, as described in Section 3.3.1.2.

When manual intervention was required, such as in salary transactions, IS transactions were cleared from the suspense account on time (within 30 days, as required in the Directive on Account Verification).

In identifying potential opportunities to increase efficiencies, the audit examined the volume and nature of the transactions that required manual intervention.

Specifically, manual intervention occurs when IS transactions initiated by OGDs do not contain the appropriate reference coding information that would enable them to be processed using auto-matching. In such cases, IS transactions are posted to an IS suspense account and the General Accounting Services group must manually intervene.

As part of the testing of IS suspense account transactions, the audit team looked at 3,047 transactions from 2010–11 and 2,126 transactions from 2011–12.18 Based on the audit team’s analysis of a random sample of 25 IS suspense account transactions, posting occurred for a variety of reasons: the Secretariat had not set up fund commitments or IS Coding Key Table items, the Secretariat had failed to communicate the appropriate reference coding to the OGD, the OGD had used the reference coding incorrectly, or the IS transaction exceeded the amount of the fund commitment in IFMS-SAP.

Improved use of fund commitments and of the IS Coding Key Table, including the communication of reference codes to the OGD, would further increase efficiency by allowing more auto-matching to occur, thereby reducing the level of manual intervention.

3.2.2 Effectiveness of Interdepartmental Settlements Business Processes

During the analysis of transaction testing results, the audit team found that the effectiveness of each business process varied among the different categories of transactions. Audit results are therefore presented by issue and transaction category, rather than by business process.

3.2.2.1 Salary Transactions and Goods and Services Transactions

A random sample of 20 salary transactions (8 expenditures and 12 recoveries) was tested, as well as 34 goods and services transactions (27 expenditures and 7 recoveries).

The official accounting services files contained sufficient documentation to enable the audit team to fully test controls for salary transactions. However, for 10 goods and services transactions, the documentation in the official accounting services files was insufficient to enable the audit team to fully test controls. For example, the team expected the files to contain a memorandum of understanding with the OGD, but they did not.

Nevertheless, there was sufficient evidence and information to conclude on the effectiveness of the business process. Specifically, the IS business processes for transactions relating to salary and to goods and services were effective. Process controls, such as verification of supporting documentation for each transaction, were generally in place to ensure compliance and were working as intended. For IS receivable transactions dated before , the audit found a lack of financial officer review. However, the level of financial officer review for these transactions improved after as a result of procedural changes implemented in General Accounting Services. There was no financial officer review of most auto-matched transactions.

3.2.2.2 Employee Benefits and Pensions Transactions and Canada Revenue Agency Tax-Related Transactions

A random sample of 30 employee benefits and pension transactions (23 expenditures and 7 recoveries) was tested. The official accounting services files contained insufficient documentation to enable the audit team to fully test controls for 26 of these transactions. Similarly, of the 15 Canada Revenue Agency tax-related expenditure transactions randomly selected for testing, the official accounting services files contained insufficient documentation for control testing.

The majority of employee benefits and pension transactions were auto-matched, and the amounts of the transactions were recorded in the financial system using the coding identified in the IS Coding Key Table. The audit found that these transactions were auto-matched, as expected. However, without sufficient documentation in the official accounting services files, it was impossible to test controls (e.g., appropriate amount recorded, appropriate financial signing authority approvals obtained, appropriate financial coding used).

For Canada Revenue Agency tax-related transactions, there was evidence of reconciliation of the tax information. However, the specific amounts sent to the Agency were not supported by reconciliations on file or by supporting documentation.

As a result, the audit team was unable to provide assurance on the effectiveness of the IS business processes for these categories of transactions, which have a material impact on the Secretariat’s financial statements. In addition, the audit team was unable to assess whether process controls were in place and were working as intended to ensure compliance. Hence, the Secretariat is not in a position to sustain a control-based audit of its financial statements, and there is a potential for error in those statements.

Issues relating to the supporting documentation to be kept in accounting services files and relating to the processing of these transactions were raised with CSS during the course of the audit. Subsequently, CSS and the Pensions and Benefits Sector19 have made efforts to ensure that the official accounting services files contain sufficient documentation and financial signing authority approvals.

Recommendation

It is recommended that the Assistant Secretary, Corporate Services, establish supporting documentation requirements for IS transactions relating to employee benefits and pensions and for Canada Revenue Agency tax-related IS transactions.

Priority ranking: High

3.3 Line of Enquiry: Efficiency and Effectiveness of Secretariat’s Departmental Financial System in Supporting Interdepartmental Settlements Business Processes

The Secretariat’s departmental financial system (i.e., IFMS-SAP) efficiently and effectively supports IS business processes.

The audit examined five areas to determine the effectiveness and efficiency of IFMS-SAP:

  1. Whether adequate IT-dependent manual controls were in place to maintain data integrity during IS transaction processing;
  2. Whether adequate application controls were in place to maintain data integrity during automated processing of IS transactions;
  3. Whether the system efficiently supported IS transaction processing;
  4. Whether the segregation of duties was appropriate; and
  5. Whether system reports were available, effective and used efficiently.

Efficiency was reviewed from two perspectives:

  1. Whether the system efficiently supported IS transaction processing; and
  2. Whether system reports were used efficiently.

Effectiveness was reviewed from four perspectives:

  1. Whether adequate IT-dependent manual controls were in place;
  2. Whether adequate application controls were in place;
  3. Whether appropriate segregation of duties was established; and
  4. Whether systems reports were available and effective.

3.3.1 Efficiency of Secretariat’s Departmental Financial System

3.3.1.1 Secretariat’s Departmental Financial System Supports IS Transaction Processing

The audit found that IFMS-SAP was designed to achieve efficiencies through the automation of the processing of inbound IS files (i.e., auto-matching). Specifically, this design minimizes posting to the IS suspense account, which requires subsequent manual interventions by General Accounting Services employees.

During the course of the audit, potential opportunities to further increase system efficiency in support of IS transaction processing were identified. These opportunities included the creation of a mechanism to gather feedback from stakeholders on potential improvements to processing. These opportunities were shared with CSS during the audit.

3.3.1.2 Secretariat’s Departmental Financial System Reports

The audit team identified 17 IFMS-SAP reports related to IS transaction processing. Of these, 2 reports related to IS suspense account clearing were found to be partially used as part of General Accounting Services’ business processes.

Process efficiency could be increased through greater use of IFMS-SAP reports. For example, a report is available that indicates why an item was unmatched and posted to the IS suspense account, and therefore required manual intervention. Use of this report could reduce the amount of research time that General Accounting Services employees spend clearing items from suspense accounts. Use of this report could also help identify trends in OGDs that initiate transactions that cannot be auto-matched and OGDs that reverse IS transactions that have previously been processed in IFMS-SAP.

There is also an opportunity to enhance employees’ awareness of the reports available to support IS transaction processing. The list of available reports was shared with CSS during the course of the audit.

3.3.2 Effectiveness of Secretariat’s Departmental Financial System

3.3.2.1 IT-Dependent Manual Controls

IT-dependent manual controls rely on complete and accurate IT processing in order to be fully effective. They are usually detection and correction controls.

The audit team found that key IT-dependent manual controls were adequately documented. The audit team also tested these controls and concluded that they were operating effectively to maintain data integrity. For example, a computer-generated report was used to validate suspense account clearing.

3.3.2.2 Application Controls

Application controls pertain to the scope of individual business processes or application systems, including data edits, separation of business functions, balancing of processing totals, transaction logging and error reporting.

The audit team found that key application controls were adequately documented. It also tested these controls and concluded that they were operating effectively to maintain data integrity and were designed to automate the IS process effectively. Specifically, transactions were auto-matched correctly, posting to non-existent fund centres was not permitted, unbalanced financial transactions were not permitted, etc.

3.3.2.3 Segregation of Duties

The audit found evidence that the Corporate Systems group regularly reviewed and tested the segregation of duties to ensure that conflicts were identified and addressed. Such tests, based on those provided by the Government of Canada’s IFMS Systems Cluster, did not include specific testing of the segregation of duties relating to IS transactions because the Secretariat had not created specific user roles for processing these transactions. IS transaction processing has been incorporated into more generic roles for processing expenditure or revenue transactions.

According to industry standards and best practices, the segregation of duties for IS transactions should follow the same rigour and principles as other expenditure or revenue transactions. In one examination step, the audit team used specific tests relating to the IS Coding Key Table, which the audit team considered a master data table, where financial coding and commitments are controlled in IFMS-SAP. Given the nature of the table, limited access would be expected and updates would be done by individuals not responsible for processing the financial transactions.

In testing the segregation of duties, the audit team examined the roles assigned to employees responsible for processing IS transactions in IFMS-SAP to determine whether any conflicts existed. A number of segregation of duties conflicts were identified in the General Accounting Services group (e.g., the ability to create or modify entries in the IS Coding Key Table and the monitoring of the table’s change log).

These conflicts pose a negligible fraud risk to the Secretariat because no cash is involved in the transactions; however, given the high value of employee benefits and pensions transactions that are dependent on the IS Coding Key Table, these conflicts pose a moderate risk of material error in the financial statements if the IS Coding Key Table is incorrectly modified and not verified. There was no record of senior management approvals for the creation of roles where potential segregation of duties conflicts existed, and there was no documentation explaining how to mitigate the risk of existing conflicts.

The segregation of duties testing and the potential conflicts identified were shared with CSS during the course of the audit.

Because the IFMS-SAP user roles of employees who process IS transactions are broader and provide access to more functions than those relating to IS processing, the audit team could not fully test all potential segregation of duties conflicts within the scope of this audit. These issues will be considered in subsequent updates to the Secretariat’s Risk-Based Audit Plan.

Recommendation

It is recommended that the Assistant Secretary, Corporate Services, review the roles in the Secretariat’s departmental financial system (i.e., IFMS-SAP) to ensure that there are no conflicts in the segregation of duties and that any conflicts that remain after the review, as well as the resulting risk-mitigation processes, are approved.

Priority ranking: High

3.4 Overall Conclusion

The audit team concluded, with a reasonable level of assurance, that most elements of the management control framework were in place to support the effective administration of interdepartmental settlements. Overall, the IS business processes were efficient and effective for transactions involving salary and those involving goods and services. In addition, the Secretariat’s departmental financial system (i.e., IFMS-SAP) effectively and efficiently supported the interdepartmental settlements processes.

However, commensurate with management’s assessment of risk, four recommendations were made:

  1. Review IS business procedural documents to ensure that they are streamlined, complete, formally approved and implemented;
  2. Formally define and implement strategic monitoring and reporting strategies relative to management’s risk-based approach in support of IS activities;
  3. Establish supporting documentation requirements for IS transactions relating to employee benefits and pensions and for Canada Revenue Agency tax-related IS transactions; and
  4. Review the roles in the Secretariat’s departmental financial system (i.e., IFMS-SAP) to ensure that there are no conflicts in the segregation of duties and that any conflicts that remain after the review, as well as the resulting risk-mitigation processes, are approved.

The audit team also identified opportunities for efficiency gains and shared these with management.

Appendix A: Management Response

Recommendation 1

Priority Ranking: Medium

It is recommended that the Assistant Secretary, Corporate Services, review IS business procedural documents to ensure that they are streamlined, complete, formally approved and implemented.

Management Response

We agree with the recommendation.

Management Action Completion Date Office of Primary Interest(OPI)
Accounting Services and Management Practices will review and revise the internal procedures for the management of IS transactions to ensure completeness. To this end, the various procedural documents will be streamlined into fewer documents, formally approved and implemented. Accounting Services and Management Practices/Corporate Services Sector

Recommendation 2

Priority Ranking: High

It is recommended that the Assistant Secretary, Corporate Services, formally define and implement strategic monitoring and reporting strategies relative to management’s risk-based approach in support of interdepartmental settlement activities.

Management Response

We agree with the recommendation.

Management Action Completion Date Office of Primary Interest (OPI)
Accounting Services and Management Practices will conduct an analysis to determine which types of transactions should be monitored and brought to senior management’s attention. Appropriate monitoring will be developed and implemented following the analysis.  Accounting Services and Management Practices/Corporate Services Sector

Recommendation 3

Priority Ranking: High

It is recommended that the Assistant Secretary, Corporate Services, establish the supporting documentation requirements for employee benefits and pensions IS transactions, as well as for Canada Revenue Agency tax-related IS transactions.

Management Response

We agree with the recommendation.

Management Action Completion Date Office of Primary Interest (OPI)
Accounting Services and Management Practices will review all IS transaction types and identify the supporting documentation requirements, update procedures and monitor. Accounting Services and Management Practices/Corporate Services Sector

Recommendation 4

Priority Ranking: High

It is recommended that the Assistant Secretary, Corporate Services, review the roles in the Secretariat’s departmental financial system (i.e., IFMS-SAP) to ensure that there are no conflicts in the segregation of duties and that any remaining conflicts and the resulting risk-mitigation processes are approved.

Management Response

We agree with the recommendation.  A three-point plan is already underway to review Integrated Financial Management System (IFMS)-SAP roles to ensure adequate Segregation of Duties (SOD).  It should be noted that the IFMS Program Office (PO) is the lead office on establishing Security Profiles for SAP across government.  However, each department may have a different application of security profiles due to specific needs.

Management Action Completion Date Office of Primary Interest (OPI)
1. The IFMS PO of PWGSC recently updated security profiles for IFMSTBS will upgrade our SAP system with these Security Releases. Corporate Systems / Corporate Services Sector
2. IFMS PO will perform a Health Check on the SAP security organization within Corporate Systems and SAP security procedures. Jun 30, 2013 Corporate Systems / Corporate Services Sector
3. IFMS PO will perform a SOD validation on the TBS SAP system.  Those remaining SOD conflicts and associated mitigation activities will be submitted to the Senior Director FPOD for approval. Mar 31, 2014 Corporate Systems / Corporate Services Sector

Appendix B: Processing of Interdepartmental Settlements Transactions at the Treasury Board of Canada Secretariat

At the Treasury Board of Canada Secretariat (the Secretariat), interdepartmental settlement (IS) transactions fall into three processing streams:

  1. Process for initiation of accounts receivable invoices;
  2. Process for automated allocation of expenditures or revenue transactions; and
  3. Process for manual reallocation of expenditures or revenue transactions.

These streams are described below from the Secretariat’s perspective in relation to whether it is the initiator or the receiver of an IS transaction.

1. Process for initiation of accounts receivable invoices

According to Section 12.2, Chapter 12 of the Receiver General Manual, it is usually the creditor department—the department that needs to recover costs from another government department (OGD)—that initiates the IS transaction. In the case of accounts receivable (A/R) invoices, the Secretariat is considered the creditor department because a credit transaction will be recorded to reduce the costs in an expenditure account or to increase the revenue collected in the revenue accounts.

At the Secretariat, the process of recovering costs starts with a fund centre manager’s request that a recovery action be initiated. Examples of situations where recovery is required include the following:

  • The Secretariat has to recover the salary costs for an employee who has transferred to an OGD but whose pay files have not yet been transferred, resulting in pay and related costs being charged to the Secretariat rather than to the OGD where the employee is now working.
  • Recovery of operating expenditures such as professional services for a joint initiative for which an OGD formally agreed to share the costs of a particular project with the Secretariat. If the Secretariat has chosen to administer the project, it assumes all costs, and any shared costs are recovered based on the formal agreement after the project has been completed.

Before it creates the accounts receivable (A/R) invoice, General Accounting Services requires that the fund centre manager provide documentation of an agreement between the Secretariat and the OGD, as well as proof that the costs to be recovered have indeed been incurred. The OGD also needs to provide a reference number, known as the IS reference code, which the Secretariat includes in the A/R invoice. The OGD’s financial system uses this code to automatically generate a transaction against the appropriate commitment record.

Once a General Accounting Services employee has entered the A/R recovery transaction into the Secretariat’s departmental financial system (i.e., IFMS-SAP), a General Accounting Services financial officer reviews and approves the invoice, which will be marked as paid once the detailed IS information has been transmitted to the OGD through an automated process in IFMS-SAP.

Unless the OGD notifies the Secretariat of a problem, the invoice is considered paid and the costs are considered recovered. If the OGD disagrees with the information or the amount on the invoice, either the OGD or the Secretariat can cancel the invoice using the Standard Payment System at Public Works and Government Services Canada (PWGSC). That system centrally processes all federal government payments and interdepartmental settlements. Once a financial transaction is cancelled, it is sent to each of the departments affected and the IS entries are reversed. The Secretariat, as the originating department, then issues a new A/R invoice containing the correct information.

The A/R invoice process is different for non-OGD customers. For those customers, the receivable remains outstanding until the customer has issued a payment, the payment is received and the payment is recorded against the invoice, thereby marking the invoice as paid, at which time the recovery or revenue is considered complete.

2. Process for automated allocation of expenditures or revenue transactions

This section focuses primarily on how the Secretariat records payments to vendors using the automated functionality of the Secretariat’s departmental financial system (i.e., IFMS-SAP).

In the case of a payment to a non-OGD vendor, when the Secretariat receives the invoice, the payment will occur once the invoice has been verified for accuracy, once it has been confirmed that goods or services have been received, once the correct financial coding has been assigned and once approvals have been obtained under Section 34 of the Financial Administration Act.

The Secretariat’s process for recording expenditures from OGDs does not follow the usual accounts payable process of paying an invoice to a non-OGD vendor.

In line with government-wide practices, Secretariat expenditures from an OGD are initiated by the OGD using the same A/R process described above, but the Secretariat is now the receiver rather than the initiator. At the Secretariat, the processing of these IS transactions leverages technology in cases where IFMS-SAP has been configured to process IS transactions with minimal manual intervention, through the use of either a fund commitment record or an entry in the IS Coding Key Table.

In order to efficiently process the transaction using the automated functionality in IFMS-SAP, a fund centre manager, as part of the negotiations with the OGD for a good or service, requests that General Accounting Services create a commitment record in IFMS-SAP. That commitment number will represent the IS reference code that is given to the OGD for inclusion in its A/R invoice.

IFMS-SAP contains a table known as the IS Coding Key Table. This table is used in situations where it would be inappropriate to create an individual commitment record. At the Secretariat, this table is usually used for employer and employee contributions that are initiated by PWGSC and by some OGDs where the amounts to be transferred to the Secretariat are inconsistent and unknown, thereby making it difficult to anticipate how much the Secretariat is to be charged.20 One example of these types of transactions is the employer’s share of the costs of employee benefits and insurance programs being remitted to the Secretariat from PWGSC, which administers the programs.

The IS Coding Key Table contains the IS reference code and the financial coding required for auto-matching transactions from an OGD when one of the IS Coding Key Table codes is used. The IS reference code is provided to the OGD and used during the OGD’s A/R invoicing process.

Every day, the Secretariat receives an electronic file from the PWGSC Standard Payment System that contains the IS transactions for the Secretariat initiated by OGDs. This file is then processed in IFMS-SAP.

As part of the automated functionality for IS transactions, IFMS-SAP attempts to match the IS transactions received by the Secretariat to the appropriate commitment record or to the IS Coding Key Table. This process is known as auto-matching. Successful matching of an IS transaction results in a system­-generated financial entry charged to a fund centre manager’s budget. However, the manager must then verify the OGD invoice to ensure that it is correct and that goods or services have been received and must approve the invoice under section 34 of the Financial Administration Act.21 An example of this type of transaction is the recovery of training costs for a Secretariat employee who has taken a course at the Canada School for Public Service, an OGD.

3. Process for manual reallocation of expenditures or revenue transactions

This process occurs when an IS transaction initiated by an OGD does not contain the appropriate IS reference code and therefore cannot be processed using the auto­-matching process described above. If the IS transaction cannot be matched with the appropriate IS reference code on the commitment record or the IS Coding Key table, the transaction is posted to an IS suspense account.

The entry then has to be manually reallocated from the IS suspense account to the appropriate expenditure or revenue account against the correct fund centre manager’s budget. This correction is done once General Accounting Services has researched the entry and the appropriate fund centre manager has verified and approved the invoice under section 34 of the Financial Administration Act. An example of this type of transaction would be as follows:

  • An employee from an OGD has accepted a temporary work assignment at the Secretariat, but the employee’s salary costs continue to be charged to the OGD during the period of the assignment. The OGD must therefore recover the costs from the Secretariat. At the time of the audit, these salary transactions were initially posted to the IS suspense account and then manually transferred to the appropriate fund centre.

Appendix C: Audit Criteria

The audit criteria were derived from the Office of the Comptroller General’s Audit Criteria Related to the Management Accountability Framework: A Tool for Internal Auditors.      

Line of Enquiry 1: Elements of a management control framework are in place for administering interdepartmental settlements at the Secretariat

Audit Criteria

  • 1.1 Accountability, roles and responsibilities are clearly defined, formally approved, and communicated for Financial and Procurement Operations Directorate employees.
  • 1.2 Departmental policies, directives, procedures and guidelines are formally developed, approved, maintained, available, communicated and are compliant with authorities, as applicable.
  • 1.3 An effective monitoring and reporting mechanism is in place.
Line of Enquiry 2: The business processes for interdepartmental settlements (IS) is efficient and effective

Audit Criteria

  • 2.1 The IS payables process complies with applicable legislation, policies and procedures.
  • 2.2 The IS receivables process complies with applicable legislation, policies and procedures.
  • 2.3 Clearing of the IS suspense accounts complies with applicable legislation, policies and procedures.
Line of Enquiry 3: The Secretariat’s departmental financial system (i.e., IFMS-SAP) efficiently and effectively supports the IS business processes

Audit Criteria

  • 3.1 Adequate IT-dependent manual controls are in place to maintain data integrity during IS transaction processing.
  • 3.2 Adequate application controls are in place to maintain data integrity during automated IS transaction processing.
  • 3.3 The system efficiently supports IS transaction processing.
  • 3.4 The segregation of duties is appropriate.
  • 3.5 System reports are available, effective and efficient.
Report a problem or mistake on this page
Please select all that apply:

Privacy statement

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: