Internal Audit of the Management Control Framework Over Monitoring of and Reporting on Transfer Payments in Regional Development Agencies
December 2025
Office of the Comptroller General
Executive summary
Transfer payment programs are a significant component of the Government of Canada's spending. They support various sectors of society through grants, contributions, and other payments to individuals, organizations, other governments, international entities, and Indigenous peoples. These programs are a key tool for advancing the government's broad policy objectives and priorities. They use external resources and expertise to achieve desired outcomes.
The government is committed to managing transfer payments with integrity, accountability, and transparency. Ensuring that these payments focus on recipients, the government aims to create systems that allocate funds effectively. It also aims to make sure these payments go to the current recipients and are used for their intended purposes.
In 2023–24, Federal Economic Development Agency for Northern Ontario (FedNor) and Prairies Economic Development Canada (PrairiesCan) disbursed more than $420 million in combined funding through transfer payments. This amount represents, respectively, 90% and 96% of their total expenditures. Monitoring and reporting are critical activities in managing transfer payments to help achieve intended funding objectives and to reduce the risk of misuse and wrongdoing.
The audit aimed to determine whether these two regional development agencies’ (the agencies) management control frameworks for monitoring and reporting aligned with the Treasury Board Policy on Transfer Payments (the policy), and the Directive on Transfer Payments (the directive), and whether they were consistently applied. It covered governance and control frameworks and analyzed monitoring and reporting activities for consistency with contribution agreements and standards.
The audit found the following:
- The agencies established risk-based frameworks to monitor recipients' compliance with their contribution agreements. For some programs reviewed, these frameworks did not fully align with the monitoring and reporting requirements specified in the terms and conditions of applicable programs.
- Agency-specific tools and guidance are provided to staff involved in monitoring and reporting and align with the applicable monitoring control frameworks. Although the agencies provide standardized tools to applicants and recipients, the external communication of program-specific monitoring requirements was inconsistent.
- The agencies generally adhered to their monitoring processes. Gaps were identified in updating project risk assessments and monitoring plans; in reviewing, approving and aligning these plans with contribution agreements and program terms and conditions; and in ensuring that monitoring activities are commensurate with project risk levels.
- Although the agencies conduct monitoring activities on individual projects, they do not use the results to inform decision-making and continuous improvements. They also do not regularly report the results of monitoring and reporting activities, including service standards, to senior management. Furthermore, limited client feedback is gathered for use in enhancing the delivery of transfer payment programs and improving strategic decision-making.
Conformance with professional standards
The audit was conducted in alignment with the Institute of Internal Auditors’ International Professional Practices Framework standards for assurance engagements.
Sheri Ostridge, MEd, CIA
Assistant Comptroller General and Chief Audit Executive
Internal Audit Sector, Office of the Comptroller General
Background
The audit was initially scheduled in the Regional Development Agency Risk-Based Audit Plan for fiscal years 2018–19 and 2019–20. Because of other priorities during the COVID-19 pandemic, the audit was postponed.
The audit included two agencies: FedNor and PrairiesCan. Both agencies became standalone entities in . FedNor, which had been part of Innovation, Science and Economic Development Canada until , had to establish a governance model and processes for managing contributions. PrairiesCan, formerly part of Western Economic Diversification, was rebranded Prairies Economic Development Canada and continues to use the same processes and documentation as before .
In 2023–24, FedNor spent $65 million (90% of its spending) on core responsibilities in its economic development portfolio; PrairiesCan spent $359 million (96% of its spending).
Currently, these two agencies’ only funding mechanisms are repayable, non-repayable, and partially repayable contributions. Contribution payments are either claims-based or advance-based, depending on the program and on the recipient’s demonstrated cashflow needs.
The policy and the directive require organizations to monitor recipients’ compliance with their contribution agreements. Agencies must therefore establish and implement a framework that outlines the requirements, processes, controls, tools and documents for recipient monitoring and reporting throughout the transfer payment process.
Rationale for the audit
Both agencies’ core activities involve delivering transfer payment programs, with a significant portion of their budgets allocated to grants and contributions. Failure to implement risk-based monitoring and reporting could increase the administrative burden both on recipients and on agency staff.
Despite efforts by the agencies to enhance the delivery of transfer payments since the Treasury Board President’s commissioned report in 2006, recent audits in federal departments have revealed that monitoring and reporting are not always risk-based. An audit was therefore deemed necessary.
Audit objective
The objective of this audit was to determine whether FedNor and PrairiesCan’s management control frameworks for the monitoring of and reporting on transfer payments aligned with the policy and the directive. Furthermore, the audit aimed to determine whether these frameworks were consistently applied.
Audit scope
The audit covered the governance and control frameworks established by the two agencies to ensure consistent monitoring and reporting in alignment with the policy and the directive.
It also examined the monitoring and reporting activities carried out over project files to verify their consistency with contribution agreements, agency expectations, policies, guides, and service standards.
For details on the audit scope exclusions, see Appendix E: Sampling methodology and scope exclusions.
Finding 1: Departmental recipient monitoring frameworks
Key takeaways
The agencies established risk-based frameworks to monitor recipients' compliance with their contribution agreements. For some programs reviewed, the frameworks did not fully align with the monitoring and reporting requirements specified in the terms and conditions of applicable programs.
What was expected
The policy and the directive require organizations to adopt a risk-based approach for recipient monitoring and reporting to facilitate timely payments to recipients. The terms and conditions of transfer payment programs are expected to align with the policy, and frameworks are expected to align with the terms and conditions.
What was found
The terms and conditions for the applicable programs complied with the monitoring and reporting requirements set out in the policy and the directive. Both agencies developed their own risk-based approaches for managing transfer payment project risks, including processes, guides, and tools to support monitoring and reporting.
Although the monitoring and reporting frameworks generally aligned with the expectations set out in the policy and the directive, the following gaps were identified:
- For both agencies, the expectations set out in the monitoring framework did not consistently align with the reporting requirements set out in the terms and conditions for some programs
- For both agencies, the level of assurance (for example, independent auditor attestation) required from recipients about their reporting was not based on project risk ratings
- For FedNor, in one instance, the contribution agreement template was not aligned with the terms and conditions of the related program
- PrairiesCan’s monitoring framework does not reflect all its current program offerings
As a result of legacy programs, as well as organizational and accountability changes, these gaps were found to include requirements not matching new programs, and templates that do not match requirements.
Why it is important
The alignment between the monitoring and reporting requirements of the frameworks and the terms and conditions of the applicable transfer payment programs promotes consistency, transparency, data integrity, and the detection of potential non-compliance. Up-to-date monitoring frameworks ensure alignment with current program requirements, thereby enhancing monitoring effectiveness and efficiency.
Recommendation: adequacy of departmental recipient monitoring frameworks
Both agencies should update and expand their frameworks for monitoring and reporting on transfer payments to ensure that:
- they align with the current terms and conditions for each program
- the level of assurance required on recipient reporting is based on project risk
Finding 2: Framework implementation
Key takeaways
Both agencies generally adhered to their processes for monitoring recipients' compliance with contribution agreements. The following gaps were identified:
- Project risk assessments and monitoring plans were not being reviewed, approved or regularly updated
- Monitoring activities were not commensurate with project risk levels
- Monitoring plans were misaligned with their contribution agreements and with program terms and conditions
What was expected
Agency staff are expected to consistently carry out their monitoring duties in accordance with their agency’s risk-based monitoring and reporting framework. They are also expected to ensure that payments to recipients are processed only after all monitoring and reporting criteria have been satisfied in the following ways:
- A risk level has been assigned for each project and is updated annually or as required according to the monitoring plan
- A monitoring plan that identifies the timing and frequency of monitoring and reporting of recipients has been established and implemented
- Key deliverables (for example, recipient progress reports and claims submissions) have been reviewed for compliance with the contribution agreement using standard monitoring tools (for example, templates)
What was found
Both agencies set out monitoring requirements in contribution agreements with their recipients, but there was no consideration for a project’s risk level; monitoring requirements were the same in all contribution agreements. For individual projects, both agencies completed risk assessments and used them to determine the level of monitoring required. Both agencies also demonstrated that officers monitored project deliverables for compliance using standard monitoring tools.
FedNor established recipient monitoring plans at the start of the project cycle, aligning them with risks and reflecting requirements consistent with contribution agreements. It did not, however, always update the risk assessments and the resulting monitoring plans annually, as required.
PrairiesCan updated its risk assessments and monitoring plans according to its own expectations. However, some payments were issued despite claims packages being incomplete. Although justifications for advance payments were documented and officers considered risk levels for expedited claim reviews, the monitoring activities performed did not always align with project risk levels. Due to the absence of formal processes for aligning monitoring activities with project risk levels, monitoring efforts were inconsistently applied, sometimes exceeding framework requirements and other times falling short. For instance, when a project’s risk level was elevated from low to medium, the corresponding adjustments were not made to the monitoring requirements.
In addition, neither agency met its own expectations with respect to the following:
- monitoring plans were incomplete, not reviewed, and not approved
- reporting requirements were not met (for example, submission deadlines were missed, and financial statements were not submitted)
Even though gaps existed for both agencies between what was expected according to agency frameworks and what was implemented by agency staff, payments were issued to the recipients which increases potential risks.
Why it is important
Consistent monitoring of recipients by the agencies ensures program success and strengthens relationships with recipients, which in turn enhances the agencies' reliability. Without this consistency, there could be non-compliance and funds could be misused, leading to financial losses and exposure to risk, which could erode trust among Canadians. In addition, monitoring activities that are not aligned with project risks can lead to burdensome or insufficient monitoring requirements.
Recommendations: framework effectiveness
- FedNor should implement a process to ensure that risk assessments and monitoring plans are updated at least annually.
- PrairiesCan should ensure that planned monitoring activities align with contribution agreements and project risk assessments.
Finding 3: Communication of expectations to recipients and employees
Key takeaways
Both agencies equip employees with tools and guidance that align with their monitoring frameworks. They also provide standardized tools that are communicated to staff, applicants and recipients. External communication of program-specific monitoring requirements could be improved.
What was expected
The policy and the directive require organizations to provide accessible information about transfer payment programs to potential recipients to ensure that these programs are easy to understand and use. Agencies must therefore clearly communicate monitoring and reporting requirements to potential applicants and recipients. The policy and the directive also require employees to be well-informed and to be supported in executing their monitoring roles and responsibilities.
What was found
Both agencies communicate monitoring and reporting requirements to interested organizations, applicants and recipients. Their staff provide monitoring and reporting information to recipients as part of the application process and after the contribution agreement is signed. FedNor has posted monitoring and reporting templates for recipients for all programs on its website. Although PrairiesCan has publicly communicated information for select programs, the monitoring and reporting expectations are inconsistently presented across programs on their website.
Both agencies provide tools and guidance to help recipients meet their monitoring and reporting obligations. These obligations align with the agencies’ monitoring frameworks. Both agencies have documented roles and responsibilities for their employees with respect to recipient monitoring.
FedNor uses a peer-to-peer approach for communicating roles and responsibilities to all new staff during the onboarding process. According to staff, this has led to some confusion about the roles and responsibilities related to monitoring and reporting.
PrairiesCan employees indicated that the roles and responsibilities of program officers and those of payment officers overlap and could be clearer.
Why it is important
Effectively communicating monitoring and reporting requirements helps applicants and recipients understand their obligations, fostering compliance and transparency while minimizing errors and enhancing program delivery.
To safeguard public funds and maintain trust as well as to manage risk, improve compliance and prevent wrongdoing, roles and responsibilities must be communicated clearly and employees must have the necessary tools and guidance.
Recommendation: communication of monitoring and reporting expectations
PrairiesCan should develop, document and implement a systemic approach to ensure that monitoring and reporting expectations for all programs are consistently and transparently communicated to the public.
Finding 4: Continuous improvement
Key takeaways
Although the agencies conduct monitoring activities on individual projects, they do not use the results of these activities to inform decision-making and continuous improvements. The results of monitoring and reporting activities are not regularly reported to senior management. Furthermore, there is inconsistency in regularly gathering client feedback to enhance the delivery of transfer payment programs and improve strategic decision-making.
What was expected
The policy mandates that departments (including agencies) engage applicants and recipients to foster innovation and continuous improvement. Departments (including agencies) are required to maintain and update programs throughout their cycle to support evaluations of their relevance and effectiveness. Furthermore, the Policy on Service and Digital stipulates that service standards must be established, with the corresponding performance results tracked and reported to senior management.
What was found
Although both agencies monitor individual projects, they do not systematically collect and leverage client feedback. The results of these monitoring activities are inconsistently shared with senior management and are rarely used to guide strategic decision-making or drive continuous improvement. Furthermore, client feedback remains an underused resource in enhancing the delivery of transfer payment programs.
Both agencies established and communicated service standards for making payment decisions and for issuing payments. Payments are issued only once the agency has reviewed and accepted the recipients' reports, such as progress reports and claims for reimbursement. These payment service standards are communicated to all relevant staff. Although both agencies track and monitor their achievement of these service standards and disclose their results on GC InfoBase, neither agency formally reports compliance results to senior management.
Why it is important
By consistently collecting and reporting on monitoring results, client feedback, and performance against service standards, the agencies can make informed adjustments to enhance program outcomes, uphold accountability, and continuously improve the efficiency and effectiveness of their processes and services.
Recommendations: continuous improvement
Both agencies should collect, use, and report the following to senior management to inform decision-making and continuous improvements:
- Information gathered related to monitoring recipients from individual projects
- Client feedback
- Data on compliance with service standards
Conclusion
FedNor and PrairiesCan’s management control frameworks for the monitoring of and reporting on transfer payments were established and generally aligned with the policy and the directive.
There are opportunities for improvement in the following areas:
- The communication of expectations to the public and to potential recipients
- The consistency of implementing these expectations
- The use of monitoring and reporting outcomes, client feedback, and rates of compliance with service standards, to inform decision-making and continuous improvement
Management response
The findings and recommendations of this engagement were presented to the agencies that were included in its scope.
Management has agreed with the findings included in this report and will take action to address all applicable recommendations.
Appendix A: Legislation, policies and directives
- Policy on Transfer Payments
Effective
This policy explains the roles and responsibilities for the delivery and management of transfer payment programs.
- Directive on Transfer Payments
Effective
This directive provides departmental managers with the operational requirements for the design and management of transfer payment programs.
- Policy on Service and Digital
Effective
This policy and its supporting instruments serve as an integrated set of rules that articulate how Government of Canada organizations manage service delivery, information and data, information technology, and cyber security in the digital era.
Appendix B: Lines of enquiry and criteria
Abbreviations used in this appendix:
- RDA: Regional Development Agency
- PTP: Policy on Transfer Payments
- DTP: Directive on Transfer Payments
- PS: Policy on Service and Digital
- FAA: Financial Administration Act
- DDSFA: Directive on Delegation of Spending and Financial Authorities
The criteria applied during this engagement are presented in the table below.
| Sub-criteria | Sources |
|---|---|
| Criterion 1.1: The program terms and conditions are aligned with the Treasury Board submission, as well as with the Treasury Board policy and directive on transfer payments with regard to monitoring and reporting. | PTP: 5.1.1; 5.1.2, DTP: Appendix D – 13, 14; Appendix E – 9, 11 |
| Criterion 1.2: The RDA has established a risk-based framework to monitor recipients’ compliance with the requirements of their contribution agreements, in accordance with the program terms and conditions. | PTP: 5.4.12; 5.4.13, DTP: 5.2 a; 5.2b; 6.5; Appendix B – 12 |
| Criterion 1.3: Employees are provided with the tools and guidance needed to consistently fulfill the requirements of the risk-based monitoring framework. | PTP: 4.2.1; 5.4.13, DTP: 5.2b |
| Criterion 1.4: The RDA has developed and implemented a strategy to communicate monitoring and reporting related program requirements to potential applicants and recipients. | PTP: 5.4.1; 5.4.13, DTP: 5.2b; 6.1.4, PS: 4.2.1.4; 4.2.1.5 |
| Criterion 1.5: The RDA leverages the results of monitoring and reporting activities as well as client feedback to inform decision-making and continually improve its processes. | PTP: 4.2.4.2; 5.4.1; 5.4.6; 5.4.8, DTP: Appendix B – 7, PS: 4.2.1.4; 4.2.1.5 |
| Sub-criteria | Sources |
|---|---|
| Criterion 2.1: RDA staff consistently fulfill their monitoring roles and responsibilities within established service standards. | PTP: 4.2.1; 5.4.1; 5.4.4; 5.4.12; 5.4.13, DTP: 5.2 a; 5.2b; 6.5.1; 6.5.2; Appendix B – 12, PS: 4.2.1.4; 4.2.1.5 |
| Criterion 2.2: Where applicable, RDA staff ensure that payments to recipients are only issued after monitoring and reporting requirements have been met; and that payment is made within established service standards. | PTP: 4.2.1; 5.4.1; 5.4.4; 5.4.13, DTP: 5.2b; 6.4.1; 6.4.3; 6.4.5; 6.4.6; 6.5.2, FAA: Section 34 DDSFA, 4.1.1.1; 4.1.11.1; 4.1.12.1; Appendix A - A.2.2.1.7 to A.2.2.1.9, PS: 4.2.1.4; 4.2.1.5 |
Appendix C: Recommendations by agency
| Recommendations | Details and applicable agencies |
|---|---|
| Adequacy of departmental recipient monitoring frameworks | Both agencies should update and expand their frameworks for monitoring and reporting on transfer payments to ensure that:
|
| Framework effectiveness | FedNor should implement a process to ensure that risk assessments and monitoring plans are updated at least annually. PrairiesCan should ensure that planned monitoring activities align with contribution agreements and project risk assessments. |
| Communicating monitoring and reporting expectations | PrairiesCan should develop, document and implement a systemic approach to ensure that monitoring and reporting expectations for all programs are consistently and transparently communicated to the public. |
| Continuous improvement | Both agencies should collect, use, and report the following to senior management to inform decision-making and continuous improvements:
|
Appendix D: Context on grants and contributions
Transfer payments are payments made by the Government of Canada to third parties. These payments do not result in the government acquiring any goods, services or assets. They are typically used to redistribute income and provide financial support through social programs.
Grants and contributions are two different types of transfer payments.
Grants are transfers that are awarded to support specific projects or programs. They have conditions regarding their use.
Contributions are transfers that can be either conditional or unconditional, depending on the donor’s stipulations. There are three types of contributions:
- Unconditionally repayable contributions: These are funds provided with the expectation that they will be repaid, but there are no specific conditions for the repayment.
- Conditionally repayable contributions: These funds must be repaid only if certain conditions are met, such as the success of the funded project or the achievement of specific milestones.
- Non-repayable contributions: These funds do not need to be repaid and are typically provided to support projects or initiatives.
The agencies have the authority to provide grants and contributions to various recipients to encourage economic growth and development in their regions. Currently, FedNor and PrairiesCan use contributions as their only funding mechanisms. Each program administered by these agencies has specific terms and conditions for contributions received, which ensures that the funds are used effectively and in alignment with the program’s objectives.
Appendix E: Sampling methodology and scope exclusions
Sampling methodology
Audited projects were randomly selected based on the following stratifications:
- Projects with risk levels ranging from low to high
- Projects from each agency’s three regions
- Projects with claims-based or advance payment types
For each agency, 10 project files that were active or closed within 12 months of the conduct phase launch () were reviewed, including the two latest claims submitted by the recipients between and .
The selection process resulted in the following programs being included in the audit:
FedNor
- Regional Economic Growth Through Innovation (REGI): three project files reviewed
- Community Futures Program (CFP): one project file reviewed
- Northern Ontario Development Program (NODP): six project files reviewed
PrairiesCan
- Regional Economic Growth through Innovation (REGI): five project files reviewed
- Community Futures Program (CFP): one project file reviewed
- Western Diversification Program (WDP): four project files reviewed
Scope exclusions
The audit excluded the Regional Relief and Recovery Fund (RRRF) due to recent audit-related work on this program, including the Office of the Auditor General’s Audit of the RRRF (2021) and the Office of the Comptroller General RRRF Fraud Risk Assessment (2022). Due to a previous audit of other agencies by the Office of the Comptroller General, this audit excluded the recipient-selection process.
© His Majesty the King in Right of Canada, represented by the President of the Treasury Board, 2026,
ISBN: 978-0-660-99529-8